Segmentation fault in QXcbScreen::mapFromNative in 0.12.0 executable

laanwj commented at 4:36 pm on February 23, 2016: member

Reported on IRC by fakesatoshi. This crash seems to happen randomly while clicking:

0[16419.562321] bitcoin-qt[1892]: segfault at 0 ip 00007fa82a53da1c sp 00007fffc4391810 error 4 in bitcoin-qt[7fa829fcf000+1e2e000]
1[17045.871471] bitcoin-qt[2061]: segfault at 0 ip 00007f3b4b694a1c sp 00007ffc0739bd50 error 4 in bitcoin-qt[7f3b4b126000+1e2e000]
2[20753.833830] bitcoin-qt[2891]: segfault at 0 ip 00007f7bfbff1a1c sp 00007ffd5ffe2880 error 4 in bitcoin-qt[7f7bfba83000+1e2e000]

This is offset 0x56ea1c in the 64-bit bitcoin-qt executable. Addr2line (on a non-stripped version of the executable) gives us:

0addr2line -aCf -e bitcoin-0.12.0/bin/bitcoin-qt 0x56ea1c
10x000000000056ea1c
2QXcbScreen::mapFromNative(QPoint const&) const
3:?

Operating system: Debian Jessie

0Linux vbox 3.16.0-4-amd64 [#1](/bitcoin-bitcoin/1/) SMP Debian 3.16.7-ckt20-1+deb8u3 (2016-01-17) x86_64 GNU/Linux

No full traceback is available as it doesn’t seem to be reproducible in gdb.

From at the assembly around the crash eip it looks like the first argument, the implicit this argument is 0.

0000000000056ea10 <_ZNK10QXcbScreen13mapFromNativeERK6QPoint>:
1  56ea10:       55                      push   %rbp
2  56ea11:       48 89 f5                mov    %rsi,%rbp
3  56ea14:       53                      push   %rbx
4  56ea15:       48 89 fb                mov    %rdi,%rbx
5  56ea18:       48 83 ec 08             sub    $0x8,%rsp
6  56ea1c:       48 8b 07                mov    (%rdi),%rax

What could cause an XcbScreen to be 0? @theuni any idea?

laanwj added the label GUI on Feb 23, 2016

laanwj commented at 4:54 pm on February 23, 2016: member

Wonder if this is related to #5910 again.

More info: it does not happen in a self compiled version.

Full backtrace, annotated:

 0(base `0x7f5c3be04000`)
 1Core was generated by `./bitcoin-qt'.
 2Program terminated with signal SIGSEGV, Segmentation fault.
 3[#0](/bitcoin-bitcoin/0/)  0x00007f5c3c372a1c in ?? ()
 4(gdb) bt full
 5[#0](/bitcoin-bitcoin/0/)  0x00007f5c3c372a1c in ?? () QXcbScreen::mapFromNative(QPoint const&) const
 6[#1](/bitcoin-bitcoin/1/)  0x00007f5c3c353a85 in ?? () QXcbWindow::handleButtonPressEvent(int, int, int, int, int, QFlags<Qt::KeyboardModifier>, unsigned int)
 7[#2](/bitcoin-bitcoin/2/)  0x00007f5c3c353c98 in ?? () QXcbWindow::handleButtonPressEvent(xcb_button_press_event_t const*)
 8[#3](/bitcoin-bitcoin/3/)  0x00007f5c3c36b50c in ?? () QXcbConnection::handleXcbEvent(xcb_generic_event_t*)
 9[#4](/bitcoin-bitcoin/4/)  0x00007f5c3c36c4eb in ?? () QXcbConnection::processXcbEvents()
10[#5](/bitcoin-bitcoin/5/)  0x00007f5c3cdbce56 in ?? () QObject::event(QEvent*)
11[#6](/bitcoin-bitcoin/6/)  0x00007f5c3c4bc37c in ?? () QApplicationPrivate::notify_helper(QObject*, QEvent*)
12[#7](/bitcoin-bitcoin/7/)  0x00007f5c3c4c1168 in ?? () QApplication::notify(QObject*, QEvent*)
13[#8](/bitcoin-bitcoin/8/)  0x00007f5c3cd8e4e0 in ?? () QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*)
14[#9](/bitcoin-bitcoin/9/)  0x00007f5c3cde1f0c in ?? () QEventDispatcherUNIX::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
15[#10](/bitcoin-bitcoin/10/) 0x00007f5c3c3daa5d in ?? () QUnixEventDispatcherQPA::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
16[#11](/bitcoin-bitcoin/11/) 0x00007f5c3cd89219 in ?? () QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>)
17[#12](/bitcoin-bitcoin/12/) 0x00007f5c3cd91319 in ?? () QCoreApplication::exec()
18[#13](/bitcoin-bitcoin/13/) 0x00007f5c3bf52da5 in ?? () main
19[#14](/bitcoin-bitcoin/14/) 0x00007f5c39ec5b45 in __libc_start_main (main=0x7f5c3bf524d0, argc=1, 
20    argv=0x7ffd7ecd1518, init=<optimized out>, fini=<optimized out>, 
21    rtld_fini=<optimized out>, stack_end=0x7ffd7ecd1508) at libc-start.c:287
22        result = <optimized out>
23        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0, -9107806333616886366, 
24                140034119688382, 140726730822928, 0, 0, 9106401588510354850, 
25                9161132796646550946}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 
26              0x7ffd7ecd1528, 0x7f5c3be031a8}, data = {prev = 0x0, cleanup = 0x0, 
27              canceltype = 2127369512}}}
28        not_first_call = <optimized out>
29[#15](/bitcoin-bitcoin/15/) 0x00007f5c3bf5e0e7 in ?? () _start

Registers

 0rax            0x0  0
 1rbx            0x0  0
 2rcx            0x1  1
 3rdx            0x0  0
 4rsi            0x7ffd7ecd0690   140726730819216
 5rdi            0x0  0
 6rbp            0x7ffd7ecd0690   0x7ffd7ecd0690
 7rsp            0x7ffd7ecd0620   0x7ffd7ecd0620
 8r8             0x0  0
 9r9             0x20 32
10r10            0x0  0
11r11            0x0  0
12r12            0xfffffffd   4294967293
13r13            0x7f5c3fc1c300   140034183381760
14r14            0x7ffd7ecd0690   140726730819216
15r15            0xbf 191
16rip            0x7f5c3c372a1c   0x7f5c3c372a1c
17eflags         0x10202  [ IF RF ]
18cs             0x33 51
19ss             0x2b 43
20ds             0x0  0
21es             0x0  0
22fs             0x0  0
23gs             0x0

laanwj commented at 7:21 pm on February 23, 2016: member

Possibly related upstream issues with similar backtraces (all seem to be related to Qt 5.5):

laanwj added the label Linux/Unix on Mar 30, 2016

laanwj added the label Upstream on Apr 28, 2016

fanquake commented at 1:21 pm on October 9, 2016: member

Reading through the linked bug reports, and some others here, here and here this should have been fixed in Qt 5.6.0.

fanquake closed this on Nov 12, 2016

MarcoFalke locked this on Sep 8, 2021

Segmentation fault in QXcbScreen::mapFromNative in 0.12.0 executable #7582