Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invalidate Pointer Accessed during isUnsafeToPlan() calculation of nav2_theta_planner #4464

Closed
GoesM opened this issue Jun 24, 2024 · 1 comment
Closed

Invalidate Pointer Accessed during isUnsafeToPlan() calculation of nav2_theta_planner #4464

GoesM opened this issue Jun 24, 2024 · 1 comment

Comments

@GoesM
Copy link
Contributor

GoesM commented Jun 24, 2024
edited
Loading

Bug report

Required Info:

  • Operating System:
    • ubuntu 22.04
  • ROS2 Version:
    • humble OR Iron
  • Version or commit hash:
    • the latest
  • DDS implementation:
    • the defaulted

Steps to reproduce issue

Launch the navigation2 as following steps:

#!/bin/bash
export ASAN_OPTIONS=halt_on_error=0:new_delete_type_mismatch=0:detect_leaks=0:log_pah=asan
source install/setup.bash
export TURTLEBOT3_MODEL=waffle
export GAZEBO_MODEL_PATH=$GAZEBO_MODEL_PATH:/opt/ros/humble/share/turtlebot3_gazebo/models
ros2 launch nav2_bringup tb3_simulation_launch.py headless:=True use_rviz:=False use_composition:=False

use the nav2_theta_planner as plugin within following configuration (provided by nav2):

planner_server:
  ros__parameters:
    GridBased:
      allow_unknown: true
      how_many_corners: 8
      plugin: nav2_theta_star_planner/ThetaStarPlanner
      w_euc_cost: 1.0
      w_heuristic_cost: 1.0
      w_traversal_cost: 2.0
    expected_planner_frequency: 20.0
    planner_plugins:
      - GridBased
    use_sim_time: true

Expected behavior

no bug occured.

Actual behavior

the Asan report of this bug is as following:

=================================================================
==246470==ERROR: AddressSanitizer: SEGV on unknown address 0x79a22b50dd3e (pc 0x79a203520cba bp 0x0f232c45f33e sp 0x79a1f416fdc8 T23)
==246470==The signal is caused by a READ memory access.
    #1 0x79a1ff06e131 in theta_star::ThetaStar::isUnsafeToPlan() const (/home/*****/nav2_humble/install/nav2_theta_star_planner/lib/libnav2_theta_star_planner.so+0x10131) (BuildId: e3029bbfc001317531dc7cd46f6c716d13f4a348)
    #2 0x79a1ff06d1f1 in nav2_theta_star_planner::ThetaStarPlanner::getPlan(nav_msgs::msg::Path_<std::allocator<void> >&) (/home/*****/nav2_humble/install/nav2_theta_star_planner/lib/libnav2_theta_star_planner.so+0xf1f1) (BuildId: e3029bbfc001317531dc7cd46f6c716d13f4a348)
    #3 0x79a1ff06ca71 in nav2_theta_star_planner::ThetaStarPlanner::createPlan(geometry_msgs::msg::PoseStamped_<std::allocator<void> > const&, geometry_msgs::msg::PoseStamped_<std::allocator<void> > const&) (/home/*****/nav2_humble/install/nav2_theta_star_planner/lib/libnav2_theta_star_planner.so+0xea71) (BuildId: e3029bbfc001317531dc7cd46f6c716d13f4a348)
    #4 0x79a203b78cf4 in nav2_planner::PlannerServer::getPlan(geometry_msgs::msg::PoseStamped_<std::allocator<void> > const&, geometry_msgs::msg::PoseStamped_<std::allocator<void> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) (/home/*****/nav2_humble/install/nav2_planner/lib/libplanner_server_core.so+0x178cf4) (BuildId: 1b8bf26805500b9cf783c2dd56285836f05b374f)
    #5 0x79a203b6a10d in nav2_planner::PlannerServer::computePlan() (/home/*****/nav2_humble/install/nav2_planner/lib/libplanner_server_core.so+0x16a10d) (BuildId: 1b8bf26805500b9cf783c2dd56285836f05b374f)
    #6 0x79a203c49963 in nav2_util::SimpleActionServer<nav2_msgs::action::ComputePathToPose>::work() (/home/*****/nav2_humble/install/nav2_planner/lib/libplanner_server_core.so+0x249963) (BuildId: 1b8bf26805500b9cf783c2dd56285836f05b374f)
    #7 0x79a203c48cd4 in std::__future_base::_Task_setter<std::unique_ptr<std::__future_base::_Result<void>, std::__future_base::_Result_base::_Deleter>, std::thread::_Invoker<std::tuple<nav2_util::SimpleActionServer<nav2_msgs::action::ComputePathToPose>::handle_accepted(std::shared_ptr<rclcpp_action::ServerGoalHandle<nav2_msgs::action::ComputePathToPose> >)::'lambda'()> >, void>::operator()() const (/home/*****/nav2_humble/install/nav2_planner/lib/libplanner_server_core.so+0x248cd4) (BuildId: 1b8bf26805500b9cf783c2dd56285836f05b374f)
    #8 0x79a203c489e7 in std::enable_if<is_invocable_r_v<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter>, std::__future_base::_Task_setter<std::unique_ptr<std::__future_base::_Result<void>, std::__future_base::_Result_base::_Deleter>, std::thread::_Invoker<std::tuple<nav2_util::SimpleActionServer<nav2_msgs::action::ComputePathToPose>::handle_accepted(std::shared_ptr<rclcpp_action::ServerGoalHandle<nav2_msgs::action::ComputePathToPose> >)::'lambda'()> >, void>&>, std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> >::type std::__invoke_r<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter>, std::__future_base::_Task_setter<std::unique_ptr<std::__future_base::_Result<void>, std::__future_base::_Result_base::_Deleter>, std::thread::_Invoker<std::tuple<nav2_util::SimpleActionServer<nav2_msgs::action::ComputePathToPose>::handle_accepted(std::shared_ptr<rclcpp_action::ServerGoalHandle<nav2_msgs::action::ComputePathToPose> >)::'lambda'()> >, void>&>(std::__future_base::_Task_setter<std::unique_ptr<std::__future_base::_Result<void>, std::__future_base::_Result_base::_Deleter>, std::thread::_Invoker<std::tuple<nav2_util::SimpleActionServer<nav2_msgs::action::ComputePathToPose>::handle_accepted(std::shared_ptr<rclcpp_action::ServerGoalHandle<nav2_msgs::action::ComputePathToPose> >)::'lambda'()> >, void>&) (/home/*****/nav2_humble/install/nav2_planner/lib/libplanner_server_core.so+0x2489e7) (BuildId: 1b8bf26805500b9cf783c2dd56285836f05b374f)
    #9 0x79a203c48828 in std::_Function_handler<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> (), std::__future_base::_Task_setter<std::unique_ptr<std::__future_base::_Result<void>, std::__future_base::_Result_base::_Deleter>, std::thread::_Invoker<std::tuple<nav2_util::SimpleActionServer<nav2_msgs::action::ComputePathToPose>::handle_accepted(std::shared_ptr<rclcpp_action::ServerGoalHandle<nav2_msgs::action::ComputePathToPose> >)::'lambda'()> >, void> >::_M_invoke(std::_Any_data const&) (/home/*****/nav2_humble/install/nav2_planner/lib/libplanner_server_core.so+0x248828) (BuildId: 1b8bf26805500b9cf783c2dd56285836f05b374f)
    #10 0x79a203c483ef in std::__future_base::_State_baseV2::_M_do_set(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*) (/home/*****/nav2_humble/install/nav2_planner/lib/libplanner_server_core.so+0x2483ef) (BuildId: 1b8bf26805500b9cf783c2dd56285836f05b374f)
    #11 0x79a201a99ee7 in __pthread_once_slow nptl/./nptl/pthread_once.c:116:7
    #12 0x79a203c463f1 in std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<nav2_util::SimpleActionServer<nav2_msgs::action::ComputePathToPose>::handle_accepted(std::shared_ptr<rclcpp_action::ServerGoalHandle<nav2_msgs::action::ComputePathToPose> >)::'lambda'()> >, void>::_M_run() (/home/*****/nav2_humble/install/nav2_planner/lib/libplanner_server_core.so+0x2463f1) (BuildId: 1b8bf26805500b9cf783c2dd56285836f05b374f)
    #13 0x79a201edc252  (/lib/x86_64-linux-gnu/libstdc++.so.6+0xdc252) (BuildId: e37fe1a879783838de78cbc8c80621fa685d58a2)
    #14 0x79a201a94ac2 in start_thread nptl/./nptl/pthread_create.c:442:8
    #15 0x79a201b2684f  misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/home/*****/nav2_humble/install/nav2_costmap_2d/lib/libnav2_costmap_2d_core.so+0xc3cba) (BuildId: ae00021bac019132f382130b42d6275d543c55a4) in nav2_costmap_2d::Costmap2D::getCost(unsigned int, unsigned int) const
Thread T23 created by T15 here:
    #0 0x5d5b05e5687c in __interceptor_pthread_create (/home/*****/nav2_humble/install/nav2_planner/lib/nav2_planner/planner_server+0x9387c) (BuildId: 191f253724b34c41ec9522f9202cc91f782cabef)
    #1 0x79a201edc328 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) (/lib/x86_64-linux-gnu/libstdc++.so.6+0xdc328) (BuildId: e37fe1a879783838de78cbc8c80621fa685d58a2)
    #2 0x79a203c45d52 in std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<nav2_util::SimpleActionServer<nav2_msgs::action::ComputePathToPose>::handle_accepted(std::shared_ptr<rclcpp_action::ServerGoalHandle<nav2_msgs::action::ComputePathToPose> >)::'lambda'()> >, void>::_Async_state_impl<nav2_util::SimpleActionServer<nav2_msgs::action::ComputePathToPose>::handle_accepted(std::shared_ptr<rclcpp_action::ServerGoalHandle<nav2_msgs::action::ComputePathToPose> >)::'lambda'()>(nav2_util::SimpleActionServer<nav2_msgs::action::ComputePathToPose>::handle_accepted(std::shared_ptr<rclcpp_action::ServerGoalHandle<nav2_msgs::action::ComputePathToPose> >)::'lambda'()&&) (/home/*****/nav2_humble/install/nav2_planner/lib/libplanner_server_core.so+0x245d52) (BuildId: 1b8bf26805500b9cf783c2dd56285836f05b374f)
    #3 0x79a203c454f8 in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::__shared_count<std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<nav2_util::SimpleActionServer<nav2_msgs::action::ComputePathToPose>::handle_accepted(std::shared_ptr<rclcpp_action::ServerGoalHandle<nav2_msgs::action::ComputePathToPose> >)::'lambda'()> >, void>, std::allocator<void>, nav2_util::SimpleActionServer<nav2_msgs::action::ComputePathToPose>::handle_accepted(std::shared_ptr<rclcpp_action::ServerGoalHandle<nav2_msgs::action::ComputePathToPose> >)::'lambda'()>(std::__future_base::_Async_state_impl<std::thread::_Invoker<std::tuple<nav2_util::SimpleActionServer<nav2_msgs::action::ComputePathToPose>::handle_accepted(std::shared_ptr<rclcpp_action::ServerGoalHandle<nav2_msgs::action::ComputePathToPose> >)::'lambda'()> >, void>*&, std::_Sp_alloc_shared_tag<std::allocator<void> >, nav2_util::SimpleActionServer<nav2_msgs::action::ComputePathToPose>::handle_accepted(std::shared_ptr<rclcpp_action::ServerGoalHandle<nav2_msgs::action::ComputePathToPose> >)::'lambda'()&&) (/home/*****/nav2_humble/install/nav2_planner/lib/libplanner_server_core.so+0x2454f8) (BuildId: 1b8bf26805500b9cf783c2dd56285836f05b374f)
    #4 0x79a203c436a3 in std::future<std::__invoke_result<std::decay<nav2_util::SimpleActionServer<nav2_msgs::action::ComputePathToPose>::handle_accepted(std::shared_ptr<rclcpp_action::ServerGoalHandle<nav2_msgs::action::ComputePathToPose> >)::'lambda'()>::type>::type> std::async<nav2_util::SimpleActionServer<nav2_msgs::action::ComputePathToPose>::handle_accepted(std::shared_ptr<rclcpp_action::ServerGoalHandle<nav2_msgs::action::ComputePathToPose> >)::'lambda'()>(std::launch, nav2_util::SimpleActionServer<nav2_msgs::action::ComputePathToPose>::handle_accepted(std::shared_ptr<rclcpp_action::ServerGoalHandle<nav2_msgs::action::ComputePathToPose> >)::'lambda'()&&) (/home/*****/nav2_humble/install/nav2_planner/lib/libplanner_server_core.so+0x2436a3) (BuildId: 1b8bf26805500b9cf783c2dd56285836f05b374f)
    #5 0x79a203c2c3e9 in nav2_util::SimpleActionServer<nav2_msgs::action::ComputePathToPose>::handle_accepted(std::shared_ptr<rclcpp_action::ServerGoalHandle<nav2_msgs::action::ComputePathToPose> >) (/home/*****/nav2_humble/install/nav2_planner/lib/libplanner_server_core.so+0x22c3e9) (BuildId: 1b8bf26805500b9cf783c2dd56285836f05b374f)
    #6 0x79a203c4e9f7 in void std::__invoke_impl<void, void (nav2_util::SimpleActionServer<nav2_msgs::action::ComputePathToPose>::*&)(std::shared_ptr<rclcpp_action::ServerGoalHandle<nav2_msgs::action::ComputePathToPose> >), nav2_util::SimpleActionServer<nav2_msgs::action::ComputePathToPose>*&, std::shared_ptr<rclcpp_action::ServerGoalHandle<nav2_msgs::action::ComputePathToPose> > >(std::__invoke_memfun_deref, void (nav2_util::SimpleActionServer<nav2_msgs::action::ComputePathToPose>::*&)(std::shared_ptr<rclcpp_action::ServerGoalHandle<nav2_msgs::action::ComputePathToPose> >), nav2_util::SimpleActionServer<nav2_msgs::action::ComputePathToPose>*&, std::shared_ptr<rclcpp_action::ServerGoalHandle<nav2_msgs::action::ComputePathToPose> >&&) (/home/*****/nav2_humble/install/nav2_planner/lib/libplanner_server_core.so+0x24e9f7) (BuildId: 1b8bf26805500b9cf783c2dd56285836f05b374f)
    #7 0x79a203c33f46 in rclcpp_action::Server<nav2_msgs::action::ComputePathToPose>::call_goal_accepted_callback(std::shared_ptr<rcl_action_goal_handle_s>, std::array<unsigned char, 16ul>, std::shared_ptr<void>) (/home/*****/nav2_humble/install/nav2_planner/lib/libplanner_server_core.so+0x233f46) (BuildId: 1b8bf26805500b9cf783c2dd56285836f05b374f)
    #8 0x79a203180246 in rclcpp_action::ServerBase::execute_goal_request_received(std::shared_ptr<void>&) (/opt/ros/humble/lib/librclcpp_action.so+0x13246) (BuildId: 4dfcc4cee7010878193255b3a622d5194654caa8)

Thread T15 created by T0 here:
    #0 0x5d5b05e5687c in __interceptor_pthread_create (/home/*****/nav2_humble/install/nav2_planner/lib/nav2_planner/planner_server+0x9387c) (BuildId: 191f253724b34c41ec9522f9202cc91f782cabef)
    #1 0x79a201edc328 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) (/lib/x86_64-linux-gnu/libstdc++.so.6+0xdc328) (BuildId: e37fe1a879783838de78cbc8c80621fa685d58a2)
    #2 0x79a203c28004 in nav2_util::SimpleActionServer<nav2_msgs::action::ComputePathToPose>::SimpleActionServer(std::shared_ptr<rclcpp::node_interfaces::NodeBaseInterface>, std::shared_ptr<rclcpp::node_interfaces::NodeClockInterface>, std::shared_ptr<rclcpp::node_interfaces::NodeLoggingInterface>, std::shared_ptr<rclcpp::node_interfaces::NodeWaitablesInterface>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::function<void ()>, std::function<void ()>, std::chrono::duration<long, std::ratio<1l, 1000l> >, bool, rcl_action_server_options_s const&) (/home/*****/nav2_humble/install/nav2_planner/lib/libplanner_server_core.so+0x228004) (BuildId: 1b8bf26805500b9cf783c2dd56285836f05b374f)
    #3 0x79a203c25865 in nav2_util::SimpleActionServer<nav2_msgs::action::ComputePathToPose>::SimpleActionServer<std::shared_ptr<nav2_util::LifecycleNode> >(std::shared_ptr<nav2_util::LifecycleNode>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::function<void ()>, std::function<void ()>, std::chrono::duration<long, std::ratio<1l, 1000l> >, bool, rcl_action_server_options_s const&) (/home/*****/nav2_humble/install/nav2_planner/lib/libplanner_server_core.so+0x225865) (BuildId: 1b8bf26805500b9cf783c2dd56285836f05b374f)
    #4 0x79a203b69408 in std::__detail::_MakeUniq<nav2_util::SimpleActionServer<nav2_msgs::action::ComputePathToPose> >::__single_object std::make_unique<nav2_util::SimpleActionServer<nav2_msgs::action::ComputePathToPose>, std::shared_ptr<nav2_util::LifecycleNode>, char const (&) [21], std::_Bind<void (nav2_planner::PlannerServer::* (nav2_planner::PlannerServer*))()>, std::nullptr_t, std::chrono::duration<long, std::ratio<1l, 1000l> >, bool>(std::shared_ptr<nav2_util::LifecycleNode>&&, char const (&) [21], std::_Bind<void (nav2_planner::PlannerServer::* (nav2_planner::PlannerServer*))()>&&, std::nullptr_t&&, std::chrono::duration<long, std::ratio<1l, 1000l> >&&, bool&&) (/home/*****/nav2_humble/install/nav2_planner/lib/libplanner_server_core.so+0x169408) (BuildId: 1b8bf26805500b9cf783c2dd56285836f05b374f)
    #5 0x79a203b63ee4 in nav2_planner::PlannerServer::on_configure(rclcpp_lifecycle::State const&) (/home/*****/nav2_humble/install/nav2_planner/lib/libplanner_server_core.so+0x163ee4) (BuildId: 1b8bf26805500b9cf783c2dd56285836f05b374f)
    #6 0x79a202f7d8ec  (/opt/ros/humble/lib/librclcpp_lifecycle.so+0x288ec) (BuildId: 97f6428dc1ee45fd402b522b3b8e6b4fcfeabe76)

==246470==ABORTING

Additional information

It's a shutdown-issue

First, based on my execution logs, I can confirm this is a shutdown issue.

It's additional tickets related to #4463, which behaviors in nav2_theta_planner

Below is an analysis of the cause of this bug:

The action_server_ binds the nav2_planner::PlannerServer::computePlan() function as a callback function,

and using the nav2_theta_star_planner->getPlan() , which may access the early shutdown costmap_ros_:

navigation2/nav2_theta_star_planner/src/theta_star_planner.cpp

Lines 181 to 190 in 9fbae3e

void ThetaStarPlanner::getPlan(
nav_msgs::msg::Path & global_path,
std::function<bool()> cancel_checker)
{
std::vector<coordsW> path;
if (planner_->isUnsafeToPlan()) {
global_path.poses.clear();
throw nav2_core::PlannerException("Either of the start or goal pose are an obstacle! ");
} else if (planner_->generatePath(path, cancel_checker)) {
global_path = linearInterpolation(path, planner_->costmap_->getResolution());

This issue would be fixed in humble by PR #4463
This issue would be fixed in Iron by my later PR
@GoesM GoesM mentioned this issue Jun 24, 2024
Merged
7 tasks
@GoesM
Copy link
Contributor Author

GoesM commented Jun 24, 2024

because it's an additional ticket, so I close it ^_^

@GoesM GoesM closed this as completed Jun 24, 2024
@GoesM GoesM mentioned this issue Jun 25, 2024
Merged
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@GoesM