321105 – Crash in TaskManager::TasksModel::rowCount

Bug 321105 - Crash in TaskManager::TasksModel::rowCount

Summary: Crash in TaskManager::TasksModel::rowCount

Status:	RESOLVED FIXED

Alias:	None

Product:	plasma4
Classification:	Unmaintained
Component:	widget-taskbar (show other bugs)
Version:	git master
Platform:	Other Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Plasma Bugs List

URL:
Keywords:	regression

Duplicates (3):	321712 321822 321918 (view as bug list)
Depends on:
Blocks:

Reported:	2013-06-13 11:15 UTC by Hrvoje Senjan
Modified:	2013-07-10 16:20 UTC (History)
CC List:	12 users (show)

See Also:
Latest Commit:	http://commits.kde.org/kde-workspace/9bba9fcd5fb34316eb0787f3c51dc95b6c7d1404
Version Fixed In:
Sentry Crash Report:

Attachments
New crash information added by DrKonqi (9.70 KB, text/plain) 2013-06-23 11:11 UTC, AnAkkk	Details
New crash information added by DrKonqi (11.55 KB, text/plain) 2013-06-26 20:18 UTC, Myriam Schweingruber	Details
New crash information added by DrKonqi (12.43 KB, text/plain) 2013-07-01 09:06 UTC, Bernhard Jungk	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Hrvoje Senjan 2013-06-13 11:15:44 UTC

Crash happens when clicking on grouped task... and it can't be reproduced every time :-/

Reproducible: Sometimes

Steps to Reproduce:
1. Click on grouped task

Actual Results:  
Plasma crashes

Expected Results:  
Shouldn't crash ;-)

Backtrace:

-- Backtrace:
Application: Plasma Desktop Shell (plasma-desktop), signal: Segmentation fault
Using host libthread_db library "/lib64/libthread_db.so.1".
[Current thread is 1 (Thread 0x7f20f104f780 (LWP 6833))]

Thread 4 (Thread 0x7f20cf0bf700 (LWP 6874)):
#0  0x00007f20ef932964 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
#1  0x00007f20e40d5057 in QTWTF::TCMalloc_PageHeap::scavengerThread (this=0x7f20e43e2660 <QTWTF::pageheap_memory>) at ../3rdparty/javascriptcore/JavaScriptCore/wtf/FastMalloc.cpp:2359
#2  0x00007f20e40d5089 in QTWTF::TCMalloc_PageHeap::runScavengerThread (context=<optimized out>) at ../3rdparty/javascriptcore/JavaScriptCore/wtf/FastMalloc.cpp:1464
#3  0x00007f20ef92ee0e in start_thread () from /lib64/libpthread.so.0
#4  0x00007f20ee6a6b9d in clone () from /lib64/libc.so.6

Thread 3 (Thread 0x7f20312fa700 (LWP 7036)):
#0  0x00007f20ee69dc4d in poll () from /lib64/libc.so.6
#1  0x00007f20eb5df07c in ?? () from /usr/lib64/libglib-2.0.so.0
#2  0x00007f20eb5df1a4 in g_main_context_iteration () from /usr/lib64/libglib-2.0.so.0
#3  0x00007f20efcef056 in QEventDispatcherGlib::processEvents (this=0x7f202c0008c0, flags=...) at kernel/qeventdispatcher_glib.cpp:427
#4  0x00007f20efcbf76f in QEventLoop::processEvents (this=this@entry=0x7f20312f9dd0, flags=...) at kernel/qeventloop.cpp:149
#5  0x00007f20efcbf9f8 in QEventLoop::exec (this=0x7f20312f9dd0, flags=...) at kernel/qeventloop.cpp:204
#6  0x00007f20efbc24f0 in QThread::exec (this=<optimized out>) at thread/qthread.cpp:536
#7  0x00007f20efca12ff in QInotifyFileSystemWatcherEngine::run (this=0x373f6b0) at io/qfilesystemwatcher_inotify.cpp:256
#8  0x00007f20efbc4ccc in QThreadPrivate::start (arg=0x373f6b0) at thread/qthread_unix.cpp:338
#9  0x00007f20ef92ee0e in start_thread () from /lib64/libpthread.so.0
#10 0x00007f20ee6a6b9d in clone () from /lib64/libc.so.6

Thread 2 (Thread 0x7f202bfff700 (LWP 7041)):
#0  0x00007f20eb61e6ac in ?? () from /usr/lib64/libglib-2.0.so.0
#1  0x00007f20eb61e919 in g_mutex_unlock () from /usr/lib64/libglib-2.0.so.0
#2  0x00007f20eb5deb01 in g_main_context_check () from /usr/lib64/libglib-2.0.so.0
#3  0x00007f20eb5df015 in ?? () from /usr/lib64/libglib-2.0.so.0
#4  0x00007f20eb5df1a4 in g_main_context_iteration () from /usr/lib64/libglib-2.0.so.0
#5  0x00007f20efcef056 in QEventDispatcherGlib::processEvents (this=0x7f20240008c0, flags=...) at kernel/qeventdispatcher_glib.cpp:427
#6  0x00007f20efcbf76f in QEventLoop::processEvents (this=this@entry=0x7f202bffedc0, flags=...) at kernel/qeventloop.cpp:149
#7  0x00007f20efcbf9f8 in QEventLoop::exec (this=0x7f202bffedc0, flags=...) at kernel/qeventloop.cpp:204
#8  0x00007f20efbc24f0 in QThread::exec (this=<optimized out>) at thread/qthread.cpp:536
#9  0x00007f2032f9b875 in KCupsConnection::run (this=0x4977380) at /home/hrvoje/Src/opt/print-manager/libkcups/KCupsConnection.cpp:303
#10 0x00007f20efbc4ccc in QThreadPrivate::start (arg=0x4977380) at thread/qthread_unix.cpp:338
#11 0x00007f20ef92ee0e in start_thread () from /lib64/libpthread.so.0
#12 0x00007f20ee6a6b9d in clone () from /lib64/libc.so.6

Thread 1 (Thread 0x7f20f104f780 (LWP 6833)):
[KCrash Handler]
#6  0x0000000007bdfe40 in ?? ()
#7  0x00007f20d501b79f in TaskManager::TasksModel::rowCount (this=0x4f15480, parent=...) at /usr/src/debug/kde-workspace-git/libs/taskmanager/tasksmodel.cpp:306
#8  0x00007f20e38eb55d in modelCount (this=0x7df1140) at graphicsitems/qdeclarativevisualitemmodel.cpp:381
#9  QDeclarativeVisualDataModel::setRootIndex (this=0x75e3be0, root=...) at graphicsitems/qdeclarativevisualitemmodel.cpp:875
#10 0x00007f20e3a1f03a in QDeclarativeVisualDataModel::qt_metacall (this=0x75e3be0, _c=QMetaObject::WriteProperty, _id=4, _a=0x7fff9dc6b940) at .moc/release-shared/moc_qdeclarativevisualitemmodel_p.cpp:472
#11 0x00007f20e3930a1d in QDeclarativePropertyPrivate::write (object=0x75e3be0, property=..., value=..., context=0x8147520, flags=...) at qml/qdeclarativeproperty.cpp:1152
#12 0x00007f20e39bc207 in QDeclarativeObjectScriptClass::setProperty (this=0x3b44b40, obj=0x75e3be0, name=<optimized out>, value=..., context=0x7f2028d620f0, evalContext=0x8147520) at qml/qdeclarativeobjectscriptclass.cpp:439
#13 0x00007f20e414b8de in QScript::DeclarativeObjectDelegate::put (this=0x5441170, object=0x7f2029ebdb80, exec=<optimized out>, propertyName=..., value=..., slot=...) at bridge/qscriptdeclarativeobject.cpp:99
#14 0x00007f20e4023aaf in put (slot=..., value=..., propertyName=..., exec=0x7f2028d620f0, this=0x7fff9dc6bc10) at ../3rdparty/javascriptcore/JavaScriptCore/runtime/JSObject.h:658
#15 QTJSC::cti_op_put_by_id_generic (args=0x7fff9dc6bc60) at ../3rdparty/javascriptcore/JavaScriptCore/jit/JITStubs.cpp:1224
#16 0x00007f204eb933d9 in ?? ()
#17 0x00000000022b4370 in ?? ()
#18 0x00007f2029ebdb80 in ?? ()
#19 0x00007f202a20ab40 in ?? ()
#20 0x00007f202a8c17c0 in ?? ()
#21 0x00007f20ef9227c0 in ?? () from /usr/lib64/libQtGui.so.4
#22 0x0000000002225b20 in ?? ()
#23 0x00007fff9dc6c160 in ?? ()
#24 0x00000000022b4370 in ?? ()
#25 0x00000000022b19a0 in ?? ()
#26 0x00007f204eb92c90 in ?? ()
#27 0x00007f2047d84a68 in ?? ()
#28 0x00007f2028d620f0 in ?? ()
#29 0x00007f202a207688 in ?? ()
#30 0x00007f20e43cdda8 in QTJSC::ExecutableAllocator::pageSize () from /usr/lib64/libQtScript.so.4
#31 0x00007f202a206400 in ?? ()
#32 0x00007f2028d620a8 in ?? ()
#33 0x00007f2047fa3930 in ?? ()
#34 0x00007f20e43cdda8 in QTJSC::ExecutableAllocator::pageSize () from /usr/lib64/libQtScript.so.4
#35 0x00007f2028d62048 in ?? ()
#36 0x00007f2028d620f0 in ?? ()
#37 0x00007f2047d84a50 in ?? ()
#38 0x00007f20e3fe1469 in execute (exception=0x7f202a207688, globalData=0x7f202a206400, callFrame=0x200, registerFile=0x7fff9dc6bd18, this=<optimized out>) at ../3rdparty/javascriptcore/JavaScriptCore/jit/JITCode.h:79
#39 QTJSC::Interpreter::execute (this=0x7fff9dc6bd00, functionExecutable=0xffff000000000002, callFrame=0x7f2028d620f0, function=0x7f2029ebdac0, thisObj=<optimized out>, args=..., scopeChain=0x7f202abe26c0, exception=0x7f202a207688) at ../3rdparty/javascriptcore/JavaScriptCore/interpreter/Interpreter.cpp:716
#40 0x00007f20e4073a47 in QTJSC::JSFunction::call (this=0x7f2029ebdac0, exec=0x7f2028d62048, thisValue=..., args=...) at ../3rdparty/javascriptcore/JavaScriptCore/runtime/JSFunction.cpp:122
#41 0x00007f20e4047a9f in QTJSC::call (exec=<optimized out>, functionObject=..., callType=<optimized out>, callData=..., thisValue=..., args=...) at ../3rdparty/javascriptcore/JavaScriptCore/runtime/CallData.cpp:62
#42 0x00007f20e412e5f6 in QScriptValue::call (this=<optimized out>, thisObject=..., args=...) at api/qscriptvalue.cpp:1604
#43 0x00007f20e3926cd5 in QDeclarativeQtScriptExpression::eval (this=this@entry=0x59f14e8, secondaryScope=<optimized out>, isUndefined=0x0) at qml/qdeclarativeexpression.cpp:518
#44 0x00007f20e3929151 in QDeclarativeQtScriptExpression::scriptValue (this=this@entry=0x59f14e8, secondaryScope=secondaryScope@entry=0x0, isUndefined=isUndefined@entry=0x0) at qml/qdeclarativeexpression.cpp:470
#45 0x00007f20e392946e in QDeclarativeExpressionPrivate::scriptValue (this=this@entry=0x59f1460, secondaryScope=secondaryScope@entry=0x0, isUndefined=isUndefined@entry=0x0) at qml/qdeclarativeexpression.cpp:653
#46 0x00007f20e3929602 in QDeclarativeExpressionPrivate::value (this=0x59f1460, secondaryScope=0x0, isUndefined=0x0) at qml/qdeclarativeexpression.cpp:667
#47 0x00007f20e3961143 in QDeclarativeBoundSignal::qt_metacall (this=0x35df3d0, c=<optimized out>, id=<optimized out>, a=0x7fff9dc6c270) at qml/qdeclarativeboundsignal.cpp:199
#48 0x00007f20efcd5193 in QMetaObject::activate (sender=0x7e22570, m=<optimized out>, local_signal_index=<optimized out>, argv=0x0) at kernel/qobject.cpp:3577
#49 0x00007f204e12c998 in DialogProxy::eventFilter (this=0x7e22570, watched=<optimized out>, event=0x7fff9dc6c7f0) at /usr/src/debug/kde-runtime-git/plasma/declarativeimports/core/dialog.cpp:431
#50 0x00007f20efcc0c26 in QCoreApplicationPrivate::sendThroughObjectEventFilters (this=<optimized out>, receiver=0x7e22840, event=0x7fff9dc6c7f0) at kernel/qcoreapplication.cpp:1059
#51 0x00007f20eee4e14c in QApplicationPrivate::notify_helper (this=this@entry=0x22b4370, receiver=receiver@entry=0x7e22840, e=e@entry=0x7fff9dc6c7f0) at kernel/qapplication.cpp:4558
#52 0x00007f20eee50aeb in QApplication::notify (this=0x22b19a0, receiver=0x7e22840, e=0x7fff9dc6c7f0) at kernel/qapplication.cpp:4423
#53 0x00007f20f0a64756 in KApplication::notify (this=0x22b19a0, receiver=0x7e22840, event=0x7fff9dc6c7f0) at /usr/src/debug/kdelibs-git/kdeui/kernel/kapplication.cpp:311
#54 0x00007f20efcc0abe in QCoreApplication::notifyInternal (this=0x22b19a0, receiver=0x7e22840, event=0x7fff9dc6c7f0) at kernel/qcoreapplication.cpp:949
#55 0x00007f20eee9e877 in sendEvent (event=0x7fff9dc6c7f0, receiver=0x7e22840) at ../../src/corelib/kernel/qcoreapplication.h:231
#56 QWidgetPrivate::show_helper (this=this@entry=0x7eb85c0) at kernel/qwidget.cpp:7556
#57 0x00007f20eee9eb62 in QWidget::setVisible (this=0x7e22840, visible=<optimized out>) at kernel/qwidget.cpp:7778
#58 0x00007f204e12c1b0 in DialogProxy::setVisible (this=this@entry=0x7e22570, visible=true) at /usr/src/debug/kde-runtime-git/plasma/declarativeimports/core/dialog.cpp:215
#59 0x00007f204e12d370 in DialogProxy::qt_metacall (this=0x7e22570, _c=QMetaObject::WriteProperty, _id=1, _a=0x7fff9dc6cbd0) at /usr/src/debug/kde-runtime-git/build/plasma/declarativeimports/core/dialog.moc:323
#60 0x00007f20e39135d7 in QDeclarativeVMEMetaObject::metaCall (this=0x7ee61f0, c=QMetaObject::WriteProperty, _id=42, a=0x7fff9dc6cbd0) at qml/qdeclarativevmemetaobject.cpp:673
#61 0x00007f20e3930a1d in QDeclarativePropertyPrivate::write (object=0x7e22570, property=..., value=..., context=0x5546fe0, flags=...) at qml/qdeclarativeproperty.cpp:1152
#62 0x00007f20e39bc207 in QDeclarativeObjectScriptClass::setProperty (this=0x3b44b40, obj=0x7e22570, name=<optimized out>, value=..., context=0x7f2028d62048, evalContext=0x5546fe0) at qml/qdeclarativeobjectscriptclass.cpp:439
#63 0x00007f20e414b8de in QScript::DeclarativeObjectDelegate::put (this=0x52affe0, object=0x7f2029e8d180, exec=<optimized out>, propertyName=..., value=..., slot=...) at bridge/qscriptdeclarativeobject.cpp:99
#64 0x00007f20e402c93a in put (slot=..., value=..., propertyName=..., exec=0x7f2028d62048, this=0x7fff9dc6cea0) at ../3rdparty/javascriptcore/JavaScriptCore/runtime/JSObject.h:658
#65 QTJSC::cti_op_put_by_id (args=0x7fff9dc6cf00) at ../3rdparty/javascriptcore/JavaScriptCore/jit/JITStubs.cpp:1252
#66 0x00007f204e9a87fd in ?? ()
#67 0x0000000000000000 in ?? ()

Comment 1 Anne-Marie Mahfouf 2013-06-13 16:52:24 UTC

I also have this crash
#7  0xaf9c1925 in TaskManager::TasksModel::rowCount (this=0x8f64068, parent=...) at /usr/local/kde-trunk-src/kde/kde-workspace/libs/taskmanager/tasksmodel.cpp:306

And Plasma-desktop does not restart after this crash.

Comment 2 Hrvoje Senjan 2013-06-13 16:56:22 UTC

(In reply to comment #1)
> I also have this crash
> (snip)
> And Plasma-desktop does not restart after this crash.
Here it does. But DrKonqi gets activated only for the first crash

Comment 3 AnAkkk 2013-06-23 11:11:46 UTC

Created attachment 80727 [details]
New crash information added by DrKonqi

plasma-desktop (4.10.80) on KDE Platform 4.10.80 using Qt 4.8.4

Seem to happen when clicking on a grouped task, as the OP said.

-- Backtrace (Reduced):
#5  0x00007ffebbf4d7e9 in TaskManager::TasksModel::rowCount(QModelIndex const&) const () from /usr/lib64/libtaskmanager.so.4
#6  0x00007ffeccb91b8d in modelCount (this=0x16d9390) at graphicsitems/qdeclarativevisualitemmodel.cpp:381
#7  QDeclarativeVisualDataModel::setRootIndex (this=0x16d92f0, root=...) at graphicsitems/qdeclarativevisualitemmodel.cpp:875
#8  0x00007ffecccc430a in QDeclarativeVisualDataModel::qt_metacall (this=0x16d92f0, _c=QMetaObject::WriteProperty, _id=4, _a=0x7ffffcafecf0) at .moc/release-shared/moc_qdeclarativevisualitemmodel_p.cpp:473
#9  0x00007ffeccbd6d7d in QDeclarativePropertyPrivate::write (object=0x16d92f0, property=..., value=..., context=0x16401d0, flags=...) at qml/qdeclarativeproperty.cpp:1152

Comment 4 Myriam Schweingruber 2013-06-26 20:18:42 UTC

Created attachment 80802 [details]
New crash information added by DrKonqi

plasma-desktop (4.10.80) on KDE Platform 4.10.80 using Qt 4.8.4

I have several pdf files open in Okular of which some are minimised. Clicking on the Task Manager to select a specific pdf caused Plasma to crash. Reproducible only sometimes, happened twice today.

-- Backtrace (Reduced):
#6  0x00007faec2476599 in TaskManager::TasksModel::rowCount (this=0x48cc680, parent=...) at ../../../libs/taskmanager/tasksmodel.cpp:306
#7  0x00007faede5b177d in modelCount (this=0x20f9fa0) at graphicsitems/qdeclarativevisualitemmodel.cpp:381
#8  QDeclarativeVisualDataModel::setRootIndex (this=this@entry=0x20f9f00, root=...) at graphicsitems/qdeclarativevisualitemmodel.cpp:875
#9  0x00007faede6e4b3a in QDeclarativeVisualDataModel::qt_metacall (this=0x20f9f00, _c=QMetaObject::WriteProperty, _id=4, _a=0x7fff303a96f0) at .moc/release-shared/moc_qdeclarativevisualitemmodel_p.cpp:473
#10 0x00007faede5f6bcd in QDeclarativePropertyPrivate::write (object=object@entry=0x20f9f00, property=..., value=..., context=context@entry=0x1f72280, flags=...) at qml/qdeclarativeproperty.cpp:1152

Comment 5 Hrvoje Senjan 2013-06-28 13:48:22 UTC

*** Bug 321712 has been marked as a duplicate of this bug. ***

Comment 6 Bernhard Jungk 2013-07-01 09:06:15 UTC

Created attachment 80875 [details]
New crash information added by DrKonqi

plasma-desktop (4.10.90) on KDE Platform 4.10.90 using Qt 4.8.4

- What I was doing when the application crashed:

Click on a grouped task in the plasma taskmanager bar.

-- Backtrace (Reduced):
#7  0x00007f4a6247607f in TaskManager::TasksModel::rowCount (this=0x414e070, parent=...) at ../../../libs/taskmanager/tasksmodel.cpp:306
#8  0x00007f4a7d43177d in modelCount (this=0x1b5cb20) at graphicsitems/qdeclarativevisualitemmodel.cpp:381
#9  QDeclarativeVisualDataModel::setRootIndex (this=this@entry=0x1b5ca80, root=...) at graphicsitems/qdeclarativevisualitemmodel.cpp:875
#10 0x00007f4a7d564b3a in QDeclarativeVisualDataModel::qt_metacall (this=0x1b5ca80, _c=QMetaObject::WriteProperty, _id=4, _a=0x7ffffe6c1700) at .moc/release-shared/moc_qdeclarativevisualitemmodel_p.cpp:473
#11 0x00007f4a7d476bcd in QDeclarativePropertyPrivate::write (object=object@entry=0x1b5ca80, property=..., value=..., context=context@entry=0x1b01fe0, flags=...) at qml/qdeclarativeproperty.cpp:1152

Comment 7 Jekyll Wu 2013-07-01 12:48:32 UTC

*** Bug 321822 has been marked as a duplicate of this bug. ***

Comment 8 Christoph Feck 2013-07-03 21:45:43 UTC

*** Bug 321918 has been marked as a duplicate of this bug. ***

Comment 9 Víctor Fernández Martínez 2013-07-04 18:40:51 UTC

I can always reproduce the issue:

1. Press Alt-Tab to change to another task
2. Click a group of tasks

The crash only happens when following these steps. If you don't press Alt-Tab, it doesn't happen.

Comment 10 Simeon Bird 2013-07-06 19:43:00 UTC

I ran AddressSanitizer on this crash, and it seems to be a use-after-free on a TaskGroup object. But I'm not sure how to fix it.

Comment 11 Eike Hein 2013-07-10 11:28:09 UTC

Git commit 9bba9fcd5fb34316eb0787f3c51dc95b6c7d1404 by Eike Hein.
Committed on 10/07/2013 at 11:27.
Pushed by hein into branch 'KDE/4.11'.

Don't keep a stale model index around.

M  +1    -0    plasma/desktop/applets/tasks/package/contents/ui/GroupDialog.qml

http://commits.kde.org/kde-workspace/9bba9fcd5fb34316eb0787f3c51dc95b6c7d1404

Comment 12 Pascal d'Hermilly 2013-07-10 11:55:54 UTC

Did the fix make it into RC1? Tagging and release is today according to http://techbase.kde.org/Schedules/KDE4/4.11_Release_Schedule

Comment 13 Eike Hein 2013-07-10 12:01:09 UTC

kde-workspace.git only shows v4.10.80 and v4.10.90 tags right now, which should be beta1 and beta2, respectively, so as far as I can see the fix should be making RC1 indeed.

Comment 14 Hrvoje Senjan 2013-07-10 16:20:25 UTC

*** Bug 322202 has been marked as a duplicate of this bug. ***