410867 – Krita crashes on exit when saving tags in Qt's pcre code

Bug 410867 - Krita crashes on exit when saving tags in Qt's pcre code

Summary: Krita crashes on exit when saving tags in Qt's pcre code

Status:	RESOLVED FIXED

Alias:	None

Product:	krita
Classification:	Applications
Component:	Tagging (show other bugs)
Version:	git master (please specify the git hash!)
Platform:	Compiled Sources Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Krita Bugs

URL:
Keywords:

Duplicates (6):	409908 411694 411833 414584 415996 422510 (view as bug list)
Depends on:
Blocks:

Reported:	2019-08-13 06:33 UTC by Raghavendra kamath
Modified:	2020-06-06 09:54 UTC (History)
CC List:	7 users (show)

See Also:
Latest Commit:	https://invent.kde.org/kde/krita/commit/132c646e1eead9ca1f541abe54c78b2564534050
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Raghavendra kamath 2019-08-13 06:33:36 UTC

SUMMARY
In the recent builds from master on arch linux Krita crashes on exit.

Following is the back trace:


Application: krita (krita), signal: Segmentation fault
Using host libthread_db library "/usr/lib/libthread_db.so.1".
[Current thread is 1 (Thread 0x7f0b115d1840 (LWP 5390))]

Thread 3 (Thread 0x7f0aef3d7700 (LWP 5403)):
#0  0x00007f0b15ed0667 in poll () from /usr/lib/libc.so.6
#1  0x00007f0b142c3a80 in ?? () from /usr/lib/libglib-2.0.so.0
#2  0x00007f0b142c3b51 in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#3  0x00007f0b165d19bc in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQt5Core.so.5
#4  0x00007f0b165785ec in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQt5Core.so.5
#5  0x00007f0b163ab2f5 in QThread::exec() () from /usr/lib/libQt5Core.so.5
#6  0x00007f0b163ac520 in ?? () from /usr/lib/libQt5Core.so.5
#7  0x00007f0b1527c57f in start_thread () from /usr/lib/libpthread.so.0
#8  0x00007f0b15edb0e3 in clone () from /usr/lib/libc.so.6

Thread 2 (Thread 0x7f0b07a3d700 (LWP 5395)):
#0  0x00007f0b15ecc18c in read () from /usr/lib/libc.so.6
#1  0x00007f0b142749f0 in ?? () from /usr/lib/libglib-2.0.so.0
#2  0x00007f0b142c2311 in g_main_context_check () from /usr/lib/libglib-2.0.so.0
#3  0x00007f0b142c3a28 in ?? () from /usr/lib/libglib-2.0.so.0
#4  0x00007f0b142c3b51 in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#5  0x00007f0b165d19bc in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQt5Core.so.5
#6  0x00007f0b165785ec in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQt5Core.so.5
#7  0x00007f0b163ab2f5 in QThread::exec() () from /usr/lib/libQt5Core.so.5
#8  0x00007f0b1847eb37 in ?? () from /usr/lib/libQt5DBus.so.5
#9  0x00007f0b163ac520 in ?? () from /usr/lib/libQt5Core.so.5
#10 0x00007f0b1527c57f in start_thread () from /usr/lib/libpthread.so.0
#11 0x00007f0b15edb0e3 in clone () from /usr/lib/libc.so.6

Thread 1 (Thread 0x7f0b115d1840 (LWP 5390)):
[KCrash Handler]
#6  0x00007f0b163b17ac in QThreadStorageData::get() const () from /usr/lib/libQt5Core.so.5
#7  0x00007f0b16461d88 in ?? () from /usr/lib/libQt5Core.so.5
#8  0x00007f0b1447c970 in pcre2_jit_match_16 () from /usr/lib/libpcre2-16.so.0
#9  0x00007f0b14481bd6 in pcre2_match_16 () from /usr/lib/libpcre2-16.so.0
#10 0x00007f0b16461f19 in ?? () from /usr/lib/libQt5Core.so.5
#11 0x00007f0b164659d0 in ?? () from /usr/lib/libQt5Core.so.5
#12 0x00007f0b16465e2c in QRegularExpression::match(QString const&, int, QRegularExpression::MatchType, QFlags<QRegularExpression::MatchOption>) const () from /usr/lib/libQt5Core.so.5
#13 0x00007f0b1876c339 in ?? () from /usr/lib/libQt5Xml.so.5
#14 0x00007f0b18770e96 in QDomDocument::toString(int) const () from /usr/lib/libQt5Xml.so.5
#15 0x00007f0b191af851 in KoResourceTagStore::writeXMLFile (this=0x55d6e7e50650, tagstore=...) at /mnt/attic/krita-build/src/krita/libs/widgets/KoResourceTagStore.cpp:294
#16 0x00007f0b191afcd5 in KoResourceTagStore::serializeTags (this=0x55d6e7e50650) at /usr/include/qt/QtCore/qstringbuilder.h:313
#17 0x00007f0b191afe3e in KoResourceTagStore::~KoResourceTagStore (this=0x55d6e7e50650, __in_chrg=<optimized out>) at /mnt/attic/krita-build/src/krita/libs/widgets/KoResourceTagStore.cpp:58
#18 0x00007f0b1a5fa458 in KoResourceServer<KisResourceBundle, PointerStoragePolicy<KisResourceBundle> >::~KoResourceServer (this=this@entry=0x55d6e979ab90, __in_chrg=<optimized out>) at /mnt/attic/krita-build/src/krita/libs/widgets/KoResourceServer.h:147
#19 0x00007f0b1a5fa793 in KoResourceServerSimpleConstruction<KisResourceBundle, PointerStoragePolicy<KisResourceBundle> >::~KoResourceServerSimpleConstruction (this=0x55d6e979ab90, __in_chrg=<optimized out>) at /mnt/attic/krita-build/src/krita/libs/widgets/KoResourceServer.h:747
#20 KoResourceServerSimpleConstruction<KisResourceBundle, PointerStoragePolicy<KisResourceBundle> >::~KoResourceServerSimpleConstruction (this=0x55d6e979ab90, __in_chrg=<optimized out>) at /mnt/attic/krita-build/src/krita/libs/widgets/KoResourceServer.h:747
#21 0x00007f0b1a5f9011 in KisResourceBundleServerProvider::~KisResourceBundleServerProvider (this=0x7f0b1b6afe60 <(anonymous namespace)::Q_QGS_s_instance::innerFunction()::holder>, __in_chrg=<optimized out>) at /mnt/attic/krita-build/src/krita/libs/ui/KisResourceBundleServerProvider.cpp:56
#22 0x00007f0b1a5f9029 in (anonymous namespace)::Q_QGS_s_instance::Holder::~Holder (this=<optimized out>, __in_chrg=<optimized out>) at /mnt/attic/krita-build/src/krita/libs/ui/KisResourceBundleServerProvider.cpp:38
#23 0x00007f0b15e1be70 in __run_exit_handlers () from /usr/lib/libc.so.6
#24 0x00007f0b15e1bfae in exit () from /usr/lib/libc.so.6
#25 0x00007f0b15e05eea in __libc_start_main () from /usr/lib/libc.so.6
#26 0x000055d6e59fd36e in _start ()
[Inferior 1 (process 5390) detached]


----------------------------------

Operating System: Arch Linux 
KDE Plasma Version: 5.16.4
KDE Frameworks Version: 5.60.0
Qt Version: 5.13.0
Kernel Version: 5.2.8-arch1-1-ARCH
OS Type: 64-bit
Processors: 8 × Intel® Core™ i7-4790K CPU @ 4.00GHz
graphic card - nvidia 750 ti with proprietary drivers

Comment 1 Halla Rempt 2019-08-13 07:38:50 UTC

Do you have any special tags you created yourself? This happens deep inside Qt and the pcre regular expression matching engine.

Comment 2 Raghavendra kamath 2019-08-14 03:56:12 UTC

No I don't have any tags in brush presets other than the default ones, I don't have any tags other than all in brush tips, pattern or other resources

Comment 3 Halla Rempt 2019-08-27 11:27:10 UTC

Since all of this is happening in Qt, I'm wondering whether this is a bug in Qt 5.13, which I don't have on any system yet.

Comment 4 Halla Rempt 2019-09-08 11:28:04 UTC

*** Bug 411694 has been marked as a duplicate of this bug. ***

Comment 5 Halla Rempt 2019-09-12 07:56:29 UTC

*** Bug 411833 has been marked as a duplicate of this bug. ***

Comment 6 wolthera 2019-09-21 14:43:00 UTC

I am going to set this to confirmed, despite the source being mysterious still.

Comment 7 Halla Rempt 2019-10-02 10:41:06 UTC

This likely happens because Krita saves the tag file in a thread other than the application thread: 

(gdb) bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007ffff284a801 in __GI_abort () at abort.c:79
#2  0x00007ffff3222c8b in qt_message_fatal (context=..., message=<synthetic pointer>...)
    at global/qlogging.cpp:1907
#3  QMessageLogger::fatal (this=this@entry=0x7fffffffd410, 
    msg=msg@entry=0x7ffff3515c80 "ASSERT: \"%s\" in file %s, line %d") at global/qlogging.cpp:888
#4  0x00007ffff3222481 in qt_assert (
    assertion=assertion@entry=0x7ffff0f6bd68 "qApp && qApp->thread() == QThread::currentThread()", 
    file=file@entry=0x7ffff0f6bc50 "/home/boud/dev/krita/libs/widgets/KoResourceTagStore.cpp", 
    line=line@entry=296) at global/qglobal.cpp:3261
#5  0x00007ffff0ea2db0 in KoResourceTagStore::writeXMLFile (this=0x55555b2b6e70, tagstore=...)
    at /home/boud/dev/krita/libs/widgets/KoResourceTagStore.cpp:296
#6  0x00007ffff0edafe9 in KoResourceTagStore::serializeTags() ()
    at /usr/include/x86_64-linux-gnu/qt5/QtCore/qstringbuilder.h:313
#7  0x00007ffff0edb1ae in KoResourceTagStore::~KoResourceTagStore (this=0x55555b2b6e70, 
    __in_chrg=<optimized out>) at /home/boud/dev/krita/libs/widgets/KoResourceTagStore.cpp:61
#8  0x00007ffff69cea74 in KoResourceServer<KisResourceBundle, PointerStoragePolicy<KisResourceBundle> >::~KoResourceServer (this=this@entry=0x55555b2a2520, __in_chrg=<optimized out>)
    at /home/boud/dev/krita/libs/widgets/KoResourceServer.h:146
#9  0x00007ffff69cef13 in KoResourceServerSimpleConstruction<KisResourceBundle, PointerStoragePolicy<KisResourceBundle> >::~KoResourceServerSimpleConstruction (this=0x55555b2a2520, __in_chrg=<optimized out>)
    at /home/boud/dev/krita/libs/widgets/KoResourceServer.h:746
#10 KoResourceServerSimpleConstruction<KisResourceBundle, PointerStoragePolicy<KisResourceBundle> >::~KoResourceServerSimpleConstruction (this=0x55555b2a2520, __in_chrg=<optimized out>)
    at /home/boud/dev/krita/libs/widgets/KoResourceServer.h:746
#11 0x00007ffff69cd301 in KisResourceBundleServerProvider::~KisResourceBundleServerProvider (
    this=0x7ffff7dc7940 <_ZZN12_GLOBAL__N_116Q_QGS_s_instance13innerFunctionEvE6holder>, 
    __in_chrg=<optimized out>) at /home/boud/dev/krita/libs/ui/KisResourceBundleServerProvider.cpp:56
#12 0x00007ffff69cd319 in (anonymous namespace)::Q_QGS_s_instance::Holder::~Holder (this=<optimized out>, 
    __in_chrg=<optimized out>) at /home/boud/dev/krita/libs/ui/KisResourceBundleServerProvider.cpp:38
#13 0x00007ffff284d041 in __run_exit_handlers (status=0, listp=0x7ffff2bf5718 <__exit_funcs>, 
    run_list_atexit=run_list_atexit@entry=true, run_dtors=run_dtors@entry=true) at exit.c:108
#14 0x00007ffff284d13a in __GI_exit (status=<optimized out>) at exit.c:139
#15 0x00007ffff282bb9e in __libc_start_main (main=0x555555e4c470 <main>, argc=1, argv=0x7fffffffd898, 
    init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffd888)
    at ../csu/libc-start.c:344
#16 0x0000555555e4eb6a in _start () at /home/boud/dev/krita/krita/main.cc:451

Comment 8 Halla Rempt 2019-10-02 10:50:38 UTC

Git commit ca07d42ca64271689f1a1ea2219b4909bd97f7c1 by Boudewijn Rempt.
Committed on 02/10/2019 at 10:48.
Pushed by rempt into branch 'master'.

Work around a crash in Qt when converting a QDomDocument to a string

In Qt 5.14, if that is done in a thread which is not the gui thread,
QRegularExpression won't have a QThreadStorage and will crash. It is
weird, though, that Qt's exit handlers clear static variables in
non-gui threads.

I'm not sure what changed in Qt: the exit handler or QRegularExpression.

Since we save the tags on every change, the saving on exit isn't strictly
needed, so we can remove that to work around this issue in Qt.

M  +3    -2    libs/widgets/KoResourceTagStore.cpp

https://invent.kde.org/kde/krita/commit/ca07d42ca64271689f1a1ea2219b4909bd97f7c1

Comment 9 Halla Rempt 2019-10-02 10:53:16 UTC

It might even be coincidence in Q_GLOBAL_STATIC(QThreadStorage<QPcreJitStackPointer *>, jitStacks) being destroyed now before KoResourceTagStore.

Comment 10 Halla Rempt 2019-12-04 12:54:44 UTC

*** Bug 414584 has been marked as a duplicate of this bug. ***

Comment 11 Halla Rempt 2019-12-04 12:55:07 UTC

Git commit 132c646e1eead9ca1f541abe54c78b2564534050 by Boudewijn Rempt.
Committed on 04/12/2019 at 12:54.
Pushed by rempt into branch 'krita/4.2'.

Work around a crash in Qt when converting a QDomDocument to a string

In Qt 5.14, if that is done in a thread which is not the gui thread,
QRegularExpression won't have a QThreadStorage and will crash. It is
weird, though, that Qt's exit handlers clear static variables in
non-gui threads.

I'm not sure what changed in Qt: the exit handler or QRegularExpression.

Since we save the tags on every change, the saving on exit isn't strictly
needed, so we can remove that to work around this issue in Qt.

M  +3    -2    libs/widgets/KoResourceTagStore.cpp

https://invent.kde.org/kde/krita/commit/132c646e1eead9ca1f541abe54c78b2564534050

Comment 12 Halla Rempt 2020-01-08 11:22:22 UTC

*** Bug 415996 has been marked as a duplicate of this bug. ***

Comment 13 Halla Rempt 2020-01-10 14:04:35 UTC

*** Bug 409908 has been marked as a duplicate of this bug. ***

Comment 14 Halla Rempt 2020-06-06 09:54:12 UTC

*** Bug 422510 has been marked as a duplicate of this bug. ***