Bug 408675

Summary: KMail crashes sometimes when clicking on toolbar button "Reply"
Product: [Applications] kontact Reporter: Waleed Hamra <kdebugs>
Component: mailAssignee: kdepim bugs <kdepim-bugs>
Status: RESOLVED UPSTREAM    
Severity: crash CC: armen114, faure, robert
Priority: NOR    
Version: 5.11.1   
Target Milestone: ---   
Platform: Compiled Sources   
OS: Linux   
Latest Commit: Version Fixed In:
Attachments: Crashdump

Description Waleed Hamra 2019-06-14 06:11:56 UTC 
Created attachment 120857 [details]
Crashdump

SUMMARY

Kontact randomly crashes from random mouse clicks.

This is not reproducible. The current crash resulted from long clocking on the reply button to choose "reply to author". Doing this again did not result in a crash. Yesterday it crashed while dragging a feed in the Feeds area. Earlier it crashed while dragging a mail, before even reaching the target folder, I long clicked, moved it about 2 cm, crash. I hope the attached crash dump is useful, the reporter gave it 3 stars.



SOFTWARE/OS VERSIONS
Linux/KDE Plasma: Linux 5.0.9, KDE 5.58.0
KDE Framework: 5.58.0
KDE apps: 19.04.1
Qt Version: 5.12.3
Comment 1 Christoph Feck 2019-07-03 13:58:23 UTC 
Unfortunately, the backtrace does not reveal much information. It seems related to timers firing while a menu was up (local event loop).

Relevant part of backtrace:

Thread 1 (Thread 0x7f21c2668340 (LWP 17420)):
[KCrash Handler]
#5  0x00007f21d127e208 in QBasicTimer::stop() () at /usr/lib/libQt5Core.so.5
#6  0x00007f21d202f6f1 in  () at /usr/lib/libQt5Widgets.so.5
#7  0x00007f21d202f7a8 in QMenu::enterEvent(QEvent*) () at /usr/lib/libQt5Widgets.so.5
#8  0x00007f21d1ed19b0 in QWidget::event(QEvent*) () at /usr/lib/libQt5Widgets.so.5
#9  0x00007f21d2033a9b in QMenu::event(QEvent*) () at /usr/lib/libQt5Widgets.so.5
#10 0x00007f21d1e84592 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () at /usr/lib/libQt5Widgets.so.5
#11 0x00007f21d1e8b378 in QApplication::notify(QObject*, QEvent*) () at /usr/lib/libQt5Widgets.so.5
#12 0x00007f21d1280708 in QCoreApplication::sendEvent(QObject*, QEvent*) () at /usr/lib/libQt5Core.so.5
#13 0x00007f21d1e89ce8 in  () at /usr/lib/libQt5Widgets.so.5
#14 0x00007f21d1ef0f62 in  () at /usr/lib/libQt5Widgets.so.5
#15 0x00007f21d1ef349f in  () at /usr/lib/libQt5Widgets.so.5
#16 0x00007f21d1e84592 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () at /usr/lib/libQt5Widgets.so.5
#17 0x00007f21d1e8b378 in QApplication::notify(QObject*, QEvent*) () at /usr/lib/libQt5Widgets.so.5
#18 0x00007f21d12808c8 in QCoreApplication::sendSpontaneousEvent(QObject*, QEvent*) () at /usr/lib/libQt5Core.so.5
#19 0x00007f21d184df40 in QGuiApplicationPrivate::processMouseEvent(QWindowSystemInterfacePrivate::MouseEvent*) () at /usr/lib/libQt5Gui.so.5
#20 0x00007f21d184f93b in QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) () at /usr/lib/libQt5Gui.so.5
#21 0x00007f21d182082b in QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/libQt5Gui.so.5
#22 0x00007f21b555d9ba in  () at /usr/lib/libQt5XcbQpa.so.5
#23 0x00007f21c620a8dd in g_main_dispatch (context=0x7f21b0004fd0) at ../glib/gmain.c:3189
#24 0x00007f21c620a8dd in g_main_context_dispatch (context=context@entry=0x7f21b0004fd0) at ../glib/gmain.c:3854
#25 0x00007f21c620ab68 in g_main_context_iterate (context=context@entry=0x7f21b0004fd0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:3927
#26 0x00007f21c620abec in g_main_context_iteration (context=0x7f21b0004fd0, may_block=1) at ../glib/gmain.c:3988
#27 0x00007f21d12df0e0 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/libQt5Core.so.5
#28 0x00007f21d127ee16 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/libQt5Core.so.5
#29 0x00007f21d202ccdd in QMenu::exec(QPoint const&, QAction*) () at /usr/lib/libQt5Widgets.so.5
Comment 2 David Faure 2020-04-16 20:50:51 UTC 
*** Bug 418356 has been marked as a duplicate of this bug. ***
Comment 3 David Faure 2020-04-16 21:04:54 UTC 
My wife has been hitting this crash regularly for the last few years.
Let's try to see what frame #6 might be.

One possibility would be:
#5  QMenuSloppyState::stopTimer() { m_time.stop(); }
    QMenuSloppyState::reset()
#6  QMenuSloppyState::enter()
#7  QMenu::enterEvent(QEvent*)

But for #5 to crash, `this` must be deleted, but then the other member vars accessed in reset() would crash too.

Alternatively, this comes from m_parent->childEnter().

#5  QMenuSloppyState::stopTimer() { m_time.stop(); }
    QMenuSloppyState::childEnter() on the parent
#6  QMenuSloppyState::enter()  calls m_parent->childEnter();
#7  QMenu::enterEvent(QEvent*)

This seems more likely, m_parent would be a dangling pointer. But m_parent only happens with submenus...
There are submenus in the "Reply" toolbutton, but the mouse is nowhere near those... or maybe that's what triggers it?
Comment 4 armen114 2020-09-24 06:53:01 UTC 
It's Qt bug, now it's fixed
https://bugreports.qt.io/browse/QTBUG-80528
Comment 5 David Faure 2020-10-11 18:34:55 UTC 
This is excellent news, thanks!