Bug 432443

Summary: Dolphin: repeatable crash
Product: [Applications] dolphin Reporter: Henry Pfeil <hpfeil>
Component: generalAssignee: Dolphin Bug Assignee <dolphin-bugs-null>
Status: RESOLVED FIXED    
Severity: crash CC: kfm-devel, nate
Priority: NOR Keywords: drkonqi
Version: 20.12.1   
Target Milestone: ---   
Platform: Compiled Sources   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Henry Pfeil 2021-02-03 00:50:04 UTC 
Application: dolphin (20.12.1)
 (Compiled from sources)
Qt Version: 5.15.2
Frameworks Version: 5.78.0
Operating System: Linux 5.10.12 x86_64
Windowing system: X11
Distribution: Slackware 14.2 x86_64 (post 14.2 -current)

-- Information about the crash:
- What I was doing when the application crashed:
Open or delete a 35Mb text file in a directory of 450+ png files

- Unusual behavior I noticed:
The text file appears twice in Details mode. Right-click-Select either one, choose Open in Kate or Move to Trash. Dolphin crashes

KDE Plasma: 5.20.5
KDE Frameworks: 5.78.0
Qt: 5.15.2
Kernel: 5.10.12 x86_64
CPU: Ryzen 7 1700
RAM: 15.6 Gb
GPU: Radeon RX550

The crash can be reproduced every time.

-- Backtrace:
Application: Dolphin (dolphin), signal: Segmentation fault

[KCrash Handler]
#4  QHash<QByteArray, QVariant>::isEmpty (this=0x173c698) at /usr/include/qt5/QtCore/qhash.h:285
#5  0x00007f07b98406e5 in KFileItemModel::data (this=0xdddfa0, index=90) at /home/hpfeil/Downloads/dolphin-v20.12.1/src/kitemviews/kfileitemmodel.cpp:148
#6  0x00007f07b98a1bd8 in KStandardItemListWidgetInformant::preferredRoleColumnWidth (this=0x1244ab0, role=..., index=90, view=0x1219c20) at /home/hpfeil/Downloads/dolphin-v20.12.1/src/kitemviews/kstandarditemlistwidget.cpp:63
#7  0x00007f07b98ce72a in KItemListWidgetCreator<DolphinFileItemListWidget>::preferredRoleColumnWidth (this=0x126fa60, role=..., index=90, view=0x1219c20) at /home/hpfeil/Downloads/dolphin-v20.12.1/src/kitemviews/kitemlistview.h:859
#8  0x00007f07b988bad7 in KItemListView::preferredColumnWidths (this=0x1219c20, itemRanges=...) at /home/hpfeil/Downloads/dolphin-v20.12.1/src/kitemviews/kitemlistview.cpp:2221
#9  0x00007f07b988be91 in KItemListView::updatePreferredColumnWidths (this=0x1219c20, itemRanges=...) at /home/hpfeil/Downloads/dolphin-v20.12.1/src/kitemviews/kitemlistview.cpp:2276
#10 0x00007f07b988c134 in KItemListView::updatePreferredColumnWidths (this=0x1219c20) at /home/hpfeil/Downloads/dolphin-v20.12.1/src/kitemviews/kitemlistview.cpp:2315
#11 0x00007f07b9886edc in KItemListView::slotItemsRemoved (this=0x1219c20, itemRanges=...) at /home/hpfeil/Downloads/dolphin-v20.12.1/src/kitemviews/kitemlistview.cpp:1130
#12 0x00007f07b983b50b in KFileItemListView::slotItemsRemoved (this=0x1219c20, itemRanges=...) at /home/hpfeil/Downloads/dolphin-v20.12.1/src/kitemviews/kfileitemlistview.cpp:339
#13 0x00007f07b9896445 in QtPrivate::FunctorCall<QtPrivate::IndexesList<0>, QtPrivate::List<KItemRangeList const&>, void, void (KItemListView::*)(KItemRangeList const&)>::call (f=&virtual table offset 536, o=0x1219c20, arg=0x7ffdcdebab40) at /usr/include/qt5/QtCore/qobjectdefs_impl.h:152
#14 0x00007f07b9895732 in QtPrivate::FunctionPointer<void (KItemListView::*)(KItemRangeList const&)>::call<QtPrivate::List<KItemRangeList const&>, void> (f=&virtual table offset 536, o=0x1219c20, arg=0x7ffdcdebab40) at /usr/include/qt5/QtCore/qobjectdefs_impl.h:185
#15 0x00007f07b989469a in QtPrivate::QSlotObject<void (KItemListView::*)(KItemRangeList const&), QtPrivate::List<KItemRangeList const&>, void>::impl (which=1, this_=0x121de20, r=0x1219c20, a=0x7ffdcdebab40, ret=0x0) at /usr/include/qt5/QtCore/qobjectdefs_impl.h:418
#16 0x00007f07b77fa813 in ?? () from /usr/lib64/libQt5Core.so.5
#17 0x00007f07b982b571 in KItemModelBase::itemsRemoved (this=0xdddfa0, _t1=...) at /home/hpfeil/Downloads/dolphin-v20.12.1/build/src/dolphinprivate_autogen/Z3MQH7AOBD/moc_kitemmodelbase.cpp:253
#18 0x00007f07b9845e17 in KFileItemModel::removeItems (this=0xdddfa0, itemRanges=..., behavior=KFileItemModel::DeleteItemData) at /home/hpfeil/Downloads/dolphin-v20.12.1/src/kitemviews/kfileitemmodel.cpp:1319
#19 0x00007f07b9844efc in KFileItemModel::slotItemsDeleted (this=0xdddfa0, items=...) at /home/hpfeil/Downloads/dolphin-v20.12.1/src/kitemviews/kfileitemmodel.cpp:1059
#20 0x00007f07b9862ba6 in QtPrivate::FunctorCall<QtPrivate::IndexesList<0>, QtPrivate::List<KFileItemList const&>, void, void (KFileItemModel::*)(KFileItemList const&)>::call (f=(void (KFileItemModel::*)(KFileItemModel * const, const KFileItemList &)) 0x7f07b9844a90 <KFileItemModel::slotItemsDeleted(KFileItemList const&)>, o=0xdddfa0, arg=0x7ffdcdebae80) at /usr/include/qt5/QtCore/qobjectdefs_impl.h:152
#21 0x00007f07b986081a in QtPrivate::FunctionPointer<void (KFileItemModel::*)(KFileItemList const&)>::call<QtPrivate::List<KFileItemList const&>, void> (f=(void (KFileItemModel::*)(KFileItemModel * const, const KFileItemList &)) 0x7f07b9844a90 <KFileItemModel::slotItemsDeleted(KFileItemList const&)>, o=0xdddfa0, arg=0x7ffdcdebae80) at /usr/include/qt5/QtCore/qobjectdefs_impl.h:185
#22 0x00007f07b985d47a in QtPrivate::QSlotObject<void (KFileItemModel::*)(KFileItemList const&), QtPrivate::List<KFileItemList const&>, void>::impl (which=1, this_=0x1218c40, r=0xdddfa0, a=0x7ffdcdebae80, ret=0x0) at /usr/include/qt5/QtCore/qobjectdefs_impl.h:418
#23 0x00007f07b77fa813 in ?? () from /usr/lib64/libQt5Core.so.5
#24 0x00007f07b8fcadf5 in KCoreDirLister::itemsDeleted(KFileItemList const&) () from /usr/lib64/libKF5KIOCore.so.5
#25 0x00007f07b8fce150 in ?? () from /usr/lib64/libKF5KIOCore.so.5
#26 0x00007f07b8fde573 in ?? () from /usr/lib64/libKF5KIOCore.so.5
#27 0x00007f07b8fdefb4 in ?? () from /usr/lib64/libKF5KIOCore.so.5
#28 0x00007f07b8fdf724 in ?? () from /usr/lib64/libKF5KIOCore.so.5
#29 0x00007f07b77fa813 in ?? () from /usr/lib64/libQt5Core.so.5
#30 0x00007f07b8f3cc05 in OrgKdeKDirNotifyInterface::FilesRemoved(QStringList const&) () from /usr/lib64/libKF5KIOCore.so.5
#31 0x00007f07b8f3de43 in OrgKdeKDirNotifyInterface::qt_metacall(QMetaObject::Call, int, void**) () from /usr/lib64/libKF5KIOCore.so.5
#32 0x00007f07b892daf9 in ?? () from /usr/lib64/libQt5DBus.so.5
#33 0x00007f07b77f0931 in QObject::event(QEvent*) () from /usr/lib64/libQt5Core.so.5
#34 0x00007f07b838026f in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib64/libQt5Widgets.so.5
#35 0x00007f07b77c634a in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /usr/lib64/libQt5Core.so.5
#36 0x00007f07b77c8b01 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /usr/lib64/libQt5Core.so.5
#37 0x00007f07b781ab13 in ?? () from /usr/lib64/libQt5Core.so.5
#38 0x00007f07b3e375fb in g_main_context_dispatch () from /usr/lib64/libglib-2.0.so.0
#39 0x00007f07b3e37878 in ?? () from /usr/lib64/libglib-2.0.so.0
#40 0x00007f07b3e3791f in g_main_context_iteration () from /usr/lib64/libglib-2.0.so.0
#41 0x00007f07b781a1ff in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib64/libQt5Core.so.5
#42 0x00007f07b77c4e8b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib64/libQt5Core.so.5
#43 0x00007f07b77ccaac in QCoreApplication::exec() () from /usr/lib64/libQt5Core.so.5
#44 0x00007f07b99ead14 in kdemain (argc=1, argv=0x7ffdcdebbd98) at /home/hpfeil/Downloads/dolphin-v20.12.1/src/main.cpp:222
#45 0x0000000000401154 in main (argc=1, argv=0x7ffdcdebbd98) at /home/hpfeil/Downloads/dolphin-v20.12.1/build/src/dolphin_dummy.cpp:3
[Inferior 1 (process 27461) detached]

The reporter indicates this bug may be a duplicate of or related to bug 422282.

Possible duplicates by query: bug 432346, bug 429854, bug 416715.

Reported using DrKonqi
Comment 1 Henry Pfeil 2021-02-03 00:58:55 UTC 
An aac file in the same folder also appears twice, duplicate entries in Details mode. However I'm able to open either one in vlc. I created a text file, it appeared in the folder only once. Moved to Trash no problem. However, when I double-clicked the folder name to make it the top of the file tree, crash. New Dolphin instance, now the text file appears twice. Moved to Trash one of them, crash.
Comment 2 Nate Graham 2021-02-03 01:45:21 UTC 

*** This bug has been marked as a duplicate of bug 422282 ***
Comment 3 Henry Pfeil 2021-02-03 03:17:59 UTC 
This is not a dolphin issue. I went back to v20.08.0, same issue.
Comment 4 Nate Graham 2021-02-03 04:23:52 UTC 
It is Bug 422282, which is a Dolphin issue and was present in version 20.08 too.
Comment 5 Henry Pfeil 2021-02-03 16:57:17 UTC 
I am now unable to replicate this crash after upgrading to kfilemetadata-5.78.0.

ldd /usr/bin/dolphin reveals /usr/lib64/libKF5FileMetaData.so.3 which is a soft link to /usr/lib64/libKF5FileMetaData.so.5.78.0.

I intend to revert to the previous version of kfilemetadata to verify that this upgrade fixed the crashes so you can close this issue.
Comment 6 Henry Pfeil 2021-02-03 17:34:54 UTC 
Nevermind. Dolphin crashes in Details mode with the 450+ directory open simply by F5 refresh. KfileMetadata update removed some, but not all of the duplicate entries (the aac file is now the only duplicate). Scrolling down so the last dozen files are in view, then F5 = crash. These are png image files extracted from an mp4 using ffmpeg named fu-%03d.png (fu{1..453}.png) plus one aac file. I do not know how many files a folder has to contain before things go boom. That may be something to explore next.

[Retired systems analyst, exploring which criteria cause the crashes without examining any code]
Comment 7 Henry Pfeil 2021-02-03 18:23:08 UTC 
The magic number appears to be 400 files, for reasons which I cannot explain.
Starting dolphin from konsole:
 double free or corruption (out)

KCrash: crashing... crashRecursionCounter = 2
KCrash: Application Name = dolphin path = /usr/bin pid = 21715
KCrash: Arguments: /usr/bin/dolphin
KCrash: Attempting to start /usr/lib64/drkonqi

[1]+  Alarm clock             dolphin

Test Method:
Copy 200 of the 450 files to /dev/shm
Open Dolphin on the directory, split with /dev/shm in the other half.
Move ten files at a time from /dev/shm to the test folder.
After each move, open another instance of dolphin, navigate to the test folder and press F5 refresh.
Results:
Up to 399 files in the test folder - no crash, no duplicate files.
400 files ==> duplicate aac file and crash upon deleting one of the duplicates or F5 refresh.

Meanwhile in the monitor instance, adding files to the test folder has no effect. I moved a total of 900 files into the open test folder no problem. The crash behavior only appears upon launching a new instance of dolphin and opening the test folder, not upon adding more files to an already open folder in dolphin.
Here's hoping this information may isolate the faulty code.
Comment 8 Henry Pfeil 2021-02-03 21:53:47 UTC 
valgrind --leak-check=full --verbose /usr/bin/dolphin
==1087== ERROR SUMMARY: 117610 errors from 1459 contexts 

If I had inherited such a project, I'd consider starting over. Just sayin'. Many of those errors are from "Conditional jump or move depends on uninitialised value(s)".
A full analysis requires rebuilding Qt and KDE with debug symbols, which sounds a lot like work to me. A repeatable crash just opening a directory full of 400+ files is not something easily ignored. An unanticipated congruence of unlikely events suggests a boundary condition violation somewhere.
Comment 9 Henry Pfeil 2021-02-04 22:24:12 UTC 
I'll go away now. Most of those valgrind errors are not related to Dolphin.
"Conditional jump or move depends on uninitialised value(s)" are from Qt. I've cast a weary eye at Qt ever since Cube Desktop Animation stopped switching virtual desktops by left-click/swipe on the desktop (Qt 5.13?).
Comment 10 Henry Pfeil 2021-02-10 17:03:19 UTC 
Built dolphin from git clone this date against qt5.15.2. Cannot replicate any of the crashes reported herein.