1. Hercules bug tracker archive
  2. Core
  3. Crash in map.c map_removemobs_sub

Crash in map.c map_removemobs_sub

Issue information

Issue ID
#7157
Status
Needs more Info
Severity
None
Started
Ryuuzaki
Apr 11, 2013 20:14
Last Post
Ryuuzaki
Apr 12, 2013 22:48
Confirmation
N/A

Ryuuzaki - Apr 11, 2013 20:14

[code=auto:0] Program terminated with signal 11, Segmentation fault. #0 0x000000000042ae8f in map_removemobs_sub (bl=0x7f148f7b67ac, ap=<value optimized out>) at map.c:2308 2308 if( md->db->mexp > 0 ) (gdb) bt full #0 0x000000000042ae8f in map_removemobs_sub (bl=0x7f148f7b67ac, ap=<value optimized out>) at map.c:2308 md = 0x7f148f7b67ac __FUNCTION__ = "map_removemobs_sub" #1 0x000000000043252f in map_foreachinmap (func=0x42ae30 <map_removemobs_sub>, m=<value optimized out>, type=<value optimized out>) at map.c:1223 b = <value optimized out> bsize = <value optimized out> returnCount = <value optimized out> bl = <value optimized out> blockcount = 0 i = 2 ap = {{gp_offset = 24, fp_offset = 48, overflow_arg_area = 0x7fff7f0588c0, reg_save_area = 0x7fff7f0587e0}} #2 0x00000000004326ab in map_removemobs_timer (tid=<value optimized out>, tick=<value optimized out>, id=<value optimized out>, data=<value optimized out>) at map.c:2335 count = <value optimized out> m = <value optimized out> #3 0x000000000059b64f in do_timer (tick=3302495670) at timer.c:370 tid = 105 diff = -16 __FUNCTION__ = "do_timer" #4 0x00000000005988ac in main (argc=1, argv=0x7fff7f058a28) at core.c:333 next = <value optimized out> [/code]
Have only slight modifications in map.c nothing anywhere related to that function. Changed from RA to herc today after 3 days of code implementation.
Any idea what could be wrong here? It didn't crash on windows test machine for 3 days of testing, live server is centos 6.

Why would it crash on the mexp call? Only had one player online at this point, he ran around in payon cave 3 (pay_dun02) (bongun munak etc.) was playing Monk class, was using that KI explosion skill a lot.
Server setting pre-re.


If you need more info let me know, thanks!

Ind - Apr 11, 2013 21:00

well by the crash i can say the mob_data in question is most likely either with no md->db pointer or with a broken md->db pointer, if you're still on gdb, would it be possible to do the following?[code=auto:0] up 0 p md->db [/code]it will tell us whether there is no address (0x0) or any address (0xsomething), that will let we know whether the db link is missing or corrupt.

This post has been edited by Ind on Apr 11, 2013 21:01

Ind - Apr 11, 2013 21:01

also a[code=auto:0] p md->class_ [/code]will let we know whats the mob id of the entry

Ryuuzaki - Apr 11, 2013 21:02

$1 = (struct mob_db *) 0x0

Nullpointer? But why isn't there a check like

if(!md)
return 0;

at the top of the function?

Ryuuzaki - Apr 11, 2013 21:04

1369 -> Grand Peco, how is that even remotely possible? No one killed that mob, maybe someone damaged it and it got "corrupted" or something?

BTW thanks for pointing that out, that it's possible to get access to transmitted values, didn't know that this is possible, you learned stop to learn i guess :P

This post has been edited by Ryuuzaki on Apr 11, 2013 21:05

Ind - Apr 11, 2013 21:09

but there is o-o its weird[code=auto:0] int map_removemobs_sub(struct block_list *bl, va_list ap) { struct mob_data *md = (struct mob_data *)bl; nullpo_ret(md); [/code]it shouldn't have gotten there if the unit was null

Ind - Apr 11, 2013 21:12

also it wasn't null at the time of the crash o-o (i failed to notice that on my first reply)[code=auto:0] #0 0x000000000042ae8f in map_removemobs_sub (bl=0x7f148f7b67ac, ap=<value optimized out>) at map.c:2308 md = 0x7f148f7b67ac [/code]

Ryuuzaki - Apr 11, 2013 21:14

Yeah very very weird, so it magically lost it's data during the function.

Ind - Apr 11, 2013 21:16

no not really its more like the 0x0 you printed wasnt from that case, from the begin of that function until the part it crashed there is no place it changes the data

Ryuuzaki - Apr 11, 2013 21:20

When i typed



[code=auto:0] (gdb) p md [/code]


It returned


[code=auto:0] $6 = (struct mob_data *) 0x7f148f7b67ac [/code]
Does that help you in any way?

Ind - Apr 11, 2013 21:24

did you move to the segment that crashed prior to typing that ( you use 'up <number>' and 'down <number>' )?

Ind - Apr 11, 2013 21:24

btw what about 'p md->db'?

Ryuuzaki - Apr 11, 2013 21:26

Didn't change anything, it was still at "up 0"

(gdb) p md->db
$9 = (struct mob_db *) 0x0

Ind - Apr 11, 2013 21:39

ooh o.o i'm sorry you've been doing it correctly and i've read it wrong XD T_T

Ind - Apr 11, 2013 21:41

I can't find in the code anything that removes a md->db link, do you have anything custom that spawns monsters?

Ind - Apr 11, 2013 21:46

btw something occured to me, let me know what a[code=auto:0] p bl->type [/code]displays

Ryuuzaki - Apr 11, 2013 21:50

p bl->type
$10 = BL_MOB

You mean a function or something like a questmob which triggers a label?

I have a function which checks for a specific monster on the map, will then return its coordinates and display a "viewpoint" on the map for every player currently on the map.
Running through a script (npc file) based while loop with a 5 seconds delay, then refresh the "viewpoint" again.

That's the only thing i could remotely think of.

This post has been edited by Ryuuzaki on Apr 11, 2013 21:51

Ind - Apr 11, 2013 21:52

I personally don't see how this crash happens only here tho, md->db is used on a number of places without checks too. anyhow try to change that line from[code=auto:0] if( md->db->mexp > 0 ) return 0; [/code]to[code=auto:0] if( md->db && md->db->mexp > 0 ) return 0; [/code]if its really a md->db problem it will crash elsewhere and give us a another clue

Ryuuzaki - Apr 11, 2013 21:54

Gonna put the md->db check in really quick, let's see if the server crashes again.

Ryuuzaki - Apr 11, 2013 21:58

On a quite unrelated note, when i was coding this viewpoint for all players given map, i wanted to use the getmapxy function to search for the mob name.
When reading the code i noticed following in the header:

[code=auto:0]* type - type of object * 0 - Character coord * 1 - NPC coord * 2 - Pet coord * 3 - Mob coord (not released) .... BUILDIN_FUNC(getmapxy)[/code]
Searching for monsters was not "released", so i couldn't get the coords from that particular quest monster.

I made it possible by modifying the function and adding a new _sub specific for monsters, does hercules have any interest in that feature? If yes i can release it.
Let me know if you want an insight on it.

This post has been edited by Ryuuzaki on Apr 11, 2013 22:00

Ind - Apr 11, 2013 22:02

[quote]
Searching for monsters was not "released", so i couldn't get the coords from that particular quest monster.

I made it possible by modifying the function and adding a new _sub specific for monsters, does hercules have any interest in that feature? If yes i can release it.
Let me know if you want an insight on it.[/quote]I dunno about whether hercules would use it (i don't decide stuff alone) but if you dont mind displaying it to others send me it through a pm and i can take a look to see if anything on that is conflicting

Ryuuzaki - Apr 11, 2013 22:03

Will drop you a PM with all details and functions used.

Ryuuzaki - Apr 12, 2013 22:48

Map-server did not crash for now, will report back when it crashed again.