Removing the world entity causes server crash

[GoogleCodeExporter]

Had this crash while playtesting. Item Removal was completely off so its

a) other mods (maybe the Extension?)
b) Tank Hack
c) Infected Despawners fault.

Downtown please look at the dump and enlighten me :)

Original issue reported on code.google.com by atomic_6...@yahoo.co.uk on 16 Jan 2010 at 12:21

Attachments:

• srcds_772381_crash_2010_1_15T22_10_45C0.mdmp

[GoogleCodeExporter]

No idea, crashes in server.dll somewhere, not in my extension or sourcemod.

1) Repro the issue consistenly
2) Unload plugins one at a time while having it still crash

Original comment by gorik.sm...@gmail.com on 16 Jan 2010 at 1:15

[GoogleCodeExporter]

3) Keep debug log on and post what it is around the crash.

Original comment by gorik.sm...@gmail.com on 16 Jan 2010 at 1:16

[GoogleCodeExporter]

Original comment by gorik.sm...@gmail.com on 16 Jan 2010 at 1:17

• Added labels: Type-Defect, OpSys-Windows
• Removed labels: Type-Task

[GoogleCodeExporter]

Crash repros consistently on Windows and Linux when you connect to the server. 
SRSMOD
logs indicate the following:

L 01/15/2010 - 21:54:43: [srs.main.smx]  IR_PlayerFirstSpawn
L 01/15/2010 - 21:54:43: [srs.main.smx] ---Removing "weapon_pain_pills_spawn"---
L 01/15/2010 - 21:54:43: [srs.main.smx] Removed 276 "weapon_pain_pills_spawn"
L 01/15/2010 - 21:54:43: [srs.main.smx] Removed 280 "weapon_pain_pills_spawn"
L 01/15/2010 - 21:54:43: [srs.main.smx] Saferoom Kit Distance: 1169.250854

This is missing either the "Removed ...." log or the "In saferoom, skipping" so
clearly the crash occurs in ReplaceMedkitWithPills.

Attaching gdb yields the following call stack after the crash

(gdb) bt
#0  0xb5108c5e in CItem::Spawn () from
/extra/hlds/left4dead2/left4dead2/bin/server_linux.so
#1  0xb539fa14 in CWeaponSpawn::Spawn ()
   from /extra/hlds/left4dead2/left4dead2/bin/server_linux.so
#2  0xb5653bf5 in DispatchSpawn () from
/extra/hlds/left4dead2/left4dead2/bin/server_linux.so

Looking at the disassembly for #0

sub     esp, 13Ch
mov     [esp+13Ch+var_8], edi
mov     edi, [esp+13Ch+arg_0]
mov     [esp+13Ch+var_10], ebx
mov     [esp+13Ch+var_C], esi
mov     [esp+13Ch+var_4], ebp
mov     [esp+13Ch+var_138], 1
mov     [esp+13Ch+var_13C], edi
call    _ZN11CBaseEntity33SetNetworkQuantizeOriginAngAnglesEb ;
CBaseEntity::SetNetworkQuantizeOriginAngAngles(bool)
mov     eax, ds:g_pGameRules
<---- we are here
mov     edx, [eax]

Dereferencing g_pGameRules yields us NULL.

(gdb) x/x 0xb5a2f868
0xb5a2f868 <g_pGameRules>:  0x00000000

-----------------
-----------------

Apparently someone decided to play a practical joke on us, as late as
PlayerFirstSpawn event (about 5 secs after OnMapStart) p_GameRules is not 
available.
Either that or it somehow became corrupted earlier.

Original comment by gorik.sm...@gmail.com on 16 Jan 2010 at 6:23

• Changed title: Crash in DispatchSpawn because p_GameRules is not available
• Changed state: Started
• Added labels: Priority-Critical, OpSys-All, Milestone-AW-B1, Module-ItemRemoval
• Removed labels: Priority-Medium, OpSys-Windows

[GoogleCodeExporter]

Problem is RemoveEdict(medkitID) in ReplaceMedkitWithPills

First time it gets called medkitID is always 0. Thus RemoveEdict(medkitID) 
removes
the world entity which in its own turn nulls out p_GameRules.

Fix is not delete world entity.

Original comment by gorik.sm...@gmail.com on 16 Jan 2010 at 8:09

• Changed title: Removing the world entity causes server crash

[GoogleCodeExporter]

Thanks to smirnov for debugging for 6 hours to find a silly typo I made.

fixed in f7e3deac8b

Original comment by Frust...@gmail.com on 16 Jan 2010 at 8:50

• Changed state: Fixed

[GoogleCodeExporter]

Verified as not crashing server anymore.

Original comment by gorik.sm...@gmail.com on 16 Jan 2010 at 10:55

• Changed state: Verified