AlliedModders

AlliedModders (https://forums.alliedmods.net/index.php)
-   Source Servers (SRCDS) (https://forums.alliedmods.net/forumdisplay.php?f=130)
-   -   Engine Crash - https://crash.limetech.org/jxtlzp5blyhn (https://forums.alliedmods.net/showthread.php?t=311412)

Dagothur 10-16-2018 22:50
Engine Crash - https://crash.limetech.org/jxtlzp5blyhn
 
https://crash.limetech.org/jxtlzp5blyhn

This crash has been occurring on one of my servers for years. Based on the call names and what happens in game I'm pretty sure it has to do with the Demoman's splash damage.

Is there anything I could possibly implement to prevent the crash?

nosoop 10-16-2018 23:51
Re: Engine Crash - https://crash.limetech.org/jxtlzp5blyhn
 
Couple of questions:
  • What plugins / extensions are you running? I've never seen this crash, and I'm running a relatively stock server. It seems like a fairly isolated case given it's only seen in 19 reports, so I suspect a plugin might be causing this.
  • Can you provide the Carburetor output for the last function? I can't access it myself since it's not my crash, but you should be able to access it here. Something like the following (somewhat similar crash that I caused while working on an extension):
Code:
SIGSEGV accessing 0x28

Thread 0 (crashed):
  0: server_srv.so!CCollisionProperty::CalcDistanceFromPoint(Vector const&) const + 0x68
      eax: 0x00000000  ebp: 0xbfa63948  ebx: 0x1c58e274
      ecx: 0x0e1beda8  edi: 0xbfa63918  edx: 0x0e1bedb4
      efl: 0x00010246  eip: 0xb025fff8  esi: 0xbfa63964
      esp: 0xbfa638f0 

      b025ffe8  90                    nop
      b025ffe9  8d b4 26 00 00 00 00  lea esi, [esi+0x0]
      b025fff0  8b 03                mov eax, [ebx]
      b025fff2  89 1c 24              mov [esp], ebx
      b025fff5  8d 7d d0              lea edi, [ebp-0x30]
  >  b025fff8  ff 50 28              call dword [eax+0x28]
      b025fffb  f3 0f 10 06          movss xmm0, [esi]
      b025ffff  f3 0f 5c 00          subss xmm0, [eax]
      b0260003  f3 0f 11 45 d0        movss [ebp-0x30], xmm0
      b0260008  f3 0f 10 46 04        movss xmm0, [esi+0x4]
      b026000d  f3 0f 5c 40 04        subss xmm0, [eax+0x4]
Looking at the disassembly for the functions in your specific crash suggests that one of the entities in the radius of the explosion is invalid in some way (the crash is caused by a failure on dereferencing what should be an entity's m_Collision property -- past that I can only really guess without more info).

asherkin 10-17-2018 08:24
Re: Engine Crash - https://crash.limetech.org/jxtlzp5blyhn
 
Quote:
Originally Posted by nosoop (Post 2620011)
[*]Can you provide the Carburetor output for the last function?
Code:
SIGSEGV accessing 0x28

Thread 0 (crashed):
  0: server_srv.so!CCollisionProperty::CalcNearestPoint(Vector const&, Vector*) const + 0x65
      eax: 0x00000000  ebp: 0xbfb375e8  ebx: 0x2084de50
      ecx: 0xb1577600  edi: 0xbfb37f84  edx: 0xb1577670
      efl: 0x00210246  eip: 0xb04a0e75  esi: 0xbfb37640
      esp: 0xbfb37590 

      b04a0e65  0f 85 dd 00 00 00  jnz 0xb04a0f48
      b04a0e6b  90                nop
      b04a0e6c  8d 74 26 00        lea esi, [esi+0x0]
      b04a0e70  8b 03              mov eax, [ebx]
      b04a0e72  89 1c 24          mov [esp], ebx
  >  b04a0e75  ff 50 28          call dword [eax+0x28]
      b04a0e78  f3 0f 10 07        movss xmm0, [edi]
      b04a0e7c  8d 55 d0          lea edx, [ebp-0x30]
      b04a0e7f  f3 0f 5c 00        subss xmm0, [eax]
      b04a0e83  f3 0f 11 45 d0    movss [ebp-0x30], xmm0
      b04a0e88  f3 0f 10 47 04    movss xmm0, [edi+0x4]

      bfb37590  50 de 84 20 1c bb dc 14  b8 75 b3 bf c4 75 b3 bf  |P.. .....u...u..|
      bfb375a0  00 00 00 00 20 70 3d ac  ff ff ff ff 00 00 00 00  |.... p=.........|
      bfb375b0  00 00 00 00 00 00 00 00  00 34 8a c1 b0 e2 0b c3  |.........4......|
      bfb375c0  ec 3a e8 42 00 00 00 00  00 00 00 00 00 00 00 00  |.:.B............|
      bfb375d0  02 00 00 00 00 02 00 00  00 00 00 00 80 7f b3 bf  |................|
      bfb375e0  e0 dc 84 20 50 76 b3 bf  78 7e b3 bf cd cf 5d b0  |... Pv..x~....].|

      Found via instruction pointer in context

Dagothur 10-17-2018 12:27
Re: Engine Crash - https://crash.limetech.org/jxtlzp5blyhn
 
Quote:
Originally Posted by nosoop (Post 2620011)
Couple of questions:
  • What plugins / extensions are you running? I've never seen this crash, and I'm running a relatively stock server. It seems like a fairly isolated case given it's only seen in 19 reports, so I suspect a plugin might be causing this.
Unfortunately quite a few: 232 plugins and 25 extensions. I'm familiar with what they're all doing and have the source for all of the plugins so any information on what I should be looking into would be helpful.

nosoop 10-18-2018 07:50
Re: Engine Crash - https://crash.limetech.org/jxtlzp5blyhn
 
Hard to say other than CCollisionProperty isn't getting a valid entity's m_Collision property. In my case, I fed a previous function a pointer that wasn't the correct type (multiple inheritance on reverse-engineered classes is fun).

Mostly guessing here; I'd lean towards plugins that use DHooks / SDKCalls / RemoveEdict or things that create / modify triggers (looking at a function higher in the stack trace). It's weird, since I have no idea why the RadiusDamage function's CEntitySphereQuery would be giving you an invalid entity in the first place.

You may need to bisect your plugins. Does it only occur on certain maps?


All times are GMT -4. The time now is 15:04.

Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.