Reproducible crash when deleting road stop

[Matthew]

Steps to reproduce

1. In your paksets directory, install my Australian mod of pak128.Britain-Ex under the name pak128.b-ex-Australia, available here (I am likely to delete the huge file after a couple of months, so ask me for it if it's not there).

2. Open the save file Australia-stop-deletion-crash, available here.

3. Pause the game.

4. Identify bus 587. It's currently just east of the trainshed of Adelaide Broadway Railway Station, queuing behind the buses in the westmost stops.

5. Fast forward until bus 587 passes through the bus station without stopping and turns back round onto the main roads. Watch as it heads west and probably waits for the traffic lights. Just watch the bus, don't 'follow' it so the whole map moves with it.

6. Select the Remove tool.

6. When bus 587 passes through the traffic lights, you might want to slow the game down to half speed with the , key because you need lightning reflexes for the next part.

7. Bus 587 will turn back towards the railway station with the intention of stopping at the road freight stop on tile (2785, 3152). After it enters the tile, but before the bus stops, remove the stop underneath the tile.



Expected result

The stop is deleted and the game continues to run. This does happen sometimes, but the bug is reproducible if you click at exactly the right moment. I noticed that the order in which the buses exit the bus station varies, and I don't know whether that's a factor too or not.

Actual result

About one-third of the time, I get a soft-to-hard crash. Simutrans stops and an error message appears, but can't be copied.

In the debug version, I think the error message is "vector_tpl(): index out of bounds: 5 not in 0..5", but I'm not 100% certain (the crash causes my whole desktop environment to become less responsive and you can't return to Simutrans after tabbing away). In the optimized version, I remember that the limits were 0..4,294,967,295 or thereabouts, i.e. the highest number in an unsigned 32-bit int.

Backtrace (optimized version)

Code Select Expand

Thread 1 "simutrans-exten" received signal SIGINT, Interrupt.
0x00007ffff74ecadf in __GI___clock_nanosleep (clock_id=clock_id@entry=0, flags=flags@entry=0, req=0x7fffffff9610, rem=0x7fffffff9620) at ../sysdeps/unix/sysv/linux/clock_nanosleep.c:78
warning: 78     ../sysdeps/unix/sysv/linux/clock_nanosleep.c: No such file or directory
(gdb) bt
#0  0x00007ffff74ecadf in __GI___clock_nanosleep (clock_id=clock_id@entry=0, flags=flags@entry=0, req=0x7fffffff9610, rem=0x7fffffff9620) at ../sysdeps/unix/sysv/linux/clock_nanosleep.c:78
#1  0x00007ffff74f9a27 in __GI___nanosleep (req=<optimised out>, rem=<optimised out>) at ../sysdeps/unix/sysv/linux/nanosleep.c:25
#2  0x00007ffff7c3b35f in ?? () from /lib/x86_64-linux-gnu/libSDL2-2.0.so.0
#3  0x0000555555c8397a in log_t::fatal(char const*, char const*, ...) ()
#4  0x0000555555bd1a0f in haltestelle_t::display_status(short, short) ()
#5  0x0000555555713129 in grund_t::display_overlay(short, short) ()
#6  0x0000555555c0b40e in planquadrat_t::display_overlay(short, short) const ()
#7  0x00005555557b09a4 in main_view_t::display(bool) ()
#8  0x0000555555bea100 in intr_refresh_display(bool) ()
#9  0x0000555555c56b64 in karte_t::sync_step(unsigned int, bool, bool) ()
#10 0x0000555555bea24f in interrupt_check(char const*) ()
#11 0x0000555555c7eb7c in karte_t::interactive(unsigned int) ()
#12 0x0000555555bf6e10 in simu_main(int, char**) ()
#13 0x0000555555c7fa1a in sysmain(int, char**) ()
#14 0x00007ffff742a1ca in __libc_start_call_main (main=main@entry=0x5555556b09e0 <main>, argc=argc@entry=4, argv=argv@entry=0x7fffffffd988) at ../sysdeps/nptl/libc_start_call_main.h:58
#15 0x00007ffff742a28b in __libc_start_main_impl (main=0x5555556b09e0 <main>, argc=4, argv=0x7fffffffd988, init=<optimised out>, fini=<optimised out>, rtld_fini=<optimised out>, stack_end=0x7fffffffd978)
    at ../csu/libc-start.c:360
#16 0x00005555556b0a15 in _start ()
Backtrace (debug version)

Code Select Expand

#0  __pthread_kill_implementation (no_tid=0, signo=6, threadid=<optimised out>) at ./nptl/pthread_kill.c:44
#1  __pthread_kill_internal (signo=6, threadid=<optimised out>) at ./nptl/pthread_kill.c:78
#2  __GI___pthread_kill (threadid=<optimised out>, signo=signo@entry=6) at ./nptl/pthread_kill.c:89
#3  0x00007ffff744527e in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#4  0x00007ffff74288ff in __GI_abort () at ./stdlib/abort.c:79
#5  0x0000555555c805b1 in log_t::fatal (this=0x5555560ea8b0, who=0x555555d0d35b "vector_tpl<T>::[]", format=0x555555d0d330 "%s: index out of bounds: %lu not in 0..%lu") at utils/log.cc:331
#6  0x000055555568b5b4 in vector_tpl<int>::operator[] (this=0x5555cf294978, i=5) at dataobj/../dataobj/../tpl/vector_tpl.h:281
#7  0x0000555555bce2ac in haltestelle_t::display_status (this=0x5555cf294490, xpos=539, ypos=467) at simhalt.cc:5330
#8  0x00005555556f1559 in grund_t::display_overlay (this=0x5555b51542c8, xpos=444, ypos=476) at boden/grund.cc:1858
#9  0x0000555555c02cbf in planquadrat_t::display_overlay (this=0x7ffec60021c0, xpos=444, ypos=476) at simplan.cc:726
#10 0x000055555579dca1 in main_view_t::display (this=0x5555588e6af0, force_dirty=false) at display/simview.cc:289
#11 0x0000555555bdfceb in intr_refresh_display (dirty=false) at simintr.cc:80
#12 0x0000555555c55173 in karte_t::sync_step (this=0x55557b0a7a10, delta_t=82, do_sync_step=true, display=true) at simworld.cc:4326
#13 0x0000555555bdfe71 in interrupt_check (caller_info=0x555555d5e2c9 "simworld.cc:10937") at simintr.cc:113
#14 0x0000555555c6e8fa in karte_t::interactive (this=0x55557b0a7a10, quit_month=2147483647) at simworld.cc:10937
#15 0x0000555555bedfc6 in simu_main (argc=4, argv=0x7fffffffd988) at simmain.cc:1597
#16 0x0000555555c7c79e in sysmain (argc=4, argv=0x7fffffffd988) at sys/simsys.cc:1094
#17 0x0000555555d0ae81 in main (argc=4, argv=0x7fffffffd988) at sys/simsys_s2.cc:1112
Frame info and local variables

Code Select Expand


#6  0x000055555568b5b4 in vector_tpl<int>::operator[] (this=0x5555cf294978, i=5) at dataobj/../dataobj/../tpl/vector_tpl.h:281
281                             dbg->fatal("vector_tpl<T>::[]", "%s: index out of bounds: %lu not in 0..%lu", typeid(T).name(), i, count - 1);

No local variables

#7  0x0000555555bce2ac in haltestelle_t::display_status (this=0x5555cf294490, xpos=539, ypos=467) at simhalt.cc:5330
5330                                    if (last_bar_height[bar_height_index] != (scr_coord_val)v) {

v = 2
yoff = 2
i = 7 '\a'
count = 5
x = 519
bar_height_index = 5
max_capacity = 0
total_ware = 8

#8  0x00005555556f1559 in grund_t::display_overlay (this=0x5555b51542c8, xpos=444, ypos=476) at boden/grund.cc:1858
1858                                    halt->display_status(xpos, ypos);

halt = {static data = 0x555556f8a4a0, entry = 373}
dirty = true

#9  0x0000555555c02cbf in planquadrat_t::display_overlay (this=0x7ffec60021c0, xpos=444, ypos=476) at simplan.cc:726
726             gr->display_overlay(xpos, ypos);

gr = 0x5555b51542c8
Notes

For full disclosure I should confess that this save game has been used for testing a modded version of Extended, but I can't see how that's a factor. I have reproduced the crash with the normal Bridgewater-Brunel binary and a debug binary compiled from the master branch. The changes I was testing don't touch the save game, I didn't touch any of the functions shown in the backtrace, and I have experienced very similar crashes in normal gameplay playing on vanilla Extended; I've just never been able to reproduce them until this weekend.

[prissi]

It seems you could delete a stop while the display routine is running, i.e. outside of a step. All map altering actions beyond vehicle movement should never happen outside steps. That must be some fundamental logic error deep down. Essentially the random mode at the start of that display loop is not SYNC_STEP_RANDOM