• There is NO official Otland's Discord server and NO official Otland's server list. The Otland's Staff does not manage any Discord server or server list. Moderators or administrator of any Discord server or server lists have NO connection to the Otland's Staff. Do not get scammed!

TFS 0.X Some players crashes server while hunting

elnelson

Lunaria World Dev
Joined
Jun 20, 2009
Messages
535
Solutions
2
Reaction score
37
Location
México
Hello, i am using fir3element tfs 0.4.3777 i have encounter this error with a single player while he hunts, he start hunt for 5-20 minutes and then server crashes, i tried to create a crashlog but, to be honest i do not understand a single word this report says.

tried to use some gdb commands but i never could create that core.pid file instead of that i followed this guide from mikalo: Linux - Auto Restarter + Screenlog save + error + output list. (https://otland.net/threads/auto-restarter-screenlog-save-error-output-list.248231/)

and i finally could create a crashlog and i will present it to you:


C++:
---------------------------------------------------
Signal caught: SIGABRT in 12/10 - 08:06:39

Thread 3 (Thread 0x7ffff195a700 (LWP 2098)):
#0  [email protected]@GLIBC_2.3.2 () at ../sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:225
No locals.
#1  0x00000000005f2392 in Scheduler::schedulerThread(void*) ()
No symbol table info available.
#2  0x00007ffff659f5d5 in ?? () from /usr/lib/x86_64-linux-gnu/libboost_thread.so.1.58.0
No symbol table info available.
#3  0x00007ffff52826ba in start_thread (arg=0x7ffff195a700) at pthread_create.c:333
        __res = <optimized out>
        pd = 0x7ffff195a700
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140737246504704, -30478117129352220, 0, 140737257058111, 140737246505408, 0, 30499882956819428, 30489457772661732}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
        pagesize_m1 = <optimized out>
        sp = <optimized out>
        freesize = <optimized out>
        __PRETTY_FUNCTION__ = "start_thread"
#4  0x00007ffff4fb84dd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
No locals.

Thread 2 (Thread 0x7ffff236d700 (LWP 2095)):
#0  0x00007ffff4ee6438 in __GI_raise ([email protected]=6) at ../sysdeps/unix/sysv/linux/raise.c:54
        resultvar = 0
        pid = 2091
        selftid = 2095
#1  0x00007ffff4ee803a in __GI_abort () at abort.c:89
        save_stage = 2
        act = {__sigaction_handler = {sa_handler = 0x62696c2f7273752f, sa_sigaction = 0x62696c2f7273752f}, sa_mask = {__val = {3257288213055174703, 7955377262162766188, 7022638363885449077, 3471834903236128309, 7378645556390670382, 3472336217020261990, 3991990709698112816, 8223625903106975332, 3472328295963457581, 4195155967701168176, 3978421438307643696, 2314885530818453536, 2314885530818453536, 7795484802351636512, 3917909816998060649, 3276497845987585332}}, sa_flags = 796225127, sa_restorer = 0x52}
        sigs = {__val = {32, 0 <repeats 15 times>}}
#2  0x00007ffff4f287fa in __libc_message ([email protected]=2, [email protected]=0x7ffff504055f "*** %s ***: %s terminated\n") at ../sysdeps/posix/libc_fatal.c:175
        ap = <error reading variable ap (Attempt to dereference a generic pointer.)>
        fd = 20
        on_2 = <optimized out>
        list = <optimized out>
        nlist = <optimized out>
        cp = <optimized out>
        written = <optimized out>
#3  0x00007ffff4fca21c in __GI___fortify_fail (msg=<optimized out>, [email protected]=0x7ffff50404f0 "buffer overflow detected") at fortify_fail.c:37
        do_abort = 2
#4  0x00007ffff4fc8220 in __GI___chk_fail () at chk_fail.c:28
No locals.
#5  0x00007ffff4fc7789 in _IO_str_chk_overflow (fp=<optimized out>, c=<optimized out>) at vsprintf_chk.c:31
No locals.
#6  0x00007ffff4f2c6c0 in __GI__IO_default_xsputn (f=0x7ffff236bef0, data=<optimized out>, n=275) at genops.c:455
        s = 0x7fffdde3a27c "4,7430'"
        more = 8
        s = <optimized out>
        more = 275
#7  0x00007ffff4eff51b in _IO_vfprintf_internal ([email protected]=0x7ffff236bef0, format=<optimized out>, [email protected]=0x6555da "%u, %u, %s", [email protected]=0x7ffff236c028) at vfprintf.c:1632
        len = 275
        string_malloced = <optimized out>
        step0_jumps = {0, -4693, -4638, 73, 167, -4969, 1011, 437, -998, -752, 776, -7971, -7884, -7787, -7688, -7641, -4462, -4863, -1720, -2409, -1551, -30, -4147, -4051, -1688, -8907, -2093, -7690, -7787, 350}
        space = <optimized out>
        is_short = <optimized out>
        use_outdigits = <optimized out>
        step1_jumps = {0, 0, 0, 0, 0, 0, 0, 0, 0, -752, 776, -7971, -7884, -7787, -7688, -7641, -4462, -4863, -1720, -2409, -1551, -30, -4147, -4051, -1688, -8907, -2093, -7690, -7787, 0}
        group = <optimized out>
        prec = <optimized out>
        step2_jumps = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 776, -7971, -7884, -7787, -7688, -7641, -4462, -4863, -1720, -2409, -1551, -30, -4147, -4051, -1688, -8907, -2093, -7690, -7787, 0}
        string = <optimized out>
        left = <optimized out>
        is_long_double = <optimized out>
        width = <optimized out>
        step3a_jumps = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 863, 0, 0, 0, -7688, -7641, -4462, -4863, -1720, 0, 0, 0, 0, -4051, 0, 0, 0, 0, 0, 0}
        alt = <optimized out>
        showsign = <optimized out>
        is_long = <optimized out>
        is_char = <optimized out>
        pad = <optimized out>
        step3b_jumps = {0 <repeats 11 times>, -7884, 0, 0, -7688, -7641, -4462, -4863, -1720, -2409, -1551, -30, -4147, -4051, -1688, -8907, -2093, 0, 0, 0}
        step4_jumps = {0 <repeats 14 times>, -7688, -7641, -4462, -4863, -1720, -2409, -1551, -30, -4147, -4051, -1688, -8907, -2093, 0, 0, 0}
        is_negative = <optimized out>
        number = <optimized out>
        base = <optimized out>
        the_arg = {pa_wchar = 3 L'\003', pa_int = 3, pa_long_int = 3, pa_long_long_int = 3, pa_u_int = 3, pa_u_long_int = 3, pa_u_long_long_int = 3, pa_double = 1.4821969375237396e-323, pa_long_double = <invalid float value>, pa_string = 0x3 <error: Cannot access memory at address 0x3>, pa_wstring = 0x3 <error: Cannot access memory at address 0x3>, pa_pointer = 0x3, pa_user = 0x3}
        spec = <optimized out>
        _buffer = {__routine = 0x4540, __arg = 0x7fffec3c06d0, __canceltype = 33, __prev = 0x7ffff236baf0}
        _avail = <optimized out>
        thousands_sep = 0x0
        grouping = 0xffffffffffffffff <error: Cannot access memory at address 0xffffffffffffffff>
        done = <optimized out>
        f = 0x6555e3 "s"
        lead_str_end = 0x6555da "%u, %u, %s"
        end_of_spec = <optimized out>
        work_buffer = "\027\000\000\000\000\000\000\000\200\000<\354\377\177\000\000\000\000\000\000\000\000\000\000\060\273\066\362\377\177\000\000\000\000\000\000\060\000\000\000\017\\7\367\377\177\000\000!\000\000\000\000\000\000\000\001\002\000\000\000\000\000\000p\273\066\362\377\177\000\000\017\\7\367\377\177\000\000\060\000\000\000\000\000\000\000\200\273\066\362\377\177\000\000\221D\311\r\000\200\377\377o\273\066\362\377\177\000\000\b\000\000\000\000\000\000\000!\000\000\000\070\000\000\000\001", '\000' <repeats 15 times>, "\\\000\000\000n", '\000' <repeats 19 times>, "w\000\000\000|", '\000' <repeats 27 times>...
        workstart = <optimized out>
        workend = <optimized out>
        ap_save = <error reading variable ap_save (Attempt to dereference a generic pointer.)>
        nspecs_done = 2
        save_errno = 0
        readonly_format = 0
        __PRETTY_FUNCTION__ = "_IO_vfprintf_internal"
#8  0x00007ffff4fc7814 in ___vsprintf_chk (s=0x7ffff236c850 "119, 27000, '&1,12495;2,12400;3,12399;4,12437;5,5913;6,5880;7,5896;8,5897;9,10606;10,5902;11,2144;12,6126;13,6097;14,6098;15,11219;16,5904;17,2187;18,2434;19,7290;20,5911;21,2195;22,11199;23,2477;24,2"..., flags=1, slen=280, format=0x6555da "%u, %u, %s", [email protected]=0x7ffff236c028) at vsprintf_chk.c:82
        f = {_sbf = {_f = {_flags = -72515583, _IO_read_ptr = 0x7ffff236c850 "119, 27000, '&1,12495;2,12400;3,12399;4,12437;5,5913;6,5880;7,5896;8,5897;9,10606;10,5902;11,2144;12,6126;13,6097;14,6098;15,11219;16,5904;17,2187;18,2434;19,7290;20,5911;21,2195;22,11199;23,2477;24,2"..., _IO_read_end = 0x7ffff236c850 "119, 27000, '&1,12495;2,12400;3,12399;4,12437;5,5913;6,5880;7,5896;8,5897;9,10606;10,5902;11,2144;12,6126;13,6097;14,6098;15,11219;16,5904;17,2187;18,2434;19,7290;20,5911;21,2195;22,11199;23,2477;24,2"..., _IO_read_base = 0x7ffff236c850 "119, 27000, '&1,12495;2,12400;3,12399;4,12437;5,5913;6,5880;7,5896;8,5897;9,10606;10,5902;11,2144;12,6126;13,6097;14,6098;15,11219;16,5904;17,2187;18,2434;19,7290;20,5911;21,2195;22,11199;23,2477;24,2"..., _IO_write_base = 0x7ffff236c850 "119, 27000, '&1,12495;2,12400;3,12399;4,12437;5,5913;6,5880;7,5896;8,5897;9,10606;10,5902;11,2144;12,6126;13,6097;14,6098;15,11219;16,5904;17,2187;18,2434;19,7290;20,5911;21,2195;22,11199;23,2477;24,2"..., _IO_write_ptr = 0x7ffff236c967 "", _IO_write_end = 0x7ffff236c967 "", _IO_buf_base = 0x7ffff236c850 "119, 27000, '&1,12495;2,12400;3,12399;4,12437;5,5913;6,5880;7,5896;8,5897;9,10606;10,5902;11,2144;12,6126;13,6097;14,6098;15,11219;16,5904;17,2187;18,2434;19,7290;20,5911;21,2195;22,11199;23,2477;24,2"..., _IO_buf_end = 0x7ffff236c967 "", _IO_save_base = 0x0, _IO_backup_base = 0x0, _IO_save_end = 0x0, _markers = 0x0, _chain = 0x0, _fileno = -572284080, _flags2 = 4, _old_offset = 0, _cur_column = 0, _vtable_offset = 0 '\000', _shortbuf = "", _lock = 0x0, _offset = -140737257062351, _codecvt = 0x7ffff236bfcf, _wide_data = 0xffffffffffffffff, _freeres_list = 0x0, _freeres_buf = 0x0, __pad5 = 0, _mode = -1, _unused2 = "n", '\000' <repeats 18 times>}, vtable = 0x7ffff5274960 <_IO_str_chk_jumps>}, _s = {_allocate_buffer = 0x0, _free_buffer = 0x7fff00000001}}
        ret = <optimized out>
#9  0x00007ffff4fc776d in ___sprintf_chk (s=<optimized out>, flags=<optimized out>, slen=<optimized out>, format=<optimized out>) at sprintf_chk.c:31
        arg = <error reading variable arg (Attempt to dereference a generic pointer.)>
        done = 0
#10 0x00000000004f48ad in IOLoginData::savePlayer(Player*, bool, bool) ()
No symbol table info available.
#11 0x00000000004b7e9e in Game::saveGameState(bool) ()
No symbol table info available.
#12 0x000000000049d1aa in Dispatcher::dispatcherThread(void*) ()
No symbol table info available.
#13 0x00007ffff659f5d5 in ?? () from /usr/lib/x86_64-linux-gnu/libboost_thread.so.1.58.0
No symbol table info available.
#14 0x00007ffff52826ba in start_thread (arg=0x7ffff236d700) at pthread_create.c:333
        __res = <optimized out>
        pd = 0x7ffff236d700
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140737257068288, -30478117129352220, 0, 140737488346975, 140737257068992, 9386312, 30500717791087588, 30489457772661732}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
        pagesize_m1 = <optimized out>
        sp = <optimized out>
        freesize = <optimized out>
        __PRETTY_FUNCTION__ = "start_thread"
#15 0x00007ffff4fb84dd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
No locals.

Thread 1 (Thread 0x7ffff7fe0740 (LWP 2091)):
#0  0x00007ffff4fb8ad3 in epoll_wait () at ../sysdeps/unix/syscall-template.S:84
No locals.
#1  0x00000000005fb8aa in boost::asio::detail::epoll_reactor::run(bool, boost::asio::detail::op_queue<boost::asio::detail::task_io_service_operation>&) ()
No symbol table info available.
#2  0x00000000005f861d in ServiceManager::run() ()
No symbol table info available.
#3  0x00000000004260df in main ()
No symbol table info available.


i would really appreciate if someone could help me to identify the root of the crash.
 

fabian766

Veteran OT User
Joined
Apr 22, 2008
Messages
127
Solutions
21
Reaction score
331
Location
Poland
The server you're using are using sprintf for saving data with limited buffer of 280 characters(it is weird because most of implementations I've seen use grow-able streams).
Code:
"119, 27000, '&1,12495;2,12400;3,12399;4,12437;5,5913;6,5880;7,5896;8,5897;9,10606;10,5902;11,2144;12,6126;13,6097;14,6098;15,11219;16,5904;17,2187;18,2434;19,7290;20,5911;21,2195;22,11199;23,2477;24,2"...
Looking at it seems like you're using 27000 storage for some table? Because it exceeds 280 characters you're having data overflow that result in crash.
 
OP
elnelson

elnelson

Lunaria World Dev
Joined
Jun 20, 2009
Messages
535
Solutions
2
Reaction score
37
Location
México
The server you're using are using sprintf for saving data with limited buffer of 280 characters(it is weird because most of implementations I've seen use grow-able streams).
Code:
"119, 27000, '&1,12495;2,12400;3,12399;4,12437;5,5913;6,5880;7,5896;8,5897;9,10606;10,5902;11,2144;12,6126;13,6097;14,6098;15,11219;16,5904;17,2187;18,2434;19,7290;20,5911;21,2195;22,11199;23,2477;24,2"...
Looking at it seems like you're using 27000 storage for some table? Because it exceeds 280 characters you're having data overflow that result in crash.
thanks for your reply.

i will explain how this you said have great value information for this issue.


i have a factions system, you join a faction and everytime you kill a creature, you receive fraction of those exp as points, those points are being saved as storages values, and can reach high values like 100kk


thw crash only happen when player hunts as faction, is there a way to solve it?
Post automatically merged:

i checked database if there is any 27000 storage and yeah, there is, the issue with an autoloot script that send this weird values, i already disabled it, do i really need to delete all those values? or i can ignore them and just disable that script?


27000.png...
 
Last edited:
Top