Version: (using Devel) OS: Linux Installed from: Compiled sources Ok, here is the famous paintSiblings() crash. It crashes in Qt 4.4.3, but not in the Qt 4.5 snapshots, so we assume this is a bug in Qt. This is a blocker for the merge of the SoC branch, since it happens quite frequently. Here is one way to reproduce the bug: 0. Start with a clean config 1. Create 2 folders, A and B, under Local Folders. 2. Create a draft message with the subject "test", save it, and move it from the drafts folder to folder B. 3. Create 20 draft messages, with the numbers 1-20 as subjects, and move them from the drafts folder to folder A. 4. Enter folder A and select "Standard Mailing List" as Aggregation 5. Scroll the message list down a bit (this step _is_ important) 6. Click on folder B in the folder tree 7. CRASH Volker suggested that this might be caused by incorrect painting code in KMail (he had a similar problem in KOrganizer), but I tried disabling all custom painting code I could find (the skindelegate and various paintevents), but the crash still occured, so I think it is a bug in Qt. The lastest lines on the console were: QPaintEngine::setSystemClip: Should not be changed while engine is active QPaintEngine::setSystemClip: Should not be changed while engine is active QWidgetPrivate::beginSharedPainter: Painter is already active *** KMail got signal 11 (Crashing) Application: KMail (kmail), signal SIGSEGV [?1034h[Thread debugging using libthread_db enabled] 0x00007f227c60aa90 in __nanosleep_nocancel () from /lib64/libc.so.6 Current language: auto; currently c [Current thread is 1 (Thread 0x7f2289bc9750 (LWP 12660))] Thread 1 (Thread 0x7f2289bc9750 (LWP 12660)): [KCrash Handler] #5 0x00007f2287202a37 in QPainter::isActive (this=0xada620) at painting/qpainter.cpp:1420 #6 0x00007f228715a5fd in QWidgetPrivate::drawWidget (this=0x82fd80, pdev=0x62cfe8, rgn=@0x7fff91c1d9e0, offset=@0x7fff91c1da60, flags=4, sharedPainter=0xada620) at kernel/qwidget.cpp:4565 #7 0x00007f228715b317 in QWidgetPrivate::paintSiblingsRecursive (this=0x82dd30, pdev=0x62cfe8, siblings=@0x7fff91c1dda0, index=1, rgn=@0x7fff91c1db10, offset=@0x7fff91c1e080, flags=4, sharedPainter=0xada620) at kernel/qwidget.cpp:4735 #8 0x00007f228715b202 in QWidgetPrivate::paintSiblingsRecursive (this=0x82dd30, pdev=0x62cfe8, siblings=@0x7fff91c1dda0, index=2, rgn=@0x7fff91c1dc30, offset=@0x7fff91c1e080, flags=4, sharedPainter=0xada620) at kernel/qwidget.cpp:4725 #9 0x00007f228715b202 in QWidgetPrivate::paintSiblingsRecursive (this=0x82dd30, pdev=0x62cfe8, siblings=@0x7fff91c1dda0, index=3, rgn=@0x7fff91c1e000, offset=@0x7fff91c1e080, flags=4, sharedPainter=0xada620) at kernel/qwidget.cpp:4725 #10 0x00007f228715af7c in QWidgetPrivate::drawWidget (this=0x82dd30, pdev=0x62cfe8, rgn=@0x7fff91c1e000, offset=@0x7fff91c1e080, flags=4, sharedPainter=0xada620) at kernel/qwidget.cpp:4677 #11 0x00007f228715b317 in QWidgetPrivate::paintSiblingsRecursive (this=0xa23550, pdev=0x62cfe8, siblings=@0x7fff91c1e3c0, index=0, rgn=@0x7fff91c1e130, offset=@0x7fff91c1e6a0, flags=4, sharedPainter=0xada620) at kernel/qwidget.cpp:4735 #12 0x00007f228715b202 in QWidgetPrivate::paintSiblingsRecursive (this=0xa23550, pdev=0x62cfe8, siblings=@0x7fff91c1e3c0, index=2, rgn=@0x7fff91c1e250, offset=@0x7fff91c1e6a0, flags=4, sharedPainter=0xada620) at kernel/qwidget.cpp:4725 #13 0x00007f228715b202 in QWidgetPrivate::paintSiblingsRecursive (this=0xa23550, pdev=0x62cfe8, siblings=@0x7fff91c1e3c0, index=3, rgn=@0x7fff91c1e620, offset=@0x7fff91c1e6a0, flags=4, sharedPainter=0xada620) at kernel/qwidget.cpp:4725 #14 0x00007f228715af7c in QWidgetPrivate::drawWidget (this=0xa23550, pdev=0x62cfe8, rgn=@0x7fff91c1e620, offset=@0x7fff91c1e6a0, flags=4, sharedPainter=0xada620) at kernel/qwidget.cpp:4677 #15 0x00007f228715b317 in QWidgetPrivate::paintSiblingsRecursive (this=0xa24150, pdev=0x62cfe8, siblings=@0x7fff91c1e9e0, index=0, rgn=@0x7fff91c1e750, offset=@0x7fff91c1ecc0, flags=4, sharedPainter=0xada620) at kernel/qwidget.cpp:4735 #16 0x00007f228715b202 in QWidgetPrivate::paintSiblingsRecursive (this=0xa24150, pdev=0x62cfe8, siblings=@0x7fff91c1e9e0, index=1, rgn=@0x7fff91c1e870, offset=@0x7fff91c1ecc0, flags=4, sharedPainter=0xada620) at kernel/qwidget.cpp:4725 #17 0x00007f228715b202 in QWidgetPrivate::paintSiblingsRecursive (this=0xa24150, pdev=0x62cfe8, siblings=@0x7fff91c1e9e0, index=2, rgn=@0x7fff91c1ec40, offset=@0x7fff91c1ecc0, flags=4, sharedPainter=0xada620) at kernel/qwidget.cpp:4725 #18 0x00007f228715af7c in QWidgetPrivate::drawWidget (this=0xa24150, pdev=0x62cfe8, rgn=@0x7fff91c1ec40, offset=@0x7fff91c1ecc0, flags=4, sharedPainter=0xada620) at kernel/qwidget.cpp:4677 #19 0x00007f228715b317 in QWidgetPrivate::paintSiblingsRecursive (this=0x7dd480, pdev=0x62cfe8, siblings=@0x7fff91c1edc0, index=116, rgn=@0x7fff91c1f020, offset=@0x7fff91c1f0a0, flags=4, sharedPainter=0xada620) at kernel/qwidget.cpp:4735 #20 0x00007f228715af7c in QWidgetPrivate::drawWidget (this=0x7dd480, pdev=0x62cfe8, rgn=@0x7fff91c1f020, offset=@0x7fff91c1f0a0, flags=4, sharedPainter=0xada620) at kernel/qwidget.cpp:4677 #21 0x00007f228715b317 in QWidgetPrivate::paintSiblingsRecursive (this=0x7dd970, pdev=0x62cfe8, siblings=@0x7fff91c1f1a0, index=6, rgn=@0x7fff91c1f400, offset=@0x7d4518, flags=4, sharedPainter=0xada620) at kernel/qwidget.cpp:4735 #22 0x00007f228715af7c in QWidgetPrivate::drawWidget (this=0x7dd970, pdev=0x62cfe8, rgn=@0x7fff91c1f400, offset=@0x7d4518, flags=5, sharedPainter=0xada620) at kernel/qwidget.cpp:4677 #23 0x00007f22872c8203 in QWidgetBackingStore::cleanRegion (this=0x7d4500, rgn=@0x7fff91c1f570, widget=0x807650, recursiveCopyToScreen=true) at painting/qbackingstore.cpp:1034 #24 0x00007f22872c8a89 in qt_syncBackingStore (widget=0x807650) at painting/qbackingstore.cpp:313 #25 0x00007f2287153d22 in QWidget::event (this=0x807650, event=0xb1bd80) at kernel/qwidget.cpp:7447 #26 0x00007f22874b8821 in QMainWindow::event (this=0x807650, event=0xb1bd80) at widgets/qmainwindow.cpp:1268 #27 0x00007f228614a95c in KMainWindow::event (this=0x807650, ev=0xb1bd80) at /space/kde/tmg/src/kdelibs/kdeui/widgets/kmainwindow.cpp:1080 #28 0x00007f2286187523 in KXmlGuiWindow::event (this=0x807650, ev=0xb1bd80) at /space/kde/tmg/src/kdelibs/kdeui/xmlgui/kxmlguiwindow.cpp:131 #29 0x00007f22870fb6f1 in QApplicationPrivate::notify_helper (this=0x6385f0, receiver=0x807650, e=0xb1bd80) at kernel/qapplication.cpp:3803 #30 0x00007f22870fd366 in QApplication::notify (this=0x7fff91c20600, receiver=0x807650, e=0xb1bd80) at kernel/qapplication.cpp:3768 #31 0x00007f228607a0aa in KApplication::notify (this=0x7fff91c20600, receiver=0x807650, event=0xb1bd80) at /space/kde/tmg/src/kdelibs/kdeui/kernel/kapplication.cpp:307 #32 0x00007f22894a3607 in QCoreApplication::notifyInternal (this=0x7fff91c20600, receiver=0x807650, event=0xb1bd80) at kernel/qcoreapplication.cpp:583 #33 0x00007f22894a70a5 in QCoreApplication::sendEvent (receiver=0x807650, event=0xb1bd80) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:209 #34 0x00007f22894a3b89 in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x609440) at kernel/qcoreapplication.cpp:1195 #35 0x00007f22894a3d60 in QCoreApplication::sendPostedEvents (receiver=0x0, event_type=0) at kernel/qcoreapplication.cpp:1091 #36 0x00007f22894d1c17 in QCoreApplication::sendPostedEvents () at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:214 #37 0x00007f22894d0e60 in postEventSourceDispatch (s=0x63bb00) at kernel/qeventdispatcher_glib.cpp:205 #38 0x00007f227b3db0cb in g_main_context_dispatch () from /usr/lib64/libglib-2.0.so.0 #39 0x00007f227b3de89d in ?? () from /usr/lib64/libglib-2.0.so.0 #40 0x00007f227b3dea5b in g_main_context_iteration () from /usr/lib64/libglib-2.0.so.0 #41 0x00007f22894d01a2 in QEventDispatcherGlib::processEvents (this=0x637ad0, flags={i = -1849556192}) at kernel/qeventdispatcher_glib.cpp:319 #42 0x00007f228719a8af in QGuiEventDispatcherGlib::processEvents (this=0x637ad0, flags={i = -1849556096}) at kernel/qguieventdispatcher_glib.cpp:198 #43 0x00007f22894a086f in QEventLoop::processEvents (this=0x7fff91c20430, flags={i = -1849556000}) at kernel/qeventloop.cpp:143 #44 0x00007f22894a0a6a in QEventLoop::exec (this=0x7fff91c20430, flags={i = -1849555904}) at kernel/qeventloop.cpp:190 #45 0x00007f22894a3e6c in QCoreApplication::exec () at kernel/qcoreapplication.cpp:845 #46 0x00007f22870fb44e in QApplication::exec () at kernel/qapplication.cpp:3331 #47 0x00000000004040c1 in main (argc=1, argv=0x7fff91c20788) at /space/kde/tmg/src/kmail-soc/kmail/main.cpp:146
ACK: This procedure works reliably also for me. A guess is that the shared painter is a mismatch in begin()/end() calls for the shared painter... Sometimes I also get a SIGSEGV instead of a Q_ASSERT(). ... QPaintEngine::setSystemClip: Should not be changed while engine is active QPaintEngine::setSystemClip: Should not be changed while engine is active QWidgetPrivate::beginSharedPainter: Painter is already active Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7f53fd5306f0 (LWP 9710)] 0x00007f53fc15d98c in QPaintEngine::isActive (this=0x91) at ../../include/QtGui/../../src/gui/painting/qpaintengine.h:148 148 bool isActive() const { return active; } bt #0 0x00007f53fc15d98c in QPaintEngine::isActive (this=0x91) at ../../include/QtGui/../../src/gui/painting/qpaintengine.h:148 #1 0x00007f53fc1dce03 in QPainter::isActive (this=0xc83160) at painting/qpainter.cpp:1420 #2 0x00007f53fc11e2df in QWidgetPrivate::drawWidget (this=0x97d340, pdev=0x7e54d8, rgn=@0x7fff05573140, offset=@0x7fff05573100, flags=4, sharedPainter=0xc83160) at kernel/qwidget.cpp:4565 #3 0x00007f53fc11f262 in QWidgetPrivate::paintSiblingsRecursive (this=0x915ca0, pdev=0x7e54d8, siblings=@0x7fff05573310, index=2, rgn=@0x7fff055734e0, offset=@0x7fff055734a0, flags=4, sharedPainter=0xc83160) at kernel/qwidget.cpp:4735 ... I have also tested the QT_NO_SHARED_PAINTER env variable. Setting it to 1 disables the shared painter code and makes the bug vanish (as expected). (...so actually you have a temporary hack if the bug is hitting you in production environment).
Hm.. I guess that I need to get some rest as I've written the opposite of what I wanted :D Sometimes I also get a Q_ASSERT instead of a SIGSEGV (with the same procedure). QWidgetPrivate::beginSharedPainter: Painter is already active ASSERT: "sharedPainter ? sharedPainter->isActive() : true" in file kernel/qwidget.cpp, line 4605 Program received signal SIGABRT, Aborted. [Switching to Thread 0x2b6c4fa2bc50 (LWP 10214)] 0x00002b6c43e2b589 in raise () from /lib/libc.so.6 (gdb) bt #0 0x00002b6c43e2b589 in raise () from /lib/libc.so.6 #1 0x00002b6c43e2ca5e in abort () from /lib/libc.so.6 #2 0x00002b6c42336481 in qt_message_output (msgType=QtFatalMsg, buf=0x18ac9f8 "ASSERT: \"sharedPainter ? sharedPainter->isActive() : true\" in file kernel/qwidget.cpp, line 4605") at global/qglobal.cpp:2108 #3 0x00002b6c42336f7e in qFatal (msg=0x2b6c424a7e78 "ASSERT: \"%s\" in file %s, line %d") at global/qglobal.cpp:2291 #4 0x00002b6c4233608f in qt_assert (assertion=0x2b6c414457c0 "sharedPainter ? sharedPainter->isActive() : true", file=0x2b6c41445243 "kernel/qwidget.cpp", line=4605) at global/qglobal.cpp:1879 #5 0x00002b6c40deff43 in QWidgetPrivate::drawWidget (this=0xe79f30, pdev=0x6983d8, rgn=@0x7fff6aaab820, offset=@0x7fff6aaab7f0, flags=68, sharedPainter=0x13456c0, backingStore=0x889a40) at kernel/qwidget.cpp:4605 #6 0x00002b6c40f8d04a in QWidgetBackingStore::sync (this=0x889a40) at painting/qbackingstore.cpp:972 #7 0x00002b6c40de9793 in QWidgetPrivate::syncBackingStore (this=0xd467c0) at kernel/qwidget.cpp:1545
It looks that endSharedPainter() is called too early QWidgetPrivate::beginSharedPainter(this=7e17c0,q=7e4a20,tlw=7e4a20,tlwExtra=7e3560,tlwExtra->sharedPainter=0) >> QWidgetPrivate::drawWidget(this=7e17c0,sharedPainter=c3def0,sRecursionCount=0) >> QWidgetPrivate::drawWidget(this=7e7960,sharedPainter=c3def0,sRecursionCount=1) >> QWidgetPrivate::drawWidget(this=afd870,sharedPainter=c3def0,sRecursionCount=2) >> QWidgetPrivate::drawWidget(this=afda90,sharedPainter=c3def0,sRecursionCount=3) >> QWidgetPrivate::drawWidget(this=7e85c0,sharedPainter=c3def0,sRecursionCount=4) >> QWidgetPrivate::drawWidget(this=7e8850,sharedPainter=c3def0,sRecursionCount=5) >> QWidgetPrivate::drawWidget(this=7ec0c0,sharedPainter=c3def0,sRecursionCount=6) >> QWidgetPrivate::drawWidget(this=8016f0,sharedPainter=c3def0,sRecursionCount=7) << QWidgetPrivate::drawWidget(this=8016f0,sharedPainter=c3def0,sRecursionCount=7) >> QWidgetPrivate::drawWidget(this=9636b0,sharedPainter=c3def0,sRecursionCount=7) >> QWidgetPrivate::drawWidget(this=83e730,sharedPainter=c3def0,sRecursionCount=8) QPaintEngine::setSystemClip: Should not be changed while engine is active QPaintEngine::setSystemClip: Should not be changed while engine is active QWidgetPrivate::beginSharedPainter(this=7e17c0,q=7e4a20,tlw=7e4a20,tlwExtra=7e3560,tlwExtra->sharedPainter=c3def0) QWidgetPrivate::beginSharedPainter: Painter is already active >> QWidgetPrivate::drawWidget(this=7e17c0,sharedPainter=c3def0,sRecursionCount=9) >> QWidgetPrivate::drawWidget(this=7e7960,sharedPainter=c3def0,sRecursionCount=10) >> QWidgetPrivate::drawWidget(this=afd870,sharedPainter=c3def0,sRecursionCount=11) >> QWidgetPrivate::drawWidget(this=afda90,sharedPainter=c3def0,sRecursionCount=12) >> QWidgetPrivate::drawWidget(this=7e85c0,sharedPainter=c3def0,sRecursionCount=13) >> QWidgetPrivate::drawWidget(this=7e8850,sharedPainter=c3def0,sRecursionCount=14) >> QWidgetPrivate::drawWidget(this=7ec0c0,sharedPainter=c3def0,sRecursionCount=15) >> QWidgetPrivate::drawWidget(this=9636b0,sharedPainter=c3def0,sRecursionCount=16) >> QWidgetPrivate::drawWidget(this=963b00,sharedPainter=c3def0,sRecursionCount=17) >> QWidgetPrivate::drawWidget(this=83b3e0,sharedPainter=c3def0,sRecursionCount=18) << QWidgetPrivate::drawWidget(this=83b3e0,sharedPainter=c3def0,sRecursionCount=18) << QWidgetPrivate::drawWidget(this=963b00,sharedPainter=c3def0,sRecursionCount=17) >> QWidgetPrivate::drawWidget(this=945000,sharedPainter=c3def0,sRecursionCount=17) >> QWidgetPrivate::drawWidget(this=948db0,sharedPainter=c3def0,sRecursionCount=18) << QWidgetPrivate::drawWidget(this=948db0,sharedPainter=c3def0,sRecursionCount=18) << QWidgetPrivate::drawWidget(this=945000,sharedPainter=c3def0,sRecursionCount=17) << QWidgetPrivate::drawWidget(this=9636b0,sharedPainter=c3def0,sRecursionCount=16) << QWidgetPrivate::drawWidget(this=7ec0c0,sharedPainter=c3def0,sRecursionCount=15) << QWidgetPrivate::drawWidget(this=7e8850,sharedPainter=c3def0,sRecursionCount=14) << QWidgetPrivate::drawWidget(this=7e85c0,sharedPainter=c3def0,sRecursionCount=13) << QWidgetPrivate::drawWidget(this=afda90,sharedPainter=c3def0,sRecursionCount=12) << QWidgetPrivate::drawWidget(this=afd870,sharedPainter=c3def0,sRecursionCount=11) << QWidgetPrivate::drawWidget(this=7e7960,sharedPainter=c3def0,sRecursionCount=10) << QWidgetPrivate::drawWidget(this=7e17c0,sharedPainter=c3def0,sRecursionCount=9) QWidgetPrivate::endSharedPainter(this=7e17c0,q=7e4a20,tlw=7e4a20,tlwExtra=7e3560,tlwExtra->sharedPainter=c3def0) << QWidgetPrivate::drawWidget(this=83e730,sharedPainter=c3def0,sRecursionCount=8) >> QWidgetPrivate::drawWidget(this=963b00,sharedPainter=c3def0,sRecursionCount=8) Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7f4b49c266f0 (LWP 17275)] 0x00007f4b48853a84 in QPaintEngine::isActive (this=0x7f4b008b0f90) at ../../include/QtGui/../../src/gui/painting/qpaintengine.h:148 148 bool isActive() const { return active; } (gdb)
SVN commit 880178 by stefanek: Fix and patch for the recursive backingstore sync crash deep in the qt painting code. Certain widget hierarchies caused the painting recursion to "loop back" to the toplevel widget which in turn caused the shared painter to be destroyed and the outer frames to be left with a dangling pointer on the stack. BUG: 174065 CCMAIL: Thomas McGuire <mcguire@kde.org> CCMAIL: Szymon Tomasz Stefanek <s.stefanek@gmail.com> A patches/0256-fix-recursive-backingstore-sync-crash.diff M +1 -1 patches/README M +5 -1 src/gui/painting/qbackingstore.cpp WebSVN link: http://websvn.kde.org/?view=rev&revision=880178
*** Bug 175861 has been marked as a duplicate of this bug. ***
*** Bug 176115 has been marked as a duplicate of this bug. ***
Jaime, please not 176115 was filed against trunk from 25/11/2008, much after the above fix.
András, do you have a recent qt-copy with patches applied? Because this is a Qt bug and only fixed in qt-copy right now. (BTW, Szymon, did you get any response about your patch from the Trolls?)
> Jaime, please not 176115 was filed against trunk from 25/11/2008, much after the above fix. It is the same backtrace, so it was correct to mark this as a duplicate. If the same bug reappears, then the original report should be reopened (like you did, but I doubt/hope that this is still an issue).
They have "seen" this problem but nobody did officially acknowledge its existence since there is no simple test case app that shows it. There is probably ongoing work on that part of Qt and there are rumours about qt 4.5 snapshots not being affected even without the patch... so I guess they're assuming that this bug will magically vanish without anybody officially taking care of it. Anyway, Andras: did you reproduce the bug with the patched qt ? The stack trace is almost exactly the same but the exact point of failure is a bit different. This might be caused by missing symbols or a different memory allocation pattern though.
Sorry, I missed that the patch is for qt-copy, not kmail. right now I'm not using qt-copy, so I can't test. Let's close it anyway, I'll reopen if I can reproduce with qt-copy+patch.
*** Bug 179263 has been marked as a duplicate of this bug. ***
*** Bug 180956 has been marked as a duplicate of this bug. ***
*** Bug 181595 has been marked as a duplicate of this bug. ***
Gentoo users, please file a bug report in gentoo, pointing them to this bug report, so that they can include the qt-copy patch 0256-fix-recursive-backingstore-sync-crash.diff. Thanks.
(In reply to comment #15) Patch included in gentoo portage in x11-libs/qt-gui-4.4.2-r2. This problem is present in r1. After upgrading to r2 problem is gone.
*** Bug 187632 has been marked as a duplicate of this bug. ***
*** Bug 192710 has been marked as a duplicate of this bug. ***