I've been experiencing intermittent server crashes (both in listen server and dedicated) while the player is shooting. Note that it doesn't happen often, instead seemingly randomly, sometimes during the first couple of bullets shot since opening server, sometimes after 2-3 minutes of straight shooting (but only during shooting). Valgrind gave me this stack trace:
==57729== Invalid read of size 2
==57729== at 0x403E565: HL_CalculateBones (gl_hlmdl.c:782)
==57729== by 0x403FF4F: HL_SetupBones (gl_hlmdl.c:1127)
==57729== by 0x4040550: HLMDL_GetBoneData_Internal (gl_hlmdl.c:1220)
==57729== by 0x40405B1: HLMDL_GetBoneData (gl_hlmdl.c:1227)
==57729== by 0x40795AD: Mod_GetBoneRelations (com_mesh.c:5209)
==57729== by 0x437EDF8: PF_skel_build (pr_skelobj.c:2038)
==57729== by 0x43ABC42: PR_ExecuteCode16 (execloop.h:934)
==57729== by 0x43D1408: PR_ExecuteCode (pr_exec.c:1825)
==57729== by 0x43D1714: PR_ExecuteProgram (pr_exec.c:1927)
==57729== by 0x421B0F3: SV_RunFullQCMovement (pr_cmds.c:10526)
==57729== by 0x42739B7: SV_RunCmd (sv_user.c:7474)
==57729== by 0x42783AD: SV_ExecuteClientMessage (sv_user.c:8648)
==57729== Address 0xffffffff0aa99b5a is not stack'd, malloc'd or (recently) free'd
==57729==
The offending QC code (at least, the only SSQC code that calls skel_build) is below:
if (!ent.skeletonindex) return;
float midbone = skel_find_bone(ent.skeletonindex, "Bip01 L Thigh");
float retainfrac = 0.001;
float addfrac = 1 - retainfrac;
ent.frame = ent.anim_bottom.normal;
if (ent.moveflags & MF_CROUCHED) {
ent.frame = ent.anim_bottom.crouched;
}
ent.frame1time = ent.anim_bottom_time;
skel_build(ent.skeletonindex, ent, ent.modelindex, 0,0,0,1);
ent.frame = ent.anim_top.normal;
if (ent.moveflags & MF_CROUCHED) {
ent.frame = ent.anim_top.crouched;
}
ent.frame1time = ent.anim_top_time;
skel_build(ent.skeletonindex, ent, ent.modelindex, retainfrac, 0, midbone);
if (ent.flinchanim_time) {
ent.frame = 99;
ent.frame1time = 0;
skel_build(ent.skeletonindex, ent, ent.modelindex, 0.5, 0, midbone);
}
return;This code is called during the antilag rollback code, so that hitmodel tracelines can work correctly.
Interestingly, the client runs this same block, in other players predraw of course. But the client never crashes.
Eukara mentioned he had issues with hitmodel tracelines segfaulting as well, so maybe connected, I dont know.
The stack trace is from:
GIT Revision: git-6727-358437730 - 2026-01-27
Build config: config_fteqw.h
Build type: dedicated
debug
But I tested and same crashes happen on a bunch of the newer github releases as well, both listen server and dedi.
I've been experiencing intermittent server crashes (both in listen server and dedicated) while the player is shooting. Note that it doesn't happen often, instead seemingly randomly, sometimes during the first couple of bullets shot since opening server, sometimes after 2-3 minutes of straight shooting (but only during shooting). Valgrind gave me this stack trace:
The offending QC code (at least, the only SSQC code that calls skel_build) is below:
This code is called during the antilag rollback code, so that hitmodel tracelines can work correctly.
Interestingly, the client runs this same block, in other players predraw of course. But the client never crashes.
Eukara mentioned he had issues with hitmodel tracelines segfaulting as well, so maybe connected, I dont know.
The stack trace is from:
But I tested and same crashes happen on a bunch of the newer github releases as well, both listen server and dedi.