Battlefield Vietnam server crash

Post Reply
SucceededKiller
Posts: 3
Joined: Tue Sep 01, 2015 5:10 pm

Battlefield Vietnam server crash

Post by SucceededKiller »

Hey,

so I'm currently having to deal with a BFV v1.21 server crash from an unhappy former player.

Whatever it does, it makes the process use up 100% CPU and crash as it runs out of resources.

2016-08-14 14:57:51 : Couldn't send message to console! Resource temporarily unavailable (11)

I've gathered what info I can, not sure if it helps but I'll provide it anyway in the hopes it is the right stuff:

Code: Select all

[New Thread 0xe763fb40 (LWP 12554)]
^C
Program received signal SIGINT, Interrupt.
0x089fdf14 in std::__default_alloc_template<true, 0>::_Lock::_Lock() ()
Missing separate debuginfos, use: debuginfo-install glibc-2.17-106.el7_2.6.i686 ncurses-libs-5.9-13.20130511.el7.i686
(gdb) [?5h                                                                                                                                                                                                                                                                                                                                                                                                                                          [?5lcontinue
(gdb) [Kl
No symbol table is loaded.  Use the "file" command.
(gdb) list
No symbol table is loaded.  Use the "file" command.
(gdb) backtrace
#0  0x089fdf14 in std::__default_alloc_template<true, 0>::_Lock::_Lock() ()
#1  0x089fde19 in std::__default_alloc_template<true, 0>::deallocate(void*, unsigned int) ()
#2  0x089fd87e in std::allocator<char>::deallocate(char*, unsigned int) ()
#3  0x08a040ff in std::string::_Rep::_M_destroy(std::allocator<char> const&) ()
#4  0x0874c8c4 in dice::bf::GameServer::createPlayer(std::string const&, int, int, int, dice::ref2::Vec3 const&, dice::ref2::Vec3 const&, bool) ()
#5  0x08752b9f in dice::bf::GameServer::handleGameEventManagerEvent(int, dice::bf::GameEvent*) ()
#6  0x0875573d in dice::bf::GameServer::processReceivedPackets() ()
#7  0x0874e42b in dice::bf::GameServer::update(int, float) ()
#8  0x086e7d1c in dice::bf::Setup::mainLoop() ()
#9  0x086e6f58 in dice::bf::Setup::start(std::string const&) ()
#10 0x0804ea14 in main ()
(gdb) backtrace full
#0  0x089fdf14 in std::__default_alloc_template<true, 0>::_Lock::_Lock() ()
No symbol table info available.
#1  0x089fde19 in std::__default_alloc_template<true, 0>::deallocate(void*, unsigned int) ()
No symbol table info available.
#2  0x089fd87e in std::allocator<char>::deallocate(char*, unsigned int) ()
No symbol table info available.
#3  0x08a040ff in std::string::_Rep::_M_destroy(std::allocator<char> const&) ()
No symbol table info available.
#4  0x0874c8c4 in dice::bf::GameServer::createPlayer(std::string const&, int, int, int, dice::ref2::Vec3 const&, dice::ref2::Vec3 const&, bool) ()
No symbol table info available.
#5  0x08752b9f in dice::bf::GameServer::handleGameEventManagerEvent(int, dice::bf::GameEvent*) ()
No symbol table info available.
#6  0x0875573d in dice::bf::GameServer::processReceivedPackets() ()
No symbol table info available.
#7  0x0874e42b in dice::bf::GameServer::update(int, float) ()
No symbol table info available.
#8  0x086e7d1c in dice::bf::Setup::mainLoop() ()
No symbol table info available.
#9  0x086e6f58 in dice::bf::Setup::start(std::string const&) ()
No symbol table info available.
---Type <return> to continue, or q <return> to quit---
#10 0x0804ea14 in main ()
No symbol table info available.
(gdb) info registers
eax            0x0[6C0
ecx            0x1[6C1
edx            0x8[6C8
ebx            0xc7841c8[8C209207752
esp            0xfb52aca0[7C0xfb52aca0
ebp            0xfb52aca8[7C0xfb52aca8
esi            0x5[6C5
edi            0x0[6C0
eip            0x89fdf14[8C0x89fdf14 <std::__default_alloc_template<true, 0>::_Lock::_Lock()+18>
eflags         0x286[4C[ PF SF IF ]
cs             0x23[5C35
ss             0x2b[5C43
ds             0x2b[5C43
es             0x2b[5C43
fs             0x0[6C0
gs             0x63[5C99
(gdb) x/16i $pc
=> 0x89fdf14 <_ZNSt24__default_alloc_templateILb1ELi0EE5_LockC1Ev+18>:  leave  
   0x89fdf15 <_ZNSt24__default_alloc_templateILb1ELi0EE5_LockC1Ev+19>:  ret    
   0x89fdf16 <_ZNSt24__default_alloc_templateILb1ELi0EE5_LockD2Ev>:[5C
    push   %ebp
   0x89fdf17 <_ZNSt24__default_alloc_templateILb1ELi0EE5_LockD2Ev+1>:   
    mov    %esp,%ebp
   0x89fdf19 <_ZNSt24__default_alloc_templateILb1ELi0EE5_LockD2Ev+3>:   
    sub    $0x8,%esp
   0x89fdf1c <_ZNSt24__default_alloc_templateILb1ELi0EE5_LockD2Ev+6>:   
    movl   $0x8b43910,(%esp)
   0x89fdf23 <_ZNSt24__default_alloc_templateILb1ELi0EE5_LockD2Ev+13>:  
    call   0x89fdf52 <_ZNSt15_STL_mutex_lock15_M_release_lockEv>
   0x89fdf28 <_ZNSt24__default_alloc_templateILb1ELi0EE5_LockD2Ev+18>:  leave  
   0x89fdf29 <_ZNSt24__default_alloc_templateILb1ELi0EE5_LockD2Ev+19>:  ret    
   0x89fdf2a <_ZNSt24__default_alloc_templateILb1ELi0EE5_LockD1Ev>:[5C
    push   %ebp
   0x89fdf2b <_ZNSt24__default_alloc_templateILb1ELi0EE5_LockD1Ev+1>:   
    mov    %esp,%ebp
   0x89fdf2d <_ZNSt24__default_alloc_templateILb1ELi0EE5_LockD1Ev+3>:   
    sub    $0x8,%esp
   0x89fdf30 <_ZNSt24__default_alloc_templateILb1ELi0EE5_LockD1Ev+6>:   
    movl   $0x8b43910,(%esp)
   0x89fdf37 <_ZNSt24__default_alloc_templateILb1ELi0EE5_LockD1Ev+13>:  
---Type <return> to continue, or q <return> to quit---
    call   0x89fdf52 <_ZNSt15_STL_mutex_lock15_M_release_lockEv>
   0x89fdf3c <_ZNSt24__default_alloc_templateILb1ELi0EE5_LockD1Ev+18>:  leave  
   0x89fdf3d <_ZNSt24__default_alloc_templateILb1ELi0EE5_LockD1Ev+19>:  ret    
(gdb) 
(gdb) thread apply all backtrace

Thread 41 (Thread 0xe763fb40 (LWP 12554)):
#0  0xe9ae6430 in ?? ()
#1  0x081b38d0 in dice::ref2::io::NetServerThread::run() ()
#2  0x080a3691 in dice::ref2::(anonymous namespace)::pthreads_thread_trampoline(void*) ()
#3  0xe9a60b2c in start_thread () from /lib/libpthread.so.0
#4  0xe998e77e in clone () from /lib/libc.so.6

Thread 1 (Thread 0xe3f6e900 (LWP 16372)):
#0  0x089fdf14 in std::__default_alloc_template<true, 0>::_Lock::_Lock() ()
#1  0x089fde19 in std::__default_alloc_template<true, 0>::deallocate(void*, unsigned int) ()
#2  0x089fd87e in std::allocator<char>::deallocate(char*, unsigned int) ()
#3  0x08a040ff in std::string::_Rep::_M_destroy(std::allocator<char> const&) ()
#4  0x0874c8c4 in dice::bf::GameServer::createPlayer(std::string const&, int, int, int, dice::ref2::Vec3 const&, dice::ref2::Vec3 const&, bool) ()
#5  0x08752b9f in dice::bf::GameServer::handleGameEventManagerEvent(int, dice::bf::GameEvent*) ()
#6  0x0875573d in dice::bf::GameServer::processReceivedPackets() ()
#7  0x0874e42b in dice::bf::GameServer::update(int, float) ()
#8  0x086e7d1c in dice::bf::Setup::mainLoop() ()
#9  0x086e6f58 in dice::bf::Setup::start(std::string const&) ()
---Type <return> to continue, or q <return> to quit---
#10 0x0804ea14 in main ()
(gdb) step
Single stepping until exit from function _ZNSt24__default_alloc_templateILb1ELi0EE5_LockC1Ev,
which has no line number information.
0x089fde19 in std::__default_alloc_template<true, 0>::deallocate(void*, unsigned int) ()
(gdb) c
Continuing.
^C
Program received signal SIGINT, Interrupt.
0xe98daeb4 in vfprintf () from /lib/libc.so.6
(gdb) step
Single stepping until exit from function vfprintf,
which has no line number information.
0xe98fd682 in vsprintf () from /lib/libc.so.6
(gdb) c
Continuing.
^C
Program received signal SIGINT, Interrupt.
0xe9908999 in __GI__IO_default_xsputn () from /lib/libc.so.6
(gdb) step
Single stepping until exit from function __GI__IO_default_xsputn,
which has no line number information.
0xe98daf1c in vfprintf () from /lib/libc.so.6
(gdb) c
Continuing.
^C
Program received signal SIGINT, Interrupt.
0x08a04fb6 in char* std::string::_S_construct<char const*>(char const*, char const*, std::allocator<char> const&, std::forward_iterator_tag) ()
(gdb) step
Single stepping until exit from function _ZNSs12_S_constructIPKcEEPcT_S3_RKSaIcESt20forward_iterator_tag,
which has no line number information.
0x08a0529c in char* std::string::_S_construct_aux<char const*>(char const*, char const*, std::allocator<char> const&, __false_type) ()
(gdb) c
Continuing.
^C
Program received signal SIGINT, Interrupt.
0x08a042a1 in std::string::_Rep::_M_clone(std::allocator<char> const&, unsigned int) ()
(gdb) step
Single stepping until exit from function _ZNSs4_Rep8_M_cloneERKSaIcEj,
which has no line number information.
0x08a015fc in std::string::reserve(unsigned int) ()
(gdb) c
Continuing.
^C
Program received signal SIGINT, Interrupt.
0xe99e01d8 in __memcpy_ssse3_rep () from /lib/libc.so.6
(gdb) step
Single stepping until exit from function __memcpy_ssse3_rep,
which has no line number information.
0x089f100f in std::char_traits<char>::copy(char*, char const*, unsigned int) ()
(gdb) c
Continuing.
^C
Program received signal SIGINT, Interrupt.
0x089fddf7 in std::__default_alloc_template<true, 0>::deallocate(void*, unsigned int) ()
(gdb) step
Single stepping until exit from function _ZNSt24__default_alloc_templateILb1ELi0EE10deallocateEPvj,
which has no line number information.
0x089fd87e in std::allocator<char>::deallocate(char*, unsigned int) ()
(gdb) c
Continuing.
^C
Program received signal SIGINT, Interrupt.
0x089fd873 in std::allocator<char>::deallocate(char*, unsigned int) ()
(gdb) step
Single stepping until exit from function _ZNSaIcE10deallocateEPcj,
which has no line number information.
0x08a040ff in std::string::_Rep::_M_destroy(std::allocator<char> const&) ()
(gdb) c^CQuit
(gdb) [?5h                                                                                                                                                                                                                                                                                                                                                                                                                                          [?5l[?5h                                                                                                                                                                                                                                                                                                                                                                                                                                          [?5lc
Continuing.
^C
Program received signal SIGINT, Interrupt.
0x08a04fbc in __gnu_cxx::__normal_iterator<char*, std::string>::base() const ()
(gdb) step
Single stepping until exit from function _ZNK9__gnu_cxx17__normal_iteratorIPcSsE4baseEv,
which has no line number information.
0x08a005e6 in std::string::_S_copy_chars(char*, __gnu_cxx::__normal_iterator<char*, std::string>, __gnu_cxx::__normal_iterator<char*, std::string>) ()
(gdb) c
Continuing.
^C
Program received signal SIGINT, Interrupt.
0xe9a638d8 in pthread_mutex_unlock () from /lib/libpthread.so.0
(gdb) step
Single stepping until exit from function pthread_mutex_unlock,
which has no line number information.
0x089fdfe2 in __gthread_mutex_unlock(pthread_mutex_t*) ()
(gdb) c
Continuing.
^C
Program received signal SIGINT, Interrupt.
0x089fdf15 in std::__default_alloc_template<true, 0>::_Lock::_Lock() ()
(gdb) step
Single stepping until exit from function _ZNSt24__default_alloc_templateILb1ELi0EE5_LockC1Ev,
which has no line number information.
0x089fde19 in std::__default_alloc_template<true, 0>::deallocate(void*, unsigned int) ()
(gdb) c
Continuing.
^C
Program received signal SIGINT, Interrupt.
0x08a053c4 in __atomic_add ()
(gdb) step
Single stepping until exit from function _Z12__atomic_addPVii,
which has no line number information.
0x08a0416c in std::string::_Rep::_M_refcopy() ()
(gdb) c
Continuing.
^C
Program received signal SIGINT, Interrupt.
0xe98d9e03 in _itoa_word () from /lib/libc.so.6
(gdb) 
Continuing.
s ^C
Program received signal SIGINT, Interrupt.
0x08a0154d in std::string::reserve(unsigned int) ()
(gdb) step
Single stepping until exit from function _ZNSs7reserveEj,
which has no line number information.
0x08a01803 in std::string::append(std::string const&) ()

Code: Select all

Program received signal SIGINT, Interrupt.
0x089fd812 in std::allocator<char>::~allocator() ()
Missing separate debuginfos, use: debuginfo-install glibc-2.17-106.el7_2.6.i686 ncurses-libs-5.9-13.20130511.el7.i686
(gdb) backtrace full
#0  0x089fd812 in std::allocator<char>::~allocator() ()
No symbol table info available.
#1  0x08a01659 in std::string::reserve(unsigned int) ()
No symbol table info available.
#2  0x08a01803 in std::string::append(std::string const&) ()
No symbol table info available.
#3  0x08054afd in std::basic_string<char, std::char_traits<char>, std::allocator<char> > std::operator+<char, std::char_traits<char>, std::allocator<char> >(std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) ()
No symbol table info available.
#4  0x0874c83c in dice::bf::GameServer::createPlayer(std::string const&, int, int, int, dice::ref2::Vec3 const&, dice::ref2::Vec3 const&, bool) ()
No symbol table info available.
#5  0x08752b9f in dice::bf::GameServer::handleGameEventManagerEvent(int, dice::bf::GameEvent*) ()
No symbol table info available.
#6  0x0875573d in dice::bf::GameServer::processReceivedPackets() ()
No symbol table info available.
#7  0x0874e42b in dice::bf::GameServer::update(int, float) ()
No symbol table info available.
#8  0x086e7d1c in dice::bf::Setup::mainLoop() ()
No symbol table info available.
---Type <return> to continue, or q <return> to quit---
#9  0x086e6f58 in dice::bf::Setup::start(std::string const&) ()
No symbol table info available.
#10 0x0804ea14 in main ()
No symbol table info available.
tcpdump filtered with wireshark:
https://drive.google.com/file/d/0B8kuND ... sp=sharing
His IP is: 188.255.88.81
Our server is 158.69.118.94:15800

Let me know if I've gone wrong somewhere, first time using GDB...

Thanks for any help in advance and let me know if you need anything further.

Regards,
SucceededKiller
freddy
Posts: 1267
Joined: Sun Oct 18, 2009 4:58 pm

Re: Battlefield Vietnam server crash

Post by freddy »

Hi, this sounds exactly like the old "server crash exploit" that was running rampant on bf42 servers a while ago. Im no expert in reading those logs,

edit: i saw now there was just client files for download, im sure i´ve seen something about patched serverfiles in a thread here

edit2: yeah dead download links, ill see if i can find those files somewhere
SucceededKiller
Posts: 3
Joined: Tue Sep 01, 2015 5:10 pm

Re: Battlefield Vietnam server crash

Post by SucceededKiller »

Hey,

Thank you. :)

I run 2 servers, a rented main one which, according to our host and previous experience, includes all the community made patches. (He's attacked before, we used their patched binaries and the attacks stopped. He made some comment about how we finally stopped him...) I also have root access to a dedicated one, which is where I grabbed this debug and tcpdump from. Unfortunately, I can't make head nor tails of the hex editing to patch it myself.

If you can find them so I can try those, I'd appreciate it. (Our host wont let me download the patched binaries they provide...but considering it affects that server too, and assuming they are accurate in their statement, this would be a new issue.)

But if not, I am currently talking to Tuia, so with any luck it will be able to be resolved even if you can't find the files. :)

Thanks for any help you can give though! It would be nice to be able to play this game again without the firewall whitelist to prevent him establishing connections....

Regards,
SucceededKiller
freddy
Posts: 1267
Joined: Sun Oct 18, 2009 4:58 pm

Re: Battlefield Vietnam server crash

Post by freddy »

Hi, sorry for late answer, i did search all my disks for those files but with no luck. If you have contact with tuia i think you will be ok as soon he has some time over.

Good luck!
amd
Posts: 6
Joined: Sun Nov 06, 2016 12:12 am

Re: Battlefield Vietnam server crash

Post by amd »

I added 2 of tuia's fixes to moddb as well, if anyone find it useful: http://www.moddb.com/games/battlefield- ... ty-patched
Post Reply