Bug#1034457: libqt5quick5: Qt segfault on amd64

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1034457: libqt5quick5: Qt segfault on amd64
From: Julian Groß <julian.g@posteo.de>
Date: Sat, 15 Apr 2023 21:51:18 +0000
Message-id: <[🔎] 168159547885.198664.7456193462469302031.reportbug@x299-desktop.lan>
Reply-to: Julian Groß <julian.g@posteo.de>, 1034457@bugs.debian.org
Package: libqt5quick5
Version: 5.15.8+dfsg-3
Severity: normal

Dear Maintainer,

we ran into what appears to be a segmentation fault in Qt.
One of the last places it runs into is QQuickOpenGLShaderEffectCommon which is why I am reporting it towards this package.

I dumped a core file from GDB, which should contain everything needed to debug this further, since debugging symbols for pretty much anything Qt are installed.
You can find it here: https://data.moto9000.moe/qt/1/core.191885.tar.xz (12,3 GiB when uncompressed)

I will just put the backtrace in here:
```
#0 0x0000000000000000 in ()
#1 0x00007f8f43eba269 in QMetaObject::cast(QObject const*) const (this=0x7f8f44143140 <QObject::staticMetaObject>, obj=0x55b8ddf56be0) at kernel/qmetaobject.cpp:389
#2 0x00007f8f43eba2a5 in QMetaObject::cast(QObject*) const (this=<optimized out>, obj=<optimized out>) at kernel/qmetaobject.cpp:378
#3 0x00007f8f42b6422a in qobject_cast<QObject*>(QObject*) (object=<optimized out>) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qobject.h:519
#4 QtPrivate::QVariantValueHelper<QObject*>::object(QVariant const&) (v=[Thread 0x7f8e4a7fc6c0 (LWP 192005) exited]
[Thread 0x7f8d7d9c36c0 (LWP 192105) exited]
[New Thread 0x7f8e86ffd6c0 (LWP 195762)]
[New Thread 0x7f8e87fff6c0 (LWP 195761)]
[New Thread 0x7f8e4a7fc6c0 (LWP 195758)]
[Thread 0x7f8e609e56c0 (LWP 192001) exited]
[New Thread 0x7f8f0d3fc6c0 (LWP 195757)]
[Thread 0x7f8e84ff96c0 (LWP 191983) exited]
[Thread 0x7f8e857fa6c0 (LWP 191982) exited]
[Thread 0x7f8e85ffb6c0 (LWP 191981) exited]
[Thread 0x7f8e867fc6c0 (LWP 191980) exited]
[Thread 0x7f8e86ffd6c0 (LWP 191979) exited]
[Thread 0x7f8e877fe6c0 (LWP 191978) exited]
[Thread 0x7f8e87fff6c0 (LWP 191977) exited]
[Thread 0x7f8ea577f6c0 (LWP 191976) exited]
[Thread 0x7f8ea6a8b6c0 (LWP 191975) exited]
[New Thread 0x7f8e877fe6c0 (LWP 195763)]
[Thread 0x7f8f0d3fc6c0 (LWP 191939) exited]
[Thread 0x7f8d5ebff6c0 (LWP 192247) exited]
QVariant(QQuickItem*, 0x55b8ddf56be0)) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qvariant.h:753
#5 QtPrivate::ObjectInvoker<QtPrivate::QVariantValueHelper<QObject*>, QVariant const&, QObject*>::invoke(QVariant const&) (a=QVariant(QQuickItem*, 0x55b8ddf56be0)) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qvariant.h:107
#6 qvariant_cast<QObject*>(QVariant const&) (v=[New Thread 0x7f8d5ebff6c0 (LWP 195764)]
QVariant(QQuickItem*, 0x55b8ddf56be0)) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qvariant.h:879
#7 QQuickOpenGLShaderEffectCommon::disconnectPropertySignals(QQuickItem*, QQuickOpenGLShaderEffectMaterialKey::ShaderType) (this=this@entry=0x55b8e7f311d8, item=0x55b8e7eb0930, shaderType=shaderType@entry=QQuickOpenGLShaderEffectMaterialKey::FragmentShader) at items/qquickopenglshadereffect.cpp:238
#8 0x00007f8f42b65d7a in QQuickOpenGLShaderEffect::~QQuickOpenGLShaderEffect() (this=0x55b8e7f31170, __in_chrg=<optimized out>) at items/qquickopenglshadereffect.cpp:660
#9 0x00007f8f42b65e29 in QQuickOpenGLShaderEffect::~QQuickOpenGLShaderEffect() (this=0x55b8e7f31170, __in_chrg=<optimized out>) at items/qquickopenglshadereffect.cpp:661
#10 0x00007f8f42b5e563 in QQuickShaderEffect::~QQuickShaderEffect() (this=this@entry=0x55b8e7eb0930, __in_chrg=<optimized out>) at items/qquickshadereffect.cpp:535
#11 0x00007f8f42bd0a35 in QQmlPrivate::QQmlElement<QQuickShaderEffect>::~QQmlElement() (this=0x55b8e7eb0930, __in_chrg=<optimized out>) at ../../include/QtQml/../../src/qml/qml/qqmlprivate.h:144
#12 QQmlPrivate::QQmlElement<QQuickShaderEffect>::~QQmlElement() (this=0x55b8e7eb0930, __in_chrg=<optimized out>) at ../../include/QtQml/../../src/qml/qml/qqmlprivate.h:144
#13 0x00007f8f43edb28e in QObjectPrivate::deleteChildren() (this=this@entry=0x55b8e4008a00) at kernel/qobject.cpp:2137
#14 0x00007f8f43ee7054 in QObject::~QObject() (this=this@entry=0x55b8e7fd9e40, __in_chrg=<optimized out>) at kernel/qobject.cpp:1115
#15 0x00007f8f42a566a2 in QQuickItem::~QQuickItem() (this=this@entry=0x55b8e7fd9e40, __in_chrg=<optimized out>) at items/qquickitem.cpp:2388
#16 0x00007f8f42bd03e5 in QQmlPrivate::QQmlElement<QQuickItem>::~QQmlElement() (this=0x55b8e7fd9e40, __in_chrg=<optimized out>) at ../../include/QtQml/../../src/qml/qml/qqmlprivate.h:144
#17 QQmlPrivate::QQmlElement<QQuickItem>::~QQmlElement() (this=0x55b8e7fd9e40, __in_chrg=<optimized out>) at ../../include/QtQml/../../src/qml/qml/qqmlprivate.h:144
#18 0x00007f8f43edb28e in QObjectPrivate::deleteChildren() (this=this@entry=0x55b8e7fd9960) at kernel/qobject.cpp:2137
#19 0x00007f8f43ee7054 in QObject::~QObject() (this=this@entry=0x55b8e7f5a030, __in_chrg=<optimized out>) at kernel/qobject.cpp:1115
#20 0x00007f8f42a566a2 in QQuickItem::~QQuickItem() (this=this@entry=0x55b8e7f5a030, __in_chrg=<optimized out>) at items/qquickitem.cpp:2388
#21 0x00007f8f42bd03e5 in QQmlPrivate::QQmlElement<QQuickItem>::~QQmlElement() (this=0x55b8e7f5a030, __in_chrg=<optimized out>) at ../../include/QtQml/../../src/qml/qml/qqmlprivate.h:144
#22 QQmlPrivate::QQmlElement<QQuickItem>::~QQmlElement() (this=0x55b8e7f5a030, __in_chrg=<optimized out>) at ../../include/QtQml/../../src/qml/qml/qqmlprivate.h:144
#23 0x00007f8f43edb28e in QObjectPrivate::deleteChildren() (this=this@entry=0x55b8e7f59cc0) at kernel/qobject.cpp:2137
#24 0x00007f8f43ee7054 in QObject::~QObject() (this=this@entry=0x55b8e7f59c00, __in_chrg=<optimized out>) at kernel/qobject.cpp:1115
#25 0x00007f8f42a566a2 in QQuickItem::~QQuickItem() (this=this@entry=0x55b8e7f59c00, __in_chrg=<optimized out>) at items/qquickitem.cpp:2388
#26 0x00007f8f42bd03e5 in QQmlPrivate::QQmlElement<QQuickItem>::~QQmlElement() (this=0x55b8e7f59c00, __in_chrg=<optimized out>) at ../../include/QtQml/../../src/qml/qml/qqmlprivate.h:144
#27 QQmlPrivate::QQmlElement<QQuickItem>::~QQmlElement() (this=0x55b8e7f59c00, __in_chrg=<optimized out>) at ../../include/QtQml/../../src/qml/qml/qqmlprivate.h:144
#28 0x00007f8f43edb28e in QObjectPrivate::deleteChildren() (this=this@entry=0x55b8e65e0170) at kernel/qobject.cpp:2137
#29 0x00007f8f43ee7054 in QObject::~QObject() (this=this@entry=0x55b8e65e00b0, __in_chrg=<optimized out>) at kernel/qobject.cpp:1115
#30 0x00007f8f42a566a2 in QQuickItem::~QQuickItem() (this=this@entry=0x55b8e65e00b0, __in_chrg=<optimized out>) at items/qquickitem.cpp:2388
#31 0x00007f8f42bd03e5 in QQmlPrivate::QQmlElement<QQuickItem>::~QQmlElement() (this=0x55b8e65e00b0, __in_chrg=<optimized out>) at ../../include/QtQml/../../src/qml/qml/qqmlprivate.h:144
#32 QQmlPrivate::QQmlElement<QQuickItem>::~QQmlElement() (this=0x55b8e65e00b0, __in_chrg=<optimized out>) at ../../include/QtQml/../../src/qml/qml/qqmlprivate.h:144
#33 0x00007f8f43edb28e in QObjectPrivate::deleteChildren() (this=this@entry=0x55b8e7e63650) at kernel/qobject.cpp:2137
#34 0x00007f8f43ee7054 in QObject::~QObject() (this=this@entry=0x55b8e7e63590, __in_chrg=<optimized out>) at kernel/qobject.cpp:1115
#35 0x00007f8f42a566a2 in QQuickItem::~QQuickItem() (this=this@entry=0x55b8e7e63590, __in_chrg=<optimized out>) at items/qquickitem.cpp:2388
#36 0x00007f8f42bd03e5 in QQmlPrivate::QQmlElement<QQuickItem>::~QQmlElement() (this=0x55b8e7e63590, __in_chrg=<optimized out>) at ../../include/QtQml/../../src/qml/qml/qqmlprivate.h:144
#37 QQmlPrivate::QQmlElement<QQuickItem>::~QQmlElement() (this=0x55b8e7e63590, __in_chrg=<optimized out>) at ../../include/QtQml/../../src/qml/qml/qqmlprivate.h:144
#38 0x00007f8f43edb28e in QObjectPrivate::deleteChildren() (this=this@entry=0x55b8e7dc7640) at kernel/qobject.cpp:2137
#39 0x00007f8f43ee7054 in QObject::~QObject() (this=this@entry=0x55b8e7dc7580, __in_chrg=<optimized out>) at kernel/qobject.cpp:1115
#40 0x00007f8f42a566a2 in QQuickItem::~QQuickItem() (this=this@entry=0x55b8e7dc7580, __in_chrg=<optimized out>) at items/qquickitem.cpp:2388
#41 0x00007f8f42bd03e5 in QQmlPrivate::QQmlElement<QQuickItem>::~QQmlElement() (this=0x55b8e7dc7580, __in_chrg=<optimized out>) at ../../include/QtQml/../../src/qml/qml/qqmlprivate.h:144
#42 QQmlPrivate::QQmlElement<QQuickItem>::~QQmlElement() (this=0x55b8e7dc7580, __in_chrg=<optimized out>) at ../../include/QtQml/../../src/qml/qml/qqmlprivate.h:144
#43 0x00007f8f43edb28e in QObjectPrivate::deleteChildren() (this=this@entry=0x55b8e65b0c20) at kernel/qobject.cpp:2137
#44 0x00007f8f43ee7054 in QObject::~QObject() (this=this@entry=0x55b8e65b0b60, __in_chrg=<optimized out>) at kernel/qobject.cpp:1115
#45 0x00007f8f42a566a2 in QQuickItem::~QQuickItem() (this=this@entry=0x55b8e65b0b60, __in_chrg=<optimized out>) at items/qquickitem.cpp:2388
#46 0x00007f8f42bd03e5 in QQmlPrivate::QQmlElement<QQuickItem>::~QQmlElement() (this=0x55b8e65b0b60, __in_chrg=<optimized out>) at ../../include/QtQml/../../src/qml/qml/qqmlprivate.h:144
#47 QQmlPrivate::QQmlElement<QQuickItem>::~QQmlElement() (this=0x55b8e65b0b60, __in_chrg=<optimized out>) at ../../include/QtQml/../../src/qml/qml/qqmlprivate.h:144
#48 0x00007f8f43edd4bf in QObject::event(QEvent*) (this=0x55b8e65b0b60, e=0x55b8e49f8300) at kernel/qobject.cpp:1334
#49 0x00007f8f3f562fae in QApplicationPrivate::notify_helper(QObject*, QEvent*) (this=this@entry=0x55b8c28a1580, receiver=receiver@entry=0x55b8e65b0b60, e=0x55b8e49f8300) at kernel/qapplication.cpp:3640
#50 0x00007f8f3f56a3bd in QApplication::notify(QObject*, QEvent*) (this=this@entry=0x7ffd5eca2d80, receiver=receiver@entry=0x55b8e65b0b60, e=e@entry=0x55b8e49f8300) at kernel/qapplication.cpp:3386
#51 0x000055b8c1190609 in Application::notify(QObject*, QEvent*) (this=0x7ffd5eca2d80, object=0x55b8e65b0b60, event=0x55b8e49f8300) at /home/juliangro/git/overte/interface/src/Application.cpp:4223
#52 0x00007f8f43eb16f8 in QCoreApplication::notifyInternal2(QObject*, QEvent*) (receiver=0x55b8e65b0b60, event=0x55b8e49f8300) at kernel/qcoreapplication.cpp:1064
#53 0x00007f8f43eb18be in QCoreApplication::sendEvent(QObject*, QEvent*) (receiver=<optimized out>, event=<optimized out>) at kernel/qcoreapplication.cpp:1462
#54 0x00007f8f43eb4681 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (receiver=0x0, event_type=0, data=0x55b8c265eb20) at kernel/qcoreapplication.cpp:1821
#55 0x00007f8f43eb4b08 in QCoreApplication::sendPostedEvents(QObject*, int) (receiver=<optimized out>, event_type=<optimized out>) at kernel/qcoreapplication.cpp:1680
#56 0x00007f8f43f0a153 in postEventSourceDispatch(GSource*, GSourceFunc, gpointer) (s=0x55b8c2f64780) at kernel/qeventdispatcher_glib.cpp:277
#57 0x00007f8f35d1e7a9 in g_main_dispatch (context=0x55b8c2cb0400) at ../../../glib/gmain.c:3454
#58 g_main_context_dispatch (context=context@entry=0x55b8c2cb0400) at ../../../glib/gmain.c:4172
#59 0x00007f8f35d1ea38 in g_main_context_iterate (context=context@entry=0x55b8c2cb0400, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../../../glib/gmain.c:4248
#60 0x00007f8f35d1eacc in g_main_context_iteration (context=0x55b8c2cb0400, may_block=1) at ../../../glib/gmain.c:4313
#61 0x00007f8f43f09836 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x55b8c2fa7f10, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#62 0x00007f8f43eb017b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (this=this@entry=0x7ffd5eca2910, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:69
#63 0x00007f8f43eb82d6 in QCoreApplication::exec() () at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#64 0x00007f8f40d30e8c in QGuiApplication::exec() () at kernel/qguiapplication.cpp:1863
#65 0x00007f8f3f562f25 in QApplication::exec() () at kernel/qapplication.cpp:2832
#66 0x000055b8c0fffb27 in main(int, char const**) (argc=<optimized out>, argv=<optimized out>) at /home/juliangro/git/overte/interface/src/main.cpp:648
```

While this doesn't happen every time I can reproduce the issue locally.

-- System Information:
Debian Release: 12.0
  APT prefers testing
  APT policy: (900, 'testing'), (500, 'testing-security'), (500, 'testing-debug'), (400, 'unstable'), (50, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-7-amd64 (SMP w/12 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libqt5quick5 depends on:
ii  libc6                                  2.36-8
ii  libqt5core5a [qtbase-abi-5-15-8]       5.15.8+dfsg-3
ii  libqt5gui5                             5.15.8+dfsg-3
ii  libqt5network5                         5.15.8+dfsg-3
ii  libqt5qml5 [qtdeclarative-abi-5-15-8]  5.15.8+dfsg-3
ii  libqt5qmlmodels5                       5.15.8+dfsg-3
ii  libstdc++6                             12.2.0-14

libqt5quick5 recommends no packages.

libqt5quick5 suggests no packages.

-- no debconf information
Reply to:
Prev by Date: qtbase-opensource-src_5.15.9+dfsg-1_source.changes ACCEPTED into experimental
Next by Date: Processing of qtdeclarative-opensource-src_5.15.9+dfsg-1_source.changes
Previous by thread: qtbase-opensource-src_5.15.9+dfsg-1_source.changes ACCEPTED into experimental
Next by thread: Processing of qtdeclarative-opensource-src_5.15.9+dfsg-1_source.changes
Index(es):
- Date
- Thread