Bug 1081055 - segfault / error 5 in libQtCore.so.4.8.5 (psi-plus killed by SIGSEGV)
Summary: segfault / error 5 in libQtCore.so.4.8.5 (psi-plus killed by SIGSEGV)
Keywords:
Status: CLOSED CANTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: qt
Version: 20
Hardware: x86_64
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Orphan Owner
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-03-26 14:57 UTC by Raphael Groner
Modified: 2014-03-29 18:43 UTC (History)
11 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-03-26 15:42:59 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)
backtrace (90.51 KB, text/plain)
2014-03-26 14:59 UTC, Raphael Groner
no flags Details
core_backtrace (41.85 KB, text/plain)
2014-03-26 15:00 UTC, Raphael Groner
no flags Details
dso_list (23.83 KB, text/plain)
2014-03-26 15:16 UTC, Raphael Groner
no flags Details
environ (2.54 KB, text/plain)
2014-03-26 15:20 UTC, Raphael Groner
no flags Details
event_log (5.19 KB, application/octet-stream)
2014-03-26 15:22 UTC, Raphael Groner
no flags Details
limits (1.29 KB, text/plain)
2014-03-26 15:23 UTC, Raphael Groner
no flags Details
maps (111.76 KB, text/plain)
2014-03-26 15:24 UTC, Raphael Groner
no flags Details
open_fds (2.57 KB, text/plain)
2014-03-26 15:25 UTC, Raphael Groner
no flags Details
var_log_messages (359 bytes, application/octet-stream)
2014-03-26 15:26 UTC, Raphael Groner
no flags Details

Description Raphael Groner 2014-03-26 14:57:10 UTC
Description of problem:
Psi+ is the development branch of Psi, the famous XMPP/Jabber client. Since I start to press some keys while the popup is active and the main window visible, a crash happens somewhere in QEventLoop, so I am unsure how to reproduce for sure.

Version-Release number of selected component (if applicable):


How reproducible:
maybe

Steps to Reproduce:
1. receive a notification popup
2. try to press any keys
3.

Actual results:
crash

Expected results:
no crash

Additional info:
see attached logs

Comment 1 Raphael Groner 2014-03-26 14:59:24 UTC
Created attachment 879029 [details]
backtrace

Comment 2 Raphael Groner 2014-03-26 15:00:01 UTC
Created attachment 879030 [details]
core_backtrace

Comment 3 Raphael Groner 2014-03-26 15:16:27 UTC
Created attachment 879037 [details]
dso_list

Comment 4 Raphael Groner 2014-03-26 15:20:42 UTC
Created attachment 879040 [details]
environ

Comment 5 Raphael Groner 2014-03-26 15:22:07 UTC
Created attachment 879041 [details]
event_log

Comment 6 Raphael Groner 2014-03-26 15:23:53 UTC
Created attachment 879042 [details]
limits

Comment 7 Raphael Groner 2014-03-26 15:24:27 UTC
Created attachment 879053 [details]
maps

Comment 8 Raphael Groner 2014-03-26 15:25:16 UTC
Created attachment 879054 [details]
open_fds

Comment 9 Raphael Groner 2014-03-26 15:26:08 UTC
Created attachment 879055 [details]
var_log_messages

Comment 10 Rex Dieter 2014-03-26 15:42:59 UTC
Looks like a genuine psi-plus crash to me, and since psi-plus isn't yet in fedora, marking CANTFIX (for now).

Thread 1 (Thread 0x7f73282568c0 (LWP 1945)):
#0  0x0000003569b97df9 in QObject::disconnect (sender=0x6918280, signal=0x6a36109 "destroyed()", signal@entry=0xa05850 "2destroyed()", receiver=receiver@entry=0x58ce9f0, method=0x4450cb9 "eventDestroyed()", method@entry=0xa26b2d "1eventDestroyed()") at kernel/qobject.cpp:2891
        method_name = {static shared_null = {ref = {_q_value = 1}, alloc = 0, size = 0, data = 0xe64898 "", array = ""}, static shared_empty = {ref = {_q_value = 22}, alloc = 0, size = 0, data = 0x3569eea798 <QByteArray::shared_empty+24> "", array = ""}, d = 0x4450ca0}
        method_arg = 0xa26b2d "1eventDestroyed()"
        membcode = <optimized out>
        method_found = false
        signal_arg = 0xa05850 "2destroyed()"
        signal_name = {static shared_null = {ref = {_q_value = 1}, alloc = 0, size = 0, data = 0xe64898 "", array = ""}, static shared_empty = {ref = {_q_value = 22}, alloc = 0, size = 0, data = 0x3569eea798 <QByteArray::shared_empty+24> "", array = ""}, d = 0x6a360f0}
        signal_found = false
        res = false
        smeta = 0x7fff8ad609b0
#1  0x000000000086feb3 in PsiDBusNotifier::readyToDie (this=this@entry=0x58ce9f0) at psidbusnotifier.cpp:406

Comment 11 Kevin Kofler 2014-03-26 22:10:56 UTC
Looks like PsiDBusNotifier::readyToDie() is being called on an already deleted PsiDBusNotifier, so the disconnect (that gets passed the no longer valid "this" pointer) crashes.

Valgrind should be able to tell you where the offending delete happens, and it should be changed to a deleteLater.

(As Rex wrote, this is almost certainly not a bug in Qt.)


Note You need to log in before you can comment on or make changes to this bug.