Segmentation fault when exiting when linked against Qt 6.9.1

l3u_

Hi all,

I noticed a strange segfault when I exit a program, when it's built against Qt 6.9.1. I only have this on my notebook (Artix). On my desktop machine with Qt 6.8.3, there's no segfault. I also created a local 6.8.3 build on the Artix machine and linked my project against it – no segfault.

This is the backtrace I get when I use 6.9.1:

Thread 1 "muckturnier" received signal SIGSEGV, Segmentation fault.
0x00007ffff7929fee in ?? () from /usr/lib/libQt6Widgets.so.6
(gdb) backtrace
#0  0x00007ffff7929fee in ?? () from /usr/lib/libQt6Widgets.so.6
#1  0x00007ffff7901c1d in QApplicationPrivate::notify_helper(QObject*, QEvent*) ()
from /usr/lib/libQt6Widgets.so.6
#2  0x00007ffff6567798 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /usr/lib/libQt6Core.so.6
#3  0x00007ffff65b8ed2 in QObjectPrivate::setParent_helper(QObject*) () from /usr/lib/libQt6Core.so.6
#4  0x00007ffff65be112 in QObject::~QObject() () from /usr/lib/libQt6Core.so.6
#5  0x00007ffff7acfb32 in ?? () from /usr/lib/libQt6Widgets.so.6
#6  0x00007ffff7ad417f in ?? () from /usr/lib/libQt6Widgets.so.6
#7  0x00007ffff7ad4a22 in ?? () from /usr/lib/libQt6Widgets.so.6
#8  0x00007ffff7942d3b in QWidget::~QWidget() () from /usr/lib/libQt6Widgets.so.6
#9  0x00005555555f408d in MainWindow::~MainWindow (this=0x7fffffffdb60)
    at /home/tobias/tmp/git/muckturnier/build/muckturnier_autogen/KWHCXE3JJ5/../../../src/MainWindow/MainWindow.h:46
#10 0x0000555555629667 in main (argc=1, argv=0x7fffffffde78)
    at /home/tobias/tmp/git/muckturnier/src/main.cpp:130

Looks like it crashes somewhere outside of my stuff, in Qt itself, doesn't it? How can I debug this further?

jsulm

@l3u_ said in Segmentation fault when exiting when linked against Qt 6.9.1:

Thread 1 "muckturnier"

Are you using threads and do you access UI stuff from a thread which is not the main/UI thread?

l3u_

No, no threads. It's only one process.

I'll see if I can reproduce this with a minimal example. The problem is that this program has about 55,000 lines of code … if I open it and close it, I get no segfault. If I load a database (which makes some dock widgets visible, connects to an SQLite db etc.), it crashes on closing. But only using Qt 6.9, not 6.8 and also not on 5.15.

Maybe I can get a better backtrace with some debugging enabled local Qt build?

l3u_

Okay, for now, here's a debugging-enabled backtrace:

Thread 1 "muckturnier" received signal SIGSEGV, Segmentation fault.
0x0000555555a55b76 in removeWidgetRecursively (li=<optimized out>, w=0x555557254ed0)
    at /home/tobias/Qt/qtbase-everywhere-src-6.9.1/src/widgets/kernel/qlayout.cpp:474
474             if (child->widget() == w) {
(gdb) backtrace
#0  0x0000555555a55b76 in removeWidgetRecursively (li=<optimized out>, w=0x555557254ed0)
    at /home/tobias/Qt/qtbase-everywhere-src-6.9.1/src/widgets/kernel/qlayout.cpp:474
#1  0x0000555555a56e3a in QLayout::widgetEvent (this=<optimized out>, e=e@entry=0x7fffffffca20)
    at /home/tobias/Qt/qtbase-everywhere-src-6.9.1/src/widgets/kernel/qlayout.cpp:530
#2  0x0000555555a24dab in QApplicationPrivate::notify_helper
    (this=this@entry=0x555556ebd220, receiver=receiver@entry=0x7fffffffce60, e=e@entry=0x7fffffffca20) at /home/tobias/Qt/qtbase-everywhere-src-6.9.1/src/widgets/kernel/qapplication.cpp:3292
#3  0x0000555555a354b5 in QApplication::notify
    (this=0x7fffffffcd10, receiver=0x7fffffffce60, e=0x7fffffffca20)
    at /home/tobias/Qt/qtbase-everywhere-src-6.9.1/src/widgets/kernel/qapplication.cpp:3249
#4  0x00005555563fcde4 in QCoreApplication::notifyInternal2
    (receiver=0x7fffffffce60, event=event@entry=0x7fffffffca20)
    at /home/tobias/Qt/qtbase-everywhere-src-6.9.1/src/corelib/kernel/qcoreapplication.cpp:1106
#5  0x00005555563fce8f in QCoreApplication::sendEvent
    (receiver=<optimized out>, event=event@entry=0x7fffffffca20)
    at /home/tobias/Qt/qtbase-everywhere-src-6.9.1/src/corelib/kernel/qcoreapplication.cpp:1546
#6  0x0000555556437c46 in QObjectPrivate::setParent_helper
    (this=this@entry=0x555556fef340, o=o@entry=0x0)
    at /home/tobias/Qt/qtbase-everywhere-src-6.9.1/src/corelib/kernel/qobject.cpp:2268
#7  0x00005555564383f0 in QObject::~QObject (this=<optimized out>, __in_chrg=<optimized out>)
    at /home/tobias/Qt/qtbase-everywhere-src-6.9.1/src/corelib/kernel/qobject.cpp:1148
#8  0x0000555555a7d408 in QWidget::~QWidget (this=0x555557254ed0, __in_chrg=<optimized out>)
    at /home/tobias/Qt/qtbase-everywhere-src-6.9.1/src/widgets/kernel/qwidget.cpp:1596
#9  0x0000555555b9a8e0 in QTabBar::~QTabBar (this=<optimized out>, __in_chrg=<optimized out>)
    at /home/tobias/Qt/qtbase-everywhere-src-6.9.1/src/widgets/widgets/qtabbar.cpp:863
#10 0x0000555555b541e8 in QMainWindowTabBar::~QMainWindowTabBar
    (this=0x555557254ed0, __in_chrg=<optimized out>)
    at /home/tobias/Qt/qtbase-everywhere-src-6.9.1/src/widgets/widgets/qmainwindowlayout.cpp:2053
#11 0x0000555555b54221 in QMainWindowTabBar::~QMainWindowTabBar
    (this=0x555557254ed0, __in_chrg=<optimized out>)
    at /home/tobias/Qt/qtbase-everywhere-src-6.9.1/src/widgets/widgets/qmainwindowlayout.cpp:2053
#12 0x0000555555b4b0da in qDeleteAll<QList<QTabBar*>::const_iterator> (begin=..., end=...)
    at /home/tobias/Qt/qtbase-everywhere-src-6.9.1/src/corelib/tools/qalgorithms.h:28
#13 0x0000555555b4b0ff in qDeleteAll<QList<QTabBar*> > (c=...)
    at /home/tobias/Qt/qtbase-everywhere-src-6.9.1/src/corelib/tools/qalgorithms.h:36
#14 0x0000555555b4cba8 in QMainWindowLayout::~QMainWindowLayout
    (this=0x55555731abb0, __in_chrg=<optimized out>)
    at /home/tobias/Qt/qtbase-everywhere-src-6.9.1/src/widgets/widgets/qmainwindowlayout.cpp:2739
#15 0x0000555555b4ccb1 in QMainWindowLayout::~QMainWindowLayout
    (this=0x55555731abb0, __in_chrg=<optimized out>)
    at /home/tobias/Qt/qtbase-everywhere-src-6.9.1/src/widgets/widgets/qmainwindowlayout.cpp:2741
#16 0x0000555555a7d17c in QWidget::~QWidget (this=0x7fffffffce60, __in_chrg=<optimized out>)
    at /home/tobias/Qt/qtbase-everywhere-src-6.9.1/src/widgets/kernel/qwidget.cpp:1496
#17 0x0000555555b42c14 in QMainWindow::~QMainWindow
    (this=<optimized out>, __in_chrg=<optimized out>)
    at /home/tobias/Qt/qtbase-everywhere-src-6.9.1/src/widgets/widgets/qmainwindow.cpp:338
#18 0x00005555556aaae6 in MainWindow::~MainWindow (this=0x7fffffffce60, __in_chrg=<optimized out>)
    at /home/tobias/tmp/git/muckturnier/src/MainWindow/MainWindow.h:46
#19 0x00005555556fc0d5 in main (argc=1, argv=0x7fffffffd178)
    at /home/tobias/tmp/git/muckturnier/src/main.cpp:130

This definitely does not happen in my code …

jsulm

@l3u_ said in Segmentation fault when exiting when linked against Qt 6.9.1:

This definitely does not happen in my code

This doesn't mean it is an issue in Qt. It can still be your code causing Qt code to fail.
You should check how you're freeing QObject/QWidget objects. Do you by any chance delete some of them directly instead of using deleteLater?

l3u_

Except for some special situations, I don't delete anything by hand, and I also almost never have to use deleteLater … the project has a network stack where I have to mess with this stuff, but at the point the crash happens, none of this code is active.

I really only wonder how I can track this down … and why it happens with 6.9.1, but not with 6.8.3 …

However, I'll check all delete and deleteLater statements I use, thanks for the hint :-)

l3u_

Okay. The only place where I use a delete statement in code that is active is that I remove a lock file in my database backend when I close the connection. That seems to be unrelated to that layout/widget issue, I can as well open a database, close it (and then the delete happens) and I still get a segfault on closing. All deleteLater statements I use happen in classes that aren't even instatiated at this point … so I'm pretty sure that neither a delete statement, nor a deleteLater call happens during closing.

Seems to me it has something to do with the QDockWidgets I use and the QTabBar they are displayed with, no?

I just tried to compile against a local debugging enabled build of Qt 6.9.0 – no crash there. But the crash against 6.9.1 happens every time …

l3u_

I really have no idea why this happens. Neither my MainWindow class, nor any of the QDockWidgets shown even have a destructor, so I don't even have the chance to delete something that should not be deleted …

The MainWindow catches a closeEvent though. I set a break point there and stepped through what happens. The whole function exits like it should. No problem …

The crash happens really late, after everything seems to be already cleaned up:

QCoreApplication::exec ()
    at /home/tobias/Qt/qtbase-everywhere-src-6.9.1/src/corelib/kernel/qcoreapplication.cpp:1450
1450        threadData->quitNow = false;
(gdb) n
1452        if (self)
(gdb) n
1453            self->d_func()->execCleanup();
(gdb) n
1455        return returnCode;
(gdb) n
main (argc=1, argv=0x7fffffffd178) at /home/tobias/tmp/git/muckturnier/src/main.cpp:130
130     }
(gdb) n

Thread 1 "muckturnier" received signal SIGSEGV, Segmentation fault.
0x0000555555a55b76 in removeWidgetRecursively (li=<optimized out>, w=0x5555571eec40)
    at /home/tobias/Qt/qtbase-everywhere-src-6.9.1/src/widgets/kernel/qlayout.cpp:474
474             if (child->widget() == w) {
(gdb) n
[Thread 0x7ffff49e7900 (LWP 10439) exited]
[Thread 0x7ffff45ff6c0 (LWP 10442) exited]
[New process 10439]

Program terminated with signal SIGSEGV, Segmentation fault.
The program no longer exists.

Line 130 of my main.cpp is at the very end, after return application.exec():

129        return application.exec();
130    }
131

Does this help?!

jsulm

@l3u_ You could disable functionality until it does not crash, then you would know which part leads to the crash.

Christian Ehrlicher

@Axel-Spoerl : dockwidgets... 😛

l3u_

The problem is that the only custom thing I do is the closeEvent override – everything else happens inside the default Qt code … and even if I remove the custom closeEvent, the segfault is the same (which is not really surprising, when I stepped through everything that happens, the function returns, and the crash happens way later, while we're long deep inside Qt …).

@Christian-Ehrlicher : May I suppose from what you wrote that this is not the first time strange things happen when dock widgets are messed with?! ;-)

The only thing I can definitely say is that some change from 6.9.0 to 6.9.1 causes this, because it never happens with 6.9.0, and it always happens with 6.9.1 …

l3u_

Luckily, my desktop is still quite decent, so I could git bisect out the commit that introduced this.

If I checkout

commit 19c4db4201e8933fbbbf951809ceff30e99b4458
QDockWidget: don't access a QMainWindow that's under destruction

everything is fine, no crash. One commit later, at

commit ab6f1ad77852a427ae73172ca11dacf876a0cbf7
QMainWindowLayout: Fix leaking of unused tab bars

I get the segfault.

I would call it a regression …

Axel Spoerl

Ooops, I am guilty for the guilty commit!

What's obviously crashing is a QDockWidget. Can you tell us more about those?
How are they added? how is QDockWidget::setWidget() used? In which state are they, when the crash occurs (docked on the main window / Floating / Tabbed)?

l3u_

@Axel-Spoerl Hi, nice to meet the right guy at once ;-)

I meanwhile filed a bug report about this: https://bugreports.qt.io/browse/QTBUG-137755

For all dock widgets I first instatiate a widget, like this (all are simple QWidgets – with quite complex stuff inside, but still):

m_registrationPage = new RegistrationPage(this, m_sharedObjects);
...

then, I create the dock, format it, set the widget and hide it, like this:

m_playersDock = new QDockWidget(tr("Anmeldung"), this);
m_playersDock->setWidget(m_registrationPage);
formatDockWidget(m_playersDock, QStringLiteral("playersDock"));
addDockWidget(Qt::TopDockWidgetArea, m_playersDock);
connect(m_registrationPage, &RegistrationPage::raiseMe, m_playersDock, &QDockWidget::raise);
m_playersDock->hide();

Where the formatting is:

void MainWindow::formatDockWidget(QDockWidget *dock, const QString &id)
{
    dock->setObjectName(id);
    dock->setContextMenuPolicy(Qt::PreventContextMenu);
    dock->setFeatures(QDockWidget::DockWidgetMovable | QDockWidget::DockWidgetFloatable);
}

When I start the program, all docks are hidden. If I close it again in this state, I get no segfault.

Opening a database makes them show up, by default attached to the main window and tabbed. When closing the program then, the segfault happens.

Interestingly, if I close my database again, the docks are hidden again – but still, I get a segfault on closing.

l3u_

Btw. I didn't change this code since Qt 5.6 back in 2017 …

Axel Spoerl

Hm. Looks like I went too far and we have to revert or follow up on this patch.
Can you do me a favor: Report it as a bug, assign it to me? I'll fix it this week.

l3u_

I already filed one here: https://bugreports.qt.io/browse/QTBUG-137755 – I can't assign it to you though (or better said, I don't know how to do that …)

Somebody already commented on it, and mentioned these two PRs:
https://codereview.qt-project.org/c/qt/qtbase/+/637198
https://codereview.qt-project.org/c/qt/qtbase/+/636652

SGaist

@l3u_ done for you :-)

l3u_

Thanks :-)

l3u_

Just to also leave this here: I meanwhile could strip it down to a minimal example producing the crash, cf. the sources attached to https://bugreports.qt.io/browse/QTBUG-137755

Produces the crash reliably when linked against Qt 6.9.1. You have to run the program twice: The first time, it exits normally. The second time, when the window geometry and state are restored, it segfaults on exiting.

No delete, no deleteLater, nothing special at all …