[Crash Latest Revision] Revision: * * 10199 26494a92dc689d3bec7d37c7792f6aa66e626fee

[shinra]

On Aura remove of a character on grid change the server crashes.

Revision: * * 10199 26494a92dc689d3bec7d37c7792f6aa66e626fee

Date 17:7:2010. Time 0:40

//=====================================================

*** Hardware ***

Processor: Quad-Core AMD Opteron Processor 1352

Number Of Processors: 4

Physical Memory: 4194303 KB (Available: 4194303 KB)

Commit Charge Limit: 4194303 KB

*** Operation System ***

Windows Vista or Windows Server 2008 Server 4.0 (Version 6.1, Build 7600)

//=====================================================

Exception code: C0000005 ACCESS_VIOLATION

Fault address: 006C8E57 01:002C7E57 E:\\CompiledServer\\mangosd.exe

Registers:

EAX:00000000

EBX:EAAF8100

ECX:80E6F580

EDX:FB1F7C30

ESI:00000000

EDI:E6F40001

CS:EIP:0023:006C8E57

SS:ESP:002B:087DDD3C EBP:087DDD40

DS:002B ES:002B FS:0053 GS:002B

Flags:00010292

Call stack:

Address Frame Function SourceFile

006C8E57 00000000 IsSingleTargetSpell+7

004AF84C 00000000 Unit::RemoveNotOwnSingleTargetAuras+AC

004B1597 00000000 Unit::RemoveFromWorld+17

004EB863 00000000 Map::Remove+33

004EC459 00000000 BattleGroundMap::Remove+59

00557668 00000000 Player::TeleportTo+6C8

005E3E3E 00000000 WorldSession::ExecuteOpcode+8E

005E85FB 00000000 WorldSession::Update+CB

004735B1 00000000 World::UpdateSessions+61

004750E4 00000000 World::Update+124

00446194 00000000 WorldRunnable::run+64

00454F04 00000000 ACE_Based::Thread::ThreadTask+34

73AD5B04 00000000 ACE_OS_Thread_Adapter::invoke+74

735CC6DE 00000000 _endthreadex+3A

735CC788 00000000 _endthreadex+E4

752A3677 00000000 BaseThreadInitThunk+12

77699D72 00000000 RtlInitializeExceptionChain+63

77699D45 00000000 RtlInitializeExceptionChain+36

========================

Local Variables And Parameters

Call stack:

Address Frame Function SourceFile

006C8E57 00000000 IsSingleTargetSpell+7

Local <user defined> 'spellInfo'

004AF84C 00000000 Unit::RemoveNotOwnSingleTargetAuras+AC

punting on symbol newPhase

Local <user defined> 'iter'

004B1597 00000000 Unit::RemoveFromWorld+17

004EB863 00000000 Map::Remove+33

Local <user defined> 'player'

punting on symbol remove

Local <user defined> 'cell'

Local <user defined> 'p'

Local <user defined> 'st'

004EC459 00000000 BattleGroundMap::Remove+59

Local <user defined> 'player'

punting on symbol remove

00557668 00000000 Player::TeleportTo+6C8

punting on symbol mapid

punting on symbol x

punting on symbol y

punting on symbol z

punting on symbol orientation

punting on symbol options

Local <user defined> 'pet'

Local <user defined> 'data'

Local <user defined> 'oldmap'

punting on symbol final_y

punting on symbol final_o

punting on symbol final_z

punting on symbol final_x

Local <user defined> 'data'

005E3E3E 00000000 WorldSession::ExecuteOpcode+8E

Local <user defined> 'opHandle'

Local <user defined> 'packet'

005E85FB 00000000 WorldSession::Update+CB

punting on symbol __formal

Local <user defined> 'packet'

004735B1 00000000 World::UpdateSessions+61

punting on symbol diff

Local <user defined> 'sess'

Local <user defined> 'next'

004750E4 00000000 World::Update+124

punting on symbol diff

punting on symbol maxClientsNum

00446194 00000000 WorldRunnable::run+64

punting on symbol prevSleepTime

00454F04 00000000 ACE_Based::Thread::ThreadTask+34

punting on symbol param

73AD5B04 00000000 ACE_OS_Thread_Adapter::invoke+74

punting on symbol status

735CC6DE 00000000 _endthreadex+3A

735CC788 00000000 _endthreadex+E4

752A3677 00000000 BaseThreadInitThunk+12

77699D72 00000000 RtlInitializeExceptionChain+63

77699D45 00000000 RtlInitializeExceptionChain+36

========================

Global Variables

[przemratajczak]

idk if you noticed that you run out of memory? can you somehow reproduce this crash, or was it preceded by freeze?

[shinra]

No way have I ran out of memory I have over 8GB Ram seems the instance of mangosed even tho ive compiled for 64bit still only says 4GB ram.

Also mangosd.exe was only using 384MB RAM

So thats not the reason for the crash, its to do with aura remove as it happened as soon as I won a battleground and left.

[przemratajczak]

Physical Memory: 4194303 KB (Available: 4194303 K

Commit Charge Limit: 4194303 KB

but there are some problems with auras in present core release so you may be right ;-)

[shinra]

Physical Memory: 4194303 KB (Available: 4194303 K

Where does that say my memorys all used?

[Odyssey]

Yeah, confirmed.

Still crashing when a bg ends.

I'm also having other random crashes related to auras too (don't know really if they happen also when bg ends) , always starting in Unit::GetAura or Unit::RemoveAura.

Two examples: http://pastebin.com/9ZTftm4r - http://pastebin.com/Mh1mkyNL

The first one is happening at every battleground end although I can't reproduce it alone in debug bg mode. The second one, who knows...

[zergtmn]

Crashfix:

diff --git a/src/game/Unit.cpp b/src/game/Unit.cpp
index b5c3c3d..ff5b49e 100644
--- a/src/game/Unit.cpp
+++ b/src/game/Unit.cpp
@@ -4492,7 +4492,7 @@ void Unit::RemoveNotOwnSingleTargetAuras(uint32 newPhase)
            if(!newPhase)
            {
                RemoveSpellAuraHolder(iter->second);
-                m_spellAuraHolders.begin();
+                iter = m_spellAuraHolders.begin();
            }
            else
            {
@@ -4500,7 +4500,7 @@ void Unit::RemoveNotOwnSingleTargetAuras(uint32 newPhase)
                if(!caster || !caster->InSamePhase(newPhase))
                {
                    RemoveSpellAuraHolder(iter->second);
-                    m_spellAuraHolders.begin();
+                    iter = m_spellAuraHolders.begin();
                }
                else
                    ++iter;

PM'ed Laise also.

[shinra]

Thankyou for the fix this saves my players some grief!

[xarly]

I have the same crash after ending a BG, does zergtmn's patch do something with that?

[shinra]

Compile the latest revision, zergtmn's patch has been added to the master branch.