[lighttable] Double free when culling

[cryptomilk]

Describe the bug

=================================================================
==24787==ERROR: AddressSanitizer: attempting double-free on 0x6020004005b0 in thread T0:
    #0 0x7f740f87af77 in __interceptor_free (/usr/lib64/libasan.so.6+0xadf77)
    #1 0x7f740f401f8b in on_destroy /home/abuild/rpmbuild/BUILD/darktable-3.3.0~git437.0f5ed7019/src/lua/widget/widget.c:63
    #2 0x7f740dabdfc1 in g_closure_invoke (/usr/lib64/libgobject-2.0.so.0+0x13fc1)
    #3 0x7f740dad0692  (/usr/lib64/libgobject-2.0.so.0+0x26692)
    #4 0x7f740dad6d38 in g_signal_emit_valist (/usr/lib64/libgobject-2.0.so.0+0x2cd38)
    #5 0x7f740dad6e9e in g_signal_emit (/usr/lib64/libgobject-2.0.so.0+0x2ce9e)
    #6 0x7f740e34973f  (/usr/lib64/libgtk-3.so.0+0x3a773f)
    #7 0x7f740dac45ed in g_object_run_dispose (/usr/lib64/libgobject-2.0.so.0+0x1a5ed)
    #8 0x7f740f4023a8 in on_destroy_wrapper /home/abuild/rpmbuild/BUILD/darktable-3.3.0~git437.0f5ed7019/src/lua/widget/widget.c:68
    #9 0x7f740e797056  (/usr/lib64/libglib-2.0.so.0+0x50056)
    #10 0x7f740e79b2b6 in g_main_context_dispatch (/usr/lib64/libglib-2.0.so.0+0x542b6)
    #11 0x7f740e79b637  (/usr/lib64/libglib-2.0.so.0+0x54637)
    #12 0x7f740e79b92a in g_main_loop_run (/usr/lib64/libglib-2.0.so.0+0x5492a)
    #13 0x7f740e1f15fc in gtk_main (/usr/lib64/libgtk-3.so.0+0x24f5fc)
    #14 0x7f740f321be9 in dt_gui_gtk_run /home/abuild/rpmbuild/BUILD/darktable-3.3.0~git437.0f5ed7019/src/gui/gtk.c:1548
    #15 0x55739d9bd0fb in main /home/abuild/rpmbuild/BUILD/darktable-3.3.0~git437.0f5ed7019/src/main.c:93
    #16 0x7f740ec4bcc9 in __libc_start_main (/lib64/libc.so.6+0x26cc9)
    #17 0x55739d9bd149 in _start (/usr/bin/darktable+0x1149)

0x6020004005b0 is located 0 bytes inside of 4-byte region [0x6020004005b0,0x6020004005b4)
freed by thread T0 here:
    #0 0x7f740f87af77 in __interceptor_free (/usr/lib64/libasan.so.6+0xadf77)
    #1 0x7f740e7a1428 in g_free (/usr/lib64/libglib-2.0.so.0+0x5a428)

previously allocated by thread T0 here:
    #0 0x7f740f87b5f8 in __interceptor_realloc (/usr/lib64/libasan.so.6+0xae5f8)
    #1 0x7f740e7a13e7 in g_realloc (/usr/lib64/libglib-2.0.so.0+0x5a3e7)

SUMMARY: AddressSanitizer: double-free (/usr/lib64/libasan.so.6+0xadf77) in __interceptor_free
==24787==ABORTING

To Reproduce

1. Install darktable-asan or build it with AddressSanitizer
2. Cycle trough image or use the culling mode

Platform (please complete the following information):
darktable-asan-3.3.0~git437.0f5ed7019-3947.1.x86_64 -> commit 0f5ed70

[cryptomilk]

@elstoc

[johnny-bit]

more likelly @AlicVB ;)

[elstoc]

Yeah not me!

[TurboGit]

There is Lua in the backtrace, have you tried without any Lua script installed and Lua support disabled (removing luarc).?

[cryptomilk]

It doesn't seem to happen if I remove my luarc which only loads:

require 'contrib/enfuseAdvanced'

[TurboGit]

So at least it give us a hint where to look for this issue...

[codingdave]

Cannot reproduce. Anyone else successful in reproducing the issue?

[wpferguson]

How do you build with address sanitizer?

[johnny-bit]

if you use build.sh to build darktable, just add --asan to build.sh options. for example my "asan" command looks like:

./build.sh --enable-opencl --disable-game --asan --install --build-type RelWithDebInfo --prefix ~/darktable_repos/dbuild/;

and it's fine.

[wpferguson]

Well, that was too easy. I was looking everywhere for a define or feature enable. Thanks

[cryptomilk]

darktable-asan packages of master are available for different distros here:

http://download.opensuse.org/repositories/home:/darix:/darktable:/master/

I just install the package for quick debugging.

[wpferguson]

I just tried with latest git and could not reproduce the error with the lua backtrace. I tried with script_manager enabled, then enabled enfuseAdvanced, then tried with a luarc file that only had enfuseAdvanced. Tried with scrolling through lighttable in file manager and culling modes.

However, I get this error when I exit darktable

=================================================================
==16810==AddressSanitizer CHECK failed: ../../../../src/libsanitizer/asan/asan_thread.cc:318 "((ptr[0] == kCurrentStackFrameMagic)) != (0)" (0x0, 0x0)
#0 0x7fca62ab1bf2 (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xe9bf2)
#1 0x7fca62ad0575 in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x108575)
#2 0x7fca62ab6af2 (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xeeaf2)
#3 0x7fca629f5cf7 (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x2dcf7)
#4 0x7fca629f6b9d (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x2eb9d)
#5 0x7fca629f8d7f (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x30d7f)
#6 0x7fca62ab1324 (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xe9324)
#7 0x7fca62a26d3b (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x5ed3b)
#8 0x7fca62056a29 in dt_mipmap_cache_deallocate_dynamic /home/bill/src/wpferguson/darktable/src/common/mipmap_cache.c:467
#9 0x7fca61efea8a in dt_cache_cleanup /home/bill/src/wpferguson/darktable/src/common/cache.c:62
#10 0x7fca6205a2d7 in dt_mipmap_cache_cleanup /home/bill/src/wpferguson/darktable/src/common/mipmap_cache.c:611
#11 0x7fca61f5f664 in dt_cleanup /home/bill/src/wpferguson/darktable/src/common/darktable.c:1163
#12 0x7fca622ade9b in dt_gui_gtk_run /home/bill/src/wpferguson/darktable/src/gui/gtk.c:1550
#13 0x560110ef78fb in main /home/bill/src/wpferguson/darktable/src/main.c:93
#14 0x7fca619bcb96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
#15 0x560110ef7949 in _start (/opt/dttest/bin/darktable+0x949)

[jbinpg]

I have been having double free crashes with darktable (see issue #6031). I closed this issue because I thought it was machine-specific. However, darktable ran fine if I changed .config/darktable luarc to luarc.bak. Now with version git-511 with luarc untouched and enabled, darktable runs as well as it ever has. Not sure what the fix was but it seems to point to some lua interaction that has been overcome. Happy camper now!

[cryptomilk]

Yep, seems to gone. Closing