Bug 398695

Summary: Dolphin Crashed
Product: [Frameworks and Libraries] frameworks-knotifications Reporter: Omar <elrefaei.omar>
Component: generalAssignee: kdelibs bugs <kdelibs-bugs>
Status: RESOLVED FIXED    
Severity: crash CC: elvis.angelaccio, fabian, hgcoin, kde, kdelibs-bugs, nate
Priority: NOR Keywords: drkonqi
Version: 5.50.0   
Target Milestone: ---   
Platform: Ubuntu   
OS: Linux   
Latest Commit: https://commits.kde.org/knotifications/d4f51fdc1d53fbcb37a3c52dcbabe0e264b611ce Version Fixed In:
Sentry Crash Report:

Description Omar 2018-09-16 06:51:31 UTC 
Application: dolphin (18.08.0)

Qt Version: 5.11.1
Frameworks Version: 5.50.0
Operating System: Linux 4.13.0-45-generic x86_64
Distribution: KDE neon Developer Edition

-- Information about the crash:
- What I was doing when the application crashed: 
Went to: Setting > Application Style > Widget Style , and changed the widget style from Breeze > Fusion > Windows 9x > Breeze. 
Pressing apply after each one. Dolphin crashed somewhere after "fusion"

The crash does not seem to be reproducible.

-- Backtrace:
Application: Dolphin (dolphin), signal: Segmentation fault
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[Current thread is 1 (Thread 0x7efbff5f4900 (LWP 19018))]

Thread 11 (Thread 0x7efbcd881700 (LWP 6735)):
#0  0x00007efbefc74b7a in pa_atomic_load (a=0x7ebbb804e05c) at ./pulsecore/atomic.h:54
#1  flush (f=0x7ebbc0009c20) at pulsecore/fdsem.c:143
#2  0x00007efbefc7558e in pa_fdsem_before_poll (f=0x7ebbc0009c20) at pulsecore/fdsem.c:295
#3  0x00007efbefc8c027 in srbchannel_rwloop (sr=0x7ebbc000b7a0) at pulsecore/srbchannel.c:203
#4  0x00007efbf3b960b7 in dispatch_pollfds (m=0x375b5d0) at pulse/mainloop.c:655
#5  pa_mainloop_dispatch (m=m@entry=0x375b5d0) at pulse/mainloop.c:898
#6  0x00007efbf3b964bc in pa_mainloop_iterate (m=0x375b5d0, block=<optimized out>, retval=0x0) at pulse/mainloop.c:929
#7  0x00007efbf3b96560 in pa_mainloop_run (m=0x375b5d0, retval=retval@entry=0x0) at pulse/mainloop.c:944
#8  0x00007efbf3ba47a9 in thread (userdata=0x4aabd10) at pulse/thread-mainloop.c:100
#9  0x00007efbefc9c078 in internal_thread_func (userdata=0x353be30) at pulsecore/thread-posix.c:81
#10 0x00007efbf3fdf6ba in start_thread (arg=0x7efbcd881700) at pthread_create.c:333
#11 0x00007efbfef3c41d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Thread 10 (Thread 0x7efbce776700 (LWP 19034)):
#0  0x00007efbf1f2c302 in g_main_context_acquire (context=0x7efbc8000990) at /build/glib2.0-b4FPyK/glib2.0-2.48.2/./glib/gmain.c:3207
#1  0x00007efbf1f2d245 in g_main_context_iterate (context=context@entry=0x7efbc8000990, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at /build/glib2.0-b4FPyK/glib2.0-2.48.2/./glib/gmain.c:3790
#2  0x00007efbf1f2d49c in g_main_context_iteration (context=0x7efbc8000990, may_block=may_block@entry=1) at /build/glib2.0-b4FPyK/glib2.0-2.48.2/./glib/gmain.c:3901
#3  0x00007efbf90d70bb in QEventDispatcherGlib::processEvents (this=0x7efbc80008c0, flags=...) at kernel/qeventdispatcher_glib.cpp:425
#4  0x00007efbf907e5ba in QEventLoop::exec (this=this@entry=0x7efbce775cb0, flags=..., flags@entry=...) at kernel/qeventloop.cpp:214
#5  0x00007efbf8eb35e4 in QThread::exec (this=<optimized out>) at thread/qthread.cpp:525
#6  0x00007efbf8ebe727 in QThreadPrivate::start (arg=0x2bc6630) at thread/qthread_unix.cpp:367
#7  0x00007efbf3fdf6ba in start_thread (arg=0x7efbce776700) at pthread_create.c:333
#8  0x00007efbfef3c41d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Thread 9 (Thread 0x7efbd25b9700 (LWP 19028)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
#1  0x00007efbdea2670b in ?? () from /usr/lib/x86_64-linux-gnu/dri/radeonsi_dri.so
#2  0x00007efbdea26427 in ?? () from /usr/lib/x86_64-linux-gnu/dri/radeonsi_dri.so
#3  0x00007efbf3fdf6ba in start_thread (arg=0x7efbd25b9700) at pthread_create.c:333
#4  0x00007efbfef3c41d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Thread 8 (Thread 0x7efbd2dba700 (LWP 19027)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
#1  0x00007efbdea2670b in ?? () from /usr/lib/x86_64-linux-gnu/dri/radeonsi_dri.so
#2  0x00007efbdea26427 in ?? () from /usr/lib/x86_64-linux-gnu/dri/radeonsi_dri.so
#3  0x00007efbf3fdf6ba in start_thread (arg=0x7efbd2dba700) at pthread_create.c:333
#4  0x00007efbfef3c41d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Thread 7 (Thread 0x7efbd35bb700 (LWP 19026)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
#1  0x00007efbdea2670b in ?? () from /usr/lib/x86_64-linux-gnu/dri/radeonsi_dri.so
#2  0x00007efbdea26427 in ?? () from /usr/lib/x86_64-linux-gnu/dri/radeonsi_dri.so
#3  0x00007efbf3fdf6ba in start_thread (arg=0x7efbd35bb700) at pthread_create.c:333
#4  0x00007efbfef3c41d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Thread 6 (Thread 0x7efbd3dbc700 (LWP 19025)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
#1  0x00007efbdea2670b in ?? () from /usr/lib/x86_64-linux-gnu/dri/radeonsi_dri.so
#2  0x00007efbdea26427 in ?? () from /usr/lib/x86_64-linux-gnu/dri/radeonsi_dri.so
#3  0x00007efbf3fdf6ba in start_thread (arg=0x7efbd3dbc700) at pthread_create.c:333
#4  0x00007efbfef3c41d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Thread 5 (Thread 0x7efbd45bd700 (LWP 19024)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
#1  0x00007efbdea2670b in ?? () from /usr/lib/x86_64-linux-gnu/dri/radeonsi_dri.so
#2  0x00007efbdea26427 in ?? () from /usr/lib/x86_64-linux-gnu/dri/radeonsi_dri.so
#3  0x00007efbf3fdf6ba in start_thread (arg=0x7efbd45bd700) at pthread_create.c:333
#4  0x00007efbfef3c41d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Thread 4 (Thread 0x7efbdce17700 (LWP 19023)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
#1  0x00007efbdea2670b in ?? () from /usr/lib/x86_64-linux-gnu/dri/radeonsi_dri.so
#2  0x00007efbdea26427 in ?? () from /usr/lib/x86_64-linux-gnu/dri/radeonsi_dri.so
#3  0x00007efbf3fdf6ba in start_thread (arg=0x7efbdce17700) at pthread_create.c:333
#4  0x00007efbfef3c41d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Thread 3 (Thread 0x7efbddc3f700 (LWP 19022)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
#1  0x00007efbdea2670b in ?? () from /usr/lib/x86_64-linux-gnu/dri/radeonsi_dri.so
#2  0x00007efbdea26427 in ?? () from /usr/lib/x86_64-linux-gnu/dri/radeonsi_dri.so
#3  0x00007efbf3fdf6ba in start_thread (arg=0x7efbddc3f700) at pthread_create.c:333
#4  0x00007efbfef3c41d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Thread 2 (Thread 0x7efbe4fda700 (LWP 19021)):
#0  0x00007efbf8eaf709 in std::__atomic_base<QMutexData*>::compare_exchange_strong (__m2=std::memory_order_relaxed, __m1=std::memory_order_release, __p2=0x0, __p1=@0x7efbe4fd9a28: 0x1, this=0x26f8010) at /usr/include/c++/5/bits/atomic_base.h:752
#1  std::atomic<QMutexData*>::compare_exchange_strong (__m2=std::memory_order_relaxed, __m1=std::memory_order_release, __p2=0x0, __p1=@0x7efbe4fd9a28: 0x1, this=0x26f8010) at /usr/include/c++/5/atomic:462
#2  QAtomicOps<QMutexData*>::testAndSetRelease<QMutexData*> (currentValue=<synthetic pointer>, newValue=0x0, expectedValue=0x1, _q_value=...) at ../../include/QtCore/../../src/corelib/thread/qatomic_cxx11.h:299
#3  QBasicAtomicPointer<QMutexData>::testAndSetRelease (currentValue=<synthetic pointer>, newValue=0x0, expectedValue=<optimized out>, this=0x26f8010) at ../../include/QtCore/../../src/corelib/thread/qbasicatomic.h:265
#4  QBasicMutex::fastTryUnlock (current=<synthetic pointer>, this=0x26f8010) at thread/qmutex.h:110
#5  QMutex::unlock (this=this@entry=0x26f8010) at thread/qmutex.cpp:337
#6  0x00007efbf90d6fe1 in QMutexLocker::unlock (this=<synthetic pointer>) at ../../include/QtCore/../../src/corelib/thread/qmutex.h:219
#7  QMutexLocker::~QMutexLocker (this=<synthetic pointer>, __in_chrg=<optimized out>) at ../../include/QtCore/../../src/corelib/thread/qmutex.h:213
#8  QThreadData::canWaitLocked (this=0x26f7fe0) at ../../include/QtCore/5.11.1/QtCore/private/../../../../../src/corelib/thread/qthread_p.h:254
#9  postEventSourcePrepare (s=0x7efbd80012d0, timeout=timeout@entry=0x7efbe4fd9ab4) at kernel/qeventdispatcher_glib.cpp:259
#10 0x00007efbf1f2c91d in g_main_context_prepare (context=context@entry=0x7efbd8000990, priority=priority@entry=0x7efbe4fd9b40) at /build/glib2.0-b4FPyK/glib2.0-2.48.2/./glib/gmain.c:3442
#11 0x00007efbf1f2d2bb in g_main_context_iterate (context=context@entry=0x7efbd8000990, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at /build/glib2.0-b4FPyK/glib2.0-2.48.2/./glib/gmain.c:3820
#12 0x00007efbf1f2d49c in g_main_context_iteration (context=0x7efbd8000990, may_block=may_block@entry=1) at /build/glib2.0-b4FPyK/glib2.0-2.48.2/./glib/gmain.c:3901
#13 0x00007efbf90d70bb in QEventDispatcherGlib::processEvents (this=0x7efbd80008c0, flags=...) at kernel/qeventdispatcher_glib.cpp:425
#14 0x00007efbf907e5ba in QEventLoop::exec (this=this@entry=0x7efbe4fd9c80, flags=..., flags@entry=...) at kernel/qeventloop.cpp:214
#15 0x00007efbf8eb35e4 in QThread::exec (this=this@entry=0x7efbf9797d60 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at thread/qthread.cpp:525
#16 0x00007efbf951ef35 in QDBusConnectionManager::run (this=0x7efbf9797d60 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at qdbusconnection.cpp:178
#17 0x00007efbf8ebe727 in QThreadPrivate::start (arg=0x7efbf9797d60 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at thread/qthread_unix.cpp:367
#18 0x00007efbf3fdf6ba in start_thread (arg=0x7efbe4fda700) at pthread_create.c:333
#19 0x00007efbfef3c41d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Thread 1 (Thread 0x7efbff5f4900 (LWP 19018)):
[KCrash Handler]
#6  KNotification::id (this=this@entry=0x49f1470) at /workspace/build/src/knotification.cpp:436
#7  0x00007efbfaf6c399 in KNotificationManager::notifyPluginFinished (this=0x7efbfb1ae030 <(anonymous namespace)::Q_QGS_s_self::innerFunction()::holder>, notification=0x49f1470) at /workspace/build/src/knotificationmanager.cpp:217
#8  0x00007efbfaf6dacc in KNotificationManager::qt_static_metacall (_o=<optimized out>, _c=<optimized out>, _id=<optimized out>, _a=<optimized out>) at /workspace/build/obj-x86_64-linux-gnu/src/moc_knotificationmanager_p.cpp:90
#9  0x00007efbf90acf79 in QMetaObject::activate (sender=sender@entry=0x4acc6f0, signalOffset=<optimized out>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7ffbffffacb0) at kernel/qobject.cpp:3771
#10 0x00007efbf90ad887 in QMetaObject::activate (sender=sender@entry=0x4acc6f0, m=m@entry=0x7efbfb1acb60 <KNotificationPlugin::staticMetaObject>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7ffbffffacb0) at kernel/qobject.cpp:3633
#11 0x00007efbfaf99e3f in KNotificationPlugin::finished (this=this@entry=0x4acc6f0, _t1=_t1@entry=0x49f1470) at /workspace/build/obj-x86_64-linux-gnu/src/moc_knotificationplugin.cpp:143
#12 0x00007efbfaf7eae5 in KNotificationPlugin::finish (this=this@entry=0x4acc6f0, notification=notification@entry=0x49f1470) at /workspace/build/src/knotificationplugin.cpp:50
#13 0x00007efbfaf9397a in NotifyByAudio::finishNotification (this=this@entry=0x4acc6f0, notification=notification@entry=0x49f1470, id=id@entry=1) at /workspace/build/src/notifybyaudio_canberra.cpp:189
#14 0x00007efbfaf93a13 in NotifyByAudio::finishCallback (this=0x4acc6f0, id=1, error_code=<optimized out>) at /workspace/build/src/notifybyaudio_canberra.cpp:165
#15 0x00007efbf90adfb9 in QObject::event (this=0x4acc6f0, e=<optimized out>) at kernel/qobject.cpp:1251
#16 0x00007efbfa0dd39c in QApplicationPrivate::notify_helper (this=<optimized out>, receiver=0x4acc6f0, e=0x7ebbc00ab6a0) at kernel/qapplication.cpp:3727
#17 0x00007efbfa0e4ab0 in QApplication::notify (this=0x7ffbffffb420, receiver=0x4acc6f0, e=0x7ebbc00ab6a0) at kernel/qapplication.cpp:3486
#18 0x00007efbf9080228 in QCoreApplication::notifyInternal2 (receiver=0x4acc6f0, event=event@entry=0x7ebbc00ab6a0) at kernel/qcoreapplication.cpp:1048
#19 0x00007efbf9082e2e in QCoreApplication::sendEvent (event=0x7ebbc00ab6a0, receiver=<optimized out>) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:234
#20 QCoreApplicationPrivate::sendPostedEvents (receiver=receiver@entry=0x0, event_type=event_type@entry=0, data=0x26190c0) at kernel/qcoreapplication.cpp:1745
#21 0x00007efbf90832a8 in QCoreApplication::sendPostedEvents (receiver=receiver@entry=0x0, event_type=event_type@entry=0) at kernel/qcoreapplication.cpp:1599
#22 0x00007efbf90d7a93 in postEventSourceDispatch (s=0x26e82a0) at kernel/qeventdispatcher_glib.cpp:276
#23 0x00007efbf1f2d197 in g_main_dispatch (context=0x7efbe00016f0) at /build/glib2.0-b4FPyK/glib2.0-2.48.2/./glib/gmain.c:3154
#24 g_main_context_dispatch (context=context@entry=0x7efbe00016f0) at /build/glib2.0-b4FPyK/glib2.0-2.48.2/./glib/gmain.c:3769
#25 0x00007efbf1f2d3f0 in g_main_context_iterate (context=context@entry=0x7efbe00016f0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at /build/glib2.0-b4FPyK/glib2.0-2.48.2/./glib/gmain.c:3840
#26 0x00007efbf1f2d49c in g_main_context_iteration (context=0x7efbe00016f0, may_block=may_block@entry=1) at /build/glib2.0-b4FPyK/glib2.0-2.48.2/./glib/gmain.c:3901
#27 0x00007efbf90d709f in QEventDispatcherGlib::processEvents (this=this@entry=0x26a4070, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#28 0x00007efbe9bdf9a1 in QPAEventDispatcherGlib::processEvents (this=0x26a4070, flags=...) at qeventdispatcher_glib.cpp:69
#29 0x00007efbf907e5ba in QEventLoop::exec (this=this@entry=0x7ffbffffb2e0, flags=..., flags@entry=...) at kernel/qeventloop.cpp:214
#30 0x00007efbf90876c4 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1336
#31 0x00007efbf98c8f8c in QGuiApplication::exec () at kernel/qguiapplication.cpp:1762
#32 0x00007efbfa0dd2f5 in QApplication::exec () at kernel/qapplication.cpp:2901
#33 0x00007efbff242e52 in kdemain (argc=1, argv=<optimized out>) at /workspace/build/src/main.cpp:166
#34 0x00007efbfee55830 in __libc_start_main (main=0x4006b0 <main(int, char**)>, argc=1, argv=0x7ffbffffb5a8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffbffffb598) at ../csu/libc-start.c:291
#35 0x00000000004006e9 in _start ()

The reporter indicates this bug may be a duplicate of or related to bug 342752.

Possible duplicates by query: bug 350256, bug 349065, bug 347295.

Reported using DrKonqi
Comment 1 Omar 2018-09-16 14:48:59 UTC 
Ops, please kindly ignore the "What I was doing when the application crashed" part, I reported this in the wrong bug.
Comment 2 Kai Uwe Broulik 2018-09-21 07:56:42 UTC 
What did you do then? Delete a file or something like that?
Comment 3 Fabian Vogt 2018-09-21 07:59:09 UTC 
(In reply to Omar from comment #1)
> Ops, please kindly ignore the "What I was doing when the application
> crashed" part, I reported this in the wrong bug.

(In reply to Kai Uwe Broulik from comment #2)
> What did you do then? Delete a file or something like that?

Also, is the issue reproducible?
Comment 4 Harald Sitter 2018-10-09 11:25:28 UTC 
Git commit d4f51fdc1d53fbcb37a3c52dcbabe0e264b611ce by Harald Sitter.
Committed on 09/10/2018 at 11:25.
Pushed by sitter into branch 'master'.

force-finish canberra notifications on close()

Summary:
`KNotification::close()` causes the manager to close the plugin for the
notification and after that KNotification will call deleteLater() on
itself. In the canberra variant of NotifyByAudio we handled this by calling
ca_context_cancel to abort playback of the audio. This ultimately would
still cause a finishCallback once the playback actually cancelled. The
callback does arrive in an undefined amount of loop cycles later though.
Put together this allowed for timing issues where deleteLater would run
before the finishCallback arrived, giving finishCallback the risk of
accessing a KNotification object past its lifetime and segfaulting.

To prevent this from happening we'll finishNotification in the plugin's
close(). This drops the notification out of the mapping hashes and tells
the manager that we are done. finishCallback now returns immediately if it
cannot find a mapping for a notification (i.e. it was close()d already).

CHANGELOG: Fixed a crash caused by bad lifetime management of canberra-based audio notification

Test Plan: added qdebugs. without patch close() and thus deleteLater() happens before finishCallback() but the callback still does its thing. with patch finishCallback is noop.

Reviewers: broulik, jtamate

Reviewed By: broulik, jtamate

Subscribers: kde-frameworks-devel, jtamate

Tags: #frameworks

Differential Revision: https://phabricator.kde.org/D15638

M  +11   -1    src/notifybyaudio_canberra.cpp

https://commits.kde.org/knotifications/d4f51fdc1d53fbcb37a3c52dcbabe0e264b611ce
Comment 5 Elvis Angelaccio 2018-12-01 16:03:59 UTC 
*** Bug 401591 has been marked as a duplicate of this bug. ***