Bug 331724

Summary: (frameworks) Crash on close [Konsole::StackedViewContainer::removeViewWidget, QStackedWidget::indexOf]
Product: [Applications] konsole Reporter: Kevin Funk <kfunk>
Component: generalAssignee: Konsole Developer <konsole-devel>
Status: RESOLVED FIXED    
Severity: crash CC: agateau, asturm, hein, mail
Priority: NOR    
Version: 2.99.900   
Target Milestone: ---   
Platform: unspecified   
OS: Linux   
URL: https://git.reviewboard.kde.org/r/118839/
Latest Commit: http://commits.kde.org/konsole/dd1b2b4df04f13bb2a9f3bcef106dc3604c5fc1a Version Fixed In:
Sentry Crash Report:

Description Kevin Funk 2014-03-04 09:43:42 UTC 
Note: Using konsole from 'frameworks' branch

Backtrace (reduced):
#0  0x000000000261f4f0 in ?? ()
#1  0x00007ffff794fd32 in QStackedWidget::indexOf (this=0x2607310, widget=0x2620410) at /home/krf/devel/src/qt5/qtbase/src/widgets/widgets/qstackedwidget.cpp:261
#2  0x00007fffda982f7f in Konsole::StackedViewContainer::removeViewWidget (this=0x26191b0, view=0x2620410) at /home/krf/devel/src/kf5/konsole/src/ViewContainer.cpp:757
#3  0x00007fffda9802a0 in Konsole::ViewContainer::viewDestroyed (this=0x26191b0, object=0x2620410) at /home/krf/devel/src/kf5/konsole/src/ViewContainer.cpp:167
#4  0x00007fffda9a0947 in Konsole::ViewContainer::qt_static_metacall (_o=0x26191b0, _c=QMetaObject::InvokeMetaMethod, _id=8, _a=0x7fffffffbf50) at /home/krf/devel/build/kf5/konsole/src/moc_ViewContainer.cpp:125
#5  0x00007ffff6cc417e in QMetaObject::activate (sender=0x2620410, signalOffset=0, local_signal_index=0, argv=0x7fffffffbf50) at /home/krf/devel/src/qt5/qtbase/src/corelib/kernel/qobject.cpp:3569
#6  0x00007ffff6cc395a in QMetaObject::activate (sender=0x2620410, m=0x40b300 <QObject::staticMetaObject>, local_signal_index=0, argv=0x7fffffffbf50) at /home/krf/devel/src/qt5/qtbase/src/corelib/kernel/qobject.cpp:3444
#7  0x00007ffff6cc6d99 in QObject::destroyed (this=0x2620410, _t1=0x2620410) at .moc/moc_qobject.cpp:202
#8  0x00007ffff7780b92 in QWidget::~QWidget (this=0x2620410, __in_chrg=<optimized out>) at /home/krf/devel/src/qt5/qtbase/src/widgets/kernel/qwidget.cpp:1457
#9  0x00007fffda9719b7 in Konsole::TerminalDisplay::~TerminalDisplay (this=0x2620410, __in_chrg=<optimized out>) at /home/krf/devel/src/kf5/konsole/src/TerminalDisplay.cpp:416
#10 0x00007fffda9719f0 in Konsole::TerminalDisplay::~TerminalDisplay (this=0x2620410, __in_chrg=<optimized out>) at /home/krf/devel/src/kf5/konsole/src/TerminalDisplay.cpp:426
#11 0x00007ffff6cbece6 in QObjectPrivate::deleteChildren (this=0x26198f0) at /home/krf/devel/src/qt5/qtbase/src/corelib/kernel/qobject.cpp:1841
#12 0x00007ffff7780c4d in QWidget::~QWidget (this=0x2607310, __in_chrg=<optimized out>) at /home/krf/devel/src/qt5/qtbase/src/widgets/kernel/qwidget.cpp:1486
#13 0x00007ffff78e10d4 in QFrame::~QFrame (this=0x2607310, __in_chrg=<optimized out>) at /home/krf/devel/src/qt5/qtbase/src/widgets/widgets/qframe.cpp:217
#14 0x00007ffff794fad2 in QStackedWidget::~QStackedWidget (this=0x2607310, __in_chrg=<optimized out>) at /home/krf/devel/src/qt5/qtbase/src/widgets/widgets/qstackedwidget.cpp:149
#15 0x00007ffff794fb08 in QStackedWidget::~QStackedWidget (this=0x2607310, __in_chrg=<optimized out>) at /home/krf/devel/src/qt5/qtbase/src/widgets/widgets/qstackedwidget.cpp:151
#16 0x00007ffff6cbece6 in QObjectPrivate::deleteChildren (this=0x2619720) at /home/krf/devel/src/qt5/qtbase/src/corelib/kernel/qobject.cpp:1841
#17 0x00007ffff7780c4d in QWidget::~QWidget (this=0x260ac30, __in_chrg=<optimized out>) at /home/krf/devel/src/qt5/qtbase/src/widgets/kernel/qwidget.cpp:1486
#18 0x00007ffff7780d5a in QWidget::~QWidget (this=0x260ac30, __in_chrg=<optimized out>) at /home/krf/devel/src/qt5/qtbase/src/widgets/kernel/qwidget.cpp:1506
#19 0x00007ffff6cbece6 in QObjectPrivate::deleteChildren (this=0x25f2040) at /home/krf/devel/src/qt5/qtbase/src/corelib/kernel/qobject.cpp:1841
#20 0x00007ffff7780c4d in QWidget::~QWidget (this=0x25f1ff0, __in_chrg=<optimized out>) at /home/krf/devel/src/qt5/qtbase/src/widgets/kernel/qwidget.cpp:1486
#21 0x00007ffff78e10d4 in QFrame::~QFrame (this=0x25f1ff0, __in_chrg=<optimized out>) at /home/krf/devel/src/qt5/qtbase/src/widgets/widgets/qframe.cpp:217
#22 0x00007ffff794c990 in QSplitter::~QSplitter (this=0x25f1ff0, __in_chrg=<optimized out>) at /home/krf/devel/src/qt5/qtbase/src/widgets/widgets/qsplitter.cpp:968
#23 0x00007fffda9a5a49 in Konsole::ViewSplitter::~ViewSplitter (this=0x25f1ff0, __in_chrg=<optimized out>) at /home/krf/devel/build/kf5/konsole/src/../../../../src/kf5/konsole/src/ViewSplitter.h:47
#24 0x00007fffda9a5a82 in Konsole::ViewSplitter::~ViewSplitter (this=0x25f1ff0, __in_chrg=<optimized out>) at /home/krf/devel/build/kf5/konsole/src/../../../../src/kf5/konsole/src/ViewSplitter.h:47
#25 0x00007ffff55e8663 in KParts::Part::~Part (this=0x25f0560, __vtt_parm=0x7fffdaa2c6f0 <VTT for Konsole::Part+16>, __in_chrg=<optimized out>) at /home/krf/devel/src/kf5/frameworks/kparts/src/part.cpp:65
#26 0x00007ffff55ea7d4 in KParts::ReadOnlyPart::~ReadOnlyPart (this=0x25f0560, __vtt_parm=0x7fffdaa2c6e8 <VTT for Konsole::Part+8>, __in_chrg=<optimized out>) at /home/krf/devel/src/kf5/frameworks/kparts/src/readonlypart.cpp:51
#27 0x00007fffdaa24194 in Konsole::Part::~Part (this=0x25f0560, __in_chrg=<optimized out>, __vtt_parm=<optimized out>) at /home/krf/devel/src/kf5/konsole/src/Part.cpp:95
#28 0x00007fffdaa241fc in Konsole::Part::~Part (this=0x25f0560, __in_chrg=<optimized out>, __vtt_parm=<optimized out>) at /home/krf/devel/src/kf5/konsole/src/Part.cpp:98
#29 0x00007ffff6cbece6 in QObjectPrivate::deleteChildren (this=0x25f0c40) at /home/krf/devel/src/qt5/qtbase/src/corelib/kernel/qobject.cpp:1841
#30 0x00007ffff7780c4d in QWidget::~QWidget (this=0x25f0c00, __in_chrg=<optimized out>) at /home/krf/devel/src/qt5/qtbase/src/widgets/kernel/qwidget.cpp:1486
#31 0x00007fffdaa34b7d in KDevKonsoleView::~KDevKonsoleView (this=0x25f0c00, __in_chrg=<optimized out>) at /home/krf/devel/src/kf5/extragear/kdevelop/kdevplatform/plugins/konsole/kdevkonsoleview.cpp:115
#32 0x00007fffdaa34bb2 in KDevKonsoleView::~KDevKonsoleView (this=0x25f0c00, __in_chrg=<optimized out>) at /home/krf/devel/src/kf5/extragear/kdevelop/kdevplatform/plugins/konsole/kdevkonsoleview.cpp:118

Valgrind report:
==428== Invalid read of size 8
==428==    at 0x51E7D19: QStackedWidget::indexOf(QWidget*) const (qstackedwidget.cpp:261)
==428==    by 0x222D9F7E: Konsole::StackedViewContainer::removeViewWidget(QWidget*) (ViewContainer.cpp:757)
==428==    by 0x222D729F: Konsole::ViewContainer::viewDestroyed(QObject*) (ViewContainer.cpp:167)
==428==    by 0x222F7946: Konsole::ViewContainer::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (moc_ViewContainer.cpp:125)
==428==    by 0x600017D: QMetaObject::activate(QObject*, int, int, void**) (qobject.cpp:3569)
==428==    by 0x5FFF959: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (qobject.cpp:3444)
==428==    by 0x6002D98: QObject::destroyed(QObject*) (moc_qobject.cpp:202)
==428==    by 0x5018B91: QWidget::~QWidget() (qwidget.cpp:1457)
==428==    by 0x222C89B6: Konsole::TerminalDisplay::~TerminalDisplay() (TerminalDisplay.cpp:416)
==428==    by 0x222C89EF: Konsole::TerminalDisplay::~TerminalDisplay() (TerminalDisplay.cpp:426)
==428==    by 0x5FFACE5: QObjectPrivate::deleteChildren() (qobject.cpp:1841)
==428==    by 0x5018C4C: QWidget::~QWidget() (qwidget.cpp:1486)
==428==  Address 0x16c9d300 is 0 bytes inside a block of size 32 free'd
==428==    at 0x4C2BADC: operator delete(void*) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==428==    by 0x5010267: QStackedLayout::~QStackedLayout() (qstackedlayout.cpp:196)
==428==    by 0x5018813: QWidget::~QWidget() (qwidget.cpp:1389)
==428==    by 0x51790D3: QFrame::~QFrame() (qframe.cpp:217)
==428==    by 0x51E7AD1: QStackedWidget::~QStackedWidget() (qstackedwidget.cpp:149)
==428==    by 0x51E7B07: QStackedWidget::~QStackedWidget() (qstackedwidget.cpp:151)
==428==    by 0x5FFACE5: QObjectPrivate::deleteChildren() (qobject.cpp:1841)
==428==    by 0x5018C4C: QWidget::~QWidget() (qwidget.cpp:1486)
==428==    by 0x5018D59: QWidget::~QWidget() (qwidget.cpp:1506)
==428==    by 0x5FFACE5: QObjectPrivate::deleteChildren() (qobject.cpp:1841)
==428==    by 0x5018C4C: QWidget::~QWidget() (qwidget.cpp:1486)
==428==    by 0x51790D3: QFrame::~QFrame() (qframe.cpp:217)

Reproducible: Always

Steps to Reproduce:
1. Run shell-uicontrollertest in kdevplatform from frameworks branch
2.
3.
Comment 1 Kurt Hindenburg 2014-03-05 14:05:20 UTC 
Thanks, frameworks branch has a lot of issues ATM.  I'll check out shell-uicontrollertest.
Comment 2 Eike Hein 2014-05-16 16:17:22 UTC 
*** Bug 334339 has been marked as a duplicate of this bug. ***
Comment 3 Eike Hein 2014-05-16 16:18:08 UTC 
I keep seeing the same crash, and it's quite annoying.
Comment 4 Elias Probst 2014-05-16 18:00:41 UTC 
Same here.
Qt 5.3.0 RC
Everything KF5 related up-to-date from git.

BT is slightly different, but I think it's the same problem in the end:
Application: <application>Konsole</application> (konsole), signal: Segmentation fault
Using host libthread_db library "/lib64/libthread_db.so.1".
[KCrash Handler]
#6  0x0000000000000031 in ?? ()
#7  0x00007f61a9566a07 in Konsole::TabbedViewContainer::removeViewWidget (this=0xad3900, view=0xb84d70) at /var/tmp/portage/kde-base/konsole-9999/work/konsole-9999/src/ViewContainer.cpp:656
#8  0x00007f61a95691ca in Konsole::ViewContainer::viewDestroyed (this=0xad3900, object=<optimized out>) at /var/tmp/portage/kde-base/konsole-9999/work/konsole-9999/src/ViewContainer.cpp:167
#9  0x00007f61a6432232 in call (a=0x7fffb2b415a0, r=0xad3900, this=0xc76a80) at ../../include/QtCore/../../src/corelib/kernel/qobject_impl.h:132
#10 QMetaObject::activate (sender=sender@entry=0xb84d70, signalOffset=<optimized out>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7fffb2b415a0) at kernel/qobject.cpp:3666
#11 0x00007f61a64329c4 in QMetaObject::activate (sender=sender@entry=0xb84d70, m=m@entry=0x7f61a683fde0 <QObject::staticMetaObject>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7fffb2b415a0) at kernel/qobject.cpp:3546
#12 0x00007f61a6432adf in QObject::destroyed (this=this@entry=0xb84d70, _t1=_t1@entry=0xb84d70) at .moc/moc_qobject.cpp:202
#13 0x00007f61a70d8b34 in QWidget::~QWidget (this=0xb84d70, __in_chrg=<optimized out>) at kernel/qwidget.cpp:1461
#14 0x00007f61a955a4b9 in Konsole::TerminalDisplay::~TerminalDisplay (this=0xb84d70, __in_chrg=<optimized out>) at /var/tmp/portage/kde-base/konsole-9999/work/konsole-9999/src/TerminalDisplay.cpp:426
#15 0x00007f61a643127a in QObjectPrivate::deleteChildren (this=this@entry=0xa72810) at kernel/qobject.cpp:1935
#16 0x00007f61a70d8b95 in QWidget::~QWidget (this=0xb52d40, __in_chrg=<optimized out>) at kernel/qwidget.cpp:1490
#17 0x00007f61a72101c9 in QStackedWidget::~QStackedWidget (this=0xb52d40, __in_chrg=<optimized out>) at widgets/qstackedwidget.cpp:151
#18 0x00007f61a643127a in QObjectPrivate::deleteChildren (this=this@entry=0xa906a0) at kernel/qobject.cpp:1935
#19 0x00007f61a70d8b95 in QWidget::~QWidget (this=0xac98c0, __in_chrg=<optimized out>) at kernel/qwidget.cpp:1490
#20 0x00007f61a70d8d49 in QWidget::~QWidget (this=0xac98c0, __in_chrg=<optimized out>) at kernel/qwidget.cpp:1510
#21 0x00007f61a643127a in QObjectPrivate::deleteChildren (this=this@entry=0xb6a620) at kernel/qobject.cpp:1935
#22 0x00007f61a70d8b95 in QWidget::~QWidget (this=0xa5fb00, __in_chrg=<optimized out>) at kernel/qwidget.cpp:1490
#23 0x00007f61a958805a in ~ViewSplitter (this=0xa5fb00, __in_chrg=<optimized out>) at /var/tmp/portage/kde-base/konsole-9999/work/konsole-9999_build/src/../../konsole-9999/src/ViewSplitter.h:47
#24 Konsole::ViewSplitter::~ViewSplitter (this=0xa5fb00, __in_chrg=<optimized out>) at /var/tmp/portage/kde-base/konsole-9999/work/konsole-9999_build/src/../../konsole-9999/src/ViewSplitter.h:47
#25 0x00007f61a643127a in QObjectPrivate::deleteChildren (this=this@entry=0xb647d0) at kernel/qobject.cpp:1935
#26 0x00007f61a70d8b95 in QWidget::~QWidget (this=0xb6cb10, __in_chrg=<optimized out>) at kernel/qwidget.cpp:1490
#27 0x00007f61a70d8d49 in QWidget::~QWidget (this=0xb6cb10, __in_chrg=<optimized out>) at kernel/qwidget.cpp:1510
#28 0x00007f61a643127a in QObjectPrivate::deleteChildren (this=this@entry=0xb82580) at kernel/qobject.cpp:1935
#29 0x00007f61a70d8b95 in QWidget::~QWidget (this=0xac9d50, __in_chrg=<optimized out>) at kernel/qwidget.cpp:1490
#30 0x00007f61a9221e2f in KMainWindow::~KMainWindow (this=0xac9d50, __in_chrg=<optimized out>) at /var/tmp/portage/kde-frameworks/kxmlgui-9999/work/kxmlgui-9999/src/kmainwindow.cpp:331
#31 0x00007f61a9b9ff03 in ~MainWindow (this=0xac9d50, __in_chrg=<optimized out>, __vtt_parm=<optimized out>) at /var/tmp/portage/kde-base/konsole-9999/work/konsole-9999_build/src/../../konsole-9999/src/MainWindow.h:57
#32 Konsole::MainWindow::~MainWindow (this=0xac9d50, __in_chrg=<optimized out>, __vtt_parm=<optimized out>) at /var/tmp/portage/kde-base/konsole-9999/work/konsole-9999_build/src/../../konsole-9999/src/MainWindow.h:57
#33 0x00007f61a6436658 in QObject::event (this=this@entry=0xac9d50, e=e@entry=0xcc4b50) at kernel/qobject.cpp:1232
#34 0x00007f61a70d5171 in QWidget::event (this=this@entry=0xac9d50, event=event@entry=0xcc4b50) at kernel/qwidget.cpp:8367
#35 0x00007f61a71ce83b in QMainWindow::event (this=this@entry=0xac9d50, event=event@entry=0xcc4b50) at widgets/qmainwindow.cpp:1496
#36 0x00007f61a92221d7 in KMainWindow::event (this=this@entry=0xac9d50, ev=ev@entry=0xcc4b50) at /var/tmp/portage/kde-frameworks/kxmlgui-9999/work/kxmlgui-9999/src/kmainwindow.cpp:819
#37 0x00007f61a9258115 in KXmlGuiWindow::event (this=0xac9d50, ev=0xcc4b50) at /var/tmp/portage/kde-frameworks/kxmlgui-9999/work/kxmlgui-9999/src/kxmlguiwindow.cpp:118
#38 0x00007f61a709df0c in QApplicationPrivate::notify_helper (this=this@entry=0x8f9b30, receiver=receiver@entry=0xac9d50, e=e@entry=0xcc4b50) at kernel/qapplication.cpp:3500
#39 0x00007f61a709fc6e in QApplication::notify (this=0x7fffb2b42870, receiver=0xac9d50, e=0xcc4b50) at kernel/qapplication.cpp:3465
#40 0x00007f61a6402666 in QCoreApplication::notifyInternal (this=0x7fffb2b42870, receiver=receiver@entry=0xac9d50, event=event@entry=0xcc4b50) at kernel/qcoreapplication.cpp:935
#41 0x00007f61a6404ebe in sendEvent (event=0xcc4b50, receiver=0xac9d50) at kernel/qcoreapplication.h:237
#42 QCoreApplicationPrivate::sendPostedEvents (receiver=receiver@entry=0x0, event_type=event_type@entry=0, data=0x8ce190) at kernel/qcoreapplication.cpp:1539
#43 0x00007f61a6405508 in QCoreApplication::sendPostedEvents (receiver=receiver@entry=0x0, event_type=event_type@entry=0) at kernel/qcoreapplication.cpp:1397
#44 0x00007f61a645c533 in postEventSourceDispatch (s=s@entry=0x92ce80) at kernel/qeventdispatcher_glib.cpp:279
#45 0x00007f619fb85b75 in g_main_dispatch (context=0x7f6190002e00) at /var/tmp/portage/dev-libs/glib-2.38.2-r1/work/glib-2.38.2/glib/gmain.c:3066
#46 g_main_context_dispatch (context=context@entry=0x7f6190002e00) at /var/tmp/portage/dev-libs/glib-2.38.2-r1/work/glib-2.38.2/glib/gmain.c:3642
#47 0x00007f619fb85eb8 in g_main_context_iterate (context=context@entry=0x7f6190002e00, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at /var/tmp/portage/dev-libs/glib-2.38.2-r1/work/glib-2.38.2/glib/gmain.c:3713
#48 0x00007f619fb85f74 in g_main_context_iteration (context=0x7f6190002e00, may_block=1) at /var/tmp/portage/dev-libs/glib-2.38.2-r1/work/glib-2.38.2/glib/gmain.c:3774
#49 0x00007f61a645c98c in QEventDispatcherGlib::processEvents (this=0x931610, flags=...) at kernel/qeventdispatcher_glib.cpp:426
#50 0x00007f61a6400d8b in QEventLoop::exec (this=this@entry=0x7fffb2b42730, flags=..., flags@entry=...) at kernel/qeventloop.cpp:212
#51 0x00007f61a6408653 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1188
#52 0x00007f61a692d5ac in QGuiApplication::exec () at kernel/qguiapplication.cpp:1436
#53 0x00007f61a709c765 in QApplication::exec () at kernel/qapplication.cpp:2745
#54 0x00007f61a9b99bf9 in kdemain (argc=1, argv=0x7fffb2b429b8) at /var/tmp/portage/kde-base/konsole-9999/work/konsole-9999/src/main.cpp:92
#55 0x00007f61a97f1bf5 in __libc_start_main (main=0x400860 <main(int, char**)>, argc=1, ubp_av=0x7fffb2b429b8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffb2b429a8) at libc-start.c:258
#56 0x0000000000400891 in _start ()
Comment 5 Aurelien Gateau 2014-06-19 14:27:48 UTC 
Just filed a review request for that bug: https://git.reviewboard.kde.org/r/118839/
Comment 6 Aurelien Gateau 2014-06-20 12:04:49 UTC 
Git commit dd1b2b4df04f13bb2a9f3bcef106dc3604c5fc1a by Aurélien Gâteau.
Committed on 19/06/2014 at 14:24.
Pushed by gateau into branch 'frameworks'.

Fix crash on close

Move code responsible for 'forgetting' a view outside of code responding to the
TerminalDisplay deletion.

This avoids a loop like this:

~MainWindow
=> ~QStackedWidget
=> ~TerminalDisplay
=> QObject::destroyed
=> ViewContainer::viewDestroyed
=> ViewContainer::removeViewWidget
   - internal cleanup
   - try to remove TerminalDisplay from QStackedWidget which is being deleted and
crash

Instead the code now does:

~MainWindow
=> ~QStackedWidget
=> ~TerminalDisplay
=> QObject::destroyed
=> ViewContainer::viewDestroyed
=> ViewContainer::forgetView (does the internal clean up)

And if one tries to explicitly remove a view, sequence is:

ViewContainer::removeView
=> ViewContainer::forgetView
=> ViewContainer::removeViewWidget

The patch also removes ViewManager::focusActiveView() because it causes a crash
when closing a TerminalDisplay as it tries to put the focus on the deleted
TerminalDisplay. I initially called it through a queued connection, but realized
it is actually not needed for focus to be passed to the correct view, so just
removed it.
REVIEW: 118839

M  +15   -29   src/ViewContainer.cpp
M  +3    -0    src/ViewContainer.h
M  +0    -20   src/ViewManager.cpp
M  +0    -1    src/ViewManager.h
M  +7    -2    src/ViewSplitter.cpp

http://commits.kde.org/konsole/dd1b2b4df04f13bb2a9f3bcef106dc3604c5fc1a