Bug #1871177 “Crash after opening small PNG” : Bugs : Pinta

Revision history for this message

Dan Dascalescu (ddascalescu+launchpad) wrote on 2020-04-06:

#1

logo.png Edit (17.9 KiB, image/png)

Revision history for this message

Dan Dascalescu (ddascalescu+launchpad) wrote on 2020-04-06:

#2

Sorry, submitted too quickly. I'm on Ubuntu 18.04.4. It's the same freeze I experience with Pinta 1.6 (the 2015 build).

Revision history for this message

Cameron White (cameronwhite91) wrote on 2020-04-09:

#3

Does it freeze or crash?
It loads fine for me with the latest build on Ubuntu 18.04, mono version 4.6.2

Changed in pinta:
status:	New → Incomplete

Revision history for this message

Dan Dascalescu (ddascalescu+launchpad) wrote on 2020-04-09:

#4

Screencast of Pinta crashing Edit (1.8 MiB, image/gif)

Download full text (8.5 KiB)

It crashes after I simply move the mouse around for a few seconds. I've been seeing this behavior for years, on various flavors of Ubuntu (including Google's Goobuntu in ~2018 when I worked there) Here's the core dump:

$ pinta
Gtk-Message: 05:02:05.056: Failed to load module "canberra-gtk-module"
double free or corruption (out)
Stacktrace:

  at <unknown> <0xffffffff>
  at (wrapper managed-to-native) GLib.SList.g_free (intptr) <0x0005f>
  at GLib.ListBase.Empty () <0x0013c>
  at GLib.ListBase.Dispose (bool) <0x0000f>
  at GLib.ListBase.Finalize () <0x0001d>
  at (wrapper runtime-invoke) object.runtime_invoke_virtual_void__this__ (object,intptr,intptr,intptr) <0x00068>

Native stacktrace:

/usr/bin/mono(+0xc8514) [0x557e702fb514]
/lib/x86_64-linux-gnu/libpthread.so.0(+0x12890) [0x7fa62d89d890]
/lib/x86_64-linux-gnu/libc.so.6(gsignal+0xc7) [0x7fa62d2c0e97]
/lib/x86_64-linux-gnu/libc.so.6(abort+0x141) [0x7fa62d2c2801]
/lib/x86_64-linux-gnu/libc.so.6(+0x89897) [0x7fa62d30b897]
/lib/x86_64-linux-gnu/libc.so.6(+0x9090a) [0x7fa62d31290a]
/lib/x86_64-linux-gnu/libc.so.6(cfree+0x525) [0x7fa62d319e75]
[0x41672c00]

Debug info from gdb:

[New LWP 30985]
[New LWP 30986]
[New LWP 30987]
[New LWP 30988]
[New LWP 31067]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
__lll_lock_wait_private () at ../sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:95
95 ../sysdeps/unix/sysv/linux/x86_64/lowlevellock.S: No such file or directory.
  Id Target Id Frame
* 1 Thread 0x7fa62e453780 (LWP 30984) "Main" __lll_lock_wait_private () at ../sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:95
  2 Thread 0x7fa62c3ff700 (LWP 30985) "SGen worker" 0x00007fa62d8989f3 in futex_wait_cancelable (private=<optimized out>, expected=0, futex_word=0x557e707eea08) at ../sysdeps/unix/sysv/linux/futex-internal.h:88
  3 Thread 0x7fa62a034700 (LWP 30986) "Finalizer" 0x00007fa62d89d23a in __waitpid (pid=31083, stat_loc=0x7fa62a03276c, options=0) at ../sysdeps/unix/sysv/linux/waitpid.c:30
  4 Thread 0x7fa61c780700 (LWP 30987) "gmain" 0x00007fa62d396bf9 in __GI___poll (fds=0x557e725575c0, nfds=2, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
  5 Thread 0x7fa61bf7f700 (LWP 30988) "gdbus" 0x00007fa62d396bf9 in __GI___poll (fds=0x557e72561f70, nfds=3, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
  6 Thread 0x7fa607fff700 (LWP 31067) "pool" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38

Thread 6 (Thread 0x7fa607fff700 (LWP 31067)):
#0 0x00007fa62d39d839 in syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
#1 0x00007fa622de487a in g_cond_wait_until () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#2 0x00007fa622d71571 in () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#3 0x00007fa622d71b2c in g_async_queue_timeout_pop () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#4 0x00007fa622dc6c1e in () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#5 0x00007fa622dc6175 in () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#6 0x00007fa62d8926db in start_thread (arg=0x7fa607fff700) at pthread_create.c:463
#7 0x00007fa62d3a388f in clone () at ../sysdeps/unix/...

It crashes after I simply move the mouse around for a few seconds. I've been seeing this behavior for years, on various flavors of Ubuntu (including Google's Goobuntu in ~2018 when I worked there) Here's the core dump:

$ pinta
Gtk-Message: 05:02:05.056: Failed to load module "canberra-gtk-module"
double free or corruption (out)
Stacktrace:

at <unknown> <0xffffffff>
  at (wrapper managed-to-native) GLib.SList.g_free (intptr) <0x0005f>
  at GLib.ListBase.Empty () <0x0013c>
  at GLib.ListBase.Dispose (bool) <0x0000f>
  at GLib.ListBase.Finalize () <0x0001d>
  at (wrapper runtime-invoke) object.runtime_invoke_virtual_void__this__ (object,intptr,intptr,intptr) <0x00068>

Native stacktrace:

/usr/bin/mono(+0xc8514) [0x557e702fb514]
	/lib/x86_64-linux-gnu/libpthread.so.0(+0x12890) [0x7fa62d89d890]
	/lib/x86_64-linux-gnu/libc.so.6(gsignal+0xc7) [0x7fa62d2c0e97]
	/lib/x86_64-linux-gnu/libc.so.6(abort+0x141) [0x7fa62d2c2801]
	/lib/x86_64-linux-gnu/libc.so.6(+0x89897) [0x7fa62d30b897]
	/lib/x86_64-linux-gnu/libc.so.6(+0x9090a) [0x7fa62d31290a]
	/lib/x86_64-linux-gnu/libc.so.6(cfree+0x525) [0x7fa62d319e75]
	[0x41672c00]

Debug info from gdb:

[New LWP 30985]
[New LWP 30986]
[New LWP 30987]
[New LWP 30988]
[New LWP 31067]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
__lll_lock_wait_private () at ../sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:95
95	../sysdeps/unix/sysv/linux/x86_64/lowlevellock.S: No such file or directory.
  Id   Target Id         Frame 
* 1    Thread 0x7fa62e453780 (LWP 30984) "Main" __lll_lock_wait_private () at ../sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:95
  2    Thread 0x7fa62c3ff700 (LWP 30985) "SGen worker" 0x00007fa62d8989f3 in futex_wait_cancelable (private=<optimized out>, expected=0, futex_word=0x557e707eea08) at ../sysdeps/unix/sysv/linux/futex-internal.h:88
  3    Thread 0x7fa62a034700 (LWP 30986) "Finalizer" 0x00007fa62d89d23a in __waitpid (pid=31083, stat_loc=0x7fa62a03276c, options=0) at ../sysdeps/unix/sysv/linux/waitpid.c:30
  4    Thread 0x7fa61c780700 (LWP 30987) "gmain" 0x00007fa62d396bf9 in __GI___poll (fds=0x557e725575c0, nfds=2, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
  5    Thread 0x7fa61bf7f700 (LWP 30988) "gdbus" 0x00007fa62d396bf9 in __GI___poll (fds=0x557e72561f70, nfds=3, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
  6    Thread 0x7fa607fff700 (LWP 31067) "pool" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38

Thread 6 (Thread 0x7fa607fff700 (LWP 31067)):
#0  0x00007fa62d39d839 in syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
#1  0x00007fa622de487a in g_cond_wait_until () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007fa622d71571 in  () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007fa622d71b2c in g_async_queue_timeout_pop () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#4  0x00007fa622dc6c1e in  () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#5  0x00007fa622dc6175 in  () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#6  0x00007fa62d8926db in start_thread (arg=0x7fa607fff700) at pthread_create.c:463
#7  0x00007fa62d3a388f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 5 (Thread 0x7fa61bf7f700 (LWP 30988)):
#0  0x00007fa62d396bf9 in __GI___poll (fds=0x557e72561f70, nfds=3, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007fa622d9e5c9 in  () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007fa622d9e962 in g_main_loop_run () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007fa6237ef276 in  () at /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0
#4  0x00007fa622dc6175 in  () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#5  0x00007fa62d8926db in start_thread (arg=0x7fa61bf7f700) at pthread_create.c:463
#6  0x00007fa62d3a388f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 4 (Thread 0x7fa61c780700 (LWP 30987)):
#0  0x00007fa62d396bf9 in __GI___poll (fds=0x557e725575c0, nfds=2, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007fa622d9e5c9 in  () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007fa622d9e6dc in g_main_context_iteration () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007fa622d9e721 in  () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#4  0x00007fa622dc6175 in  () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#5  0x00007fa62d8926db in start_thread (arg=0x7fa61c780700) at pthread_create.c:463
#6  0x00007fa62d3a388f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 3 (Thread 0x7fa62a034700 (LWP 30986)):
#0  0x00007fa62d89d23a in __waitpid (pid=31083, stat_loc=0x7fa62a03276c, options=0) at ../sysdeps/unix/sysv/linux/waitpid.c:30
#1  0x0000557e702fb5f0 in  ()
#2  0x00007fa62d89d890 in <signal handler called> () at /lib/x86_64-linux-gnu/libpthread.so.0
#3  0x00007fa62d2c0e97 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#4  0x00007fa62d2c2801 in __GI_abort () at abort.c:79
#5  0x00007fa62d30b897 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7fa62d438b9a "%s\n") at ../sysdeps/posix/libc_fatal.c:181
#6  0x00007fa62d31290a in malloc_printerr (str=str@entry=0x7fa62d43a870 "double free or corruption (out)") at malloc.c:5350
#7  0x00007fa62d319e75 in _int_free (have_lock=0, p=0x557e72b52f30, av=0x7fa62d66dc40 <main_arena>) at malloc.c:4278
#8  0x00007fa62d319e75 in __GI___libc_free (mem=0x557e72b52f40) at malloc.c:3124
#9  0x0000000041672c00 in  ()
#10 0x0000557e72b52f40 in  ()
#11 0x0000557e721c70d0 in  ()
#12 0x0000557e721c70d0 in  ()
#13 0x0000000000000000 in  ()

Thread 2 (Thread 0x7fa62c3ff700 (LWP 30985)):
#0  0x00007fa62d8989f3 in futex_wait_cancelable (private=<optimized out>, expected=0, futex_word=0x557e707eea08) at ../sysdeps/unix/sysv/linux/futex-internal.h:88
#1  0x00007fa62d8989f3 in __pthread_cond_wait_common (abstime=0x0, mutex=0x557e707eea20, cond=0x557e707ee9e0) at pthread_cond_wait.c:502
#2  0x00007fa62d8989f3 in __pthread_cond_wait (cond=0x557e707ee9e0, mutex=0x557e707eea20) at pthread_cond_wait.c:655
#3  0x0000557e70483863 in  ()
#4  0x00007fa62d8926db in start_thread (arg=0x7fa62c3ff700) at pthread_create.c:463
#5  0x00007fa62d3a388f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 1 (Thread 0x7fa62e453780 (LWP 30984)):
#0  0x00007fa62d3b26ac in __lll_lock_wait_private () at ../sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:95
#1  0x00007fa62d31af7e in __GI___libc_realloc (oldmem=0x557e732620a0, bytes=592) at malloc.c:3228
#2  0x00007fa622da3b70 in g_realloc () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007fa6230821db in g_object_weak_ref () at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#4  0x00007fa628c15485 in  () at /usr/lib/x86_64-linux-gnu/libgdk-x11-2.0.so.0
#5  0x00007fa628c157cc in  () at /usr/lib/x86_64-linux-gnu/libgdk-x11-2.0.so.0
#6  0x00007fa628bf672f in  () at /usr/lib/x86_64-linux-gnu/libgdk-x11-2.0.so.0
#7  0x00007fa628bf6fb0 in gdk_window_process_all_updates () at /usr/lib/x86_64-linux-gnu/libgdk-x11-2.0.so.0
#8  0x00007fa628f24061 in  () at /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0
#9  0x00007fa628bd5c1c in  () at /usr/lib/x86_64-linux-gnu/libgdk-x11-2.0.so.0
#10 0x00007fa622d9e285 in g_main_context_dispatch () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#11 0x00007fa622d9e650 in  () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#12 0x00007fa622d9e962 in g_main_loop_run () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#13 0x00007fa628f9ca37 in gtk_main () at /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0
#14 0x0000000041656bca in  ()
#15 0x00007ffd96a83ec0 in  ()
#16 0x00007ffd96a83eb0 in  ()
#17 0x0000557e721cae28 in  ()
#18 0x00007ffd96a83eb0 in  ()
#19 0x0000000041513fb0 in  ()
#20 0x0000557e721f9d70 in  ()
#21 0x00000000415145a0 in  ()
#22 0x00007ffd96a83a40 in  ()
#23 0x00007ffd96a83900 in  ()
#24 0x0000000041656b5c in  ()
#25 0x00007ffd96a83a40 in  ()
#26 0x0000000041514564 in  ()
#27 0x0000557e72294100 in  ()
#28 0x00007fa62c402468 in  ()
#29 0x00007fa62c4006c8 in  ()
#30 0x00007fa62c402468 in  ()
#31 0x00007fa62e360130 in  ()
#32 0x00007fa62c4006c8 in  ()
#33 0x00007fa62c402468 in  ()
#34 0x00007fa62e358130 in  ()
#35 0x00007fa62c4006c8 in  ()
#36 0x00007fa62c402468 in  ()
#37 0x00007fa62e350130 in  ()
#38 0x00007fa62c400400 in  ()
#39 0x00007fa62c402038 in  ()
#40 0x0000000000000000 in  ()

=================================================================
Got a SIGABRT while executing native code. This usually indicates
a fatal error in the mono runtime or one of the native libraries 
used by your application.
=================================================================

Aborted (core dumped)

Revision history for this message

Cameron White (cameronwhite91) wrote on 2020-04-09:

#5

I think this is the same as bug 1857149, which crashes somewhere in mono's garbage collection

Pinta

Crash after opening small PNG

Bug Description

Other bug subscribers

Bug attachments

Remote bug watches