#78170: Attack from transport crash Open Date: 2024-05-10 14:44 Last Update: 2024-05-11 16:27 URL for this Ticket: https://osdn.net//projects/freeciv/ticket/78170 RSS feed for this Ticket: https://osdn.net/ticket/ticket_rss.php?group_id=12505&tid=78170 --------------------------------------------------------------------- Last Changes/Comment on this Ticket: 2024-05-11 16:27 Updated by: bard Comment: Reply To cazfi I can't reproduce (with the head of S3_1), nor does valgrind reveal anything like accessing the Musketeer memory after it has died. Seems that the only way forward would be that you provide full backtrace of the crash yourself. https://www.freeciv.org/wiki/Bug_Reporting The head of S3_1 (v3.1.1+ from today) still crashes to me. Gdb backtrace: #0 tile_to_canvas_pos (canvas_x=canvas_x at entry=0x7fffffffcda8, canvas_y=canvas_y at entry=0x7fffffffcdac, zoom=<optimized out>, ptile=ptile at entry=0xed407f99fe4eb523) at mapview_common.c:708 center_map_x = 14 center_map_y = 24 dx = 17 dy = 0 tile_x = <optimized out> tile_y = <optimized out> __FUNCTION__ = "tile_to_canvas_pos" #1 0x00005555555f1fde in tile_visible_and_not_on_border_mapcanvas (ptile=0xed407f99fe4eb523) at mapview_common.c:1281 canvas_x = 0 canvas_y = 0 xmin = -2276 ymin = 531 xmax = 2228 ymax = 2325 xsize = 1096 ysize = 667 scroll_x = -980 scroll_y = 602 border_x = 48 border_y = 24 same = false #2 0x00005555555d0c18 in unit_focus_advance () at control.c:725 focus_tile = 0x0 candidate = 0x55555cb08050 num_units_in_old_focus = 0 __FUNCTION__ = "unit_focus_advance" #3 0x00005555555cb10a in client_remove_unit (punit=0x0, punit at entry=0x55555cb08050) at climisc.c:100 pcity = <optimized out> ptile = 0x55555bfa0240 hc = 0 old_unit = {utype = 0x555556273e30 <unit_types+24048>, tile = 0x55555bfa0240, refcount = 1, facing = DIR8_NORTHWEST, owner = 0x555556c162f0, nationality = 0x555556c162f0, id = 126, homecity = 0, upkeep = {1, 0, 0, 1, 0, 0}, moves_left = 6, hp = 20, veteran = 0, fuel = 0, goto_tile = 0x0, activity = ACTIVITY_IDLE, activity_count = 0, activity_target = 0x0, changed_from = ACTIVITY_IDLE, changed_from_count = 0, changed_from_target = 0x0, ssa_controller = SSA_NONE, moved = false, paradropped = false, done_moving = false, transporter = 0x0, transporting = 0x555559f60f70, carrying = 0x0, battlegroup = -1, has_orders = false, orders = {length = 0, index = 0, repeat = false, vigilant = false, list = 0x0}, action_decision_want = ACT_DEC_ACTIVE, action_decision_tile = 0x55555bf9e2c0, stay = false, {client = {focus_status = FOCUS--Type <RET> for more, q to quit, c to continue without paging-- _AVAIL, transported_by = -1, occupied = false, colored = false, color_index = 0, asking_city_name = false, act_prob_cache = 0x0}, server = {debug = false, adv = 0x0, ais = {0x0, 0x0}, birth_turn = 0, ord_map = 0, ord_city = 0, vision = 0x0, action_timestamp = 0, action_turn = 0, moving = 0x0, dying = false, removal_callback = 0x0, upkeep_paid = {0, 0, 0, 0, 0, 0}}}} old = 1 update = true __FUNCTION__ = "client_remove_unit" #4 0x00005555555fe052 in handle_unit_remove (unit_id16=<optimized out>, unit_id32=<optimized out>) at packhand.c:560 punit = 0x55555cb08050 cargos = <optimized out> powner = 0x555556c162f0 need_economy_report_update = true __FUNCTION__ = "handle_unit_remove" #5 0x000055555560c2a1 in client_handle_packet (type=type at entry=PACKET_UNIT_REMOVE, packet=packet at entry=0x555557f4ccf0) at packhand_gen.c:207 #6 0x00005555555c719a in client_packet_input (packet=packet at entry=0x555557f4ccf0, type=62) at client_main.c:792 __FUNCTION__ = "client_packet_input" #7 0x00005555555ceec4 in input_from_server (fd=<optimized out>) at clinet.c:420 type = PACKET_UNIT_REMOVE packet = 0x555557f4ccf0 nb = <optimized out> __FUNCTION__ = "input_from_server" #8 0x00005555555c2494 in get_net_input (source=<optimized out>, condition=<optimized out>, data=<optimized out>) at gui_main.c:2222 #9 0x00007ffff6c6ac44 in g_main_context_dispatch () at /lib/x86_64-linux-gnu/libglib-2.0.so.0 #10 0x00007ffff6cc0258 in () at /lib/x86_64-linux-gnu/libglib-2.0.so.0 #11 0x00007ffff6c6a2b3 in g_main_loop_run () at /lib/x86_64-linux-gnu/libglib-2.0.so.0 #12 0x00007ffff74aacfd in gtk_main () at /lib/x86_64-linux-gnu/libgtk-3.so.0 #13 0x00005555555c50b2 in ui_main (argc=<optimized out>, argc at entry=1, argv=<optimized out>, argv at entry=0x7fffffffd9f8) at gui_main.c:1987 window_name = "Freeciv (gtk3.22)\000\000\000\000\000\000\000\000/\035k/\\rW\340\324\377\377\377\177\000\000\030\000\000\000\000\000\000\000\250t\206UUU\000\000曃UUU\000\000\000\000\000\000\000\000\000\000\030", '\000' <repetidos 23 veces>, "\340\353\210UUU\000\000Z\235\203UUU\000\000\001\000\000\000\000\000\000\000'l\201UUU", '\000' <repetidos 26 veces>, " \000\000\000\060\000\000\000\320\324\377\377\001\000\000\000\360\323\377\377\377\177\000\000colors.p\000/\035k/\\rW_backgro\200\377\377\377\377\377\377\377"... toplevel_font_name = <optimized out> sig = <optimized out> __FUNCTION__ = "ui_main" #14 0x00005555555c8455 in client_main (argc=1, argv=0x7fffffffd9f8, postpone_tileset=<optimized out>) at client_main.c:703 i = 1 loglevel = LOG_NORMAL ui_options = <optimized out> ui_separator = <optimized out> --Type <RET> for more, q to quit, c to continue without paging-- option = <optimized out> fatal_assertions = -1 aii = 2 uret = <optimized out> __FUNCTION__ = "client_main" #15 0x00007ffff6a15d90 in __libc_start_call_main (main=main at entry=0x5555555c1a10 <main>, argc=argc at entry=1, argv=argv at entry=0x7fffffffd9f8) at ../sysdeps/nptl/libc_start_call_main.h:58 self = <optimized out> result = <optimized out> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0, 913343395805536372, 140737488345592, 93824992680464, 93824996397528, 140737354125376, -913343396845576076, -913327234994265996}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = <optimized out> #16 0x00007ffff6a15e40 in __libc_start_main_impl (main=0x5555555c1a10 <main>, argc=1, argv=0x7fffffffd9f8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffd9e8) at ../csu/libc-start.c:392 #17 0x00005555555c1a45 in _start () --------------------------------------------------------------------- Ticket Status: Reporter: bard Owner: (None) Type: Bugs Status: Open Priority: 5 - Medium MileStone: (None) Component: (None) Severity: 5 - Medium Resolution: None --------------------------------------------------------------------- Ticket details: Similar to bug #62981, but this time with default ruleset (S3_1). Tested with client gtk3.22 and qt6. If I load the attached savegame, I use the mouse to select one of the Musketers (all in sentry state) inside the Transport, and I use "drag and drop" (mouse gesture) to attack the adjacent enemy Mech Inf, then the Musketer is deselected, loses the sentry state, and it changes to a "waiting orders" state with a "?" icon. If I select the same Musketer again, and I click attack when the popup appear, the game crashes with a segmentation fault error: in utype_can_do_action() [unittype.c::449]: assertion '(signed int)(utype_index(putype)) >= 0 && (signed int)(utype_index(putype)) < (signed int) sizeof((unit_can_act_cacheact_id).vec) * 8' failed. I'm playing a game where this kind of crashes are common (any action performed from a transport with a sentry unit), but it uses to work if I just reload the game. This savegame crashes to me every time I try the same attack. -- Ticket information of Freeciv project Freeciv Project is hosted on OSDN Project URL: https://osdn.net/projects/freeciv/ OSDN: https://osdn.net URL for this Ticket: https://osdn.net/projects/freeciv/ticket/78170 RSS feed for this Ticket: https://osdn.net/ticket/ticket_rss.php?group_id=12505&tid=78170