#2828 Segfault in PUI Menu View-Adjust LOD

[Huntley Palmer]

2020-4 Only, confirmed not happening in 2020-3

Start fgfs, Initial state:
MP Server disconnected
F10-View-Adjust LOD Rabges Must be: Low detail, both sliders at LHS End
( If necessary adjust to above pop-down / slider settings and restart )

 Click on AI/MP Aircraft dropdown,  'Specify Ranges ' 
 Click on High Detail slider button and attempt to adjust

 Segfault: 
 Thread 1 "fgfs" received signal SIGSEGV, Segmentation fault.

0x0000000000743ed2 in fgPopup::checkHit (this=0x1bb914c0, button=0, updown=0, x=354, y=609) at /fgfs/flightgear/src/GUI/FGPUIDialog.cxx:334
(gdb) thread apply all bt full

Thread 28 (Thread 0x7fffd0bf9640 (LWP 20479) "fgfs"):

#0  0x00007ffff66899b9 in __futex_abstimed_wait_common () from /lib64/libc.so.6
No symbol table info available.
#1  0x00007ffff668c1b0 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libc.so.6
No symbol table info available.
#2  0x00007ffff7890aaf in OpenThreads::Condition::wait(OpenThreads::Mutex*) () from /usr/local/lib/libOpenThreads.so.21
No symbol table info available.
#3  0x00007ffff7b57a36 in osgDB::DatabasePager::DatabaseThread::run() () from /usr/local/lib/libosgDB.so.161
No symbol table info available.
#4  0x00007ffff7890528 in OpenThreads::ThreadPrivateActions::StartThread(void*) () from /usr/local/lib/libOpenThreads.so.21
No symbol table info available.
#5  0x00007ffff668cdcd in start_thread () from /lib64/libc.so.6
No symbol table info available.
#6  0x00007ffff6712630 in clone3 () from /lib64/libc.so.6
No symbol table info available.

Sorry about the fonts, they have a mind of their own. The full BT file is attached.
Composite Viewer is referenced although it's not specified in fgfsrc, adding --composiye-viewer=0 has no effect
Sometimes, in the debugger, the segfault doesn't happen. Doing a proper 'Esc' exit to fgfs makes the segfault happen on the next debug session

[Huntley Palmer]

Attached, a screengrab of the local variables for usr/src/debug/plib-1.8.5-30.fc36.x86_64/src/pui/puGroup.cxx puGroup::checkHit , (I used dnf debuginfo-install plib )

It looks as if parentDialog font and name are invalid: at
flightgear/src/GUI/FGPUDialog.cxx 334 is:
propCurrentDialog->setStringValue(parentDialog->getName());

[Huntley Palmer]

Also, I set a breakpoint at FGPUDialog,cxx 334 and, immediately before clicking on 'High Detail' slider ( which causes the segfault ) I started MP Server Connection. Then, on clicking the slider , there is no segfault and inspecting local variables shows the parentDialog._name is "static-lod" and _font is puFont.

[Huntley Palmer]

For the segfault to happen F10-AI-Traaffics and Scenario Settings must have 'Enable AI Traffic' unchecked, as well as MP server disconnected so it's not unreasonable that adjusting the View-LOD menu's section: 'AI/MP Settings' should have unintended consequences, it looks as if rendering/static-lod settings are done in either MP or AIBase init functions.

Would it be possible to grey-out this menu section if neither MP nor AI Traffic is enabled ? If it's worth it, of course !

[Megaf]

Can you try again with random vegetation disabled? It might be related to this issue I just posted https://sourceforge.net/p/flightgear/codetickets/2831/

[Huntley Palmer]

I've tried starting at LIPA and this segfault is not affected by Random Vegetaion Disabled. The full backtrace text, above , indicates a segfault in FGPuiDialog rather than in scenery handling, I think, Thanks !

[Megaf]

Interesting, because I have a similar segfault, when increasing LOD, but only when random vegetation is enabled.

[Huntley Palmer]

Sorry, I didn't see any reference to FGPuiDialog in your traces. That's "Autogenerated Vegetation" drop-down, correct ? ( the only 'Random' I have is Random Scenery Objects.) This is the console log I see with Autogenerated Vegetation disabled:
Error: caught signal 11: /lib64/libc.so.6 : ()+0x3ea00 fgfs() [0x743ec1] /lib64/libplibpu.so.1.8.5 : puGroup::checkHit(int, int, int, int)+0x10f /lib64/libplibpu.so.1.8.5 : puMouse(int, int, int, int)+0x98 fgfs() [0xdf5a2c] /usr/local/lib/libosgGA.so.161 : osgGA::GUIEventHandler::handle(osgGA::Event*, osg::Object*, osg::NodeVisitor*)+0x87 /usr/local/lib/libosgViewer.so.161 : osgViewer::CompositeViewer::eventTraversal()+0x19c2 /usr/local/lib/libosgViewer.so.161 : ()+0xddbff fgfs() [0xd94088] fgfs() [0xe34712] fgfs() [0x45b170] /lib64/libc.so.6 : ()+0x29510 /lib64/libc.so.6 : __libc_start_main()+0x89 fgfs() [0x45a9d5] Aborted (core dumped)

If I run GDBGui then the segfault explicitly calls out FGPuiDialog.cxx 334, where the parent dialog's name is apparently not set to anything, the pointer is invalid.

[Gijs]

I don't seem to be able to reproduce this, but I must admit that the steps are not very clear to me.

1. Start fgfs, Initial state: MP Server disconnected
2. F10-View-Adjust LOD Rabges Must be: Low detail, both sliders at LHS End ( If necessary adjust to above pop-down / slider settings and restart )
3. Click on AI/MP Aircraft dropdown, 'Specify Ranges '
4. Click on High Detail slider button and attempt to adjust

What do you mean with "restart" in step 2? Restart FlightGear?

[Huntley Palmer]

Yes, restart fgfs so as to ensure High + Low detail are at slider LHS end at startup.
I've just confirmed the segfault according to the instructions above ( /Rabges/Ranges !! )

It's a somewhat esoteric fault condition depending on mplayer and initial slider state, ticket was raised in response to a report on the forum; with all that's going on with menus, maybe 'won't fix' is the way to go. Thanks for looking at this.

[Huntley Palmer]

@Gijs: Please don't close this out yet, I'm consistently getting a segfault now, on 2020-4,
and I'm unable to change the drop-down from 'Low Detail' to 'Select Ranges'
It may be a local issue, I'm injecting real ADSB data into a local mpserver so I'll run a debug build and try to get a better idea of what's happening.

[James Turner]

@huntely: just trying here and I can't reproduce unfortunately.

[xDraconian]

James,

I'll retest this issue to see if it was resolved, but this was
reproducible a few weeks ago.  It is an edge-case, so I would not
consider it a blocker for the release.

Scott

On 12/10/24 8:35 AM, James Turner wrote:

ERROR! The markdown supplied could not be parsed correctly. Did you
forget to surround a code snippet with "~~~~"?

@huntely: just trying here and I can't reproduce unfortunately.

---

**[codetickets:#2828] Segfault in PUI Menu View-Adjust LOD **

Status: Started
Milestone: 2024.1
Labels: PUI Reproducible
Created: Wed Sep 27, 2023 11:06 AM UTC by Huntley Palmer
Last Updated: Sat Nov 23, 2024 07:02 AM UTC
Owner: xDraconian
Attachments:

• PUIBtFull.txt (sourceforge.net) (190.0 kB; text/plain)

2020-4 Only, confirmed not happening in 2020-3

Start fgfs, Initial state:
MP Server disconnected
F10-View-Adjust LOD Rabges Must be: Low detail, both sliders at LHS End
( If necessary adjust to above pop-down / slider settings and restart )

  Click on AI/MP Aircraft dropdown,  'Specify Ranges '
  Click on High Detail slider button and attempt to adjust

  Segfault:
  Thread 1 "fgfs" received signal SIGSEGV, Segmentation fault.

0x0000000000743ed2 in fgPopup::checkHit (this=0x1bb914c0, button=0, updown=0, x=354, y=609) at /fgfs/flightgear/src/GUI/FGPUIDialog.cxx:334
(gdb) thread apply all bt full

Thread 28 (Thread 0x7fffd0bf9640 (LWP 20479) "fgfs"):
~~~

0 0x00007ffff66899b9 in __futex_abstimed_wait_common () from /lib64/libc.so.6

No symbol table info available.

1 0x00007ffff668c1b0 inpthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libc.so.6

No symbol table info available.

2 0x00007ffff7890aaf in OpenThreads::Condition::wait(OpenThreads::Mutex*) () from /usr/local/lib/libOpenThreads.so.21

No symbol table info available.

3 0x00007ffff7b57a36 in osgDB::DatabasePager::DatabaseThread::run() () from /usr/local/lib/libosgDB.so.161

No symbol table info available.

4 0x00007ffff7890528 in OpenThreads::ThreadPrivateActions::StartThread(void*) () from /usr/local/lib/libOpenThreads.so.21

No symbol table info available.

5 0x00007ffff668cdcd in start_thread () from /lib64/libc.so.6

No symbol table info available.

6 0x00007ffff6712630 in clone3 () from /lib64/libc.so.6

No symbol table info available.
~~~
Sorry about the fonts, they have a mind of their own. The full BT file is attached.
Composite Viewer is referenced although it's not specified in fgfsrc, adding --composiye-viewer=0 has no effect
Sometimes, in the debugger, the segfault doesn't happen. Doing a proper 'Esc' exit to fgfs makes the segfault happen on the next debug session

---

Sent from sourceforge.net because you indicated interest inhttps://sourceforge.net/p/flightgear/codetickets/2828/

To unsubscribe from further messages, please visithttps://sourceforge.net/auth/subscriptions/

[James Turner]

On 10 Dec 2024, at 18:58, xDraconian scttgs0@users.sourceforge.net wrote:

I'll retest this issue to see if it was resolved, but this was
reproducible a few weeks ago. It is an edge-case, so I would not
consider it a blocker for the release.

I’m pretty sure it’s reproducible sometimes, so my usual approach is to ask a large number of monkeys-on-typewriters to produce the complete works of Shakespeare … and also work out which way reproduces the issue.

Kind regards,
James

[James Turner]

On 11 Dec 2024, at 09:05, James Turner jmturner@users.sourceforge.net wrote:

I’m pretty sure it’s reproducible sometimes, so my usual approach is to ask a large number of monkeys-on-typewriters to produce the complete works of Shakespeare … and also work out which way reproduces the issue.

Addendum: for both this and another PUI issue, I have realised they both occur on Linux only (maybe?) where we use the stock (distro) PLIB.

Whereas on macOS and Windows we use our self-compiled PLIB which is from plib-trunk and contains a few assorted fixes. I’ve asked on the tickets but it would be in general good for some Linux folks to see if they can repro, and if they can, switch to a self-compiled PLIB and re-test, and see if anything changes.

And of course, if anyone on macOS or Windows can reproduce the bugs, that would be …. (deep breath) ...interesting and if so please post that on the ticket.

BTW this is why all reproduction reports should include what machine you're on and how you got the software (built from source, nightly build, etc, etc) since it would ave me have to chase people to find out.

Kind regards,
James

[Huntley Palmer]

Per your post today, 10Dec, "It's still doin it " ( That would be after a full 2024.1 fetch and build with gitlab-2024-build as of yesterday )

[Huntley Palmer]

0 0x000000000076db63 in fgPopup::checkHit(int, int, int, int) ()

No symbol table info available.

1 0x00007ffff784d4c8 in puGroup::checkHit(int, int, int, int) () from /lib64/libplibpu.so.1.8.5

No symbol table info available.

2 0x00007ffff7851186 in puMouse(int, int, int, int) () from /lib64/libplibpu.so.1.8.5

No symbol table info available.

3 0x0000000000d50dbc in PUIEventHandler::handle(osgGA::GUIEventAdapter const&, osgGA::GUIActionAdapter&, osg::Object, osg::NodeVisitor) ()

No symbol table info available.

4 0x00007ffff752e037 in osgGA::GUIEventHandler::handle(osgGA::Event, osg::Object, osg::NodeVisitor*) () from /usr/local/lib/libosgGA.so.162

No symbol table info available.

5 0x00007ffff78b2f61 in osgViewer::CompositeViewer::eventTraversal() () from /usr/local/lib/libosgViewer.so.162

No symbol table info available.

6 0x00007ffff7901c6c in osgViewer::ViewerBase::frame(double) [clone .part.0] () from /usr/local/lib/libosgViewer.so.162

No symbol table info available.

7 0x0000000000cf313d in fgOSMainLoop() ()

No symbol table info available.

8 0x0000000000da1201 in fgMainInit(int, char**) ()

No symbol table info available.

9 0x000000000051e44f in main ()

No symbol table info available.

[Pat Callahan]

At first, I had to wiggle things about in the Adjust Lewvel of Detail Ranges to get it to break,
Finally I found a sequence of actions that always works.

time /home/pac1/Downloads/FlightGear-2024.1.1-rc3.AppImage --multiplay=in,108.49.142.191,5000 --airport=KBED --callsign=N1742C --timeofday=noon --httpd=5501,5502 --enable-terrasync --enable-real-weather-fetch --enable-horizon-effect --developer --log-level=debug --log-class=network --terrasync-dir=/work/suites/fg/stable/.fgfs/TerraSync

In addition to the signal 11 crash, there are several anomalies in the behaivor of the dialog.

1. I was able to see a signal 11 .
2. The message on Low Detail at one point showed above -1 pixels in size. Clicking apply at that point did not get a signal 11.
3. I was also able to completely eliminate the Low Detail Slider button. The slider showed, but there was no slider button. the widget was empty.
4. The Low detail slider can show a higher value: Low Detail above 1669 pixels , above the than the High Detail above 552 pixels in size. In this case, the slider on low detail stops at the same point as the High Detail slider, but click dragging in the low detail slider to the right of the slider button changes the values

To repeatedly reproduce "Command terminated by signal 11"

In the Adjust Level of Detail Ranges Dialog:

• Set AI/MP Aircraft to Low Detail only. - Click Apply
• Exit Flightgear
• Restart Flightgear
• Set AI/MP Aircraft to Specify Ranges
• Click anywhere in the high detail slider.
• Boom!

[Henning]

FG 2024.1 (Linux), open the dialog, select "low detail only", click slider, boom
alt.: select "specify ranges" click any slider, boom

[James Turner]

Are all the crashes on Linux? It seems to be, but would like explicit confirmation.