Jump to content

[Crash Revison 10337] Certain characters logging in causing crash?


Guest shinra

Recommended Posts

I can pinpoint this to random characters crashing the server A priest logged in and instantly crashes the server, I asked him to login again and HEY it crashed again.

Also this was last in the log before crash.

DELETE FROM character_account_data WHERE guid'1388' AND type '1'

Revision: * * 10337 73500d21698698794b2000875d4531296041215d
Date 10:8:2010. Time 17:48 
//=====================================================
*** Hardware ***
Processor: Quad-Core AMD Opteron(tm) Processor 1352
Number Of Processors: 4
Physical Memory: 4194303 KB (Available: 4194303 KB)
Commit Charge Limit: 4194303 KB

*** Operation System ***
Windows Vista or Windows Server 2008 Server 4.0 (Version 6.1, Build 7600)

//=====================================================
Exception code: C0000005 ACCESS_VIOLATION
Fault address:  707BD101 01:0007C101 C:\\Windows\\system32\\MSVCR100.dll

Registers:
EAX:0000028D
EBX:03337F15
ECX:7FFFFFFE
EDX:025C4E73
ESI:00000000
EDI:0000028D
CS:EIP:0023:707BD101
SS:ESP:002B:03327B2C  EBP:03327DB0
DS:002B  ES:002B  FS:0053  GS:002B
Flags:00010202

Call stack:
Address   Frame     Function      SourceFile
707BD101  00000000  _vcwprintf_s+197D
707A4092  00000000  fprintf+E0
0044F0D9  00000000  vutf8printf+89
004499C9  00000000  Log::outDebug+59
00452A56  00000000  DatabaseMysql::DirectExecute+116
00456D39  00000000  SqlTransaction::Execute+99
0045790B  00000000  SqlDelayThread::run+10B
00455054  00000000  ACE_Based::Thread::ThreadTask+34
73565B04  00000000  ACE_OS_Thread_Adapter::invoke+74
7079C6DE  00000000  _endthreadex+3A
7079C788  00000000  _endthreadex+E4
752A3677  00000000  BaseThreadInitThunk+12
77699D72  00000000  RtlInitializeExceptionChain+63
77699D45  00000000  RtlInitializeExceptionChain+36
========================
Local Variables And Parameters

Call stack:
Address   Frame     Function      SourceFile
707BD101  00000000  _vcwprintf_s+197D

707A4092  00000000  fprintf+E0

0044F0D9  00000000  vutf8printf+89
   Local  <user defined> 'out'
   Local  <user defined> 'str'
   Local  <user defined> 'ap'
   Local  <user defined> 'wtemp_buf'
   Local  <user defined> 'temp_buf'
punting on symbol wtemp_len

004499C9  00000000  Log::outDebug+59
   Local  <user defined> 'this'
   Local  <user defined> 'str'
punting on symbol ap

00452A56  00000000  DatabaseMysql::DirectExecute+116
   Local  <user defined> 'sql'
   Local  <user defined> 'query_connection_guard'

00456D39  00000000  SqlTransaction::Execute+99
   Local  <user defined> 'db'

0045790B  00000000  SqlDelayThread::run+10B
punting on symbol loopCounter
   Local  <user defined> 'pingEveryLoop'

00455054  00000000  ACE_Based::Thread::ThreadTask+34
punting on symbol param

73565B04  00000000  ACE_OS_Thread_Adapter::invoke+74
punting on symbol status

7079C6DE  00000000  _endthreadex+3A

7079C788  00000000  _endthreadex+E4

752A3677  00000000  BaseThreadInitThunk+12

77699D72  00000000  RtlInitializeExceptionChain+63

77699D45  00000000  RtlInitializeExceptionChain+36

Link to comment
Share on other sites

im getting a lot of servers down due to this issues, the server is running normally them a crash happend and latter of that when a single player try to log server crash.

i mean server startup again and some secs latter and 20 or 10 secs or the time that X player with this issues log in server goes down.

its a really random crash i dont know how a simple log of a player can crash the server i got today 13 crash in less than 15 min. im blank 0.0 my rev is 10322 without custom patches

Link to comment
Share on other sites

void vutf8printf(FILE *out, const char *str, va_list* ap)
{
#if PLATFORM == PLATFORM_WINDOWS
   char temp_buf[32*1024];
   wchar_t wtemp_buf[32*1024];

   size_t temp_len = vsnprintf(temp_buf, 32*1024, str, *ap);

   size_t wtemp_len = 32*1024-1;
   Utf8toWStr(temp_buf, temp_len, wtemp_buf, wtemp_len);

   CharToOemBuffW(&wtemp_buf[0], &temp_buf[0], wtemp_len+1);
   fprintf(out, temp_buf);
#else
   vfprintf(out, str, *ap);
#endif
}

Windows-only bug :) (yeepee I'm using Debian!)

Something wrong with temp_buf?

Link to comment
Share on other sites

Hm...from http://msdn.microsoft.com/en-us/library/1kt27hek%28VS.80%29.aspx

Note

To ensure that there is room for the terminating null, be sure that count is strictly less than the buffer length and initialize the buffer to null prior to calling the function.

So, despite microsoft claiming this is the ANSI compatible version and omits it the argument description of count, does this mean the buffer has to be LARGER than count?

Gotta love those MS dudes...to "fix" this they added _vsnprintf() which duplicates the "count" argument so you can give it the actual buffer size -.-

Try with:

size_t temp_len = vsnprintf(temp_buf, 32*1024-1, str, *ap);

Link to comment
Share on other sites

Could just be coincidence but when I put this fix in CREDITS TO labinelu

I haven't had a crash yet, and the character who logged in and crashed the server can now login again and play.

@@ -4116,11 +4116,22 @@ bool Unit::AddSpellAuraHolder(SpellAuraHolder *holder)
}

void Unit::AddAuraToModList(Aura *aura)
{
    if (aura->GetModifier()->m_auraname < TOTAL_AURAS)
+    {
+        AuraList::const_iterator iter;
+        for (iter = m_modAuras[aura->GetModifier()->m_auraname].begin(); iter != m_modAuras[aura->GetModifier()->m_auraname].end(); ++iter)
+        {
+            if (aura->GetId() == (*iter)->GetId())
+            {
+                m_modAuras[aura->GetModifier()->m_auraname].remove((*iter));
+                break;
+            }
+        }
        m_modAuras[aura->GetModifier()->m_auraname].push_back(aura);
+    }
}

Link to comment
Share on other sites

Well maybe the patch avoids a call to sLog.outDebug (which is obviously where the crash occurs) during some SQL queries related to auras...I'm very precise, I know

Try without your patch and with the little change suggested by Lynx3d

maybe im so newbie but where is the file that lynx3d said to made the change?

Link to comment
Share on other sites

in src/shared/Util.cpp:461

@Schmoozered: yea basically this "fix" removes such auras from m_modAuras even though they may (or...if working correctly, will) still be present in a SpellAuraHolder...

If i'm not really mistaken, same harmful spells from different casters stack in most cases...

Link to comment
Share on other sites

Revision: * * 10345 4a181802416927280fdbbbef625c6403757c42f4
Date 11:8:2010. Time 20:35 
//=====================================================
*** Hardware ***
Processor: Quad-Core AMD Opteron(tm) Processor 1352
Number Of Processors: 4
Physical Memory: 4194303 KB (Available: 4194303 KB)
Commit Charge Limit: 4194303 KB

*** Operation System ***
Windows Vista or Windows Server 2008 Server 4.0 (Version 6.1, Build 7600)

//=====================================================
Exception code: C0000005 ACCESS_VIOLATION
Fault address:  7768E23E 01:0001E23E C:\\Windows\\SysWOW64\\ntdll.dll

Registers:
EAX:F1307455
EBX:0261D1F8
ECX:02750000
EDX:0261D1F8
ESI:CCD46E8C
EDI:0261D1F0
CS:EIP:0023:7768E23E
SS:ESP:002B:0AACFCBC  EBP:0AACFCF0
DS:002B  ES:002B  FS:0053  GS:002B
Flags:00010282

Call stack:
Address   Frame     Function      SourceFile
7768E23E  00000000  RtlInitUnicodeString+196
7768DEA3  00000000  RtlFreeHeap+7E
752A14D1  00000000  HeapFree+14
7358016A  00000000  free+1C
63DA922C  00000000  ACE_New_Allocator::free+C
63DADB1A  00000000  ACE_Data_Block::`vector deleting destructor'+5A
63DAE249  00000000  ACE_Message_Block::release+89
00785D2E  00000000  WorldSocket::handle_output_queue+13E
007861C6  00000000  WorldSocket::handle_output+136
63DEE5C0  00000000  ACE_TP_Reactor::handle_socket_events+B0
63DEE6AD  00000000  ACE_TP_Reactor::Dispatch_i+4D
63DEE7FE  00000000  ACE_TP_Reactor::handle_events+AE
63DD0CBE  00000000  ACE_Reactor::run_reactor_event_loop+2E
005EFB51  00000000  ReactorRunnable::svc+81
63DE85EE  00000000  ACE_Task_Base::svc_run+2E
63DE89CB  00000000  ACE_Thread_Adapter::invoke_i+6B
63DE8B13  00000000  ACE_Thread_Adapter::invoke+83
735CC6DE  00000000  _endthreadex+3A
735CC788  00000000  _endthreadex+E4
752A3677  00000000  BaseThreadInitThunk+12
77699D72  00000000  RtlInitializeExceptionChain+63
77699D45  00000000  RtlInitializeExceptionChain+36
========================
Local Variables And Parameters

Call stack:
Address   Frame     Function      SourceFile
7768E23E  00000000  RtlInitUnicodeString+196

7768DEA3  00000000  RtlFreeHeap+7E

752A14D1  00000000  HeapFree+14

7358016A  00000000  free+1C

63DA922C  00000000  ACE_New_Allocator::free+C
punting on symbol ptr

63DADB1A  00000000  ACE_Data_Block::`vector deleting destructor'+5A

63DAE249  00000000  ACE_Message_Block::release+89
   Local  <user defined> 'ace_mon'

00785D2E  00000000  WorldSocket::handle_output_queue+13E
   Local  <user defined> 'g'
   Local  <user defined> 'mblk'

007861C6  00000000  WorldSocket::handle_output+136
punting on symbol __formal
   Local  <user defined> 'Guard'

63DEE5C0  00000000  ACE_TP_Reactor::handle_socket_events+B0
   Local  <user defined> 'event_count'
   Local  <user defined> 'guard'
punting on symbol result
   Local  <user defined> 'dispatch_info'

63DEE6AD  00000000  ACE_TP_Reactor::Dispatch_i+4D
   Local  <user defined> 'max_wait_time'
   Local  <user defined> 'guard'
punting on symbol event_count
   Local  <user defined> 'initial_event_count'

63DEE7FE  00000000  ACE_TP_Reactor::handle_events+AE
   Local  <user defined> 'max_wait_time'
   Local  <user defined> 'result'
   Local  <user defined> 'countdown'
   Local  <user defined> 'guard'

63DD0CBE  00000000  ACE_Reactor::run_reactor_event_loop+2E
   Local  <user defined> 'tv'
   Local  <user defined> 'eh'

005EFB51  00000000  ReactorRunnable::svc+81
   Local  <user defined> 'interval'

63DE85EE  00000000  ACE_Task_Base::svc_run+2E
punting on symbol args

63DE89CB  00000000  ACE_Thread_Adapter::invoke_i+6B
punting on symbol status

63DE8B13  00000000  ACE_Thread_Adapter::invoke+83
   Local  <user defined> 'exit_hook_maybe'

735CC6DE  00000000  _endthreadex+3A

735CC788  00000000  _endthreadex+E4

752A3677  00000000  BaseThreadInitThunk+12

77699D72  00000000  RtlInitializeExceptionChain+63

77699D45  00000000  RtlInitializeExceptionChain+36

New crash even with your fix lynx

Link to comment
Share on other sites

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Privacy Policy Terms of Use