Raised This Month: $12 Target: $400
 3% 

Engine Crash - https://crash.limetech.org/jxtlzp5blyhn


Post New Thread Reply   
 
Thread Tools Display Modes
Author Message
Dagothur
Member
Join Date: Dec 2014
Old 10-16-2018 , 22:50   Engine Crash - https://crash.limetech.org/jxtlzp5blyhn
Reply With Quote #1

https://crash.limetech.org/jxtlzp5blyhn

This crash has been occurring on one of my servers for years. Based on the call names and what happens in game I'm pretty sure it has to do with the Demoman's splash damage.

Is there anything I could possibly implement to prevent the crash?
Dagothur is offline
nosoop
Veteran Member
Join Date: Aug 2014
Old 10-16-2018 , 23:51   Re: Engine Crash - https://crash.limetech.org/jxtlzp5blyhn
Reply With Quote #2

Couple of questions:
  • What plugins / extensions are you running? I've never seen this crash, and I'm running a relatively stock server. It seems like a fairly isolated case given it's only seen in 19 reports, so I suspect a plugin might be causing this.
  • Can you provide the Carburetor output for the last function? I can't access it myself since it's not my crash, but you should be able to access it here. Something like the following (somewhat similar crash that I caused while working on an extension):
Code:
SIGSEGV accessing 0x28

Thread 0 (crashed):
   0: server_srv.so!CCollisionProperty::CalcDistanceFromPoint(Vector const&) const + 0x68
      eax: 0x00000000  ebp: 0xbfa63948  ebx: 0x1c58e274
      ecx: 0x0e1beda8  edi: 0xbfa63918  edx: 0x0e1bedb4
      efl: 0x00010246  eip: 0xb025fff8  esi: 0xbfa63964
      esp: 0xbfa638f0  

      b025ffe8  90                    nop
      b025ffe9  8d b4 26 00 00 00 00  lea esi, [esi+0x0]
      b025fff0  8b 03                 mov eax, [ebx]
      b025fff2  89 1c 24              mov [esp], ebx
      b025fff5  8d 7d d0              lea edi, [ebp-0x30]
  >   b025fff8  ff 50 28              call dword [eax+0x28]
      b025fffb  f3 0f 10 06           movss xmm0, [esi]
      b025ffff  f3 0f 5c 00           subss xmm0, [eax]
      b0260003  f3 0f 11 45 d0        movss [ebp-0x30], xmm0
      b0260008  f3 0f 10 46 04        movss xmm0, [esi+0x4]
      b026000d  f3 0f 5c 40 04        subss xmm0, [eax+0x4]
Looking at the disassembly for the functions in your specific crash suggests that one of the entities in the radius of the explosion is invalid in some way (the crash is caused by a failure on dereferencing what should be an entity's m_Collision property -- past that I can only really guess without more info).
__________________
I do TF2, TF2 servers, and TF2 plugins.
I don't do DMs over Discord -- PM me on the forums regarding inquiries.
AlliedModders Releases / Github / TF2 Server / Donate (BTC / BCH / coffee)

Last edited by nosoop; 10-17-2018 at 00:04.
nosoop is offline
asherkin
SourceMod Developer
Join Date: Aug 2009
Location: OnGameFrame()
Old 10-17-2018 , 08:24   Re: Engine Crash - https://crash.limetech.org/jxtlzp5blyhn
Reply With Quote #3

Quote:
Originally Posted by nosoop View Post
[*]Can you provide the Carburetor output for the last function?
Code:
SIGSEGV accessing 0x28

Thread 0 (crashed):
   0: server_srv.so!CCollisionProperty::CalcNearestPoint(Vector const&, Vector*) const + 0x65
      eax: 0x00000000  ebp: 0xbfb375e8  ebx: 0x2084de50
      ecx: 0xb1577600  edi: 0xbfb37f84  edx: 0xb1577670
      efl: 0x00210246  eip: 0xb04a0e75  esi: 0xbfb37640
      esp: 0xbfb37590  

      b04a0e65  0f 85 dd 00 00 00  jnz 0xb04a0f48
      b04a0e6b  90                 nop
      b04a0e6c  8d 74 26 00        lea esi, [esi+0x0]
      b04a0e70  8b 03              mov eax, [ebx]
      b04a0e72  89 1c 24           mov [esp], ebx
  >   b04a0e75  ff 50 28           call dword [eax+0x28]
      b04a0e78  f3 0f 10 07        movss xmm0, [edi]
      b04a0e7c  8d 55 d0           lea edx, [ebp-0x30]
      b04a0e7f  f3 0f 5c 00        subss xmm0, [eax]
      b04a0e83  f3 0f 11 45 d0     movss [ebp-0x30], xmm0
      b04a0e88  f3 0f 10 47 04     movss xmm0, [edi+0x4]

      bfb37590  50 de 84 20 1c bb dc 14  b8 75 b3 bf c4 75 b3 bf  |P.. .....u...u..|
      bfb375a0  00 00 00 00 20 70 3d ac  ff ff ff ff 00 00 00 00  |.... p=.........|
      bfb375b0  00 00 00 00 00 00 00 00  00 34 8a c1 b0 e2 0b c3  |.........4......|
      bfb375c0  ec 3a e8 42 00 00 00 00  00 00 00 00 00 00 00 00  |.:.B............|
      bfb375d0  02 00 00 00 00 02 00 00  00 00 00 00 80 7f b3 bf  |................|
      bfb375e0  e0 dc 84 20 50 76 b3 bf  78 7e b3 bf cd cf 5d b0  |... Pv..x~....].|

      Found via instruction pointer in context
__________________
asherkin is offline
Dagothur
Member
Join Date: Dec 2014
Old 10-17-2018 , 12:27   Re: Engine Crash - https://crash.limetech.org/jxtlzp5blyhn
Reply With Quote #4

Quote:
Originally Posted by nosoop View Post
Couple of questions:
  • What plugins / extensions are you running? I've never seen this crash, and I'm running a relatively stock server. It seems like a fairly isolated case given it's only seen in 19 reports, so I suspect a plugin might be causing this.
Unfortunately quite a few: 232 plugins and 25 extensions. I'm familiar with what they're all doing and have the source for all of the plugins so any information on what I should be looking into would be helpful.

Last edited by Dagothur; 10-17-2018 at 12:28.
Dagothur is offline
nosoop
Veteran Member
Join Date: Aug 2014
Old 10-18-2018 , 07:50   Re: Engine Crash - https://crash.limetech.org/jxtlzp5blyhn
Reply With Quote #5

Hard to say other than CCollisionProperty isn't getting a valid entity's m_Collision property. In my case, I fed a previous function a pointer that wasn't the correct type (multiple inheritance on reverse-engineered classes is fun).

Mostly guessing here; I'd lean towards plugins that use DHooks / SDKCalls / RemoveEdict or things that create / modify triggers (looking at a function higher in the stack trace). It's weird, since I have no idea why the RadiusDamage function's CEntitySphereQuery would be giving you an invalid entity in the first place.

You may need to bisect your plugins. Does it only occur on certain maps?
__________________
I do TF2, TF2 servers, and TF2 plugins.
I don't do DMs over Discord -- PM me on the forums regarding inquiries.
AlliedModders Releases / Github / TF2 Server / Donate (BTC / BCH / coffee)

Last edited by nosoop; 10-18-2018 at 07:52.
nosoop is offline
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 11:40.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode