development version crashes intermittently on startup

[jdchristensen]

Is there an existing issue for this?

• I checked and did not find my issue in the already reported ones

Describe the bug

I tried a development build to test #21033. It crashes about 10-20% of the time after closing the new welcome dialog. (Tested with empty config dir.) I have attached a non-debug backtrace for this.

I rebuilt on master, without the small changes in #21033, and with debug symbols. Now I can't reproduce that crash, but around 5-10% of the time I get a crash earlier, while the splash screen is being displayed. The crash varies from a free error to a SIGSEGV. I have attached one backtrace. The version for this is 5.5.0+1283~g4b146e78f7.

The gi-man comment in PR #20456 ("I also had a random segfault on my first start that is no longer happening") could be the same issue.

Steps to reproduce

Start darktable with a fresh config dir, and close the welcome window when it appears. Repeat if no crash.

Expected behavior

No response

Logfile | Screenshot | Screencast

welcome-backtrace.txt
splash_backtrace.txt

Commit

No response

Where did you obtain darktable from?

self compiled

darktable version

5.5.0+1283~g4b146e78f7

What OS are you using?

Linux

What is the version of your OS?

Ubuntu 24.04

Describe your system

Linux x86_64, Ubuntu 24.04 (Noble), GTK 3.24, Gnome, X11.

Are you using OpenCL GPU in darktable?

Yes

If yes, what is the GPU card and driver?

Intel UHD Graphics (TigerLake-H GT1), integrated, driver i915 and NVIDIA GeForce RTX 3050 Ti Laptop GPU, discrete, driver nvidia version 580.142

Please provide additional context if applicable. You can attach files too, but might need to rename to .txt or .zip

I have no idea if this is accurate, but here is what Claude Code said about the welcome crash:

The crash is in GTK's widget disposal chain, triggered by destroying the welcome screen window. The free() is called on an address in the shared library mapping range (0x7ffff71c6b40), not the heap — consistent with a GLib slice-allocated pointer being freed via the wrong allocator.

About the splash screen crash:

Found it. script_manager.lua creates GTK widgets at module load time — dt.new_widget("entry") at lines 1427 and 1433, plus many others throughout. When luarc does require "tools/script_manager" from the Lua background thread during the splash screen phase, all those widget constructors run immediately.

The backtrace shows get_widget_params calling gtk_widget_new for an entry widget (frame #16: widget_type = <entry_type>). The crash: realloc(): invalid pointer on 0x7ffff71c6b40 — the same address as in the welcome screen crash, just a different allocator operation (realloc vs free).

That address appearing in both crashes is the key clue. It points to a GLib-internal pointer (likely in the type system's instance allocation tables) that's been corrupted or is pointing into shared-library address space rather than the heap. The two crashes are probably symptoms of the same root corruption, just hitting it at different points.

[gi-man]

I haven't had a start up crash in a while. I use the master branch of dt almost daily. The only crash I had recently is the Wayland when the computer returns from sleep (#20693)

Make sure you have a good build environment and update the submodules. Also check that Lua is up to date.

[jdchristensen]

@gi-man Have you tested frequently with an empty config dir? I can only reproduce the crashes with an empty config dir. The submodules are up-to-date, and since this is a first run, I don't think I have an opportunity to update lua scripts before the crash.

[da-phil]

Just to make sure my recently merged PR is not the rootcause: can you please revert it by the following git command:

git revert aecfb6d71d9624624bef720455be39402c731ead

and re-build DT to test if the problem is still there?

[jdchristensen]

git revert aecfb6d

I still get the crashes after reverting #20765 . I started darktable 10 times, and once got a crash during the splash screen, and once after closing the welcome window. This is with a debug build (-DCMAKE_BUILD_TYPE=RelWithDebInfo).

[da-phil]

I tried to reproduce the issue myself on latest master, but could not after 12 tries.
Following your instruction:

Start darktable with a fresh config dir, and close the welcome window when it appears. Repeat if no crash.

I created a new config folder /tmp/darktable-config/

And started darktable as darktable --configdir /tmp/darktable-config

The only dubious output lines were the following:

sh: 1: cd: can't cd to /tmp/darktable-config/lua
sh: 1: cd: can't cd to /tmp/darktable-config/lua
find: ‘/tmp/darktable-config/lua’: No such file or directory

CC: @wpferguson

[jdchristensen]

I just ran this again, re-using the config dir created in a previous run (but with an immediate exit after starting), and got another crash. I have attached a new backtrace, using the file that darktable created. (My previous backtraces were saved using gdb.)

darktable_bt_TAH6O3.txt

[wpferguson]

@da-phil my argument for why directory names should be one word with no punctuation or special characters 😄. Unfortunately the rest of the world doesn't seem to agree 😄

I'll fix

EDIT: I can't reproduce with 5.5.0+1276~g6064ac4a6e, using the bundled scripts or using the downloaded ones

EDIT 2: Tried 5.5.0+1309~g8b27a5206e, and everything still works fine. I'll look at the code and make sure I'm sanitizing any string matches to escape Lua pattern matching characters (such as -)

[stnKrisna]

Im on a mac, so I can't test this.

The crash happened somewhere within dtgtk_side_panel_get_preferred_width. Some panel (or child of it) returns bad pointer. This will be hard to debug as the only information to the widget we have is widget=0x617dc4b0f4f0.

What does valgrind or gdb say? Can gdb help find root/name of the widget?

EDIT: @jdchristensen Can you add null check to dtgtk_side_panel_get_preferred_width? Something like this perhaps?

GtkWidgetClass *parent = GTK_WIDGET_CLASS(dtgtk_side_panel_parent_class);
if(parent && parent->get_preferred_width)
    parent->get_preferred_width(widget, minimum_size, natural_size);
else
    // do something here

and print/breakpoint on the else statement?

EDIT 2: darktable_bt_TAH6O3 is not the same as welcome-backtrace.txt / splash_backtrace.txt. Its caused by "free(): invalid pointer" on memory address mem=0x7ffff71c6b40.

Crash point is also different between welcome-backtrace and splash_backtrace.
splash_backtrace fails at darktable/src/lua/call.c:136, while
welcome-backtrace fails at darktable/src/common/darktable.c:2062

crash_comparison.pdf

[jdchristensen]

@stnKrisna The errors vary, sometimes a free() error, sometimes SIGSEGV, etc. And the timing varies too, sometimes it happens during the splash screen, and sometimes when I close the welcome dialog. If you can suggest something specific to do to debug this, I'll do it. E.g. with your proposed null check, what should I do in the else clause, and what should I do in gdb to get useful information here? I can also just run the existing code within gdb and trigger the error, so if there is something I can do then besides just printing the backtrace, let me know.

[jdchristensen]

@da-phil @wpferguson I tested using /tmp/darktable-config as the config dir and didn't see any lua warnings, even with -d lua. @da-phil , if you can reproduce, can you create a separate issue for this?

[gi-man]

@jdchristensen It will be better if you do a logfile instead of a backtrace. Start with -d common then -d all if that doesnt point to the source.

[jdchristensen]

@gi-man I have attached the -d common log output after a crash that happened after I closed the welcome dialog. This time, darktable didn't produce a backtrace file. Let me know if I should do -d all. This happened with 4b146e7 using a debug build. The command I repeat is

rm -f config/*; /scratch/jdc/darktable/build/bin/darktable --configdir /t/test-darktable-dev/config -d common > /t/dt-logs/crash.txt 2>&1

but in this case it happened on the first attempt.

I'm going to try rebooting my laptop in case something is messed up with the graphics card/drivers.

crash.txt

[jdchristensen]

After a reboot, it still happens. As usual, the exact error varies. Here's the log with -d all.

crash3-all.txt

[gi-man]

The log says you are at: darktable 5.5.0+1284~g1092f8a16b I cant find that commit.

You say in your original post that you are at: 5.5.0+1283~g4b146e78f7

I recommend you go back and rm your build folder and ensure you are at the current master head (8b27a52). Maybe use: git fetch origin && git reset --hard origin/master && git clean -f -d and git status

[jdchristensen]

I tested with 4b146e7 and also after reverting the commit that @da-phil asked me to, and got crashes with both. I think the phantom commit you are seeing is from after I added a reverting commit. I've now tested with the OBS binary built for 24.04 and I got a crash on my first start up with that one, before the welcome dialog appeared. So we can rule out my build set-up. This is the link I used:
https://download.opensuse.org/repositories/graphics:/darktable:/master/xUbuntu_24.04/amd64/darktable_5.5.0~git1309.8b27a520-1+14252.1_amd64.deb