[crash] SpellAuraHolder

[Auntie Mangos]

Updated my previous post, added third and 4th method.

BUMP

[The_Game_Master]

Mangos Version: 10313

Custom Patches:

• * BG Score 80+ crash
  * SD2 Achievement support
  * Extra instance functions
  * SD2 gameobject summon support
  * Gameobject loot rules
  * Thaddius encounter spells
  * Freya encounter spells
  * A few ICC spells
  * Spell disabled system
  

None of the used patches may interfere with this crash dump or can be a lead cause.

SD2 Version: 1756

Database Name and Version : YTDB 558

GDB Backtraces:

• * http://pastebin.com/v5GkzhCm
  * http://pastebin.com/HC87nnNx
  * http://pastebin.com/MAzxj2DH (not related to SpellAuraHolder)
  

Revision: 10316

• * http://pastebin.com/2S6qCQRb
  

[The_Game_Master]

Bump!

Come on guys, i have this crashes for 3 weeks now. Even some workaround would help as a temp solution.

[cyberium]

Keep cool, or do it "master" ^^

[VladimirMangos]

• * http://pastebin.com/2S6qCQRb
  

Possible fixed in [10319].

For other impossible find any useful info by only crash daya without repeating steps.

[added]Thread will closed at any attempt add more unrelated by crash data crashes to discussed.

[The_Game_Master]

Thank you for the previsious crash fix. I managed to reproduce it, it was happening when 2 diffrent casters, casted the same buff on a 3rd targed.

OS: Slackware 13 x64

Mangos Version: 10319

Custom Patches:

• * No custom patches, all removed for more accurate data.
  

SD2 Version: 1758

Database Name and Version : YTDB 558

GDB Backtraces:

• * http://pastebin.com/hb01Hrj4
  * http://pastebin.com/kMcHS2QQ
  * http://pastebin.com/Fc4kR9cE
  * http://pastebin.com/weSQdyjF
  

There are 2 diffrent reasons for crashing. This is the second reason, more related then the 1st one.

• * http://pastebin.com/G22PLc3a
  * http://pastebin.com/jzjMEepP
  

[VladimirMangos]

I managed to reproduce it, it was happening when 2 diffrent casters, casted the same buff on a 3rd targed.

Lol, just guid how not need write bug reports... I am glad for you that you can repeat, but maybe write _what_ buf you cast....

In fact totally not important is this with all buf that _you_ tst or not happens. Please always write what specific spell you use for repeat.

[The_Game_Master]

I was refering to the previsious crash, that you fixed in 10319.

For this 2 crashes, here is the reproduction method.

• * http://pastebin.com/G22PLc3a
  * http://pastebin.com/jzjMEepP
  

How to reproduce:

1. Create a level 80 NE Druid.

2. Create a level 80 NE DK.

3. Cast .learn all_myclass (with the DK)

4. Cast .max skill (with the DK)

5. /duel and accept between the 2 characters

6. add any weapon on the DK and cast Plague Strike (do not use .cast, cast it as if you were playing)

7. Blood Plague and Desecration will proc

8. Shapeshift into Cat Form (Druid) when desecration has 1 sec before expire

9. Make sure blood plague will expire AFTER desecration.

Crashes 100% on x64. With x32 i tryed for hours and can't understand why it didn't crash. Preutty wird.

[unloading]

+1, confirmed

Actually its even easier to reproduce:

Method No1:

Get yourself a nice druid, and a death knight (with a weapon of course).

Make sure Death Knight has picked up Desecration (spec doesn't matter, can be blood/unholy or full unholy whatever. I'm playing unholy/frost)

1. Duel the druid, make sure he is not shapeshifted (must be in "human" form).

2. Start by casting Plague Strike.

3. Desecration and Blood Plague will proc.

4. Wait a few seconds.

5. Cast Plague Strike again.

Blood Plague is refreshed.

Desecration IS NOT refreshed on target, although new ground visual effect appears.

6. Wait for Desecration to expire and in that precise moment druid must shapeshift into Cat form

And there you go, instant crash. 100% of the time.

I tested same shapeshifting scenario with other movement impairing effects

(Chains of ice, Frost Shock, Frost trap, Earthbind totem,Judgement of Justice, glyph of Shadowflame, Slow, etc..) and I haven't been able to crash the server.

Method No2:

Get a rogue and Death knight.

Repeat steps 1-5.

6. Rogue must cast Cloak of Shadows and then Vanish at the exact moment Desecration is about to expire.

Bang, crash again.

Method No3:

Get a rogue and a frost mage.

Rogue must have Crippling poison applied to its weapon

Mage must have Permafrost talented.

Attack for example a training dummy, let rogue attack first and apply Crippling Poison to it.

Once you apply it, stop attacking and let the mage spam Blizzard. Just keep spamming.

Crash.

Tested without Improved Blizzard but i think crash effect should be in place with it as well, as it is also movement impairing effect.

_____________________________________________________________________________________________________________

Method No4 (this one is not related to movement impairing stuff)

Get a warlock, mage, priest, rogue and a hunter.

Summon your pets.

I will explain the example using warlock and hunter.

Have warlock cast only DoTs that do not do initial damage, like Corruption or Curse of agony on the hunter pet.

Recast if necessary until pet dies from those dots.

Server crash imminent.

Same method works if priest uses Shadow Word: Pain for example on any warlock pet.

Or if hunter does same thing with Serpent Sting.

Also same method if you have a rogue using Deadly poison weapon enhancement.

In conclusion:

Dots from priest, warlock, rogue(poison) on Mage pet, crash the server.

Dots from priest , hunter, rogue(poison) on Warlock pet, crash the server.

Dots from priest , warlock vs hunter pet, crash. (rogue poison didn't)

I am running 100% clean Mangos core, revision 10319. No SD2, database used is YTDB, release r557.

Crash confirmed both in 32 bit and 64 bit mode.

[ankso]

I also have another problem with desecration, sometimes you get with the movement impairing effect 4ever until you relog, may be related?

[Dron01]

Seems that persistent area aura related code is not working properly. _AddAura() and _RemoveAura() functions in Aura class are also redundant.

[The_Game_Master]

Bump?

I would really like to know how to fix this crashes.

[Mylifesuxito]

really good information, hope that with this devs can found a safe it solution

[n.emy89]

Bump !!!

Come on guys server uptime is really low with this bug present.

[shinra]

confirmed in latest rev

[Br3Ak3R]

I hope there will be a solution, because this is bug annoying

[lavinelu]

I was refering to the previsious crash, that you fixed in 10319.

For this 2 crashes, here is the reproduction method.

How to reproduce:

1. Create a level 80 NE Druid.

2. Create a level 80 NE DK.

3. Cast .learn all_myclass (with the DK)

4. Cast .max skill (with the DK)

5. /duel and accept between the 2 characters

6. add any weapon on the DK and cast Plague Strike (do not use .cast, cast it as if you were playing)

7. Blood Plague and Desecration will proc

8. Shapeshift into Cat Form (Druid) when desecration has 1 sec before expire

9. Make sure blood plague will expire AFTER desecration.

Crashes 100% on x64. With x32 i tryed for hours and can't understand why it didn't crash. Preutty wird.

here is the problem

            
for (Unit::AuraList::const_iterator iter = slowingAuras.begin(); iter != slowingAuras.end()
           {
               SpellEntry const* aurSpellInfo = (*iter)->GetSpellProto();

               uint32 aurMechMask = GetAllSpellMechanicMask(aurSpellInfo);

               // If spell that caused this aura has Croud Control or Daze effect
               if((aurMechMask & MECHANIC_NOT_REMOVED_BY_SHAPESHIFT) ||
                   // some Daze spells have these parameters instead of MECHANIC_DAZE (skip snare spells)
                   aurSpellInfo->SpellIconID == 15 && aurSpellInfo->Dispel == 0 &&
                   (aurMechMask & (1 << (MECHANIC_SNARE-1)))==0)
               {
                   ++iter;
                   continue;
               }

               // All OK, remove aura now
               target->RemoveAurasDueToSpellByCancel(aurSpellInfo->Id);
               iter = slowingAuras.begin();
           }

its an infinite loop because

target->RemoveAurasDueToSpellByCancel(aurSpellInfo->Id);

is not removing aura i think

[ankso]

May be as a temporal solution, we could make an exception for desecration? Something like this:

               // All OK, remove aura now
               if (aurSpellInfo->Id == 68766 || aurSpellInfo->Id == 55741) //Search for desecration
                   ++iter;
               else
               {
                   target->RemoveAurasDueToSpellByCancel(aurSpellInfo->Id);
                   iter = slowingAuras.begin();
               }

[Dron01]

slowingAuras is a constant adress list. Aura is deleted and iter returns to beginning of the slowingAuras. Of course, now this list contains an address of a deleted aura element, thus code is unable to retrieve a SpellInfo...

We need to refresh this list somehow before using it again.

That's what I think.

[Toinan67]

I think Dron01 is right.

Maybe

-    for (Unit::AuraList::const_iterator iter = slowingAuras.begin(); iter != slowingAuras.end()
+    for (Unit::AuraList::const_iterator iter = target->GetAurasByType(SPELL_AURA_MOD_DECREASE_SPEED).begin(); iter != target->GetAurasByType(SPELL_AURA_MOD_DECREASE_SPEED).end()

[Schmoozerd]

thanks guys, this really looks like a problem place!

perhaps it would be simplier to use after deletion

slowingAuras = target->GetAurasByType(SPELL_AURA_MOD_DECREASE_SPEED);

itr = slowingAuras.begin();

[Toinan67]

Problem is slowingAuras is a reference...cannot modify it

[zergtmn]

Problem is slowingAuras is a reference...cannot modify it

So it's not needed.

[Toinan67]

            
-    Unit::AuraList const& slowingAuras = target->GetAurasByType(SPELL_AURA_MOD_DECREASE_SPEED);
-    for (Unit::AuraList::const_iterator iter = slowingAuras.begin(); iter != slowingAuras.end()
+    for (Unit::AuraList::const_iterator iter = target->GetAurasByType(SPELL_AURA_MOD_DECREASE_SPEED).begin(); iter != target->GetAurasByType(SPELL_AURA_MOD_DECREASE_SPEED).end()
   {
       SpellEntry const* aurSpellInfo = (*iter)->GetSpellProto();

       uint32 aurMechMask = GetAllSpellMechanicMask(aurSpellInfo);

       // If spell that caused this aura has Croud Control or Daze effect
       if((aurMechMask & MECHANIC_NOT_REMOVED_BY_SHAPESHIFT) ||
       // some Daze spells have these parameters instead of MECHANIC_DAZE (skip snare spells)
       aurSpellInfo->SpellIconID == 15 && aurSpellInfo->Dispel == 0 &&
       (aurMechMask & (1 << (MECHANIC_SNARE-1)))==0)
       {
           ++iter;
           continue;
       }

       // All OK, remove aura now
       target->RemoveAurasDueToSpellByCancel(aurSpellInfo->Id);
-        iter = slowingAuras.begin();
+        iter = target->GetAurasByType(SPELL_AURA_MOD_DECREASE_SPEED).begin();             
   }

Maybe?

[lavinelu]

            
-    Unit::AuraList const& slowingAuras = target->GetAurasByType(SPELL_AURA_MOD_DECREASE_SPEED);
-    for (Unit::AuraList::const_iterator iter = slowingAuras.begin(); iter != slowingAuras.end()
+    for (Unit::AuraList::const_iterator iter = target->GetAurasByType(SPELL_AURA_MOD_DECREASE_SPEED).begin(); iter != target->GetAurasByType(SPELL_AURA_MOD_DECREASE_SPEED).end()
   {
       SpellEntry const* aurSpellInfo = (*iter)->GetSpellProto();

       uint32 aurMechMask = GetAllSpellMechanicMask(aurSpellInfo);

       // If spell that caused this aura has Croud Control or Daze effect
       if((aurMechMask & MECHANIC_NOT_REMOVED_BY_SHAPESHIFT) ||
       // some Daze spells have these parameters instead of MECHANIC_DAZE (skip snare spells)
       aurSpellInfo->SpellIconID == 15 && aurSpellInfo->Dispel == 0 &&
       (aurMechMask & (1 << (MECHANIC_SNARE-1)))==0)
       {
           ++iter;
           continue;
       }

       // All OK, remove aura now
       target->RemoveAurasDueToSpellByCancel(aurSpellInfo->Id);
-        iter = slowingAuras.begin();
+        iter = target->GetAurasByType(SPELL_AURA_MOD_DECREASE_SPEED).begin();             
   }

Maybe?

should be checked why this aura is not removed, this code is ok how it is right now.