Yet another map server crash. - Hercules bug tracker archive

Issue information

Issue ID

#7517

Status

Fixed

Severity

None

Started

jTynne

Jul 13, 2013 6:09

Last Post

Haru

Jul 13, 2013 15:23

Confirmation

Yes (1)

No (0)

jTynne - Jul 13, 2013 6:09

#0 linkdb_erase (head=0x7fffffffd7f8, key=0x7fffefea6f3c) at db.c:2778
node = 0x4400004d3e
__FUNCTION__ = "linkdb_erase"
#1 0x00000000004d2acd in npc_unload_ev_label (key=<value optimized out>,
data=<value optimized out>, ap=0x7fffffffd820) at npc.c:1776
label_linkdb = 0x7fffeede73f4
nd = <value optimized out>
#2 0x00000000005e458a in db_obj_vforeach (self=0x1d918d8,
func=0x4d2a90 <npc_unload_ev_label>, args=0x7fffffffd880) at db.c:1937
argscopy = {{gp_offset = 24, fp_offset = 48,
overflow_arg_area = 0x7fffffffd960,
reg_save_area = 0x7fffffffd8a0}}
db = 0x1d918d8
sum = 0
node = 0x1e5c0d8
parent = <value optimized out>
#3 0x00000000005e3341 in db_obj_foreach (self=<value optimized out>,
func=<value optimized out>) at db.c:1983
args = {{gp_offset = 16, fp_offset = 48,
overflow_arg_area = 0x7fffffffd960,
reg_save_area = 0x7fffffffd8a0}}
#4 0x00000000004d293b in npc_unload (nd=0x7fffefea6f3c, single=1 '\001')
at npc.c:1836
iter = <value optimized out>
bl = <value optimized out>
__FUNCTION__ = "npc_unload"
#5 0x000000000058be3d in atcommand_unloadnpc (fd=37,
sd=<value optimized out>, command=<value optimized out>,
message=<value optimized out>, info=<value optimized out>)
at atcommand.c:4352
nd = 0x7fffefea6f3c
NPCname = "restbind", '\000' <repeats 16 times>
#6 0x000000000057842d in is_atcommand (fd=37, sd=0x4db3f60,
message=<value optimized out>, type=<value optimized out>)
at atcommand.c:10063
charname = "\000\337\377\377\377\177\000\000\006\000\000\000\000\000\000\000\024\000\000\000\000\000\000"
params = "restbind", '\000' <repeats 91 times>
charname2 = "\000\000\000\000\000\000\000\000\275\224H\000\000\000\000\000p*\206\005\000\000\000"
params2 = ".\000\000\000\000\000\000\000\000\350G\000\000\000\000\000\060\000\000\000\060\000\000\000\310\335\377\377\377\177\000\000\260\334\377\377\377\177", '\000' <repeats 34 times>"\253, \203\020\f\000\000\000\000\000\335\377\377\377\177\000\000p*\206\005\000\000\000\000\234\b\000"
command = "@unloadnpc", '\000' <repeats 89 times>
output = "]\001\000\000\000\000\000\000\071\"_\000\000\000\000\000\060\
#6 0x000000000057842d in is_atcommand (fd=37, sd=0x4db3f60,
message=<value optimized out>, type=<value optimized out>)
at atcommand.c:10063
charname = "\000\337\377\377\377\177\000\000\006\000\000\000\000\000\000\000\024\000\000\000\000\000\000"
params = "restbind", '\000' <repeats 91 times>
charname2 = "\000\000\000\000\000\000\000\000\275\224H\000\000\000\000\000p*\206\005\000\000\000"
params2 = ".\000\000\000\000\000\000\000\000\350G\000\000\000\000\000\060\000\000\000\060\000\000\000\310\335\377\377\377\177\000\000\260\334\377\377\377\177", '\000' <repeats 34 times>"\253, \203\020\f\000\000\000\000\000\335\377\377\377\177\000\000p*\206\005\000\000\000\000\234\b\000"
command = "@unloadnpc", '\000' <repeats 89 times>
output = "]\001\000\000\000\000\000\000\071\"_\000\000\000\000\000\060\---Type <return> to continue, or q <return> to quit---
000\000\000\060\000\000\000\251\351^\000\000\000\000\000@\333\377\377\377\177\000\000/uN\000\000\000\000\000\000\000[\000\001[[[\000\000\000\000\000\000\000\000|\333\377\377\377\177\000\000Tu\177\361\377\177\000\000\253\203\020\f\000\000\000\000\261\023R\000\000\000\000\000td\315\355\377\177\000\000VJY", '\000' <repeats 13 times>, "\033uL\000\000\000\000\000td\315\355\377\177\000\000zt\365\367\377\177\000\000\000\000\000\000\000\000\000\000td\315\355\377\177\000\000td\315\355\377\177\000\000x\335\377\377\377\177\000\000\031\000\000\000\000\000\000\000C\332]\000\000\000\000\000,L/\357\377\177\000\000,L/\357\377\177\000\000\027\000\000\000\000\000\000\000h\334]\000\000\000\000\000,L/\357\377\177\000\000\063\341]\000\000\000\000\000,L/\357\377\177\000\000"...
atcmd_msg = "@unloadnpc restbind\000\000\000\000\000zt\365\367\377\177\000\000(\000\000\000\000\000\000\000l\256M\000\000\000\000\000<\033\356\356\377\177\000\000!\001\000\000\000\000\000\000!\000\371\000\003\000\000\000\375\377\377\377\000\000#\001\001\000\000\000\000\000\000\000\002\000\000\000 \001\000\000!\001\000\000\t\001\000\000\n\001\000\000\v\001\000\000\f\001\000\000\r\001\000\000\016\001\000\000\017\001\000\000\020\001\000\000\377\177\000\000\025", '\000' <repeats 15 times>, "\005\000\000\000\000\000\000\000\025\000\000\000\000\000\000\000\000\335\377\377\377\177\000\000!\000\000\000\000\000\000\000\200k\330\001\000\000\000\000\025\000\000\000\000\000\000\000\365\350G\000\000\000\000\000\000\350G\000\000\000\000\000\000\000\000\000\374\000\000\000\373\000\000\000V"...
ssd = <value optimized out>
info = 0x7ffff4b1842c
#7 0x0000000000487998 in clif_parse_GlobalMessage (fd=37, sd=0x4db3f60)
at clif.c:9928
text = 0x7fffef509488 "jTynne : @unloadnpc restbind"
textlen = 29
name = 0x7fffef509488 "jTynne : @unloadnpc restbind"
message = 0x7fffef509491 "@unloadnpc restbind"
fakename = 0x0
namelen = 6
messagelen = <value optimized out>
is_fake = <value optimized out>
__FUNCTION__ = "clif_parse_GlobalMessage"
#8 0x0000000000466bf9 in clif_parse (fd=37) at clif.c:17728
cmd = <value optimized out>
packet_len = 33
sd = 0x4db3f60
pnum = <value optimized out>
#9 0x00000000005df876 in do_sockets (next=<value optimized out>)
at socket.c:864
rfd = {__fds_bits = {137438953472, 0 <repeats 15 times>}}
timeout = {tv_sec = 0, tv_usec = 35797}
ret = <value optimized out>
i = <value optimized out>
#10 0x00000000005dd6e6 in main (argc=1, argv=<value optimized out>)
at core.c:348
next = <value optimized out>

Happened while attempting to unload this NPC:

[code=auto:0]- script restbind -1,{ OnInit: unbindatcmd "rest"; bindatcmd("rest","restbind::OnAtcommand",0,90); end; OnAtcommand: set @msg$,.@atcmd_parameters$[0]; if(@msg$ == "") { dispbottom "[Resting] : To rest, type @rest <your message here>. You will be logged out and your rest bonus timer will begin. When you log back in next, you will gain bonus experience each time you defeat a monster."; dispbottom "To refill your rest bonus timer, simply rest regularly each night when you sign out!"; end; } else { if(RestDayNum < 1) { set RestDayNum,gettime(8); set RestCount,RestCount+1; set RestTimer, gettimetick(0);} if(gettime(8) != RestDayNum) { set RestCount,RestCount+1; set RestDayNum,gettime(8);} set RestTimer, gettimetick(0); atcommand "@afk [Resting] : "+@msg$; set #set_resting,1; end; } } [/code]

mofo - Jul 13, 2013 6:40

I think the unloadnpc command in general is causing this. I tried to unload a basic npc, and my server crashed too.

jTynne - Jul 13, 2013 6:43

Thanks for the confirmation, mofo. Running latest Herc?

bgamez23 - Jul 13, 2013 7:13

it happens only on linux os. before i'm having an issue regarding on this. just like killing on npc. when you right click on then kill. then character select or logout the map server will crashed. i'm not sure if its already fix now. but on windows os. there are no problem on unloading npc.

Gepard - Jul 13, 2013 7:33

This is related to recent [url="https://github.com/HerculesWS/Hercules/commit/6e0da189207134c8d57ecca48f397bc592dcc1ad"]https://github.com/HerculesWS/Hercules/commit/6e0da189207134c8d57ecca48f397bc592dcc1ad[/url]

It's an issue with @unloadnpc command.

I'm fixing it.

mofo - Jul 13, 2013 8:00

yes, jTynne, I'm on the latest herc.

Gepard - Jul 13, 2013 11:08

Should be fixed after this is merged: [url="https://github.com/HerculesWS/Hercules/pull/58"]https://github.com/HerculesWS/Hercules/pull/58[/url]

Issue was caused by dangling pointer left after:
- unloading single NPC with unique label
- unloading single NPC with non-unique label which happens to be loaded last of all NPC with same label

Subsequent unloading of any NPC is bound to cause server crash.

jTynne - Jul 13, 2013 13:35

Gepard's merge fixes it; Waiting for someone to merge it into Herc for everyone else. :3

Thank you Gepard!

Haru - Jul 13, 2013 15:23

Merged

Thank you very much Gepard :3