Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Crash: loading savegame #6605

Closed
DorpsGek opened this issue Aug 14, 2017 · 13 comments · Fixed by #7546
Closed

Crash: loading savegame #6605

DorpsGek opened this issue Aug 14, 2017 · 13 comments · Fixed by #7546
Labels
bug Something isn't working flyspray This issue is imported from FlySpray (https://bugs.openttd.org/) needs triage This issue needs further investigation before it becomes actionable

Comments

@DorpsGek
Copy link
Member

james1101 opened the ticket and wrote:

Related to #1062, was marked as fixed, but apparently not fixed

OpenTTD crash on loading the attached savegames. Crash files have been attached.

Attachments

Reported version: 1.7.1
Operating system: Windows


This issue was imported from FlySpray: https://bugs.openttd.org/task/6605
@DorpsGek
Copy link
Member Author

andythenorth wrote:

FWIW, crash is reproducible (OpenTTD 1.7.1, macOS). I am not able to diagnose further or offer other help though. Thanks.


This comment was imported from FlySpray: https://bugs.openttd.org/task/6605#comment14517

@DorpsGek
Copy link
Member Author

Wolf01 wrote:

The reason seem another (loading a city with invalid id), so another functionality is broken


This comment was imported from FlySpray: https://bugs.openttd.org/task/6605#comment14522

@DorpsGek DorpsGek added Core flyspray This issue is imported from FlySpray (https://bugs.openttd.org/) labels Apr 7, 2018
@TrueBrain TrueBrain added needs triage This issue needs further investigation before it becomes actionable bug Something isn't working and removed bug from FlySpray labels Apr 12, 2018
@frosch123 frosch123 removed the Core label Apr 14, 2018
@James103
Copy link
Contributor

Loading the saved game still crashes in OpenTTD 1.8.0 on Win 7 Ultimate.
Attached crash.* files.

@LordAro
Copy link
Member

LordAro commented Aug 14, 2018

With up to date master build:-

*** OpenTTD Crash Report ***

Crash at: Tue Aug 14 21:13:36 2018
In game date: 2090-03-20 (13)

Crash reason:
 Signal:  Aborted (6)
 Message: Assertion failed at line 113 of /home/lordaro/dev/openttd/src/core/pool_type.hpp: index < this->first_unused

Same assertion as #6507 - same underlying cause?

@Alberth289346
Copy link
Contributor

Stack-dump on loading the game:

#0  0x00007ffff3aa4eab in raise () from /lib64/libc.so.6
#1  0x00007ffff3a8f5b9 in abort () from /lib64/libc.so.6
#2  0x00007ffff3a8f491 in __assert_fail_base.cold.0 () from /lib64/libc.so.6
#3  0x00007ffff3a9d612 in __assert_fail () from /lib64/libc.so.6
#4  0x000000000079b2d3 in Pool<Town, unsigned short, 64ul, 64000ul, (PoolType)1, false, true>::Get (this=0x26eeda0 <_town_pool>,
    index=185) at /home/alberth/openttd/openttd.git/src/core/pool_type.hpp:113
#5  0x000000000079a367 in Pool<Town, unsigned short, 64ul, 64000ul, (PoolType)1, false, true>::PoolItem<&_town_pool>::Get (
    index=185) at /home/alberth/openttd/openttd.git/src/core/pool_type.hpp:248
#6  0x00000000008fcee3 in Town::GetByTile (tile=37809) at /home/alberth/openttd/openttd.git/src/town.h:134
#7  0x0000000000ac1c84 in ClosestTownFromTile (tile=37809, threshold=4294967295)
    at /home/alberth/openttd/openttd.git/src/town_cmd.cpp:3355
#8  0x0000000000783c03 in MakeDefaultName<Depot> (obj=0x2918960) at /home/alberth/openttd/openttd.git/src/town.h:234
#9  0x00000000009d1d56 in AfterLoadGame () at /home/alberth/openttd/openttd.git/src/saveload/afterload.cpp:2417
#10 0x00000000009eadf1 in DoLoad (reader=0x2a09b70, load_check=false)
    at /home/alberth/openttd/openttd.git/src/saveload/saveload.cpp:2759
#11 0x00000000009eb1e6 in SaveOrLoad (
    filename=0x26dfe8c <_file_to_saveload+12> "/home/alberth/Downloads/Klein+Emsmünster+Transport,+20.+Mär+2090.sav",
    fop=SLO_LOAD, dft=DFT_GAME_FILE, sb=NO_DIRECTORY, threaded=true)
    at /home/alberth/openttd/openttd.git/src/saveload/saveload.cpp:2866
#12 0x000000000093b4d5 in SafeLoad (
    filename=0x26dfe8c <_file_to_saveload+12> "/home/alberth/Downloads/Klein+Emsmünster+Transport,+20.+Mär+2090.sav",
    fop=SLO_LOAD, dft=DFT_GAME_FILE, newgm=GM_NORMAL, subdir=NO_DIRECTORY, lf=0x0)
    at /home/alberth/openttd/openttd.git/src/openttd.cpp:1009
#13 0x000000000093b6af in SwitchToMode (new_mode=SM_LOAD_GAME) at /home/alberth/openttd/openttd.git/src/openttd.cpp:1098
#14 0x000000000093ccc8 in GameLoop () at /home/alberth/openttd/openttd.git/src/openttd.cpp:1462
#15 0x0000000000b0f7f3 in VideoDriver_SDL::MainLoop (this=0x277f020) at /home/alberth/openttd/openttd.git/src/video/sdl_v.cpp:756
#16 0x000000000093b005 in openttd_main (argc=1, argv=0x7fffffffdc88) at /home/alberth/openttd/openttd.git/src/openttd.cpp:864
#17 0x00000000009500cc in main (argc=1, argv=0x7fffffffdc88) at /home/alberth/openttd/openttd.git/src/os/unix/unix.cpp:280

that is, non-existing town being accessed.

@Alberth289346
Copy link
Contributor

Town index numbers get messed up in AfterLoadGame:

(gdb) b town.h:134
Breakpoint 1 at 0x8fcece: file /home/alberth/openttd/openttd.git/src/town.h, line 134.

(gdb) cond 1 tile==37809

(gdb) r -g /home/alberth/Downloads/Klein+Emsmünster+Transport,+20.+Mär+2090.sav
Starting program: /home/alberth/openttd/openttd.git/bin/openttd -g /home/alberth/Downloads/Klein+Emsmünster+Transport,+20.+Mär+2090.sav
[omitting some ouput]

Thread 1 "openttd" hit Breakpoint 1, Town::GetByTile (tile=37809) at /home/alberth/openttd/openttd.git/src/town.h:134
134                     return Town::Get(GetTownIndex(tile));
(gdb) bt
#0  Town::GetByTile (tile=37809) at /home/alberth/openttd/openttd.git/src/town.h:134
#1  0x00000000009f21d0 in RebuildTownCaches () at /home/alberth/openttd/openttd.git/src/saveload/town_sl.cpp:42
#2  0x00000000009f267e in UpdateHousesAndTowns () at /home/alberth/openttd/openttd.git/src/saveload/town_sl.cpp:114
#3  0x00000000009cda66 in AfterLoadGame () at /home/alberth/openttd/openttd.git/src/saveload/afterload.cpp:1481
[omitting some ouput]

(gdb) p GetTownIndex(tile)
$3 = 176

(gdb) p _town_pool.first_unused
$4 = 183

(gdb) c
Continuing.

Thread 1 "openttd" hit Breakpoint 1, Town::GetByTile (tile=37809) at /home/alberth/openttd/openttd.git/src/town.h:134
134                     return Town::Get(GetTownIndex(tile));
(gdb) bt
#0  Town::GetByTile (tile=37809) at /home/alberth/openttd/openttd.git/src/town.h:134
#1  0x0000000000ac1c84 in ClosestTownFromTile (tile=37809, threshold=4294967295)
    at /home/alberth/openttd/openttd.git/src/town_cmd.cpp:3355
#2  0x0000000000783c03 in MakeDefaultName<Depot> (obj=0x2b1f410) at /home/alberth/openttd/openttd.git/src/town.h:234
#3  0x00000000009d1d56 in AfterLoadGame () at /home/alberth/openttd/openttd.git/src/saveload/afterload.cpp:2417

[omitting some ouput]

(gdb) p GetTownIndex(tile)
$6 = 185

@Alberth289346
Copy link
Contributor

saveload/afterload.cpp around line 2329 is the culprit:

	thingie("5");
	if (IsSavegameVersionBefore(128)) {
		const Depot *d;
		FOR_ALL_DEPOTS(d) {
			_m[d->xy].m2 = d->index;
			if (IsTileType(d->xy, MP_WATER)) _m[GetOtherShipDepotTile(d->xy)].m2 = d->index;
		}
	}

	thingie("5b");

where thingie does some sanity checking before getting the town tile index:

static void thingie(const char *name)
{
	const TileIndex broken = 37809;
	if (broken >= MapSize()) return;
	if (!(IsTileType(broken, MP_HOUSE) || (IsTileType(broken, MP_ROAD) && !IsRoadDepot(broken)))) return;

	printf("%s: GetTownIndex(tile)=%d\n", name, GetTownIndex(broken));
}

Output:

1: GetTownIndex(tile)=176
2: GetTownIndex(tile)=176
3: GetTownIndex(tile)=176
4: GetTownIndex(tile)=176
5: GetTownIndex(tile)=176
5b: GetTownIndex(tile)=185
5c: GetTownIndex(tile)=185
5d: GetTownIndex(tile)=185
5e: GetTownIndex(tile)=185
6: GetTownIndex(tile)=185
<crash>

the other output comes from other points in the afterload code, which are not further relevant.

@Alberth289346
Copy link
Contributor

Alberth289346 commented Dec 29, 2018

git blame points that afterload code fragment at 55ddce8 which introduces m2 for being used for depot index, so that looks like it's not the real problem.

EDIT: After some more thought, I think the above conclusion is actually not true (but perhaps also not false). The code already used m2 for getting the town tile index in the code before this point in the program.

@andythenorth andythenorth added stale Stale issues and removed stale Stale issues labels Jan 5, 2019
@James103
Copy link
Contributor

Loading the saved game still crashes in OpenTTD 1.9.0-beta2 on Win 7 Ultimate with the same assertion as in the initial comment (Assertion failed at line 113 of d:\a\1\s\src\core\pool_type.hpp: index < this->first_unused).

Crash files attached

@stale
Copy link

stale bot commented Apr 20, 2019

This issue has been automatically marked as stale because it has not had any activity in the last two months.
If you believe the issue is still relevant, please test on the latest nightly and report back.
It will be closed if no further activity occurs within 7 days.
Thank you for your contributions.

@stale stale bot added the stale Stale issues label Apr 20, 2019
@LordAro LordAro added pinned and removed stale Stale issues labels Apr 25, 2019
@LordAro
Copy link
Member

LordAro commented Apr 25, 2019

I've been doing some digging on this, and it seems there's currently another bug on top of this one, in current master (5b0ce8c)

Thread 1 "openttd" received signal SIGSEGV, Segmentation fault.
0x0000555555a03a06 in GroupStatistics::CountEngine (v=v@entry=0x5555575805a0, delta=delta@entry=-1) at /home/lordaro/dev/openttd/src/group_cmd.cpp:165
165		GroupStatistics::GetAllGroup(v).num_engines[v->engine_type] += delta;
...
#0  0x0000555555a03a06 in GroupStatistics::CountEngine (v=v@entry=0x5555575805a0, delta=delta@entry=-1) at /home/lordaro/dev/openttd/src/group_cmd.cpp:165
#1  0x0000555555c4a2cd in Vehicle::PreDestructor (this=this@entry=0x5555575805a0) at /home/lordaro/dev/openttd/src/vehicle.cpp:819
#2  0x0000555555b461c3 in RoadVehicle::~RoadVehicle (this=0x5555575805a0, __in_chrg=<optimized out>) at /home/lordaro/dev/openttd/src/roadveh.h:124
#3  0x0000555555b461e9 in RoadVehicle::~RoadVehicle (this=0x5555575805a0, __in_chrg=<optimized out>) at /home/lordaro/dev/openttd/src/roadveh.h:124
#4  0x0000555555b4d3c6 in AfterLoadGame () at /home/lordaro/dev/openttd/src/saveload/afterload.cpp:1933

(afterload.cpp line number different due to debug additions, but it's the delete v; inside if (IsSavegameVersionBefore(SLV_62)) { block)

This is due to num_engines being null, which seems to be because (at the time that the GroupStatistics item was initialised) the engines weren't loaded, so it created an array of 0 length

This can be worked around by adding an explicit GroupStatistics::UpdateAfterLoad() call just before the previously mentioned block, but I'm not sure whether that's a good solution - perhaps things are being loaded in the wrong order generally?

@LordAro
Copy link
Member

LordAro commented Apr 25, 2019

In fact, I can't reproduce the original assertion at all, not in 1.9.0-beta2, nor e8f9975 or 50d9302 (translator commits immediately before Alberth & my's previous comments), only the segfault. How's that happened?

@LordAro
Copy link
Member

LordAro commented Apr 26, 2019

OK, with the previous issue worked around (@PeterN pointed out that it was picking up my new game GRF settings...), and I find the following:

There are 5 invalid depot tiles in the game, that is, depots where their tile types don't match:

if (!IsDepotTile(d->xy)) { printf("Invalid depot %d, %d\n", TileX(d->xy), TileY(d->xy)); continue; }

Invalid depot 18,227
Invalid depot 58,306
Invalid depot 433,73
Invalid depot 55,115
Invalid depot 461,69

Visually looking at the map, now that I can actually load the game, all these tiles look like they could've contained depots at some point in the past, as they're all next to a rail line (now contain a mixture of grass or houses)

Not sure where to go next, simply delete d; does not make the crash go away...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working flyspray This issue is imported from FlySpray (https://bugs.openttd.org/) needs triage This issue needs further investigation before it becomes actionable
Projects
None yet
Development

Successfully merging a pull request may close this issue.

7 participants