Welcome to the Builder Academy

Question SYSERR: Write to socket: Connection reset by peer

More
20 Jan 2018 07:42 #7410 by Treblin
I have the same issue on my test port that is running stock 2018 release with the clan patch as the only addition. I let the mud run idlely and and noticed it had crashed from the same issue. I will try to get it up and running under gdb this weekend to see if i can reproduce it. Although its been running now nearly 3 days without it crashing so results may take time.

Please Log in or Create an account to join the conversation.

More
20 Jan 2018 08:23 #7411 by Treblin
Completely forgot I had it lying around, here is the gdb output.
Code:
Reading symbols from /lib/libcrypt.so.1...(no debugging symbols found)...done. Loaded symbols for /lib/libcrypt.so.1 Reading symbols from /lib/libc.so.6...(no debugging symbols found)...done. Loaded symbols for /lib/libc.so.6 Reading symbols from /lib/ld-linux.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/ld-linux.so.2 Core was generated by `bin/circle -q 6000'. Program terminated with signal 11, Segmentation fault. #0 0x003223d0 in _int_free () from /lib/libc.so.6 (gdb) bt #0 0x003223d0 in _int_free () from /lib/libc.so.6 #1 0x00326a89 in free () from /lib/libc.so.6 #2 0x0809d541 in close_socket (d=0x938cf70) at comm.c:2094 #3 0x0809f8f6 in game_loop (local_mother_desc=3) at comm.c:905 #4 0x080a0a77 in init_game (argc=Cannot access memory at address 0x1 ) at comm.c:532 #5 main (argc=Cannot access memory at address 0x1 ) at comm.c:352 (gdb) list 193 #endif 194 195 t->tv_sec = (int) (millisec / 1000); 196 t->tv_usec = (millisec % 1000) * 1000; 197 } 198 199 #endif /* CIRCLE_WINDOWS || CIRCLE_MACINTOSH */ 200 201 int main(int argc, char **argv) 202 { (gdb) info local No symbol table info available. (gdb) up #1 0x00326a89 in free () from /lib/libc.so.6 (gdb) list 203 int pos = 1; 204 const char *dir; 205 206 #ifdef MEMORY_DEBUG 207 zmalloc_init(); 208 #endif 209 210 #if CIRCLE_GNU_LIBC_MEMORY_TRACK 211 mtrace(); /* This must come before any use of malloc(). */ 212 #endif (gdb) info local No symbol table info available. (gdb) up #2 0x0809d541 in close_socket (d=0x938cf70) at comm.c:2094 2094 free(d->history[cnt]); (gdb) list 2089 /* Clear the command history. */ 2090 if (d->history) { 2091 int cnt; 2092 for (cnt = 0; cnt < HISTORY_SIZE; cnt++) 2093 if (d->history[cnt]) 2094 free(d->history[cnt]); 2095 free(d->history); 2096 } 2097 2098 if (d->showstr_head) (gdb) info local temp = <value optimized out> (gdb) up #3 0x0809f8f6 in game_loop (local_mother_desc=3) at comm.c:905 905 close_socket(d); (gdb) list 900 for (d = descriptor_list; d; d = next_d) { 901 next_d = d->next; 902 if (*(d->output) && FD_ISSET(d->descriptor, &output_set)) { 903 /* Output for this player is ready */ 904 if (process_output(d) < 0) 905 close_socket(d); 906 else 907 d->has_prompt = 1; 908 } 909 } (gdb) info local input_set = {__fds_bits = {16, 0 <repeats 31 times>}} output_set = {__fds_bits = {16, 0 <repeats 31 times>}} exc_set = {__fds_bits = {0 <repeats 32 times>}} null_set = {__fds_bits = {0 <repeats 32 times>}} last_time = {tv_sec = 1516187435, tv_usec = 770570} opt_time = {tv_sec = 0, tv_usec = 100000} process_time = {tv_sec = 0, tv_usec = 800} temp_time = {tv_sec = 0, tv_usec = 99200} before_sleep = {tv_sec = 1516187435, tv_usec = 671370} now = {tv_sec = 1516187435, tv_usec = 771302} timeout = {tv_sec = 0, tv_usec = 0} comm = "GET http://www.boxun.com/ HTTP/1.1\000 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)\000\000\334_+\000\370\242)\000\060j2\000\000\000\000\000\374\245)\000\230\242)\000\000\000\000\000\000\070\366\267\002\000+\000\021ii\r\000\000\000\000\000\000\000\000\061\350*\000\000\000\000\000h_+\000\006\000\000\000\f\000\000\000\370\301,\000\230b+\000\374\245)\000\230\242)\000\214&\366\267\330އ\277e\351*\000\b\000\000\000\210\000\000\000h\244)\000\360އ\277\030\352*\000\210\000\000\000\300_+\000\001\000\000\000 \337\207\277<\337\207\277\066\252*\000\000\000\000\000\b\000\000\000p"... d = <value optimized out> next_d = <value optimized out> missed_pulses = <value optimized out> maxdesc = <value optimized out> aliased = 0 (gdb) up #4 0x080a0a77 in init_game (argc=Cannot access memory at address 0x1 ) at comm.c:532 532 game_loop(mother_desc); (gdb) list 527 if (fCopyOver) /* reload players */ 528 copyover_recover(); 529 530 log("Entering game loop."); 531 532 game_loop(mother_desc); 533 534 Crash_save_all(); 535 536 log("Closing all sockets."); (gdb) info local No locals. (gdb) up #5 main (argc=Cannot access memory at address 0x1 ) at comm.c:352 352 init_game(port); (gdb) list 347 348 if (scheck) 349 boot_world(); 350 else { 351 log("Running game on port %d.", port); 352 init_game(port); 353 } 354 355 log("Clearing game world."); 356 destroy_db(); (gdb) info local pos = <value optimized out> dir = 0x8480078 "lib"

Please Log in or Create an account to join the conversation.

More
20 Jan 2018 21:38 #7412 by thomas
Ok, so this is memory issues again.

Either a free() on previously free'd memory or a free on a stray pointer. I'll have a look.

Please Log in or Create an account to join the conversation.

More
22 Jan 2018 23:06 #7425 by thomas
Ok, so I've tried replicating this on stock TBA. It just works, no issues, even with multiple simultaneous users timing out.

I've looked through the code, and it stands up to static analysis. So, do you have the exact same file in comm.c as this: github.com/tbamud/tbamud/blob/master/src/comm.c ?

Do you have code messing with d->history other places than in comm.c (you shouldn't)?

Please Log in or Create an account to join the conversation.

More
23 Jan 2018 04:17 #7426 by Treblin
a diff of this comm.c and mine come back identical. As stated at least when I received the error it was on a completely stock 2018.1 version with only the clans patch added. It has also happened only the one time.

Please Log in or Create an account to join the conversation.

More
23 Jan 2018 06:51 #7427 by thomas
Yeah, I was afraid of that.

It's actually most likely a buffer overrun somewhere else; as I said, the code stands up to static analysis.
That takes some more time to track down. Would you mind running these commands in gdb?
Code:
up up (you should be in frame #2 now) print *d print d->history[0] print d->history[1] print d->history[2] print d->history[3] print d->history[4] print d->output

Please Log in or Create an account to join the conversation.

Time to create page: 0.542 seconds