1401638 – QDBusConnection segfault in libQt5Core.so.5.7.0

Bug 1401638 - QDBusConnection segfault in libQt5Core.so.5.7.0

Summary: QDBusConnection segfault in libQt5Core.so.5.7.0

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	qt5-qtbase
Sub Component:
Version:	25
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Than Ngo
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-12-05 18:52 UTC by Hin-Tak Leung
Modified:	2017-07-23 22:55 UTC (History)
CC List:	5 users (show)
Fixed In Version:	qt5-qtbase-5.7.1-19.fc26 qt5-qtbase-5.7.1-19.fc25
Clone Of:
Environment:
Last Closed:	2017-07-20 15:54:48 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Hin-Tak Leung 2016-12-05 18:52:28 UTC

Description of problem:
It has been going on for years now. Running ebook-viewer on any epub. It always segfaults on close.

I have had this problem for years, just haven't been bothered enough to filea bug. It segfault on close so all it does is that it generates a corefile under abrt and needing clean-up, does not affect usage.

Version-Release number of selected component (if applicable):
$ rpm -qf /usr/lib64/libQt5Core.so.5.7.0
qt5-qtbase-5.7.0-3.fc25.x86_64
$ rpm -qf /usr/bin/ebook-viewer 
calibre-2.69.0-1.fc25.x86_64

How reproducible:
ALways, for years.

Steps to Reproduce:
1. ebook-viewer any.epub
2. click menu button to close window.
3.

Actual results:
Segfault - 

$ ebook-viewer any.epub 
WARNING: Failed to unpickle stored config object, ignoring
Segmentation fault (core dumped)
$ dmesg
[81660.142660] QDBusConnection[12661]: segfault at 7f53941c0aa0 ip 00007f53b341687d sp 00007f538f7fdb80 error 4 in libQt5Core.so.5.7.0[7f53b31a6000+477000]
[82236.971904] QDBusConnection[13084]: segfault at 7f14f41ce790 ip 00007f151602587d sp 00007f14f6781b80 error 4 in libQt5Core.so.5.7.0[7f1515db5000+477000]

Expected results:
Don't segfault on close.


Additional info:
I think this behavior started when I choose not to modify/save current position in ebook-viewer. I just do not like ebook-viewer modifying epub's.

That may be related to the warning message too:
"WARNING: Failed to unpickle stored config object, ignoring"

But then I choose not to save, so there is no stored-config and that's expected.

Comment 1 Hin-Tak Leung 2016-12-07 02:10:13 UTC

# gdb /usr/bin/python2 /var/spool/abrt/ccpp-2016-12-05-18:42:18-13076/coredump
...
(gdb) bt
#0  0x00007f151602587d in QObject::disconnect(QObject const*, char const*, QObject const*, char const*) () at /lib64/libQt5Core.so.5
#1  0x00007f1510f29fd0 in QDBusConnectionPrivate::closeConnection() () at /lib64/libQt5DBus.so.5
#2  0x00007f1510f168c2 in QDBusConnectionManager::run() () at /lib64/libQt5DBus.so.5
#3  0x00007f1515e5ba1a in QThreadPrivate::start(void*) () at /lib64/libQt5Core.so.5
#4  0x00007f1529df26ca in start_thread (arg=0x7f14f6782700) at pthread_create.c:333
#5  0x00007f152941cf6f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:105
(gdb) q


# abrt-cli list
id 98f21c7b042b83e133b4fb3ef75e72e1a81999d1
reason:         python2.7 killed by SIGSEGV
time:           Mon 05 Dec 2016 18:42:18 GMT
cmdline:        python2 /usr/bin/ebook-viewer '<edited>.epub'
package:        calibre-2.69.0-1.fc25
uid:            1000 (Hin-Tak)
count:          2
Directory:      /var/spool/abrt/ccpp-2016-12-05-18:42:18-13076

Comment 2 Hin-Tak Leung 2016-12-07 07:09:08 UTC

This help?

#0  0x00007f96ef55087d in QObject::disconnect (sender=0x7f966800b5d0, signal=signal@entry=0x0, receiver=receiver@entry=0x7f96bc00b6f0, 
    method=method@entry=0x0) at kernel/qobject.cpp:2956
2956	    const QMetaObject *smeta = sender->metaObject();

(gdb) bt
#0  0x00007f96ef55087d in QObject::disconnect(QObject const*, char const*, QObject const*, char const*) (sender=0x7f966800b5d0, signal=signal@entry=0x0, receiver=receiver@entry=0x7f96bc00b6f0, method=method@entry=0x0) at kernel/qobject.cpp:2956
#1  0x00007f96ea454fd0 in QObject::disconnect(QObject const*, char const*) const (member=0x0, receiver=0x7f96bc00b6f0, this=<optimized out>)
    at ../../src/corelib/kernel/qobject.h:359
#2  0x00007f96ea454fd0 in QDBusConnectionPrivate::closeConnection() (this=this@entry=0x7f96bc00b6f0) at qdbusintegrator.cpp:1133
#3  0x00007f96ea4418c2 in QDBusConnectionManager::run() (this=
    0x7f96ea4b7060 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at qdbusconnection.cpp:206
#4  0x00007f96ef386a1a in QThreadPrivate::start(void*) (arg=0x7f96ea4b7060 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>)
    at thread/qthread_unix.cpp:344
#5  0x00007f970331d6ca in start_thread (arg=0x7f96cb7fe700) at pthread_create.c:333
#6  0x00007f9702947f6f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:105
(gdb) 

package:        calibre-2.69.0-1.fc25
qt5-qtbase-5.7.0-3.fc25.x86_64

Comment 3 Hin-Tak Leung 2016-12-07 07:15:03 UTC

difficult to tell why it should segfault on that line:

(gdb) print smeta
$1 = (const QMetaObject *) 0x7f96ea4b5a00 <QDBusServiceWatcher::staticMetaObject>
(gdb) print *smeta
$2 = {d = {superdata = 0x7f96ef758ec0 <QObject::staticMetaObject>, stringdata = 0x7f96ea4a2140 <qt_meta_stringdata_QDBusServiceWatcher>, 
    data = 0x7f96ea4a2040 <qt_meta_data_QDBusServiceWatcher>, 
    static_metacall = 0x7f96ea49b3c0 <QDBusServiceWatcher::qt_static_metacall(QObject*, QMetaObject::Call, int, void**)>, 
    relatedMetaObjects = 0x0, extradata = 0x0}}
(gdb) print sender
$3 = (const QObject *) 0x7f966800b5d0
(gdb) print *sender
$4 = {_vptr.QObject = 0x7f96c86dfaa0, static staticMetaObject = {d = {superdata = 0x0, 
      stringdata = 0x7f96ef684c80 <qt_meta_stringdata_QObject>, data = 0x7f96ef684b60 <qt_meta_data_QObject>, 
      static_metacall = 0x7f96ef554ed0 <QObject::qt_static_metacall(QObject*, QMetaObject::Call, int, void**)>, relatedMetaObjects = 0x0, 
      extradata = 0x0}}, d_ptr = {d = 0x7f966800ff20}, static staticQtMetaObject = {d = {superdata = 0x0, 
      stringdata = 0x7f96ef6cca20 <qt_meta_stringdata_Qt>, data = 0x7f96ef6c9f60 <qt_meta_data_Qt>, static_metacall = 0x0, 
      relatedMetaObjects = 0x0, extradata = 0x0}}}
(gdb)

Comment 4 Hin-Tak Leung 2017-06-19 00:10:06 UTC

Have one today.

calibre-2.78.0-1.fc25.x86_64
qt5-qtbase-5.7.1-16.fc25.x86_64

Comment 5 Than Ngo 2017-07-18 12:09:54 UTC

it's fixed in 5.7.1-19, i will push it into f25 update today.

Comment 6 Fedora Update System 2017-07-19 11:41:43 UTC

qt5-qtbase-5.7.1-19.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-b0863592f6

Comment 7 Fedora Update System 2017-07-20 00:26:48 UTC

qt5-qtbase-5.7.1-19.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-b0863592f6

Comment 8 Fedora Update System 2017-07-20 06:53:14 UTC

qt5-qtbase-5.7.1-19.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-e229cf5d7c

Comment 9 Fedora Update System 2017-07-20 15:54:48 UTC

qt5-qtbase-5.7.1-19.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.

Comment 10 Fedora Update System 2017-07-23 22:55:41 UTC

qt5-qtbase-5.7.1-19.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.