map server crashing

found the issue regarding this crash.

when ET instance has been deleted/expired the map server will crash.

Marking as "Duplicate" : [url="http://herc.ws/board/tracker/issue-7635-crashing-when-using-unloa/"]http://herc.ws/board/tracker/issue-7635-crashing-when-using-unloa/[/url]

thanks for the confirmation ind, even the et is crashing :)

thanks for the report (and the gdb dump!) Gepard and I are discussing it

it seems its being caused by a scenario we did not predict or something using this portion of the code unproperly, either way to figure it we need more info. I'd like to ask if you have any source modifications that do something with npcs and/or their data, also would like to ask whether your endless tower script is modified and/or custom.
Thank you for your time

the default SealedShrine is also crashing when the instance timer has been depleted. i dont have any source modification relating to npc or so, just some minor modification like change max guild member..

i initially thought it was due to our custom ET, so i disabled it, a while ago, somebody went to sealed shrine, and after it expired. it also crashed. so for the meantime i disable all npc with instances. do you need the crash dump for it?

[quote name="serverkid" timestamp="1375901883"]
do you need the crash dump for it?[/quote]please :D the more the better

here :D[code=auto:0](gdb) bt full #0 linkdb_erase (head=0x7fff935f9ab8, key=0x7f0a1ec18984) at db.c:2778 node = 0xfdfdfdfdfdfdfdfd __FUNCTION__ = "linkdb_erase" #1 0x00000000004d590d in npc_unload_ev_label (key=<value optimized out>, data=<value optimized out>, ap=0x7fff935f9ae0) at npc.c:1775 label_linkdb = 0x7f0a1ec03df4 nd = <value optimized out> #2 0x00000000005e8b2a in db_obj_vforeach (self=0x3b50a58, func=0x4d58d0 <npc_unload_ev_label>, args=0x7fff935f9b40) at db.c:1937 argscopy = {{gp_offset = 24, fp_offset = 48, overflow_arg_area = 0x7fff935f9c20, reg_save_area = 0x7fff935f9b60}} db = 0x3b50a58 sum = 0 node = 0x56f46e8 parent = <value optimized out> #3 0x00000000005e7b21 in db_obj_foreach (self=<value optimized out>, func=<value optimized out>) at db.c:1983 args = {{gp_offset = 16, fp_offset = 48, overflow_arg_area = 0x7fff935f9c20, reg_save_area = 0x7fff935f9b60}} #4 0x00000000004d5783 in npc_unload (nd=0x7f0a1ec18984, single=1 '\001') at npc.c:1835 iter = <value optimized out> bl = <value optimized out> __FUNCTION__ = "npc_unload" #5 0x00000000005d7767 in instance_cleanup_sub (bl=0x7f0a1ec18984, ap=<value optimized out>) at instance.c:313 __FUNCTION__ = "instance_cleanup_sub" #6 0x0000000000446116 in bl_vforeach (func=0x5d7700 <instance_cleanup_sub>, blockcount=0, max=2147483647, args=<value optimized out>) at map.c:532 argscopy = {{gp_offset = 24, fp_offset = 48, overflow_arg_area = 0x7fff935f9e10, reg_save_area = 0x7fff935f9d50}} i = 4 returnCount = <value optimized out> #7 0x0000000000446f4c in map_vforeachinmap (func=0x5d7700 <instance_cleanup_sub>, m=<value optimized out>, type=<value optimized out>, args=0x7fff935f9d30) at map.c:586 i = <value optimized out> returnCount = 0 bsize = <value optimized out> argscopy = {{gp_offset = 24, fp_offset = 48, overflow_arg_area = 0x7fff935f9e10, reg_save_area = 0x7fff935f9d50}} bl = <value optimized out> blockcount = 0 #8 0x00000000004470f6 in map_foreachinmap (func=<value optimized out>, m=<value optimized out>, type=<value optimized out>) at map.c:608 returnCount = 0 ap = {{gp_offset = 24, fp_offset = 48, overflow_arg_area = 0x7fff935f9e10, reg_save_area = 0x7fff935f9d50}} #9 0x00000000005d7454 in instance_del_map (m=890) at instance.c:344 i = <value optimized out> __FUNCTION__ = "instance_del_map" #10 0x00000000005d714c in instance_destroy (instance_id=<value optimized out>) at instance.c:449 sd = <value optimized out> icptr = <value optimized out> p = <value optimized out> g = <value optimized out> iptr = <value optimized out> type = <value optimized out> j = <value optimized out> last = 890 now = <value optimized out> __FUNCTION__ = "instance_destroy" #11 0x00000000005d6ad3 in instance_destroy_timer (tid=<value optimized out>, tick=<value optimized out>, id=<value optimized out>, data=<value optimized out>) at instance.c:384 No locals. #12 0x00000000005e644f in do_timer (tick=262351035) at timer.c:353 tid = 8755 diff = -16 __FUNCTION__ = "do_timer" #13 0x00000000005e3217 in main (argc=1, argv=<value optimized out>) at core.c:344 next = <value optimized out> (gdb) [/code]

thank you

Another question, during map-server boot, do you get any warnings/errors from npc/event/duplicate-name/parsing? (if so could you paste them to me?)

so far there was no error after the map-server booted

I'll talk with other devs regarding this, I'm unsure. however for the meantime you may use the following to avoid the crash (theres a chance it'll cause a crash elsewhere which could also give us another clue)
if you decide to use it, in src/common/db.c find:[code=auto:0] void* linkdb_erase( struct linkdb_node** head, void *key) { struct linkdb_node *node; if( head == NULL ) return NULL; node = *head; while( node ) { [/code]change to[code=auto:0] void* linkdb_erase( struct linkdb_node** head, void *key) { struct linkdb_node *node; if( head == NULL ) return NULL; node = *head; while( node && node != (struct linkdb_node *)0xfdfdfdfdfdfdfdfd ) { [/code]

alright, imma try it later.. i'll call it a day for now, i'll update this once i tested it later, thanks again

ind, edited the line and got an error when loading the file, after unloading it.[code=auto:0]Memory manager: freed-data is changed. (freed in db.c line 2786)[/code]

this is the crash dump after using @unloadnpcfile (didn't crash) @loadnpc (didn't crash but see above error) and lastly @unloadnpcfile again
[code=auto:0]#0 linkdb_erase (head=0x7fffffffd6d8, key=0x7ffff3c65414) at db.c:2778 node = 0x6d61655420646552 __FUNCTION__ = "linkdb_erase" #1 0x00000000004d8d4d in npc_unload_ev_label (key=<value optimized out>, data=<value optimized out>, ap=0x7fffffffd700) at npc.c:1775 label_linkdb = 0x7ffff3d648fc nd = <value optimized out> #2 0x00000000005ecfaa in db_obj_vforeach (self=0x1d62a78, func=0x4d8d10 <npc_unload_ev_label>, args=0x7fffffffd760) at db.c:1937 argscopy = {{gp_offset = 24, fp_offset = 48, overflow_arg_area = 0x7fffffffd840, reg_save_area = 0x7fffffffd780}} db = 0x1d62a78 sum = 0 node = 0x219b8e8 parent = <value optimized out> #3 0x00000000005ebfa1 in db_obj_foreach (self=<value optimized out>, func=<value optimized out>) at db.c:1983 args = {{gp_offset = 16, fp_offset = 48, overflow_arg_area = 0x7fffffffd840, reg_save_area = 0x7fffffffd780}} #4 0x00000000004d8bc3 in npc_unload (nd=0x7ffff3c65414, single=1 '\001') at npc.c:1835 iter = <value optimized out> bl = <value optimized out> __FUNCTION__ = "npc_unload" #5 0x00000000004d8c85 in npc_unloadfile ( path=0x7fffffffdbe0 "npc/custom/sony_scripts/bg.txt") at npc.c:3874 iter = 0x1e53900 nd = 0x7ffff3c65414 found = 1 '\001' #6 0x0000000000589788 in atcommand_unloadnpcfile (fd=11, sd=<value optimized out>, command=<value optimized out>, message=<value optimized out>, info=<value optimized out>) at atcommand.c:8804 No locals. #7 0x00000000005819f3 in is_atcommand (fd=11, sd=0x277c710, message=<value optimized out>, type=<value optimized out>) at atcommand.c:10099 charname = "\360\335\377\377\377\177\000\000\t\000\000\000\377\177\000\000.\000\000\000\000\000\000" params = "npc/custom/sony_scripts/bg.txt", '\000' <repeats 69 times> charname2 = "\377\377\377\177\000\000\000\000\020\337H\000\000\000\000\000\263\266\f\220\000\000\000" params2 = "\235y\331\001\000\000\000\000\332\062@\002\000\000\000\000\063\000\000\000\000\000\000\000$#\200\307\071", '\000' <repeats 11 times>, "`\335\ 377\377\377\177\000\000i\000\000\000\321\000\000\000\000\000\000\000\r\000\000\000\330\334\377\377\377\177\000\000\000\000\000\000\032", '\000' <repeats 22 times> command = "@unloadnpcfile", '\000' <repeats 85 times> output = "\360<H", '\000' <repeats 13 times>"\377, \377\377\177\000\000\000\000\267fD\000\000\000\000\000\260\364\300\307\071\000\000\000\060\333\377\377\377\177\000\000\000\000\000\000\060", '\000' <repeats 11 times>"\260, \364\300\307\071\000\000\000P\333\377\377\377\177\000\000\000\000\000\000\377\177\000\000\000\000\000\000\000\000\000\000 \000\000\000\060\000\000\000\060\335\377\377\377\177\000\000p\334\377\377\377\177\000\000\000\000\000\000\000\000\000\000 \000\000\000\060\000\000\000P\335\377\377\377\177\000\000\220\334\377\377\377\177\000\000\210\333\377\377\377\177\000\000\060\000\000\000\060\000\000\000\230\333\377\377\377\177\000\000\300\332\377\377\377\177\000\000@\333\377\377\377\177\000\000\v\000\000\000\000\000\000\000\201\326\377\377\377\177\000\000\b\000\000\000\000\000\000\000\214>H", '\000' <repeats 13 times>, "0\333\377\377\377\177\000\000\234y\331\001\000\000\000\000@\335\377\377\377\177\000" atcmd_msg = "@unloadnpcfile npc/custom/sony_scripts/bg.txt\000\000\000\204\256\360\364\377\177\000\000\245\027T\000\000\000\000\000\030\000\000\000\060\000\000\000\243w^\000\000\000\000\000\000\000\000\000E\000\000\000\274\361\277\367\377\177\000\000\v\000\000\000\000\000\000\000\350y^\000\000\000\000\000\274\361\277\367\377\177\000\000\243~^\000\000\000\000\000\377\377\377\177\000\000\000\000\267fD\000\000\000\000\000\270\332\377\377\377\177\000\000\020\332\377\377\377\177\000\000%\000\000\000\000\000\000\000\060\332\377\377\377\177\000\000\v\00 0\000\000\000\000\000\000\v\000\000\000\000\000\000\000\260,)\001\000\000\000\000\214>H\000\000\000\000\000@\334\377\377\377\177\000\000\300\333\377\377%\000\000\000x,)\001\000\000\000\000\360<H", '\000' <repeats 13 times>"\377, \377\377\177\000\000\000" ssd = <value optimized out> info = 0x7ffff7859b4c __FUNCTION__ = "is_atcommand" #8 0x000000000048c3c7 in clif_parse_GlobalMessage (fd=11, sd=0x277c710) at clif.c:9861 text = 0x7ffff3d24430 "ServerKid : @unloadnpcfile npc/custom/sony_scripts/bg.txt" textlen = 58 name = 0x7ffff3d24430 "ServerKid : @unloadnpcfile npc/custom/sony_scripts/bg.txt" message = 0x7ffff3d2443c "@unloadnpcfile npc/custom/sony_scripts/bg.txt" fakename = 0x0 namelen = 9 messagelen = <value optimized out> is_fake = <value optimized out> __FUNCTION__ = "clif_parse_GlobalMessage" #9 0x00000000004649ea in clif_parse (fd=11) at clif.c:17681 parse_cmd_func = <value optimized out> cmd = <value optimized out> packet_len = 62 sd = 0x277c710 pnum = <value optimized out> #10 0x00000000005e9756 in do_sockets (next=<value optimized out>) at socket.c:858 rfd = {__fds_bits = {2048, 0 <repeats 15 times>}} timeout = {tv_sec = 0, tv_usec = 33450} ret = 0 i = <value optimized out> #11 0x00000000005e73f6 in main (argc=1, argv=<value optimized out>) at core.c:345 next = <value optimized out>[/code]

As I suspected, 'node = 0x6d61655420646552' is an invalid pointer. Its content has been overwritten by the ASCII string 'Red Team' (52 65 64 20 54 65 61 6D).


Gotta figure out why it happens now.

do i need to post the script? it's a custom bg script i've made.

EDIT: was crashing also if unloading other files.. so it's not the script :)

Hmm, I can't reproduce the crash locally. Is there anything specific I should do?

by using @unloadnpcfile, then loadnpc then unloadnpcfile again. it is also crashing when instances are expired.


UPDATE:

it seems that it is not crashing when there is only 1 npc in the file. however if there are multiple npc, like the attached file, it will crash when unloaded

I still can't reproduce it >.<

I tried to load and unload several times the script you posted, and I didn't get any crash...
[img]http://f.cl.ly/items/1P0o3N2S173i3P3h3O3i/Screen%20Shot%202013-08-22%20at%2001.44.43.png[/img]

(the only changes I made in the script were renaming 'arlandria' to 'prontera', since I don't have that map in a clean Hercules, and moving the Red Team / Blue Team NPCs to the top of the script to avoid the [Debug]: NPCEvent 'Blue Team::OnStart' not found! (source: custom_bg#control) / [Debug]: NPCEvent 'Red Team::OnStart' not found! (source: custom_bg#control) messages.)


Could you try on a clean Hercules to see if you still get the crash on your system? I tested it on a 32 bit linux system only.

this is fixed, for some reason some files weren't updated even if it says already up to date in git.

cloned new repo, then merged my changes and it works now :) sorry for the report