Crash in paint parallel code
@aryeom encountered this issue on recent code. Don't bother the commit hash in the backtrace, it's not relevant to public code because there are a few custom commits above (nothing changing the relevant part of the code here), but it's basically few days old code (more accurately we are at commit 016948c4).
The crash happened while she was inking (Ink tool), though looking at the trace, I think it could happen with any paint tool.
It seems it crashes in a thread when freeing a GimpTempBuf
. Yet I can't figure out what's wrong. We use a proper atomic decrement so I don't think we can be freeing it twice. Could there be a bug in GEGL align memory code? I don't see this either.
Unfortunately it's very hard to reproduce (I haven't been able to, myself) to try and put some more traces or run a debugger.
@ell I wish you were still around. If so, would you mind having a look.
@ok Maybe you have an idea too?
GNU Image Manipulation Program version 2.99.7
git-describe: GIMP_2_99_6-165-g4e5f4a68c0
Build: unknown rev 0 for linux
# C compiler #
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/libexec/gcc/x86_64-redhat-linux/10/lto-wrapper
OFFLOAD_TARGET_NAMES=nvptx-none
OFFLOAD_TARGET_DEFAULT=1
Target: x86_64-redhat-linux
Configured with: ../configure --enable-bootstrap --enable-languages=c,c++,fortran,objc,obj-c++,ada,go,d,lto --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --with-bugurl=http://bugzilla.redhat.com/bugzilla --enable-shared --enable-threads=posix --enable-checking=release --enable-multilib --with-system-zlib --enable-__cxa_atexit --disable-libunwind-exceptions --enable-gnu-unique-object --enable-linker-build-id --with-gcc-major-version-only --with-linker-hash-style=gnu --enable-plugin --enable-initfini-array --with-isl --enable-offload-targets=nvptx-none --without-cuda-driver --enable-gnu-indirect-function --enable-cet --with-tune=generic --with-arch_32=i686 --build=x86_64-redhat-linux
Thread model: posix
Supported LTO compression algorithms: zlib zstd
gcc version 10.3.1 20210422 (Red Hat 10.3.1-1) (GCC)
# Libraries #
using babl version 0.1.87 (compiled against version 0.1.87)
using GEGL version 0.4.31 (compiled against version 0.4.31)
using GLib version 2.66.8 (compiled against version 2.66.8)
using GdkPixbuf version 2.42.6 (compiled against version 2.42.6)
using GTK+ version 3.24.29 (compiled against version 3.24.29)
using Pango version 1.48.4 (compiled against version 1.48.4)
using Fontconfig version 2.13.92 (compiled against version 2.13.92)
using Cairo version 1.16.0 (compiled against version 1.16.0)
fatal error: Aborted
Stack trace:
# Stack traces obtained from PID 14809 - Thread 23682 #
[New LWP 14810]
[New LWP 14811]
[New LWP 14812]
[New LWP 14813]
[New LWP 14814]
[New LWP 14817]
[New LWP 14852]
[New LWP 14878]
[New LWP 23682]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
0x00007f7c57c0555d in syscall () from /lib64/libc.so.6
Id Target Id Frame
* 1 Thread 0x7f7c56002f00 (LWP 14809) "gimp-2.99" 0x00007f7c57c0555d in syscall () from /lib64/libc.so.6
2 Thread 0x7f7c4888d640 (LWP 14810) "worker" 0x00007f7c57c0555d in syscall () from /lib64/libc.so.6
3 Thread 0x7f7c4808c640 (LWP 14811) "worker" 0x00007f7c57c0555d in syscall () from /lib64/libc.so.6
4 Thread 0x7f7c3f88b640 (LWP 14812) "worker" 0x00007f7c57c0555d in syscall () from /lib64/libc.so.6
5 Thread 0x7f7c3e869640 (LWP 14813) "gmain" 0x00007f7c57bffa5f in poll () from /lib64/libc.so.6
6 Thread 0x7f7c3e068640 (LWP 14814) "gdbus" 0x00007f7c57bffa5f in poll () from /lib64/libc.so.6
7 Thread 0x7f7c07632640 (LWP 14817) "async" 0x00007f7c57c0555d in syscall () from /lib64/libc.so.6
8 Thread 0x7f7bedffb640 (LWP 14852) "dconf worker" 0x00007f7c57bffa5f in poll () from /lib64/libc.so.6
9 Thread 0x7f7bf9568640 (LWP 14878) "swap writer" 0x00007f7c57c0555d in syscall () from /lib64/libc.so.6
10 Thread 0x7f7bed7fa640 (LWP 23682) "paint" 0x00007f7c57ce70fc in read () from /lib64/libpthread.so.0
Thread 10 (Thread 0x7f7bed7fa640 (LWP 23682) "paint"):
#0 0x00007f7c57ce70fc in read () at /lib64/libpthread.so.0
#1 0x00007f7c5899227c in gimp_stack_trace_print (prog_name=0x7f7bed7f7ef0 "eUE", stream=stream@entry=0x7f7bcc01e220, trace=trace@entry=0x0) at ../../libgimpbase/../libgimpbase/gimputils.c:1345
status = -310411168
stack_printed = 0
gtrace = 0x0
gimp_pid = "14809\000\000\000\240\206\344W|\177\000"
buffer = "eUE\000\000\000\000\000\302\200\264\320\000\000\000\000\003\322B\003\000\000\000\000D\177\177\355{\177\000\000\220(\260\001\000\000\000\000\b\332\314\000\000\000\000\000 \342\001\314{\177\000\000\001\000\000\000\000\000\000\000\260\214\177\355{\177\000\000\020\000\000\000\000\000\000\000\000\000:G|\177\000\000\027\237:Y|\177\000\000\005", '\000' <repeats 15 times>, "\bu<Y|\177\000\000\020ЗX|\177\000\000\060\203\177\355{\177\000\000\256\024;Y|\177\000\000 \342\001\314{\177\000\000\001", '\000' <repeats 15 times>, " \342\001\314{\177\000\000\300\374\340\001", '\000' <repeats 12 times>, "\001\000\000\000\000\000\000\000\240q"...
read_n = <optimized out>
sync_fd = {22, 23}
out_fd = {24, 25}
fork_pid = 25914
pid = 14809
eintr_count = 0
tid = 23682
#2 0x00000000004a6876 in gimp_eek (reason=reason@entry=0x8b80f8 "fatal error", message=0x7f7bed7f8390 "1619395200", use_handler=use_handler@entry=1) at ../../app/errors.c:355
fd = 0x7f7bcc01e220
has_backtrace = 1
pid = "14809\000\000\000\001\000\000\000\000\000\000"
gimpdebug = 0x8b8110 "/opt/gimp/libexec/gimp-debug-tool-2.99"
args = {0x8b8110 "/opt/gimp/libexec/gimp-debug-tool-2.99", 0x1e0fcc0 "/opt/gimp/bin/gimp-2.99", 0x7f7bed7f8380 "14809", 0x8b80f8 "fatal error", 0x9c3bc26 "Aborted", 0x1d71b50 "/home/aryeom/.config/GIMP/2.99/CrashLog/GIMP-crash-1621515195.txt", 0x1dd9960 "2.99.6", 0x7f7bed7f8390 "1619395200", 0x0}
timestamp = "1619395200\000\001\000\000\000"
config = <optimized out>
eek_handled = 0
debug_policy = GIMP_DEBUG_POLICY_WARNING
iter = <optimized out>
num_idx = <optimized out>
i = 0
#3 0x00000000004a6c46 in gimp_fatal_error (message=<optimized out>) at ../../app/errors.c:206
#4 0x00000000004a7239 in gimp_sigfatal_handler (sig_num=6) at ../../app/signals.c:181
#5 0x00007f7c57ce81e0 in <signal handler called> () at /lib64/libpthread.so.0
#6 0x00007f7c57b469d5 in raise () at /lib64/libc.so.6
#7 0x00007f7c57b2f8a4 in abort () at /lib64/libc.so.6
#8 0x00007f7c57b89177 in __libc_message () at /lib64/libc.so.6
#9 0x00007f7c57b90e6c in annobin_top_check.start () at /lib64/libc.so.6
#10 0x00007f7c57b922bc in _int_free () at /lib64/libc.so.6
#11 0x00007f7c57e9d70d in g_free () at /lib64/libglib-2.0.so.0
#12 0x00007f7c584df191 in gegl_free (buf=<optimized out>) at ../gegl/buffer/gegl-memory.c:88
#13 0x000000000082e8af in gimp_temp_buf_unref (buf=0x895aea0) at ../../../app/core/gimptempbuf.c:178
__func__ = "gimp_temp_buf_unref"
#14 0x000000000085126f in gimp_brush_core_pressurize_mask(GimpBrushCore*, GimpTempBuf const*, gdouble, gdouble, gdouble) (core=core@entry=0x77f9bf0, brush_mask=0x882e160, x=<optimized out>, y=<optimized out>, pressure=1) at ../../../app/paint/gimpbrushcore-loops.cc:498
_pp = {in = 0x77f9e70 "", out = 0x77f9e70}
_p = <optimized out>
subsample_mask = 0x76f2c60
subsample_mask_format = <optimized out>
__PRETTY_FUNCTION__ = "const GimpTempBuf* gimp_brush_core_pressurize_mask(GimpBrushCore*, const GimpTempBuf*, gdouble, gdouble, gdouble)"
#15 0x000000000084f355 in gimp_brush_core_get_brush_mask (core=core@entry=0x77f9bf0, coords=coords@entry=0x77b1c40, brush_hardness=brush_hardness@entry=GIMP_BRUSH_PRESSURE, dynamic_force=9.1207395660615491e-316, dynamic_force@entry=1) at ../../../app/paint/gimpbrushcore.c:1108
mask = <optimized out>
__func__ = "gimp_brush_core_get_brush_mask"
#16 0x000000000084f3b7 in gimp_brush_core_paste_canvas (core=core@entry=0x77f9bf0, drawable=drawable@entry=0xb00dc80, coords=coords@entry=0x77b1c40, brush_opacity=1, image_opacity=1, paint_mode=paint_mode@entry=GIMP_LAYER_MODE_ERASE, brush_hardness=brush_hardness@entry=GIMP_BRUSH_PRESSURE, dynamic_force=dynamic_force@entry=1, mode=mode@entry=GIMP_PAINT_CONSTANT) at ../../../app/paint/gimpbrushcore.c:936
brush_mask = <optimized out>
#17 0x000000000087530e in _gimp_paintbrush_motion (paint_core=0x77f9bf0, drawable=0xb00dc80, paint_options=0x1ddaae0, sym=0xad3cb50, opacity=1) at ../../../app/paint/gimppaintbrush.c:387
paint_mode = GIMP_LAYER_MODE_ERASE
paint_buffer_x = 1594
paint_pixmap = 0x0
paint_width = 3
paint_height = 3
paint_appl_mode = GIMP_PAINT_CONSTANT
paint_buffer = <optimized out>
paint_buffer_y = 404
paint_color = {r = 1, g = 1, b = 1, a = 1}
brush_core = 0x77f9bf0
paintbrush = 0x77f9bf0
context = 0x1ddaae0
dynamics = <optimized out>
image = <optimized out>
fade_point = 0.019444856885188298
grad_point = 1
force = 1
coords = 0x77b1c40
n_strokes = 1
i = 0
#18 0x000000000085a5af in gimp_paint_core_paint (core=0x77f9bf0, drawable=0xb00dc80, paint_options=0x1ddaae0, paint_state=GIMP_PAINT_STATE_MOTION, time=27214778) at ../../../app/paint/gimppaintcore.c:335
sym = 0xad3cb50
image = <optimized out>
item = <optimized out>
core_class = 0x83bae10
__func__ = "gimp_paint_core_paint"
#19 0x000000000084e0fd in gimp_brush_core_interpolate (paint_core=0x77f9bf0, drawable=0xb00dc80, paint_options=0x1ddaae0, time=27214778) at ../../../app/paint/gimpbrushcore.c:761
t = <optimized out>
p = <optimized out>
core = 0x77f9bf0
image = <optimized out>
spacing_output = <optimized out>
last_coords = {x = 1595.9020845447467, y = 406.67052206844562, pressure = 0.17250061035156247, xtilt = 0.16535433070866143, ytilt = 0.55905511811023623, wheel = 0.44024458032240132, distance = 0, rotation = 0, slider = 0, velocity = 0.089424444048145924, direction = 0.63963421000839371, xscale = 3.0221520245686984, yscale = 3.0221520245686984, angle = 0, reflect = 0}
current_coords = {x = 1596.5, y = 406.53747385722318, pressure = 0.17250061035156247, xtilt = 0.16535433070866143, ytilt = 0.55905511811023623, wheel = 0.44024458032240132, distance = 0, rotation = 0, slider = 0, velocity = 0.089424444048145924, direction = 0.73644074635209944, xscale = 3.0221520245686984, yscale = 3.0221520245686984, angle = 0, reflect = 0}
delta_vec = {x = 0.24105856326150388, y = -0.053640377347676349}
delta_pressure = 0.00732421875
delta_xtilt = 0
delta_ytilt = 0
delta_wheel = 0
delta_velocity = -0.0015185450353497054
temp_direction = 0.73644074635209944
temp_vec = {x = -0.40900937411125765, y = -0.2221392727355557}
n = 0
num_points = 1
t0 = <optimized out>
dt = <optimized out>
tn = <optimized out>
st_factor = <optimized out>
st_offset = <optimized out>
initial = 0.38641196604211142
dist = 0.26529135559677464
total = 0.30726950600855163
pixel_dist = 0.24695449176660378
pixel_initial = 0.35970327970846233
xd = <optimized out>
yd = <optimized out>
mag = <optimized out>
dyn_spacing = <optimized out>
fade_point = 0.0071940655941692463
use_dyn_spacing = <optimized out>
__func__ = "gimp_brush_core_interpolate"
#20 0x0000000000542842 in gimp_paint_tool_paint_interpolate (paint_tool=0x216e9f0, data=0xb0a8090) at ../../../app/tools/gimppainttool-paint.c:210
paint_options = <optimized out>
core = <optimized out>
drawable = <optimized out>
#21 0x00000000005427b4 in gimp_paint_tool_paint_thread (data=<optimized out>) at ../../../app/tools/gimppainttool-paint.c:145
item = 0x9b13800
#22 0x00007f7c57ec6402 in g_thread_proxy () at /lib64/libglib-2.0.so.0
#23 0x00007f7c57cdd3f9 in start_thread () at /lib64/libpthread.so.0
#24 0x00007f7c57c0ab53 in clone () at /lib64/libc.so.6
Thread 9 (Thread 0x7f7bf9568640 (LWP 14878) "swap writer"):
#0 0x00007f7c57c0555d in syscall () at /lib64/libc.so.6
#1 0x00007f7c57ee5003 in g_cond_wait () at /lib64/libglib-2.0.so.0
#2 0x00007f7c584ec61d in gegl_tile_backend_swap_writer_thread (ignored=<optimized out>) at ../gegl/buffer/gegl-tile-backend-swap.c:698
params = <optimized out>
#3 0x00007f7c57ec6402 in g_thread_proxy () at /lib64/libglib-2.0.so.0
#4 0x00007f7c57cdd3f9 in start_thread () at /lib64/libpthread.so.0
#5 0x00007f7c57c0ab53 in clone () at /lib64/libc.so.6
Thread 8 (Thread 0x7f7bedffb640 (LWP 14852) "dconf worker"):
#0 0x00007f7c57bffa5f in poll () at /lib64/libc.so.6
#1 0x00007f7c57eeaa36 in g_main_context_iterate.constprop () at /lib64/libglib-2.0.so.0
#2 0x00007f7c57e95e73 in g_main_context_iteration () at /lib64/libglib-2.0.so.0
#3 0x00007f7c0633964d in dconf_gdbus_worker_thread () at /usr/lib64/gio/modules/libdconfsettings.so
#4 0x00007f7c57ec6402 in g_thread_proxy () at /lib64/libglib-2.0.so.0
#5 0x00007f7c57cdd3f9 in start_thread () at /lib64/libpthread.so.0
#6 0x00007f7c57c0ab53 in clone () at /lib64/libc.so.6
Thread 7 (Thread 0x7f7c07632640 (LWP 14817) "async"):
#0 0x00007f7c57c0555d in syscall () at /lib64/libc.so.6
#1 0x00007f7c57ee5003 in g_cond_wait () at /lib64/libglib-2.0.so.0
#2 0x00000000007681fc in gimp_parallel_run_async_thread_func(GimpParallelRunAsyncThread*) (thread=0xcd7fc0 <gimp_parallel_run_async_threads>) at ../../../app/core/gimp-parallel.cc:378
task = <optimized out>
#3 0x00007f7c57ec6402 in g_thread_proxy () at /lib64/libglib-2.0.so.0
#4 0x00007f7c57cdd3f9 in start_thread () at /lib64/libpthread.so.0
#5 0x00007f7c57c0ab53 in clone () at /lib64/libc.so.6
Thread 6 (Thread 0x7f7c3e068640 (LWP 14814) "gdbus"):
#0 0x00007f7c57bffa5f in poll () at /lib64/libc.so.6
#1 0x00007f7c57eeaa36 in g_main_context_iterate.constprop () at /lib64/libglib-2.0.so.0
#2 0x00007f7c57e98163 in g_main_loop_run () at /lib64/libglib-2.0.so.0
#3 0x00007f7c581fc01a in gdbus_shared_thread_func.lto_priv () at /lib64/libgio-2.0.so.0
#4 0x00007f7c57ec6402 in g_thread_proxy () at /lib64/libglib-2.0.so.0
#5 0x00007f7c57cdd3f9 in start_thread () at /lib64/libpthread.so.0
#6 0x00007f7c57c0ab53 in clone () at /lib64/libc.so.6
Thread 5 (Thread 0x7f7c3e869640 (LWP 14813) "gmain"):
#0 0x00007f7c57bffa5f in poll () at /lib64/libc.so.6
#1 0x00007f7c57eeaa36 in g_main_context_iterate.constprop () at /lib64/libglib-2.0.so.0
#2 0x00007f7c57e95e73 in g_main_context_iteration () at /lib64/libglib-2.0.so.0
#3 0x00007f7c57e97a91 in glib_worker_main () at /lib64/libglib-2.0.so.0
#4 0x00007f7c57ec6402 in g_thread_proxy () at /lib64/libglib-2.0.so.0
#5 0x00007f7c57cdd3f9 in start_thread () at /lib64/libpthread.so.0
#6 0x00007f7c57c0ab53 in clone () at /lib64/libc.so.6
Thread 4 (Thread 0x7f7c3f88b640 (LWP 14812) "worker"):
#0 0x00007f7c57c0555d in syscall () at /lib64/libc.so.6
#1 0x00007f7c57ee5003 in g_cond_wait () at /lib64/libglib-2.0.so.0
#2 0x00007f7c584a6343 in gegl_parallel_distribute_thread_func (thread=0x7f7c58555210 <gegl_parallel_distribute_threads+112>) at ../gegl/gegl-parallel.c:508
#3 0x00007f7c57ec6402 in g_thread_proxy () at /lib64/libglib-2.0.so.0
#4 0x00007f7c57cdd3f9 in start_thread () at /lib64/libpthread.so.0
#5 0x00007f7c57c0ab53 in clone () at /lib64/libc.so.6
Thread 3 (Thread 0x7f7c4808c640 (LWP 14811) "worker"):
#0 0x00007f7c57c0555d in syscall () at /lib64/libc.so.6
#1 0x00007f7c57ee5003 in g_cond_wait () at /lib64/libglib-2.0.so.0
#2 0x00007f7c584a6343 in gegl_parallel_distribute_thread_func (thread=0x7f7c585551d8 <gegl_parallel_distribute_threads+56>) at ../gegl/gegl-parallel.c:508
#3 0x00007f7c57ec6402 in g_thread_proxy () at /lib64/libglib-2.0.so.0
#4 0x00007f7c57cdd3f9 in start_thread () at /lib64/libpthread.so.0
#5 0x00007f7c57c0ab53 in clone () at /lib64/libc.so.6
Thread 2 (Thread 0x7f7c4888d640 (LWP 14810) "worker"):
#0 0x00007f7c57c0555d in syscall () at /lib64/libc.so.6
#1 0x00007f7c57ee5003 in g_cond_wait () at /lib64/libglib-2.0.so.0
#2 0x00007f7c584a6343 in gegl_parallel_distribute_thread_func (thread=0x7f7c585551a0 <gegl_parallel_distribute_threads>) at ../gegl/gegl-parallel.c:508
#3 0x00007f7c57ec6402 in g_thread_proxy () at /lib64/libglib-2.0.so.0
#4 0x00007f7c57cdd3f9 in start_thread () at /lib64/libpthread.so.0
#5 0x00007f7c57c0ab53 in clone () at /lib64/libc.so.6
Thread 1 (Thread 0x7f7c56002f00 (LWP 14809) "gimp-2.99"):
#0 0x00007f7c57c0555d in syscall () at /lib64/libc.so.6
#1 0x00007f7c57ee4f1c in g_mutex_lock_slowpath () at /lib64/libglib-2.0.so.0
#2 0x000000000054260f in gimp_paint_tool_paint_timeout (paint_tool=0x216e9f0) at ../../../app/tools/gimppainttool-paint.c:168
core = 0x77f9bf0
drawable = 0xb00dc80
update = <optimized out>
#3 0x00007f7c57e99171 in g_timeout_dispatch () at /lib64/libglib-2.0.so.0
#4 0x00007f7c57e98a9f in g_main_context_dispatch () at /lib64/libglib-2.0.so.0
#5 0x00007f7c57eeaa98 in g_main_context_iterate.constprop () at /lib64/libglib-2.0.so.0
#6 0x00007f7c57e98163 in g_main_loop_run () at /lib64/libglib-2.0.so.0
#7 0x00000000004a60c4 in app_run (full_prog_name=<optimized out>, filenames=<optimized out>, alternate_system_gimprc=alternate_system_gimprc@entry=0x0, alternate_gimprc=alternate_gimprc@entry=0x0, session_name=<optimized out>, batch_interpreter=0x0, batch_commands=0x0, as_new=0, no_interface=0, no_data=0, no_fonts=0, no_splash=0, be_verbose=0, use_shm=1, use_cpu_accel=1, console_messages=0, use_debug_handler=0, show_playground=1, show_debug_menu=1, stack_trace_mode=GIMP_STACK_TRACE_QUERY, pdb_compat_mode=GIMP_PDB_COMPAT_WARN, backtrace_file=0x1a67540 "/home/aryeom/.config/GIMP/2.99/CrashLog/GIMP-crash-1621515195.txt") at ../../app/app.c:446
update_status_func = <optimized out>
gimp = 0x1c6e390
loop = <optimized out>
run_loop = 0x459bd70
default_folder = <optimized out>
gimpdir = <optimized out>
abort_message = <optimized out>
temprc = <optimized out>
language = <optimized out>
font_error = 0x0
__func__ = "app_run"
#8 0x00000000004a5a26 in main (argc=<optimized out>, argv=<optimized out>) at ../../app/main.c:656
context = 0x1a686c0
error = 0x0
abort_message = <optimized out>
basename = <optimized out>
system_gimprc_file = 0x0
user_gimprc_file = 0x0
backtrace_file = 0x1a67540 "/home/aryeom/.config/GIMP/2.99/CrashLog/GIMP-crash-1621515195.txt"
i = <optimized out>
[Inferior 1 (process 14809) detached]