Bug 219964

Summary: KMail crashes when deleting Unread mail [QModelIndex::parent, QTreeView::indexRowSizeHint, QTreeViewPrivate::itemHeight]
Product: [Unmaintained] kmail Reporter: workingwriter
Component: generalAssignee: kdepim bugs <kdepim-bugs>
Status: RESOLVED FIXED    
Severity: crash CC: andreiamenta, andresbajotierra, bruno, bsdur, bugzilla, capt.kirk, christopher.tanner, clark, daltinn.pbl, dominik, et.schlegel, faure, gabor, georg.wittenburg, gjwbugs, h, info, kde, lacsilva, linuxbeep, lozol, moabi2000, paul.millar, philotech, public, rapsys, tim, vdboor, wuseldusel, zabivator
Priority: NOR    
Version: 1.13.0   
Target Milestone: ---   
Platform: Ubuntu   
OS: Linux   
Latest Commit: Version Fixed In: Qt 4.7.4
Sentry Crash Report:
Attachments: New crash information added by DrKonqi
New crash information added by DrKonqi
New crash information added by DrKonqi
New crash information added by DrKonqi
New crash information added by DrKonqi

Description workingwriter 2009-12-24 15:57:48 UTC 
Application: kmail (1.13.0)
KDE Platform Version: 4.3.85 (KDE 4.3.85 (KDE 4.4 Beta2))
Qt Version: 4.6.0
Operating System: Linux 2.6.31-17-generic i686
Distribution: Ubuntu 9.10

-- Information about the crash:
KMail is set up to show Current, Threaded. I had just changed the display from "Any Status" to "Unread." Read the unread part of a thread, selected four messages to delete. Pressed Delete key, and  KMail crashed. Upon restart, messages still present.

 -- Backtrace:
Application: KMail (kmail), signal: Segmentation fault
[KCrash Handler]
#6  0x019821ca in MessageList::Core::Item::parent() const () from /usr/lib/libmessagelist.so.4
#7  0x038aeee2 in QModelIndex::parent (this=0x92fbac0, index=...) at ../../include/QtCore/../../src/corelib/kernel/qabstractitemmodel.h:389
#8  QTreeView::indexRowSizeHint (this=0x92fbac0, index=...) at itemviews/qtreeview.cpp:2815
#9  0x038af669 in QTreeViewPrivate::itemHeight (this=0x938fc60, item=154) at itemviews/qtreeview.cpp:3234
#10 0x038af9e2 in QTreeViewPrivate::updateScrollBars (this=0x938fc60) at itemviews/qtreeview.cpp:3497
#11 0x038afc85 in QTreeView::updateGeometries (this=0x92fbac0) at itemviews/qtreeview.cpp:2744
#12 0x019bf086 in MessageList::Core::View::updateGeometries() () from /usr/lib/libmessagelist.so.4
#13 0x0199f5b4 in ?? () from /usr/lib/libmessagelist.so.4
#14 0x0199fdde in ?? () from /usr/lib/libmessagelist.so.4
#15 0x019a1d41 in MessageList::Core::Model::qt_metacall(QMetaObject::Call, int, void**) () from /usr/lib/libmessagelist.so.4
#16 0x009ed11a in QMetaObject::metacall (object=0x9321b50, cl=QMetaObject::InvokeMetaMethod, idx=26, argv=0xbfe5fb6c) at kernel/qmetaobject.cpp:237
#17 0x009fb89b in QMetaObject::activate (sender=0x92f8d6c, m=0xafc5a4, local_signal_index=0, argv=0x0) at kernel/qobject.cpp:3294
#18 0x00a4d1c7 in QTimer::timeout (this=0x92f8d6c) at .moc/release-shared/moc_qtimer.cpp:134
#19 0x00a03b4e in QTimer::timerEvent (this=0x92f8d6c, e=0xbfe60030) at kernel/qtimer.cpp:271
#20 0x009f8704 in QObject::event (this=0x92f8d6c, e=0x9321b50) at kernel/qobject.cpp:1224
#21 0x032d219c in QApplicationPrivate::notify_helper (this=0x9053e08, receiver=0x92f8d6c, e=0xbfe60030) at kernel/qapplication.cpp:4242
#22 0x032d8df7 in QApplication::notify (this=0xbfe668ac, receiver=0x92f8d6c, e=0xbfe60030) at kernel/qapplication.cpp:3661
#23 0x006a90fa in KApplication::notify (this=0xbfe668ac, receiver=0x92f8d6c, event=0xbfe60030) at ../../kdeui/kernel/kapplication.cpp:302
#24 0x009e7eab in QCoreApplication::notifyInternal (this=0xbfe668ac, receiver=0x92f8d6c, event=0xbfe60030) at kernel/qcoreapplication.cpp:704
#25 0x00a17286 in QCoreApplication::sendEvent (this=0x901f82c) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:215
#26 QTimerInfoList::activateTimers (this=0x901f82c) at kernel/qeventdispatcher_unix.cpp:603
#27 0x00a13f17 in timerSourceDispatch (source=0x901f868) at kernel/qeventdispatcher_glib.cpp:184
#28 idleTimerSourceDispatch (source=0x901f868) at kernel/qeventdispatcher_glib.cpp:231
#29 0x056d8e88 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#30 0x056dc730 in ?? () from /lib/libglib-2.0.so.0
#31 0x056dc863 in g_main_context_iteration () from /lib/libglib-2.0.so.0
#32 0x00a13bd5 in QEventDispatcherGlib::processEvents (this=0x9014640, flags=...) at kernel/qeventdispatcher_glib.cpp:407
#33 0x0338fb75 in QGuiEventDispatcherGlib::processEvents (this=0x9014640, flags=...) at kernel/qguieventdispatcher_glib.cpp:202
#34 0x009e64c9 in QEventLoop::processEvents (this=0xbfe602f4, flags=) at kernel/qeventloop.cpp:149
#35 0x009e691a in QEventLoop::exec (this=0xbfe602f4, flags=...) at kernel/qeventloop.cpp:201
#36 0x00c5e319 in KJob::exec (this=0xb149a40) at ../../kdecore/jobs/kjob.cpp:204
#37 0x010ed32e in ?? () from /usr/lib/libkmailprivate.so.4
#38 0x00f6061f in ?? () from /usr/lib/libkmailprivate.so.4
#39 0x00f76a11 in ?? () from /usr/lib/libkmailprivate.so.4
#40 0x00f6a6cb in ?? () from /usr/lib/libkmailprivate.so.4
#41 0x00f6a8b5 in ?? () from /usr/lib/libkmailprivate.so.4
#42 0x00f7a4b4 in ?? () from /usr/lib/libkmailprivate.so.4
#43 0x009ed11a in QMetaObject::metacall (object=0x9392028, cl=QMetaObject::InvokeMetaMethod, idx=33, argv=0xbfe65fdc) at kernel/qmetaobject.cpp:237
#44 0x009fb89b in QMetaObject::activate (sender=0x9392080, m=0xafc5a4, local_signal_index=0, argv=0x0) at kernel/qobject.cpp:3294
#45 0x00a4d1c7 in QTimer::timeout (this=0x9392080) at .moc/release-shared/moc_qtimer.cpp:134
#46 0x00a03b4e in QTimer::timerEvent (this=0x9392080, e=0xbfe664a0) at kernel/qtimer.cpp:271
#47 0x009f8704 in QObject::event (this=0x9392080, e=0x9321b50) at kernel/qobject.cpp:1224
#48 0x032d219c in QApplicationPrivate::notify_helper (this=0x9053e08, receiver=0x9392080, e=0xbfe664a0) at kernel/qapplication.cpp:4242
#49 0x032d8df7 in QApplication::notify (this=0xbfe668ac, receiver=0x9392080, e=0xbfe664a0) at kernel/qapplication.cpp:3661
#50 0x006a90fa in KApplication::notify (this=0xbfe668ac, receiver=0x9392080, event=0xbfe664a0) at ../../kdeui/kernel/kapplication.cpp:302
#51 0x009e7eab in QCoreApplication::notifyInternal (this=0xbfe668ac, receiver=0x9392080, event=0xbfe664a0) at kernel/qcoreapplication.cpp:704
#52 0x00a17286 in QCoreApplication::sendEvent (this=0x901f82c) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:215
#53 QTimerInfoList::activateTimers (this=0x901f82c) at kernel/qeventdispatcher_unix.cpp:603
#54 0x00a13f17 in timerSourceDispatch (source=0x901f868) at kernel/qeventdispatcher_glib.cpp:184
#55 idleTimerSourceDispatch (source=0x901f868) at kernel/qeventdispatcher_glib.cpp:231
#56 0x056d8e88 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#57 0x056dc730 in ?? () from /lib/libglib-2.0.so.0
#58 0x056dc863 in g_main_context_iteration () from /lib/libglib-2.0.so.0
#59 0x00a13bd5 in QEventDispatcherGlib::processEvents (this=0x9014640, flags=...) at kernel/qeventdispatcher_glib.cpp:407
#60 0x0338fb75 in QGuiEventDispatcherGlib::processEvents (this=0x9014640, flags=...) at kernel/qguieventdispatcher_glib.cpp:202
#61 0x009e64c9 in QEventLoop::processEvents (this=0xbfe66764, flags=) at kernel/qeventloop.cpp:149
#62 0x009e691a in QEventLoop::exec (this=0xbfe66764, flags=...) at kernel/qeventloop.cpp:201
#63 0x009eab0f in QCoreApplication::exec () at kernel/qcoreapplication.cpp:981
#64 0x032d2237 in QApplication::exec () at kernel/qapplication.cpp:3570
#65 0x0804abae in _start ()

Possible duplicates by query: bug 168938.

Reported using DrKonqi
Comment 1 Diederik van der Boor 2010-02-03 22:20:28 UTC 
Created attachment 40511 [details]
New crash information added by DrKonqi

I was deleting emails from a IMAP mailbox, when this happened as well.
Comment 2 Björn Ruberg 2010-03-14 00:53:49 UTC 
*** Bug 229938 has been marked as a duplicate of this bug. ***
Comment 3 Alex Wright 2010-03-18 20:00:40 UTC 
Created attachment 41746 [details]
New crash information added by DrKonqi

I was deleting a large number of emails from an IMAP account.
Comment 4 Christophe Marin 2010-03-26 00:26:02 UTC 
*** Bug 232152 has been marked as a duplicate of this bug. ***
Comment 5 Christophe Marin 2010-03-26 00:26:22 UTC 
*** Bug 231086 has been marked as a duplicate of this bug. ***
Comment 6 Christophe Marin 2010-06-06 17:42:23 UTC 
*** Bug 238828 has been marked as a duplicate of this bug. ***
Comment 7 rapsys 2010-06-12 17:40:11 UTC 
Created attachment 47950 [details]
New crash information added by DrKonqi

I Was filtering a various mail thread (with unread and read message) to move them in a dimap subdirectory of my mailbox.

There may have been race condition with auto-fetch of messages ?

This bug happenned 4 time in a row (not on the same messages each time).
Comment 8 Nicolas L. 2010-08-10 11:07:22 UTC 
*** Bug 247163 has been marked as a duplicate of this bug. ***
Comment 9 Christophe Marin 2010-10-13 14:43:35 UTC 
*** Bug 253823 has been marked as a duplicate of this bug. ***
Comment 10 Dario Andres 2010-11-17 19:31:43 UTC 
[Comment from a bug triager]
Bug 223245 looks like this. I wonder if they could be related / the same.
Comment 11 Dario Andres 2010-11-18 17:56:52 UTC 
[Comment from a bug triager]
From bug 253164:
-- Information about the crash:
I was moving a thread of messages I'd accidentally deleted back to a DIMAP
folder from the local trash when I got the crash.
kmail process was still active, but no U/I.  I had to kill -9 the process to
get it to go away.
After restarting kmail, the messages were moved successfully, so the crash was
after the move.

Updated backtrace (KDE SC 4.4.2):
Thread 1 (Thread 0xb7845780 (LWP 1907)):
[KCrash Handler]
#6  0x014e4eda in MessageList::Core::Item::parent (this=0xbf94c0e4) at
../../messagelist/core/item.cpp:417
#7  0x027b7c42 in QModelIndex::parent (this=0x93ae3b8, index=...) at
../../include/QtCore/../../src/corelib/kernel/qabstractitemmodel.h:389
#8  QTreeView::indexRowSizeHint (this=0x93ae3b8, index=...) at
itemviews/qtreeview.cpp:2817
#9  0x027b8499 in QTreeViewPrivate::itemHeight (this=0x94ae958, item=1) at
itemviews/qtreeview.cpp:3238
#10 0x027b8738 in QTreeViewPrivate::updateScrollBars (this=0x94ae958) at
itemviews/qtreeview.cpp:3483
#11 0x027b8aa5 in QTreeView::updateGeometries (this=0x93ae3b8) at
itemviews/qtreeview.cpp:2745
#12 0x01521a56 in MessageList::Core::View::updateGeometries (this=0x0) at
../../messagelist/core/view.cpp:179
#13 0x01501ed4 in MessageList::Core::ModelPrivate::viewItemJobStepInternal
(this=0x93c4e90) at ../../messagelist/core/model.cpp:3848
#14 0x015026fe in MessageList::Core::ModelPrivate::viewItemJobStep
(this=0x93c4e90) at ../../messagelist/core/model.cpp:3965
Comment 12 Dario Andres 2010-11-18 17:57:02 UTC 
*** Bug 253164 has been marked as a duplicate of this bug. ***
Comment 13 David Faure 2010-12-24 18:20:45 UTC 
This looks very much like the QTreeView crash I just fixed in Qt.
http://bugreports.qt.nokia.com/browse/QTBUG-16292


For bug triagers: any crash inside QTreeView::indexRowSizeHint where it uses a deleted index (so it could crash in either index.row() or index.parent() like here).
Comment 14 David Faure 2010-12-24 19:19:08 UTC 
*** Bug 260937 has been marked as a duplicate of this bug. ***
Comment 15 Dario Andres 2010-12-25 16:57:00 UTC 
[Comment from a bug triager]
Other mass crashes with the same functions involved: bug 257336, bug 223245.

@David: should this report be closed as UPSTREAM ? or only when the Qt issue is fixed and closed ?

Regards
Comment 16 David Faure 2011-01-11 21:40:31 UTC 
*** Bug 257336 has been marked as a duplicate of this bug. ***
Comment 17 Christophe Marin 2011-01-13 18:01:55 UTC 
*** Bug 263044 has been marked as a duplicate of this bug. ***
Comment 18 Myriam Schweingruber 2011-01-20 00:30:27 UTC 
*** Bug 260303 has been marked as a duplicate of this bug. ***
Comment 19 Christophe Marin 2011-01-30 00:08:34 UTC 
*** Bug 259959 has been marked as a duplicate of this bug. ***
Comment 20 Christophe Marin 2011-01-30 00:11:13 UTC 
*** Bug 256517 has been marked as a duplicate of this bug. ***
Comment 21 Christophe Marin 2011-01-30 00:13:09 UTC 
*** Bug 254659 has been marked as a duplicate of this bug. ***
Comment 22 Christophe Marin 2011-02-06 13:57:15 UTC 
*** Bug 265530 has been marked as a duplicate of this bug. ***
Comment 23 Christophe Marin 2011-02-14 10:50:25 UTC 
*** Bug 266198 has been marked as a duplicate of this bug. ***
Comment 24 Christophe Marin 2011-02-14 15:11:39 UTC 
*** Bug 260585 has been marked as a duplicate of this bug. ***
Comment 25 Christophe Marin 2011-02-14 15:11:55 UTC 
*** Bug 255995 has been marked as a duplicate of this bug. ***
Comment 26 David Faure 2011-02-15 16:19:51 UTC 
Qt fix committed upstream, for Qt-4.7.3, according to QTBUG-16292.
Comment 27 Christophe Marin 2011-04-07 15:48:41 UTC 
*** Bug 260910 has been marked as a duplicate of this bug. ***
Comment 28 Christophe Marin 2011-04-08 14:54:52 UTC 
*** Bug 223245 has been marked as a duplicate of this bug. ***
Comment 29 fairy._.queen 2011-05-08 01:32:14 UTC 
Created attachment 59752 [details]
New crash information added by DrKonqi

KMail crashed twice while deleting several mail with the "canc" key. I think it will do it again if i repeat the action, despite the bug being tagged as "solved".
Thank you for your help!
Comment 30 fairy._.queen 2011-05-08 02:00:31 UTC 
Created attachment 59753 [details]
New crash information added by DrKonqi

Tried to recreate the bug: deleting several unread messages always makes KMail crash.
I'm using Kubuntu Lucid Lynx LTS
Comment 31 Christophe Marin 2011-05-08 02:31:23 UTC 
your backtrace mentions 'Qt Version: 4.6.2'

Note that the fix is in Qt 4.7.3
Comment 32 fairy._.queen 2011-05-09 01:51:29 UTC 
(In reply to comment #31)
> your backtrace mentions 'Qt Version: 4.6.2'
> 
> Note that the fix is in Qt 4.7.3

Will the fix be in the LTS as well?
Thanks for your great job! (and sorry if the question is stupid)
Comment 33 Christophe Marin 2011-05-10 10:20:13 UTC 
ah, correction, the bug is marked as fixed in Qt 4.7.4

You can ask your distribution to backport the fix to their current Qt package. Just ask them to read http://bugreports.qt.nokia.com/browse/QTBUG-16292

(note, Opensuse already has it)
Comment 34 Christophe Marin 2011-07-09 09:28:44 UTC 
*** Bug 277382 has been marked as a duplicate of this bug. ***
Comment 35 Christophe Marin 2011-08-28 14:55:26 UTC 
*** Bug 280403 has been marked as a duplicate of this bug. ***
Comment 36 Christophe Marin 2011-08-28 14:55:56 UTC 
*** Bug 280385 has been marked as a duplicate of this bug. ***
Comment 37 Christophe Marin 2011-08-28 14:56:08 UTC 
*** Bug 279717 has been marked as a duplicate of this bug. ***