search

ros-visualization / rviz

ROS 3D Robot Visualizer
BSD 3-Clause "New" or "Revised" License
831 stars 463 forks source link

Segfault #1830

Closed Achllle closed 4 months ago

Achllle commented 4 months ago

Following up from #1825 since that seems to be similar/related but not the same. I'm getting a segfault when I have an RViz config with a rviz/RobotModel display that references a non-existent URDF parameter. However, I'm also getting crashes when the urdfs are present but only with more complicated setups.

Given the following rviz config file b.rviz:

Panels:
  - Class: rviz/Displays
    Name: Displays
Visualization Manager:
  Class: ""
  Displays:
    - Alpha: 1
      Class: rviz/RobotModel
      Collision Enabled: false
      Enabled: true
      Links:
        All Links Enabled: true
        Expand Joint Details: false
        Expand Link Details: false
        Expand Tree: false
        Link Tree Style: Links in Alphabetic Order
      Name: RobotModel
      Robot Description: foo
      TF Prefix: ""
      Update Interval: 0
      Value: true
      Visual Enabled: true
  Enabled: true
  Name: root
  Value: true

launching with rviz -d b.rviz occasionally yields a segfault:

Property::loadValue() TODO: error handling - unexpected QVariant type 0.
Segmentation fault (core dumped)

Sometimes this does launch ok, the segfault doesn't seem to be consistent and I haven't found a minimal example that consistently fails. Larger rviz configs with more rviz/RobotModel displays seem to cause it to crash more. When it launches fine, I do also get the message Property::loadValue() TODO: error handling - unexpected QVariant type 0.. Launching without the rviz/RobotModel display seems to work consistently. Rolling back to 1.14.20 also fixes the problem with the issue seemingly being introduced in 1.14.21.

Adding in QMainWindow State seems to prevent the segfault most of the time, although 1 in 10 launches I still get the segfault:

Window Geometry:
  QMainWindow State: 000000ff00000000fd000000040000000000000156000002b0fc0200000008fb0000001200530065006c0065006300740069006f006e00000001e10000009b0000005c00fffffffb0000001e0054006f006f006c002000500072006f007000650072007400690065007302000001ed000001df00000185000000a3fb000000120056006900650077007300200054006f006f02000001df000002110000018500000122fb000000200054006f006f006c002000500072006f0070006500720074006900650073003203000002880000011d000002210000017afb000000100044006900730070006c006100790073010000003d000002b0000000c900fffffffb0000002000730065006c0065006300740069006f006e00200062007500660066006500720200000138000000aa0000023a00000294fb00000014005700690064006500530074006500720065006f02000000e6000000d2000003ee0000030bfb0000000c004b0069006e0065006300740200000186000001060000030c00000261000000010000010f000002c4fc0200000003fb0000001e0054006f006f006c002000500072006f00700065007200740069006500730100000041000000780000000000000000fb0000000a005600690065007700730000000028000002c4000000a400fffffffb0000001200530065006c0065006300740069006f006e010000025a000000b200000000000000000000000200000490000000a9fc0100000001fb0000000a00560069006500770073030000004e00000080000002e10000019700000003000004b00000003efc0100000002fb0000000800540069006d00650100000000000004b0000003bc00fffffffb0000000800540069006d0065010000000000000450000000000000000000000354000002b000000004000000040000000800000008fc0000000100000002000000010000000a0054006f006f006c00730100000000ffffffff0000000000000000

In case the minimal example doesn't segfault, this somewhat longer config does seem to crash more consistently:

bug.launch

<launch>
    <param name="robot_description" textfile="$(dirname)/d.urdf" />
    <param name="robot_description2" textfile="$(dirname)/c.urdf" />
    <node name="rviz" pkg="rviz" type="rviz" args="-d $(dirname)/b.rviz" />
</launch>

b.rviz:

Panels:
  - Class: rviz/Displays
    Help Height: 70
    Name: Displays
    Property Tree Widget:
      Expanded: ~
      Splitter Ratio: 0.5
    Tree Height: 310
Preferences:
  PromptSaveOnExit: true
Toolbars:
  toolButtonStyle: 2
Visualization Manager:
  Class: ""
  Displays:
    - Alpha: 1
      Class: rviz/RobotModel
      Collision Enabled: false
      Enabled: true
      Links:
        All Links Enabled:
          {}
        Expand Joint Details: false
        Expand Link Details: false
        Expand Tree: false
        Link Tree Style: Links in Alphabetic Order
        base:
          Alpha: 1
          Show Axes: false
          Show Trail: false
      Name: sdfsdf
      Robot Description: robot_description
      TF Prefix: ""
      Update Interval: 0
      Value: true
      Visual Enabled: true
    - Alpha: 1
      Class: rviz/RobotModel
      Collision Enabled: false
      Enabled: true
      Links:
        All Links Enabled:
          {}
        Expand Joint Details: false
        Expand Link Details: false
        Expand Tree: false
        Link Tree Style: Links in Alphabetic Order
        base:
          Alpha: 1
          Show Axes: false
          Show Trail: false
      Name: 123
      Robot Description: robot_description3
      TF Prefix: ""
      Update Interval: 0
      Value: true
      Visual Enabled: true
  Enabled: true
  Global Options:
    Background Color: 48; 48; 48
    Default Light: true
    Fixed Frame: map
    Frame Rate: 30
  Name: root
  Tools: ~
  Value: true
  Views:
    Current:
      Class: rviz/Orbit
      Distance: 10
      Enable Stereo Rendering:
        Stereo Eye Separation: 0.05999999865889549
        Stereo Focal Distance: 1
        Swap Stereo Eyes: false
        Value: false
      Field of View: 0.7853981852531433
      Focal Point:
        X: 0
        Y: 0
        Z: 0
      Focal Shape Fixed Size: true
      Focal Shape Size: 0.05000000074505806
      Invert Z Axis: false
      Name: Current View
      Near Clip Distance: 0.009999999776482582
      Pitch: 0.7853981852531433
      Target Frame: <Fixed Frame>
      Yaw: 0.7853981852531433
    Saved: ~
Window Geometry:
  Displays:
    collapsed: false
  Height: 525
  Hide Left Dock: false
  Hide Right Dock: false
  # QMainWindow State: 000000ff00000000fd000000010000000000000156000001b7fc0200000001fb000000100044006900730070006c006100790073010000003b000001b7000000c700ffffff00000160000001b700000004000000040000000800000008fc0000000100000002000000010000000a0054006f006f006c00730100000000ffffffff0000000000000000
  Width: 700
  X: 37
  Y: 69

c.urdf

<?xml version="1.0" ?>
<robot name="robot2">
  <link name="base" />
  <joint name="base_to_base_inertia" type="fixed">
    <parent link="base"/>
    <child link="base_inertia"/>
  </joint>
  <link name="base_inertia" />
</robot>

d.urdf

<?xml version="1.0" ?>
<robot name="robot3">
  <link name="base2" />
  <joint name="base_to_base_inertia" type="fixed">
    <parent link="base2"/>
    <child link="base_inertia"/>
  </joint>
  <link name="base_inertia" />
</robot>

gdb where:

Thread 1 "rviz" received signal SIGSEGV, Segmentation fault.
0x00007ffff70cda32 in QMetaObject::activate(QObject*, int, int, void**) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
(gdb) where
#0  0x00007ffff70cda32 in QMetaObject::activate(QObject*, int, int, void**) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#1  0x00007ffff7d062fa in rviz::PropertyTreeModel::propertyHiddenChanged (this=0x5555555edc60, _t1=0x55555687b240)
    at /workspaces/dev-docker/rviz_ws/build/rviz/src/rviz/rviz_autogen/BW4I5L4EMK/moc_property_tree_model.cpp:169
#2  0x00007ffff7de596d in rviz::PropertyTreeModel::emitPropertyHiddenChanged (this=0x5555555edc60, property=0x55555687b240)
    at /workspaces/dev-docker/rviz_ws/src/rviz/src/rviz/properties/property_tree_model.h:137
#3  0x00007ffff7de4727 in rviz::Property::<lambda()>::operator()(void) const (__closure=0x55555687e680)
    at /workspaces/dev-docker/rviz_ws/src/rviz/src/rviz/properties/property.cpp:402
#4  0x00007ffff7de5820 in QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, rviz::Property::setModel(rviz::PropertyTreeModel*)::<lambda()> >::call(rviz::Property::<lambda()> &, void **) (f=..., arg=0x7fffffffc9b0) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:146
#5  0x00007ffff7de57f2 in QtPrivate::Functor<rviz::Property::setModel(rviz::PropertyTreeModel*)::<lambda()>, 0>::call<QtPrivate::List<>, void>(rviz::Property::<lambda()> &, void *, void **) (f=..., arg=0x7fffffffc9b0) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:256
#6  0x00007ffff7de57c0 in QtPrivate::QFunctorSlotObject<rviz::Property::setModel(rviz::PropertyTreeModel*)::<lambda()>, 0, QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase *, QObject *, void **, bool *) (which=1, this_=0x55555687e670, r=0x5555567e6240, a=0x7fffffffc9b0, ret=0x0)
    at /usr/include/x86_64-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:439
#7  0x00007ffff70db486 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#8  0x00007ffff70cebc5 in QObject::event(QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#9  0x00007ffff74cfa66 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#10 0x00007ffff74d90f0 in QApplication::notify(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#11 0x00007ffff70a280a in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#12 0x00007ffff70f9780 in QTimerInfoList::activateTimers() () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#13 0x00007ffff70fa06c in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#14 0x00007ffff42fc17d in g_main_context_dispatch () from /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#15 0x00007ffff42fc400 in ?? () from /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#16 0x00007ffff42fc4a3 in g_main_context_iteration () from /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#17 0x00007ffff70fa4b4 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_6

Your environment

rhaschke commented 4 months ago

Thanks for providing detailed instruction. I was able to reproduce the issue and fix it: #1831. Could you please test/review?