359758 2016-02-24 16:30:14 +0000 Dolphin crashes on exit when you specify the --icon command line parameter 2017-06-26 14:44:33 +0000 1 1 3 Frameworks and Libraries frameworks-frameworkintegration general unspecified openSUSE Linux RESOLVED UPSTREAM NOR crash --- 1 wbauer1 kdelibs-bugs-null aspotashev cpigat242 crglasoe elvis.angelaccio frank78ac inssecure montel mrbm74 ohtf.xqr 0 oldest_to_newest 1578618 0 wbauer1 2016-02-24 16:30:14 +0000 When you specify a window icon via the --icon parameter, dolphin crashes on exit with the following backtrace: Application: dolphin (dolphin), signal: Segmentation fault Using host libthread_db library "/lib64/libthread_db.so.1". [KCrash Handler] #5 0x00007f96a8e963d4 in QHash<QString, QHashDummyValue>::deleteNode2(QHashData::Node*) (node=0x2514240) at /usr/include/qt5/QtCore/qbasicatomic.h:118 #6 0x00007f96a59a96b9 in QHashData::free_helper(void (*)(QHashData::Node*)) (this=0x20128b0, node_delete=0x7f96a8e963d0 <QHash<QString, QHashDummyValue>::deleteNode2(QHashData::Node*)>) at tools/qhash.cpp:491 #7 0x00007f96a8e9304d in KIconLoader::~KIconLoader() (this=<optimized out>, x=<optimized out>) at /usr/include/qt5/QtCore/qhash.h:621 #8 0x00007f96a8e9304d in KIconLoader::~KIconLoader() (this=0x1fdb170, __in_chrg=<optimized out>) at /usr/include/qt5/QtCore/qhash.h:342 #9 0x00007f96a8e9304d in KIconLoader::~KIconLoader() (this=0x1fdb170, __in_chrg=<optimized out>) at /usr/include/qt5/QtCore/qset.h:46 #10 0x00007f96a8e9304d in KIconLoader::~KIconLoader() (this=0x1fdb100, __in_chrg=<optimized out>) at /usr/src/debug/kiconthemes-5.19.0/src/kiconloader.cpp:147 #11 0x00007f96a8e9304d in KIconLoader::~KIconLoader() (this=0x7f96a90a8bb0 <(anonymous namespace)::Q_QGS_globalIconLoader::innerFunction()::holder>, __in_chrg=<optimized out>) at /usr/src/debug/kiconthemes-5.19.0/src/kiconloader.cpp:560 #12 0x00007f96a8e931e9 in (anonymous namespace)::Q_QGS_globalIconLoader::innerFunction()::Holder::~Holder() () at /usr/src/debug/kiconthemes-5.19.0/src/kiconloader.cpp:1624 #13 0x00007f96ab788b19 in __run_exit_handlers () at /lib64/libc.so.6 #14 0x00007f96ab788b65 in () at /lib64/libc.so.6 #15 0x00007f96ab772b0c in __libc_start_main () at /lib64/libc.so.6 #16 0x00000000004007be in _start () This is with dolphin 15.12.2 (but it also happens with 15.12.1 and 15.12.0), Qt 5.5.1 and KDE Frameworks 5.19.0. Reproducible: Always Steps to Reproduce: 1. run e.g. "dolphin --icon system-file-manager" 2. close dolphin Actual Results: Dolphin crashes with the mentioned backtrace. Expected Results: Dolphin should exit cleanly. I cannot reproduce the crash with any other KF5 application, so it seems to be something specific to dolphin. Downgrading KDE Frameworks to 5.16.0 eliminates the crash, so it seems to be caused by some change in Frameworks between 5.16.0 and 5.19.0. http://bugzilla.opensuse.org/show_bug.cgi?id=965514 would suggest it started with 5.18.0. Only downgrading kiconthemes does not help though. I'll try to find out which change exactly causes this. 1579000 1 frank78ac 2016-02-25 23:26:32 +0000 I can confirm this. I wonder if this is related to the recent QString -> QStringLiteral changes. It crashes in the destructor of KIconLoader's mAvailableIcons member, which is a QSet<QString>. Maybe the global static KIconLoader gets destoyed after the library that has the read-only QStringLiteral data has already been unloaded? In that case, it seems likely that the application will crash. This makes me wonder if using QStringLiteral everywhere is really a good idea, since you never know if the QString will end up in a global static object at some point. (In reply to Wolfgang Bauer from comment #0) > I'll try to find out which change exactly causes this. That would be great! 1579003 2 97559 frank78ac 2016-02-26 00:02:24 +0000 Created attachment 97559 Add some debug output to KIconLoader 1579005 3 frank78ac 2016-02-26 00:12:25 +0000 I hacked some debug output into KIconLoader::hasIcon(const QString&), to see the address of the internal data for each string, and to the KIconLoader destructor, where I first print the address of a string and then try to print the string itself. This way, I found that the string "dialog-close" is the culprit, which I found with grep in frameworkintegration (src/kstyle/kstyle.cpp). It was made a QStringLiteral in this commit, which was made between 5.16 and 5.17: https://quickgit.kde.org/?p=frameworkintegration.git&a=commit&h=7bbc6c98222eb6db988ed78fc334ad9eef0bb6fb Reverting that commit fixes the crash for me. I'll assign to frameworkintegration and CC Laurent, who committed this change. It seems that we have to think about whether a) Everyone who makes QString -> QStringLiteral replacements should be EXTREMELY careful (which is very difficult, since it is not always obvious if passing a QString to a function will result in the string being stored in a global static object), b) Classes like KIconLoader, which are used as global static objects, should copy all strings that they get to the heap in order to prevent such crashes (which might also be difficult to do consistently). 1579072 4 wbauer1 2016-02-26 14:09:10 +0000 (In reply to Frank Reininghaus from comment #3) > https://quickgit.kde.org/?p=frameworkintegration. > git&a=commit&h=7bbc6c98222eb6db988ed78fc334ad9eef0bb6fb > > Reverting that commit fixes the crash for me. Yes, I found this out myself too meanwhile. Btw, I was wrong, sorry. The crash does not only happen with dolphin, but also other applications (not all though, I couldn't reproduce it with the ones I tried earlier). 1584985 5 aspotashev 2016-03-27 16:44:49 +0000 I've just got a similar stacktrace from Lokalize-15.12.2 with KF 5.20.0. 1585024 6 aspotashev 2016-03-27 18:54:44 +0000 (In reply to Alexander Potashev from comment #5) > I've just got a similar stacktrace from Lokalize-15.12.2 with KF 5.20.0. ===== Application: lokalize (lokalize), signal: Segmentation fault Using host libthread_db library "/lib64/libthread_db.so.1". [Current thread is 1 (Thread 0x7f2caa9f57c0 (LWP 8907))] Thread 2 (Thread 0x7f2ca3fff700 (LWP 8909)): #0 0x00007f2cb6c6baed in poll () from /lib64/libc.so.6 #1 0x00007f2cb22c3f14 in g_main_context_iterate.isra () from /usr/lib64/libglib-2.0.so.0 #2 0x00007f2cb22c402c in g_main_context_iteration () from /usr/lib64/libglib-2.0.so.0 #3 0x00007f2cb7853dcb in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib64/libQt5Core.so.5 #4 0x00007f2cb77fe79b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib64/libQt5Core.so.5 #5 0x00007f2cb764da9c in QThread::exec() () from /usr/lib64/libQt5Core.so.5 #6 0x00007f2cbbaad2c8 in QDBusConnectionManager::run() () from /usr/lib64/libQt5DBus.so.5 #7 0x00007f2cb7653430 in QThreadPrivate::start(void*) () from /usr/lib64/libQt5Core.so.5 #8 0x00007f2cb3d87314 in start_thread () from /lib64/libpthread.so.0 #9 0x00007f2cb6c746dd in clone () from /lib64/libc.so.6 Thread 1 (Thread 0x7f2caa9f57c0 (LWP 8907)): [KCrash Handler] #6 0x00007f2cb646bc64 in QHash<QString, QHashDummyValue>::deleteNode2(QHashData::Node*) () from /usr/lib64/libKF5IconThemes.so.5 #7 0x00007f2cb76abd19 in QHashData::free_helper(void (*)(QHashData::Node*)) () from /usr/lib64/libQt5Core.so.5 #8 0x00007f2cb6468b9c in KIconLoader::~KIconLoader() () from /usr/lib64/libKF5IconThemes.so.5 #9 0x00007f2cb6468bf9 in (anonymous namespace)::Q_QGS_globalIconLoader::innerFunction()::Holder::~Holder() () from /usr/lib64/libKF5IconThemes.so.5 #10 0x00007f2cb6bc38f9 in __run_exit_handlers () from /lib64/libc.so.6 #11 0x00007f2cb6bc3945 in exit () from /lib64/libc.so.6 #12 0x00007f2cb6bae85c in __libc_start_main () from /lib64/libc.so.6 #13 0x00000000004790f9 in _start () 1618363 7 wbauer1 2016-09-01 12:06:46 +0000 *** Bug 365794 has been marked as a duplicate of this bug. *** 1618365 8 wbauer1 2016-09-01 12:09:59 +0000 *** Bug 365163 has been marked as a duplicate of this bug. *** 1627860 9 wbauer1 2016-09-27 09:53:40 +0000 Sounds related to https://bugreports.qt.io/browse/QTBUG-50829. In any case, the mentioned patch there fixes the crash for me. 1653169 10 cfeck 2017-01-09 23:00:36 +0000 *** Bug 374733 has been marked as a duplicate of this bug. *** 1653171 11 cfeck 2017-01-09 23:01:19 +0000 *** Bug 369798 has been marked as a duplicate of this bug. *** 1682886 12 elvis.angelaccio 2017-06-16 21:19:13 +0000 Isn't this fixed upstream? I can't reproduce with Qt 5.9 1682950 13 wbauer1 2017-06-17 10:13:18 +0000 (In reply to Elvis Angelaccio from comment #12) > Isn't this fixed upstream? I can't reproduce with Qt 5.9 Yes, it should be fixed since 5.8.0 AFAIK. 5.6.2 does not have the fix AFAICS, I have no idea about the upcoming 5.6.3. https://codereview.qt-project.org/#/c/140750/ 97559 2016-02-26 00:02:24 +0000 2016-02-26 00:02:24 +0000 Add some debug output to KIconLoader debug-KIconLoader-crash.diff text/plain 1175 frank78ac ZGlmZiAtLWdpdCBhL3NyYy9raWNvbmxvYWRlci5jcHAgYi9zcmMva2ljb25sb2FkZXIuY3BwCmlu ZGV4IDc1YWI0ODIuLjg0NDliNWQgMTAwNjQ0Ci0tLSBhL3NyYy9raWNvbmxvYWRlci5jcHAKKysr IGIvc3JjL2tpY29ubG9hZGVyLmNwcApAQCAtMTQ1LDYgKzE0NSwxMiBAQCBwdWJsaWM6CiAKICAg ICB+S0ljb25Mb2FkZXJQcml2YXRlKCkKICAgICB7CisgICAgICAgIGZvciAoY29uc3QgUVN0cmlu ZyAmIHMgOiBtQXZhaWxhYmxlSWNvbnMpIHsKKyAgICAgICAgICAgIGNvbnN0IFFTdHJpbmcgKnRw ID0gJnM7CisgICAgICAgICAgICBjb25zdCB2b2lkICogY29uc3QgKiBwdiA9IHJlaW50ZXJwcmV0 X2Nhc3Q8Y29uc3Qgdm9pZCogY29uc3QgKj4odHApOworICAgICAgICAgICAgcURlYnVnKCkgPDwg IiEhPiB+S0ljb25Mb2FkZXJQcml2YXRlOiIgPDwgKnB2OyAvLyBwcmludCBqdXN0IHRoZSBhZGRy ZXNzIGZvciBkZWJ1Z2dpbmcgLSB0aGUgbmV4dCBsaW5lIG1heSBjYXVzZSBhIGNyYXNoCisgICAg ICAgICAgICBxRGVidWcoKSA8PCAiISE+IH5LSWNvbkxvYWRlclByaXZhdGU6IiA8PCAqcHYgPDwg czsKKyAgICAgICAgfQogICAgICAgICBjbGVhcigpOwogICAgIH0KIApAQCAtMTYxNSw2ICsxNjIx LDExIEBAIGJvb2wgS0ljb25Mb2FkZXI6Omhhc0ljb24oY29uc3QgUVN0cmluZyAmbmFtZSkgY29u c3QKICAgICBib29sIGZvdW5kID0gZC0+bUF2YWlsYWJsZUljb25zLmNvbnRhaW5zKG5hbWUpOwog ICAgIGlmICghZm91bmQgJiYgIWljb25QYXRoKG5hbWUsIEtJY29uTG9hZGVyOjpEZXNrdG9wLCBL SWNvbkxvYWRlcjo6TWF0Y2hCZXN0KS5pc0VtcHR5KCkpIHsKICAgICAgICAgZm91bmQgPSB0cnVl OworICAgICAgICBRU3RyaW5nIHRlc3QgPSBuYW1lOworICAgICAgICBRU3RyaW5nICp0cCA9ICZ0 ZXN0OworICAgICAgICBjb25zdCB2b2lkICoqIHB2ID0gcmVpbnRlcnByZXRfY2FzdDxjb25zdCB2 b2lkKio+KHRwKTsKKyAgICAgICAgcURlYnVnKCkgPDwgIiEhPiBpbnNlcnRpbmc6IiA8PCAqcHYg PDwgbmFtZTsKKyAgICAgICAgLy9xRGVidWcoKSA8PCAiISE+IEtJTDo6aW5zZXJ0OiIgPDwgbmFt ZS5pc0RldGFjaGVkKCkgPDwgbmFtZTsKICAgICAgICAgZC0+bUF2YWlsYWJsZUljb25zLmluc2Vy dChuYW1lKTsKICAgICB9CiAgICAgcmV0dXJuIGZvdW5kOwo=