[TF2][Bug] net_chan_limit_msec crashes and logs the wrong command

[bottiger1]

net_chan_limit_msec will occasionally cause a server crash (it doesn't happen every time).

It also seems to log the command right before the offending one. You can test this by making a busy loop command.

Program terminated with signal SIGSEGV, Segmentation fault.
#0  0xf5f90462 in CNetChan::Shutdown(char const*) [clone .part.121] () from tf/bin/engine_srv.so
[Current thread is 1 (Thread 0xf7b8fcc0 (LWP 85811))]
#0  0xf5f90462 in CNetChan::Shutdown(char const*) [clone .part.121] () from tf/bin/engine_srv.so
#1  0xf5ef9cd4 in CBaseClient::Disconnect(char const*, ...) () from tf/bin/engine_srv.so
#2  0xdb814f59 in CBaseClient__Disconnect(CBaseClient*, char const*, ...) () from tf/tf/addons/sourcemod_ze/extensions/skial.ext.so
#3  0xf5fc7aeb in CGameClient::Disconnect(char const*, ...) () from tf/bin/engine_srv.so
#4  0xf5f914a7 in CNetChan::ProcessMessages(bf_read&) () from tf/bin/engine_srv.so
#5  0xf5f92780 in CNetChan::ProcessPacket(netpacket_s*, bool) () from tf/bin/engine_srv.so
#6  0xf5f9a68b in NET_ProcessSocket(int, IConnectionlessPacketHandler*) () from tf/bin/engine_srv.so
#7  0xf5f0bfa6 in CBaseServer::RunFrame() () from tf/bin/engine_srv.so
#8  0xf5fd80c7 in SV_Frame(bool) () from tf/bin/engine_srv.so

[NULLYUKI]

Just a little question to clarify something. Are your following issues #5217 and #5218 also happening in Linux? Or where you testing them on Windows?

[sapphonie]

Can reproduce a similar crash:

Stack Trace
    Function
0   ntdll.dll!RtlReportFatalFailure + 0x16
1   ntdll.dll!RtlReportCriticalFailure + 0x84
2   ntdll.dll!RtlpReportHeapFailure + 0x2f
3   ntdll.dll!RtlpHpHeapHandleError + 0x89
4   ntdll.dll!RtlpLogHeapFailure + 0x43
5   ntdll.dll!RtlpFreeHeapInternal + 0xf0
6   ntdll.dll!RtlFreeHeap + 0x46
7   tier0.dll + 0x27c7d
8   tier0.dll + 0x7c59
9   engine.dll + 0x1999f2 <-- probably g_pMemAlloc->Free()
10  engine.dll + 0x451ea  <-- contains `??_7INetMessage@@6B@` - ?
11  engine.dll + 0x1a39a3 <-- unique string "shutdown netchan" - CNetChan::Shutdown() ?
12  engine.dll + 0x7e65e  <-- CBaseClient::Disconnect - unique string "Dropped %s from server (%s)\n" 
13  engine.dll + 0x11f979
14  engine.dll + 0x11f87f
15  engine.dll + 0x1a0a14
16  engine.dll + 0x19d6a4
17  engine.dll + 0x1a0e78
18  0x275a6bfc
19  engine.dll + 0x13b201
20  engine.dll + 0x12a6c4
21  engine.dll + 0x17eb37
22  engine.dll + 0x17dc0b
23  engine.dll + 0x17c25f
24  engine.dll + 0x18a84e
25  engine.dll + 0x189d50
26  engine.dll + 0x189e94
27  engine.dll + 0x1d4136
28  engine.dll + 0x1d0f3d
29  engine.dll + 0x1f245c
30  dedicated.dll + 0x7765
31  dedicated.dll + 0x2352c
32  dedicated.dll + 0x82d8
33  srcds.exe + 0x158e
34  srcds.exe + 0x17d1
35  kernel32.dll!BaseThreadInitThunk + 0x19
36  ntdll.dll!__RtlUserThreadStart + 0x2b
37  ntdll.dll!_RtlUserThreadStart + 0x1b

Seems to be either freeing something that's already freed, or something that isn't alloc'd? Not sure. Probably related to 100 players?

Console output:

2479    6571.817144     Messages from <ip addr 1>:38387 after processing time exceeded (9 bytes left), aborting connection after 227916 usec tick
2480    6571.850330     Dropped Lawlessbacon from server (Processing time exceeded)
2481    6573.231051     [StAC] Server framerate stuttered. Expected: ~66.6, got 6.
Disabling OnPlayerRunCmd checks for 5.00 seconds.
2482    6573.347924     ceo of weed: Mods, solve the Lagrangian of the Standard Model Quantic Formula of M(n) for �≥9{\!n\geq 9
2483    6574.851953     Msg from <ip addr 2>:8150: net_SetConVar after processing time exceeded (16 bytes), aborting connection after 504105 usec tick
2484    6575.178981     Dropped Baga Waga from server (Processing time exceeded)

crash