AlliedModders - [L4D2] Crash on CNavArea::Contains(Vector const&) const + 0x13

AlliedModders (https://forums.alliedmods.net/index.php)

- General (https://forums.alliedmods.net/forumdisplay.php?f=58)

- - [L4D2] Crash on CNavArea::Contains(Vector const&) const + 0x13 (https://forums.alliedmods.net/showthread.php?t=336509)

[L4D2] Crash on CNavArea::Contains(Vector const&) const + 0x13

There appears to be an issue with charger navigation pathing that leads to crashes on my servers (about 3-6 crashes per week). It's worth mentioning too that I don't have any plugins installed that would alter navmesh / SI pathing / charger (or any SI) behavior.

Relevant info

(all survival mode) :
https://crash.limetech.org/hhovm63ybiry
https://crash.limetech.org/ajmpffpb754n
https://crash.limetech.org/gzy2vtfnmnu5
https://crash.limetech.org/ui4jmkfz4cce
https://crash.limetech.org/3zm2hkep4adb
https://crash.limetech.org/k6zy3h3ajnil

Code:

0         server_srv.so!CNavArea::Contains(Vector const&) const + 0x13

1         server_srv.so!ChargerReturnToNavMesh::Update(Charger*, float) + 0x3b

2         server_srv.so!Action<Charger>::InvokeUpdate(Charger*, Behavior<Charger>*, float) + 0xed

3         server_srv.so!Action<Charger>::InvokeUpdate(Charger*, Behavior<Charger>*, float) + 0x12a

4         server_srv.so!Behavior<Charger>::Update(Charger*, float) + 0x55

5         server_srv.so!ChargerIntention::Update() + 0xd4

6         server_srv.so!INextBot::Update() + 0x84

7         server_srv.so!BossZombiePlayerBot::Update() + 0x41

8         server_srv.so!NextBotPlayer<CTerrorPlayer>::PhysicsSimulate() + 0x24b

9         server_srv.so!BossZombiePlayerBot::PhysicsSimulate() + 0x123

might help:

Quote:

ProdigySim —
might be a valve bug. It looks like the crash is a null pointer read inside CNavArea::Contains on the this pointer
https://i.imgur.com/q4gm2vM.png
Based on this information, it would be that the charger itself ends up off of a valid nav area, and then when it tries to check things about its current nav area it crashes

Plugins:

Spoiler

Code:

sm exts list

[SM] Displaying 18 extensions:

[01] Automatic Updater (1.10.0.6502): Updates SourceMod gamedata files

[02] Webternet (1.10.0.6502): Extension for interacting with URLs

[03] SourceTV Support (0.9.10): Restores broadcasting/recording SourceTV features in Left 4 Dead engine

[04] BinTools (1.10.0.6502): Low-level C/C++ Calling API

[05] SDK Tools (1.10.0.6502): Source SDK Tools

[06] Accelerator (2.5.0): SRCDS Crash Handler

[07] SteamWorks Extension (1.2.3): Exposes SteamWorks functions to Developers

[08] <OPTIONAL> file "smrcon.ext.so": /root/L4D2/left4dead2/addons/sourcemod/extensions/smrcon.ext.so: cannot open shared object file: No such file or directory

[09] Regex (1.10.0.6502): Provides regex natives for plugins

[10] SDK Hooks (1.10.0.6502): Source SDK Hooks

[11] Top Menus (1.10.0.6502): Creates sorted nested menus

[12] GeoIP (1.10.0.6502): Geographical IP information

[13] <OPTIONAL> file "geoipcity.ext.so": /root/L4D2/left4dead2/addons/sourcemod/extensions/geoipcity.ext.so: cannot open shared object file: No such file or directory

[14] MySQL-DBI (1.10.0.6502): MySQL driver implementation for DBI

[15] <OPTIONAL> file "steamtools.ext.so": /root/L4D2/left4dead2/addons/sourcemod/extensions/steamtools.ext.so: cannot open shared object file: No such file or directory

[16] Client Preferences (1.10.0.6502): Saves client preference settings

[17] SQLite (1.10.0.6502): SQLite Driver

[18] SourceTV Manager (1.2): Interface to interact with the SourceTV server.







sm plugins list

[SM] Listing 67 plugins:

  01 "Medkit Statistics" (1.1) by dustin

  02 "Special infected Posing" (2.0) by Gravity, dustin

  03 "SteamWorks Update Check" (1.0b) by Kyle Sanderson

  04 "SMAC Rcon Locker" (0.8.6.6) by SMAC Development Team (original), Mr. Silence (updated)

  05 "[NativeVotes] KickSpec" by Keith Warren (Sky Guardian)

  06 "Gas Configs" (2.0) by khan

  07 "Enforce minimum survival time" by dustin

  08 "SMAC AutoTrigger Detector" (0.8.6.6) by SMAC Development Team (original), Mr. Silence (updated)

  09 "L4D2 Laser Sights" (1.0) by khan

  10 "SMAC Client Protection" (0.8.7.3) by SMAC Development Team

  11 "Fun Votes" (1.10.0.6502) by AlliedModders LLC

  12 "Thirdpersonshoulder Block" (1.4) by Don

  13 "SMAC Anti-Speedhack" (0.8.6.6) by SMAC Development Team (original), Mr. Silence (updated)

  14 "SI Req Announcer" (1.0) by dustin

  15 "Cannounce patch" (1.0) by dustin

  16 "Admin Help" (1.10.0.6502) by AlliedModders LLC

  17 "SMAC Eye Angle Test" (0.8.6.6) by SMAC Development Team (original), Mr. Silence (updated)

  18 "Basic Comm Control" (1.10.0.6502) by AlliedModders LLC

  19 "Sound Commands" (1.10.0.6502) by AlliedModders LLC

  20 "Admin Menu" (1.10.0.6502) by AlliedModders LLC

  21 "Too Late To Ban" (1.0.0a) by Shenton

  22 "SourceBans++ Report Plugin" (1.6.3) by RumbleFrog, SourceBans++ Dev Team

  23 "Connect Announce" (1.8) by Arg!

  24 "Basic Votes" (1.10.0.6502) by AlliedModders LLC

  25 "Player Commands" (1.10.0.6502) by AlliedModders LLC

  26 "[ANY] Player Analytics" (1.3.1) by Dr. McKay

  27 "Client Preferences" (1.10.0.6502) by AlliedModders LLC

  28 "SlayBots" (1.0) by khan

  29 "SourceBans++: SourceComms" (1.6.3) by Alex, SourceBans++ Dev Team

  30 "Reserved Slots" (1.10.0.6502) by AlliedModders LLC

  31 "NativeVotes" (1.1.1) by Powerlord

  32 "Friendly Fire Report" (1.1) by Gravity

  33 "Basic Chat" (1.10.0.6502) by AlliedModders LLC

  34 "[L4D2] Weapon/Zombie Spawner" (1.0a) by Zuko & McFlurry

  35 "Basic Info Triggers" (1.10.0.6502) by AlliedModders LLC

  36 "SMAC Aimbot Detector" (0.8.6.6) by SMAC Development Team (original), Mr. Silence (updated)

  37 "SetName" (1.0) by khan

  38 "Who shot the gas??" (1.0) by khan

  39 "Auto Survival Setup Plugin" (1.1) by khan

  40 "l4d2_changelevel" (1.2.0) by Lux

  41 "SourceMod Anti-Cheat" (0.8.7.3) by SMAC Development Team

  42 "Welcome Message" (1.0) by dustin

  43 "SourceTV Survival Recorded" (1.2) by dustin

  44 "SourceBans++: Admin Config Loader" (1.6.3) by AlliedModders LLC, SourceBans++ Dev Team

  45 "Fix Item Properties" (1.0) by Gravity

  46 "L4D2 updater" (1.0) by dustin

  47 "Anti-Flood" (1.10.0.6502) by AlliedModders LLC

  48 "Idle blocker" (1.0) by dustin

  49 "Basic Commands" (1.10.0.6502) by AlliedModders LLC

  50 "Survival Auto Heal" (1.0) by khan

  51 "Survival Stats Tracker" (1.1) by khan

  52 "SourceBans++: Main Plugin" (1.6.3) by SourceBans Development Team, SourceBans++ Dev Team

  53 "SourceBans++: Bans Checker" (1.6.3) by psychonic, Ca$h Munny, SourceBans++ Dev Team

  54 "Fun Commands" (1.10.0.6502) by AlliedModders LLC

  55 "Admin File Reader" (1.10.0.6502) by AlliedModders LLC

  56 "slots" by unknown

  57 "SI spawner" (1.0) by khan

  58 "Log Actions to DB" (1.0) by dustin

  59 "Team Select" (1.0) by khan

  60 "Reset Server When Empty" (1.2.0) by dustin

  61 "SMAC L4D2 Exploit Fixes" (0.8.6.6) by SMAC Development Team (original), Mr. Silence (updated)

  62 "SourceBans++: SourceSleuth" (1.6.3) by ecca, SourceBans++ Dev Team

  63 "Block non-ingame commands" (1.0) by dustin, cravenge

  64 "sv_steamgroup fixer" (1.1.0) by asherkin

  65 "SurvivalTimeFixes" (1.0) by khan

  66 "Force spec" (1.0) by dustin

  67 "Random Map" (2.0) by khan, dustin

Edit

Was able to salvage the SourceTV demo file, surprisingly still playable when interrupted by a server crash.

I'm sure it was this charger causing the issue
https://youtu.be/_9MXRh8n5KA?t=25

https://f002.backblazeb2.com/file/Go...351-976.dem.gz

Though should note here that the crash happens often and happens on a variety of different maps.

If I edit this post again it'll be with more footage of different maps, in-case the nav-mesh needs editing / patching to fix the issue.

Edit #2

Alright, was a huge pain in the ass but ended up hunting down relevant demos via accelerator. All the footage is relevant to the crash report (i.e. stuck charger = crash)

After a charger gets stuck i keep it playing at 600% speed to see how long before it crashes. Average seems to be ~ 2 mins but sometimes it's less.

Uploaded these clips in-case it's possible for drem + kerry to officially update the game. Might have another hot-fix in the mean time.

Footage:

c1m2_streets - 5 clips
https://youtu.be/sdw042knHmw

c6m1_riverbank - 2 clips
https://youtu.be/pRLkgS0zgzw

c8m5_rooftop - 1 clip
https://youtu.be/9iLyK4WiPg0

c13m3_memorialbridge - 2 clips (2nd clip shows car area too)
https://youtu.be/PillHRhwGEc

c7m3_port - 2 clips
https://youtu.be/dYmwa20nNeA

c1m4_atrium - 5 clips
https://youtu.be/DW7T2_ytRLY

Re: [L4D2] Crash on CNavArea::Contains(Vector const&) const + 0x13

There was an error about failing to find the return address of original function

Code:

L 02/25/2022 - 17:54:40: SourceMod error session started

L 02/25/2022 - 17:54:40: Info (map "c1m4_atrium") (file "/root/L4D2/left4dead2/addons/sourcemod/logs/errors_20220225.log")

L 02/25/2022 - 17:54:40: [DHOOKS] FATAL: Failed to find return address of original function. Check the arguments and return type of your detour setup.

L 02/25/2022 - 17:54:53: SourceMod error session started

L 02/25/2022 - 17:54:53: Info (map "c1m4_atrium") (file "/root/L4D2/left4dead2/addons/sourcemod/logs/errors_20220225.log")

L 02/25/2022 - 17:54:53: [CRASH] Accelerator uploaded crash dump: Crash ID: OICP-SSR7-SMBA

Code:

0         0x0

1         server_srv.so!Action<Charger>::InvokeUpdate(Charger*, Behavior<Charger>*, float) + 0x12a

2         server_srv.so!Behavior<Charger>::Update(Charger*, float) + 0x55

3         server_srv.so!ChargerIntention::Update() + 0xd4

4         server_srv.so!INextBot::Update() + 0x84

5         server_srv.so!BossZombiePlayerBot::Update() + 0x41

6         server_srv.so!NextBotPlayer<CTerrorPlayer>::PhysicsSimulate() + 0x24b

7         server_srv.so!BossZombiePlayerBot::PhysicsSimulate() + 0x123

8         server_srv.so!Physics_SimulateEntity(CBaseEntity*) + 0x152

9         server_srv.so!Physics_RunThinkFunctions(bool) + 0x2d1

Re: [L4D2] Crash on CNavArea::Contains(Vector const&) const + 0x13

Quote:

Originally Posted by dustinandband (Post 2772440)

There was an error about failing to find the return address of original function

Code:

L 02/25/2022 - 17:54:40: SourceMod error session started

L 02/25/2022 - 17:54:40: Info (map "c1m4_atrium") (file "/root/L4D2/left4dead2/addons/sourcemod/logs/errors_20220225.log")

L 02/25/2022 - 17:54:40: [DHOOKS] FATAL: Failed to find return address of original function. Check the arguments and return type of your detour setup.

L 02/25/2022 - 17:54:53: SourceMod error session started

L 02/25/2022 - 17:54:53: Info (map "c1m4_atrium") (file "/root/L4D2/left4dead2/addons/sourcemod/logs/errors_20220225.log")

L 02/25/2022 - 17:54:53: [CRASH] Accelerator uploaded crash dump: Crash ID: OICP-SSR7-SMBA

Code:

0         0x0

1         server_srv.so!Action<Charger>::InvokeUpdate(Charger*, Behavior<Charger>*, float) + 0x12a

2         server_srv.so!Behavior<Charger>::Update(Charger*, float) + 0x55

3         server_srv.so!ChargerIntention::Update() + 0xd4

4         server_srv.so!INextBot::Update() + 0x84

5         server_srv.so!BossZombiePlayerBot::Update() + 0x41

6         server_srv.so!NextBotPlayer<CTerrorPlayer>::PhysicsSimulate() + 0x24b

7         server_srv.so!BossZombiePlayerBot::PhysicsSimulate() + 0x123

8         server_srv.so!Physics_SimulateEntity(CBaseEntity*) + 0x152

9         server_srv.so!Physics_RunThinkFunctions(bool) + 0x2d1

Odd.

Re: [L4D2] Crash on CNavArea::Contains(Vector const&) const + 0x13

Quote:

Originally Posted by cravenge (Post 2772447)

Odd.

You can't detour action event handlers especially on linux. Those functions return struct which on linux is highly optimized. That's why i created extension.

Re: [L4D2] Crash on CNavArea::Contains(Vector const&) const + 0x13

Quote:

Originally Posted by BHaType (Post 2772448)

You can't detour action event handlers especially on linux. Those functions return struct which on linux is highly optimized. That's why i created extension.

I'm still wrapping my head around your extension since it's a little bit confusing for me to be honest even with examples given.

Re: [L4D2] Crash on CNavArea::Contains(Vector const&) const + 0x13

Quote:

Originally Posted by cravenge (Post 2772462)

I'm still wrapping my head around your extension since it's a little bit confusing for me to be honest even with examples given.

Off-top

About crash mentioned in topic you can just block it and kill charger but it's not the best idea to block action since probably some plugin breaks something that causes this crash so crash will happen again with some other action.

PHP Code:


		
			
#include <actions>



public void OnActionCreated( BehaviorAction action, int actor, const char[] name )

{

    if ( strcmp(name, "ChargerReturnToNavMesh") == 0 )

        action.OnStart = OnStart;

}



public Action OnStart( BehaviorAction action, BehaviorAction priorAction, ActionResult result )

{

    ForcePlayerSuicide(action.Actor);

    result.type = DONE;

    return Plugin_Handled; // Plugin_Handled will block calling original function

}

Re: [L4D2] Crash on CNavArea::Contains(Vector const&) const + 0x13

CNavArea::IsOverlapping & CNavArea::Contains Fix (L4D2 Linux only).

Require MemoryEx Fork to compile.

Re: [L4D2] Crash on CNavArea::Contains(Vector const&) const + 0x13

@ Dragokas thanks appreciate that

Forgot to mention that I have the issue fixed on my servers, shqke wrote an extension that patches the issue. He didn't want to release it publicly since (his words: ) it's an ugly concept of a workaround.

If anyone else has the issue they can try out Dragokas's plugin. Might be useful to update this thread and confirm it works

Eventually will send this bug report to the TLS team for a proper fix from valve.

Re: [L4D2] Crash on CNavArea::Contains(Vector const&) const + 0x13

It is written long time ago and it works.
It's mid-function detour checking variable for zero.