Bug 368300

Summary: Kate crashes when closing tabs having split vertical view.
Product: [Applications] kate Reporter: Tony <jodr666>
Component: generalAssignee: KWrite Developers <kwrite-bugs-null>
Status: RESOLVED DUPLICATE    
Severity: crash Keywords: drkonqi
Priority: NOR    
Version First Reported In: Git   
Target Milestone: ---   
Platform: Neon   
OS: Linux   
Latest Commit: http://commits.kde.org/kate/a4ff0af8075d004647b62cff8b9c16b46e235120 Version Fixed/Implemented In: 16.08.2
Sentry Crash Report:

Description Tony 2016-09-05 20:47:53 UTC 
Application: kate (16.11.0)

Qt Version: 5.7.0
Frameworks Version: 5.25.0
Operating System: Linux 4.4.0-36-generic x86_64
Distribution: KDE neon User Edition 5.7

-- Information about the crash:
- What I was doing when the application crashed:

I hit shift+ctrl+L, opened a file on the left side pane, moved to the right side pane and opened a new one. This one opens in  new tab on the right side.
Now close the tabs, and keep closing them even if there is no file open enymore.

Kate will crash.

Kate version 16.11.0
Frameworks 5.25.0
Qt 5.7.0
KDE Neon

The crash can be reproduced every time.

-- Backtrace:
Application: Kate (kate), signal: Segmentation fault
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[Current thread is 1 (Thread 0x7f3ac6196900 (LWP 3609))]

Thread 2 (Thread 0x7f3aa7df2700 (LWP 3611)):
#0  0x00007f3abc8ed2a4 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#1  0x00007f3abc8ed4ac in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007f3ac1fbd23b in QEventDispatcherGlib::processEvents (this=0x7f3aa00008c0, flags=...) at kernel/qeventdispatcher_glib.cpp:425
#3  0x00007f3ac1f67cea in QEventLoop::exec (this=this@entry=0x7f3aa7df1c90, flags=..., flags@entry=...) at kernel/qeventloop.cpp:210
#4  0x00007f3ac1d8cfb4 in QThread::exec (this=this@entry=0x7f3ac6314d60 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at thread/qthread.cpp:507
#5  0x00007f3ac62a07a5 in QDBusConnectionManager::run (this=0x7f3ac6314d60 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at qdbusconnection.cpp:196
#6  0x00007f3ac1d91b98 in QThreadPrivate::start (arg=0x7f3ac6314d60 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at thread/qthread_unix.cpp:344
#7  0x00007f3abe7ca6fa in start_thread (arg=0x7f3aa7df2700) at pthread_create.c:333
#8  0x00007f3ac1381b5d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Thread 1 (Thread 0x7f3ac6196900 (LWP 3609)):
[KCrash Handler]
#6  0x00007f3ac1f72707 in QMetaObject::cast (this=0x7f3ac6148f60 <KTextEditor::Document::staticMetaObject>, obj=0x1d77b10) at kernel/qmetaobject.cpp:366
#7  0x00007f3ac1f72745 in QMetaObject::cast (this=<optimized out>, obj=<optimized out>) at kernel/qmetaobject.cpp:355
#8  0x00007f3aa41b9e69 in qobject_cast<KTextEditor::Document*> (object=<optimized out>) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qobject.h:516
#9  QtPrivate::QVariantValueHelper<KTextEditor::Document*>::object (v=...) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qvariant.h:709
#10 QtPrivate::ObjectInvoker<QtPrivate::QVariantValueHelper<KTextEditor::Document*>, QVariant const&, KTextEditor::Document*>::invoke (a=...) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qvariant.h:102
#11 qvariant_cast<KTextEditor::Document*> (v=...) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qvariant.h:835
#12 QVariant::value<KTextEditor::Document*> (this=0x7ffce6e9ac70) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qvariant.h:352
#13 TabSwitcherPluginView::unregisterDocument (this=this@entry=0xd0eed0, document=0x127a7a0) at /workspace/build/addons/tabswitcher/tabswitcher.cpp:153
#14 0x00007f3aa41bb148 in TabSwitcherPluginView::raiseView (this=0xd0eed0, view=0x1564570) at /workspace/build/addons/tabswitcher/tabswitcher.cpp:183
#15 0x00007f3ac1f94b09 in QMetaObject::activate (sender=0xb42620, signalOffset=<optimized out>, local_signal_index=<optimized out>, argv=<optimized out>) at kernel/qobject.cpp:3740
#16 0x00007f3ac5d3adc2 in KTextEditor::MainWindow::viewChanged(KTextEditor::View*) () from /usr/lib/x86_64-linux-gnu/libKF5TextEditor.so.5
#17 0x00007f3ac1f94b09 in QMetaObject::activate (sender=sender@entry=0xc5f900, signalOffset=<optimized out>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7ffce6e9af60) at kernel/qobject.cpp:3740
#18 0x00007f3ac1f954b7 in QMetaObject::activate (sender=sender@entry=0xc5f900, m=m@entry=0x6c5480 <KateViewManager::staticMetaObject>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7ffce6e9af60) at kernel/qobject.cpp:3602
#19 0x000000000048fb6f in KateViewManager::viewChanged (this=this@entry=0xc5f900, _t1=0x1564570) at /workspace/build/obj-x86_64-linux-gnu/kate/moc_kateviewmanager.cpp:392
#20 0x0000000000466f58 in KateViewManager::activateView (this=0xc5f900, view=0x1564570) at /workspace/build/kate/kateviewmanager.cpp:647
#21 0x00000000004686f2 in KateViewManager::activateSpace (this=<optimized out>, v=<optimized out>) at /workspace/build/kate/kateviewmanager.cpp:592
#22 0x0000000000493834 in KateViewManager::qt_static_metacall (_o=<optimized out>, _c=<optimized out>, _id=<optimized out>, _a=0x7ffce6e9b1a0) at /workspace/build/obj-x86_64-linux-gnu/kate/moc_kateviewmanager.cpp:236
#23 0x00007f3ac1f94b09 in QMetaObject::activate (sender=0x1564570, signalOffset=<optimized out>, local_signal_index=<optimized out>, argv=<optimized out>) at kernel/qobject.cpp:3740
#24 0x00007f3ac5d3b18f in KTextEditor::View::focusIn(KTextEditor::View*) () from /usr/lib/x86_64-linux-gnu/libKF5TextEditor.so.5
#25 0x00007f3ac2d74aaf in QWidget::event (this=0x1d872e0, event=0x7ffce6e9b490) at kernel/qwidget.cpp:8892
#26 0x00007f3ac2d2d89c in QApplicationPrivate::notify_helper (this=<optimized out>, receiver=0x1d872e0, e=0x7ffce6e9b490) at kernel/qapplication.cpp:3799
#27 0x00007f3ac2d35296 in QApplication::notify (this=0x7ffce6e9c900, receiver=0x1d872e0, e=0x7ffce6e9b490) at kernel/qapplication.cpp:3556
#28 0x00007f3ac1f69cf8 in QCoreApplication::notifyInternal2 (receiver=receiver@entry=0x1d872e0, event=event@entry=0x7ffce6e9b490) at kernel/qcoreapplication.cpp:988
#29 0x00007f3ac2d33216 in QCoreApplication::sendEvent (event=0x7ffce6e9b490, receiver=0x1d872e0) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:231
#30 QApplicationPrivate::setFocusWidget (focus=focus@entry=0x1d872e0, reason=reason@entry=Qt::TabFocusReason) at kernel/qapplication.cpp:1873
#31 0x00007f3ac2d6ee9d in QWidget::setFocus (this=0x1d872e0, reason=Qt::TabFocusReason) at kernel/qwidget.cpp:6549
#32 0x00007f3ac2d6f250 in QWidget::focusNextPrevChild (this=<optimized out>, next=<optimized out>) at kernel/qwidget.cpp:6791
#33 0x00007f3ac2d6f15a in QWidget::focusNextPrevChild (this=0xbe4a60, next=<optimized out>) at kernel/qwidget.cpp:6759
#34 0x00007f3ac2d6f15a in QWidget::focusNextPrevChild (this=0xbe5ea0, next=<optimized out>) at kernel/qwidget.cpp:6759
#35 0x00007f3ac2d6f15a in QWidget::focusNextPrevChild (this=0xbe6770, next=<optimized out>) at kernel/qwidget.cpp:6759
#36 0x00007f3ac2d6f15a in QWidget::focusNextPrevChild (this=0xbe7b50, next=<optimized out>) at kernel/qwidget.cpp:6759
#37 0x00007f3ac2d6f15a in QWidget::focusNextPrevChild (this=0xbe84e0, next=<optimized out>) at kernel/qwidget.cpp:6759
#38 0x00007f3ac2d6f15a in QWidget::focusNextPrevChild (this=0xbf3670, next=<optimized out>) at kernel/qwidget.cpp:6759
#39 0x00007f3ac2d6f15a in QWidget::focusNextPrevChild (this=0xc5f900, next=<optimized out>) at kernel/qwidget.cpp:6759
#40 0x00007f3ac2d6f15a in QWidget::focusNextPrevChild (this=0x132a740, next=<optimized out>) at kernel/qwidget.cpp:6759
#41 0x00007f3ac2d6f15a in QWidget::focusNextPrevChild (this=0x1197f30, next=<optimized out>) at kernel/qwidget.cpp:6759
#42 0x00007f3ac2d6f15a in QWidget::focusNextPrevChild (this=0x1a6ed40, next=<optimized out>) at kernel/qwidget.cpp:6759
#43 0x00007f3ac2d6f15a in QWidget::focusNextPrevChild (this=0x1a84f80, next=<optimized out>) at kernel/qwidget.cpp:6759
#44 0x00007f3ac2d6f15a in QWidget::focusNextPrevChild (this=0x1cc5e30, next=<optimized out>) at kernel/qwidget.cpp:6759
#45 0x00007f3ac2d6f15a in QWidget::focusNextPrevChild (this=0x1842750, next=<optimized out>) at kernel/qwidget.cpp:6759
#46 0x00007f3ac2d6f649 in QWidgetPrivate::hide_helper (this=this@entry=0x10649c0) at kernel/qwidget.cpp:8061
#47 0x00007f3ac2d73f48 in QWidget::setVisible (this=0x1842750, visible=<optimized out>) at kernel/qwidget.cpp:8243
#48 0x00007f3ac2d563ba in QStackedLayout::takeAt (this=0x1cd41b0, index=0) at kernel/qstackedlayout.cpp:286
#49 0x00007f3ac2d50eaf in QLayout::removeWidget (this=0x1cd41b0, widget=widget@entry=0x1842750) at kernel/qlayout.cpp:1375
#50 0x00007f3ac2ebae40 in QStackedWidget::removeWidget (this=<optimized out>, widget=widget@entry=0x1842750) at widgets/qstackedwidget.cpp:199
#51 0x000000000046e0a4 in KateViewSpace::removeView (this=0x1a84f80, v=v@entry=0x1842750) at /workspace/build/kate/kateviewspace.cpp:255
#52 0x0000000000466868 in KateViewManager::deleteView (this=this@entry=0xc5f900, view=view@entry=0x1842750) at /workspace/build/kate/kateviewmanager.cpp:486
#53 0x0000000000466b4b in KateViewManager::documentWillBeDeleted (this=0xc5f900, doc=<optimized out>) at /workspace/build/kate/kateviewmanager.cpp:719
#54 0x0000000000493a44 in KateViewManager::qt_static_metacall (_o=<optimized out>, _c=<optimized out>, _id=<optimized out>, _a=0x7ffce6e9be40) at /workspace/build/obj-x86_64-linux-gnu/kate/moc_kateviewmanager.cpp:247
#55 0x00007f3ac1f94b09 in QMetaObject::activate (sender=sender@entry=0x7ffce6e9c978, signalOffset=<optimized out>, local_signal_index=local_signal_index@entry=2, argv=argv@entry=0x7ffce6e9be40) at kernel/qobject.cpp:3740
#56 0x00007f3ac1f954b7 in QMetaObject::activate (sender=sender@entry=0x7ffce6e9c978, m=m@entry=0x6c5880 <KateDocManager::staticMetaObject>, local_signal_index=local_signal_index@entry=2, argv=argv@entry=0x7ffce6e9be40) at kernel/qobject.cpp:3602
#57 0x000000000048f4f2 in KateDocManager::documentWillBeDeleted (this=this@entry=0x7ffce6e9c978, _t1=0x127a7a0) at /workspace/build/obj-x86_64-linux-gnu/kate/moc_katedocmanager.cpp:357
#58 0x000000000044f02c in KateDocManager::closeDocuments (this=0x7ffce6e9c978, documents=..., closeUrl=true) at /workspace/build/kate/katedocmanager.cpp:239
#59 0x000000000045027a in KateDocManager::closeDocument (this=0x7ffce6e9c978, doc=doc@entry=0x127a7a0, closeUrl=closeUrl@entry=true) at /workspace/build/kate/katedocmanager.cpp:273
#60 0x000000000046e045 in KateViewSpace::closeTabRequest (this=<optimized out>, id=3) at /workspace/build/kate/kateviewspace.cpp:516
#61 0x00007f3ac1f95a19 in QObject::event (this=this@entry=0x194d6a0, e=e@entry=0x1b747b0) at kernel/qobject.cpp:1263
#62 0x00007f3ac2d7458b in QWidget::event (this=0x194d6a0, event=0x1b747b0) at kernel/qwidget.cpp:9208
#63 0x00007f3ac2d2d89c in QApplicationPrivate::notify_helper (this=<optimized out>, receiver=0x194d6a0, e=0x1b747b0) at kernel/qapplication.cpp:3799
#64 0x00007f3ac2d35296 in QApplication::notify (this=0x7ffce6e9c900, receiver=0x194d6a0, e=0x1b747b0) at kernel/qapplication.cpp:3556
#65 0x00007f3ac1f69cf8 in QCoreApplication::notifyInternal2 (receiver=0x194d6a0, event=event@entry=0x1b747b0) at kernel/qcoreapplication.cpp:988
#66 0x00007f3ac1f6c3bb in QCoreApplication::sendEvent (event=0x1b747b0, receiver=<optimized out>) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:231
#67 QCoreApplicationPrivate::sendPostedEvents (receiver=receiver@entry=0x0, event_type=event_type@entry=0, data=0xa312c0) at kernel/qcoreapplication.cpp:1649
#68 0x00007f3ac1f6c828 in QCoreApplication::sendPostedEvents (receiver=receiver@entry=0x0, event_type=event_type@entry=0) at kernel/qcoreapplication.cpp:1503
#69 0x00007f3ac1fbce13 in postEventSourceDispatch (s=0xa7a640) at kernel/qeventdispatcher_glib.cpp:276
#70 0x00007f3abc8ed1a7 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#71 0x00007f3abc8ed400 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#72 0x00007f3abc8ed4ac in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#73 0x00007f3ac1fbd21f in QEventDispatcherGlib::processEvents (this=0xa7a500, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#74 0x00007f3ac1f67cea in QEventLoop::exec (this=this@entry=0x7ffce6e9c630, flags=..., flags@entry=...) at kernel/qeventloop.cpp:210
#75 0x00007f3ac1f702fc in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1261
#76 0x00007f3ac278ad9c in QGuiApplication::exec () at kernel/qguiapplication.cpp:1639
#77 0x00007f3ac2d2d7f5 in QApplication::exec () at kernel/qapplication.cpp:2975
#78 0x00000000004435ae in main (argc=3, argv=<optimized out>) at /workspace/build/kate/main.cpp:568

Reported using DrKonqi
Comment 1 Dominik Haumann 2016-09-06 08:16:58 UTC 

*** This bug has been marked as a duplicate of bug 348604 ***
Comment 2 Dominik Haumann 2016-09-06 09:27:49 UTC 
Thanks for the way to reproduce!

Valgrind trace:

==3082== Invalid read of size 8
==3082==    at 0xAA74BEE: QMetaObject::cast(QObject const*) const (in /usr/lib64/libQt5Core.so.5.7.0)
==3082==    by 0x2681890C: KTextEditor::Document* qobject_cast<KTextEditor::Document*>(QObject*) (qobject.h:516)
==3082==    by 0x26818776: QtPrivate::QVariantValueHelper<KTextEditor::Document*>::object(QVariant const&) (qvariant.h:709)
==3082==    by 0x26818440: QtPrivate::ObjectInvoker<QtPrivate::QVariantValueHelper<KTextEditor::Document*>, QVariant const&, KTextEditor::Document*>::invoke(QVariant const&) (qvariant.h:102)
==3082==    by 0x26817EBC: KTextEditor::Document* qvariant_cast<KTextEditor::Document*>(QVariant const&) (qvariant.h:835)
==3082==    by 0x268174DB: KTextEditor::Document* QVariant::value<KTextEditor::Document*>() const (qvariant.h:352)
==3082==    by 0x26815721: TabSwitcherPluginView::unregisterDocument(KTextEditor::Document*) (tabswitcher.cpp:153)
==3082==    by 0x268158EF: TabSwitcherPluginView::raiseView(KTextEditor::View*) (tabswitcher.cpp:183)
==3082==    by 0x26818F83: TabSwitcherPluginView::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (moc_tabswitcher.cpp:171)
==3082==    by 0xAA946E4: QMetaObject::activate(QObject*, int, int, void**) (in /usr/lib64/libQt5Core.so.5.7.0)
==3082==    by 0x517253E: KTextEditor::MainWindow::viewChanged(KTextEditor::View*) (moc_mainwindow.cpp:186)
==3082==    by 0x51721D6: KTextEditor::MainWindow::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (moc_mainwindow.cpp:92)
==3082==  Address 0x1d8fef50 is 0 bytes inside a block of size 528 free'd
==3082==    at 0x4C2A84C: operator delete(void*) (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==3082==    by 0x4F73CB5: KTextEditor::DocumentPrivate::~DocumentPrivate() (katedocument.cpp:340)
==3082==    by 0x4A10C2: KateDocManager::closeDocuments(QList<KTextEditor::Document*>, bool) (katedocmanager.cpp:243)
==3082==    by 0x4A1268: KateDocManager::closeDocument(KTextEditor::Document*, bool) (katedocmanager.cpp:273)
==3082==    by 0x4C67CA: KateViewSpace::closeTabRequest(int) (kateviewspace.cpp:516)
==3082==    by 0x4CBC34: QtPrivate::FunctorCall<QtPrivate::IndexesList<0>, QtPrivate::List<int>, void, void (KateViewSpace::*)(int)>::call(void (KateViewSpace::*)(int), KateViewSpace*, void**) (qobjectdefs_impl.h:507)
==3082==    by 0x4CB8EC: void QtPrivate::FunctionPointer<void (KateViewSpace::*)(int)>::call<QtPrivate::List<int>, void>(void (KateViewSpace::*)(int), KateViewSpace*, void**) (qobjectdefs_impl.h:526)
==3082==    by 0x4CAB48: QtPrivate::QSlotObject<void (KateViewSpace::*)(int), QtPrivate::List<int>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) (qobject_impl.h:149)
==3082==    by 0xAA95DF5: QObject::event(QEvent*) (in /usr/lib64/libQt5Core.so.5.7.0)
==3082==    by 0x92BFE4A: QWidget::event(QEvent*) (in /usr/lib64/libQt5Widgets.so.5.7.0)
==3082==    by 0x927CAFB: QApplicationPrivate::notify_helper(QObject*, QEvent*) (in /usr/lib64/libQt5Widgets.so.5.7.0)
==3082==    by 0x9283A7F: QApplication::notify(QObject*, QEvent*) (in /usr/lib64/libQt5Widgets.so.5.7.0)