Bug 353049

Summary: Dolphin crashes when selecting multiple files
Product: [Applications] dolphin Reporter: Boudhayan Gupta <me>
Component: generalAssignee: Dolphin Bug Assignee <dolphin-bugs-null>
Status: RESOLVED FIXED    
Severity: crash CC: ht990332, rulatir
Priority: NOR    
Version: 16.12.2   
Target Milestone: ---   
Platform: Arch Linux   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Boudhayan Gupta 2015-09-22 17:06:09 UTC
Dolphin crashes whenever I select multiple files, with a segmentation fault. DrKonqi does not start up, no output from the terminal.

Reproducible: Always

Steps to Reproduce:
1. Open Dolphin
2. Select multiple files or folders

Actual Results:  
Dolphin crashes

Expected Results:  
Dolphin should not crash

$ gdb `which dolphin`                                                                                                      22:27:07 up 2 days, 11:58,  2 users,  load average: 1.80, 1.43, 0.92
GNU gdb (GDB) 7.10
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-unknown-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/bin/dolphin...(no debugging symbols found)...done.
(gdb) run
Starting program: /usr/bin/dolphin 
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
[New Thread 0x7fffe06d4700 (LWP 14772)]
[New Thread 0x7fffd4e04700 (LWP 14773)]
KSambaShare: Could not find smb.conf!

Program received signal SIGSEGV, Segmentation fault.
0x00007fffe8a21e30 in mdb_txn_begin () from /usr/lib/liblmdb.so
(gdb) bt
#0  0x00007fffe8a21e30 in mdb_txn_begin () from /usr/lib/liblmdb.so
#1  0x00007ffff557ee4c in Baloo::File::load() () from /usr/lib/libKF5Baloo.so.5
#2  0x00007ffff5b3b3be in ?? () from /usr/lib/libKF5BalooWidgets.so.5
#3  0x00007ffff1c39eb1 in QObject::event(QEvent*) () from /usr/lib/libQt5Core.so.5
#4  0x00007ffff2dd500c in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/libQt5Widgets.so.5
#5  0x00007ffff2dda4e6 in QApplication::notify(QObject*, QEvent*) () from /usr/lib/libQt5Widgets.so.5
#6  0x00007ffff1c0a89b in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib/libQt5Core.so.5
#7  0x00007ffff1c0cc96 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /usr/lib/libQt5Core.so.5
#8  0x00007ffff1c60e33 in ?? () from /usr/lib/libQt5Core.so.5
#9  0x00007fffec70d9fd in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#10 0x00007fffec70dce0 in ?? () from /usr/lib/libglib-2.0.so.0
#11 0x00007fffec70dd8c in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#12 0x00007ffff1c6123f in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQt5Core.so.5
#13 0x00007ffff1c0826a in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQt5Core.so.5
#14 0x00007ffff1c1020c in QCoreApplication::exec() () from /usr/lib/libQt5Core.so.5
#15 0x00007ffff7b5dd64 in kdemain () from /usr/lib/libkdeinit5_dolphin.so
#16 0x00007ffff777a610 in __libc_start_main () from /usr/lib/libc.so.6
#17 0x0000000000400779 in _start ()
(gdb) quit
A debugging session is active.

        Inferior 1 [process 14768] will be killed.

Quit anyway? (y or n) y
Comment 1 Boudhayan Gupta 2015-09-22 17:40:37 UTC
$ valgrind dolphin                                                                                                         23:07:58 up 2 days, 12:39,  2 users,  load average: 0.39, 0.52, 0.67
==15263== Memcheck, a memory error detector
==15263== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==15263== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info
==15263== Command: dolphin
==15263== 
KSambaShare: Could not find smb.conf!
==15263== Warning: set address range perms: large range [0x3a050000, 0x17a050000) (defined)
==15263== Invalid read of size 4
==15263==    at 0x13FDFE30: mdb_txn_begin (in /usr/lib/liblmdb.so)
==15263==    by 0x748BE4B: Baloo::File::load() (in /usr/lib/libKF5Baloo.so.5.14.0)
==15263==    by 0x6EEE3BD: ??? (in /usr/lib/libKF5BalooWidgets.so.5.0.0)
==15263==    by 0xAE7AEB0: QObject::event(QEvent*) (in /usr/lib/libQt5Core.so.5.5.0)
==15263==    by 0x987B00B: QApplicationPrivate::notify_helper(QObject*, QEvent*) (in /usr/lib/libQt5Widgets.so.5.5.0)
==15263==    by 0x98804E5: QApplication::notify(QObject*, QEvent*) (in /usr/lib/libQt5Widgets.so.5.5.0)
==15263==    by 0xAE4B89A: QCoreApplication::notifyInternal(QObject*, QEvent*) (in /usr/lib/libQt5Core.so.5.5.0)
==15263==    by 0xAE4DC95: QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (in /usr/lib/libQt5Core.so.5.5.0)
==15263==    by 0xAEA1E32: ??? (in /usr/lib/libQt5Core.so.5.5.0)
==15263==    by 0x102839FC: g_main_context_dispatch (in /usr/lib/libglib-2.0.so.0.4400.1)
==15263==    by 0x10283CDF: ??? (in /usr/lib/libglib-2.0.so.0.4400.1)
==15263==    by 0x10283D8B: g_main_context_iteration (in /usr/lib/libglib-2.0.so.0.4400.1)
==15263==  Address 0xc is not stack'd, malloc'd or (recently) free'd
==15263== 
==15263== 
==15263== Process terminating with default action of signal 11 (SIGSEGV)
==15263==  Access not within mapped region at address 0xC
==15263==    at 0x13FDFE30: mdb_txn_begin (in /usr/lib/liblmdb.so)
==15263==    by 0x748BE4B: Baloo::File::load() (in /usr/lib/libKF5Baloo.so.5.14.0)
==15263==    by 0x6EEE3BD: ??? (in /usr/lib/libKF5BalooWidgets.so.5.0.0)
==15263==    by 0xAE7AEB0: QObject::event(QEvent*) (in /usr/lib/libQt5Core.so.5.5.0)
==15263==    by 0x987B00B: QApplicationPrivate::notify_helper(QObject*, QEvent*) (in /usr/lib/libQt5Widgets.so.5.5.0)
==15263==    by 0x98804E5: QApplication::notify(QObject*, QEvent*) (in /usr/lib/libQt5Widgets.so.5.5.0)
==15263==    by 0xAE4B89A: QCoreApplication::notifyInternal(QObject*, QEvent*) (in /usr/lib/libQt5Core.so.5.5.0)
==15263==    by 0xAE4DC95: QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (in /usr/lib/libQt5Core.so.5.5.0)
==15263==    by 0xAEA1E32: ??? (in /usr/lib/libQt5Core.so.5.5.0)
==15263==    by 0x102839FC: g_main_context_dispatch (in /usr/lib/libglib-2.0.so.0.4400.1)
==15263==    by 0x10283CDF: ??? (in /usr/lib/libglib-2.0.so.0.4400.1)
==15263==    by 0x10283D8B: g_main_context_iteration (in /usr/lib/libglib-2.0.so.0.4400.1)
==15263==  If you believe this happened as a result of a stack
==15263==  overflow in your program's main thread (unlikely but
==15263==  possible), you can try to increase the size of the
==15263==  main thread stack using the --main-stacksize= flag.
==15263==  The main thread stack size used in this run was 8388608.
==15263== 
==15263== HEAP SUMMARY:
==15263==     in use at exit: 13,118,354 bytes in 58,020 blocks
==15263==   total heap usage: 582,381 allocs, 524,361 frees, 170,426,641 bytes allocated
==15263== 
==15263== LEAK SUMMARY:
==15263==    definitely lost: 1,016 bytes in 3 blocks
==15263==    indirectly lost: 2,104,414 bytes in 47 blocks
==15263==      possibly lost: 5,005,683 bytes in 6,866 blocks
==15263==    still reachable: 6,007,241 bytes in 51,104 blocks
==15263==         suppressed: 0 bytes in 0 blocks
==15263== Rerun with --leak-check=full to see details of leaked memory
==15263== 
==15263== For counts of detected and suppressed errors, rerun with: -v
==15263== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
[1]    15263 killed     valgrind dolphin
Comment 2 Boudhayan Gupta 2015-09-22 17:53:08 UTC
More information:
Crash happens when Baloo is disabled, does not happen when Baloo is enabled.
Comment 3 Boudhayan Gupta 2015-09-22 18:17:35 UTC
#0  0x00007fffee3e6e20 in mdb_txn_begin () from /usr/lib/liblmdb.so
#1  0x00007ffff66ce2fc in Baloo::File::load (this=this@entry=0x7fffffffd8d0) at /home/armin/src/baloo/src/lib/file.cpp:108
#2  0x00007ffff690d21e in Baloo::FileFetchJob::doStart (this=0xe2ac90) at /home/armin/src/baloo-widgets-15.08.1/src/filefetchjob.cpp:58
#3  0x00007ffff048cfd1 in QObject::event (this=0xe2ac90, e=<optimized out>) at kernel/qobject.cpp:1246
#4  0x00007ffff184bffc in QApplicationPrivate::notify_helper (this=this@entry=0x6294b0, receiver=receiver@entry=0xe2ac90, e=e@entry=0xe8ee70)
    at kernel/qapplication.cpp:3717
#5  0x00007ffff1851486 in QApplication::notify (this=0x7fffffffdfe0, receiver=0xe2ac90, e=0xe8ee70) at kernel/qapplication.cpp:3500
#6  0x00007ffff045d80b in QCoreApplication::notifyInternal (this=0x7fffffffdfe0, receiver=0xe2ac90, event=event@entry=0xe8ee70)
    at kernel/qcoreapplication.cpp:965
#7  0x00007ffff045fc56 in QCoreApplication::sendEvent (event=0xe8ee70, receiver=<optimized out>)
    at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:224
#8  QCoreApplicationPrivate::sendPostedEvents (receiver=receiver@entry=0x0, event_type=event_type@entry=0, data=0x61dc00)
    at kernel/qcoreapplication.cpp:1593
#9  0x00007ffff0460138 in QCoreApplication::sendPostedEvents (receiver=receiver@entry=0x0, event_type=event_type@entry=0)
    at kernel/qcoreapplication.cpp:1451
#10 0x00007ffff04b4443 in postEventSourceDispatch (s=0x663a30) at kernel/qeventdispatcher_glib.cpp:271
#11 0x00007fffe984fa77 in g_main_dispatch (context=0x7fffd80016f0) at gmain.c:3154
#12 g_main_context_dispatch (context=context@entry=0x7fffd80016f0) at gmain.c:3769
#13 0x00007fffe984fcd0 in g_main_context_iterate (context=context@entry=0x7fffd80016f0, block=block@entry=1, dispatch=dispatch@entry=1, 
    self=<optimized out>) at gmain.c:3840
#14 0x00007fffe984fd7c in g_main_context_iteration (context=0x7fffd80016f0, may_block=may_block@entry=1) at gmain.c:3901
#15 0x00007ffff04b484f in QEventDispatcherGlib::processEvents (this=0x620d50, flags=...) at kernel/qeventdispatcher_glib.cpp:418
#16 0x00007ffff045b1ba in QEventLoop::exec (this=this@entry=0x7fffffffdea0, flags=..., flags@entry=...) at kernel/qeventloop.cpp:204
#17 0x00007ffff046324c in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1229
#18 0x00007ffff7b5dda4 in kdemain () from /usr/lib/libkdeinit5_dolphin.so
#19 0x00007fffef5ab5e0 in __libc_start_main (main=0x400a50 <main>, argc=1, argv=0x7fffffffe168, init=<optimized out>, fini=<optimized out>, 
    rtld_fini=<optimized out>, stack_end=0x7fffffffe158) at libc-start.c:289
#20 0x0000000000400a89 in _start ()
Comment 4 Boudhayan Gupta 2015-09-22 18:58:33 UTC
Git commit 29fe68f2657df503926e629477a41f7d9435048f by Boudhayan Gupta.
Committed on 22/09/2015 at 18:55.
Pushed by bgupta into branch 'master'.

Fail Baloo::File::load() if the Database is not open.
Fixes crash if selecting multiple files in Dolphin with
Baloo disabled.
REVIEW: 125352

M  +4    -0    src/lib/file.cpp

http://commits.kde.org/baloo/29fe68f2657df503926e629477a41f7d9435048f
Comment 5 Hussam Al-Tayeb 2015-09-22 20:05:58 UTC
(In reply to Boudhayan Gupta from comment #0)
> Dolphin crashes whenever I select multiple files, with a segmentation fault.
> DrKonqi does not start up, no output from the terminal.
Why doesn't drkonqi start for dolphin crashes by the way? It does for other applications.
Comment 6 Szczepan Hołyszewski 2015-11-12 15:06:18 UTC
[rulatir@tytan ~]$ pacman -Qi baloo
Nazwa          : baloo
Wersja         : 5.15.0-1

The fix didn't make it into KF 5.15?
Comment 7 Boudhayan Gupta 2015-11-12 16:43:26 UTC
(In reply to Szczepan Hołyszewski from comment #6)
> [rulatir@tytan ~]$ pacman -Qi baloo
> Nazwa          : baloo
> Wersja         : 5.15.0-1
> 
> The fix didn't make it into KF 5.15?

Yes it did. The fix was committed directly to master.

I'm seeing another random crash in both Dolphin and KRunner that traces back to Baloo::Query (so it's not this bug), but I can't consistently reproduce the crash (I do have one backtrace though). If you're crashing in Baloo:Query (with a bunch of ThreadWeaver threads thrown in here and there as evidenced by DrKonqi), please open a new bug with the stacktrace (with debug symbols if possible) and I'll get right on it.
Comment 8 Szczepan Hołyszewski 2015-11-12 17:13:16 UTC
I don't know if my crash is in the Baloo::Query, but it is very likely given that a workaround for one of the similar crashes has worked for me: temporarily enable desktop search and then re-disable it.

However the actual problem lies elsewhere: it is in the fact that even though I have disabled desktop search, Dolphin somehow gets the idea that THIS ABOMINATION NAMED BALOO even exists. Users who disable desktop search should never be affected by any bugs in the components that provide desktop search functionality.