Bug 1291003 - qt-5.5 segfault on QFileDialog without parent
qt-5.5 segfault on QFileDialog without parent
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: qt5-qtbase (Show other bugs)
23
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Ngo Than
Fedora Extras Quality Assurance
:
: 1285615 1290988 1290993 1291019 1291712 1291942 1292355 1292477 1293098 1293494 1293751 1293758 1294351 1294985 1295074 1295086 1295966 1296957 (view as bug list)
Depends On: qt-5.6
Blocks: 977116
  Show dependency treegraph
 
Reported: 2015-12-12 11:20 EST by Pavel Alexeev
Modified: 2016-01-11 07:23 EST (History)
45 users (show)

See Also:
Fixed In Version: qt5-qtbase-5.5.1-11.fc23 qt5-qtbase-5.5.1-11.fc22
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-01-07 14:53:31 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Test case for bug (1.44 KB, application/zip)
2015-12-14 10:52 EST, Silas Parker
no flags Details
File: backtrace (35.20 KB, text/plain)
2015-12-19 13:09 EST, Abhishek Gupta
no flags Details
gap-stopper from the 5.5 branch (1.18 KB, application/mbox)
2015-12-31 07:51 EST, Pavel S.
no flags Details
spec for gap-stopper (45.91 KB, text/plain)
2015-12-31 07:52 EST, Pavel S.
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
Qt Bug Tracker QTBUG-50081 None None None 2016-01-01 14:54 EST

  None (edit)
Description Pavel Alexeev 2015-12-12 11:20:25 EST
Description of problem:

Problem was initially reported by me to pgmodeler upstream (submitted on review) - https://github.com/pgmodeler/pgmodeler/issues/777

According to our discuss crash in QT:
Program received signal SIGSEGV, Segmentation fault.
0x00007fffe259ef08 in QXcbWindow::setParent (this=0x555555e891d0, parent=0x0) at qxcbwindow.cpp:1499
1499            xcb_parent_id = xcbScreen()->root();
Missing separate debuginfos, use: dnf debuginfo-install bzip2-libs-1.0.6-17.fc23.x86_64 flac-libs-1.3.1-5.fc23.x86_64 libgcc-5.1.1-4.fc23.x86_64 libstdc++-5.1.1-4.fc23.x86_64 postgresql95-libs-9.5-beta2_1PGDG.f23.x86_64
(gdb) bt
#0  0x00007fffe259ef08 in QXcbWindow::setParent(QPlatformWindow const*) (this=0x555555e891d0, parent=0x0) at qxcbwindow.cpp:1499
#1  0x00007ffff53e78bb in QWindow::setParent(QWindow*) (this=0x555557359750, parent=parent@entry=0x55555702f450) at kernel/qwindow.cpp:614
#2  0x00007ffff5bc25d5 in QWidgetPrivate::setParent_sys(QWidget*, QFlags<Qt::WindowType>) (this=this@entry=0x555557008d60, newparent=newparent@entry=0x555556e5f780, f=...) at kernel/qwidget.cpp:10543
#3  0x00007ffff5bcdfda in QWidget::setParent(QWidget*, QFlags<Qt::WindowType>) (this=this@entry=0x555555c96e30, parent=parent@entry=0x555556e5f780, f=...) at kernel/qwidget.cpp:10398
#4  0x00007ffff5bcf0cc in QWidget::setParent(QWidget*) (this=this@entry=0x555555c96e30, parent=parent@entry=0x555556e5f780) at kernel/qwidget.cpp:10334
#5  0x00007ffff5cb511c in QDialogButtonBox::addButton(QAbstractButton*, QDialogButtonBox::ButtonRole) (this=0x555556e5f780, button=0x555555c96e30, role=role@entry=QDialogButtonBox::AcceptRole)
    at widgets/qdialogbuttonbox.cpp:761

And by documentation (http://doc.qt.io/qt-5/qfiledialog.html) parent should be optional.
Comment 1 Silas Parker 2015-12-14 10:52 EST
Created attachment 1105603 [details]
Test case for bug

Added testcase for this bug, it also appears to happen when the parent pointer is set.

It appears to be intermittent, it may take several attempts before it crashes. Seems more likely to crash if dialog is opened shortly after the application is launched.

The backtrace produced by this test case is similar to the one above. The segault occurs as xcbScreen() returns a null pointer.
Comment 2 Jan Grulich 2015-12-16 08:10:16 EST
*** Bug 1291019 has been marked as a duplicate of this bug. ***
Comment 3 Paul Black 2015-12-18 04:52:28 EST
I've seen the same with kate and my own applications.
Comment 4 Abhishek Gupta 2015-12-19 13:09:41 EST
Another user experienced a similar problem:

I was looking for required details to configire WPA2 Enterprise security,

reporter:       libreport-2.6.3
backtrace_rating: 4
cmdline:        /usr/bin/kde5-nm-connection-editor
crash_function: QXcbWindow::setParent
executable:     /usr/bin/kde5-nm-connection-editor
global_pid:     28921
kernel:         4.2.7-300.fc23.x86_64
package:        plasma-nm-5.5.0-2.fc23
reason:         kde5-nm-connection-editor killed by SIGSEGV
runlevel:       N 5
type:           CCpp
uid:            1000
Comment 5 Abhishek Gupta 2015-12-19 13:09:54 EST
Created attachment 1107787 [details]
File: backtrace
Comment 6 Rex Dieter 2015-12-20 09:02:50 EST
I *suspect* this may be fixed in qt-5.6 (I get warnings, but no crashes running kate using 5.6-beta), tentatively marking it so.
Comment 7 Pavel S. 2015-12-26 03:57:25 EST
1293098, 1293494, 1293494, 1290993, 1291426, 1293758, 1292477, 1292355, 1291942, 1285615, 1290988 are all duplicates of this one

The bug itself is caused by the assumption, that a window always has a screen - which turned out to be false, IIRC, thus why upstream fixed this with a gap-stopper in the 5.5 branch:
37b7c5164c830458ea833d3757ca94cb7bebcb3a

The 5.6 branch has a proper fix that reverts all the gap-stoppers:
a094af001795c9651b299d700a992150d1aba33a

This bug is pretty annoying and will affect every application that uses QDialogButtonBox, so it would be nice to have it fixed before 5.6 is merged (i.e. before February or whenever afterwards it will happen)
Comment 8 Pavel S. 2015-12-31 07:51 EST
Created attachment 1110768 [details]
gap-stopper from the 5.5 branch

37b7c5164c830458ea833d3757ca94cb7bebcb3a
Comment 9 Pavel S. 2015-12-31 07:52 EST
Created attachment 1110769 [details]
spec for gap-stopper
Comment 10 Pavel S. 2015-12-31 08:01:48 EST
I have been using the gap-stopper for several days and it seems to do the trick for now. I posted the required files, so anyone interested can fix their system until the maintainer(|s) ha(s|ve) time to decide how to proceed. The relevant qt commit is http://code.qt.io/cgit/qt/qtbase.git/commit/?h=5.5&id=37b7c5164c830458ea833d3757ca94cb7bebcb3a
Comment 11 Rex Dieter 2015-12-31 10:36:56 EST
Hrm, that commit was supposed to be included in Qt 5.5.1 release, I'll dig to try to find out why/how that didn't get included
Comment 12 Rex Dieter 2015-12-31 10:52:47 EST
OK, I've found that the experimental patch as part of work from bug #1083664
 which is a backport from
https://codereview.qt-project.org/#/c/138201/

here,
http://pkgs.fedoraproject.org/cgit/qt5-qtbase.git/tree/138201.patch?h=f23

removes that check here, among others.


I suppose we could consider adjusting it as done in comment #10
Comment 13 Rex Dieter 2016-01-01 23:29:36 EST
*** Bug 1295086 has been marked as a duplicate of this bug. ***
Comment 14 Rex Dieter 2016-01-01 23:30:13 EST
*** Bug 1295074 has been marked as a duplicate of this bug. ***
Comment 15 Rex Dieter 2016-01-01 23:30:23 EST
*** Bug 1294985 has been marked as a duplicate of this bug. ***
Comment 16 Rex Dieter 2016-01-01 23:30:45 EST
*** Bug 1290988 has been marked as a duplicate of this bug. ***
Comment 17 Rex Dieter 2016-01-01 23:31:25 EST
*** Bug 1294351 has been marked as a duplicate of this bug. ***
Comment 18 Rex Dieter 2016-01-01 23:32:04 EST
*** Bug 1291712 has been marked as a duplicate of this bug. ***
Comment 19 Rex Dieter 2016-01-01 23:32:22 EST
*** Bug 1293494 has been marked as a duplicate of this bug. ***
Comment 20 Rex Dieter 2016-01-01 23:32:35 EST
*** Bug 1293758 has been marked as a duplicate of this bug. ***
Comment 21 Rex Dieter 2016-01-01 23:32:55 EST
*** Bug 1293751 has been marked as a duplicate of this bug. ***
Comment 22 Rex Dieter 2016-01-01 23:33:10 EST
*** Bug 1292355 has been marked as a duplicate of this bug. ***
Comment 23 Rex Dieter 2016-01-01 23:33:30 EST
*** Bug 1293098 has been marked as a duplicate of this bug. ***
Comment 24 Rex Dieter 2016-01-01 23:34:00 EST
*** Bug 1290993 has been marked as a duplicate of this bug. ***
Comment 25 Rex Dieter 2016-01-01 23:34:13 EST
*** Bug 1292477 has been marked as a duplicate of this bug. ***
Comment 26 Rex Dieter 2016-01-01 23:34:31 EST
*** Bug 1291942 has been marked as a duplicate of this bug. ***
Comment 27 Rex Dieter 2016-01-01 23:35:22 EST
*** Bug 1285615 has been marked as a duplicate of this bug. ***
Comment 28 Ken Imura 2016-01-02 11:03:12 EST
Another user experienced a similar problem:

pasted text into KWrite, clicked "Save As..." button.
problem is repeateble on my machine
issue also occurs when siply opening kwrite and immediately ckicking "Save As..." or using Ctrl+Shift+s

reporter:       libreport-2.6.3
backtrace_rating: 4
cmdline:        /usr/bin/kwrite
crash_function: QXcbWindow::setParent
executable:     /usr/bin/kwrite
global_pid:     4726
kernel:         4.2.8-200.fc22.x86_64
package:        kwrite-15.04.3-1.fc22
reason:         kwrite killed by SIGSEGV
runlevel:       N 5
type:           CCpp
uid:            1000
Comment 29 Pavel Alexeev 2016-01-02 14:31:53 EST
Rex if I understand correctly fix incorporated. Could you please make update of package?
Comment 30 Rex Dieter 2016-01-03 14:55:45 EST
That's not a fix (at best an only slightly tested workaround).

Upstream is working on a different approach, see
https://bugreports.qt.io/browse/QTBUG-50081
and
https://codereview.qt-project.org/#/c/144896/
Comment 31 thanosk 2016-01-04 01:40:20 EST
Another user experienced a similar problem:

was trying to save a file I had just created by pressing Ctrl+S 

reporter:       libreport-2.6.3
backtrace_rating: 4
cmdline:        /usr/bin/kate /tmp/fz3temp-1/party_crystal.c
crash_function: QXcbWindow::setParent
executable:     /usr/bin/kate
global_pid:     3844
kernel:         4.2.8-200.fc22.i686+PAE
package:        kate-15.04.3-1.fc22
reason:         kate killed by SIGSEGV
runlevel:       N 5
type:           CCpp
uid:            1000
Comment 32 axoloti 2016-01-04 11:49:01 EST
Another user experienced a similar problem:

using codeblocks in debugger, I stopped debugger without closing files and Cpp11 string objects. I may have contaminated the heap. then opened kwrite which crashed.

reporter:       libreport-2.6.3
backtrace_rating: 4
cmdline:        /usr/bin/kwrite
crash_function: QXcbWindow::setParent
executable:     /usr/bin/kwrite
global_pid:     2306
kernel:         4.2.8-200.fc22.x86_64
package:        kwrite-15.04.3-1.fc22
reason:         kwrite killed by SIGSEGV
runlevel:       N 5
type:           CCpp
uid:            1000
Comment 33 axoloti 2016-01-04 12:13:46 EST
Another user experienced a similar problem:

Update on last post about codeblocks and heap damage:
1) Rebooted system, launched codeblocks, coppied about 20-lines of code from codeblocks editor, saved to disk, kwrite crashed. There is no possibillity of system heap damage from this action.
2) while problem reporting system was reporting, opened an unrelated file using dolphin into kwrite. saved this unrelated file with a different file name. kwrite worked as expected (no crash).
3) conclusion, something to do with unprintable characters in codeblocks.

reporter:       libreport-2.6.3
backtrace_rating: 4
cmdline:        /usr/bin/kwrite
crash_function: QXcbWindow::setParent
executable:     /usr/bin/kwrite
global_pid:     4732
kernel:         4.2.8-200.fc22.x86_64
package:        kwrite-15.04.3-1.fc22
reason:         kwrite killed by SIGSEGV
runlevel:       N 5
type:           CCpp
uid:            1000
Comment 34 Kirys 2016-01-04 12:31:57 EST
While a fix is searched what should I downgrade (in my fedora 22) to go back in a state where the open/save dialogs works?
Comment 35 Sergio Monteiro Basto 2016-01-04 14:36:05 EST
Another user experienced a similar problem:

just click on add source files and app crash with this backtrace 

reporter:       libreport-2.6.3
backtrace_rating: 4
cmdline:        mkvtoolnix-gui
crash_function: QXcbWindow::setParent
executable:     /usr/bin/mkvtoolnix-gui
global_pid:     2734
kernel:         4.2.8-300.fc23.x86_64
package:        mkvtoolnix-gui-8.6.1-1.fc23
reason:         mkvtoolnix-gui killed by SIGSEGV
runlevel:       N 5
type:           CCpp
uid:            500
Comment 36 Germano Massullo 2016-01-06 04:53:16 EST
*** Bug 1295966 has been marked as a duplicate of this bug. ***
Comment 37 Fedora Update System 2016-01-06 07:06:55 EST
qt5-qtbase-5.5.1-11.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-4899ebd424
Comment 38 Fedora Update System 2016-01-06 07:07:51 EST
qt5-qtbase-5.5.1-11.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2016-e81f52ffe7
Comment 39 Fedora Update System 2016-01-06 07:07:51 EST
qt5-qtbase-5.5.1-11.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2016-e81f52ffe7
Comment 40 Fabio Correa 2016-01-06 22:03:15 EST
Another user experienced a similar problem:

Baloo file is disabled via console. Went to its systemsettings module and casually decided to remove a lonely entry in the exceptions list. The Enable File Search box was automatically checked and then the program crashed.

reporter:       libreport-2.6.3
backtrace_rating: 4
cmdline:        /usr/bin/systemsettings5
crash_function: QXcbWindow::setParent
executable:     /usr/bin/systemsettings5
global_pid:     6924
kernel:         4.2.8-300.fc23.x86_64
package:        plasma-systemsettings-5.5.1-1.fc23
reason:         systemsettings5 killed by SIGSEGV
runlevel:       N 5
type:           CCpp
uid:            1000
Comment 41 Fedora Update System 2016-01-06 23:54:41 EST
qt5-qtbase-5.5.1-11.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-4899ebd424
Comment 42 Fedora Update System 2016-01-07 00:24:24 EST
qt5-qtbase-5.5.1-11.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-e81f52ffe7
Comment 43 Kirys 2016-01-07 04:46:04 EST
the update seems to work for me (f22)
Comment 44 Pavel Alexeev 2016-01-07 08:46:05 EST
No I see a lots of
0x55a9cc007880 void QWindowPrivate::setTopLevelScreen(QScreen*, bool) ( QScreen(0x55a9cb464530) ): Attempt to set a screen on a child window.
0x55a9cc007ce0 void QWindowPrivate::setTopLevelScreen(QScreen*, bool) ( QScreen(0x55a9cb464530) ): Attempt to set a screen on a child window.
0x55a9cc008140 void QWindowPrivate::setTopLevelScreen(QScreen*, bool) ( QScreen(0x55a9cb464530) ): Attempt to set a screen on a child window.
0x55a9cc008500 void QWindowPrivate::setTopLevelScreen(QScreen*, bool) ( QScreen(0x55a9cb464530) ): Attempt to set a screen on a child window.


but it does not segfaults.

Thank you.
Comment 45 Fedora Update System 2016-01-07 14:53:12 EST
qt5-qtbase-5.5.1-11.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Comment 46 Rex Dieter 2016-01-08 09:42:45 EST
*** Bug 1296957 has been marked as a duplicate of this bug. ***
Comment 47 David Tonhofer 2016-01-10 11:51:13 EST
Another user experienced a similar problem:

1) Start kwrite
2) Do not even type anything
3) Immediately proceed to save
4) Crash (It is the save that does it)

reporter:       libreport-2.6.3
backtrace_rating: 4
cmdline:        /usr/bin/kwrite
crash_function: QXcbWindow::setParent
executable:     /usr/bin/kwrite
global_pid:     15580
kernel:         4.2.8-200.fc22.x86_64
package:        kwrite-15.04.3-1.fc22
reason:         kwrite killed by SIGSEGV
runlevel:       N 5
type:           CCpp
uid:            1000
Comment 48 Fedora Update System 2016-01-11 07:23:00 EST
qt5-qtbase-5.5.1-11.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.