Bug 422282

Summary: Tree View mode crashes in KFileItemModel::removeItems() and shows duplicate items
Product: [Applications] dolphin Reporter: Noah Davis <noahadvs>
Component: view-engine: details modeAssignee: Dolphin Bug Assignee <dolphin-bugs-null>
Status: RESOLVED FIXED    
Severity: crash CC: adriano.lima, alex765, angus, antoine.viallon, arddix, boysen, brownphotographic, bugs.kde.org.id324, bugs.kde.org.shine600, chabot.daniel.01, DanielHalens, davidbryant, dckrawchuk, ddascalescu+kde, djlmax2008, edwardb_kde, elvis.angelaccio, felixernst, ftefrjbhfvasf32, greg, grosser.meister.morti, guenter.k, hal.meyers, hpfeil, ismailsahillioglu, john4deidre2013, julien_palmieri, kai, karsten.loh, kde, kde, kde, kfm-devel, lauriej, mader, marcelo.jimenez, meven29, mheieis, mrypsilons, msdobrescu, nate, norbert, onehundredone, os.untrained150, paul.m.nz, raftop, ryein, scooter.thomas27, shout, surejprabhu, s_chriscollins, woodguy552010
Priority: VHI Keywords: drkonqi
Version: unspecified   
Target Milestone: ---   
Platform: openSUSE   
OS: Linux   
See Also: https://bugs.kde.org/show_bug.cgi?id=426657
Latest Commit: Version Fixed In: 21.04
Sentry Crash Report:
Attachments: New crash information added by DrKonqi
valgrind output of double free crash of dolphin
New crash information added by DrKonqi
New crash information added by DrKonqi
double entries for some files and folders
New crash information added by DrKonqi
New crash information added by DrKonqi

Description Noah Davis 2020-05-31 06:31:08 UTC
Application: dolphin (20.07.70)

Qt Version: 5.15.0
Frameworks Version: 5.71.0
Operating System: Linux 5.6.12-1-default x86_64
Windowing system: X11
Distribution: "openSUSE Tumbleweed"

-- Information about the crash:
- What I was doing when the application crashed:

Deleting a fairly substantial amount of data (more than 1GB) via the command line (rm -r some-directory). I managed to make it happen twice in a row with 2 big folders, but not with a single empty folder or a single empty file.

The crash can be reproduced sometimes.

-- Backtrace:
Application: Dolphin (dolphin), signal: Aborted
Content of s_kcrashErrorMessage: [Current thread is 1 (Thread 0x7f1919e0e800 (LWP 24087))]
[KCrash Handler]
#6  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#7  0x00007f191ec3453d in __GI_abort () at abort.c:79
#8  0x00007f191ec8e4af in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7f191ed9ce29 "%s\n") at ../sysdeps/posix/libc_fatal.c:155
#9  0x00007f191ec9575c in malloc_printerr (str=str@entry=0x7f191ed9f1d8 "double free or corruption (fasttop)") at malloc.c:5347
#10 0x00007f191ec972a5 in _int_free (av=0x7f191edce9e0 <main_arena>, p=0x55890c31de00, have_lock=0) at malloc.c:4266
#11 0x00007f191ebbd43e in KFileItemModel::removeItems (behavior=KFileItemModel::DeleteItemData, itemRanges=..., this=0x55890bd31c00) at /usr/include/c++/9/bits/atomic_base.h:326
#12 KFileItemModel::removeItems (this=0x55890bd31c00, itemRanges=..., behavior=KFileItemModel::DeleteItemData) at /usr/src/debug/dolphin-20.07.70git.20200528T234223~7df39255a-ku.41.1.x86_64/src/kitemviews/kfileitemmodel.cpp:1281
#13 0x00007f191ebb4e99 in KFileItemModel::setExpanded (this=0x55890bd31c00, index=15, expanded=<optimized out>) at /usr/src/debug/dolphin-20.07.70git.20200528T234223~7df39255a-ku.41.1.x86_64/src/kitemviews/kitemrange.h:61
#14 0x00007f191eba6d90 in KItemListController::mouseReleaseEvent (transform=..., event=0x7ffd853eddd0, this=0x55890bd53400) at /usr/src/debug/dolphin-20.07.70git.20200528T234223~7df39255a-ku.41.1.x86_64/src/kitemviews/kitemlistcontroller.cpp:783
#15 KItemListController::mouseReleaseEvent (this=this@entry=0x55890bd53400, event=event@entry=0x7ffd853eddd0, transform=...) at /usr/src/debug/dolphin-20.07.70git.20200528T234223~7df39255a-ku.41.1.x86_64/src/kitemviews/kitemlistcontroller.cpp:734
#16 0x00007f191ebab21b in KItemListController::processEvent (this=0x55890bd53400, event=0x7ffd853eddd0, transform=...) at /usr/src/debug/dolphin-20.07.70git.20200528T234223~7df39255a-ku.41.1.x86_64/src/kitemviews/kitemlistcontroller.cpp:1060
#17 0x00007f191eb9bec6 in KItemListView::event (this=0x55890bc06ba0, event=0x7ffd853eddd0) at /usr/src/debug/dolphin-20.07.70git.20200528T234223~7df39255a-ku.41.1.x86_64/src/kitemviews/kitemlistview.cpp:913
#18 0x00007f191d929cdf in QApplicationPrivate::notify_helper (this=this@entry=0x55890aef9a60, receiver=receiver@entry=0x55890bc06ba0, e=e@entry=0x7ffd853eddd0) at kernel/qapplication.cpp:3671
#19 0x00007f191d932b60 in QApplication::notify (this=0x7ffd853eed10, receiver=0x55890bc06ba0, e=0x7ffd853eddd0) at kernel/qapplication.cpp:3417
#20 0x00007f191cd0d6fa in QCoreApplication::notifyInternal2 (receiver=0x55890bc06ba0, event=0x7ffd853eddd0) at ../../include/QtCore/5.15.0/QtCore/private/../../../../../src/corelib/thread/qthread_p.h:325
#21 0x00007f191dc53683 in QGraphicsScenePrivate::sendEvent (this=<optimized out>, event=0x7ffd853eddd0, item=0x55890bc06bb0) at graphicsview/qgraphicsscene.cpp:1254
#22 QGraphicsScenePrivate::sendEvent (this=<optimized out>, item=0x55890bc06bb0, event=0x7ffd853eddd0) at graphicsview/qgraphicsscene.cpp:1234
#23 0x00007f191dc53aaf in QGraphicsScenePrivate::sendMouseEvent (this=this@entry=0x55890bb0a4b0, mouseEvent=mouseEvent@entry=0x7ffd853eddd0) at graphicsview/qgraphicsscene.cpp:1335
#24 0x00007f191dc58b2c in QGraphicsScene::mouseReleaseEvent (this=<optimized out>, mouseEvent=0x7ffd853eddd0) at graphicsview/qgraphicsscene.cpp:4123
#25 0x00007f191dc65cb9 in QGraphicsScene::event (this=0x55890bd6d9f0, event=0x7ffd853eddd0) at graphicsview/qgraphicsscene.cpp:3436
#26 0x00007f191d929cdf in QApplicationPrivate::notify_helper (this=this@entry=0x55890aef9a60, receiver=receiver@entry=0x55890bd6d9f0, e=e@entry=0x7ffd853eddd0) at kernel/qapplication.cpp:3671
#27 0x00007f191d932b60 in QApplication::notify (this=0x7ffd853eed10, receiver=0x55890bd6d9f0, e=0x7ffd853eddd0) at kernel/qapplication.cpp:3417
#28 0x00007f191cd0d6fa in QCoreApplication::notifyInternal2 (receiver=0x55890bd6d9f0, event=0x7ffd853eddd0) at ../../include/QtCore/5.15.0/QtCore/private/../../../../../src/corelib/thread/qthread_p.h:325
#29 0x00007f191dc82b66 in QGraphicsView::mouseReleaseEvent (this=0x55890bd6d3b0, event=0x7ffd853ee3e0) at /usr/include/c++/9/bits/atomic_base.h:413
#30 0x00007f191d96c15e in QWidget::event (this=this@entry=0x55890bd6d3b0, event=event@entry=0x7ffd853ee3e0) at kernel/qwidget.cpp:8671
#31 0x00007f191da1ae9e in QFrame::event (this=0x55890bd6d3b0, e=0x7ffd853ee3e0) at widgets/qframe.cpp:550
#32 0x00007f191dc8397c in QGraphicsView::viewportEvent (this=0x55890bd6d3b0, event=0x7ffd853ee3e0) at graphicsview/qgraphicsview.cpp:3014
#33 0x00007f191cd0d46b in QCoreApplicationPrivate::sendThroughObjectEventFilters (event=<optimized out>, receiver=<optimized out>) at kernel/qcoreapplication.cpp:1187
#34 QCoreApplicationPrivate::sendThroughObjectEventFilters (receiver=receiver@entry=0x55890bd75550, event=event@entry=0x7ffd853ee3e0) at kernel/qcoreapplication.cpp:1176
#35 0x00007f191d929cce in QApplicationPrivate::notify_helper (this=this@entry=0x55890aef9a60, receiver=receiver@entry=0x55890bd75550, e=e@entry=0x7ffd853ee3e0) at kernel/qapplication.cpp:3665
#36 0x00007f191d932db3 in QApplication::notify (this=<optimized out>, receiver=0x55890bd75550, e=0x7ffd853ee3e0) at kernel/qapplication.cpp:3115
#37 0x00007f191cd0d6fa in QCoreApplication::notifyInternal2 (receiver=0x55890bd75550, event=0x7ffd853ee3e0) at ../../include/QtCore/5.15.0/QtCore/private/../../../../../src/corelib/thread/qthread_p.h:325
#38 0x00007f191d931ec3 in QApplicationPrivate::sendMouseEvent (receiver=receiver@entry=0x55890bd75550, event=event@entry=0x7ffd853ee3e0, alienWidget=alienWidget@entry=0x55890bd75550, nativeWidget=0x55890aec8310, buttonDown=<optimized out>, lastMouseReceiver=..., spontaneous=true, onlyDispatchEnterLeave=false) at kernel/qapplication.cpp:2603
#39 0x00007f191d986cd9 in QWidgetWindow::handleMouseEvent (this=0x55890b264530, event=0x7ffd853ee860) at /usr/include/c++/9/bits/atomic_base.h:413
#40 0x00007f191d98a194 in QWidgetWindow::event (event=0x7ffd853ee860, this=0x55890b264530) at kernel/qwidgetwindow.cpp:295
#41 QWidgetWindow::event (this=0x55890b264530, event=0x7ffd853ee860) at kernel/qwidgetwindow.cpp:238
#42 0x00007f191d929cdf in QApplicationPrivate::notify_helper (this=this@entry=0x55890aef9a60, receiver=receiver@entry=0x55890b264530, e=e@entry=0x7ffd853ee860) at kernel/qapplication.cpp:3671
#43 0x00007f191d932b60 in QApplication::notify (this=0x7ffd853eed10, receiver=0x55890b264530, e=0x7ffd853ee860) at kernel/qapplication.cpp:3417
#44 0x00007f191cd0d6fa in QCoreApplication::notifyInternal2 (receiver=0x55890b264530, event=0x7ffd853ee860) at ../../include/QtCore/5.15.0/QtCore/private/../../../../../src/corelib/thread/qthread_p.h:325
#45 0x00007f191d219c98 in QGuiApplicationPrivate::processMouseEvent (e=e@entry=0x55890c24acf0) at kernel/qguiapplication.cpp:2214
#46 0x00007f191d21b2a5 in QGuiApplicationPrivate::processWindowSystemEvent (e=e@entry=0x55890c24acf0) at kernel/qguiapplication.cpp:1946
#47 0x00007f191d1f39db in QWindowSystemInterface::sendWindowSystemEvents (flags=flags@entry=...) at kernel/qwindowsysteminterface.cpp:1175
#48 0x00007f1917ece13a in xcbSourceDispatch (source=source@entry=0x55890afb3ce0) at qxcbeventdispatcher.cpp:105
#49 0x00007f191ab1d6e8 in g_main_dispatch (context=0x7f1910005000) at ../glib/gmain.c:3309
#50 g_main_context_dispatch (context=context@entry=0x7f1910005000) at ../glib/gmain.c:3974
#51 0x00007f191ab1da70 in g_main_context_iterate (context=context@entry=0x7f1910005000, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4047
#52 0x00007f191ab1daff in g_main_context_iteration (context=0x7f1910005000, may_block=may_block@entry=1) at ../glib/gmain.c:4108
#53 0x00007f191cd6600e in QEventDispatcherGlib::processEvents (this=0x55890afce420, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#54 0x00007f191cd0c2eb in QEventLoop::exec (this=this@entry=0x7ffd853eec00, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:141
#55 0x00007f191cd14200 in QCoreApplication::exec () at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#56 0x00007f191d20db3c in QGuiApplication::exec () at kernel/qguiapplication.cpp:1867
#57 0x00007f191d929c55 in QApplication::exec () at kernel/qapplication.cpp:2811
#58 0x00007f191ee80fca in kdemain (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/dolphin-20.07.70git.20200528T234223~7df39255a-ku.41.1.x86_64/src/main.cpp:189
#59 0x00007f191ec35ceb in __libc_start_main (main=0x55890a913050 <main(int, char**)>, argc=1, argv=0x7ffd853eee98, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffd853eee88) at ../csu/libc-start.c:308
#60 0x000055890a91308a in _start () at ../sysdeps/x86_64/start.S:120
[Inferior 1 (process 24087) detached]

Possible duplicates by query: bug 421601, bug 421576, bug 420910, bug 420414, bug 419798.

Reported using DrKonqi
Comment 1 Alex 2020-06-02 07:18:38 UTC
On Frameworks 5.70.0 and Dolphin 19.12.2, I failed to reproduce this. I created a folder with 3 files of 1GB each, and deleted the folder with rm -r, which ran successfully.
Comment 2 Noah Davis 2020-06-02 08:51:15 UTC
perhaps it's not the true cause.
Comment 3 Christoph Feck 2020-06-11 17:22:51 UTC
I get this crash a lot since I updated. I use the tree view, and after some scrolling, collapsing, expanding cycles, it crashes. No file operations involved, except opening some.
Comment 4 Christoph Feck 2020-07-16 18:13:29 UTC
*** Bug 424295 has been marked as a duplicate of this bug. ***
Comment 5 Elvis Angelaccio 2020-07-18 18:08:01 UTC
(In reply to Christoph Feck from comment #3)
> I get this crash a lot since I updated. I use the tree view, and after some
> scrolling, collapsing, expanding cycles, it crashes. No file operations
> involved, except opening some.

Could you git bisect it maybe?
Comment 6 Greg Lepore 2020-08-18 15:33:45 UTC
Created attachment 130974 [details]
New crash information added by DrKonqi

dolphin (20.08.0) using Qt 5.14.2

- What I was doing when the application crashed: Crash in Dolphin when deleting several hundred files via rm -rf *

-- Backtrace (Reduced):
#4  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#5  0x00007f4ad7755859 in __GI_abort () at abort.c:79
[...]
#7  0x00007f4ad77c847c in malloc_printerr (str=str@entry=0x7f4ad78ec628 "double free or corruption (fasttop)") at malloc.c:5347
#8  0x00007f4ad77c9de5 in _int_free (av=0x7f4ad791bb80 <main_arena>, p=0x55e57cebebf0, have_lock=0) at malloc.c:4266
#9  0x00007f4ad766444e in KFileItemModel::removeItems(KItemRangeList const&, KFileItemModel::RemoveItemsBehavior) () from /usr/lib/x86_64-linux-gnu/libdolphinprivate.so.5
Comment 7 Christoph Feck 2020-09-08 10:51:50 UTC
*** Bug 426180 has been marked as a duplicate of this bug. ***
Comment 8 Christoph Feck 2020-09-08 10:52:12 UTC
*** Bug 425753 has been marked as a duplicate of this bug. ***
Comment 9 Christoph Feck 2020-09-08 10:52:43 UTC
*** Bug 424909 has been marked as a duplicate of this bug. ***
Comment 10 Christoph Feck 2020-09-16 02:30:33 UTC
Seems to be fixed with master of Dolphin/KIO.
Comment 11 Christoph Feck 2020-09-16 02:37:50 UTC
Nope, heavily expanding/collapsing deep on the HDD I still get the memory crash from KFileItemModel::removeItems().
Comment 12 Elvis Angelaccio 2020-09-18 16:50:07 UTC
@Cristoph: valgrind log?
Comment 13 Christoph Feck 2020-10-11 11:26:52 UTC
*** Bug 427535 has been marked as a duplicate of this bug. ***
Comment 14 Norbert Preining 2020-10-26 00:22:04 UTC
Created attachment 132742 [details]
valgrind output of double free crash of dolphin

I see a similar behavior (double free) with dolphin 20.08.2 on frameworks 5.75 when opening and closing a directory using the > sign in tree view, and the directory has lots of entries (in my case /usr/bin).

The stack trace is 
4  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#5  0x00007fc544b00537 in __GI_abort () at abort.c:79
#6  0x00007fc544b596c8 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7fc544c67e31 "%s\n") at ../sysdeps/posix/libc_fatal.c:155
#7  0x00007fc544b609ba in malloc_printerr (str=str@entry=0x7fc544c6a1a8 "double free or corruption (fasttop)") at malloc.c:5347
#8  0x00007fc544b61cb5 in _int_free (av=0x7fc544c99b80 <main_arena>, p=0x55812010e160, have_lock=0) at malloc.c:4266
#9  0x00007fc544a27959 in KFileItemModel::removeItems(KItemRangeList const&, KFileItemModel::RemoveItemsBehavior) () from /usr/lib/x86_64-linux-gnu/libdolphinprivate.so.5
#10 0x00007fc544a33146 in KFileItemModel::setExpanded(int, bool) () from /usr/lib/x86_64-linux-gnu/libdolphinprivate.so.5

I did run it with valgrind dolphin 2>&1 | tee valgrind.log and attach the output.
Comment 15 Norbert Preining 2020-10-26 00:25:17 UTC
PS: that is Debian/unstable running with qt 5.14 (from Debian), frameworks and dolphin compiled by me.
Comment 16 Christoph Feck 2020-11-05 05:11:58 UTC
*** Bug 427665 has been marked as a duplicate of this bug. ***
Comment 17 Nate Graham 2020-11-05 14:48:41 UTC
#11 0x00007f191ebbd43e in KFileItemModel::removeItems (behavior=KFileItemModel::DeleteItemData, itemRanges=..., this=0x55890bd31c00) at /usr/include/c++/9/bits/atomic_base.h:326
#12 KFileItemModel::removeItems (this=0x55890bd31c00, itemRanges=..., behavior=KFileItemModel::DeleteItemData) at /usr/src/debug/dolphin-20.07.70git.20200528T234223~7df39255a-ku.41.1.x86_64/src/kitemviews/kfileitemmodel.cpp:1281
Comment 18 Christoph Feck 2020-11-06 21:47:14 UTC
*** Bug 428770 has been marked as a duplicate of this bug. ***
Comment 19 Kai Krakow 2020-11-08 10:13:46 UTC
Following up on my original report https://bugs.kde.org/show_bug.cgi?id=428770:

When the problem occurs, I usually see every folder entry duplicated. I only observed that in folder tree mode when expanding the tree on a sub folder.
Comment 20 Elvis Angelaccio 2020-11-08 21:36:52 UTC
*** Bug 428735 has been marked as a duplicate of this bug. ***
Comment 21 Daniel Krawchuk 2020-11-10 23:57:11 UTC
Created attachment 133212 [details]
New crash information added by DrKonqi

dolphin (20.08.2) using Qt 5.15.1

- What I was doing when the application crashed: copying .jpgs from my Galaxy S8 to an NTFS partion.

-- Backtrace (Reduced):
#9  0x00007f2600388897 in QHashData::free_helper (this=0x564f61fdb290, node_delete=0x7f26023d2990 <QHash<QByteArray, QVariant>::deleteNode2(QHashData::Node*)>) at tools/qhash.cpp:573
#10 0x00007f26023da988 in QHash<QByteArray, QVariant>::freeData (x=<optimized out>, this=0x564f61f99d78) at /usr/include/qt5/QtCore/qhash.h:617
#11 QHash<QByteArray, QVariant>::~QHash (this=<optimized out>, this=<optimized out>) at /usr/include/qt5/QtCore/qhash.h:250
#12 QHash<QByteArray, QVariant>::~QHash (this=<optimized out>, this=<optimized out>) at /usr/include/qt5/QtCore/qhash.h:250
#13 KFileItemModel::ItemData::~ItemData (this=<optimized out>, this=<optimized out>) at /usr/src/debug/dolphin-20.08.2-1.1.x86_64/src/kitemviews/kfileitemmodel.h:298
Comment 22 Surej Prabhu 2020-11-16 09:03:28 UTC
Created attachment 133373 [details]
New crash information added by DrKonqi

dolphin (20.08.3) using Qt 5.15.1

- What I was doing when the application crashed:

I was browsing an open folder using Dolphin

-- Backtrace (Reduced):
#4  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#5  0x00007f9315bf8859 in __GI_abort () at abort.c:79
[...]
#7  0x00007f9315c6b47c in malloc_printerr (str=str@entry=0x7f9315d8f5d0 "free(): double free detected in tcache 2") at malloc.c:5347
#8  0x00007f9315c6d0ed in _int_free (av=0x7f9315dbeb80 <main_arena>, p=0x563317a84de0, have_lock=0) at malloc.c:4201
#9  0x00007f9315b11f8f in qDeleteAll<QList<KFileItemModel::ItemData*>::const_iterator> (end=..., begin=...) at /usr/include/c++/9/bits/atomic_base.h:326
Comment 23 Christoph Feck 2020-11-18 22:22:08 UTC
*** Bug 429318 has been marked as a duplicate of this bug. ***
Comment 24 Elvis Angelaccio 2020-11-18 23:00:05 UTC
*** Bug 429012 has been marked as a duplicate of this bug. ***
Comment 25 Siddhartha 2020-11-18 23:42:17 UTC
Created attachment 133446 [details]
double entries for some files and folders

A reliable way for me to reproduce this crash is to open `/usr` in Dolphin in details view mode, and then expanding the `bin` or `lib` folder. Trying to collapse the folder always seems to giving me a crash.

I noticed that some of the entries are duplicated, as shown in the screenshot, which must be related to this bug.

I also observed that navigating into `lib', then going back to `/usr` and expanding `lib` does not result in a crash anymore. I suspect that the bug has something to do with the sorting implementation when running in expanded tree mode.
Comment 26 Christoph Feck 2020-12-08 23:42:22 UTC
*** Bug 430170 has been marked as a duplicate of this bug. ***
Comment 27 Mister Ypsilon 2020-12-09 15:13:23 UTC
I bisected this bug down to the following commit:

ac234a9c55aed509b385ef03835a6d0f563e6a22 is the first bad commit
commit ac234a9c55aed509b385ef03835a6d0f563e6a22
Author: Méven Car <meven29@gmail.com>
Date:   Tue Apr 14 07:11:59 2020 +0200

    Allow to display UDS_RECURSIVE_SIZE in status bar
[...]

Reverting this commit on the 20.12 fixes the crash, as well as the duplicate entries (bug 426657)
Comment 28 Norbert Preining 2020-12-11 14:14:05 UTC
I can confirm that reverting ac234a9c55aed509b385ef03835a6d0f563e6a22 fixes the crashes for me!
Comment 29 Nate Graham 2020-12-11 15:40:54 UTC
Méven, could you take a look? Thanks!
Comment 30 Christoph Feck 2020-12-15 10:29:03 UTC
*** Bug 430407 has been marked as a duplicate of this bug. ***
Comment 31 Christoph Feck 2020-12-15 10:29:35 UTC
*** Bug 430283 has been marked as a duplicate of this bug. ***
Comment 32 Méven Car 2020-12-17 09:04:32 UTC
The bug was not introduced by https://invent.kde.org/system/dolphin/-/blob/ac234a9c55aed509b385ef03835a6d0f563e6a22/src/views/dolphinview.cpp, proof of that is that ac234a9c was not part of Dolphin 20.04 (https://invent.kde.org/system/dolphin/-/commits/v20.04.0) in then current TumbleWeed version when the bug was originally reported.

The bug was preexisting but the commit made it more likely because now slotItemDeleted can be called later because of the I/O added now delays slotItemDeleted. This should be happening more frequently on network filesystem for instance.

The bug origin is that KFileItemModel::slotItemDeleted called due to a KCoreDirLister event, can be called before KFileItemModel::setExpanded is finished running, causing slotItemDeleted trying to do a double free. Typical race condition.
There is a risk of removing the wrong items while fixing this.

Code mentions https://bugs.kde.org/show_bug.cgi?id=332102#c11 that experienced the same kind of issue.

This happens when you close an expanded folders whose content is being removed if I understand correctly.
I experienced it myself, but it is not trivial to reproduce.
Comment 33 Méven Car 2020-12-17 09:26:44 UTC
https://bugs.kde.org/show_bug.cgi?id=422282#c14
Has a great trace that experience the same bug in different condition, with the same bug origin.

We need some mutex around m_itemData is setExpanded removeItems addItems
Comment 34 Christoph Feck 2020-12-17 11:20:03 UTC
Note that this bug was reported for the unstable 20.07.70 version (master); the original reporter very likely had used the K:U:F repositories on Tumbleweed. I did also, and can confirm the regression was introduced in the master branch after 20.03.80 was branched, so never appeared in a 20.04.x release.
Comment 35 Christoph Feck 2020-12-17 12:56:43 UTC
*** Bug 430505 has been marked as a duplicate of this bug. ***
Comment 36 Christoph Feck 2020-12-17 12:57:09 UTC
*** Bug 430351 has been marked as a duplicate of this bug. ***
Comment 37 Christoph Feck 2020-12-29 09:38:28 UTC
*** Bug 430327 has been marked as a duplicate of this bug. ***
Comment 38 Christoph Feck 2020-12-29 10:23:34 UTC
Raising severity. This is the currently the most reported crash.
Comment 39 Christoph Feck 2020-12-29 10:23:46 UTC
*** Bug 428535 has been marked as a duplicate of this bug. ***
Comment 40 Christoph Feck 2020-12-29 10:23:59 UTC
*** Bug 426657 has been marked as a duplicate of this bug. ***
Comment 41 Christoph Feck 2020-12-31 11:06:58 UTC
*** Bug 430998 has been marked as a duplicate of this bug. ***
Comment 42 Christoph Feck 2020-12-31 11:08:18 UTC
*** Bug 430918 has been marked as a duplicate of this bug. ***
Comment 43 Christoph Feck 2021-01-01 20:15:26 UTC
*** Bug 431038 has been marked as a duplicate of this bug. ***
Comment 44 Christoph Feck 2021-01-04 09:17:20 UTC
*** Bug 431071 has been marked as a duplicate of this bug. ***
Comment 45 Christoph Feck 2021-01-05 11:59:46 UTC
Duplicates continue to pile up, and with 20.12.1 released in the coming days, I expect more users to update to 20.12. Raising priority.
Comment 46 Christoph Feck 2021-01-13 17:48:59 UTC
*** Bug 431536 has been marked as a duplicate of this bug. ***
Comment 47 Nate Graham 2021-01-19 15:14:58 UTC
*** Bug 431804 has been marked as a duplicate of this bug. ***
Comment 48 Nate Graham 2021-01-25 16:13:21 UTC
*** Bug 431980 has been marked as a duplicate of this bug. ***
Comment 49 Nate Graham 2021-01-26 18:24:42 UTC
*** Bug 432132 has been marked as a duplicate of this bug. ***
Comment 50 Nate Graham 2021-02-01 15:09:56 UTC
*** Bug 432346 has been marked as a duplicate of this bug. ***
Comment 51 Nate Graham 2021-02-03 01:45:21 UTC
*** Bug 432443 has been marked as a duplicate of this bug. ***
Comment 52 Henry Pfeil 2021-02-06 17:48:13 UTC
Kate Filesystem Browser does not exhibit this crash behavior. Does this suggest that the problem is within Dolphin code and not Frameworks or Qt?
Comment 53 Nate Graham 2021-02-06 17:55:39 UTC
Yes. Dolphin's view code is specific to Dolphin; Kate and the file dialogs use the shared KDirOperator library component.
Comment 54 Nate Graham 2021-02-06 21:40:23 UTC
*** Bug 432575 has been marked as a duplicate of this bug. ***
Comment 55 Mathias Panzenböck 2021-02-08 02:25:07 UTC
Created attachment 135497 [details]
New crash information added by DrKonqi

dolphin (20.12.1) using Qt 5.15.2

- What I was doing when the application crashed:

Deleted a folder on the command line. The folder wasn't big and I'm not 100% sure what exactly was open in Dolphin, if it was that folder or a super-folder of that folder. Could not reproduce when I tried, but again, maybe because I didn't recreate the state in Dolphin exactly.

-- Backtrace (Reduced):
#4  0x00007f6a2ad67020 in KFileItemModel::data(int) const () from /lib64/libdolphinprivate.so.5
#5  0x00007f6a2ada0dd8 in KStandardItemListWidgetInformant::preferredRoleColumnWidth(QByteArray const&, int, KItemListView const*) const () from /lib64/libdolphinprivate.so.5
#6  0x00007f6a2ad92deb in KItemListView::preferredColumnWidths(KItemRangeList const&) const () from /lib64/libdolphinprivate.so.5
#7  0x00007f6a2ad95a1b in KItemListView::updatePreferredColumnWidths(KItemRangeList const&) () from /lib64/libdolphinprivate.so.5
#8  0x00007f6a2ad95bc2 in KItemListView::updatePreferredColumnWidths() () from /lib64/libdolphinprivate.so.5
Comment 56 Henry Pfeil 2021-02-09 00:19:42 UTC
I solved this and related issues by using SDK/kdesrc-build to build a version of Dolphin based upon Qt 5.15.3.
`./kdesrc-build --stop-on-failure dolphin`
Tested in shell using ~/.config/kde-env-master.sh. Created a folder with 1,000 files. Could not replicate any of the crashes in my DrKonqi crash reports. No duplicate file entries, no F5 crash.
Comment 57 Felix Ernst 2021-02-10 14:50:05 UTC
(In reply to Méven Car from comment #32)
> The bug was not introduced by https://invent.kde.org/system/dolphin/-/blob/ac234a9c55aed509b385ef03835a6d0f563e6a22/src/views/dolphinview.cpp, […]
> […]
> The bug was preexisting but the commit made it more likely […]

Based on Méven's comment, the bug might now be partially mitigated because of https://invent.kde.org/system/dolphin/-/commit/a825e1bd74246dc97dde3f48b1d9ead7a214b744.
Comment 58 Henry Pfeil 2021-02-10 17:01:20 UTC
Problem resolved with current git clone of Dolphin.
Comment 59 Christoph Feck 2021-02-10 18:42:48 UTC
I can confirm it's fixed on master. Tree view with over 3000 files in a directory on a slow HDD with sorting by file type no longer shows duplicates or crashes when quickly collapsing and expanding. Great job, Felix!
Comment 60 Nate Graham 2021-02-10 20:51:12 UTC
Hooray! Let's call it fixed.
Comment 61 Felix Ernst 2021-02-10 22:42:52 UTC
Hooray!

(In reply to Christoph Feck from comment #59)

Thanks!
Comment 62 Nate Graham 2021-02-11 17:06:04 UTC
*** Bug 432805 has been marked as a duplicate of this bug. ***
Comment 63 Nate Graham 2021-02-11 17:06:33 UTC
*** Bug 432783 has been marked as a duplicate of this bug. ***
Comment 64 Casey 2021-02-27 07:43:38 UTC
On 2/10/21 11:01 AM, Henry Pfeil wrote:
> https://bugs.kde.org/show_bug.cgi?id=422282
>
> --- Comment #58 from Henry Pfeil <hpfeil@psnarf.org> ---
> Problem resolved with current git clone of Dolphin.
>
The problem is not resolved for me.

I'm running openSUSE Tumbleweed, Plasma 5.21.0, Frameworks 5.79.0, Qt 
5.15.2, kernel 5.16.1 and so on.


Application: Dolphin (dolphin), signal: Aborted

[KCrash Handler]
#4  0x00007f2c099ad495 in raise () from /lib64/libc.so.6
#5  0x00007f2c09996864 in abort () from /lib64/libc.so.6
#6  0x00007f2c099efd77 in __libc_message () from /lib64/libc.so.6
#7  0x00007f2c099f7a5c in malloc_printerr () from /lib64/libc.so.6
#8  0x00007f2c099f7e8c in munmap_chunk () from /lib64/libc.so.6
#9  0x00007f2c099fcb4b in free () from /lib64/libc.so.6
#10 0x00007f2c0782e917 in QHashData::free_helper(void 
(*)(QHashData::Node*)) () from /usr/lib64/libQt5Core.so.5
#11 0x00007f2c098bdf7c in KFileItemModel::slotClear() () from 
/usr/lib64/libdolphinprivate.so.5
#12 0x00007f2c09911b5d in DolphinView::setUrl(QUrl const&) () from 
/usr/lib64/libdolphinprivate.so.5
#13 0x00007f2c09ba6d57 in ?? () from /usr/lib64/libkdeinit5_dolphin.so
#14 0x00007f2c07a0b946 in ?? () from /usr/lib64/libQt5Core.so.5
#15 0x00007f2c097f7375 in KUrlNavigator::urlChanged(QUrl const&) () from 
/usr/lib64/libKF5KIOFileWidgets.so.5
#16 0x00007f2c097fe80c in KUrlNavigator::setLocationUrl(QUrl const&) () 
from /usr/lib64/libKF5KIOFileWidgets.so.5
#17 0x00007f2c09ba621c in ?? () from /usr/lib64/libkdeinit5_dolphin.so
#18 0x00007f2c09ba643b in ?? () from /usr/lib64/libkdeinit5_dolphin.so
#19 0x00007f2c07a0b946 in ?? () from /usr/lib64/libQt5Core.so.5
#20 0x00007f2c098a58b5 in DolphinView::itemActivated(KFileItem const&) 
() from /usr/lib64/libdolphinprivate.so.5
#21 0x00007f2c0990b5c3 in DolphinView::slotItemActivated(int) () from 
/usr/lib64/libdolphinprivate.so.5
#22 0x00007f2c07a0b946 in ?? () from /usr/lib64/libQt5Core.so.5
#23 0x00007f2c098a3cee in KItemListController::itemActivated(int) () 
from /usr/lib64/libdolphinprivate.so.5
#24 0x00007f2c098d72f5 in 
KItemListController::mouseDoubleClickEvent(QGraphicsSceneMouseEvent*, 
QTransform const&) () from /usr/lib64/libdolphinprivate.so.5
#25 0x00007f2c098dbc39 in KItemListController::processEvent(QEvent*, 
QTransform const&) () from /usr/lib64/libdolphinprivate.so.5
#26 0x00007f2c098dbd4d in KItemListView::event(QEvent*) () from 
/usr/lib64/libdolphinprivate.so.5
#27 0x00007f2c086454ff in QApplicationPrivate::notify_helper(QObject*, 
QEvent*) () from /usr/lib64/libQt5Widgets.so.5
#28 0x00007f2c079d532a in QCoreApplication::notifyInternal2(QObject*, 
QEvent*) () from /usr/lib64/libQt5Core.so.5
#29 0x00007f2c0895aa05 in ?? () from /usr/lib64/libQt5Widgets.so.5
#30 0x00007f2c0895ada1 in ?? () from /usr/lib64/libQt5Widgets.so.5
#31 0x00007f2c0896338a in ?? () from /usr/lib64/libQt5Widgets.so.5
#32 0x00007f2c0896d167 in QGraphicsScene::event(QEvent*) () from 
/usr/lib64/libQt5Widgets.so.5
#33 0x00007f2c086454ff in QApplicationPrivate::notify_helper(QObject*, 
QEvent*) () from /usr/lib64/libQt5Widgets.so.5
#34 0x00007f2c079d532a in QCoreApplication::notifyInternal2(QObject*, 
QEvent*) () from /usr/lib64/libQt5Core.so.5
#35 0x00007f2c089891d7 in 
QGraphicsView::mouseDoubleClickEvent(QMouseEvent*) () from 
/usr/lib64/libQt5Widgets.so.5
#36 0x00007f2c08685cb1 in QWidget::event(QEvent*) () from 
/usr/lib64/libQt5Widgets.so.5
#37 0x00007f2c0872d9be in QFrame::event(QEvent*) () from 
/usr/lib64/libQt5Widgets.so.5
#38 0x00007f2c079d5093 in 
QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, 
QEvent*) () from /usr/lib64/libQt5Core.so.5
#39 0x00007f2c086454ee in QApplicationPrivate::notify_helper(QObject*, 
QEvent*) () from /usr/lib64/libQt5Widgets.so.5
#40 0x00007f2c0864c3eb in QApplication::notify(QObject*, QEvent*) () 
from /usr/lib64/libQt5Widgets.so.5
#41 0x00007f2c079d532a in QCoreApplication::notifyInternal2(QObject*, 
QEvent*) () from /usr/lib64/libQt5Core.so.5
#42 0x00007f2c0864b416 in QApplicationPrivate::sendMouseEvent(QWidget*, 
QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&, bool, 
bool) () from /usr/lib64/libQt5Widgets.so.5
#43 0x00007f2c0869d3b1 in ?? () from /usr/lib64/libQt5Widgets.so.5
#44 0x00007f2c086a08be in ?? () from /usr/lib64/libQt5Widgets.so.5
#45 0x00007f2c086454ff in QApplicationPrivate::notify_helper(QObject*, 
QEvent*) () from /usr/lib64/libQt5Widgets.so.5
#46 0x00007f2c079d532a in QCoreApplication::notifyInternal2(QObject*, 
QEvent*) () from /usr/lib64/libQt5Core.so.5
#47 0x00007f2c07f00eac in 
QGuiApplicationPrivate::processMouseEvent(QWindowSystemInterfacePrivate::MouseEvent*) 
() from /usr/lib64/libQt5Gui.so.5
#48 0x00007f2c07ed6c5c in 
QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>) 
() from /usr/lib64/libQt5Gui.so.5
#49 0x00007f2c02a68faa in ?? () from /usr/lib64/libQt5XcbQpa.so.5
#50 0x00007f2c057abf57 in g_main_context_dispatch () from 
/usr/lib64/libglib-2.0.so.0
#51 0x00007f2c057ac2d8 in ?? () from /usr/lib64/libglib-2.0.so.0
#52 0x00007f2c057ac38f in g_main_context_iteration () from 
/usr/lib64/libglib-2.0.so.0
#53 0x00007f2c07a2c8bf in 
QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) 
() from /usr/lib64/libQt5Core.so.5
#54 0x00007f2c079d3ceb in 
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from 
/usr/lib64/libQt5Core.so.5
#55 0x00007f2c079dbf60 in QCoreApplication::exec() () from 
/usr/lib64/libQt5Core.so.5
#56 0x00007f2c09b93159 in kdemain () from /usr/lib64/libkdeinit5_dolphin.so
#57 0x00007f2c09997b25 in __libc_start_main () from /lib64/libc.so.6
#58 0x00005637b18fc08e in _start ()
[Inferior 1 (process 21830) detached]
Comment 65 Nate Graham 2021-03-02 18:24:16 UTC
*** Bug 433684 has been marked as a duplicate of this bug. ***
Comment 66 Nate Graham 2021-03-15 14:39:39 UTC
*** Bug 434435 has been marked as a duplicate of this bug. ***
Comment 67 Nate Graham 2021-03-15 14:51:28 UTC
*** Bug 434413 has been marked as a duplicate of this bug. ***
Comment 68 Nate Graham 2021-03-15 19:07:11 UTC
*** Bug 434456 has been marked as a duplicate of this bug. ***
Comment 69 Nate Graham 2021-03-30 19:51:29 UTC
*** Bug 435159 has been marked as a duplicate of this bug. ***
Comment 70 Nate Graham 2021-04-01 18:21:06 UTC
*** Bug 435057 has been marked as a duplicate of this bug. ***
Comment 71 David Edmundson 2021-04-05 12:18:53 UTC
>The problem is not resolved for me.

That trace is very different, please create a new bug
Comment 72 Nate Graham 2021-04-12 15:26:02 UTC
*** Bug 435565 has been marked as a duplicate of this bug. ***
Comment 73 Nate Graham 2021-04-25 13:55:53 UTC
*** Bug 436126 has been marked as a duplicate of this bug. ***
Comment 74 Nate Graham 2021-05-03 16:38:05 UTC
*** Bug 436494 has been marked as a duplicate of this bug. ***
Comment 75 Mihai Sorin Dobrescu 2021-06-20 13:05:47 UTC
Created attachment 139539 [details]
New crash information added by DrKonqi

dolphin (20.12.3) using Qt 5.15.2

- What I was doing when the application crashed:
Expand a tree node, then collapse in Dolphin. Today happens on regular basis.

-- Backtrace (Reduced):
#9  0x00007fd671728067 in QHashData::free_helper(void (*)(QHashData::Node*)) () from /usr/lib64/libQt5Core.so.5
#10 0x00007fd67380bb05 in KFileItemModel::removeItems(KItemRangeList const&, KFileItemModel::RemoveItemsBehavior) () from /usr/lib64/libdolphinprivate.so.5
#11 0x00007fd67381849c in KFileItemModel::setExpanded(int, bool) () from /usr/lib64/libdolphinprivate.so.5
#12 0x00007fd67382c321 in KItemListController::keyPressEvent(QKeyEvent*) () from /usr/lib64/libdolphinprivate.so.5
#13 0x00007fd67382ec35 in KItemListController::processEvent(QEvent*, QTransform const&) () from /usr/lib64/libdolphinprivate.so.5
Comment 76 Akseli Lahtinen 2023-12-05 13:57:52 UTC
*** Bug 432268 has been marked as a duplicate of this bug. ***