Bug 384540 - KDE applications segfault when XLIB_SKIP_ARGB_VISUALS is defined
Summary: KDE applications segfault when XLIB_SKIP_ARGB_VISUALS is defined
Status: RESOLVED FIXED
Alias: None
Product: plasmashell
Classification: Plasma
Component: generic-crash (show other bugs)
Version: 5.10.5
Platform: Other Linux
: NOR crash
Target Milestone: 1.0
Assignee: Plasma Bugs List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-09-09 18:45 UTC by Tristan Miller
Modified: 2020-09-10 05:58 UTC (History)
4 users (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Tristan Miller 2017-09-09 18:45:12 UTC 
Whenever I run a KDE application in Plasma with the XLIB_SKIP_ARGB_VISUALS environment variable defined, the application crashes with a segmentation fault (and no backtrace dialog) as soon as a pull-down menu is activated.  This happens a lot when launching KDE applications such as Okular from Emacs, since Emacs defines XLIB_SKIP_ARGB_VISUALS.

The problem seems specific to KDE applications running in Plasma.  Other Qt-based applications, such as Clementine and Skype 4.3.0.37, are not affected.  The problem is also specific to Plasma.  If I use another desktop environment, such as LXQt, then I cannot reproduce the crash, even when running KDE applications such as Okular.

Steps to reproduce:
1. XLIB_SKIP_ARGB_VISUALS="" /usr/bin/okular
2. Click on the "File" menu.

Observed behaviour:
3. Okular crashes with the message "Segmentation fault (core dumped)".  No crash dialog with a backtrace appears.  No debugging output appears in the terminal.

Expected behaviour:
3. Okular should not crash.

Running the KDE application through valgrind shows a bit more information:

$ XLIB_SKIP_ARGB_VISUALS="" /usr/bin/valgrind /usr/bin/okular 
==12593== Memcheck, a memory error detector
==12593== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==12593== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info
==12593== Command: /usr/bin/okular
==12593== 
==12593== Invalid read of size 8
==12593==    at 0x17AE0966: qglx_findConfig(_XDisplay*, int, QSurfaceFormat, bool, int) (in /usr/lib64/qt5/plugins/xcbglintegrations/libqxcb-glx-integration.so)
==12593==    by 0x17AE0C1C: qglx_findVisualInfo(_XDisplay*, int, QSurfaceFormat*, int) (in /usr/lib64/qt5/plugins/xcbglintegrations/libqxcb-glx-integration.so)
==12593==    by 0x17ADCF7F: QXcbGlxWindow::createVisual() (in /usr/lib64/qt5/plugins/xcbglintegrations/libqxcb-glx-integration.so)
==12593==    by 0x13C839A5: QXcbWindow::create() (in /usr/lib64/libQt5XcbQpa.so.5.9.1)
==12593==    by 0x13C7099A: QXcbIntegration::createPlatformWindow(QWindow*) const (in /usr/lib64/libQt5XcbQpa.so.5.9.1)
==12593==    by 0x76BC0C5: QWindowPrivate::create(bool, unsigned long long) (in /usr/lib64/libQt5Gui.so.5.9.1)
==12593==    by 0x6F02C44: QWidgetPrivate::create_sys(unsigned long long, bool, bool) (in /usr/lib64/libQt5Widgets.so.5.9.1)
==12593==    by 0x6F032CC: QWidget::create(unsigned long long, bool, bool) (in /usr/lib64/libQt5Widgets.so.5.9.1)
==12593==    by 0x6F0F285: QWidget::setVisible(bool) (in /usr/lib64/libQt5Widgets.so.5.9.1)
==12593==    by 0x701E99F: QMenu::popup(QPoint const&, QAction*) (in /usr/lib64/libQt5Widgets.so.5.9.1)
==12593==    by 0x7029962: QMenuBarPrivate::popupAction(QAction*, bool) (in /usr/lib64/libQt5Widgets.so.5.9.1)
==12593==    by 0x702BB6F: QMenuBarPrivate::setCurrentAction(QAction*, bool, bool) (in /usr/lib64/libQt5Widgets.so.5.9.1)
==12593==  Address 0x20 is not stack'd, malloc'd or (recently) free'd
==12593== 
==12593== 
==12593== Process terminating with default action of signal 11 (SIGSEGV)
==12593==  Access not within mapped region at address 0x20
==12593==    at 0x17AE0966: qglx_findConfig(_XDisplay*, int, QSurfaceFormat, bool, int) (in /usr/lib64/qt5/plugins/xcbglintegrations/libqxcb-glx-integration.so)
==12593==    by 0x17AE0C1C: qglx_findVisualInfo(_XDisplay*, int, QSurfaceFormat*, int) (in /usr/lib64/qt5/plugins/xcbglintegrations/libqxcb-glx-integration.so)
==12593==    by 0x17ADCF7F: QXcbGlxWindow::createVisual() (in /usr/lib64/qt5/plugins/xcbglintegrations/libqxcb-glx-integration.so)
==12593==    by 0x13C839A5: QXcbWindow::create() (in /usr/lib64/libQt5XcbQpa.so.5.9.1)
==12593==    by 0x13C7099A: QXcbIntegration::createPlatformWindow(QWindow*) const (in /usr/lib64/libQt5XcbQpa.so.5.9.1)
==12593==    by 0x76BC0C5: QWindowPrivate::create(bool, unsigned long long) (in /usr/lib64/libQt5Gui.so.5.9.1)
==12593==    by 0x6F02C44: QWidgetPrivate::create_sys(unsigned long long, bool, bool) (in /usr/lib64/libQt5Widgets.so.5.9.1)
==12593==    by 0x6F032CC: QWidget::create(unsigned long long, bool, bool) (in /usr/lib64/libQt5Widgets.so.5.9.1)
==12593==    by 0x6F0F285: QWidget::setVisible(bool) (in /usr/lib64/libQt5Widgets.so.5.9.1)
==12593==    by 0x701E99F: QMenu::popup(QPoint const&, QAction*) (in /usr/lib64/libQt5Widgets.so.5.9.1)
==12593==    by 0x7029962: QMenuBarPrivate::popupAction(QAction*, bool) (in /usr/lib64/libQt5Widgets.so.5.9.1)
==12593==    by 0x702BB6F: QMenuBarPrivate::setCurrentAction(QAction*, bool, bool) (in /usr/lib64/libQt5Widgets.so.5.9.1)
==12593==  If you believe this happened as a result of a stack
==12593==  overflow in your program's main thread (unlikely but
==12593==  possible), you can try to increase the size of the
==12593==  main thread stack using the --main-stacksize= flag.
==12593==  The main thread stack size used in this run was 8388608.
==12593== 
==12593== HEAP SUMMARY:
==12593==     in use at exit: 5,896,989 bytes in 58,834 blocks
==12593==   total heap usage: 262,184 allocs, 203,350 frees, 31,810,371 bytes allocated
==12593== 
==12593== LEAK SUMMARY:
==12593==    definitely lost: 11,776 bytes in 32 blocks
==12593==    indirectly lost: 17,486 bytes in 670 blocks
==12593==      possibly lost: 1,122,601 bytes in 3,925 blocks
==12593==    still reachable: 4,745,126 bytes in 54,207 blocks
==12593==                       of which reachable via heuristic:
==12593==                         newarray           : 1,608 bytes in 47 blocks
==12593==                         multipleinheritance: 65,848 bytes in 81 blocks
==12593==         suppressed: 0 bytes in 0 blocks
==12593== Rerun with --leak-check=full to see details of leaked memory
==12593== 
==12593== For counts of detected and suppressed errors, rerun with: -v
==12593== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
Segmentation fault (core dumped)
Comment 1 David Edmundson 2017-09-10 03:00:36 UTC 
Then don't set that flag...

But in any case, the bug isn't with plasmashell, from your own report okular is crashing too.

Please report to Qt
Comment 2 David Edmundson 2017-09-10 03:05:45 UTC 
Edit.

As it's the menu it could be the plasma-integration qpt acting as the difference.

If you unset any env vars that mention KDE and it goes away please reassign to plasma-integration.
Comment 3 Tristan Miller 2017-09-10 09:10:56 UTC 
(In reply to David Edmundson from comment #2)
> Edit.
> As it's the menu it could be the plasma-integration qpt acting as the
> difference.
> 
> If you unset any env vars that mention KDE and it goes away please reassign
> to plasma-integration.

Even with those environment variables unset (or indeed, with all environment variables unset), I can still reproduce the issue.

I can report the issue to Qt, but it does seem strange than the problem is reproducible only when running KDE applications through Plasma.  As I mentioned, I haven't been able to reproduce the issue when running non-KDE Qt applications, nor when running any applications (KDE, Qt, or other) on other desktop environments.
Comment 4 Tristan Miller 2017-09-10 09:51:03 UTC 
(In reply to David Edmundson from comment #1)
> Then don't set that flag...

On further investigation, it seems that the vanilla Emacs distribution does not set this environment variable.  Rather, it is set by a wrapper script included in the Emacs package from openSUSE (and possibly other distributions).  I've asked downstream about the purpose of this flag and whether it can be removed pending a fix for this issue: https://bugzilla.opensuse.org/show_bug.cgi?id=1057971
Comment 5 David Edmundson 2017-09-10 10:00:03 UTC 
It seems to be the breeze qstyle which is the difference.

Can you set to "Fusion" (which is a much simpler one) and confirm?
Comment 6 Kai Uwe Broulik 2017-09-10 10:10:17 UTC 
I can reproduce also with Fusion and Windows style. It seems to be QToolTip causing this.
When I start Dolphin or System Settings they crash right away when creating a KToolTipWidget whereas Okular crashes as soon as I hover a tool button which spawns a QToolTip.
Comment 7 Tristan Miller 2017-09-10 13:20:17 UTC 
When I set my widget style to Fusion or MS Windows 9x, I am no longer able to trigger the crash using the method described in my OP (i.e., launching Okular and then activating a pull-down menu).  However, like Kai, Dolphin consistently crashes on launch no matter what widget style is selected.
Comment 8 Kai Uwe Broulik 2017-09-12 14:09:41 UTC 
Kwrite does not crash with Fusion style at all. It crashes with Oxygen and Breeze as soon as a tooltip appears.

Better backtrace:

Thread 1 "dolphin" received signal SIGSEGV, Segmentation fault.
#0  qglx_findConfig (display=display@entry=0x64aae0, screen=screen@entry=0, format=..., highestPixelFormat=highestPixelFormat@entry=false, drawableBit=drawableBit@entry=1)
    at qglxconvenience.cpp:206
#1  0x00007ffff7fec1f4 in qglx_findVisualInfo (display=0x64aae0, screen=screen@entry=0, format=format@entry=0xa82310, drawableBit=drawableBit@entry=1) at qglxconvenience.cpp:233
#2  0x00007ffff7fe768d in QXcbGlxWindow::createVisual (this=0xa822b0) at qxcbglxwindow.cpp:61
#3  0x00007fffe4827f4c in QXcbWindow::create (this=0xa822b0) at qxcbwindow.cpp:424
#4  0x00007fffe480ee2f in QXcbIntegration::createPlatformWindow (this=<optimized out>, window=0xa81d20) at qxcbintegration.cpp:205
#5  0x00007ffff275c4e1 in QWindowPrivate::create (this=0xa81d80, recursive=recursive@entry=false, nativeHandle=nativeHandle@entry=0) at kernel/qwindow.cpp:438
#6  0x00007ffff275c83f in QWindow::create (this=this@entry=0xa81d20) at kernel/qwindow.cpp:619
#7  0x00007ffff2d16304 in QWidgetPrivate::create_sys (this=this@entry=0xa81620, window=window@entry=0, initializeWindow=initializeWindow@entry=true, 
    destroyOldWindow=destroyOldWindow@entry=true) at kernel/qwidget.cpp:1478
#8  0x00007ffff2d15909 in QWidget::create (this=this@entry=0xa815e0, window=window@entry=0, initializeWindow=initializeWindow@entry=tr
    at kernel/qwidget.cpp:1338
#9  0x00007ffff2d15c92 in QWidgetPrivate::createWinId (this=<optimized out>) at kernel/qwidget.cpp:2581
#10 0x00007ffff2d165eb in QWidget::createWinId (this=<optimized out>) at kernel/qwidget.cpp:2600
#11 0x00007ffff4624abf in KToolTipWidget::KToolTipWidget(QWidget*) () from /usr/lib/x86_64-linux-gnu/libKF5WidgetsAddons.so.5
#12 0x00007ffff74d7a7e in ?? () from /usr/lib/x86_64-linux-gnu/libdolphinprivate.so.5
#13 0x00007ffff74cc8d2 in DolphinView::DolphinView(QUrl const&, QWidget*) () from /usr/lib/x86_64-linux-gnu/libdolphinprivate.so.5
Comment 9 Kai Uwe Broulik 2017-09-12 14:12:05 UTC 
Seems to crash accessing a nullptr returned by glXGetVisualFromFBConfig which according to docs can return null:

"If config is a valid GLX frame buffer configuration and it has an associated X Visual, then information describing that visual is returned; otherwise NULL is returned. Use XFree to free the data returned."

https://www.khronos.org/registry/OpenGL-Refpages/gl2.1/xhtml/glXGetVisualFromFBConfig.xml

And it probably does here because you explicitly told it to skip some visuals
Comment 10 Kai Uwe Broulik 2017-09-12 14:21:30 UTC 
Qt patch https://codereview.qt-project.org/#/c/205268/
Comment 11 auxsvr 2020-06-06 08:18:05 UTC 
Using openSUSE 15.1, this report is still valid, as XLIB_SKIP_ARGB_VISUALS='' still crashes okular 1.10.0.
Comment 12 Tristan Miller 2020-06-06 12:03:04 UTC 
(In reply to auxsvr from comment #11)
> Using openSUSE 15.1, this report is still valid, as
> XLIB_SKIP_ARGB_VISUALS='' still crashes okular 1.10.0.

Not reproducible for me with openSUSE 15.1 (KDE 5.55.0, Qt 5.9.7). I tried various applications (Okular 1.6.3, Dolphin) and various widget styles (Breeze, Fusion). What version of Qt are you running? Is it possible it's an old version that doesn't contain Kai's patch?
Comment 13 auxsvr 2020-06-06 13:15:22 UTC 
Using KDE Frameworks 5.70.0, Qt 5.14.1 and breeze dark, okular is crashing when launched from emacs, unless I change the code in /usr/bin/emacs to prevent it from defining XLIB_SKIP_ARGB_VISUALS. How can this be if the patch is in Qt 5.9.7?
Comment 14 Tristan Miller 2020-09-06 16:03:25 UTC 
I also can't reproduce this problem with openSUSE Tumbleweed.

auxsvr@gmail.com, openSUSE Leap 15.1 is due to be EOL'd in two months.  Perhaps you could upgrade to 15.2 and try testing again?
Comment 15 auxsvr 2020-09-10 05:57:28 UTC 
I confirm that on openSUSE 15.2 okular no longer crashes, even though XLIB_SKIP_ARGB_VISUALS=1 is defined.