haskell-gi-base >= 0.20.5, glib-gobject-critical, double free or corruption (fasttop)

[lettier]

Hello @garetxe

I've come across an odd memory issue with haskell-gi-base for versions >= 0.20.5.

The latest version that works is haskell-gi-base == 0.20.4.

Based on the change log, in version 0.20.5, it looks as though there was some work done regarding freeing memory.

To demonstrate the issue, I've carved up Move Monad into a minimal example.

Here is the crash log. Here is the output from GDB.

From what I can tell, the issue occurs when a GstMessage (Hackage Link) is freed.

Freeing a boxed object at 0x3157ba0 from idle callback [thread: 0x7fffc0008490]
	It is of type GstMessageClockLost

(movie-monad:18421): GLib-GObject-CRITICAL **: g_boxed_free: assertion 'G_TYPE_IS_BOXED (boxed_type)' failed

I believe part of the stack trace is the following.

https://github.com/haskell-gi/haskell-gi/blob/master/base/Data/GI/Base/ManagedPtr.hs#L296
https://github.com/haskell-gi/haskell-gi/blob/master/base/Data/GI/Base/ManagedPtr.hs#L299
https://github.com/haskell-gi/haskell-gi/blob/master/base/Data/GI/Base/ManagedPtr.hs#L279
https://github.com/haskell-gi/haskell-gi/blob/master/base/c/hsgclosure.c#L66
https://github.com/haskell-gi/haskell-gi/blob/master/base/c/hsgclosure.c#L57
https://github.com/GNOME/glib/blob/glib-2-0/gobject/gboxed.c#L394
https://github.com/GNOME/glib/blob/glib-2-0/gobject/gtype.c#L2589
https://github.com/GNOME/glib/blob/glib-2-0/gobject/gboxed.c#L394

Given this, GType gtype is not a boxed type.

From the debug information we know the GType is GstMessageClockLost but I cannot find any documentation about this GType and if it is a boxed type. From what I can find it is a GQuark string. I'm not too familiar with g_type_name but I would think that the GType would be GstMessage which is a boxed type based on the documentation page.

Looking at the GStreamer code, the GIR, and the generated code.

https://github.com/GStreamer/gstreamer/blob/master/gst/gstmessage.h#L188
https://github.com/GStreamer/gstreamer/blob/master/gst/gstmessage.h#L190
https://github.com/GStreamer/gstreamer/blob/master/gst/gstmessage.h#L346
https://github.com/GStreamer/gstreamer/blob/master/gst/gstmessage.c#L119
https://github.com/GStreamer/gstreamer/blob/master/gst/gstminiobject.h#L291
https://github.com/GStreamer/gstreamer/blob/master/gst/gstmessage.c#L120
https://github.com/GStreamer/gstreamer/blob/master/gst/gstmessage.c#L135

So it looks as though they programmatically define boxed GTypes based on the GQuark strings/names and provide an interface to the GType of the GstMessage via its GstMiniObject member.

    <record name="Message"
            c:type="GstMessage"
            glib:type-name="GstMessage"
            glib:get-type="gst_message_get_type"
            c:symbol-prefix="message">

instance BoxedObject Message where
    boxedType _ = c_gst_message_get_type

Curiously, I've only come across this issue on Debian based systems (except for one). The three Arch based systems and the single Fedora system I tested do not have the issue.

Affected Systems

• Deepin 15.4.1
  • GStreamer 1.12.1
  • GTK+3 3.22.17
  • Kernel 4.9.0
• Ubuntu 16.04
  • GStreamer 1.8.3
  • GTK+3 3.20.8
  • Kernel 4.9.31
• Linux Mint 18
  • GStreamer 1.8.0
  • GTK+3 3.18.9
  • Kernel 4.4.0
• Ubuntu 14.04
  • GStreamer 1.6.3
  • GTK+3 3.10.8
  • Kernel 4.4.0

Unaffected Systems

• Ubuntu 17.10
  • GStreamer 1.12.3
  • GTK+3 3.22.25
  • Kernel 4.13.0
• Manjaro 17.0.2
  • GStreamer 1.12.2
  • GTK+3 3.22.16
  • Kernel 4.9.39
• Manjaro 17.0.5
  • GStreamer 1.12.2
  • GTK+3 3.22.21
  • Kernel 4.9.50
• Arch Rolling
  • GStreamer 1.12.0
  • GTK+3 3.22.16
  • Kernel 4.13.9
• Fedora 27
  • GStreamer 1.12.3
  • GTK+3 3.22.24
  • Kernel 4.13.9

I tried different versions of GTK+3 and GStreamer (even using the unreleased GStreamer 1.13.0 version) but the only consistent change that reproduced the issue was moving haskell-gi-base from version 0.20.4 to 0.20.{5,6,7}.

This is what the minimal example looks like if it works.

Note that you'll need the GStreamer 1.0 base, good, and bad plugins to run the example.

👍

I've got the same issue, but I can get it just by running the example program from the readme.
I'm running Ubuntu Gnome 16.04.3, with GTK+3 3.18.9 and kernel 4.10.0
As above, the program runs normally in 0.20.4, but crashes in 0.20.7.

The program only crashes after clicking the button. The program gives the intended effect, then crashes ~2 seconds later. All default gtk behaviors work as normal.

If I remove the event handler for the button entirely, the program crashes on launch
If I remove the whole button, the program functions properly

The program also runs normally on the single-threaded runtime. It only crashes when I set ghc-options=-threaded

[garetxe]

Thanks for the very detailed reports! I cannot reproduce the crash, but I am using Fedora 27. I will install Ubuntu 16.4 in a VM and see if I can track the bug.

@lettier Can you reproduce the crashes @cjenn reports? The testcase is smaller there, so hopefully easier to understand.

[lettier]

Hello @garetxe

Yes I was able to reproduce @cjenn findings. After I click the "Click me" button it crashes.

👍

[garetxe]

Great, thanks for the confirmation.

I just installed Ubuntu 16.04 in a VM, and can reproduce the crash, this should make debugging much easier.

[garetxe]

@lettier I could not compile your minimal example (I get an error "Variable not in scope: invalidVideoWidgetName"), but in any case there is a good chance that 29cd870 will fix the crash. It does seem to fix the crash in the example program at least. Could you please try?

Thanks!

[lettier]

Hello @garetxe

My apologies. I didn't copy over the let invalidVideoWidgetName = "invalidVideoWidgetName" line to the gist.

By doing the following, I can no longer reproduce the crash.

git clone https://github.com/haskell-gi/haskell-gi.git
cd movie-monad
cabal sandbox init
cabal sandbox add-source ../haskell-gi
cabal sandbox add-source ../haskell-gi/base
caball install --dependencies-only && cabal install -j
cabal sandbox hc-pkg list | grep -i haskell-gi-base
    haskell-gi-base-0.20.7
./.cabal-sandbox/bin/movie-monad

Will you be deprecating 0.20.{5,6,7} in favor of 0.20.8?

Thank you for fixing the issue. This is great.

👍

[garetxe]

Great, thanks for checking. I just released haskell-gi-base-0.20.8 with the fix.

Will you be deprecating 0.20.{5,6,7} in favor of 0.20.8?

Good idea, thanks! Done.