Bug 361105

Summary: Dolphin Crash After Changing Directory
Product: [Applications] dolphin Reporter: Keren Sky <keren_sky>
Component: generalAssignee: Dolphin Bug Assignee <dolphin-bugs-null>
Status: RESOLVED UPSTREAM    
Severity: crash CC: henry.hu.sh, mail
Priority: NOR Keywords: drkonqi
Version First Reported In: 16.12.2   
Target Milestone: ---   
Platform: FreeBSD Ports   
OS: FreeBSD   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description Keren Sky 2016-03-28 17:19:21 UTC 
Application: dolphin (16.03.80)

Qt Version: 5.5.1
Frameworks Version: 5.20.0
Operating System: FreeBSD 10.3-PRERELEASE amd64
Distribution (Platform): FreeBSD Ports

-- Information about the crash:
- What I was doing when the application crashed:
Viewing the contents of the /usr/local/include  dir. Dolphin had been open for an hour or so previously. 

Custon settings: 
I have "export QT_QPA_PLATFORMTHEME=qt5ct" in my ~/.zshrc file.

The crash can be reproduced every time.

-- Backtrace:
Application: Dolphin (dolphin), signal: Segmentation fault
[New LWP 100426 of process 81565]
[New LWP 100424 of process 81565]
[New LWP 100423 of process 81565]
[New LWP 100503 of process 81565]
[Switching to LWP 101430 of process 81565]
0x000000080a48912c in ?? () from /lib/libthr.so.3
[Current thread is 1 (LWP 101430 of process 81565)]

Thread 5 (LWP 100503 of process 81565):
#0  0x0000000807c6cbba in _nanosleep () from /lib/libc.so.7
#1  0x000000080a47fc3c in ?? () from /lib/libthr.so.3
#2  0x0000000807bf33eb in sleep () from /lib/libc.so.7
#3  0x000000080101df4a in ?? () from /usr/local/lib/libKF5Crash.so.5
#4  0x000000080101d880 in KCrash::defaultCrashHandler(int) () from /usr/local/lib/libKF5Crash.so.5
#5  0x000000080a482b3a in ?? () from /lib/libthr.so.3
#6  0x000000080a48221c in ?? () from /lib/libthr.so.3
#7  <signal handler called>
#8  0x00000008071a3457 in ?? () from /usr/local/lib/libQt5Core.so.5
#9  0x00000008071a41f3 in QProcess::~QProcess() () from /usr/local/lib/libQt5Core.so.5
#10 0x00000008071a400e in QProcess::~QProcess() () from /usr/local/lib/libQt5Core.so.5
#11 0x0000000807271d13 in QObjectPrivate::deleteChildren() () from /usr/local/lib/libQt5Core.so.5
#12 0x0000000807271b1d in QObject::~QObject() () from /usr/local/lib/libQt5Core.so.5
#13 0x00000008053b25c2 in KJob::~KJob() () from /usr/local/lib/libKF5CoreAddons.so.5
#14 0x00000008017a925c in ?? () from /usr/local/lib/libKF5BalooWidgets.so.5
#15 0x00000008017a91ae in ?? () from /usr/local/lib/libKF5BalooWidgets.so.5
#16 0x0000000807271d13 in QObjectPrivate::deleteChildren() () from /usr/local/lib/libQt5Core.so.5
#17 0x0000000807271b1d in QObject::~QObject() () from /usr/local/lib/libQt5Core.so.5
#18 0x00000008017a6692 in ?? () from /usr/local/lib/libKF5BalooWidgets.so.5
#19 0x00000008017a659e in ?? () from /usr/local/lib/libKF5BalooWidgets.so.5
#20 0x0000000807271d13 in QObjectPrivate::deleteChildren() () from /usr/local/lib/libQt5Core.so.5
#21 0x00000008061992e1 in QWidget::~QWidget() () from /usr/local/lib/libQt5Widgets.so.5
#22 0x00000008017a1a8f in Baloo::FileMetaDataWidget::~FileMetaDataWidget() () from /usr/local/lib/libKF5BalooWidgets.so.5
#23 0x00000008017a199e in Baloo::FileMetaDataWidget::~FileMetaDataWidget() () from /usr/local/lib/libKF5BalooWidgets.so.5
#24 0x0000000807271d13 in QObjectPrivate::deleteChildren() () from /usr/local/lib/libQt5Core.so.5
#25 0x00000008061992e1 in QWidget::~QWidget() () from /usr/local/lib/libQt5Widgets.so.5
#26 0x0000000800bca53e in ?? () from /usr/local/lib/libdolphinprivate.so.5
#27 0x000000080727260c in QObject::event(QEvent*) () from /usr/local/lib/libQt5Core.so.5
#28 0x00000008061a9d1a in QWidget::event(QEvent*) () from /usr/local/lib/libQt5Widgets.so.5
#29 0x000000080616da5d in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/local/lib/libQt5Widgets.so.5
#30 0x00000008061712f0 in QApplication::notify(QObject*, QEvent*) () from /usr/local/lib/libQt5Widgets.so.5
#31 0x000000080724a0a0 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /usr/local/lib/libQt5Core.so.5
#32 0x0000000807299e38 in ?? () from /usr/local/lib/libQt5Core.so.5
#33 0x000000080d515458 in g_main_context_dispatch () from /usr/local/lib/libglib-2.0.so.0
#34 0x000000080d515794 in ?? () from /usr/local/lib/libglib-2.0.so.0
#35 0x000000080d515824 in g_main_context_iteration () from /usr/local/lib/libglib-2.0.so.0
#36 0x000000080729938b in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/lib/libQt5Core.so.5
#37 0x0000000807246bfd in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/lib/libQt5Core.so.5
#38 0x00000008072499a8 in QCoreApplication::exec() () from /usr/local/lib/libQt5Core.so.5
#39 0x0000000800883e0e in kdemain () from /usr/local/lib/libkdeinit5_dolphin.so
#40 0x0000000000400a6f in ?? ()
#41 0x0000000800622000 in ?? ()
#42 0x0000000000000000 in ?? ()

Thread 4 (LWP 100423 of process 81565):
#0  0x000000080a48912c in ?? () from /lib/libthr.so.3
#1  0x000000080a47f226 in ?? () from /lib/libthr.so.3
#2  0x000000080a48758e in ?? () from /lib/libthr.so.3
#3  0x000000081718890b in ?? () from /usr/local/lib/dri/r600_dri.so
#4  0x0000000817188a59 in ?? () from /usr/local/lib/dri/r600_dri.so
#5  0x000000080a47d835 in ?? () from /lib/libthr.so.3
#6  0x0000000000000000 in ?? ()
Backtrace stopped: Cannot access memory at address 0x7fffdfdfd000

Thread 3 (LWP 100424 of process 81565):
#0  0x0000000807cb707a in _kevent () from /lib/libc.so.7
#1  0x000000080a4802f2 in ?? () from /lib/libthr.so.3
#2  0x000000080b109b92 in ?? () from /usr/local/lib/libinotify.so.0
#3  0x000000080a47d835 in ?? () from /lib/libthr.so.3
#4  0x0000000000000000 in ?? ()
Backtrace stopped: Cannot access memory at address 0x7fffdfbfc000

Thread 2 (LWP 100426 of process 81565):
#0  0x0000000807cb70ba in _clock_gettime () from /lib/libc.so.7
#1  0x0000000807153316 in ?? () from /usr/local/lib/libQt5Core.so.5
#2  0x00000008072977c2 in QTimerInfoList::timerWait(timespec&) () from /usr/local/lib/libQt5Core.so.5
#3  0x0000000807299a1c in ?? () from /usr/local/lib/libQt5Core.so.5
#4  0x000000080d514d4c in g_main_context_prepare () from /usr/local/lib/libglib-2.0.so.0
#5  0x000000080d515689 in ?? () from /usr/local/lib/libglib-2.0.so.0
#6  0x000000080d515824 in g_main_context_iteration () from /usr/local/lib/libglib-2.0.so.0
#7  0x00000008072993ad in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/lib/libQt5Core.so.5
#8  0x0000000807246bfd in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/lib/libQt5Core.so.5
#9  0x00000008070a3be5 in QThread::exec() () from /usr/local/lib/libQt5Core.so.5
#10 0x00000008070a7766 in ?? () from /usr/local/lib/libQt5Core.so.5
#11 0x000000080a47d835 in ?? () from /lib/libthr.so.3
#12 0x0000000000000000 in ?? ()
Backtrace stopped: Cannot access memory at address 0x7fffdf9fb000

Thread 1 (LWP 101430 of process 81565):
#0  0x000000080a48912c in ?? () from /lib/libthr.so.3
#1  0x000000080a47f226 in ?? () from /lib/libthr.so.3
#2  0x000000080a4875ac in ?? () from /lib/libthr.so.3
#3  0x00000008070a8ba4 in ?? () from /usr/local/lib/libQt5Core.so.5
#4  0x00000008070a8979 in QWaitCondition::wait(QMutex*, unsigned long) () from /usr/local/lib/libQt5Core.so.5
#5  0x00000008070a4459 in ?? () from /usr/local/lib/libQt5Core.so.5
#6  0x00000008070a7766 in ?? () from /usr/local/lib/libQt5Core.so.5
#7  0x000000080a47d835 in ?? () from /lib/libthr.so.3
#8  0x0000000000000000 in ?? ()
Backtrace stopped: Cannot access memory at address 0x7fffdf3f8000

Possible duplicates by query: bug 361006, bug 360989, bug 360966, bug 360880, bug 360873.

Reported using DrKonqi
Comment 1 Henry Hu 2016-06-14 05:19:11 UTC 
This also happens for me, with Qt 5.5.1, dolphin 16.04.1, kde frameworks 5.22.0. I've investigated the bug a little. The direct cause of the crash is calling FD_SET with a large fd (>FD_SETSIZE, which defaults to 1024). This causes an out-of-bound access and modifies data on the stack, which leads to the crash. According to the man page, this behavior is undefined.
There are 2 places. First in QProcess (qprocess_unix.cpp, QProcessPrivate::waitForFinished). Another in QNativeSocketEngine (qnativesocketengine_unix.cpp, QNativeSocketEngine::nativeSelect). Both places can have out-of-bound access.
The real reason is that dolphin is using large number of file descriptors. I tried to increase FD_SETSIZE to 4096, but after some extensive usage of dolphin, the file descriptor count still grows past it.
In Qt 5.7 the select is replaced with poll, which should fix this problem. But the real problem is still there, dolphin should not open large number of files at the same time.
Comment 2 Julian Steinmann 2018-04-29 15:22:58 UTC 
@Henry: Great detective work! As Qt 5.7 has indeed been released since your comment, this should no longer happen (it did not for me). The problem that Dolphin uses a lot of file descriptors is obviously not fixed, but I don't think that we should track this here but rather open a new bug or create a task over at Phabricator. Therefore, I am going to close this bug as RESOLVED UPSTREAM. If you still experience such a crash even with Qt 5.7+, please reopen this report. Thanks again for the report & your investigations!