#2204 SIGSEGV on reset on carrier

[Stuart Buchanan]

I'm getting a SIGSEGV when doing a Reset from a carrier. I'm seeing different backtraces, but all deep in OSG, which is quite worrying.

Found while writing unit tests for the carrier.

Commandline:

Backtrace:

Thread 121 "fgfs" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffe9cff9700 (LWP 13463)]
_int_free (have_lock=0, p=0x7ffead166ff0, av=0x7fff38000020) at malloc.c:4280
4280    malloc.c: No such file or directory.
(gdb) bt
#0  0x00007ffff15aac6b in _int_free (have_lock=0, p=0x7ffead166ff0, av=0x7fff38000020) at malloc.c:4280
#1  0x00007ffff15aac6b in __GI___libc_free (mem=0x7ffead167000) at malloc.c:3124
#2  0x00007ffff598c6ba in osg::BufferObject::~BufferObject() () at /home/stuart/FlightGear/next/install/lib/libosg.so.160
#3  0x00007ffff598c729 in osg::VertexBufferObject::~VertexBufferObject() () at /home/stuart/FlightGear/next/install/lib/libosg.so.160
#4  0x00007ffff598a384 in osg::BufferData::setBufferObject(osg::BufferObject*) () at /home/stuart/FlightGear/next/install/lib/libosg.so.160
#5  0x00007ffff598a3e9 in osg::BufferData::~BufferData() () at /home/stuart/FlightGear/next/install/lib/libosg.so.160
#6  0x0000555555c11e78 in osg::Array::~Array() (this=0x7ffeade961f0, __in_chrg=<optimised out>) at /home/stuart/FlightGear/next/install/include/osg/Array:223
#7  0x0000555555c11e78 in osg::TemplateArray<osg::Vec3f, (osg::Array::Type)28, 3, 5126>::~TemplateArray() (this=0x7ffeade961f0, __in_chrg=<optimised out>)
    at /home/stuart/FlightGear/next/install/include/osg/Array:316
#8  0x0000555555c11e78 in osg::TemplateArray<osg::Vec3f, (osg::Array::Type)28, 3, 5126>::~TemplateArray() (this=0x7ffeade961f0, __in_chrg=<optimised out>)
    at /home/stuart/FlightGear/next/install/include/osg/Array:316
#9  0x00007ffff59f10df in osg::Geometry::~Geometry() () at /home/stuart/FlightGear/next/install/lib/libosg.so.160
#10 0x00007ffff59f11b9 in osg::Geometry::~Geometry() () at /home/stuart/FlightGear/next/install/lib/libosg.so.160
#11 0x00007ffff5a0f076 in osg::Group::~Group() () at /home/stuart/FlightGear/next/install/lib/libosg.so.160
#12 0x00005555567f71bd in simgear::EffectGeode::~EffectGeode() (this=0x7ffead166ab0, __in_chrg=<optimised out>) at /home/stuart/FlightGear/next/src/simgear/simgear/scene/material/EffectGeode.hxx:30
#13 0x00005555567f71bd in simgear::EffectGeode::~EffectGeode() (this=0x7ffead166ab0, __in_chrg=<optimised out>) at /home/stuart/FlightGear/next/src/simgear/simgear/scene/material/EffectGeode.hxx:30
#14 0x00007ffff5a0f076 in osg::Group::~Group() () at /home/stuart/FlightGear/next/install/lib/libosg.so.160
#15 0x00007ffff5acd38b in osg::Sequence::~Sequence() () at /home/stuart/FlightGear/next/install/lib/libosg.so.160
#16 0x00007ffff5a0f076 in osg::Group::~Group() () at /home/stuart/FlightGear/next/install/lib/libosg.so.160
#17 0x00007ffff5a0f0b9 in osg::Group::~Group() () at /home/stuart/FlightGear/next/install/lib/libosg.so.160
#18 0x00007ffff5a0f076 in osg::Group::~Group() () at /home/stuart/FlightGear/next/install/lib/libosg.so.160
#19 0x00005555569384f7 in SGOffsetTransform::~SGOffsetTransform() (this=0x7ffeacf72ee0, __in_chrg=<optimised out>) at /home/stuart/FlightGear/next/src/simgear/simgear/scene/model/SGOffsetTransform.hxx:27
#20 0x00005555569384f7 in SGOffsetTransform::~SGOffsetTransform() (this=0x7ffeacf72ee0, __in_chrg=<optimised out>) at /home/stuart/FlightGear/next/src/simgear/simgear/scene/model/SGOffsetTransform.hxx:27
#21 0x00007ffff5a0f076 in osg::Group::~Group() () at /home/stuart/FlightGear/next/install/lib/libosg.so.160
#22 0x00007ffff6e853cb in osg::LOD::~LOD() () at /home/stuart/FlightGear/next/install/lib/libosgSim.so.160
#23 0x00007ffff5a0f076 in osg::Group::~Group() () at /home/stuart/FlightGear/next/install/lib/libosg.so.160
#24 0x00007ffff5a0f0b9 in osg::Group::~Group() () at /home/stuart/FlightGear/next/install/lib/libosg.so.160
#25 0x0000555555a8547a in osg::Referenced::unref() const (this=<optimised out>) at /home/stuart/FlightGear/next/install/include/osg/Referenced:201
#26 0x00007ffff6ba7abd in osgDB::DatabasePager::DatabaseThread::run() () at /home/stuart/FlightGear/next/install/lib/libosgDB.so.160
#27 0x00007ffff5657415 in OpenThreads::ThreadPrivateActions::StartThread(void*) () at /home/stuart/FlightGear/next/install/lib/libOpenThreads.so.21
#28 0x00007ffff52066db in start_thread (arg=0x7ffe9cff9700) at pthread_create.c:463
#29 0x00007ffff163488f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

[James Turner]

When I've looked at similar reset crashes before, they have all come down to the 'delete queue' of the pager not actually being flushed, before the reset begins, unfortunately. Fixing this may need an OSG mod.

fgStartNewReset, at fg_init.cxx line 1249 does this:

// potentially others) can queue delete requests on the pager.
render->getViewer()->getDatabasePager()->cancel();
render->getViewer()->getDatabasePager()->clear();
osgDB::Registry::instance()->clearObjectCache();

The idea is that after this: there are no pager threads running, and nothing left in the delete queue. However, crashes like the one you show, imply that the cancel+clear is not really 'getting everything', unfortunately.

[Stuart Buchanan]

Note to self: Wish I'd rememberer which aircraft this was. If it was the AD-6 or the F-14b then it's JSBSim. If a4f of A6E then YASim. Next action: Re-test on both and see if there's a difference.

[James Turner]

Please re-test on next with commits 297e5095762be2fc0fe7995f7115e2e58edb09ae (SimGear) and 06e6883396fef04caf8e6c54d1874de2b5581644 (flightgear) - will hopefully make a difference : the BufferObject destruction one, should be improved.