Bug 372500

Summary: Crash when creating and closing splitted views
Product: [Applications] konsole Reporter: Maximiliano Curia <maxy>
Component: generalAssignee: Konsole Developer <konsole-devel>
Status: RESOLVED DUPLICATE    
Severity: crash CC: martin.sandsmark
Priority: NOR Keywords: drkonqi
Version: 16.08.2   
Target Milestone: ---   
Platform: Debian testing   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Maximiliano Curia 2016-11-15 10:29:16 UTC 
Application: konsole (16.08.2)

Qt Version: 5.7.1
Frameworks Version: 5.27.0
Operating System: Linux 4.8.0-1-amd64 x86_64
Distribution: Debian GNU/Linux testing (stretch)

-- Information about the crash:
- What I was doing when the application crashed:

I was testing the bug reported to the Debian bug tracker: https://bugs.debian.org/844380 and I could reproduce it by creating some vertical splits, closing some of them, and creating some more.

The crash can be reproduced sometimes.

-- Backtrace:
Application: Konsole (konsole), signal: Segmentation fault
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[Current thread is 1 (Thread 0x7f0d2e9101c0 (LWP 23439))]

Thread 3 (Thread 0x7f0d2a726700 (LWP 23441)):
#0  __libc_enable_asynccancel () at ../sysdeps/unix/sysv/linux/x86_64/cancellation.S:67
#1  0x00007f0d3fcc0562 in poll () at ../sysdeps/unix/syscall-template.S:84
#2  0x00007f0d3722f9d6 in g_main_context_poll (priority=<optimized out>, n_fds=1, fds=0x7f0d1c003020, timeout=<optimized out>, context=0x7f0d1c000990) at ././glib/gmain.c:4228
#3  g_main_context_iterate (context=context@entry=0x7f0d1c000990, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ././glib/gmain.c:3924
#4  0x00007f0d3722faec in g_main_context_iteration (context=0x7f0d1c000990, may_block=may_block@entry=1) at ././glib/gmain.c:3990
#5  0x00007f0d3c8bd73b in QEventDispatcherGlib::processEvents (this=0x7f0d1c0008c0, flags=...) at kernel/qeventdispatcher_glib.cpp:425
#6  0x00007f0d3c8670ca in QEventLoop::exec (this=this@entry=0x7f0d2a725c90, flags=..., flags@entry=...) at kernel/qeventloop.cpp:212
#7  0x00007f0d3c6890e3 in QThread::exec (this=this@entry=0x7f0d4032ed60 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at thread/qthread.cpp:507
#8  0x00007f0d402b96d5 in QDBusConnectionManager::run (this=0x7f0d4032ed60 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at qdbusconnection.cpp:178
#9  0x00007f0d3c68dd98 in QThreadPrivate::start (arg=0x7f0d4032ed60 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at thread/qthread_unix.cpp:368
#10 0x00007f0d38ef0464 in start_thread (arg=0x7f0d2a726700) at pthread_create.c:333
#11 0x00007f0d3fcc99df in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:105

Thread 2 (Thread 0x7f0d2c69b700 (LWP 23440)):
#0  0x00007f0d3fcc056d in poll () at ../sysdeps/unix/syscall-template.S:84
#1  0x00007f0d39315150 in poll (__timeout=-1, __nfds=1, __fds=0x7f0d2c69abc0) at /usr/include/x86_64-linux-gnu/bits/poll2.h:46
#2  _xcb_conn_wait (c=c@entry=0x564f53b24dc0, cond=cond@entry=0x564f53b24e00, vector=vector@entry=0x0, count=count@entry=0x0) at ../../src/xcb_conn.c:479
#3  0x00007f0d39316ee9 in xcb_wait_for_event (c=0x564f53b24dc0) at ../../src/xcb_in.c:693
#4  0x00007f0d2e3c0b69 in QXcbEventReader::run (this=0x564f53b2f1d0) at qxcbconnection.cpp:1343
#5  0x00007f0d3c68dd98 in QThreadPrivate::start (arg=0x564f53b2f1d0) at thread/qthread_unix.cpp:368
#6  0x00007f0d38ef0464 in start_thread (arg=0x7f0d2c69b700) at pthread_create.c:333
#7  0x00007f0d3fcc99df in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:105

Thread 1 (Thread 0x7f0d2e9101c0 (LWP 23439)):
[KCrash Handler]
#6  std::__atomic_base<int>::operator++ (this=<optimized out>) at /usr/include/c++/6/bits/atomic_base.h:296
#7  QAtomicOps<int>::ref<int> (_q_value=...) at ../../include/QtCore/../../src/corelib/arch/qatomic_cxx11.h:265
#8  QBasicAtomicInteger<int>::ref (this=<optimized out>) at ../../include/QtCore/../../src/corelib/thread/qbasicatomic.h:110
#9  QtPrivate::RefCount::ref (this=<optimized out>) at ../../include/QtCore/../../src/corelib/tools/qrefcount.h:61
#10 QString::operator= (this=this@entry=0x564f541e4970, other=...) at tools/qstring.cpp:1814
#11 0x00007f0d402795e9 in QDomNodePrivate::QDomNodePrivate (this=this@entry=0x564f541e4920, n=n@entry=0x564f540ae790, deep=deep@entry=true) at dom/qdom.cpp:1462
#12 0x00007f0d40279785 in QDomCharacterDataPrivate::QDomCharacterDataPrivate (deep=true, n=0x564f540ae790, this=0x564f541e4920) at dom/qdom.cpp:3879
#13 QDomTextPrivate::QDomTextPrivate (deep=true, n=0x564f540ae790, this=0x564f541e4920) at dom/qdom.cpp:5167
#14 QDomTextPrivate::cloneNode (this=0x564f540ae790, deep=<optimized out>) at dom/qdom.cpp:5173
#15 0x00007f0d4027962e in QDomNodePrivate::QDomNodePrivate (this=this@entry=0x564f541e48b0, n=n@entry=0x564f540ae720, deep=deep@entry=true) at dom/qdom.cpp:1471
#16 0x00007f0d40279735 in QDomAttrPrivate::QDomAttrPrivate (deep=true, n=0x564f540ae720, this=0x564f541e48b0) at dom/qdom.cpp:4106
#17 QDomAttrPrivate::cloneNode (this=0x564f540ae720, deep=<optimized out>) at dom/qdom.cpp:4125
#18 0x00007f0d40281967 in QDomNamedNodeMapPrivate::clone (this=0x564f540ae4d0, p=p@entry=0x564f541e4620) at dom/qdom.cpp:3053
#19 0x00007f0d402819ba in QDomElementPrivate::QDomElementPrivate (this=0x564f541e4620, n=0x564f540ae450, deep=<optimized out>) at dom/qdom.cpp:4413
#20 0x00007f0d402819f5 in QDomElementPrivate::cloneNode (this=0x564f540ae450, deep=<optimized out>) at dom/qdom.cpp:4426
#21 0x00007f0d4027962e in QDomNodePrivate::QDomNodePrivate (this=this@entry=0x564f541e45a0, n=n@entry=0x564f54085690, deep=<optimized out>) at dom/qdom.cpp:1471
#22 0x00007f0d402819a4 in QDomElementPrivate::QDomElementPrivate (this=0x564f541e45a0, n=0x564f54085690, deep=<optimized out>) at dom/qdom.cpp:4411
#23 0x00007f0d402819f5 in QDomElementPrivate::cloneNode (this=0x564f54085690, deep=<optimized out>) at dom/qdom.cpp:4426
#24 0x00007f0d4027962e in QDomNodePrivate::QDomNodePrivate (this=this@entry=0x564f54059250, n=n@entry=0x564f5409c790, deep=<optimized out>) at dom/qdom.cpp:1471
#25 0x00007f0d402819a4 in QDomElementPrivate::QDomElementPrivate (this=0x564f54059250, n=0x564f5409c790, deep=<optimized out>) at dom/qdom.cpp:4411
#26 0x00007f0d402819f5 in QDomElementPrivate::cloneNode (this=0x564f5409c790, deep=<optimized out>) at dom/qdom.cpp:4426
#27 0x00007f0d4027962e in QDomNodePrivate::QDomNodePrivate (this=this@entry=0x564f545b3fc0, n=n@entry=0x564f54192e40, deep=<optimized out>) at dom/qdom.cpp:1471
#28 0x00007f0d402819a4 in QDomElementPrivate::QDomElementPrivate (this=0x564f545b3fc0, n=0x564f54192e40, deep=<optimized out>) at dom/qdom.cpp:4411
#29 0x00007f0d402819f5 in QDomElementPrivate::cloneNode (this=0x564f54192e40, deep=<optimized out>) at dom/qdom.cpp:4426
#30 0x00007f0d4027962e in QDomNodePrivate::QDomNodePrivate (this=this@entry=0x564f54059ae0, n=n@entry=0x564f5409c530, deep=<optimized out>) at dom/qdom.cpp:1471
#31 0x00007f0d4027d0c4 in QDomDocumentPrivate::QDomDocumentPrivate (this=0x564f54059ae0, n=0x564f5409c530, deep=<optimized out>) at dom/qdom.cpp:6183
#32 0x00007f0d4027d195 in QDomDocumentPrivate::cloneNode (this=0x564f5409c530, deep=<optimized out>) at dom/qdom.cpp:6246
#33 0x00007f0d4027a1e5 in QDomNode::cloneNode (this=this@entry=0x7fffdbf9c060, deep=deep@entry=true) at dom/qdom.cpp:2350
#34 0x00007f0d3f22b596 in KXMLGUIFactory::removeClient (this=<optimized out>, client=<optimized out>) at ./src/kxmlguifactory.cpp:454
#35 0x00007f0d3ff998c3 in ?? () from /usr/lib/x86_64-linux-gnu/libkdeinit5_konsole.so
#36 0x00007f0d3ff9c44d in ?? () from /usr/lib/x86_64-linux-gnu/libkdeinit5_konsole.so
#37 0x00007f0d3c89504e in QtPrivate::QSlotObjectBase::call (a=0x7fffdbf9c3c0, r=0x564f53b93460, this=<optimized out>) at ../../include/QtCore/../../src/corelib/kernel/qobject_impl.h:101
#38 QMetaObject::activate (sender=0x564f53c37270, signalOffset=<optimized out>, local_signal_index=local_signal_index@entry=2, argv=argv@entry=0x7fffdbf9c3c0) at kernel/qobject.cpp:3723
#39 0x00007f0d3c8955f7 in QMetaObject::activate (sender=<optimized out>, m=m@entry=0x7f0d3fbd7920 <Konsole::ViewManager::staticMetaObject>, local_signal_index=local_signal_index@entry=2, argv=argv@entry=0x7fffdbf9c3c0) at kernel/qobject.cpp:3602
#40 0x00007f0d3f98fc02 in Konsole::ViewManager::activeViewChanged (this=<optimized out>, _t1=<optimized out>) at ./obj-x86_64-linux-gnu/src/moc_ViewManager.cpp:469
#41 0x00007f0d3c89504e in QtPrivate::QSlotObjectBase::call (a=0x7fffdbf9c500, r=0x564f53c37270, this=<optimized out>) at ../../include/QtCore/../../src/corelib/kernel/qobject_impl.h:101
#42 QMetaObject::activate (sender=sender@entry=0x564f5469bc50, signalOffset=<optimized out>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7fffdbf9c500) at kernel/qobject.cpp:3723
#43 0x00007f0d3c8955f7 in QMetaObject::activate (sender=sender@entry=0x564f5469bc50, m=m@entry=0x7f0d3fbd7b60 <Konsole::SessionController::staticMetaObject>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7fffdbf9c500) at kernel/qobject.cpp:3602
#44 0x00007f0d3f98f18f in Konsole::SessionController::focused (this=this@entry=0x564f5469bc50, _t1=<optimized out>, _t1@entry=0x564f5469bc50) at ./obj-x86_64-linux-gnu/src/moc_SessionController.cpp:459
#45 0x00007f0d3f959a3b in Konsole::SessionController::eventFilter (this=0x564f5469bc50, watched=<optimized out>, event=<optimized out>) at ./src/SessionController.cpp:458
#46 0x00007f0d3c868e41 in QCoreApplicationPrivate::sendThroughObjectEventFilters (receiver=receiver@entry=0x564f54af8e40, event=event@entry=0x7fffdbf9c840) at kernel/qcoreapplication.cpp:1099
#47 0x00007f0d3d3e5b05 in QApplicationPrivate::notify_helper (this=<optimized out>, receiver=0x564f54af8e40, e=0x7fffdbf9c840) at kernel/qapplication.cpp:3795
#48 0x00007f0d3d3ed2e1 in QApplication::notify (this=0x564f53b16bd0, receiver=0x564f54af8e40, e=0x7fffdbf9c840) at kernel/qapplication.cpp:3556
#49 0x00007f0d3c8690e0 in QCoreApplication::notifyInternal2 (receiver=receiver@entry=0x564f54af8e40, event=event@entry=0x7fffdbf9c840) at kernel/qcoreapplication.cpp:988
#50 0x00007f0d3d3eae5e in QCoreApplication::sendEvent (event=0x7fffdbf9c840, receiver=0x564f54af8e40) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:231
#51 QApplicationPrivate::setFocusWidget (focus=focus@entry=0x564f54af8e40, reason=reason@entry=Qt::OtherFocusReason) at kernel/qapplication.cpp:1873
#52 0x00007f0d3d4275d5 in QWidget::setFocus (this=0x564f54af8e40, reason=reason@entry=Qt::OtherFocusReason) at kernel/qwidget.cpp:6556
#53 0x00007f0d3f98153e in Konsole::ViewManager::splitView (this=0x564f53c37270, orientation=Qt::Horizontal) at ./src/ViewManager.cpp:429
#54 0x00007f0d3c89504e in QtPrivate::QSlotObjectBase::call (a=0x7fffdbf9caf0, r=0x564f53c37270, this=<optimized out>) at ../../include/QtCore/../../src/corelib/kernel/qobject_impl.h:101
#55 QMetaObject::activate (sender=sender@entry=0x564f53c38fa0, signalOffset=<optimized out>, local_signal_index=local_signal_index@entry=1, argv=argv@entry=0x7fffdbf9caf0) at kernel/qobject.cpp:3723
#56 0x00007f0d3c8955f7 in QMetaObject::activate (sender=sender@entry=0x564f53c38fa0, m=m@entry=0x7f0d3d8bef60 <QAction::staticMetaObject>, local_signal_index=local_signal_index@entry=1, argv=argv@entry=0x7fffdbf9caf0) at kernel/qobject.cpp:3602
#57 0x00007f0d3d3df162 in QAction::triggered (this=this@entry=0x564f53c38fa0, _t1=<optimized out>) at .moc/moc_qaction.cpp:369
#58 0x00007f0d3d3e1b50 in QAction::activate (this=0x564f53c38fa0, event=<optimized out>) at kernel/qaction.cpp:1170
#59 0x00007f0d3d3e24cc in QAction::event (this=<optimized out>, e=<optimized out>) at kernel/qaction.cpp:1098
#60 0x00007f0d3d3e5b2c in QApplicationPrivate::notify_helper (this=<optimized out>, receiver=0x564f53c38fa0, e=0x7fffdbf9cdd0) at kernel/qapplication.cpp:3799
#61 0x00007f0d3d3ed2e1 in QApplication::notify (this=0x564f53b16bd0, receiver=0x564f53c38fa0, e=0x7fffdbf9cdd0) at kernel/qapplication.cpp:3556
#62 0x00007f0d3c8690e0 in QCoreApplication::notifyInternal2 (receiver=0x564f53c38fa0, event=event@entry=0x7fffdbf9cdd0) at kernel/qcoreapplication.cpp:988
#63 0x00007f0d3ce771b8 in QCoreApplication::sendEvent (event=0x7fffdbf9cdd0, receiver=<optimized out>) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:231
#64 QShortcutMap::dispatchEvent (this=this@entry=0x564f53b16d88, e=e@entry=0x7fffdbf9ce80) at kernel/qshortcutmap.cpp:674
#65 0x00007f0d3ce77279 in QShortcutMap::tryShortcut (this=this@entry=0x564f53b16d88, e=e@entry=0x7fffdbf9ce80) at kernel/qshortcutmap.cpp:351
#66 0x00007f0d3ce2fc5d in QWindowSystemInterface::handleShortcutEvent (window=<optimized out>, window@entry=0x564f53c4f7e0, timestamp=<optimized out>, keyCode=40, modifiers=..., nativeScanCode=18, nativeVirtualKey=40, nativeModifiers=5, text=..., autorepeat=false, count=1) at kernel/qwindowsysteminterface.cpp:235
#67 0x00007f0d3ce47144 in QGuiApplicationPrivate::processKeyEvent (e=0x564f54042a90) at kernel/qguiapplication.cpp:2002
#68 0x00007f0d3ce4c665 in QGuiApplicationPrivate::processWindowSystemEvent (e=e@entry=0x564f54042a90) at kernel/qguiapplication.cpp:1693
#69 0x00007f0d3ce2a61b in QWindowSystemInterface::sendWindowSystemEvents (flags=...) at kernel/qwindowsysteminterface.cpp:659
#70 0x00007f0d2e3f74e0 in userEventSourceDispatch (source=<optimized out>) at eventdispatchers/qeventdispatcher_glib.cpp:76
#71 0x00007f0d3722f7d7 in g_main_dispatch (context=0x7f0d240016f0) at ././glib/gmain.c:3203
#72 g_main_context_dispatch (context=context@entry=0x7f0d240016f0) at ././glib/gmain.c:3856
#73 0x00007f0d3722fa40 in g_main_context_iterate (context=context@entry=0x7f0d240016f0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ././glib/gmain.c:3929
#74 0x00007f0d3722faec in g_main_context_iteration (context=0x7f0d240016f0, may_block=may_block@entry=1) at ././glib/gmain.c:3990
#75 0x00007f0d3c8bd71f in QEventDispatcherGlib::processEvents (this=0x564f53b61150, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#76 0x00007f0d3c8670ca in QEventLoop::exec (this=this@entry=0x7fffdbf9d230, flags=..., flags@entry=...) at kernel/qeventloop.cpp:212
#77 0x00007f0d3c86f83c in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1261
#78 0x00007f0d3ffa6cd8 in kdemain () from /usr/lib/x86_64-linux-gnu/libkdeinit5_konsole.so
#79 0x00007f0d3fc012b1 in __libc_start_main (main=0x564f520f1780, argc=1, argv=0x7fffdbf9d4f8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffdbf9d4e8) at ../csu/libc-start.c:291
#80 0x0000564f520f17ba in _start ()

Reported using DrKonqi
Comment 1 Maximiliano Curia 2016-11-15 10:46:05 UTC 
The backtrace shown in this bug shown in the Debian bug and the one that I produced (and the ones I've seen before submitting the report) are quite different from one another. My guess is that on closing the splitted view some pointer is not being updated correctly, and then the invalid reference might cause the segfault in different parts of the code.
Comment 2 Martin Sandsmark 2016-11-20 13:17:39 UTC 

*** This bug has been marked as a duplicate of bug 370971 ***