320791 – Dolphin segfaults on renaming files since commit 6a49661202855aebfb2431ede8abe4f9fc053fa6

Bug 320791 - Dolphin segfaults on renaming files since commit 6a49661202855aebfb2431ede8abe4f9fc053fa6

Summary: Dolphin segfaults on renaming files since commit 6a49661202855aebfb2431ede8ab...

Status:	RESOLVED FIXED

Alias:	None

Product:	dolphin
Classification:	Applications
Component:	general (show other bugs)
Version:	16.12.2
Platform:	Other Linux

Importance:	NOR major
Target Milestone:	---
Assignee:	Dolphin Bug Assignee

URL:
Keywords:	regression, release_blocker, reproducible

Depends on:
Blocks:

Reported:	2013-06-06 01:13 UTC by Hrvoje Senjan
Modified:	2013-06-06 09:52 UTC (History)
CC List:	1 user (show)

See Also:
Latest Commit:	http://commits.kde.org/kde-baseapps/de51a75fc0dcbb10fa7bfc64e1fab3f2e74a1f85
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Hrvoje Senjan 2013-06-06 01:13:30 UTC

Using latest git master, i know new code has been pushed, but i don't know are you aware of this crash ;-)

Reproducible: Always

Steps to Reproduce:
1. Try to rename a file
Actual Results:  
Dolphin segfaults, so unfortunately no backtrace, and running in gdb provides also a segfault. This is what i got with thread apply all backtrace:

Thread 3 (Thread 0x7fffdc9b7700 (LWP 25492)):
#0  0x00007ffff7869c4d in poll () from /lib64/libc.so.6
#1  0x00007fffef07b07c in ?? () from /usr/lib64/libglib-2.0.so.0
#2  0x00007fffef07b1a4 in g_main_context_iteration () from /usr/lib64/libglib-2.0.so.0
#3  0x00007ffff36f2056 in QEventDispatcherGlib::processEvents (this=0x7fffd00008c0, flags=...) at kernel/qeventdispatcher_glib.cpp:427
#4  0x00007ffff36c276f in QEventLoop::processEvents (this=this@entry=0x7fffdc9b6dd0, flags=...) at kernel/qeventloop.cpp:149
#5  0x00007ffff36c29f8 in QEventLoop::exec (this=0x7fffdc9b6dd0, flags=...) at kernel/qeventloop.cpp:204
#6  0x00007ffff35c54f0 in QThread::exec (this=<optimized out>) at thread/qthread.cpp:536
#7  0x00007ffff36a42ff in QInotifyFileSystemWatcherEngine::run (this=0x970180) at io/qfilesystemwatcher_inotify.cpp:256
#8  0x00007ffff35c7ccc in QThreadPrivate::start (arg=0x970180) at thread/qthread_unix.cpp:338
#9  0x00007ffff1c98e0e in start_thread () from /lib64/libpthread.so.0
#10 0x00007ffff7872b9d in clone () from /lib64/libc.so.6

Thread 2 (Thread 0x7fffddbb1700 (LWP 25489)):
#0  0x00007ffff786b9f3 in select () from /lib64/libc.so.6
#1  0x00007ffff36a2552 in QProcessManager::run (this=0x7ffff3a224e0 <processManager()::processManager>) at io/qprocess_unix.cpp:247
#2  0x00007ffff35c7ccc in QThreadPrivate::start (arg=0x7ffff3a224e0 <processManager()::processManager>) at thread/qthread_unix.cpp:338
#3  0x00007ffff1c98e0e in start_thread () from /lib64/libpthread.so.0
#4  0x00007ffff7872b9d in clone () from /lib64/libc.so.6

Thread 1 (Thread 0x7ffff7f8a780 (LWP 25485)):
#0  0x00007ffff7806318 in _int_malloc () from /lib64/libc.so.6
#1  0x00007ffff78079e8 in _int_realloc () from /lib64/libc.so.6
#2  0x00007ffff7808b3d in realloc () from /lib64/libc.so.6
#3  0x00007ffff35c9dfa in QByteArray::realloc (this=this@entry=0x7fffff7ff160, alloc=96) at tools/qbytearray.cpp:1469
---Type <return> to continue, or q <return> to quit---
#4  0x00007ffff35caa6f in QByteArray::append (this=0x7fffff7ff160, ba=...) at tools/qbytearray.cpp:1613
#5  0x00007ffff367d458 in operator+= (a=..., this=0x7fffff7ff160) at ../../src/corelib/tools/qbytearray.h:510
#6  QUrlPrivate::toEncoded (this=0xf179d0, options=...) at io/qurl.cpp:4048
#7  0x00007ffff367d98b in QUrl::toEncoded (this=0x7fffff7ff340, options=...) at io/qurl.cpp:5868
#8  0x00007ffff3b482a2 in KUrl::url (this=0x7fffff7ff340, trailing=<optimized out>)
    at /usr/src/debug/kdelibs-git/kdecore/io/kurl.cpp:1059
#9  0x00007ffff6b90f02 in qHash (item=...) at /opt/kde-unstable/include/kfileitem.h:668
#10 QHash<KFileItem, QHashDummyValue>::findNode (this=this@entry=0x7fffff7ff460, akey=..., ahp=ahp@entry=0x0)
    at /usr/include/QtCore/qhash.h:882
#11 0x00007ffff6b94d87 in contains (akey=..., this=0x7fffff7ff460) at /usr/include/QtCore/qhash.h:874
#12 contains (value=..., this=0x7fffff7ff460) at /usr/include/QtCore/qset.h:91
#13 subtract (other=..., this=0xc14930) at /usr/include/QtCore/qset.h:277
#14 operator-= (other=..., this=0xc14930) at /usr/include/QtCore/qset.h:209
#15 KFileItemModelRolesUpdater::updateChangedItems (this=this@entry=0xc14910)
    at /usr/src/debug/kde-baseapps-git/dolphin/src/kitemviews/kfileitemmodelrolesupdater.cpp:995
#16 0x00007ffff6b959b8 in KFileItemModelRolesUpdater::slotPreviewJobFinished (this=0xc14910, job=<optimized out>)
    at /usr/src/debug/kde-baseapps-git/dolphin/src/kitemviews/kfileitemmodelrolesupdater.cpp:630
#17 0x00007ffff6b95c69 in KFileItemModelRolesUpdater::startPreviewJob (this=0xc14910, items=...)
    at /usr/src/debug/kde-baseapps-git/dolphin/src/kitemviews/kfileitemmodelrolesupdater.cpp:915
#18 0x00007ffff6b9570e in KFileItemModelRolesUpdater::updateChangedItems (this=this@entry=0xc14910)
    at /usr/src/debug/kde-baseapps-git/dolphin/src/kitemviews/kfileitemmodelrolesupdater.cpp:1045
#19 0x00007ffff6b959b8 in KFileItemModelRolesUpdater::slotPreviewJobFinished (this=0xc14910, job=<optimized out>)
    at /usr/src/debug/kde-baseapps-git/dolphin/src/kitemviews/kfileitemmodelrolesupdater.cpp:630
#20 0x00007ffff6b95c69 in KFileItemModelRolesUpdater::startPreviewJob (this=0xc14910, items=...)
    at /usr/src/debug/kde-baseapps-git/dolphin/src/kitemviews/kfileitemmodelrolesupdater.cpp:915
#21 0x00007ffff6b9570e in KFileItemModelRolesUpdater::updateChangedItems (this=this@entry=0xc14910)

Expected Results:  
Shouldn't segfault ;-)

Let me know how can i help further!

Comment 1 Hrvoje Senjan 2013-06-06 01:17:29 UTC

Wrong component i guess. 
Also, i should mention that i tried turning off/on previews, natural sorting, etc, also segfaults.

Comment 2 Jekyll Wu 2013-06-06 01:36:08 UTC

I can reproduce it, too. "git bisect" shows it is introduced by commit 6a49661202855aebfb2431ede8abe4f9fc053fa6 

commit 6a49661202855aebfb2431ede8abe4f9fc053fa6
Author: Frank Reininghaus <frank78ac@googlemail.com>
Date:   4 hours ago

    KFileItemModelRolesUpdater: waste less ressources and fix some bugs

Comment 3 Frank Reininghaus 2013-06-06 06:30:38 UTC

Thanks for the bug report and sorry for the stupid regression. It seems that one of the last things that I changed before pushing the commit broke it. Unfortunately, I can't reproduce the crash here at the moment though - I tried both inline/non-inline renaming, with/without previews. It might be timing-dependent, i.e., it could be that it only happens if done during a particular phase of the preview/icon loading process.

The backtrace provides some hints about what's going wrong - the same function (KFileItemModelRolesUpdater::updateChangedItems) calls itself (with a few frames in between), this looks like it could easily mess things up.

I still don't know how this happens, and I would appreciate any hints that help me reproduce the bug and do some further analysis, but I think we can at least work around the problem by replacing one of the function calls in between by a delayed meata method invocation.

However, this will only change things if previews are enabled. You say that it happens with previews disabled as well, right? Could you please also provide a backtrace for that? It should look different.

Thanks again for your help.

Comment 4 Frank Reininghaus 2013-06-06 06:41:20 UTC

Git commit 0c3305c8d03532884a66f4b883925d0e7086f681 by Frank Reininghaus.
Committed on 06/06/2013 at 08:38.
Pushed by freininghaus into branch 'master'.

startPreviewJob: if items is empty, delay call to slotPreviewJobFinshed

This should prevent that other functions, which start preview jobs,
eventually call themselves and thus cause trouble.

M  +1    -1    dolphin/src/kitemviews/kfileitemmodelrolesupdater.cpp

http://commits.kde.org/kde-baseapps/0c3305c8d03532884a66f4b883925d0e7086f681

Comment 5 Frank Reininghaus 2013-06-06 06:51:01 UTC

Git commit 2226adad4afc26de1975c0c6f75527728ee3b7e0 by Frank Reininghaus.
Committed on 06/06/2013 at 08:49.
Pushed by freininghaus into branch 'master'.

Make calls to resolveNextPendingRoles and resolveNextSortRole delayed

This prevents that functions that call these indirectly call themselves
recursively and cause trouble.

M  +4    -4    dolphin/src/kitemviews/kfileitemmodelrolesupdater.cpp

http://commits.kde.org/kde-baseapps/2226adad4afc26de1975c0c6f75527728ee3b7e0

Comment 6 Frank Reininghaus 2013-06-06 07:01:02 UTC

I did manage to reproduce it in the mean time - it turns out that I did my recent testing with "Sort by Type" enabled, which works around the problem.

The problem was - also with previews disabled - that updateChangedItems() called itself indirectly, and this caused an infinite recursion. Making the call asynchronous fixes this, so there are no crashes any more. But I'll look at this again in detail and check if this recursive calling is caused by some logic error in the code.

Thanks again for your help, Hrvoje and Jekyll! Early testing of recent changes in master is greatly appreciated :-) The benefits of your work for the quality of the code that we'll ship in the betas, and later on, in stable versions, cannot be overestimated!

Comment 7 Frank Reininghaus 2013-06-06 08:03:14 UTC

Git commit de51a75fc0dcbb10fa7bfc64e1fab3f2e74a1f85 by Frank Reininghaus.
Committed on 06/06/2013 at 10:00.
Pushed by freininghaus into branch 'master'.

Ignore a changed item if it cannot be found in the model

This prevents repeated attempts to reload the data for the non-existing
item. This was the root cause of bug 320791.

Thanks to Hrvoje Senjan and Jekyll Wu for testing the new code and
finding this bug!

M  +1    -0    dolphin/src/kitemviews/kfileitemmodelrolesupdater.cpp

http://commits.kde.org/kde-baseapps/de51a75fc0dcbb10fa7bfc64e1fab3f2e74a1f85

Comment 8 Hrvoje Senjan 2013-06-06 09:52:37 UTC

(In reply to comment #6)
> I did manage to reproduce it in the mean time - it turns out that I did my
> recent testing with "Sort by Type" enabled, which works around the problem.
Hm, i haven't tried that originally, but tested few mins ago, and can confirm it doesn't segfault 
with Sort by Type :-)

> The problem was - also with previews disabled - that updateChangedItems()
> called itself indirectly, and this caused an infinite recursion. Making the
> call asynchronous fixes this, so there are no crashes any more. But I'll
> look at this again in detail and check if this recursive calling is caused
> by some logic error in the code.
I can confirm no segfaults now, with the latest commits, thanks for fixing this fast!

> Thanks again for your help, Hrvoje and Jekyll! Early testing of recent
> changes in master is greatly appreciated :-) The benefits of your work for
> the quality of the code that we'll ship in the betas, and later on, in
> stable versions, cannot be overestimated!
No problem :-) Thank you for awesome work on dolphin! :-)