Closed JanczarKurek closed 5 years ago
Works for me with kitty from master. I suggest you try it from there, or wait for the next release.
I tried master version, got this message:
"corrupted size vs. prev_size while consolidating fish: “python3 .” terminated by signal SIGABRT (Abort)"
Tested also on python3.6, got:
"munmap_chunk(): invalid pointer fish: “python3.6 .” terminated by signal SIGABRT (Abort)"
Looks suspicious to me.
Well without a way to replicate it there is not much I can do. You can build kitty in debug mode with make debug and produce a backtrace of the crash you get. Or better build it with make asan which should detect any memory related issues.
Also raporting this issue. I tried with master version and python 3.7.3, got double free or corruption (out)
and free(): corrupted unsorted chunks
.
I tried it on fresh install of arch linux in virtual machine, got same results.
Tested on Fedora, with python 3.7.3 and master.
Errors: munmap_chunk(): invalid pointer
and free(): corrupted unsorted chunks
.
Those error messages aren't very helpful. Is there some more verbose output that you guys didn't post?
No, but I have built kitty with sanitizers:
[arch@arch bin]$ ./kitty
[arch@arch bin]$ LD_PRELOAD=/usr/lib/libasan.so ./kitty
=================================================================
==29217==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 824096 byte(s) in 204 object(s) allocated from:
#0 0x7fc46f9faada in __interceptor_malloc /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:144
#1 0x7fc46f491508 in PyObject_Malloc (/usr/lib/libpython3.7m.so.1.0+0xe7508)
Direct leak of 1560 byte(s) in 3 object(s) allocated from:
#0 0x7fc46f9faada in __interceptor_malloc /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:144
#1 0x7fc46f492c27 (/usr/lib/libpython3.7m.so.1.0+0xe8c27)
Direct leak of 1554 byte(s) in 4 object(s) allocated from:
#0 0x7fc46f9faada in __interceptor_malloc /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:144
#1 0x7fc46f491fc6 in PyMem_Malloc (/usr/lib/libpython3.7m.so.1.0+0xe7fc6)
Direct leak of 96 byte(s) in 3 object(s) allocated from:
#0 0x7fc46f9faada in __interceptor_malloc /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:144
#1 0x7fc46f495735 in PyThread_allocate_lock (/usr/lib/libpython3.7m.so.1.0+0xeb735)
Indirect leak of 78525 byte(s) in 82 object(s) allocated from:
#0 0x7fc46f9faada in __interceptor_malloc /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:144
#1 0x7fc46f491508 in PyObject_Malloc (/usr/lib/libpython3.7m.so.1.0+0xe7508)
Indirect leak of 544 byte(s) in 1 object(s) allocated from:
#0 0x7fc46f9faada in __interceptor_malloc /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:144
#1 0x7fc46f492c27 (/usr/lib/libpython3.7m.so.1.0+0xe8c27)
SUMMARY: AddressSanitizer: 906375 byte(s) leaked in 297 allocation(s).
=================================================================
==29189==ERROR: AddressSanitizer: heap-use-after-free on address 0x61900029b478 at pc 0x7f83b1209308 bp 0x7ffe62892f90 sp 0x7ffe62892f80
READ of size 4 at 0x61900029b478 thread T0
#0 0x7f83b1209307 in scroll_filter_func kitty/graphics.c:614
#1 0x7f83b1221fe1 in filter_refs kitty/graphics.c:601
#2 0x7f83b1221fe1 in grman_scroll_images kitty/graphics.c:661
#3 0x7f83b12d1755 in screen_scroll kitty/screen.c:882
#4 0x7f83b12d4c85 in screen_handle_graphics_command kitty/screen.c:579
#5 0x7f83b129a969 in parse_graphics_code kitty/parse-graphics-command.h:318
#6 0x7f83b12b24e8 in dispatch_apc kitty/parser.c:872
#7 0x7f83b12b24e8 in _parse_bytes_watching_for_pending kitty/parser.c:1108
#8 0x7f83b12b7cf0 in do_parse_bytes kitty/parser.c:1226
#9 0x7f83b12b7cf0 in parse_worker kitty/parser.c:1281
#10 0x7f83b1187c3f in do_parse kitty/child-monitor.c:307
#11 0x7f83b1187c3f in parse_input kitty/child-monitor.c:379
#12 0x7f83b118832e in process_global_state kitty/child-monitor.c:914
#13 0x7f83b1189921 in do_state_check kitty/child-monitor.c:900
#14 0x7f83af1dce2b in dispatchTimers glfw/backend_utils.c:215
#15 0x7f83af1dd6d3 in pollForEvents glfw/backend_utils.c:315
#16 0x7f83af1b9295 in handleEvents glfw/x11_window.c:66
#17 0x7f83af1b936a in _glfwPlatformWaitEvents glfw/x11_window.c:2531
#18 0x7f83af199744 in _glfwPlatformRunMainLoop glfw/main_loop.h:30
#19 0x7f83af17a540 in glfwRunMainLoop glfw/init.c:344
#20 0x7f83b1206192 in run_main_loop kitty/glfw.c:1142
#21 0x7f83b117bc8f in main_loop kitty/child-monitor.c:954
#22 0x7f83b5fc50c9 in _PyMethodDef_RawFastCallKeywords (/usr/lib/libpython3.7m.so.1.0+0x10b0c9)
#23 0x7f83b5ffdb7e in _PyMethodDescr_FastCallKeywords (/usr/lib/libpython3.7m.so.1.0+0x143b7e)
#24 0x7f83b5ffdd13 (/usr/lib/libpython3.7m.so.1.0+0x143d13)
#25 0x7f83b603af8f in _PyEval_EvalFrameDefault (/usr/lib/libpython3.7m.so.1.0+0x180f8f)
#26 0x7f83b5fe9d17 in _PyEval_EvalCodeWithName (/usr/lib/libpython3.7m.so.1.0+0x12fd17)
#27 0x7f83b5feada2 in _PyFunction_FastCallKeywords (/usr/lib/libpython3.7m.so.1.0+0x130da2)
#28 0x7f83b5ffdc2f (/usr/lib/libpython3.7m.so.1.0+0x143c2f)
#29 0x7f83b603aef6 in _PyEval_EvalFrameDefault (/usr/lib/libpython3.7m.so.1.0+0x180ef6)
#30 0x7f83b5fe9d17 in _PyEval_EvalCodeWithName (/usr/lib/libpython3.7m.so.1.0+0x12fd17)
#31 0x7f83b5feada2 in _PyFunction_FastCallKeywords (/usr/lib/libpython3.7m.so.1.0+0x130da2)
#32 0x7f83b5ffdc2f (/usr/lib/libpython3.7m.so.1.0+0x143c2f)
#33 0x7f83b603aef6 in _PyEval_EvalFrameDefault (/usr/lib/libpython3.7m.so.1.0+0x180ef6)
#34 0x7f83b5feac02 in _PyFunction_FastCallKeywords (/usr/lib/libpython3.7m.so.1.0+0x130c02)
#35 0x7f83b5ffdc2f (/usr/lib/libpython3.7m.so.1.0+0x143c2f)
#36 0x7f83b603aef6 in _PyEval_EvalFrameDefault (/usr/lib/libpython3.7m.so.1.0+0x180ef6)
#37 0x7f83b5feac02 in _PyFunction_FastCallKeywords (/usr/lib/libpython3.7m.so.1.0+0x130c02)
#38 0x7f83b5ffdc2f (/usr/lib/libpython3.7m.so.1.0+0x143c2f)
#39 0x7f83b603aef6 in _PyEval_EvalFrameDefault (/usr/lib/libpython3.7m.so.1.0+0x180ef6)
#40 0x7f83b5feac02 in _PyFunction_FastCallKeywords (/usr/lib/libpython3.7m.so.1.0+0x130c02)
#41 0x7f83b5ffdc2f (/usr/lib/libpython3.7m.so.1.0+0x143c2f)
#42 0x7f83b603aef6 in _PyEval_EvalFrameDefault (/usr/lib/libpython3.7m.so.1.0+0x180ef6)
#43 0x7f83b5fe9d17 in _PyEval_EvalCodeWithName (/usr/lib/libpython3.7m.so.1.0+0x12fd17)
#44 0x7f83b5feaac9 in PyEval_EvalCodeEx (/usr/lib/libpython3.7m.so.1.0+0x130ac9)
#45 0x7f83b5feaaeb in PyEval_EvalCode (/usr/lib/libpython3.7m.so.1.0+0x130aeb)
#46 0x7f83b6035429 (/usr/lib/libpython3.7m.so.1.0+0x17b429)
#47 0x7f83b5fc5067 in _PyMethodDef_RawFastCallKeywords (/usr/lib/libpython3.7m.so.1.0+0x10b067)
#48 0x7f83b5fc5393 in _PyCFunction_FastCallKeywords (/usr/lib/libpython3.7m.so.1.0+0x10b393)
#49 0x7f83b5ffdd4b (/usr/lib/libpython3.7m.so.1.0+0x143d4b)
#50 0x7f83b603aef6 in _PyEval_EvalFrameDefault (/usr/lib/libpython3.7m.so.1.0+0x180ef6)
#51 0x7f83b5fe9d17 in _PyEval_EvalCodeWithName (/usr/lib/libpython3.7m.so.1.0+0x12fd17)
#52 0x7f83b5feada2 in _PyFunction_FastCallKeywords (/usr/lib/libpython3.7m.so.1.0+0x130da2)
#53 0x7f83b5ffdc2f (/usr/lib/libpython3.7m.so.1.0+0x143c2f)
#54 0x7f83b603aef6 in _PyEval_EvalFrameDefault (/usr/lib/libpython3.7m.so.1.0+0x180ef6)
#55 0x7f83b5fe9d17 in _PyEval_EvalCodeWithName (/usr/lib/libpython3.7m.so.1.0+0x12fd17)
#56 0x7f83b5feb44e in _PyFunction_FastCallDict (/usr/lib/libpython3.7m.so.1.0+0x13144e)
#57 0x7f83b60c2c73 (/usr/lib/libpython3.7m.so.1.0+0x208c73)
#58 0x7f83b60c414f (/usr/lib/libpython3.7m.so.1.0+0x20a14f)
#59 0x7f83b5f97515 in Py_Main (/usr/lib/libpython3.7m.so.1.0+0xdd515)
#60 0x564cf4c002fe in main (/home/v3ct0r/kitty/linux-package/bin/kitty+0x12fe)
#61 0x7f83b5d1dee2 in __libc_start_main (/usr/lib/libc.so.6+0x26ee2)
#62 0x564cf4c0042d in _start (/home/v3ct0r/kitty/linux-package/bin/kitty+0x142d)
0x61900029b478 is located 248 bytes inside of 1088-byte region [0x61900029b380,0x61900029b7c0)
freed by thread T0 here:
#0 0x7f83b650a6c0 in __interceptor_free /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:122
#1 0x7f83b1222346 in free_refs_data kitty/graphics.c:45
#2 0x7f83b1222346 in free_image kitty/graphics.c:61
#3 0x7f83b1222346 in remove_image kitty/graphics.c:98
#4 0x7f83b1222346 in filter_refs kitty/graphics.c:605
#5 0x7f83b1222346 in grman_scroll_images kitty/graphics.c:661
#6 0x7f83b12d1755 in screen_scroll kitty/screen.c:882
#7 0x7f83b12d4c85 in screen_handle_graphics_command kitty/screen.c:579
#8 0x7f83b129a969 in parse_graphics_code kitty/parse-graphics-command.h:318
#9 0x7f83b12b24e8 in dispatch_apc kitty/parser.c:872
#10 0x7f83b12b24e8 in _parse_bytes_watching_for_pending kitty/parser.c:1108
#11 0x7f83b12b7cf0 in do_parse_bytes kitty/parser.c:1226
#12 0x7f83b12b7cf0 in parse_worker kitty/parser.c:1281
#13 0x7f83b1187c3f in do_parse kitty/child-monitor.c:307
#14 0x7f83b1187c3f in parse_input kitty/child-monitor.c:379
#15 0x7f83b118832e in process_global_state kitty/child-monitor.c:914
#16 0x7f83b1189921 in do_state_check kitty/child-monitor.c:900
#17 0x7f83af1dce2b in dispatchTimers glfw/backend_utils.c:215
#18 0x7f83af1dd6d3 in pollForEvents glfw/backend_utils.c:315
#19 0x7f83af1b9295 in handleEvents glfw/x11_window.c:66
#20 0x7f83af1b936a in _glfwPlatformWaitEvents glfw/x11_window.c:2531
#21 0x7f83af199744 in _glfwPlatformRunMainLoop glfw/main_loop.h:30
#22 0x7f83af17a540 in glfwRunMainLoop glfw/init.c:344
#23 0x7f83b1206192 in run_main_loop kitty/glfw.c:1142
#24 0x7f83b117bc8f in main_loop kitty/child-monitor.c:954
#25 0x7f83b5fc50c9 in _PyMethodDef_RawFastCallKeywords (/usr/lib/libpython3.7m.so.1.0+0x10b0c9)
previously allocated by thread T0 here:
#0 0x7f83b650af40 in __interceptor_realloc /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:163
#1 0x7f83b120b4a4 in handle_put_command kitty/graphics.c:483
#2 0x7f83b12248da in grman_handle_command kitty/graphics.c:780
#3 0x7f83b12d4566 in screen_handle_graphics_command kitty/screen.c:574
#4 0x7f83b129a969 in parse_graphics_code kitty/parse-graphics-command.h:318
#5 0x7f83b12b24e8 in dispatch_apc kitty/parser.c:872
#6 0x7f83b12b24e8 in _parse_bytes_watching_for_pending kitty/parser.c:1108
#7 0x7f83b12b7cf0 in do_parse_bytes kitty/parser.c:1226
#8 0x7f83b12b7cf0 in parse_worker kitty/parser.c:1281
#9 0x7f83b1187c3f in do_parse kitty/child-monitor.c:307
#10 0x7f83b1187c3f in parse_input kitty/child-monitor.c:379
#11 0x7f83b118832e in process_global_state kitty/child-monitor.c:914
#12 0x7f83b1189921 in do_state_check kitty/child-monitor.c:900
#13 0x7f83af1dce2b in dispatchTimers glfw/backend_utils.c:215
#14 0x7f83af1dd6d3 in pollForEvents glfw/backend_utils.c:315
#15 0x7f83af1b9295 in handleEvents glfw/x11_window.c:66
#16 0x7f83af1b936a in _glfwPlatformWaitEvents glfw/x11_window.c:2531
#17 0x7f83af199744 in _glfwPlatformRunMainLoop glfw/main_loop.h:30
#18 0x7f83af17a540 in glfwRunMainLoop glfw/init.c:344
#19 0x7f83b1206192 in run_main_loop kitty/glfw.c:1142
#20 0x7f83b117bc8f in main_loop kitty/child-monitor.c:954
#21 0x7f83b5fc50c9 in _PyMethodDef_RawFastCallKeywords (/usr/lib/libpython3.7m.so.1.0+0x10b0c9)
SUMMARY: AddressSanitizer: heap-use-after-free kitty/graphics.c:614 in scroll_filter_func
Shadow bytes around the buggy address:
0x0c328004b630: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c328004b640: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c328004b650: fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c328004b660: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c328004b670: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0c328004b680: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]
0x0c328004b690: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c328004b6a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c328004b6b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c328004b6c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c328004b6d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==29189==ABORTING
Output of kitty --version
kitty 0.14.2 created by Kovid Goyal
Description
As in the title, after trying to display large number of files, kitty displays some of them, and then crashes.
Reproduction