qt6 (x11) crash after showmodal inside showmodal
https://bugreports.qt.io/browse/QTBUG-124237
info
lazarus and libQt6Pas.so git commit | 49e406e0 |
---|---|
fpc version | https://sourceforge.net/projects/freepascal/files/Linux/3.2.2/fpc-3.2.2.x86_64-linux.tar/download |
|
DISTRIB_ID=neon DISTRIB_RELEASE=22.04 DISTRIB_CODENAME=jammy DISTRIB_DESCRIPTION="KDE neon Unstable Edition" |
|
Version: 6.6.3-0xneon+22.04+jammy+unstable+build208 |
reproduce steps
- download minicrash.zip
unzip minicrash.zip
- open minicrash/minicrash.lpi in lazarus
- run
- click inside
form1
- click inside
form2
- close
form3
- see Access violation. spam in terminal
minicrash.lpr
program minicrash;
uses cmem,interfaces,forms;
type
thandleclickcontainer=object
procedure makeform2(sender:tobject);
procedure makeform3(sender:tobject);
end;
var
mainform:tform;
handleclickcontainer:thandleclickcontainer;
procedure thandleclickcontainer.makeform2(sender:tobject);
var
form2:tform;
begin
form2:=tform.create(nil);
form2.caption:='click me (form2)';
form2.onclick:=@handleclickcontainer.makeform3;
writeln('@@@@ before form2.showmodal');
form2.showmodal;
writeln('@@@@ after form2.showmodal');
form2.destroy;
end;
procedure thandleclickcontainer.makeform3(sender:tobject);
var
form3:tform;
begin
form3:=tform.create(nil);
form3.caption:='close me (form3)';
writeln('@@@@ before form3.showmodal');
form3.showmodal;
writeln('@@@@ after form3.showmodal');
form3.destroy;
end;
begin
application.createform(tform,mainform);
mainform.caption:='click inside (mainform)';
mainform.onclick:=@handleclickcontainer.makeform2;
application.run;
end.
weird stuff happens inside qt before crash
I am using qt6 libs compiled with
-O0 -ggdb
for better backtrace.Address of
form3
's QWindow
is 0xc6f960.Weird how
QWindow::create
is called again with form3
's QWindow
while form3
's QWindow
is destroying (QWindow::~QWindow
is C++ destructor).Crash is use after free of
form3
's QWindow
.LD_LIBRARY_PATH=/home/asd/lazarus_vanilla/lcl/interfaces/qt6/cbindings:/home/asd/qt_vanilla_source/out/lib \
QT_PLUGIN_PATH=/usr/lib/x86_64-linux-gnu/qt6/plugins \
gdb /home/asd/minicrash/minicrash
GNU gdb (Ubuntu 12.1-0ubuntu1~22.04) 12.1 Copyright (C) 2022 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <https://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from /home/asd/minicrash/minicrash... (gdb) break QWindow::create Function "QWindow::create" not defined. Make breakpoint pending on future shared library load? (y or [n]) y Breakpoint 1 (QWindow::create) pending. (gdb) run Starting program: /home/asd/minicrash/minicrash [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". [New Thread 0x7ffff17ff640 (LWP 1447)] [New Thread 0x7ffff0ffe640 (LWP 1448)] Thread 1 "minicrash" hit Breakpoint 1, QWindow::create (this=0xc4ff40) at /home/asd/qt_vanilla_source/qt6-base-6.6.3/src/gui/kernel/qwindow.cpp:707 707 Q_D(QWindow); (gdb) continue Continuing. Thread 1 "minicrash" hit Breakpoint 1, QWindow::create (this=0xc5b9c0) at /home/asd/qt_vanilla_source/qt6-base-6.6.3/src/gui/kernel/qwindow.cpp:707 707 Q_D(QWindow); (gdb) continue Continuing. @@@@ before form2.showmodal Thread 1 "minicrash" hit Breakpoint 1, QWindow::create (this=0xc66580) at /home/asd/qt_vanilla_source/qt6-base-6.6.3/src/gui/kernel/qwindow.cpp:707 707 Q_D(QWindow); (gdb) continue Continuing. @@@@ before form3.showmodal Thread 1 "minicrash" hit Breakpoint 1, QWindow::create (this=0xc6f960) at /home/asd/qt_vanilla_source/qt6-base-6.6.3/src/gui/kernel/qwindow.cpp:707 707 Q_D(QWindow); (gdb) continue Continuing. @@@@ after form3.showmodal Thread 1 "minicrash" hit Breakpoint 1, QWindow::create (this=0xc6f960) at /home/asd/qt_vanilla_source/qt6-base-6.6.3/src/gui/kernel/qwindow.cpp:707 707 Q_D(QWindow); (gdb) backtrace #0 QWindow::create (this=0xc6f960) at /home/asd/qt_vanilla_source/qt6-base-6.6.3/src/gui/kernel/qwindow.cpp:707 #1 0x00007ffff625d8a4 in QWindow::winId (this=0xc6f960) at /home/asd/qt_vanilla_source/qt6-base-6.6.3/src/gui/kernel/qwindow.cpp:727 #2 0x00007ffff1bb6727 in QXcbWindow::requestActivateWindow (this=0xbfeb30) at /home/asd/qt_vanilla_source/qt6-base-6.6.3/src/plugins/platforms/xcb/qxcbwindow.cpp:1491 #3 0x00007ffff625ebc0 in QWindow::requestActivate (this=0xc66580) at /home/asd/qt_vanilla_source/qt6-base-6.6.3/src/gui/kernel/qwindow.cpp:1251 #4 0x00007ffff1bb317a in QXcbWindow::relayFocusToModalWindow (this=0xc4e340) at /home/asd/qt_vanilla_source/qt6-base-6.6.3/src/plugins/platforms/xcb/qxcbwindow.cpp:845 #5 0x00007ffff1bb3271 in QXcbWindow::doFocusOut (this=0xc4e340) at /home/asd/qt_vanilla_source/qt6-base-6.6.3/src/plugins/platforms/xcb/qxcbwindow.cpp:865 #6 0x00007ffff1bb15f7 in QXcbWindow::destroy (this=0xc4e340) at /home/asd/qt_vanilla_source/qt6-base-6.6.3/src/plugins/platforms/xcb/qxcbwindow.cpp:540 #7 0x00007ffff1bb11b8 in QXcbWindow::~QXcbWindow (this=0xc4e340, __in_chrg=<optimized out>) at /home/asd/qt_vanilla_source/qt6-base-6.6.3/src/plugins/platforms/xcb/qxcbwindow.cpp:511 #8 0x00007ffff1bb127e in QXcbWindow::~QXcbWindow (this=0xc4e340, __in_chrg=<optimized out>) at /home/asd/qt_vanilla_source/qt6-base-6.6.3/src/plugins/platforms/xcb/qxcbwindow.cpp:512 #9 0x00007ffff6260c8e in QWindowPrivate::destroy (this=0xc5c0d0) at /home/asd/qt_vanilla_source/qt6-base-6.6.3/src/gui/kernel/qwindow.cpp:2059 #10 0x00007ffff625bc79 in QWindow::~QWindow (this=0xc6f960, __in_chrg=<optimized out>) at /home/asd/qt_vanilla_source/qt6-base-6.6.3/src/gui/kernel/qwindow.cpp:185 #11 0x00007ffff6f7a8e6 in QWidgetWindow::~QWidgetWindow (this=0xc6f960, __in_chrg=<optimized out>) at /home/asd/qt_vanilla_source/qt6-base-6.6.3/src/widgets/kernel/qwidgetwindow.cpp:163 #12 0x00007ffff6f7a91c in QWidgetWindow::~QWidgetWindow (this=0xc6f960, __in_chrg=<optimized out>) at /home/asd/qt_vanilla_source/qt6-base-6.6.3/src/widgets/kernel/qwidgetwindow.cpp:163 #13 0x00007ffff6f30a04 in QWidgetPrivate::deleteTLSysExtra (this=0xc68f10) at /home/asd/qt_vanilla_source/qt6-base-6.6.3/src/widgets/kernel/qwidget.cpp:1704 #14 0x00007ffff6f4ef2e in QWidget::destroy (this=0xc66a60, destroyWindow=true, destroySubWindows=true) at /home/asd/qt_vanilla_source/qt6-base-6.6.3/src/widgets/kernel/qwidget.cpp:12481 #15 0x00007ffff6f3024f in QWidget::~QWidget (this=0xc66a60, __in_chrg=<optimized out>) at /home/asd/qt_vanilla_source/qt6-base-6.6.3/src/widgets/kernel/qwidget.cpp:1563 #16 0x00007ffff6f3035e in QWidget::~QWidget (this=0xc66a60, __in_chrg=<optimized out>) at /home/asd/qt_vanilla_source/qt6-base-6.6.3/src/widgets/kernel/qwidget.cpp:1584 #17 0x00007ffff57c2cbd in qDeleteInEventHandler (o=0xc66a60) at /home/asd/qt_vanilla_source/qt6-base-6.6.3/src/corelib/kernel/qobject.cpp:4929 #18 0x00007ffff57b92fc in QObject::event (this=0xc66a60, e=0xc6def0) at /home/asd/qt_vanilla_source/qt6-base-6.6.3/src/corelib/kernel/qobject.cpp:1424 #19 0x00007ffff6f48776 in QWidget::event (this=0xc66a60, event=0xc6def0) at /home/asd/qt_vanilla_source/qt6-base-6.6.3/src/widgets/kernel/qwidget.cpp:9424 #20 0x00007ffff6eb5b0c in QApplicationPrivate::notify_helper (this=0xbeab40, receiver=0xc66a60, e=0xc6def0) at /home/asd/qt_vanilla_source/qt6-base-6.6.3/src/widgets/kernel/qapplication.cpp:3296 #21 0x00007ffff6eb58d6 in QApplication::notify (this=0xbd7000, receiver=0xc66a60, e=0xc6def0) at /home/asd/qt_vanilla_source/qt6-base-6.6.3/src/widgets/kernel/qapplication.cpp:3243 #22 0x00007ffff572be33 in QCoreApplication::notifyInternal2 (receiver=0xc66a60, event=0xc6def0) at /home/asd/qt_vanilla_source/qt6-base-6.6.3/src/corelib/kernel/qcoreapplication.cpp:1121 #23 0x00007ffff572c9d7 in QCoreApplication::sendEvent (receiver=0xc66a60, event=0xc6def0) at /home/asd/qt_vanilla_source/qt6-base-6.6.3/src/corelib/kernel/qcoreapplication.cpp:1539 #24 0x00007ffff572d92e in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0xbead20) at /home/asd/qt_vanilla_source/qt6-base-6.6.3/src/corelib/kernel/qcoreapplication.cpp:1901 #25 0x00007ffff572d1fc in QCoreApplication::sendPostedEvents (receiver=0x0, event_type=0) at /home/asd/qt_vanilla_source/qt6-base-6.6.3/src/corelib/kernel/qcoreapplication.cpp:1760 #26 0x00007ffff5b7831f in postEventSourceDispatch (s=0xc26e80) at /home/asd/qt_vanilla_source/qt6-base-6.6.3/src/corelib/kernel/qeventdispatcher_glib.cpp:243 #27 0x00007ffff50d1d3b in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #28 0x00007ffff5127258 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #29 0x00007ffff50cf3e3 in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #30 0x00007ffff5b78c10 in QEventDispatcherGlib::processEvents (this=0xc35f60, flags=...) at /home/asd/qt_vanilla_source/qt6-base-6.6.3/src/corelib/kernel/qeventdispatcher_glib.cpp:393 #31 0x00007ffff1b779f6 in QXcbGlibEventDispatcher::processEvents (this=0xc35f60, flags=...) at /home/asd/qt_vanilla_source/qt6-base-6.6.3/src/plugins/platforms/xcb/qxcbeventdispatcher.cpp:96 #32 0x00007ffff572c4fa in QCoreApplication::processEvents (flags=...) at /home/asd/qt_vanilla_source/qt6-base-6.6.3/src/corelib/kernel/qcoreapplication.cpp:1350 #33 0x00007ffff7c3bcb5 in QCoreApplication_processEvents (flags=0) at src/qcoreapplication_c.cpp:107 #34 0x00000000005fee24 in AppProcessMessages (this=0xbbf468) at qt6/qtobject.inc:335 #35 0x00000000004580b3 in ShowModal (this=0xc5f388) at include/customform.inc:3032 #36 0x000000000042532d in P$MINICRASH$_$THANDLECLICKCONTAINER_$__$$_MAKEFORM2$TOBJECT () at minicrash.lpr:21 #37 0x0000000000637137 in Click (this=0xc46818) at include/control.inc:2974 #38 0x0000000000636e44 in WMLButtonUp (this=0xc46818, Message=...) at include/control.inc:2842 #39 0x00000000004373ba in SYSTEM$_$TOBJECT_$__$$_DISPATCH$formal () #40 0x0000000000c46818 in ?? () #41 0x00007fffffffcbd0 in ?? () #42 0x0000000000000202 in ?? () #43 0x000000000000002c in ?? () #44 0x000000000097bb30 in .Ld226 () #45 0x000000000097b440 in VMT_$CONTROLS_$$_TWINCONTROL$indirect () #46 0x0000000000000001 in ?? () #47 0x00007fffe4005410 in ?? () #48 0x0000000000000000 in ?? () (gdb) print ((QWindowPrivate*)(((QWindow*)0xc6f960)->d_ptr.d))->windowTitle $1 = {d = {d = 0xc6c050, ptr = 0xc6c060 u"close me (form3)", size = 16}, static _empty = 0 u'\000'} (gdb) print ((QWindowPrivate*)(((QWindow*)0xc66580)->d_ptr.d))->windowTitle $2 = {d = {d = 0xc62c50, ptr = 0xc62c60 u"click me (form2)", size = 16}, static _empty = 0 u'\000'} (gdb) continue Continuing. Thread 1 "minicrash" received signal SIGSEGV, Segmentation fault. 0x00007ffff61ac149 in QGuiApplicationPrivate::processNativeEvent (window=0xc6f960, eventType=..., message=0xc4c740, result=0x7fffffffbf38) at /home/asd/qt_vanilla_source/qt6-base-6.6.3/src/gui/kernel/qguiapplication.cpp:2059 2059 return window->nativeEvent(eventType, message, result); (gdb) backtrace #0 0x00007ffff61ac149 in QGuiApplicationPrivate::processNativeEvent (window=0xc6f960, eventType=..., message=0xc4c740, result=0x7fffffffbf38) at /home/asd/qt_vanilla_source/qt6-base-6.6.3/src/gui/kernel/qguiapplication.cpp:2059 #1 0x00007ffff626c59a in QWindowSystemInterface::handleNativeEvent (window=0xc6f960, eventType=..., message=0xc4c740, result=0x7fffffffbf38) at /home/asd/qt_vanilla_source/qt6-base-6.6.3/src/gui/kernel/qwindowsysteminterface.cpp:866 #2 0x00007ffff1bb760d in QXcbWindow::handleNativeEvent (this=0xc4a290, event=0xc4c740) at /home/asd/qt_vanilla_source/qt6-base-6.6.3/src/plugins/platforms/xcb/qxcbwindow.cpp:1690 #3 0x00007ffff1b351b1 in QXcbConnection::handleXcbEvent (this=0xbffbb0, event=0xc4c740) at /home/asd/qt_vanilla_source/qt6-base-6.6.3/src/plugins/platforms/xcb/qxcbconnection.cpp:696 #4 0x00007ffff1b36746 in QXcbConnection::processXcbEvents (this=0xbffbb0, flags=...) at /home/asd/qt_vanilla_source/qt6-base-6.6.3/src/plugins/platforms/xcb/qxcbconnection.cpp:1087 #5 0x00007ffff1b7778e in xcbSourceDispatch (source=0xc3cbc0) at /home/asd/qt_vanilla_source/qt6-base-6.6.3/src/plugins/platforms/xcb/qxcbeventdispatcher.cpp:55 #6 0x00007ffff50d1d3b in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #7 0x00007ffff5127258 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #8 0x00007ffff50cf3e3 in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #9 0x00007ffff5b78c10 in QEventDispatcherGlib::processEvents (this=0xc35f60, flags=...) at /home/asd/qt_vanilla_source/qt6-base-6.6.3/src/corelib/kernel/qeventdispatcher_glib.cpp:393 #10 0x00007ffff1b779f6 in QXcbGlibEventDispatcher::processEvents (this=0xc35f60, flags=...) at /home/asd/qt_vanilla_source/qt6-base-6.6.3/src/plugins/platforms/xcb/qxcbeventdispatcher.cpp:96 #11 0x00007ffff572c4fa in QCoreApplication::processEvents (flags=...) at /home/asd/qt_vanilla_source/qt6-base-6.6.3/src/corelib/kernel/qcoreapplication.cpp:1350 #12 0x00007ffff7c3bcb5 in QCoreApplication_processEvents (flags=0) at src/qcoreapplication_c.cpp:107 #13 0x00000000005fee24 in AppProcessMessages (this=0xbbf468) at qt6/qtobject.inc:335 #14 0x00000000004580b3 in ShowModal (this=0xc5f388) at include/customform.inc:3032 #15 0x000000000042532d in P$MINICRASH$_$THANDLECLICKCONTAINER_$__$$_MAKEFORM2$TOBJECT () at minicrash.lpr:21 #16 0x0000000000637137 in Click (this=0xc46818) at include/control.inc:2974 #17 0x0000000000636e44 in WMLButtonUp (this=0xc46818, Message=...) at include/control.inc:2842 #18 0x00000000004373ba in SYSTEM$_$TOBJECT_$__$$_DISPATCH$formal () #19 0x0000000000c46818 in ?? () #20 0x00007fffffffcbd0 in ?? () #21 0x0000000000000202 in ?? () #22 0x000000000000002c in ?? () #23 0x000000000097bb30 in .Ld226 () #24 0x000000000097b440 in VMT_$CONTROLS_$$_TWINCONTROL$indirect () #25 0x0000000000000001 in ?? () #26 0x00007fffe4005410 in ?? () #27 0x0000000000000000 in ?? () (gdb)
Edited by BZZZZ