500326 – Things crash in QArrayDataPointer<QInputDevice const*>::data under various circumstances with Qt 6.8.2

Bug 500326 - Things crash in QArrayDataPointer<QInputDevice const*>::data under various circumstances with Qt 6.8.2

Summary: Things crash in QArrayDataPointer<QInputDevice const*>::data under various ci...

Status:	RESOLVED UPSTREAM

Alias:	None

Product:	kde
Classification:	I don't know
Component:	general (other bugs)
Version First Reported In:	unspecified
Platform:	Other Linux

Importance:	VHI crash
Target Milestone:	---
Assignee:	Unassigned bugs

URL:	https://bugreports.qt.io/browse/QTBUG...
Keywords:

Duplicates (11):	499695 499919 500252 500589 500759 500803 500930 501173 501286 501605 502575 (view as bug list)
Depends on:
Blocks:

Reported:	2025-02-18 15:41 UTC by Nate Graham
Modified:	2025-04-08 17:58 UTC (History)
CC List:	10 users (show)

See Also:
Latest Commit:
Version Fixed In:	Qt 6.8.3
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Nate Graham 2025-02-18 15:41:33 UTC

Example backtrace from Bug 499919, reproducible by changing something in the Accessibility KCM and applying:

#5  QArrayDataPointer<QInputDevice const*>::data (this=0x0) at /usr/src/debug/qt6-qtbase-6.8.2-2.fc41.x86_64/src/corelib/tools/qarraydatapointer.h:120
#6  QArrayDataPointer<QInputDevice const*>::constEnd (this=0x0) at /usr/src/debug/qt6-qtbase-6.8.2-2.fc41.x86_64/src/corelib/tools/qarraydatapointer.h:127
#7  QList<QInputDevice const*>::cend (this=0x0) at /usr/src/debug/qt6-qtbase-6.8.2-2.fc41.x86_64/src/corelib/tools/qlist.h:644
#8  QtPrivate::sequential_erase_one<QList<QInputDevice const*>, QInputDevice const*> (c=..., t=<synthetic pointer>: <optimized out>) at /usr/src/debug/qt6-qtbase-6.8.2-2.fc41.x86_64/src/corelib/tools/qcontainertools_impl.h:389
#9  QList<QInputDevice const*>::removeOne<QInputDevice const*> (this=0x0, t=<synthetic pointer>: <optimized out>) at /usr/src/debug/qt6-qtbase-6.8.2-2.fc41.x86_64/src/corelib/tools/qlist.h:613
#10 QInputDevicePrivate::unregisterDevice (dev=dev@entry=0x55b5d53f0a50) at /usr/src/debug/qt6-qtbase-6.8.2-2.fc41.x86_64/src/gui/kernel/qinputdevice.cpp:360
#11 0x00007f528d2fe793 in QInputDevice::~QInputDevice (this=this@entry=0x55b5d53f0a50, __in_chrg=<optimized out>) at /usr/src/debug/qt6-qtbase-6.8.2-2.fc41.x86_64/src/gui/kernel/qinputdevice.cpp:110
#12 0x00007f528d330a97 in QPointingDevice::~QPointingDevice (this=this@entry=0x55b5d53f0a50, __in_chrg=<optimized out>) at /usr/src/debug/qt6-qtbase-6.8.2-2.fc41.x86_64/src/gui/kernel/qpointingdevice.cpp:168
#13 0x00007f527b182fcf in QXcbScrollingDevice::~QXcbScrollingDevice (this=0x55b5d53f0a50, __in_chrg=<optimized out>) at /usr/src/debug/qt6-qtbase-6.8.2-2.fc41.x86_64/src/plugins/platforms/xcb/qxcbscrollingdevice_p.h:29
#14 QXcbScrollingDevice::~QXcbScrollingDevice (this=0x55b5d53f0a50, __in_chrg=<optimized out>) at /usr/src/debug/qt6-qtbase-6.8.2-2.fc41.x86_64/src/plugins/platforms/xcb/qxcbscrollingdevice_p.h:29
#15 0x00007f528cb4b8ae in QObject::event (this=0x55b5d53f0a50, e=0x55b5d53f0a70) at /usr/src/debug/qt6-qtbase-6.8.2-2.fc41.x86_64/src/corelib/kernel/qobject.cpp:1403
#16 0x00007f528de3d9b8 in QApplicationPrivate::notify_helper (this=<optimized out>, receiver=0x55b5d53f0a50, e=0x55b5d53f0a70) at /usr/src/debug/qt6-qtbase-6.8.2-2.fc41.x86_64/src/widgets/kernel/qapplication.cpp:3296
#17 0x00007f528caf3590 in QCoreApplication::notifyInternal2 (receiver=0x55b5d53f0a50, event=0x55b5d53f0a70) at /usr/src/debug/qt6-qtbase-6.8.2-2.fc41.x86_64/src/corelib/kernel/qcoreapplication.cpp:1172
#18 0x00007f528caf37ed in QCoreApplication::sendEvent (receiver=<optimized out>, event=<optimized out>) at /usr/src/debug/qt6-qtbase-6.8.2-2.fc41.x86_64/src/corelib/kernel/qcoreapplication.cpp:1612
#19 0x00007f528caf6f51 in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=52, data=0x55b5d53af9c0) at /usr/src/debug/qt6-qtbase-6.8.2-2.fc41.x86_64/src/corelib/kernel/qcoreapplication.cpp:1946
#20 0x00007f528caf71fd in QCoreApplication::sendPostedEvents (receiver=<optimized out>, event_type=<optimized out>) at /usr/src/debug/qt6-qtbase-6.8.2-2.fc41.x86_64/src/corelib/kernel/qcoreapplication.cpp:1800
#21 0x00007f528ccb55c9 in operator() (__closure=<optimized out>) at /usr/src/debug/qt6-qtbase-6.8.2-2.fc41.x86_64/src/corelib/thread/qthread_unix.cpp:403
#22 (anonymous namespace)::terminate_on_exception<QThreadPrivate::finish()::<lambda()> >(struct {...} &&) (t=<optimized out>) at /usr/src/debug/qt6-qtbase-6.8.2-2.fc41.x86_64/src/corelib/thread/qthread_unix.cpp:311
#23 0x00007f528ccb5895 in QThreadPrivate::finish (this=<optimized out>) at /usr/src/debug/qt6-qtbase-6.8.2-2.fc41.x86_64/src/corelib/thread/qthread_unix.cpp:386
#24 destroy_current_thread_data (p=0x55b5d53af9c0) at /usr/src/debug/qt6-qtbase-6.8.2-2.fc41.x86_64/src/corelib/thread/qthread_unix.cpp:130
#25 Cleanup::~Cleanup (this=<optimized out>, __in_chrg=<optimized out>) at /usr/src/debug/qt6-qtbase-6.8.2-2.fc41.x86_64/src/corelib/thread/qthread_unix.cpp:180
#26 0x00007f528c429180 in __cxa_finalize (d=0x7f528d079020) at cxa_finalize.c:97
#27 0x00007f528ca53a97 in __do_global_dtors_aux () at /lib64/libQt6Core.so.6
#28 0x00007ffe4220dcc0 in ??? ()
#29 0x00007f528e9c20f2 in _dl_call_fini (closure_map=0x7f528e640a60) at dl-call_fini.c:43


Very likely a Qt bug somewhere.

Comment 1 Nate Graham 2025-02-18 15:41:43 UTC

*** Bug 499919 has been marked as a duplicate of this bug. ***

Comment 2 Nate Graham 2025-02-18 15:41:47 UTC

*** Bug 500252 has been marked as a duplicate of this bug. ***

Comment 3 Nicolas Fella 2025-02-18 15:43:46 UTC

https://bugreports.qt.io/browse/QTBUG-133776

Comment 4 Nate Graham 2025-02-18 15:45:06 UTC

*** Bug 499695 has been marked as a duplicate of this bug. ***

Comment 5 Nate Graham 2025-02-18 15:57:02 UTC

Thanks! If it's only fixed in Qt 6.9.0, we'll probably want a backport somewhere, either in Qt or done by distros. Possibly both.

Comment 6 Nicolas Fella 2025-02-18 19:36:10 UTC

The cherry-pick to 6.8 is pending: https://codereview.qt-project.org/c/qt/qtbase/+/624949

Comment 7 Nate Graham 2025-02-18 21:44:14 UTC

Perfect!

Comment 8 cwo 2025-02-23 23:32:56 UTC

*** Bug 500589 has been marked as a duplicate of this bug. ***

Comment 9 Nicolas Fella 2025-02-26 11:32:17 UTC

*** Bug 500759 has been marked as a duplicate of this bug. ***

Comment 10 Harald Sitter 2025-03-01 13:12:19 UTC

*** Bug 500803 has been marked as a duplicate of this bug. ***

Comment 11 cwo 2025-03-02 20:34:15 UTC

*** Bug 500930 has been marked as a duplicate of this bug. ***

Comment 12 Nicolas Fella 2025-03-07 14:32:15 UTC

*** Bug 501173 has been marked as a duplicate of this bug. ***

Comment 13 Nicolas Fella 2025-03-10 10:08:28 UTC

*** Bug 501286 has been marked as a duplicate of this bug. ***

Comment 14 cwo 2025-03-18 19:30:24 UTC

*** Bug 501605 has been marked as a duplicate of this bug. ***

Comment 15 cwo 2025-03-18 19:54:58 UTC

*** Bug 501605 has been marked as a duplicate of this bug. ***

Comment 16 Nicolas Fella 2025-04-08 17:58:36 UTC

*** Bug 502575 has been marked as a duplicate of this bug. ***