Found by fuzzer: The piranha attacks you without knowing your location?

[elunna]

#0  __pthread_kill_implementation (no_tid=0, signo=6, threadid=139873801873344) at ./nptl/pthread_kill.c:44
#1  __pthread_kill_internal (signo=6, threadid=139873801873344) at ./nptl/pthread_kill.c:78
#2  __GI___pthread_kill (threadid=139873801873344, signo=signo@entry=6) at ./nptl/pthread_kill.c:89
#3  0x00007f36e801a476 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#4  0x00007f36e80007f3 in __GI_abort () at ./stdlib/abort.c:79
#5  0x000055846aa2483c in NH_abort () at end.c:236
#6  0x000055846aa2af5c in panic (str=0x55846b483bc0 "%s") at end.c:784
#7  0x000055846af4d882 in impossible (s=0x55846b42d520 "%s attacks you without knowing your location?") at pline.c:518
#8  0x000055846ac6c9ea in wildmiss (mtmp=0x6110000f2ac0, mattk=0x55846b55a1bc <mons+45468>) at mhitu.c:464
#9  0x000055846ac7e70a in mattacku (mtmp=0x6110000f2ac0) at mhitu.c:1061
#10 0x000055846adfe83e in dochug (mtmp=0x6110000f2ac0) at monmove.c:994
#11 0x000055846adea111 in dochugw (mtmp=0x6110000f2ac0) at monmove.c:176
#12 0x000055846ad5a820 in movemon () at mon.c:1427
#13 0x000055846a774900 in moveloop (resuming=0 '\000') at allmain.c:218
#14 0x000055846b32bfe5 in main (argc=0, argv=0x7fff09cf0cb8) at ../sys/unix/unixmain.c:353

Extra info after the crash:

(rr) p toplines
$9 = "You splash through the shallow water.", '\000' <repeats 262 times>
(rr) p moves
$2 = 13124408
(rr) p u.umonster
$3 = 467
(rr) p u.umonnum
$4 = 467
(rr) p urace.malenum
$5 = 363
(rr) p u.uz
$6 = {dnum = 3 '\003', dlevel = 2 '\002'}

mtmp is: #define    PM_PIRANHA  437

(rr) p u.ux
$11 = 18 '\022'
(rr) p u.uy
$12 = 9 '\t'
(rr) 

We can see mux and muy don't match u.ux or u.uy. The piranha thinks we are at (5, 12) but we are at (18, 9)

Piranha's knowledge changed on move 13124408 (same turn as crash)

So I watched our x coordinate (u.ux) and it took me to this:

#0  u_on_newpos (x=18, y=9) at dungeon.c:1226
#1  0x000055846b11229f in teleds (nux=18, nuy=9, teleds_flags=3) at teleport.c:400
#2  0x000055846b112c1d in safe_teleds (teleds_flags=3) at teleport.c:467
#3  0x000055846b18209a in drown () at trap.c:4639
#4  0x000055846aaab560 in pooleffects (newspot=1 '\001') at hack.c:2443
#5  0x000055846aaacf10 in spoteffects (pick=1 '\001') at hack.c:2537
#6  0x000055846af51774 in polyman (fmt=0x55846b485980 "return to %s form!", arg=0x55846b4ab040 "dark elven") at polyself.c:260
#7  0x000055846af5ccae in rehumanize () at polyself.c:1260
#8  0x000055846acb25bf in mdamageu (mtmp=0x6110000f2ac0, n=10) at mhitu.c:3767
#9  0x000055846ac99726 in hitmu (mtmp=0x6110000f2ac0, mattk=0x55846b55a1b8 <mons+45464>) at mhitu.c:2629
#10 0x000055846ac7e327 in mattacku (mtmp=0x6110000f2ac0) at mhitu.c:1029
#11 0x000055846adfe83e in dochug (mtmp=0x6110000f2ac0) at monmove.c:994
#12 0x000055846adea111 in dochugw (mtmp=0x6110000f2ac0) at monmove.c:176
#13 0x000055846ad5a820 in movemon () at mon.c:1427
#14 0x000055846a774900 in moveloop (resuming=0 '\000') at allmain.c:218
#15 0x000055846b32bfe5 in main (argc=0, argv=0x7fff09cf0cb8) at ../sys/unix/unixmain.c:353

(rr) p toplines
$16 = "You materialize in a different location!", '\000' <repeats 259 times>

My hypothesis: I'm not sure this has anything to do with drow, but it looks like a piranha killed the player on the first bite, the player rehumanized back into a drow, drowned, came back to life (cause wizmode), then safe_teleds to somewhere else, but the piranha's knowledge of the player's coordinates was not updated and it continued to it's second bite attack.

Reproduction: I was successful in replicating this. First I turned sanity_check on, then I went to medusa's level, polymorphed into a killer bee, and flew in a spot surrounded by water. Then I summoned a piranha. It killed me on the first hit and I rehumanized into my base form. When the prompt asked if I wanted to die, I said NO, then insta teleported to random land, the piranha continued its second attack and triggered the program in disorder.

Conclusion: This might not be limited to wizmode, a mind flayer wearing an amulet of lifesaving could also possibly trigger this.

This might also be in Vanilla but I did not check.

[entrez]

Good diagnosis. It can be hard to reproduce the error message due to the cansee requirement in wildmiss, even for the diagnostic impossible (would be nice if that could be avoided... if something on the other end of the map is trying and failing to attack the hero, seems like the impossible should be printed). Doesn't happen in vanilla due to NetHack/NetHack@4b78763d7060547f00cd8029a411f4eb9133901d and follow-up NetHack/NetHack@85137bb76a754681c35a9c25eb592ba768b5b1fd.

[k21971]

Resolved via commit 76c41f0