map server crashing

found the issue regarding this crash.

when ET instance has been deleted/expired the map server will crash.

Marking as "Duplicate" : http://herc.ws/board...en-using-unloa/

thanks for the confirmation ind, even the et is crashing

thanks for the report (and the gdb dump!) Gepard and I are discussing it

it seems its being caused by a scenario we did not predict or something using this portion of the code unproperly, either way to figure it we need more info. I'd like to ask if you have any source modifications that do something with npcs and/or their data, also would like to ask whether your endless tower script is modified and/or custom.
Thank you for your time

the default SealedShrine is also crashing when the instance timer has been depleted. i dont have any source modification relating to npc or so, just some minor modification like change max guild member..

i initially thought it was due to our custom ET, so i disabled it, a while ago, somebody went to sealed shrine, and after it expired. it also crashed. so for the meantime i disable all npc with instances. do you need the crash dump for it?

do you need the crash dump for it?

please the more the better

here

(gdb) bt full
#0  linkdb_erase (head=0x7fff935f9ab8, key=0x7f0a1ec18984) at db.c:2778
        node = 0xfdfdfdfdfdfdfdfd
        __FUNCTION__ = "linkdb_erase"
#1  0x00000000004d590d in npc_unload_ev_label (key=<value optimized out>, data=<value optimized out>, ap=0x7fff935f9ae0) at npc.c:1775
        label_linkdb = 0x7f0a1ec03df4
        nd = <value optimized out>
#2  0x00000000005e8b2a in db_obj_vforeach (self=0x3b50a58, func=0x4d58d0 <npc_unload_ev_label>, args=0x7fff935f9b40) at db.c:1937
        argscopy = {{gp_offset = 24, fp_offset = 48, overflow_arg_area = 0x7fff935f9c20, reg_save_area = 0x7fff935f9b60}}
        db = 0x3b50a58
        sum = 0
        node = 0x56f46e8
        parent = <value optimized out>
#3  0x00000000005e7b21 in db_obj_foreach (self=<value optimized out>, func=<value optimized out>) at db.c:1983
        args = {{gp_offset = 16, fp_offset = 48, overflow_arg_area = 0x7fff935f9c20, reg_save_area = 0x7fff935f9b60}}
#4  0x00000000004d5783 in npc_unload (nd=0x7f0a1ec18984, single=1 '\001') at npc.c:1835
        iter = <value optimized out>
        bl = <value optimized out>
        __FUNCTION__ = "npc_unload"
#5  0x00000000005d7767 in instance_cleanup_sub (bl=0x7f0a1ec18984, ap=<value optimized out>) at instance.c:313
        __FUNCTION__ = "instance_cleanup_sub"
#6  0x0000000000446116 in bl_vforeach (func=0x5d7700 <instance_cleanup_sub>, blockcount=0, max=2147483647, args=<value optimized out>) at map.c:532
        argscopy = {{gp_offset = 24, fp_offset = 48, overflow_arg_area = 0x7fff935f9e10, reg_save_area = 0x7fff935f9d50}}
        i = 4
        returnCount = <value optimized out>
#7  0x0000000000446f4c in map_vforeachinmap (func=0x5d7700 <instance_cleanup_sub>, m=<value optimized out>, type=<value optimized out>, args=0x7fff935f9d30) at map.c:586
        i = <value optimized out>
        returnCount = 0
        bsize = <value optimized out>
        argscopy = {{gp_offset = 24, fp_offset = 48, overflow_arg_area = 0x7fff935f9e10, reg_save_area = 0x7fff935f9d50}}
        bl = <value optimized out>
        blockcount = 0
#8  0x00000000004470f6 in map_foreachinmap (func=<value optimized out>, m=<value optimized out>, type=<value optimized out>) at map.c:608
        returnCount = 0
        ap = {{gp_offset = 24, fp_offset = 48, overflow_arg_area = 0x7fff935f9e10, reg_save_area = 0x7fff935f9d50}}
#9  0x00000000005d7454 in instance_del_map (m=890) at instance.c:344
        i = <value optimized out>
        __FUNCTION__ = "instance_del_map"
#10 0x00000000005d714c in instance_destroy (instance_id=<value optimized out>) at instance.c:449
        sd = <value optimized out>
        icptr = <value optimized out>
        p = <value optimized out>
        g = <value optimized out>
        iptr = <value optimized out>
        type = <value optimized out>
        j = <value optimized out>
        last = 890
        now = <value optimized out>
        __FUNCTION__ = "instance_destroy"
#11 0x00000000005d6ad3 in instance_destroy_timer (tid=<value optimized out>, tick=<value optimized out>, id=<value optimized out>, data=<value optimized out>) at instance.c:384
No locals.
#12 0x00000000005e644f in do_timer (tick=262351035) at timer.c:353
        tid = 8755
        diff = -16
        __FUNCTION__ = "do_timer"
#13 0x00000000005e3217 in main (argc=1, argv=<value optimized out>) at core.c:344
        next = <value optimized out>
(gdb)

Edited by serverkid, 07 August 2013 - 07:40 PM.

thank you

Another question, during map-server boot, do you get any warnings/errors from npc/event/duplicate-name/parsing? (if so could you paste them to me?)

so far there was no error after the map-server booted

I'll talk with other devs regarding this, I'm unsure. however for the meantime you may use the following to avoid the crash (theres a chance it'll cause a crash elsewhere which could also give us another clue)
if you decide to use it, in src/common/db.c find:

void* linkdb_erase( struct linkdb_node** head, void *key)
{
	struct linkdb_node *node;
	if( head == NULL ) return NULL;
	node = *head;
	while( node ) {

change to

void* linkdb_erase( struct linkdb_node** head, void *key)
{
	struct linkdb_node *node;
	if( head == NULL ) return NULL;
	node = *head;
	while( node && node != (struct linkdb_node *)0xfdfdfdfdfdfdfdfd ) {

alright, imma try it later.. i'll call it a day for now, i'll update this once i tested it later, thanks again

ind, edited the line and got an error when loading the file, after unloading it.

Memory manager: freed-data is changed. (freed in db.c line 2786)

this is the crash dump after using @unloadnpcfile (didn't crash) @loadnpc (didn't crash but see above error) and lastly @unloadnpcfile again

#0  linkdb_erase (head=0x7fffffffd6d8, key=0x7ffff3c65414) at db.c:2778
        node = 0x6d61655420646552
        __FUNCTION__ = "linkdb_erase"
#1  0x00000000004d8d4d in npc_unload_ev_label (key=<value optimized out>,
    data=<value optimized out>, ap=0x7fffffffd700) at npc.c:1775
        label_linkdb = 0x7ffff3d648fc
        nd = <value optimized out>
#2  0x00000000005ecfaa in db_obj_vforeach (self=0x1d62a78,
    func=0x4d8d10 <npc_unload_ev_label>, args=0x7fffffffd760) at db.c:1937
        argscopy = {{gp_offset = 24, fp_offset = 48,
            overflow_arg_area = 0x7fffffffd840,
            reg_save_area = 0x7fffffffd780}}
        db = 0x1d62a78
        sum = 0
        node = 0x219b8e8
        parent = <value optimized out>
#3  0x00000000005ebfa1 in db_obj_foreach (self=<value optimized out>,
    func=<value optimized out>) at db.c:1983
        args = {{gp_offset = 16, fp_offset = 48,
            overflow_arg_area = 0x7fffffffd840,
            reg_save_area = 0x7fffffffd780}}
#4  0x00000000004d8bc3 in npc_unload (nd=0x7ffff3c65414, single=1 '\001')
    at npc.c:1835

        iter = <value optimized out>
        bl = <value optimized out>
        __FUNCTION__ = "npc_unload"
#5  0x00000000004d8c85 in npc_unloadfile (
    path=0x7fffffffdbe0 "npc/custom/sony_scripts/bg.txt") at npc.c:3874
        iter = 0x1e53900
        nd = 0x7ffff3c65414
        found = 1 '\001'
#6  0x0000000000589788 in atcommand_unloadnpcfile (fd=11,
    sd=<value optimized out>, command=<value optimized out>,
    message=<value optimized out>, info=<value optimized out>)
    at atcommand.c:8804
No locals.
#7  0x00000000005819f3 in is_atcommand (fd=11, sd=0x277c710,
    message=<value optimized out>, type=<value optimized out>)
    at atcommand.c:10099
        charname = "\360\335\377\377\377\177\000\000\t\000\000\000\377\177\000\000.\000\000\000\000\000\000"
        params = "npc/custom/sony_scripts/bg.txt", '\000' <repeats 69 times>
        charname2 = "\377\377\377\177\000\000\000\000\020\337H\000\000\000\000\000\263\266\f\220\000\000\000"
        params2 = "\235y\331\001\000\000\000\000\332\062@\002\000\000\000\000\063\000\000\000\000\000\000\000$#\200\307\071", '\000' <repeats 11 times>, "`\335\
377\377\377\177\000\000i\000\000\000\321\000\000\000\000\000\000\000\r\000\000\000\330\334\377\377\377\177\000\000\000\000\000\000\032", '\000' <repeats 22 times>
        command = "@unloadnpcfile", '\000' <repeats 85 times>
        output = "\360<H", '\000' <repeats 13 times>"\377, \377\377\177\000\000\000\000\267fD\000\000\000\000\000\260\364\300\307\071\000\000\000\060\333\377\377\377\177\000\000\000\000\000\000\060", '\000' <repeats 11 times>"\260, \364\300\307\071\000\000\000P\333\377\377\377\177\000\000\000\000\000\000\377\177\000\000\000\000\000\000\000\000\000\000 \000\000\000\060\000\000\000\060\335\377\377\377\177\000\000p\334\377\377\377\177\000\000\000\000\000\000\000\000\000\000 \000\000\000\060\000\000\000P\335\377\377\377\177\000\000\220\334\377\377\377\177\000\000\210\333\377\377\377\177\000\000\060\000\000\000\060\000\000\000\230\333\377\377\377\177\000\000\300\332\377\377\377\177\000\000@\333\377\377\377\177\000\000\v\000\000\000\000\000\000\000\201\326\377\377\377\177\000\000\b\000\000\000\000\000\000\000\214>H", '\000' <repeats 13 times>, "0\333\377\377\377\177\000\000\234y\331\001\000\000\000\000@\335\377\377\377\177\000"
        atcmd_msg = "@unloadnpcfile npc/custom/sony_scripts/bg.txt\000\000\000\204\256\360\364\377\177\000\000\245\027T\000\000\000\000\000\030\000\000\000\060\000\000\000\243w^\000\000\000\000\000\000\000\000\000E\000\000\000\274\361\277\367\377\177\000\000\v\000\000\000\000\000\000\000\350y^\000\000\000\000\000\274\361\277\367\377\177\000\000\243~^\000\000\000\000\000\377\377\377\177\000\000\000\000\267fD\000\000\000\000\000\270\332\377\377\377\177\000\000\020\332\377\377\377\177\000\000%\000\000\000\000\000\000\000\060\332\377\377\377\177\000\000\v\00
0\000\000\000\000\000\000\v\000\000\000\000\000\000\000\260,)\001\000\000\000\000\214>H\000\000\000\000\000@\334\377\377\377\177\000\000\300\333\377\377%\000\000\000x,)\001\000\000\000\000\360<H", '\000' <repeats 13 times>"\377, \377\377\177\000\000\000"
        ssd = <value optimized out>
        info = 0x7ffff7859b4c
        __FUNCTION__ = "is_atcommand"
#8  0x000000000048c3c7 in clif_parse_GlobalMessage (fd=11, sd=0x277c710)
    at clif.c:9861
        text = 0x7ffff3d24430 "ServerKid : @unloadnpcfile npc/custom/sony_scripts/bg.txt"
        textlen = 58
        name = 0x7ffff3d24430 "ServerKid : @unloadnpcfile npc/custom/sony_scripts/bg.txt"
        message = 0x7ffff3d2443c "@unloadnpcfile npc/custom/sony_scripts/bg.txt"
        fakename = 0x0
        namelen = 9
        messagelen = <value optimized out>
        is_fake = <value optimized out>
        __FUNCTION__ = "clif_parse_GlobalMessage"
#9  0x00000000004649ea in clif_parse (fd=11) at clif.c:17681
        parse_cmd_func = <value optimized out>
        cmd = <value optimized out>
        packet_len = 62
        sd = 0x277c710
        pnum = <value optimized out>
#10 0x00000000005e9756 in do_sockets (next=<value optimized out>)
    at socket.c:858
        rfd = {__fds_bits = {2048, 0 <repeats 15 times>}}
        timeout = {tv_sec = 0, tv_usec = 33450}
        ret = 0
        i = <value optimized out>
#11 0x00000000005e73f6 in main (argc=1, argv=<value optimized out>)
    at core.c:345
        next = <value optimized out>

As I suspected, 'node = 0x6d61655420646552' is an invalid pointer. Its content has been overwritten by the ASCII string 'Red Team' (52 65 64 20 54 65 61 6D).


Gotta figure out why it happens now.

do i need to post the script? it's a custom bg script i've made.

EDIT: was crashing also if unloading other files.. so it's not the script

Edited by serverkid, 17 August 2013 - 02:20 PM.

Hmm, I can't reproduce the crash locally. Is there anything specific I should do?

by using @unloadnpcfile, then loadnpc then unloadnpcfile again. it is also crashing when instances are expired.


UPDATE:

it seems that it is not crashing when there is only 1 npc in the file. however if there are multiple npc, like the attached file, it will crash when unloaded

Edited by serverkid, 21 August 2013 - 04:27 AM.

I still can't reproduce it >.<

I tried to load and unload several times the script you posted, and I didn't get any crash...


(the only changes I made in the script were renaming 'arlandria' to 'prontera', since I don't have that map in a clean Hercules, and moving the Red Team / Blue Team NPCs to the top of the script to avoid the [Debug]: NPCEvent 'Blue Team::OnStart' not found! (source: custom_bg#control) / [Debug]: NPCEvent 'Red Team::OnStart' not found! (source: custom_bg#control) messages.)


Could you try on a clean Hercules to see if you still get the crash on your system? I tested it on a 32 bit linux system only.

this is fixed, for some reason some files weren't updated even if it says already up to date in git.

cloned new repo, then merged my changes and it works now sorry for the report