Bug 409908 - Crash upon close (double freeing all/a lot of variables)
Summary: Crash upon close (double freeing all/a lot of variables)
Status: RESOLVED DUPLICATE of bug 410867
Alias: None
Product: krita
Classification: Applications
Component: General (show other bugs)
Version: git master (please specify the git hash!)
Platform: Other Linux
: NOR crash
Target Milestone: ---
Assignee: Krita Bugs
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-07-17 17:16 UTC by wolthera
Modified: 2020-01-10 14:04 UTC (History)
4 users (show)

See Also:
Latest Commit:
Version Fixed In:


Attachments
Full valgrind error log (142.12 KB, text/plain)
2019-07-18 21:07 UTC, Tiar
Details
GDB backtrace (4.24 KB, text/plain)
2019-08-17 10:51 UTC, Karl Ove Hufthammer
Details

Note You need to log in before you can comment on or make changes to this bug.
Description wolthera 2019-07-17 17:16:18 UTC
SUMMARY
I've been having this one for a few days now. No idea what is causing it...

GDB backtrace
--------------------------------------
free(): invalid pointer

Thread 1 "krita" received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
51      ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) thread apply all backtrace

Thread 16 (Thread 0x7fff8ffff700 (LWP 16179)):
#0  0x00007ffff2841bf9 in __GI___poll (fds=0x7fff84004db0, nfds=1, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007fffea6e65c9 in ?? () from /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007fffea6e66dc in g_main_context_iteration () from /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007ffff339cdcb in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
   from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#4  0x00007ffff333e03a in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) ()
   from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#5  0x00007ffff31654ca in QThread::exec() () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#6  0x00007ffff3166c72 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#7  0x00007fffebfe36db in start_thread (arg=0x7fff8ffff700) at pthread_create.c:463
#8  0x00007ffff284e88f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 1 (Thread 0x7ffff7f7ee80 (LWP 15635)):
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007ffff276d801 in __GI_abort () at abort.c:79
#2  0x00007ffff27b6897 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7ffff28e3b9a "%s\n")
    at ../sysdeps/posix/libc_fatal.c:181
#3  0x00007ffff27bd90a in malloc_printerr (str=str@entry=0x7ffff28e1d88 "free(): invalid pointer") at malloc.c:5350
#4  0x00007ffff27c4e1c in _int_free (have_lock=0, p=0x5555709087c0, av=0x7ffff2b18c40 <main_arena>) at malloc.c:4157
#5  __GI___libc_free (mem=0x5555709087d0) at malloc.c:3124
#6  0x00007ffff6692d72 in QTypedArrayData<unsigned short>::deallocate (data=0x5555709087d0)
    at /usr/include/x86_64-linux-gnu/qt5/QtCore/qarraydata.h:239
#7  0x00007ffff669235d in QString::~QString (this=0x5555719f6020, __in_chrg=<optimized out>)
    at /usr/include/x86_64-linux-gnu/qt5/QtCore/qstring.h:1135
#8  0x00007ffff66e5c97 in QList<QString>::node_destruct (this=0x7ffff7dd1208 <KisImportExportManager::m_importMimeTypes>, 
    from=0x5555719f5fb0, to=0x5555719f6020) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qlist.h:499
#9  0x00007ffff66e57ab in QList<QString>::dealloc (this=0x7ffff7dd1208 <KisImportExportManager::m_importMimeTypes>, 
---Type <return> to continue, or q <return> to quit---
    data=0x5555719f5fa0) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qlist.h:868
#10 0x00007ffff66e539e in QList<QString>::~QList (this=0x7ffff7dd1208 <KisImportExportManager::m_importMimeTypes>, 
    __in_chrg=<optimized out>) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qlist.h:830
#11 0x00007ffff66e5260 in QStringList::~QStringList (this=0x7ffff7dd1208 <KisImportExportManager::m_importMimeTypes>, 
    __in_chrg=<optimized out>) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qstringlist.h:99
#12 0x00007ffff2770615 in __cxa_finalize (d=0x7ffff7ac3b20) at cxa_finalize.c:83
#13 0x00007ffff66906c3 in __do_global_dtors_aux () from /home/wolthera/krita/inst/lib/x86_64-linux-gnu/libkritaui.so.19
#14 0x00007fffffffda50 in ?? ()
#15 0x00007ffff7de5b73 in _dl_fini () at dl-fini.c:138
Backtrace stopped: frame did not save the PC
(gdb) 
(gdb) 

------------------------
SESSION: 17 Jul 2019 19:14:31 +0200. Executing krita

WARNING: This file contains information about your system and the
images you have been working with.

If you have problems with Krita, the Krita developers might ask
you to share this file with them. The information in this file is
not shared automatically with the Krita developers in any way. You
can disable logging to this file in Krita's Configure Krita Dialog.

Please review the contents of this file before sharing this file with
anyone.

Krita

 Version: 4.3.0-prealpha (git 535b60a)
 Languages: en_US, en_GB, nl
 Hidpi: true

Qt

  Version (compiled): 5.12.3
  Version (loaded): 5.12.3

OS Information

  Build ABI: x86_64-little_endian-lp64
  Build CPU: x86_64
  CPU: x86_64
  Kernel Type: linux
  Kernel Version: 4.15.0-54-generic
  Pretty Productname: KDE neon User Edition 5.16
  Product Type: neon
  Product Version: 18.04

17 Jul 2019 19:14:37 +0200: Instant Preview Setting: 1
17 Jul 2019 19:14:37 +0200: Disabled smoothing.
17 Jul 2019 19:14:37 +0200: Disabled smoothing.
17 Jul 2019 19:14:37 +0200: Disabled smoothing.
17 Jul 2019 19:14:37 +0200: Instant Preview Setting: 1
17 Jul 2019 19:14:38 +0200: Instant Preview Setting: 1
17 Jul 2019 19:14:38 +0200: Instant Preview Setting: 1
17 Jul 2019 19:14:38 +0200: Instant Preview Setting: 1

Hardware Information

  GPU Acceleration: auto
  Memory: 7725 Mb
  Number of Cores: 8
  Swap Location: /tmp
Comment 1 wolthera 2019-07-17 17:35:29 UTC
Deleting kritarc or session makes no difference here.
Comment 2 wolthera 2019-07-17 19:39:06 UTC
ASAN result
===================================

wolthera@Euthenia:~/krita/build$ krita
Set style "fusion"
KoColor debug runtime checks are active.
krita.lib.pigment: Illegal XML palette: "/home/wolthera/.local/share/krita/palettes/colorset.xml"
krita.lib.pigment: Error (line 1 , column 159 ): "Unknown XML palette format. Expected SCRIBUSCOLORS, found Colorset"
krita.lib.widgets: Loading resource  "/home/wolthera/.local/share/krita/palettes/colorset.xml" failed. "ko_palettes"
krita.lib.pigment: Illegal XML palette: "/home/wolthera/.local/share/krita/palettes/profiles.xml"
krita.lib.pigment: Error (line 1 , column 10 ): "Unknown XML palette format. Expected SCRIBUSCOLORS, found Profiles"
krita.lib.widgets: Loading resource  "/home/wolthera/.local/share/krita/palettes/profiles.xml" failed. "ko_palettes"
QObject::startTimer: Timers cannot have negative intervals
Comparators already registered for type KoSvgText::AutoValue
Debug stream operator already registered for type KoSvgText::AutoValue
Comparators already registered for type KoSvgText::BackgroundProperty
Debug stream operator already registered for type KoSvgText::BackgroundProperty
Comparators already registered for type KoSvgText::StrokeProperty
Debug stream operator already registered for type KoSvgText::StrokeProperty
/home/wolthera/krita/inst/lib/x86_64-linux-gnu/krita-python-libs/krita added to PYTHONPATH
krita.scripting: "Traceback (most recent call last):"
krita.scripting: "  File \"/home/wolthera/krita/inst/share/krita/pykrita/palette_docker/__init__.py\", line 2, in <module>"
krita.scripting: "    from .palette_docker import *"
krita.scripting: "  File \"/home/wolthera/krita/inst/share/krita/pykrita/palette_docker/palette_docker.py\", line 31, in <module>"
krita.scripting: "    class Palette_Docker(DockWidget):"
krita.scripting: "  File \"/home/wolthera/krita/inst/share/krita/pykrita/palette_docker/palette_docker.py\", line 126, in Palette_Docker"
krita.scripting: "    @pyqtSlot('KisSwatch')"
krita.scripting: "TypeError: C++ type 'KisSwatch' is not supported as a pyqtSlot type argument type"
krita.scripting: "Could not import palette_docker"
krita.scripting: Error loading plugin "palette_docker"
QLayout: Attempting to add QLayout "" to QWidget "", which already has a layout
=================================================================
==17875==ERROR: AddressSanitizer: heap-use-after-free on address 0x604001a75cd0 at pc 0x7f50ad6f10e2 bp 0x7ffe4a915170 sp 0x7ffe4a915160
READ of size 4 at 0x604001a75cd0 thread T0
    #0 0x7f50ad6f10e1 in std::__atomic_base<int>::load(std::memory_order) const /usr/include/c++/7/bits/atomic_base.h:396
    #1 0x7f50ad6f10e1 in int QAtomicOps<int>::load<int>(std::atomic<int> const&) /usr/include/x86_64-linux-gnu/qt5/QtCore/qatomic_cxx11.h:227
    #2 0x7f50ad6ef539 in QBasicAtomicInteger<int>::load() const /usr/include/x86_64-linux-gnu/qt5/QtCore/qbasicatomic.h:103
    #3 0x7f50ad6ed705 in QtPrivate::RefCount::deref() /usr/include/x86_64-linux-gnu/qt5/QtCore/qrefcount.h:66
    #4 0x7f50ae4c2e51 in QMap<KisSharedPtr<KisOpenGLImageTextures>, KisAnimationFrameCache*>::~QMap() /usr/include/x86_64-linux-gnu/qt5/QtCore/qmap.h:339
    #5 0x7f50a674c614 in __cxa_finalize (/lib/x86_64-linux-gnu/libc.so.6+0x43614)
    #6 0x7f50ad6e8d52  (/home/wolthera/krita/inst/lib/x86_64-linux-gnu/libkritaui.so.19+0x29e9d52)

0x604001a75cd0 is located 0 bytes inside of 40-byte region [0x604001a75cd0,0x604001a75cf8)
freed by thread T0 here:
    #0 0x7f50b2d1c9d8 in operator delete(void*, unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xe19d8)
    #1 0x7f504d585b71 in QMapData<KisSharedPtr<KisOpenGLImageTextures>, KisAnimationFrameCache*>::destroy() /usr/include/x86_64-linux-gnu/qt5/QtCore/qmap.h:251
    #2 0x7f504d585cc8 in QMap<KisSharedPtr<KisOpenGLImageTextures>, KisAnimationFrameCache*>::~QMap() /usr/include/x86_64-linux-gnu/qt5/QtCore/qmap.h:339
    #3 0x7f50a674c040  (/lib/x86_64-linux-gnu/libc.so.6+0x43040)

previously allocated by thread T0 here:
    #0 0x7f50b2d1b458 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xe0458)
    #1 0x7f50a71b251d in QMapDataBase::createData() (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x11751d)
    #2 0x7f50ae4c22be in QMap<KisSharedPtr<KisOpenGLImageTextures>, KisAnimationFrameCache*>::detach_helper() /usr/include/x86_64-linux-gnu/qt5/QtCore/qmap.h:1006
    #3 0x7f50ae4c1601 in QMap<KisSharedPtr<KisOpenGLImageTextures>, KisAnimationFrameCache*>::detach() /usr/include/x86_64-linux-gnu/qt5/QtCore/qmap.h:364
    #4 0x7f50ae4bfdd8 in QMap<KisSharedPtr<KisOpenGLImageTextures>, KisAnimationFrameCache*>::find(KisSharedPtr<KisOpenGLImageTextures> const&) (/home/wolthera/krita/inst/lib/x86_64-linux-gnu/libkritaui.so.19+0x37c0dd8)
    #5 0x7f50ae4b93f6 in KisAnimationFrameCache::getFrameCache(KisSharedPtr<KisOpenGLImageTextures>) /home/wolthera/krita/src/libs/ui/kis_animation_frame_cache.cpp:199
    #6 0x7f50ad709c42 in KisCanvas2::createOpenGLCanvas() /home/wolthera/krita/src/libs/ui/canvas/kis_canvas2.cpp:528
    #7 0x7f50ad70a341 in KisCanvas2::createCanvas(bool) /home/wolthera/krita/src/libs/ui/canvas/kis_canvas2.cpp:553
    #8 0x7f50ad704fc9 in KisCanvas2::setup() /home/wolthera/krita/src/libs/ui/canvas/kis_canvas2.cpp:226
    #9 0x7f50ae3c1df1 in KisView::KisView(KisDocument*, KoCanvasResourceProvider*, KActionCollection*, QWidget*) /home/wolthera/krita/src/libs/ui/KisView.cpp:229
    #10 0x7f50ae38fa5b in KisPart::createView(KisDocument*, KoCanvasResourceProvider*, KActionCollection*, QWidget*) /home/wolthera/krita/src/libs/ui/KisPart.cpp:242
    #11 0x7f50ae33f3a3 in KisMainWindow::addViewAndNotifyLoadingCompleted(KisDocument*) /home/wolthera/krita/src/libs/ui/KisMainWindow.cpp:954
    #12 0x7f50ae395186 in KisPart::startCustomDocument(KisDocument*) /home/wolthera/krita/src/libs/ui/KisPart.cpp:520
    #13 0x7f50ae50ef2d in KisPart::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/wolthera/krita/build/libs/ui/kritaui_autogen/EWIEGA46WW/moc_KisPart.cpp:142
    #14 0x7f50a734b874 in QMetaObject::activate(QObject*, int, int, void**) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b0874)
    #15 0x7f50ae50e243 in KisOpenPane::documentSelected(KisDocument*) /home/wolthera/krita/build/libs/ui/kritaui_autogen/EWIEGA46WW/moc_KisOpenPane.cpp:241
    #16 0x7f50adf19b88 in KisCustomImageWidget::createImage() /home/wolthera/krita/src/libs/ui/widgets/kis_custom_image_widget.cc:257
    #17 0x7f50ae55dfba in KisCustomImageWidget::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/wolthera/krita/build/libs/ui/kritaui_autogen/IMAN36LHMA/moc_kis_custom_image_widget.cpp:201
    #18 0x7f50a734b874 in QMetaObject::activate(QObject*, int, int, void**) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b0874)
    #19 0x7f50a82a293f  (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x2e793f)

SUMMARY: AddressSanitizer: heap-use-after-free /usr/include/c++/7/bits/atomic_base.h:396 in std::__atomic_base<int>::load(std::memory_order) const
Shadow bytes around the buggy address:
  0x0c0880346b40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0880346b50: fa fa fa fa fa fa fa fa fa fa fd fd fd fd fd fd
  0x0c0880346b60: fa fa fd fd fd fd fd fd fa fa fa fa fa fa fa fa
  0x0c0880346b70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0880346b80: fa fa fd fd fd fd fd fd fa fa fa fa fa fa fa fa
=>0x0c0880346b90: fa fa 00 00 00 00 00 00 fa fa[fd]fd fd fd fd fa
  0x0c0880346ba0: fa fa 00 00 00 00 00 fa fa fa 00 00 00 00 00 fa
  0x0c0880346bb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0880346bc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0880346bd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0880346be0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==17875==ABORTING
Comment 3 Tiar 2019-07-18 08:25:41 UTC
Hi, can you please check:

(1) if you get a crash on closing after just opening and closing Krita (without creating an image),

(2) and check if with your asan build, too?

I get it no matter if I create an image or not, and the asan backtrace suggest the memory suspicious behaviour is related to creating an image.
Comment 4 wolthera 2019-07-18 20:33:29 UTC
This is from 'close program without opening a file':

=================================================================
==5095==ERROR: AddressSanitizer: heap-use-after-free on address 0x604000ccfc90 at pc 0x7ffff18d00e2 bp 0x7fffffffd210 sp 0x7fffffffd200
READ of size 4 at 0x604000ccfc90 thread T0
    #0 0x7ffff18d00e1 in std::__atomic_base<int>::load(std::memory_order) const /usr/include/c++/7/bits/atomic_base.h:396
    #1 0x7ffff18d00e1 in int QAtomicOps<int>::load<int>(std::atomic<int> const&) /usr/include/x86_64-linux-gnu/qt5/QtCore/qatomic_cxx11.h:227
    #2 0x7ffff18ce539 in QBasicAtomicInteger<int>::load() const /usr/include/x86_64-linux-gnu/qt5/QtCore/qbasicatomic.h:103
    #3 0x7ffff18cc705 in QtPrivate::RefCount::deref() /usr/include/x86_64-linux-gnu/qt5/QtCore/qrefcount.h:66
    #4 0x7ffff18ccc2d in QString::~QString() /usr/include/x86_64-linux-gnu/qt5/QtCore/qstring.h:1135
    #5 0x7fffea92b614 in __cxa_finalize (/lib/x86_64-linux-gnu/libc.so.6+0x43614)
    #6 0x7ffff18c7d52  (/home/wolthera/krita/inst/lib/x86_64-linux-gnu/libkritaui.so.19+0x29e9d52)

0x604000ccfc90 is located 0 bytes inside of 34-byte region [0x604000ccfc90,0x604000ccfcb2)
freed by thread T0 here:
    #0 0x7ffff6ef87b8 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde7b8)
    #1 0x7fff90e6c201 in QTypedArrayData<unsigned short>::deallocate(QArrayData*) /usr/include/x86_64-linux-gnu/qt5/QtCore/qarraydata.h:239
    #2 0x7fff90e6b7ec in QString::~QString() /usr/include/x86_64-linux-gnu/qt5/QtCore/qstring.h:1135
    #3 0x7fffea92b040  (/lib/x86_64-linux-gnu/libc.so.6+0x43040)

previously allocated by thread T0 here:
    #0 0x7ffff6ef8b50 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb50)
    #1 0x7fffeb32f301 in QArrayData::allocate(unsigned long, unsigned long, unsigned long, QFlags<QArrayData::AllocationOption>) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0xb5301)

SUMMARY: AddressSanitizer: heap-use-after-free /usr/include/c++/7/bits/atomic_base.h:396 in std::__atomic_base<int>::load(std::memory_order) const
Shadow bytes around the buggy address:
  0x0c0880191f40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0880191f50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0880191f60: fa fa 00 00 00 00 00 fa fa fa fa fa fa fa fa fa
  0x0c0880191f70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0880191f80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c0880191f90: fa fa[fd]fd fd fd fd fa fa fa fa fa fa fa fa fa
  0x0c0880191fa0: fa fa fa fa fa fa fa fa fa fa fd fd fd fd fd fd
  0x0c0880191fb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0880191fc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0880191fd0: fa fa fa fa fa fa fa fa fa fa 00 00 00 00 00 fa
  0x0c0880191fe0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==5095==ABORTING
[Thread 0x7ffff7f8ce80 (LWP 5095) exited]
[Inferior 1 (process 5095) exited with code 01]
(gdb)
Comment 5 Tiar 2019-07-18 20:40:37 UTC
Part of the valgrind errors log:

==1121== 
==1121== Invalid read of size 4
==1121==    at 0x6DBBF48: load (atomic_base.h:396)
==1121==    by 0x6DBBF48: loadAcquire<int> (qatomic_cxx11.h:239)
==1121==    by 0x6DBBF48: loadAcquire (qbasicatomic.h:106)
==1121==    by 0x6DBBF48: operator int (qbasicatomic.h:108)
==1121==    by 0x6DBBF48: KisShared::deref() (kis_shared.h:41)
==1121==    by 0x70048B1: deref (kis_shared_ptr.h:210)
==1121==    by 0x70048B1: deref (kis_shared_ptr.h:225)
==1121==    by 0x70048B1: KisSharedPtr<KisDefaultBounds>::~KisSharedPtr() (kis_shared_ptr.h:109)
==1121==    by 0x9388A36: __cxa_finalize (cxa_finalize.c:83)
==1121==    by 0x6D77172: ??? (in /home/tymon/kritadev/install/lib/x86_64-linux-gnu/libkritaimage.so.18.0.0)
==1121==    by 0x4010C65: _dl_fini (dl-fini.c:138)
==1121==    by 0x938837B: __run_exit_handlers (exit.c:108)
==1121==    by 0x93884A9: exit (exit.c:139)
==1121==    by 0x9367B71: (below main) (libc-start.c:342)
==1121==  Address 0x1c996888 is 8 bytes inside a block of size 32 free'd
==1121==    at 0x4839E7B: operator delete(void*) (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==1121==    by 0x938837B: __run_exit_handlers (exit.c:108)
==1121==    by 0x93884A9: exit (exit.c:139)
==1121==    by 0x9367B71: (below main) (libc-start.c:342)
==1121==  Block was alloc'd at
==1121==    at 0x4838DBF: operator new(unsigned long) (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==1121==    by 0x2355487B: __static_initialization_and_destruction_0 (kis_paint_device.cc:575)
==1121==    by 0x2355487B: _GLOBAL__sub_I_kis_paint_device.cc (kis_paint_device.cc:2214)
==1121==    by 0x40108D9: call_init.part.0 (dl-init.c:72)
==1121==    by 0x40109D8: call_init (dl-init.c:30)
==1121==    by 0x40109D8: _dl_init (dl-init.c:119)
==1121==    by 0x4014C2B: dl_open_worker (dl-open.c:517)
==1121==    by 0x949FA4E: _dl_catch_exception (dl-error-skeleton.c:196)
==1121==    by 0x4014215: _dl_open (dl-open.c:599)
==1121==    by 0xEF3E255: dlopen_doit (dlopen.c:66)
==1121==    by 0x949FA4E: _dl_catch_exception (dl-error-skeleton.c:196)
==1121==    by 0x949FADE: _dl_catch_error (dl-error-skeleton.c:215)
==1121==    by 0xEF3EA24: _dlerror_run (dlerror.c:163)
==1121==    by 0xEF3E2E5: dlopen@@GLIBC_2.2.5 (dlopen.c:87)
Comment 6 Tiar 2019-07-18 21:07:06 UTC
Created attachment 121616 [details]
Full valgrind error log
Comment 7 wolthera 2019-07-19 14:00:41 UTC
btw, you asked me to run a 4.2+ appimage in gdb, but that is as far as I know not possible.
Comment 8 Kuntal Majumder 2019-08-15 09:31:33 UTC
I can confirm it, here's my backtrace, couple of commits behind current master, on the magnetic lasso branch, https://invent.kde.org/snippets/385
Comment 9 Karl Ove Hufthammer 2019-08-17 10:51:27 UTC
Created attachment 122197 [details]
GDB backtrace

Krita (Git master) crashes for me too when I quit it, even if I don’t have any images open. Here’s GDB backtrace (which looks quite different from the other backtrace, so I’m not sure it’s the same root cause).
Comment 10 Halla Rempt 2019-08-17 11:01:11 UTC
I've seen Karl's backtrace before. I'm wondering what can be up, because it's in Qt's regular expression handling when saving the list of tags.
Comment 11 Tiar 2019-08-17 13:43:33 UTC
I would say that Karl's backtrace is something else. Karl, could you please remove/move all of the custom resources and reset your configuration for Krita and try again?

When I close Krita now, I usually get one of those three messages (it's random, 'fasttop' is the least often):
corrupted size vs. prev_size while consolidating
double free or corruption (!prev)
double free or corruption (fasttop)

I am also pretty sure (1) it didn't crash for at least two months after I started working, and (2) it does crash now when I checkout the code from the beginning of March and if I'm not mistaken, older code crashes, too. I think it's because of some library changes in between. I can't pinpoint it to anything.

It changed around the lgm, I think, maybe a bit before that, and it was around the same time my python scripting stopped working, too, so I guess there was some system changes that I don't remember now, unfortunately. Wolthera however told me (on IRC, long time ago) that her Python scripting works as expected. Also I don't expect it to be connected to Python, more to Qt.

My system information from krita.log:

Krita

 Version: 4.3.0-prealpha (git 8bd4204)
 Languages: en_US
 Hidpi: false

Qt

  Version (compiled): 5.12.2
  Version (loaded): 5.12.2

OS Information

  Build ABI: x86_64-little_endian-lp64
  Build CPU: x86_64
  CPU: x86_64
  Kernel Type: linux
  Kernel Version: 4.15.0-45-generic
  Pretty Productname: Linux Mint 19.1
  Product Type: linuxmint
  Product Version: 19.1


Hardware Information

  GPU Acceleration: none
  Memory: 7771 Mb
  Number of Cores: 4
  Swap Location: /tmp
Comment 12 Karl Ove Hufthammer 2019-08-17 14:25:02 UTC
(In reply to Tymond from comment #11)
> I would say that Karl's backtrace is something else. Karl, could you please
> remove/move all of the custom resources and reset your configuration for
> Krita and try again?

I have now tried deleted the contents of

  .local/share/krita/
  .config/krita*

but Krita still crashes when I quit (with the same regexp/KoResourceTagStore stuff in the backtrace).
Comment 13 Halla Rempt 2019-08-17 14:26:09 UTC
Weirdly enough, I don't get these crashes or messages myself. I build with these settings:

cmake ../$1 -DCMAKE_INSTALL_PREFIX=/home/boud/dev/i-$1 \
-DBUILD_TESTING=ON \
-DHIDE_SAFE_ASSERTS=OFF \
-DCMAKE_PREFIX_PATH=/usr/local \
-DCMAKE_BUILD_TYPE=Debug \
-DKRITA_DEVS=ON
Comment 14 Tiar 2019-08-19 22:23:35 UTC
Another message I get:

free(): invalid pointer

My cmake: 
cmake ../krita -DCMAKE_INSTALL_PREFIX=~/kritadev/install -DCMAKE_BUILD_TYPE=Debug -DKRITA_DEVS=ON -DHIDE_SAFE_ASSERTS=off -DPYTHON_EXECUTABLE=/usr/bin/python3
Comment 15 wolthera 2019-08-28 18:20:01 UTC
Ok, so this is fixed for me in 4613587dfa5d0f1eab258cf1126f6e7782af247d, and I am half suspecting it's the last two commits there ("Fix a possible crash in SimpleJobCoordinator during migrations" and "Fix crash when painting in SimpleJobCoordinator" fixed it.
Comment 16 Kuntal Majumder 2019-09-10 10:57:33 UTC
I still get those crashes, on master,

here is the backtrace,

Application: krita (krita), signal: Aborted
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[Current thread is 1 (Thread 0x7fb6bbc55800 (LWP 29614))]

Thread 2 (Thread 0x7fb65d221700 (LWP 29638)):
#0  __lll_lock_wait_private () at ../sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:95
#1  0x00007fb6b6a14f7e in __GI___libc_realloc (oldmem=0x5580a6f00f00, bytes=256) at malloc.c:3228
#2  0x00007fb6b73c33b9 in QArrayData::reallocateUnaligned(QArrayData*, unsigned long, unsigned long, QFlags<QArrayData::AllocationOption>) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#3  0x00007fb6b743cc7a in QString::reallocData(unsigned int, bool) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#4  0x00007fb6b743ccf5 in QString::resize(int) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#5  0x00007fb6b74427da in QString::vasprintf(char const*, __va_list_tag*) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#6  0x00007fb6b73ab8ae in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#7  0x00007fb6b739182b in QMessageLogger::warning(char const*, ...) const () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#8  0x00007fb6b75ebc41 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#9  0x00007fb6aedecfe1 in g_main_context_check () from /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#10 0x00007fb6aeded570 in ?? () from /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#11 0x00007fb6aeded6dc in g_main_context_iteration () from /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#12 0x00007fb6b75ebdaf in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#13 0x00007fb6b758d03a in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#14 0x00007fb6b73b44ca in QThread::exec() () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#15 0x00007fb6b73b5c72 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#16 0x00007fb6b06ea6db in start_thread (arg=0x7fb65d221700) at pthread_create.c:463
#17 0x00007fb6b6a9d88f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 1 (Thread 0x7fb6bbc55800 (LWP 29614)):
[KCrash Handler]
#6  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#7  0x00007fb6b69bc801 in __GI_abort () at abort.c:79
#8  0x00007fb6b6a05897 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7fb6b6b32b9a "%s\n") at ../sysdeps/posix/libc_fatal.c:181
#9  0x00007fb6b6a0c90a in malloc_printerr (str=str@entry=0x7fb6b6b30c9d "corrupted size vs. prev_size") at malloc.c:5350
#10 0x00007fb6b6a1415f in _int_free (have_lock=0, p=<optimized out>, av=0x7fb6b6d67c40 <main_arena>) at malloc.c:4295
#11 __GI___libc_free (mem=<optimized out>) at malloc.c:3124
#12 0x00007fb6b69bf615 in __cxa_finalize (d=0x7fb6bb778260) at cxa_finalize.c:83
#13 0x00007fb6ba624493 in __do_global_dtors_aux () from /home/neon/.local/lib/x86_64-linux-gnu/libkritaui.so.19
#14 0x00007ffd2a311730 in ?? ()
#15 0x00007fb6bba99b73 in _dl_fini () at dl-fini.c:138
Backtrace stopped: frame did not save the PC
Comment 17 Halla Rempt 2019-09-10 11:12:34 UTC
I'm afraid that that backtrace is useless; it only shows that memory could not be freed. Please use valgrind to see what the problem is: since I don't get this problem, I cannot investigate.
Comment 18 Tiar 2019-09-16 19:09:12 UTC
This is definitely not fixed for me at: 7f3ce472e9b118911fe30cfc3c1e8943b505dfd0

Since not all people see that, I believe it's a bug in some of the dependencies. Wolthera, have you updated anything on your system recently?
Comment 19 wolthera 2019-09-21 14:36:50 UTC
If it is a bug in the dependancies, this is because I am running KDE Neon, so it might be in KFrameworks???
Comment 20 Halla Rempt 2020-01-10 14:04:35 UTC
I see 

#6  0x00007ffff2e0ba7c in QRegularExpression::match(QString const&, int, QRegularExpression::MatchType, QFlags<QRegularExpression::MatchOption>) const () at /usr/lib64/libQt5Core.so.5

In the gdb log, so it's the Qt 5.13 thread storage bug.

*** This bug has been marked as a duplicate of bug 410867 ***