Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

double free or corruption (fasttop) #92

Open
bricerebsamen opened this issue Apr 2, 2015 · 17 comments
Open

double free or corruption (fasttop) #92

bricerebsamen opened this issue Apr 2, 2015 · 17 comments
Labels
ready

Comments

@bricerebsamen
Copy link
Contributor

I migrated some of my code to tf2 and it crashes from time to time. I am running the latest version from source. Here is the backtrace:

#0  0x00007ffff4852cc9 in __GI_raise (sig=sig@entry=6)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1  0x00007ffff48560d8 in __GI_abort () at abort.c:89
#2  0x00007ffff488f394 in __libc_message (do_abort=do_abort@entry=1, 
    fmt=fmt@entry=0x7ffff499db28 "*** Error in `%s': %s: 0x%s ***\n")
    at ../sysdeps/posix/libc_fatal.c:175
#3  0x00007ffff489b66e in malloc_printerr (ptr=<optimized out>, 
    str=0x7ffff499dcf0 "double free or corruption (fasttop)", action=1)
    at malloc.c:4996
#4  _int_free (av=<optimized out>, p=<optimized out>, have_lock=0)
    at malloc.c:3840
#5  0x00007ffff6ed0146 in __gnu_cxx::new_allocator<std::pair<ros::Time, unsigned int> >::deallocate(std::pair<ros::Time, unsigned int>*, unsigned long) ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2.so
#6  0x00007ffff6eccd40 in std::_Vector_base<std::pair<ros::Time, unsigned int>, std::allocator<std::pair<ros::Time, unsigned int> > >::_M_deallocate(std::pair<ros::Time, unsigned int>*, unsigned long) ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2.so
#7  0x00007ffff6ecaa72 in std::vector<std::pair<ros::Time, unsigned int>, std::allocator<std::pair<ros::Time, unsigned int> > >::_M_insert_aux(__gnu_cxx::__normal_iterator<std::pair<ros::Time, unsigned int>*, std::vector<std::pair<ros::Time, unsigned int>, std::allocator<std::pair<ros::Time, unsigned int> > > >, std::pair<ros::Time, unsigned int> const&) ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2.so
#8  0x00007ffff6ec7d12 in std::vector<std::pair<ros::Time, unsigned int>, std::allocator<std::pair<ros::Time, unsigned int> > >::push_back(std::pair<ros::Time, unsigned int> const&) ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2.so
#9  0x00007ffff6ebd21b in tf2::BufferCore::getLatestCommonTime(unsigned int, unsigned int, ros::Time&, std::string*) const ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2.so
#10 0x00007ffff6ebf046 in tf2::BufferCore::testTransformableRequests() ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2.so
#11 0x00007ffff6ebb907 in tf2::BufferCore::setTransform(geometry_msgs::TransformStamped_<std::allocator<void> > const&, std::string const&, bool) ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2.so
#12 0x00007ffff7201251 in tf2_ros::TransformListener::subscription_callback_impl(ros::MessageEvent<tf2_msgs::TFMessage_<std::allocator<void> > const> const&, bool) () from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so
#13 0x00007ffff7201042 in tf2_ros::TransformListener::subscription_callback(ros::MessageEvent<tf2_msgs::TFMessage_<std::allocator<void> > const> const&) ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so
#14 0x00007ffff72098ae in boost::_mfi::mf1<void, tf2_ros::TransformListener, ros::MessageEvent<tf2_msgs::TFMessage_<std::allocator<void> > const> const&>::operator()(tf2_ros::TransformListener*, ros::MessageEvent<tf2_msgs::TFMessage_<std::allocator<void> > const> const&) const ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so
#15 0x00007ffff7208d65 in void boost::_bi::list2<boost::_bi::value<tf2_ros::TransformListener*>, boost::arg<1> >::operator()<boost::_mfi::mf1<void, tf2_ros::TransformListener, ros::MessageEvent<tf2_msgs::TFMessage_<std::allocator<void> > const> const&>, boost::_bi::list1<boost::shared_ptr<tf2_msgs::TFMessage_<std::allocator<void> > const> const&> >(boost::_bi::type<void>, boost::_mfi::mf1<void, tf2_ros::TransformListener, ros::MessageEvent<tf2_msgs::TFMessage_<std::allocator<void> > const> const&>&, boost::_bi::list1<boost::shared_ptr<tf2_msgs::TFMessage_<std::allocator<void> > const> const&>&, int) ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so
#16 0x00007ffff7208214 in void boost::_bi::bind_t<void, boost::_mfi::mf1<void, tf2_ros::TransformListener, ros::MessageEvent<tf2_msgs::TFMessage_<std::allocator<void> > const> const&>, boost::_bi::list2<boost::_bi::value<tf2_ros::TransformListener*>, boost::arg<1> > >::operator()<boost::shared_ptr<tf2_msgs::TFMessage_<std::allocator<void> > const> >(boost::shared_ptr<tf2_msgs::TFMessage_<std::allocator<void> > const> const&) ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so
#17 0x00007ffff7207595 in boost::detail::function::void_function_obj_invoker1<boost::_bi::bind_t<void, boost::_mfi::mf1<void, tf2_ros::TransformListener, ros::MessageEvent<tf2_msgs::TFMessage_<std::allocator<void> > const> const&>, boost::_bi::list2<boost::_bi::value<tf2_ros::TransformListener*>, boost::arg<1> > >, void, boost::shared_ptr<tf2_msgs::TFMessage_<std::allocator<void> > const> const&>::invoke(boost::detail::function::function_buffer&, boost::shared_ptr<tf2_msgs::TFMessage_<std::allocator<void> > const> const&) ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so
#18 0x00007ffff7209afd in boost::function1<void, boost::shared_ptr<tf2_msgs::TFMessage_<std::allocator<void> > const> const&>::operator()(boost::shared_ptr<tf2_msgs::TFMessage_<std::allocator<void> > const> const&) const ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so
#19 0x00007ffff7208f48 in boost::detail::function::void_function_obj_invoker1<boost::function<void (boost::shared_ptr<tf2_msgs::TFMessage_<std::allocator<void> > const> const&)>, void, boost::shared_ptr<tf2_msgs::TFMessage_<std::allocator<void> > const> >::invoke(boost::detail::function::function_buffer&, boost::shared_ptr<tf2_msgs::TFMessage_<std::allocator<void> > const>) ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so
#20 0x00007ffff720b95a in boost::function1<void, boost::shared_ptr<tf2_msgs::TFMessage_<std::allocator<void> > const> >::operator()(boost::shared_ptr<tf2_msgs::TFMessage_<std::allocator<void> > const>) const ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so
#21 0x00007ffff720b156 in ros::SubscriptionCallbackHelperT<boost::shared_ptr<tf2_msgs::TFMessage_<std::allocator<void> > const> const&, void>::call(ros::SubscriptionCallbackHelperCallParams&) ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so
#22 0x00007ffff6194695 in ros::SubscriptionQueue::call() ()
   from /opt/ros/indigo/lib/libroscpp.so
#23 0x00007ffff61524f7 in ros::CallbackQueue::callOneCB(ros::CallbackQueue::TLS*) () from /opt/ros/indigo/lib/libroscpp.so
#24 0x00007ffff6153303 in ros::CallbackQueue::callAvailable(ros::WallDuration)
    () from /opt/ros/indigo/lib/libroscpp.so
#25 0x00007ffff720289b in tf2_ros::TransformListener::dedicatedListenerThread()
    () from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so
#26 0x00007ffff720bec9 in boost::_mfi::mf0<void, tf2_ros::TransformListener>::operator()(tf2_ros::TransformListener*) const ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so
#27 0x00007ffff720bc46 in void boost::_bi::list1<boost::_bi::value<tf2_ros::TransformListener*> >::operator()<boost::_mfi::mf0<void, tf2_ros::TransformListener>, boost::_bi::list0>(boost::_bi::type<void>, boost::_mfi::mf0<void, tf2_ros::TransformListener>&, boost::_bi::list0&, int) ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so
#28 0x00007ffff720b4c7 in boost::_bi::bind_t<void, boost::_mfi::mf0<void, tf2_ros::TransformListener>, boost::_bi::list1<boost::_bi::value<tf2_ros::TransformListener*> > >::operator()() ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so
#29 0x00007ffff720adcc in boost::detail::thread_data<boost::_bi::bind_t<void, boost::_mfi::mf0<void, tf2_ros::TransformListener>, boost::_bi::list1<boost::_bi::value<tf2_ros::TransformListener*> > > >::run() ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so
#30 0x00007ffff562aa4a in ?? ()
   from /usr/lib/x86_64-linux-gnu/libboost_thread.so.1.54.0
#31 0x00007ffff5409182 in start_thread (arg=0x7fffd9c0a700)
    at pthread_create.c:312
#32 0x00007ffff491647d in clone ()
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
@bricerebsamen bricerebsamen changed the title crash double free or corruption (fasttop) Apr 2, 2015
@bricerebsamen
Copy link
Contributor Author

Both this issue and #91 happen in the same program. The program creates a few message callbacks (single threaded), a thread to do the heavy computation, and a transform listener. As a result the program contains 3 threads. Also one of the message callbacks broadcasts transforms. I have a bunch of mutexes to protect my data, but I am assuming that the tf buffer is thread safe.

@tfoote
Copy link
Member

tfoote commented Apr 2, 2015

Can you provide any more info on what to do to reproduce this? It looks like it's crashing inside a push_back on a std::vector, which makes corruption much more likely.

@bricerebsamen
Copy link
Contributor Author

@tfoote it seems that we both posted at the same time. I am not sure you saw the description about what my program. And I just updated it. This is a very high level description and probably not enough information. I am not sure what else to say though.

When you say it makes corruption more likely what do you mean exactly? A stray pointer in my code that corrupts the tf buffer?

@tfoote tfoote added the ready label Apr 2, 2015
@tfoote tfoote self-assigned this Apr 2, 2015
@tfoote tfoote added in progress and removed ready labels Apr 2, 2015
@tfoote
Copy link
Member

tfoote commented Apr 2, 2015

Yeah, I didn't see your comment. The tf buffer is supposed to be thread safe. I was mostly referring to it not being a double free.

There are two possibilities, one is that the vector operations are not all properly protected with a mutex and two things are adding/removing iterating at the same time, or yeah it could be a complete smash where a pointer is walking into the wrong area.

I'll dig in and find all the instances of operating on that vector and audit them for being properly protected.

@bricerebsamen
Copy link
Contributor Author

I got another crash:

Program received signal SIGSEGV, Segmentation Fault.
[Switching to Thread 0x7fffd9c09700 (LWP 26597)]
0x00007ffff562a66c in boost::detail::find_tss_data(void const*) ()
from /usr/lib/x86_64-linux-gnu/libboost_thread.so.1.54.0

Here is the backtrace for that thread:

#0  0x00007ffff562a66c in boost::detail::find_tss_data(void const*) ()
   from /usr/lib/x86_64-linux-gnu/libboost_thread.so.1.54.0
#1  0x00007ffff562a6a9 in boost::detail::get_tss_data(void const*) ()
   from /usr/lib/x86_64-linux-gnu/libboost_thread.so.1.54.0
#2  0x00007ffff61516ba in ros::CallbackQueue::setupTLS() ()
   from /opt/ros/indigo/lib/libroscpp.so
#3  0x00007ffff61530c0 in ros::CallbackQueue::callAvailable(ros::WallDuration)
    () from /opt/ros/indigo/lib/libroscpp.so
#4  0x00007ffff720289b in tf2_ros::TransformListener::dedicatedListenerThread()
    () from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so
#5  0x00007ffff720bec9 in boost::_mfi::mf0<void, tf2_ros::TransformListener>::operator()(tf2_ros::TransformListener*) const ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so
#6  0x00007ffff720bc46 in void boost::_bi::list1<boost::_bi::value<tf2_ros::TransformListener*> >::operator()<boost::_mfi::mf0<void, tf2_ros::TransformListener>, boost::_bi::list0>(boost::_bi::type<void>, boost::_mfi::mf0<void, tf2_ros::TransformListener>&, boost::_bi::list0&, int) ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so
#7  0x00007ffff720b4c7 in boost::_bi::bind_t<void, boost::_mfi::mf0<void, tf2_ros::TransformListener>, boost::_bi::list1<boost::_bi::value<tf2_ros::TransformListener*> > >::operator()() ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so
#8  0x00007ffff720adcc in boost::detail::thread_data<boost::_bi::bind_t<void, boost::_mfi::mf0<void, tf2_ros::TransformListener>, boost::_bi::list1<boost::_bi::value<tf2_ros::TransformListener*> > > >::run() ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so
#9  0x00007ffff562aa4a in ?? ()
   from /usr/lib/x86_64-linux-gnu/libboost_thread.so.1.54.0
#10 0x00007ffff5409182 in start_thread (arg=0x7fffd9c09700)
    at pthread_create.c:312
#11 0x00007ffff491647d in clone ()
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

And for each thread:

Thread 15 (Thread 0x7fffbbfff700 (LWP 26669)):
#0  0x00007ffff6c45c98 in ?? () from /usr/lib/x86_64-linux-gnu/libgomp.so.1
#1  0x00007ffff6c44356 in ?? () from /usr/lib/x86_64-linux-gnu/libgomp.so.1
#2  0x00007ffff5409182 in start_thread (arg=0x7fffbbfff700)
    at pthread_create.c:312
#3  0x00007ffff491647d in clone ()
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 14 (Thread 0x7fffc0e89700 (LWP 26668)):
#0  0x00000000004260b0 in construct (this=0x7fffc0e88b00, 
    __val=@0x7fffc0e88adc: 12, __p=0x7fff980f9000)
    at /usr/include/c++/4.8/ext/new_allocator.h:130
#1  construct<float> (__a=..., __arg=@0x7fffc0e88adc: 12, __p=0x7fff980f9000)
    at /usr/include/c++/4.8/ext/alloc_traits.h:216
#2  push_back (__x=@0x7fffc0e88adc: 12, this=0x7fffc0e88b00)
    at /usr/include/c++/4.8/bits/stl_vector.h:905
#3  VelodyneLocalizer::alignStrength (this=0x7ffffffef7f0, dx=4, dy=8)
    at /home/brice/code/workspaces/merged/src/driving/packages/velodyne_localizer/src/velodyne_localizer.cpp:346
#4  0x000000000042649b in VelodyneLocalizer::computeBestOffset() [clone ._omp_fn.0] ()
    at /home/brice/code/workspaces/merged/src/driving/packages/velodyne_localizer/src/velodyne_localizer.cpp:397
#5  0x00007ffff6c4434a in ?? () from /usr/lib/x86_64-linux-gnu/libgomp.so.1
#6  0x00007ffff5409182 in start_thread (arg=0x7fffc0e89700)
    at pthread_create.c:312
#7  0x00007ffff491647d in clone ()
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 13 (Thread 0x7fffc168a700 (LWP 26667)):
#0  0x0000000000425fe7 in VelodyneLocalizer::alignStrength (
    this=0x7ffffffef7f0, dx=-4, dy=6)
    at /home/brice/code/workspaces/merged/src/driving/packages/velodyne_localizer/src/velodyne_localizer.cpp:340
#1  0x000000000042649b in VelodyneLocalizer::computeBestOffset() [clone ._omp_fn.0] ()
    at /home/brice/code/workspaces/merged/src/driving/packages/velodyne_localizer/src/velodyne_localizer.cpp:397
#2  0x00007ffff6c4434a in ?? () from /usr/lib/x86_64-linux-gnu/libgomp.so.1
#3  0x00007ffff5409182 in start_thread (arg=0x7fffc168a700)
    at pthread_create.c:312
#4  0x00007ffff491647d in clone ()
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 12 (Thread 0x7fffc1e8b700 (LWP 26666)):
#0  0x0000000000425fc6 in access<boost::detail::multi_array::const_sub_array<IntensityDataCell, 1ul, IntensityDataCell const*>, IntensityDataCell const*> (
    this=<optimized out>, index_bases=0x7fffffff0648, strides=0x7fffffff0638, 
    extents=0x7fffffff0628, base=0x7fffd8e50010, idx=99)
    at /usr/include/boost/multi_array/base.hpp:139
#1  operator[] (idx=99, this=0x7fffffff0608)
    at /usr/include/boost/multi_array/multi_array_ref.hpp:590
#2  VelodyneLocalizer::alignStrength (this=0x7ffffffef7f0, dx=-4, dy=0)
    at /home/brice/code/workspaces/merged/src/driving/packages/velodyne_localizer/src/velodyne_localizer.cpp:339
#3  0x000000000042649b in VelodyneLocalizer::computeBestOffset() [clone ._omp_fn.0] ()
    at /home/brice/code/workspaces/merged/src/driving/packages/velodyne_localizer/src/velodyne_localizer.cpp:397
#4  0x00007ffff6c4434a in ?? () from /usr/lib/x86_64-linux-gnu/libgomp.so.1
#5  0x00007ffff5409182 in start_thread (arg=0x7fffc1e8b700)
    at pthread_create.c:312
#6  0x00007ffff491647d in clone ()
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 11 (Thread 0x7fffc268c700 (LWP 26665)):
#0  VelodyneLocalizer::alignStrength (this=0x7ffffffef7f0, dx=-12, dy=-2)
    at /home/brice/code/workspaces/merged/src/driving/packages/velodyne_localizer/src/velodyne_localizer.cpp:358
#1  0x000000000042649b in VelodyneLocalizer::computeBestOffset() [clone ._omp_fn.0] ()
    at /home/brice/code/workspaces/merged/src/driving/packages/velodyne_localizer/src/velodyne_localizer.cpp:397
#2  0x00007ffff6c4434a in ?? () from /usr/lib/x86_64-linux-gnu/libgomp.so.1
#3  0x00007ffff5409182 in start_thread (arg=0x7fffc268c700)
    at pthread_create.c:312
#4  0x00007ffff491647d in clone ()
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 10 (Thread 0x7fffc2e8d700 (LWP 26664)):
#0  VelodyneLocalizer::alignStrength (this=0x7ffffffef7f0, dx=6, dy=-6)
    at /home/brice/code/workspaces/merged/src/driving/packages/velodyne_localizer/src/velodyne_localizer.cpp:359
#1  0x000000000042649b in VelodyneLocalizer::computeBestOffset() [clone ._omp_fn.0] ()
    at /home/brice/code/workspaces/merged/src/driving/packages/velodyne_localizer/src/velodyne_localizer.cpp:397
#2  0x00007ffff6c4434a in ?? () from /usr/lib/x86_64-linux-gnu/libgomp.so.1
#3  0x00007ffff5409182 in start_thread (arg=0x7fffc2e8d700)
    at pthread_create.c:312
#4  0x00007ffff491647d in clone ()
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 9 (Thread 0x7fffc368e700 (LWP 26663)):
#0  0x00007ffff6c45ca9 in ?? () from /usr/lib/x86_64-linux-gnu/libgomp.so.1
#1  0x00007ffff6c44356 in ?? () from /usr/lib/x86_64-linux-gnu/libgomp.so.1
#2  0x00007ffff5409182 in start_thread (arg=0x7fffc368e700)
    at pthread_create.c:312
#3  0x00007ffff491647d in clone ()
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 8 (Thread 0x7fffc3fff700 (LWP 26623)):
#0  0x00007ffff6c45cbc in ?? () from /usr/lib/x86_64-linux-gnu/libgomp.so.1
#1  0x00007ffff6c44caf in ?? () from /usr/lib/x86_64-linux-gnu/libgomp.so.1
#2  0x0000000000426680 in VelodyneLocalizer::computeBestOffset (
    this=this@entry=0x7ffffffef7f0)
    at /home/brice/code/workspaces/merged/src/driving/packages/velodyne_localizer/src/velodyne_localizer.cpp:391
#3  0x0000000000428cb3 in VelodyneLocalizer::localize (this=0x7ffffffef7f0)
    at /home/brice/code/workspaces/merged/src/driving/packages/velodyne_localizer/src/velodyne_localizer.cpp:548
#4  0x00007ffff562aa4a in ?? ()
   from /usr/lib/x86_64-linux-gnu/libboost_thread.so.1.54.0
#5  0x00007ffff5409182 in start_thread (arg=0x7fffc3fff700)
    at pthread_create.c:312
#6  0x00007ffff491647d in clone ()
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 7 (Thread 0x7fffd9c09700 (LWP 26597)):
#0  0x00007ffff562a66c in boost::detail::find_tss_data(void const*) ()
   from /usr/lib/x86_64-linux-gnu/libboost_thread.so.1.54.0
#1  0x00007ffff562a6a9 in boost::detail::get_tss_data(void const*) ()
   from /usr/lib/x86_64-linux-gnu/libboost_thread.so.1.54.0
#2  0x00007ffff61516ba in ros::CallbackQueue::setupTLS() ()
   from /opt/ros/indigo/lib/libroscpp.so
#3  0x00007ffff61530c0 in ros::CallbackQueue::callAvailable(ros::WallDuration)
    () from /opt/ros/indigo/lib/libroscpp.so
#4  0x00007ffff720289b in tf2_ros::TransformListener::dedicatedListenerThread()
    () from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so
#5  0x00007ffff720bec9 in boost::_mfi::mf0<void, tf2_ros::TransformListener>::operator()(tf2_ros::TransformListener*) const ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so
#6  0x00007ffff720bc46 in void boost::_bi::list1<boost::_bi::value<tf2_ros::TransformListener*> >::operator()<boost::_mfi::mf0<void, tf2_ros::TransformListener>, boost::_bi::list0>(boost::_bi::type<void>, boost::_mfi::mf0<void, tf2_ros::TransformListener>&, boost::_bi::list0&, int) ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so
#7  0x00007ffff720b4c7 in boost::_bi::bind_t<void, boost::_mfi::mf0<void, tf2_ros::TransformListener>, boost::_bi::list1<boost::_bi::value<tf2_ros::TransformListener*> > >::operator()() ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so
#8  0x00007ffff720adcc in boost::detail::thread_data<boost::_bi::bind_t<void, boost::_mfi::mf0<void, tf2_ros::TransformListener>, boost::_bi::list1<boost::_bi::value<tf2_ros::TransformListener*> > > >::run() ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so
#9  0x00007ffff562aa4a in ?? ()
   from /usr/lib/x86_64-linux-gnu/libboost_thread.so.1.54.0
#10 0x00007ffff5409182 in start_thread (arg=0x7fffd9c09700)
    at pthread_create.c:312
#11 0x00007ffff491647d in clone ()
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 6 (Thread 0x7fffda40a700 (LWP 26584)):
#0  pthread_cond_timedwait@@GLIBC_2.3.2 ()
    at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:238
#1  0x00007ffff6155145 in bool boost::condition_variable::timed_wait<boost::date_time::subsecond_duration<boost::posix_time::time_duration, 1000000l> >(boost::unique_lock<boost::mutex>&, boost::date_time::subsecond_duration<boost::posix_time::time_duration, 1000000l> const&) () from /opt/ros/indigo/lib/libroscpp.so
#2  0x00007ffff615343d in ros::CallbackQueue::callAvailable(ros::WallDuration)
    () from /opt/ros/indigo/lib/libroscpp.so
#3  0x00007ffff617f5c4 in ros::internalCallbackQueueThreadFunc() ()
   from /opt/ros/indigo/lib/libroscpp.so
#4  0x00007ffff562aa4a in ?? ()
   from /usr/lib/x86_64-linux-gnu/libboost_thread.so.1.54.0
#5  0x00007ffff5409182 in start_thread (arg=0x7fffda40a700)
    at pthread_create.c:312
#6  0x00007ffff491647d in clone ()
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 5 (Thread 0x7fffdac0b700 (LWP 26572)):
#0  pthread_cond_wait@@GLIBC_2.3.2 ()
    at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
#1  0x00007ffff617cecb in ros::ROSOutAppender::logThread() ()
   from /opt/ros/indigo/lib/libroscpp.so
#2  0x00007ffff562aa4a in ?? ()
   from /usr/lib/x86_64-linux-gnu/libboost_thread.so.1.54.0
#3  0x00007ffff5409182 in start_thread (arg=0x7fffdac0b700)
    at pthread_create.c:312
#4  0x00007ffff491647d in clone ()
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 4 (Thread 0x7fffdb40c700 (LWP 26571)):
#0  0x00007ffff490dda3 in select () at ../sysdeps/unix/syscall-template.S:81
#1  0x00007ffff24f2498 in XmlRpc::XmlRpcDispatch::work(double) ()
   from /opt/ros/indigo/lib/libxmlrpcpp.so
#2  0x00007ffff612b07a in ros::XMLRPCManager::serverThreadFunc() ()
   from /opt/ros/indigo/lib/libroscpp.so
#3  0x00007ffff562aa4a in ?? ()
   from /usr/lib/x86_64-linux-gnu/libboost_thread.so.1.54.0
#4  0x00007ffff5409182 in start_thread (arg=0x7fffdb40c700)
    at pthread_create.c:312
#5  0x00007ffff491647d in clone ()
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 3 (Thread 0x7fffdbc0d700 (LWP 26570)):
#0  0x00007ffff490912d in poll () at ../sysdeps/unix/syscall-template.S:81
#1  0x00007ffff6134746 in ros::poll_sockets(pollfd*, unsigned long, int) ()
   from /opt/ros/indigo/lib/libroscpp.so
#2  0x00007ffff619ca97 in ros::PollSet::update(int) ()
   from /opt/ros/indigo/lib/libroscpp.so
#3  0x00007ffff6141905 in ros::PollManager::threadFunc() ()
   from /opt/ros/indigo/lib/libroscpp.so
#4  0x00007ffff562aa4a in ?? ()
   from /usr/lib/x86_64-linux-gnu/libboost_thread.so.1.54.0
#5  0x00007ffff5409182 in start_thread (arg=0x7fffdbc0d700)
    at pthread_create.c:312
#6  0x00007ffff491647d in clone ()
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 2 (Thread 0x7fffdc8e3700 (LWP 26568)):
#0  0x00007ffff490912d in poll () at ../sysdeps/unix/syscall-template.S:81
#1  0x00007fffe6032248 in ?? () from /lib/x86_64-linux-gnu/libusb-1.0.so.0
#2  0x00007ffff5409182 in start_thread (arg=0x7fffdc8e3700)
    at pthread_create.c:312
#3  0x00007ffff491647d in clone ()
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 1 (Thread 0x7ffff7f84a80 (LWP 26563)):
#0  0x00007ffff6eda30f in void std::_Construct<std::pair<ros::Time, unsigned int>, std::pair<ros::Time, unsigned int> >(std::pair<ros::Time, unsigned int>*, std::pair<ros::Time, unsigned int> const&) ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2.so
#1  0x00007ffff6ed8526 in std::pair<ros::Time, unsigned int>* std::__uninitialized_copy<false>::__uninit_copy<std::pair<ros::Time, unsigned int>*, std::pair<ros::Time, unsigned int>*>(std::pair<ros::Time, unsigned int>*, std::pair<ros::Time, unsigned int>*, std::pair<ros::Time, unsigned int>*) ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2.so
#2  0x00007ffff6ed5a41 in std::pair<ros::Time, unsigned int>* std::uninitialized_copy<std::pair<ros::Time, unsigned int>*, std::pair<ros::Time, unsigned int>*>(std::pair<ros::Time, unsigned int>*, std::pair<ros::Time, unsigned int>*, std::pair<ros::Time, unsigned int>*) ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2.so
#3  0x00007ffff6ed1aba in std::pair<ros::Time, unsigned int>* std::__uninitialized_copy_a<std::pair<ros::Time, unsigned int>*, std::pair<ros::Time, unsigned int>*, std::pair<ros::Time, unsigned int> >(std::pair<ros::Time, unsigned int>*, std::pair<ros::Time, unsigned int>*, std::pair<ros::Time, unsigned int>*, std::allocator<std::pair<ros::Time, unsigned int> >&) ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2.so
#4  0x00007ffff6ece12a in std::pair<ros::Time, unsigned int>* std::__uninitialized_move_if_noexcept_a<std::pair<ros::Time, unsigned int>*, std::pair<ros::Time, unsigned int>*, std::allocator<std::pair<ros::Time, unsigned int> > >(std::pair<ros::Time, unsigned int>*, std::pair<ros::Time, unsigned int>*, std::pair<ros::Time, unsigned int>*, std::allocator<std::pair<ros::Time, unsigned int> >&) ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2.so
#5  0x00007ffff6eca9ff in std::vector<std::pair<ros::Time, unsigned int>, std::allocator<std::pair<ros::Time, unsigned int> > >::_M_insert_aux(__gnu_cxx::__normal_iterator<std::pair<ros::Time, unsigned int>*, std::vector<std::pair<ros::Time, unsigned int>, std::allocator<std::pair<ros::Time, unsigned int> > > >, std::pair<ros::Time, unsigned int> const&) ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2.so
#6  0x00007ffff6ec7d12 in std::vector<std::pair<ros::Time, unsigned int>, std::allocator<std::pair<ros::Time, unsigned int> > >::push_back(std::pair<ros::Time, unsigned int> const&) ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2.so
#7  0x00007ffff6ebd21b in tf2::BufferCore::getLatestCommonTime(unsigned int, unsigned int, ros::Time&, std::string*) const ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2.so
#8  0x00007ffff6ebe876 in tf2::BufferCore::addTransformableRequest(unsigned int, std::string const&, std::string const&, ros::Time) ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2.so
#9  0x0000000000441a69 in tf2_ros::MessageFilter<pcl::PointCloud<stdr_velodyne::PointType> >::add (this=0x7fffffff00e0, evt=...)
    at /home/brice/code/workspaces/merged/src/driving/external/geometry_experimental/tf2_ros/include/tf2_ros/message_filter.h:326
#10 0x0000000000437f0d in operator() (a0=..., this=0x6d1d58)
    at /usr/include/boost/function/function_template.hpp:767
#11 message_filters::CallbackHelper1T<ros::MessageEvent<pcl::PointCloud<stdr_velodyne::PointType> const> const&, pcl::PointCloud<stdr_velodyne::PointType> >::call (this=0x6d1d50, event=..., nonconst_force_copy=<optimized out>)
    at /opt/ros/indigo/include/message_filters/signal1.h:76
#12 0x0000000000437a3f in message_filters::Signal1<pcl::PointCloud<stdr_velodyne::PointType> >::call (this=<optimized out>, event=...)
    at /opt/ros/indigo/include/message_filters/signal1.h:119
#13 0x0000000000435ea6 in operator() (a0=..., this=0x6d2c98)
    at /usr/include/boost/function/function_template.hpp:767
#14 ros::SubscriptionCallbackHelperT<ros::MessageEvent<pcl::PointCloud<stdr_velodyne::PointType> const> const&, void>::call (this=0x6d2c90, params=...)
    at /opt/ros/indigo/include/ros/subscription_callback_helper.h:144
#15 0x00007ffff6194695 in ros::SubscriptionQueue::call() ()
   from /opt/ros/indigo/lib/libroscpp.so
#16 0x00007ffff61524f7 in ros::CallbackQueue::callOneCB(ros::CallbackQueue::TLS*) () from /opt/ros/indigo/lib/libroscpp.so
#17 0x00007ffff6153303 in ros::CallbackQueue::callAvailable(ros::WallDuration)
    () from /opt/ros/indigo/lib/libroscpp.so
#18 0x00007ffff61971b5 in ros::SingleThreadedSpinner::spin(ros::CallbackQueue*)
    () from /opt/ros/indigo/lib/libroscpp.so
#19 0x00007ffff617f7bb in ros::spin() () from /opt/ros/indigo/lib/libroscpp.so
#20 0x0000000000423a6c in main (argc=1, argv=0x7fffffffd838)
    at /home/brice/code/workspaces/merged/src/driving/packages/velodyne_localizer/src/velodyne_localizer.cpp:750

@bricerebsamen
Copy link
Contributor Author

and for the original double free problem:

#0  0x00007ffff4852cc9 in __GI_raise (sig=sig@entry=6)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1  0x00007ffff48560d8 in __GI_abort () at abort.c:89
#2  0x00007ffff488f394 in __libc_message (do_abort=do_abort@entry=1, 
    fmt=fmt@entry=0x7ffff499db28 "*** Error in `%s': %s: 0x%s ***\n")
    at ../sysdeps/posix/libc_fatal.c:175
#3  0x00007ffff489b66e in malloc_printerr (ptr=<optimized out>, 
    str=0x7ffff499dcf0 "double free or corruption (fasttop)", action=1)
    at malloc.c:4996
#4  _int_free (av=<optimized out>, p=<optimized out>, have_lock=0)
    at malloc.c:3840
#5  0x00007ffff6ed0146 in __gnu_cxx::new_allocator<std::pair<ros::Time, unsigned int> >::deallocate(std::pair<ros::Time, unsigned int>*, unsigned long) ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2.so
#6  0x00007ffff6eccd40 in std::_Vector_base<std::pair<ros::Time, unsigned int>, std::allocator<std::pair<ros::Time, unsigned int> > >::_M_deallocate(std::pair<ros::Time, unsigned int>*, unsigned long) ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2.so
#7  0x00007ffff6ecaa72 in std::vector<std::pair<ros::Time, unsigned int>, std::allocator<std::pair<ros::Time, unsigned int> > >::_M_insert_aux(__gnu_cxx::__normal_iterator<std::pair<ros::Time, unsigned int>*, std::vector<std::pair<ros::Time, unsigned int>, std::allocator<std::pair<ros::Time, unsigned int> > > >, std::pair<ros::Time, unsigned int> const&) ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2.so
#8  0x00007ffff6ec7d12 in std::vector<std::pair<ros::Time, unsigned int>, std::allocator<std::pair<ros::Time, unsigned int> > >::push_back(std::pair<ros::Time, unsigned int> const&) ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2.so
#9  0x00007ffff6ebd21b in tf2::BufferCore::getLatestCommonTime(unsigned int, unsigned int, ros::Time&, std::string*) const ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2.so
#10 0x00007ffff6ebf046 in tf2::BufferCore::testTransformableRequests() ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2.so
#11 0x00007ffff6ebb907 in tf2::BufferCore::setTransform(geometry_msgs::TransformStamped_<std::allocator<void> > const&, std::string const&, bool) ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2.so
#12 0x00007ffff7201251 in tf2_ros::TransformListener::subscription_callback_impl(ros::MessageEvent<tf2_msgs::TFMessage_<std::allocator<void> > const> const&, bool) () from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so
#13 0x00007ffff7201042 in tf2_ros::TransformListener::subscription_callback(ros::MessageEvent<tf2_msgs::TFMessage_<std::allocator<void> > const> const&) ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so
#14 0x00007ffff72098ae in boost::_mfi::mf1<void, tf2_ros::TransformListener, ros::MessageEvent<tf2_msgs::TFMessage_<std::allocator<void> > const> const&>::operator()(tf2_ros::TransformListener*, ros::MessageEvent<tf2_msgs::TFMessage_<std::allocator<void> > const> const&) const ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so
#15 0x00007ffff7208d65 in void boost::_bi::list2<boost::_bi::value<tf2_ros::TransformListener*>, boost::arg<1> >::operator()<boost::_mfi::mf1<void, tf2_ros::TransformListener, ros::MessageEvent<tf2_msgs::TFMessage_<std::allocator<void> > const> const&>, boost::_bi::list1<boost::shared_ptr<tf2_msgs::TFMessage_<std::allocator<void> > const> const&> >(boost::_bi::type<void>, boost::_mfi::mf1<void, tf2_ros::TransformListener, ros::MessageEvent<tf2_msgs::TFMessage_<std::allocator<void> > const> const&>&, boost::_bi::list1<boost::shared_ptr<tf2_msgs::TFMessage_<std::allocator<void> > const> const&>&, int) ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so
#16 0x00007ffff7208214 in void boost::_bi::bind_t<void, boost::_mfi::mf1<void, tf2_ros::TransformListener, ros::MessageEvent<tf2_msgs::TFMessage_<std::allocator<void> > const> const&>, boost::_bi::list2<boost::_bi::value<tf2_ros::TransformListener*>, boost::arg<1> > >::operator()<boost::shared_ptr<tf2_msgs::TFMessage_<std::allocator<void> > const> >(boost::shared_ptr<tf2_msgs::TFMessage_<std::allocator<void> > const> const&) ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so
#17 0x00007ffff7207595 in boost::detail::function::void_function_obj_invoker1<boost::_bi::bind_t<void, boost::_mfi::mf1<void, tf2_ros::TransformListener, ros::MessageEvent<tf2_msgs::TFMessage_<std::allocator<void> > const> const&>, boost::_bi::list2<boost::_bi::value<tf2_ros::TransformListener*>, boost::arg<1> > >, void, boost::shared_ptr<tf2_msgs::TFMessage_<std::allocator<void> > const> const&>::invoke(boost::detail::function::function_buffer&, boost::shared_ptr<tf2_msgs::TFMessage_<std::allocator<void> > const> const&) ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so
#18 0x00007ffff7209afd in boost::function1<void, boost::shared_ptr<tf2_msgs::TFMessage_<std::allocator<void> > const> const&>::operator()(boost::shared_ptr<tf2_msgs::TFMessage_<std::allocator<void> > const> const&) const ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so
#19 0x00007ffff7208f48 in boost::detail::function::void_function_obj_invoker1<boost::function<void (boost::shared_ptr<tf2_msgs::TFMessage_<std::allocator<void> > const> const&)>, void, boost::shared_ptr<tf2_msgs::TFMessage_<std::allocator<void> > const> >::invoke(boost::detail::function::function_buffer&, boost::shared_ptr<tf2_msgs::TFMessage_<std::allocator<void> > const>) ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so
#20 0x00007ffff720b95a in boost::function1<void, boost::shared_ptr<tf2_msgs::TFMessage_<std::allocator<void> > const> >::operator()(boost::shared_ptr<tf2_msgs::TFMessage_<std::allocator<void> > const>) const ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so
#21 0x00007ffff720b156 in ros::SubscriptionCallbackHelperT<boost::shared_ptr<tf2_msgs::TFMessage_<std::allocator<void> > const> const&, void>::call(ros::SubscriptionCallbackHelperCallParams&) ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so
#22 0x00007ffff6194695 in ros::SubscriptionQueue::call() ()
   from /opt/ros/indigo/lib/libroscpp.so
#23 0x00007ffff61524f7 in ros::CallbackQueue::callOneCB(ros::CallbackQueue::TLS*) () from /opt/ros/indigo/lib/libroscpp.so
#24 0x00007ffff6153303 in ros::CallbackQueue::callAvailable(ros::WallDuration)
    () from /opt/ros/indigo/lib/libroscpp.so
#25 0x00007ffff720289b in tf2_ros::TransformListener::dedicatedListenerThread()
    () from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so
#26 0x00007ffff720bec9 in boost::_mfi::mf0<void, tf2_ros::TransformListener>::operator()(tf2_ros::TransformListener*) const ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so
#27 0x00007ffff720bc46 in void boost::_bi::list1<boost::_bi::value<tf2_ros::TransformListener*> >::operator()<boost::_mfi::mf0<void, tf2_ros::TransformListener>, boost::_bi::list0>(boost::_bi::type<void>, boost::_mfi::mf0<void, tf2_ros::TransformListener>&, boost::_bi::list0&, int) ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so
#28 0x00007ffff720b4c7 in boost::_bi::bind_t<void, boost::_mfi::mf0<void, tf2_ros::TransformListener>, boost::_bi::list1<boost::_bi::value<tf2_ros::TransformListener*> > >::operator()() ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so
#29 0x00007ffff720adcc in boost::detail::thread_data<boost::_bi::bind_t<void, boost::_mfi::mf0<void, tf2_ros::TransformListener>, boost::_bi::list1<boost::_bi::value<tf2_ros::TransformListener*> > > >::run() ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so
#30 0x00007ffff562aa4a in ?? ()
   from /usr/lib/x86_64-linux-gnu/libboost_thread.so.1.54.0
#31 0x00007ffff5409182 in start_thread (arg=0x7fffd9c09700)
    at pthread_create.c:312
#32 0x00007ffff491647d in clone ()
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 8 (Thread 0x7fffc3fff700 (LWP 690)):
#0  0x00007ffff5410b9d in nanosleep () at ../sysdeps/unix/syscall-template.S:81
#1  0x00007ffff5a4e408 in ros::ros_wallsleep(unsigned int, unsigned int) ()
   from /opt/ros/indigo/lib/librostime.so
#2  0x00007ffff5a4f923 in ros::Duration::sleep() const ()
   from /opt/ros/indigo/lib/librostime.so
#3  0x00007ffff5a4e0b8 in ros::Rate::sleep() ()
   from /opt/ros/indigo/lib/librostime.so
#4  0x0000000000428ba5 in VelodyneLocalizer::localize (this=0x7ffffffef7f0)
    at /home/brice/code/workspaces/merged/src/driving/packages/velodyne_localizer/src/velodyne_localizer.cpp:528
#5  0x00007ffff562aa4a in ?? ()
   from /usr/lib/x86_64-linux-gnu/libboost_thread.so.1.54.0
#6  0x00007ffff5409182 in start_thread (arg=0x7fffc3fff700)
    at pthread_create.c:312
#7  0x00007ffff491647d in clone ()
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 7 (Thread 0x7fffd9c09700 (LWP 670)):
#0  0x00007ffff4852cc9 in __GI_raise (sig=sig@entry=6)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1  0x00007ffff48560d8 in __GI_abort () at abort.c:89
#2  0x00007ffff488f394 in __libc_message (do_abort=do_abort@entry=1, 
    fmt=fmt@entry=0x7ffff499db28 "*** Error in `%s': %s: 0x%s ***\n")
    at ../sysdeps/posix/libc_fatal.c:175
#3  0x00007ffff489b66e in malloc_printerr (ptr=<optimized out>, 
    str=0x7ffff499dcf0 "double free or corruption (fasttop)", action=1)
    at malloc.c:4996
#4  _int_free (av=<optimized out>, p=<optimized out>, have_lock=0)
    at malloc.c:3840
#5  0x00007ffff6ed0146 in __gnu_cxx::new_allocator<std::pair<ros::Time, unsigned int> >::deallocate(std::pair<ros::Time, unsigned int>*, unsigned long) ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2.so
#6  0x00007ffff6eccd40 in std::_Vector_base<std::pair<ros::Time, unsigned int>, std::allocator<std::pair<ros::Time, unsigned int> > >::_M_deallocate(std::pair<ros::Time, unsigned int>*, unsigned long) ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2.so
#7  0x00007ffff6ecaa72 in std::vector<std::pair<ros::Time, unsigned int>, std::allocator<std::pair<ros::Time, unsigned int> > >::_M_insert_aux(__gnu_cxx::__normal_iterator<std::pair<ros::Time, unsigned int>*, std::vector<std::pair<ros::Time, unsigned int>, std::allocator<std::pair<ros::Time, unsigned int> > > >, std::pair<ros::Time, unsigned int> const&) ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2.so
#8  0x00007ffff6ec7d12 in std::vector<std::pair<ros::Time, unsigned int>, std::allocator<std::pair<ros::Time, unsigned int> > >::push_back(std::pair<ros::Time, unsigned int> const&) ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2.so
#9  0x00007ffff6ebd21b in tf2::BufferCore::getLatestCommonTime(unsigned int, unsigned int, ros::Time&, std::string*) const ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2.so
#10 0x00007ffff6ebf046 in tf2::BufferCore::testTransformableRequests() ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2.so
#11 0x00007ffff6ebb907 in tf2::BufferCore::setTransform(geometry_msgs::TransformStamped_<std::allocator<void> > const&, std::string const&, bool) ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2.so
#12 0x00007ffff7201251 in tf2_ros::TransformListener::subscription_callback_impl(ros::MessageEvent<tf2_msgs::TFMessage_<std::allocator<void> > const> const&, bool) () from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so
#13 0x00007ffff7201042 in tf2_ros::TransformListener::subscription_callback(ros::MessageEvent<tf2_msgs::TFMessage_<std::allocator<void> > const> const&) ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so
#14 0x00007ffff72098ae in boost::_mfi::mf1<void, tf2_ros::TransformListener, ros::MessageEvent<tf2_msgs::TFMessage_<std::allocator<void> > const> const&>::operator()(tf2_ros::TransformListener*, ros::MessageEvent<tf2_msgs::TFMessage_<std::allocator<void> > const> const&) const ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so
#15 0x00007ffff7208d65 in void boost::_bi::list2<boost::_bi::value<tf2_ros::TransformListener*>, boost::arg<1> >::operator()<boost::_mfi::mf1<void, tf2_ros::TransformListener, ros::MessageEvent<tf2_msgs::TFMessage_<std::allocator<void> > const> const&>, boost::_bi::list1<boost::shared_ptr<tf2_msgs::TFMessage_<std::allocator<void> > const> const&> >(boost::_bi::type<void>, boost::_mfi::mf1<void, tf2_ros::TransformListener, ros::MessageEvent<tf2_msgs::TFMessage_<std::allocator<void> > const> const&>&, boost::_bi::list1<boost::shared_ptr<tf2_msgs::TFMessage_<std::allocator<void> > const> const&>&, int) ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so
#16 0x00007ffff7208214 in void boost::_bi::bind_t<void, boost::_mfi::mf1<void, tf2_ros::TransformListener, ros::MessageEvent<tf2_msgs::TFMessage_<std::allocator<void> > const> const&>, boost::_bi::list2<boost::_bi::value<tf2_ros::TransformListener*>, boost::arg<1> > >::operator()<boost::shared_ptr<tf2_msgs::TFMessage_<std::allocator<void> > const> >(boost::shared_ptr<tf2_msgs::TFMessage_<std::allocator<void> > const> const&) ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so
#17 0x00007ffff7207595 in boost::detail::function::void_function_obj_invoker1<boost::_bi::bind_t<void, boost::_mfi::mf1<void, tf2_ros::TransformListener, ros::MessageEvent<tf2_msgs::TFMessage_<std::allocator<void> > const> const&>, boost::_bi::list2<boost::_bi::value<tf2_ros::TransformListener*>, boost::arg<1> > >, void, boost::shared_ptr<tf2_msgs::TFMessage_<std::allocator<void> > const> const&>::invoke(boost::detail::function::function_buffer&, boost::shared_ptr<tf2_msgs::TFMessage_<std::allocator<void> > const> const&) ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so
#18 0x00007ffff7209afd in boost::function1<void, boost::shared_ptr<tf2_msgs::TFMessage_<std::allocator<void> > const> const&>::operator()(boost::shared_ptr<tf2_msgs::TFMessage_<std::allocator<void> > const> const&) const ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so
#19 0x00007ffff7208f48 in boost::detail::function::void_function_obj_invoker1<boost::function<void (boost::shared_ptr<tf2_msgs::TFMessage_<std::allocator<void> > const> const&)>, void, boost::shared_ptr<tf2_msgs::TFMessage_<std::allocator<void> > const> >::invoke(boost::detail::function::function_buffer&, boost::shared_ptr<tf2_msgs::TFMessage_<std::allocator<void> > const>) ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so
#20 0x00007ffff720b95a in boost::function1<void, boost::shared_ptr<tf2_msgs::TFMessage_<std::allocator<void> > const> >::operator()(boost::shared_ptr<tf2_msgs::TFMessage_<std::allocator<void> > const>) const ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so
#21 0x00007ffff720b156 in ros::SubscriptionCallbackHelperT<boost::shared_ptr<tf2_msgs::TFMessage_<std::allocator<void> > const> const&, void>::call(ros::SubscriptionCallbackHelperCallParams&) ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so
#22 0x00007ffff6194695 in ros::SubscriptionQueue::call() ()
   from /opt/ros/indigo/lib/libroscpp.so
#23 0x00007ffff61524f7 in ros::CallbackQueue::callOneCB(ros::CallbackQueue::TLS*) () from /opt/ros/indigo/lib/libroscpp.so
#24 0x00007ffff6153303 in ros::CallbackQueue::callAvailable(ros::WallDuration)
    () from /opt/ros/indigo/lib/libroscpp.so
#25 0x00007ffff720289b in tf2_ros::TransformListener::dedicatedListenerThread()
    () from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so
#26 0x00007ffff720bec9 in boost::_mfi::mf0<void, tf2_ros::TransformListener>::operator()(tf2_ros::TransformListener*) const ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so
#27 0x00007ffff720bc46 in void boost::_bi::list1<boost::_bi::value<tf2_ros::TransformListener*> >::operator()<boost::_mfi::mf0<void, tf2_ros::TransformListener>, boost::_bi::list0>(boost::_bi::type<void>, boost::_mfi::mf0<void, tf2_ros::TransformListener>&, boost::_bi::list0&, int) ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so
#28 0x00007ffff720b4c7 in boost::_bi::bind_t<void, boost::_mfi::mf0<void, tf2_ros::TransformListener>, boost::_bi::list1<boost::_bi::value<tf2_ros::TransformListener*> > >::operator()() ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so
#29 0x00007ffff720adcc in boost::detail::thread_data<boost::_bi::bind_t<void, boost::_mfi::mf0<void, tf2_ros::TransformListener>, boost::_bi::list1<boost::_bi::value<tf2_ros::TransformListener*> > > >::run() ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so
#30 0x00007ffff562aa4a in ?? ()
   from /usr/lib/x86_64-linux-gnu/libboost_thread.so.1.54.0
#31 0x00007ffff5409182 in start_thread (arg=0x7fffd9c09700)
    at pthread_create.c:312
#32 0x00007ffff491647d in clone ()
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 6 (Thread 0x7fffda40a700 (LWP 657)):
#0  pthread_cond_timedwait@@GLIBC_2.3.2 ()
    at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:238
#1  0x00007ffff6155145 in bool boost::condition_variable::timed_wait<boost::date_time::subsecond_duration<boost::posix_time::time_duration, 1000000l> >(boost::unique_lock<boost::mutex>&, boost::date_time::subsecond_duration<boost::posix_time::time_duration, 1000000l> const&) () from /opt/ros/indigo/lib/libroscpp.so
#2  0x00007ffff615343d in ros::CallbackQueue::callAvailable(ros::WallDuration)
    () from /opt/ros/indigo/lib/libroscpp.so
#3  0x00007ffff617f5c4 in ros::internalCallbackQueueThreadFunc() ()
   from /opt/ros/indigo/lib/libroscpp.so
#4  0x00007ffff562aa4a in ?? ()
   from /usr/lib/x86_64-linux-gnu/libboost_thread.so.1.54.0
#5  0x00007ffff5409182 in start_thread (arg=0x7fffda40a700)
    at pthread_create.c:312
#6  0x00007ffff491647d in clone ()
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 5 (Thread 0x7fffdac0b700 (LWP 645)):
#0  pthread_cond_wait@@GLIBC_2.3.2 ()
    at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
#1  0x00007ffff617cecb in ros::ROSOutAppender::logThread() ()
   from /opt/ros/indigo/lib/libroscpp.so
#2  0x00007ffff562aa4a in ?? ()
   from /usr/lib/x86_64-linux-gnu/libboost_thread.so.1.54.0
#3  0x00007ffff5409182 in start_thread (arg=0x7fffdac0b700)
    at pthread_create.c:312
#4  0x00007ffff491647d in clone ()
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 4 (Thread 0x7fffdb40c700 (LWP 644)):
#0  0x00007ffff490dda3 in select () at ../sysdeps/unix/syscall-template.S:81
#1  0x00007ffff24f2498 in XmlRpc::XmlRpcDispatch::work(double) ()
   from /opt/ros/indigo/lib/libxmlrpcpp.so
#2  0x00007ffff612b07a in ros::XMLRPCManager::serverThreadFunc() ()
   from /opt/ros/indigo/lib/libroscpp.so
#3  0x00007ffff562aa4a in ?? ()
   from /usr/lib/x86_64-linux-gnu/libboost_thread.so.1.54.0
#4  0x00007ffff5409182 in start_thread (arg=0x7fffdb40c700)
    at pthread_create.c:312
#5  0x00007ffff491647d in clone ()
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 3 (Thread 0x7fffdbc0d700 (LWP 642)):
#0  0x00007ffff490912d in poll () at ../sysdeps/unix/syscall-template.S:81
#1  0x00007ffff6134746 in ros::poll_sockets(pollfd*, unsigned long, int) ()
   from /opt/ros/indigo/lib/libroscpp.so
#2  0x00007ffff619ca97 in ros::PollSet::update(int) ()
   from /opt/ros/indigo/lib/libroscpp.so
#3  0x00007ffff6141905 in ros::PollManager::threadFunc() ()
   from /opt/ros/indigo/lib/libroscpp.so
#4  0x00007ffff562aa4a in ?? ()
   from /usr/lib/x86_64-linux-gnu/libboost_thread.so.1.54.0
#5  0x00007ffff5409182 in start_thread (arg=0x7fffdbc0d700)
    at pthread_create.c:312
#6  0x00007ffff491647d in clone ()
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 2 (Thread 0x7fffdc8e3700 (LWP 639)):
#0  0x00007ffff490912d in poll () at ../sysdeps/unix/syscall-template.S:81
#1  0x00007fffe6032248 in ?? () from /lib/x86_64-linux-gnu/libusb-1.0.so.0
#2  0x00007ffff5409182 in start_thread (arg=0x7fffdc8e3700)
    at pthread_create.c:312
#3  0x00007ffff491647d in clone ()
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 1 (Thread 0x7ffff7f84a80 (LWP 566)):
#0  __lll_lock_wait ()
    at ../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:135
#1  0x00007ffff540b657 in _L_lock_909 ()
   from /lib/x86_64-linux-gnu/libpthread.so.0
#2  0x00007ffff540b480 in __GI___pthread_mutex_lock (mutex=0x7ffffffefbc8)
    at ../nptl/pthread_mutex_lock.c:79
#3  0x00000000004311d8 in pthread_mutex_lock (m=0x7ffffffefbc8)
    at /usr/include/boost/thread/pthread/mutex.hpp:61
#4  boost::mutex::lock (this=0x7ffffffefbc8)
    at /usr/include/boost/thread/pthread/mutex.hpp:113
#5  0x000000000043124b in boost::unique_lock<boost::mutex>::lock (
    this=0x7ffffffeed70) at /usr/include/boost/thread/lock_types.hpp:346
#6  0x00007ffff7211e11 in boost::unique_lock<boost::mutex>::unique_lock(boost::mutex&) () from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so
#7  0x00007ffff6ebe9d3 in tf2::BufferCore::addTransformableRequest(unsigned int, std::string const&, std::string const&, ros::Time) ()
   from /home/brice/code/workspaces/merged/devel/lib/libtf2.so
#8  0x0000000000441a69 in tf2_ros::MessageFilter<pcl::PointCloud<stdr_velodyne::PointType> >::add (this=0x7fffffff00e0, evt=...)
    at /home/brice/code/workspaces/merged/src/driving/external/geometry_experimental/tf2_ros/include/tf2_ros/message_filter.h:326
#9  0x0000000000437f0d in operator() (a0=..., this=0x6d1d58)
    at /usr/include/boost/function/function_template.hpp:767
#10 message_filters::CallbackHelper1T<ros::MessageEvent<pcl::PointCloud<stdr_velodyne::PointType> const> const&, pcl::PointCloud<stdr_velodyne::PointType> >::call (this=0x6d1d50, event=..., nonconst_force_copy=<optimized out>)
    at /opt/ros/indigo/include/message_filters/signal1.h:76
#11 0x0000000000437a3f in message_filters::Signal1<pcl::PointCloud<stdr_velodyne::PointType> >::call (this=<optimized out>, event=...)
    at /opt/ros/indigo/include/message_filters/signal1.h:119
#12 0x0000000000435ea6 in operator() (a0=..., this=0x6d2c98)
    at /usr/include/boost/function/function_template.hpp:767
#13 ros::SubscriptionCallbackHelperT<ros::MessageEvent<pcl::PointCloud<stdr_velodyne::PointType> const> const&, void>::call (this=0x6d2c90, params=...)
    at /opt/ros/indigo/include/ros/subscription_callback_helper.h:144
#14 0x00007ffff6194695 in ros::SubscriptionQueue::call() ()
   from /opt/ros/indigo/lib/libroscpp.so
#15 0x00007ffff61524f7 in ros::CallbackQueue::callOneCB(ros::CallbackQueue::TLS*) () from /opt/ros/indigo/lib/libroscpp.so
#16 0x00007ffff6153303 in ros::CallbackQueue::callAvailable(ros::WallDuration)
    () from /opt/ros/indigo/lib/libroscpp.so
#17 0x00007ffff61971b5 in ros::SingleThreadedSpinner::spin(ros::CallbackQueue*)
    () from /opt/ros/indigo/lib/libroscpp.so
#18 0x00007ffff617f7bb in ros::spin() () from /opt/ros/indigo/lib/libroscpp.so
#19 0x0000000000423a6c in main (argc=1, argv=0x7fffffffd838)
    at /home/brice/code/workspaces/merged/src/driving/packages/velodyne_localizer/src/velodyne_localizer.cpp:750

@tfoote tfoote added ready and removed in progress labels Apr 3, 2015
@tfoote tfoote mentioned this issue Apr 3, 2015
Closed
@jhpanetta
Copy link

I found a possible "off the end of a vector" issue: In tf2, BufferCore::getFrame reads:

tf2::TimeCacheInterfacePtr BufferCore::getFrame(CompactFrameID frame_id) const
{
  if (frame_id == 0 || frame_id > frames_.size()) /// @todo check larger values too
    return TimeCacheInterfacePtr();
  else
  {
    return frames_[frame_id];
  }
}

Since frames_ is an std::vector, this has the possibility of referencing beyond the end. I'd say that the > should be >=.

@bricerebsamen
Copy link
Contributor Author

similarly here https://github.com/ros/geometry_experimental/blob/indigo-devel/tf2_ros/include/tf2_ros/message_filter.h#L367 shouldn't it be message_count_ + 1 >= queue_size_? Although this one will not lead to a segfault, it may result in an actual queue size on element larger than the requested queue size. It does not matter much for large queue sizes but would matter a great deal if you want the last message only (queue size of 1): in that case you'd get the one before latest message.

tfoote added a commit that referenced this issue Apr 16, 2015
@tfoote
Clean up range checking. Re: #92
729a653 
All values are valid in the vector. Return the empty object if it is out of range.
The zero value is initialized to an empty pointer. No need to allocate a new one.
And the value is unsigned so only values too high are invalid.
@tfoote
Copy link
Member

tfoote commented Apr 16, 2015

I've patched the getFrame indexing range check in 729a653 The message_filter.h queue size is correct as is. Adding one to the queue size has to overflow the queue to warrent poping values. As an example if the queue is empty and the queue is size 1. If it evaluates equal it will try to pop off from an empty queue which will not work. It could be message_count_ >= queue_size_ without the +1

tfoote added a commit that referenced this issue Apr 17, 2015
@tfoote
move lct_cache into function local memory, the first thing it does is…
fc80e5b 
… clear the vector so it's not saving allocations. And that vector was not lock protected, for #92
@tfoote tfoote added in progress and removed ready labels Apr 17, 2015
@tfoote
Copy link
Member

tfoote commented Apr 17, 2015

I've moved the vector from a member variable onto the stack. That member was not previously threadsafe. Please try thread fix#92 with commit fc80e5b

@tfoote
Copy link
Member

tfoote commented Apr 17, 2015

@bricerebsamen sorry forgot to ping you for the above

@tfoote tfoote mentioned this issue Apr 17, 2015
Merged
@bricerebsamen
Copy link
Contributor Author

I tested that patch without #101. It resulted in instant crash:
https://gist.github.com/bricerebsamen/7e1cb4bdbeaf0e376cb8

@tfoote
Copy link
Member

tfoote commented Apr 21, 2015

Shoot, I missed this comment when I merged #100.

@tfoote
Copy link
Member

tfoote commented Apr 21, 2015

Looking at that backtrace, we're in setTransform and the only lock in there is the frames_mutex_ (https://github.com/ros/geometry_experimental/blob/729a6531929203720f4a518ac9e79321fe3c5537/tf2/src/buffer_core.cpp#L248) which is a member of the class so should definitely not be null.

#0  __GI___pthread_mutex_lock (mutex=0x0) at ../nptl/pthread_mutex_lock.c:66
#1  0x0000000000431ee8 in pthread_mutex_lock (m=<optimized out>) at /usr/include/boost/thread/pthread/mutex.hpp:61
#2  lock (this=<optimized out>) at /usr/include/boost/thread/pthread/mutex.hpp:113
#3  boost::unique_lock<boost::mutex>::lock (this=0x7fffd9cfb140) at /usr/include/boost/thread/lock_types.hpp:346
#4  0x00007ffff6ddae11 in boost::unique_lock<boost::mutex>::unique_lock(boost::mutex&) () from /home/brice/code/workspaces/merged/devel/lib/libtf2_ros.so

To me this looks like it's getting clobbered. I think that the reason for the change due to #100 is that it's changing the memory layout of the class.

@wjwwood
Copy link
Member

wjwwood commented Apr 22, 2015

I had a look at it and I tend to agree with @tfoote that the tracebacks don't seem to be related to #100. Further more that #100 would not cause any memory corruption issues. The only thing that could tie #100 to the tracebacks here, imo, is if #100 some how exposed an existing bug in an unrelated part of the code. That being said, I think it is extremely unlikely that this is the case.

@tfoote tfoote added ready and removed in review labels Apr 22, 2015
@vrabaud
Copy link
Member

vrabaud commented Aug 12, 2015

@bricerebsamen , does that still happen with master ?

@bricerebsamen
Copy link
Contributor Author

I don't have the means to test that anymore, sorry
On Aug 12, 2015 3:29 PM, "Vincent Rabaud" notifications@github.com wrote:

@bricerebsamen https://github.com/bricerebsamen , does that still
happen with master ?


Reply to this email directly or view it on GitHub
#92 (comment)
.

@tfoote tfoote removed their assignment Aug 22, 2018
trainman419 referenced this issue in trainman419/geometry2 Jan 15, 2019
@tfoote
Merge pull request ros#100 from ros/fix#92
5ad7341 
move lct_cache into function local memory
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
ready
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@wjwwood @tfoote @vrabaud @bricerebsamen @jhpanetta