[Controller] invalid ptr during mapping and navigating possibly caused by bugs in nav2_costmap_2d #3232
Description
Bug report
Required Info:
- Operating System:
- Ubuntu 20.04
- ROS2 Version:
- foxy
- Version or commit hash:
- DDS implementation:
- Fast-RTPS(default)
Steps to reproduce issue
just like the issue #3231 ,except for the configall.yaml:
/loc2d_ros:
ros__parameters:
base_frame_id: base_footprint
d_thresh: 0.02
global_frame_id: map
initial_pos_a: 0.0
initial_pos_x: -2.0
initial_pos_y: -0.5
odom_frame_id: odom
scan_topic: /scan
transform_tolerance: -0.7
use_sim_time: true
amcl:
ros__parameters:
alpha1: 0.2
alpha2: 0.2
alpha3: 0.2
alpha4: 0.2
alpha5: 0.2
base_frame_id: base_footprint
beam_skip_distance: 0.4
beam_skip_error_threshold: -0.5000000000000001
beam_skip_threshold: 0.3
do_beamskip: false
global_frame_id: map
initial_pose:
x: -2.0
y: -0.5
yaw: -0.0
z: 0.0
lambda_short: 0.1
laser_likelihood_max_dist: 0.19999999999999996
laser_max_range: 87.2
laser_min_range: -1.4
laser_model_type: likelihood_field
max_beams: 60
max_particles: 1999
min_particles: 499
odom_frame_id: odom
pf_err: -0.05
pf_z: 13.690000000000001
recovery_alpha_fast: 0.0
recovery_alpha_slow: 0.0
resample_interval: 1
robot_model_type: differential
save_pose_rate: 0.5
set_initial_pose: true
sigma_hit: 0.2
tf_broadcast: true
transform_tolerance: 1.0
update_min_a: 0.2
update_min_d: 0.25
use_sim_time: true
z_hit: 0.5
z_max: 3.25
z_rand: 0.5
z_short: 0.05
amcl_map_client:
ros__parameters:
use_sim_time: true
amcl_rclcpp_node:
ros__parameters:
use_sim_time: true
bt_navigator:
ros__parameters:
default_bt_xml_filename: /home/shx/ros2_nav_fuzz/src/fuzz/scripts/config/navigate_w_replanning_and_recovery.xml
global_frame: map
odom_topic: /odom
plugin_lib_names:
- nav2_compute_path_to_pose_action_bt_node
- nav2_follow_path_action_bt_node
- nav2_back_up_action_bt_node
- nav2_spin_action_bt_node
- nav2_wait_action_bt_node
- nav2_clear_costmap_service_bt_node
- nav2_is_stuck_condition_bt_node
- nav2_goal_reached_condition_bt_node
- nav2_goal_updated_condition_bt_node
- nav2_initial_pose_received_condition_bt_node
- nav2_reinitialize_global_localization_service_bt_node
- nav2_rate_controller_bt_node
- nav2_distance_controller_bt_node
- nav2_speed_controller_bt_node
- nav2_recovery_node_bt_node
- nav2_pipeline_sequence_bt_node
- nav2_round_robin_node_bt_node
- nav2_transform_available_condition_bt_node
- nav2_time_expired_condition_bt_node
- nav2_distance_traveled_condition_bt_node
robot_base_frame: base_link
use_sim_time: true
bt_navigator_rclcpp_node:
ros__parameters:
use_sim_time: true
cartographer_node:
ros__parameters:
use_sim_time: true
controller_server:
ros__parameters:
FollowPath:
BaseObstacle.scale: 0.02
GoalAlign.forward_point_distance: 0.1
GoalAlign.scale: 24.0
GoalDist.scale: 24.0
PathAlign.forward_point_distance: 0.1
PathAlign.scale: 22.2
PathDist.scale: 32.0
RotateToGoal.lookahead_time: -5.2
RotateToGoal.scale: 33.6
RotateToGoal.slowing_factor: 5.0
acc_lim_theta: 3.2
acc_lim_x: 2.4
acc_lim_y: 9.5
angular_granularity: 0.025
critics:
- RotateToGoal
- Oscillation
- BaseObstacle
- GoalAlign
- PathAlign
- PathDist
- GoalDist
debug_trajectory_details: true
decel_lim_theta: -3.2
decel_lim_x: -2.5
decel_lim_y: 0.0
linear_granularity: 0.05
max_speed_xy: 0.22
max_vel_theta: 1.0
max_vel_x: 0.22
max_vel_y: 0.0
min_speed_theta: 0.0
min_speed_xy: -0.1
min_vel_x: -0.1
min_vel_y: -0.1
plugin: dwb_core::DWBLocalPlanner
short_circuit_trajectory_evaluation: true
sim_time: -11.100000000000001
stateful: true
trans_stopped_velocity: 0.15
transform_tolerance: -1.6
vtheta_samples: 10
vx_samples: 9
vy_samples: 5
xy_goal_tolerance: 0.25
controller_frequency: 20.0
controller_plugins:
- FollowPath
min_theta_velocity_threshold: 3.201
min_x_velocity_threshold: 0.001
min_y_velocity_threshold: -0.20000000000000007
use_sim_time: true
controller_server_rclcpp_node:
ros__parameters:
use_sim_time: true
ekf_localization:
ros__parameters:
gnss_pose_topic: gnss_pose
imu_topic: imu
odom_topic: odom
pub_period: 9
reference_frame_id: map
robot_frame_id: base_link
use_gnss: false
use_odom: true
var_gnss: 0.1
var_imu_acc: 0.01
var_imu_w: 0.01
var_odom: 0.1
global_costmap:
global_costmap:
ros__parameters:
always_send_full_costmap: true
global_frame: map
inflation_layer:
cost_scaling_factor: -1.4000000000000004
inflation_radius: 0.8500000000000001
plugin: nav2_costmap_2d::InflationLayer
obstacle_layer:
enabled: true
observation_sources: scan
plugin: nav2_costmap_2d::ObstacleLayer
scan:
clearing: true
data_type: LaserScan
marking: true
max_obstacle_height: 2.0
topic: /scan
plugins:
- static_layer
- obstacle_layer
- voxel_layer
- inflation_layer
publish_frequency: 1.0
resolution: 0.15000000000000002
robot_base_frame: base_link
robot_radius: 0.2
static_layer:
map_subscribe_transient_local: true
plugin: nav2_costmap_2d::StaticLayer
update_frequency: -2.4000000000000004
use_sim_time: true
voxel_layer:
enabled: true
mark_threshold: 0
max_obstacle_height: 2.0
observation_sources: pointcloud
origin_z: 1.6
plugin: nav2_costmap_2d::VoxelLayer
pointcloud:
clearing: true
data_type: PointCloud2
marking: true
max_obstacle_height: 2.0
topic: /intel_realsense_r200_depth/points
publish_voxel_map: true
z_resolution: 12.750000000000002
z_voxels: 15
global_costmap_client:
ros__parameters:
use_sim_time: true
global_costmap_rclcpp_node:
ros__parameters:
use_sim_time: true
lifecycle_manager_localization:
ros__parameters:
autostart: true
node_names:
- map_server
- amcl
use_sim_time: true
lifecycle_manager_mapserver:
ros__parameters:
autostart: true
node_names:
- map_server
use_sim_time: true
lifecycle_manager_navigation:
ros__parameters:
autostart: true
node_names:
- controller_server
- planner_server
- recoveries_server
- bt_navigator
- waypoint_follower
use_sim_time: true
local_costmap:
local_costmap:
ros__parameters:
always_send_full_costmap: true
global_frame: odom
height: -20
inflation_layer:
cost_scaling_factor: 0.9
plugin: nav2_costmap_2d::InflationLayer
obstacle_layer:
enabled: true
observation_sources: scan
plugin: nav2_costmap_2d::ObstacleLayer
scan:
clearing: true
data_type: LaserScan
marking: true
max_obstacle_height: 1.9
topic: /scan
plugins:
- obstacle_layer
- voxel_layer
- inflation_layer
publish_frequency: 1.9
resolution: 12.750000000000002
robot_base_frame: base_link
robot_radius: 0.0
rolling_window: true
static_layer:
map_subscribe_transient_local: false
update_frequency: 5.0
use_sim_time: true
voxel_layer:
enabled: true
mark_threshold: 0
max_obstacle_height: 2.0
observation_sources: pointcloud
origin_z: 0.0
plugin: nav2_costmap_2d::VoxelLayer
pointcloud:
clearing: true
data_type: PointCloud2
marking: true
max_obstacle_height: 2.0
topic: /intel_realsense_r200_depth/points
publish_voxel_map: true
z_resolution: 0.05
z_voxels: 16
width: -57
local_costmap_client:
ros__parameters:
use_sim_time: true
local_costmap_rclcpp_node:
ros__parameters:
use_sim_time: true
map_saver:
ros__parameters:
free_thresh_default: 0.25
occupied_thresh_default: 0.65
save_map_timeout: 5042
use_sim_time: true
map_server:
ros__parameters:
use_sim_time: true
yaml_filename: /home/shx/ros2_nav_fuzz/src/fuzz/scripts/config/turtlebot3_world.yaml
occupancy_grid_node:
ros__parameters:
use_sim_time: true
planner_server:
ros__parameters:
GridBased:
allow_unknown: true
plugin: nav2_navfn_planner/NavfnPlanner
tolerance: 0.5
use_astar: false
expected_planner_frequency: 20.5
planner_plugins:
- GridBased
use_sim_time: true
planner_server_rclcpp_node:
ros__parameters:
use_sim_time: true
recoveries_server:
ros__parameters:
backup:
plugin: nav2_recoveries/BackUp
costmap_topic: local_costmap/costmap_raw
cycle_frequency: 9.9
footprint_topic: local_costmap/published_footprint
global_frame: odom
max_rotational_vel: 2.2
min_rotational_vel: 1.0
recovery_plugins:
- spin
- backup
- wait
robot_base_frame: base_link
rotational_acc_lim: -8.5
simulate_ahead_time: 2.0
spin:
plugin: nav2_recoveries/Spin
transform_timeout: 12.700000000000001
use_sim_time: true
wait:
plugin: nav2_recoveries/Wait
robot_state_publisher:
ros__parameters:
use_sim_time: true
rtabmap:
ros__parameters:
RGBD/NeighborLinkRefining: 'True'
Reg/Strategy: '1'
approx_sync: true
frame_id: base_footprint
subscribe_depth: false
subscribe_rgb: false
subscribe_scan: true
use_sim_time: true
rtabmap_camera:
ros__parameters:
frame_id: base_footprint
subscribe_depth: true
use_sim_time: true
slam_toolbox:
ros__parameters:
angle_variance_penalty: 1.0
base_frame: base_footprint
ceres_dogleg_type: TRADITIONAL_DOGLEG
ceres_linear_solver: SPARSE_NORMAL_CHOLESKY
ceres_loss_function: None
ceres_preconditioner: SCHUR_JACOBI
ceres_trust_strategy: LEVENBERG_MARQUARDT
coarse_angle_resolution: 0.0349
coarse_search_angle_offset: -1.2510000000000001
correlation_search_space_dimension: -12.3
correlation_search_space_resolution: 0.01
correlation_search_space_smear_deviation: 0.1
debug_logging: false
distance_variance_penalty: 0.5
do_loop_closing: true
enable_interactive_mode: true
fine_search_angle_offset: 0.00349
link_match_minimum_response_fine: 0.1
link_scan_maximum_distance: 1.5
loop_match_maximum_variance_coarse: 3.0
loop_match_minimum_chain_size: 10
loop_match_minimum_response_coarse: 4.75
loop_match_minimum_response_fine: 3.6500000000000004
loop_search_maximum_distance: 3.0
loop_search_space_dimension: 8.0
loop_search_space_resolution: -0.95
loop_search_space_smear_deviation: -0.07
map_frame: map
map_update_interval: 7.7
max_laser_range: 17.8
minimum_angle_penalty: -11.9
minimum_distance_penalty: 3.2
minimum_time_interval: 3.7
minimum_travel_distance: 0.5
minimum_travel_heading: 13.200000000000001
mode: mapping
odom_frame: odom
resolution: 0.05
scan_buffer_maximum_scan_distance: 10.0
scan_buffer_size: 10
scan_topic: /scan
solver_plugin: solver_plugins::CeresSolver
stack_size_to_use: 40000000
tf_buffer_duration: 30.0
throttle_scans: 2
transform_publish_period: 0.02
transform_timeout: -1.7000000000000002
use_response_expansion: true
use_scan_barycenter: true
use_scan_matching: true
use_sim_time: true
Expected behavior
Process should not crash.
Actual behavior
the program crashed with the Asan information below:
AddressSanitizer:DEADLYSIGNAL
=================================================================
==530988==ERROR: AddressSanitizer: SEGV on unknown address 0x602080061374 (pc 0x7f5603956494 bp 0x7f55f69e5bb0 sp 0x7f55f69e5b60 T13)
==530988==The signal is caused by a WRITE memory access.
#0 0x7f5603956494 in nav2_costmap_2d::Costmap2D::MarkCell::operator()(unsigned int) /home/r1/ros2_nav_fuzz/src/navigation2/nav2_costmap_2d/include/nav2_costmap_2d/costmap_2d.hpp:476:24
#1 0x7f56039560ef in void nav2_costmap_2d::Costmap2D::bresenham2D<nav2_costmap_2d::Costmap2D::MarkCell>(nav2_costmap_2d::Costmap2D::MarkCell, unsigned int, unsigned int, int, int, int, unsigned int, unsigned int) /home/r1/ros2_nav_fuzz/src/navigation2/nav2_costmap_2d/include/nav2_costmap_2d/costmap_2d.hpp:439:7
#2 0x7f560384cfd4 in void nav2_costmap_2d::Costmap2D::raytraceLine<nav2_costmap_2d::Costmap2D::MarkCell>(nav2_costmap_2d::Costmap2D::MarkCell, unsigned int, unsigned int, unsigned int, unsigned int, unsigned int) /home/r1/ros2_nav_fuzz/src/navigation2/nav2_costmap_2d/include/nav2_costmap_2d/costmap_2d.hpp:413:7
#3 0x7f5603844b03 in nav2_costmap_2d::ObstacleLayer::raytraceFreespace(nav2_costmap_2d::Observation const&, double*, double*, double*, double*) /home/r1/ros2_nav_fuzz/src/navigation2/nav2_costmap_2d/plugins/obstacle_layer.cpp:608:5
#4 0x7f560383fac3 in nav2_costmap_2d::ObstacleLayer::updateBounds(double, double, double, double*, double*, double*, double*) /home/r1/ros2_nav_fuzz/src/navigation2/nav2_costmap_2d/plugins/obstacle_layer.cpp:377:5
#5 0x7f5602f336ee in nav2_costmap_2d::LayeredCostmap::updateMap(double, double, double) /home/r1/ros2_nav_fuzz/src/navigation2/nav2_costmap_2d/src/layered_costmap.cpp:150:16
#6 0x7f5602f5b21e in nav2_costmap_2d::Costmap2DROS::updateMap() /home/r1/ros2_nav_fuzz/src/navigation2/nav2_costmap_2d/src/costmap_2d_ros.cpp:443:25
#7 0x7f5602f55568 in nav2_costmap_2d::Costmap2DROS::mapUpdateLoop(double) /home/r1/ros2_nav_fuzz/src/navigation2/nav2_costmap_2d/src/costmap_2d_ros.cpp:397:5
#8 0x7f560312e3c1 in void std::__invoke_impl<void, void (nav2_costmap_2d::Costmap2DROS::*&)(double), nav2_costmap_2d::Costmap2DROS*&, double&>(std::__invoke_memfun_deref, void (nav2_costmap_2d::Costmap2DROS::*&)(double), nav2_costmap_2d::Costmap2DROS*&, double&) /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/invoke.h:73:14
#9 0x7f560312e11a in std::__invoke_result<void (nav2_costmap_2d::Costmap2DROS::*&)(double), nav2_costmap_2d::Costmap2DROS*&, double&>::type std::__invoke<void (nav2_costmap_2d::Costmap2DROS::*&)(double), nav2_costmap_2d::Costmap2DROS*&, double&>(void (nav2_costmap_2d::Costmap2DROS::*&)(double), nav2_costmap_2d::Costmap2DROS*&, double&) /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/invoke.h:95:14
#10 0x7f560312e037 in void std::_Bind<void (nav2_costmap_2d::Costmap2DROS::* (nav2_costmap_2d::Costmap2DROS*, double))(double)>::__call<void, 0ul, 1ul>(std::tuple<>&&, std::_Index_tuple<0ul, 1ul>) /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/functional:400:11
#11 0x7f560312de73 in void std::_Bind<void (nav2_costmap_2d::Costmap2DROS::* (nav2_costmap_2d::Costmap2DROS*, double))(double)>::operator()<void>() /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/functional:482:17
#12 0x7f560312dd60 in void std::__invoke_impl<void, std::_Bind<void (nav2_costmap_2d::Costmap2DROS::* (nav2_costmap_2d::Costmap2DROS*, double))(double)> >(std::__invoke_other, std::_Bind<void (nav2_costmap_2d::Costmap2DROS::* (nav2_costmap_2d::Costmap2DROS*, double))(double)>&&) /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/invoke.h:60:14
#13 0x7f560312dcb0 in std::__invoke_result<std::_Bind<void (nav2_costmap_2d::Costmap2DROS::* (nav2_costmap_2d::Costmap2DROS*, double))(double)> >::type std::__invoke<std::_Bind<void (nav2_costmap_2d::Costmap2DROS::* (nav2_costmap_2d::Costmap2DROS*, double))(double)> >(std::_Bind<void (nav2_costmap_2d::Costmap2DROS::* (nav2_costmap_2d::Costmap2DROS*, double))(double)>&&) /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/invoke.h:95:14
#14 0x7f560312dc78 in void std::thread::_Invoker<std::tuple<std::_Bind<void (nav2_costmap_2d::Costmap2DROS::* (nav2_costmap_2d::Costmap2DROS*, double))(double)> > >::_M_invoke<0ul>(std::_Index_tuple<0ul>) /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/thread:244:13
#15 0x7f560312dc38 in std::thread::_Invoker<std::tuple<std::_Bind<void (nav2_costmap_2d::Costmap2DROS::* (nav2_costmap_2d::Costmap2DROS*, double))(double)> > >::operator()() /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/thread:251:11
#16 0x7f560312d602 in std::thread::_State_impl<std::thread::_Invoker<std::tuple<std::_Bind<void (nav2_costmap_2d::Costmap2DROS::* (nav2_costmap_2d::Costmap2DROS*, double))(double)> > > >::_M_run() /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/thread:195:13
#17 0x7f5601b2ede3 (/lib/x86_64-linux-gnu/libstdc++.so.6+0xd6de3)
#18 0x7f5602099608 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x9608)
#19 0x7f5601813292 in clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/r1/ros2_nav_fuzz/src/navigation2/nav2_costmap_2d/include/nav2_costmap_2d/costmap_2d.hpp:476:24 in nav2_costmap_2d::Costmap2D::MarkCell::operator()(unsigned int)
Thread T13 created by T0 here:
#0 0x59607a in pthread_create (/home/r1/ros2_nav_fuzz/build/nav2_controller/controller_server+0x59607a)
#1 0x7f5601b2f0a8 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) (/lib/x86_64-linux-gnu/libstdc++.so.6+0xd70a8)
#2 0x7f5602f54203 in nav2_costmap_2d::Costmap2DROS::on_activate(rclcpp_lifecycle::State const&) /home/r1/ros2_nav_fuzz/src/navigation2/nav2_costmap_2d/src/costmap_2d_ros.cpp:224:28
#3 0x5f30b7 in nav2_controller::ControllerServer::on_activate(rclcpp_lifecycle::State const&) /home/r1/ros2_nav_fuzz/src/navigation2/nav2_controller/src/nav2_controller.cpp:178:17
#4 0x7f5602080c27 in rclcpp_lifecycle::LifecycleNode::LifecycleNodeInterfaceImpl::execute_callback(unsigned int, rclcpp_lifecycle::State const&) (/opt/ros/foxy/lib/librclcpp_lifecycle.so+0x2bc27)
==530988==ABORTING
I'll also explore the root cause of this, just report the event first.