Bug 452527

Summary: Dolphin crashes after closing it by clicking the Close Tab option in KCommandBar
Product: [Frameworks and Libraries] frameworks-kconfigwidgets Reporter: Anael <anael>
Component: generalAssignee: kdelibs bugs <kdelibs-bugs>
Status: RESOLVED FIXED    
Severity: crash CC: a.samirh78, felixernst, kfm-devel, nate
Priority: NOR Keywords: drkonqi
Version: 5.91.0   
Target Milestone: ---   
Platform: Arch Linux   
OS: Linux   
Latest Commit: https://invent.kde.org/frameworks/kconfigwidgets/commit/556f3b719ddecbf01eacaa286ce609e8322ed870 Version Fixed In: 5.94
Sentry Crash Report:

Description Anael 2022-04-11 23:04:12 UTC 
Application: dolphin (21.12.3)

Qt Version: 5.15.3
Frameworks Version: 5.92.0
Operating System: Linux 5.17.1-arch1-1 x86_64
Windowing System: Wayland
Distribution: "Arch Linux"
DrKonqi: 5.24.4 [KCrashBackend]

-- Information about the crash:
- What I was doing when the application crashed:
I closed Dolphin using the Close Tab option in KCommandBar.
I got Dolphin crashed on both X11 and Wayland.

- Steps to reproduce:
1. Open Dolphin.
2. Launch KCommandBar by pressing Ctrl+Alt+I
3. Click on the 'Dolphin: Close Tab' option. (Dolphin won't crash by pressing the key binding Ctrl+W)
After selecting that option in KCommandBar, Dolphin will actually crash instead of just closing.

The crash can be reproduced every time.

-- Backtrace:
Application: Dolphin (dolphin), signal: Segmentation fault
Content of s_kcrashErrorMessage: {_M_t = {<std::__uniq_ptr_impl<char, std::default_delete<char []> >> = {_M_t = std::tuple containing = {[1] = 0x0, [2] = {<No data fields>}}}, <No data fields>}}
[KCrash Handler]
#6  std::__uniq_ptr_impl<QWExtra, std::default_delete<QWExtra> >::_M_ptr (this=<optimized out>, this=<optimized out>) at /usr/include/c++/11.2.0/bits/unique_ptr.h:173
#7  std::unique_ptr<QWExtra, std::default_delete<QWExtra> >::get (this=<optimized out>, this=<optimized out>) at /usr/include/c++/11.2.0/bits/unique_ptr.h:422
#8  std::unique_ptr<QWExtra, std::default_delete<QWExtra> >::operator bool (this=<optimized out>, this=<optimized out>) at /usr/include/c++/11.2.0/bits/unique_ptr.h:436
#9  QWidget::hasFocus (this=0x457a043e6cafebf3) at kernel/qwidget.cpp:6237
#10 0x00007f5125170073 in QLineEditPrivate::resetInputMethod (this=0x55ee8ec0a5d0, this=0x55ee8ec0a5d0) at widgets/qlineedit_p.cpp:290
#11 QLineEdit::clear (this=<optimized out>) at widgets/qlineedit.cpp:1341
#12 0x00007f5125af2eb6 in KCommandBarPrivate::clearLineEdit (this=<optimized out>) at /usr/src/debug/kconfigwidgets-5.92.0/src/kcommandbar.cpp:428
#13 KCommandBar::eventFilter (this=0x7ffc117a41a0, obj=<optimized out>, event=0x7ffc117a3f40) at /usr/src/debug/kconfigwidgets-5.92.0/src/kcommandbar.cpp:657
#14 0x00007f51245bc32a in QCoreApplicationPrivate::sendThroughObjectEventFilters (event=<optimized out>, receiver=<optimized out>) at kernel/qcoreapplication.cpp:1190
#15 QCoreApplicationPrivate::sendThroughObjectEventFilters (receiver=receiver@entry=0x55ee8eda8470, event=event@entry=0x7ffc117a3f40) at kernel/qcoreapplication.cpp:1179
#16 0x00007f51250351b5 in QApplicationPrivate::notify_helper (this=<optimized out>, receiver=0x55ee8eda8470, e=0x7ffc117a3f40) at kernel/qapplication.cpp:3631
#17 0x00007f51245bd5aa in QCoreApplication::notifyInternal2 (receiver=0x55ee8eda8470, event=0x7ffc117a3f40) at kernel/qcoreapplication.cpp:1064
#18 0x00007f51250310bf in QApplicationPrivate::setFocusWidget (reason=<optimized out>, focus=<optimized out>) at kernel/qapplication.cpp:1719
#19 QApplicationPrivate::setFocusWidget (focus=0x0, reason=Qt::OtherFocusReason) at kernel/qapplication.cpp:1680
#20 0x00007f5125065270 in QWidget::clearFocus (this=0x55ee8eda8470) at kernel/qwidget.cpp:6505
#21 0x00007f51250578d9 in QWidget::~QWidget (this=<optimized out>, this=<optimized out>) at kernel/qwidget.cpp:1459
#22 0x00007f5125af7333 in KCommandBarPrivate::~KCommandBarPrivate (this=<optimized out>, this=<optimized out>) at /usr/src/debug/kconfigwidgets-5.92.0/src/kcommandbar.cpp:404
#23 std::default_delete<KCommandBarPrivate>::operator() (this=<optimized out>, __ptr=0x55ee8eda8470) at /usr/include/c++/11.2.0/bits/unique_ptr.h:85
#24 std::default_delete<KCommandBarPrivate>::operator() (__ptr=0x55ee8eda8470, this=<optimized out>) at /usr/include/c++/11.2.0/bits/unique_ptr.h:79
#25 std::unique_ptr<KCommandBarPrivate, std::default_delete<KCommandBarPrivate> >::~unique_ptr (this=<optimized out>, this=<optimized out>) at /usr/include/c++/11.2.0/bits/unique_ptr.h:361
#26 KCommandBar::~KCommandBar (this=<optimized out>, this=<optimized out>) at /usr/src/debug/kconfigwidgets-5.92.0/src/kcommandbar.cpp:614
#27 0x00007f5125c39a32 in operator() (__closure=<optimized out>) at /usr/include/c++/11.2.0/bits/allocator.h:186
#28 QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, KXmlGuiWindow::KXmlGuiWindow(QWidget*, Qt::WindowFlags)::<lambda()> >::call (arg=<optimized out>, f=...) at /usr/include/qt/QtCore/qobjectdefs_impl.h:146
#29 QtPrivate::Functor<KXmlGuiWindow::KXmlGuiWindow(QWidget*, Qt::WindowFlags)::<lambda()>, 0>::call<QtPrivate::List<>, void> (arg=<optimized out>, f=...) at /usr/include/qt/QtCore/qobjectdefs_impl.h:256
#30 QtPrivate::QFunctorSlotObject<KXmlGuiWindow::KXmlGuiWindow(QWidget*, Qt::WindowFlags)::<lambda()>, 0, QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase *, QObject *, void **, bool *) (which=<optimized out>, this_=<optimized out>, r=<optimized out>, a=<optimized out>, ret=<optimized out>) at /usr/include/qt/QtCore/qobjectdefs_impl.h:443
#31 0x00007f51245ee463 in QtPrivate::QSlotObjectBase::call (a=<optimized out>, r=<optimized out>, this=<optimized out>, this=<optimized out>, r=<optimized out>, a=<optimized out>) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#32 doActivate<false> (sender=0x55ee8e5b10b0, signal_index=4, argv=0x7ffc117a4300) at kernel/qobject.cpp:3886
#33 0x00007f5125028417 in QAction::triggered (this=this@entry=0x55ee8e5b10b0, _t1=<optimized out>) at .moc/moc_qaction.cpp:376
#34 0x00007f512502dee0 in QAction::activate (this=0x55ee8e5b10b0, event=<optimized out>) at kernel/qaction.cpp:1161
#35 0x00007f512502dfc0 in QAction::event (e=<optimized out>, this=<optimized out>) at kernel/qaction.cpp:1086
#36 QAction::event (this=<optimized out>, e=<optimized out>) at kernel/qaction.cpp:1075
#37 0x00007f51250351c6 in QApplicationPrivate::notify_helper (this=<optimized out>, receiver=0x55ee8e5b10b0, e=0x7ffc117a44b0) at kernel/qapplication.cpp:3637
#38 0x00007f51245bd5aa in QCoreApplication::notifyInternal2 (receiver=0x55ee8e5b10b0, event=0x7ffc117a44b0) at kernel/qcoreapplication.cpp:1064
#39 0x00007f51249c7705 in QShortcutMap::dispatchEvent (this=<optimized out>, e=<optimized out>) at kernel/qshortcutmap.cpp:675
#40 0x00007f51249bde03 in QShortcutMap::tryShortcut (this=0x55ee8e4fa3c8, e=0x7ffc117a4570) at kernel/qshortcutmap.cpp:343
#41 0x00007f512497f1a0 in QWindowSystemInterface::handleShortcutEvent (window=0x7ffc117a4570, timestamp=2942339, keyCode=73, modifiers=..., nativeScanCode=31, nativeVirtualKey=105, nativeModifiers=28, text=..., autorepeat=false, count=1) at kernel/qwindowsysteminterface.cpp:477
#42 0x00007f5124992db0 in QGuiApplicationPrivate::processKeyEvent (e=0x55ee8ecd2d60) at kernel/qguiapplication.cpp:2395
#43 0x00007f512497d6e5 in QWindowSystemInterface::sendWindowSystemEvents (flags=...) at kernel/qwindowsysteminterface.cpp:1169
#44 0x00007f5121d3ec25 in userEventSourceDispatch(_GSource*, int (*)(void*), void*) () from /usr/lib/libQt5WaylandClient.so.5
#45 0x00007f5122299163 in g_main_dispatch (context=0x55ee8e538390) at ../glib/glib/gmain.c:3417
#46 g_main_context_dispatch (context=0x55ee8e538390) at ../glib/glib/gmain.c:4135
#47 0x00007f51222ef9e9 in g_main_context_iterate.constprop.0 (context=context@entry=0x55ee8e538390, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/glib/gmain.c:4211
#48 0x00007f51222966c5 in g_main_context_iteration (context=0x55ee8e538390, may_block=1) at ../glib/glib/gmain.c:4276
#49 0x00007f512460957a in QEventDispatcherGlib::processEvents (this=0x55ee8e5387b0, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#50 0x00007f51245b588b in QEventLoop::exec (this=0x7ffc117a4910, flags=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:69
#51 0x00007f51245c0fd7 in QCoreApplication::exec () at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#52 0x00007f512498d432 in QGuiApplication::exec () at kernel/qguiapplication.cpp:1867
#53 0x00007f512503354a in QApplication::exec () at kernel/qapplication.cpp:2829
#54 0x000055ee8d7cb0c1 in main (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/dolphin-21.12.3/src/main.cpp:230
[Inferior 1 (process 4333) detached]

Possible duplicates by query: bug 452138, bug 452100, bug 451540, bug 451474, bug 451050.

Reported using DrKonqi
Comment 1 Anael 2022-04-13 18:01:07 UTC 
It also happens when closing Dolphin clicking on the 'Dolphin: Quit' option.
Comment 2 Felix Ernst 2022-04-14 10:46:40 UTC 
Can confirm not only for Dolphin but also for Gwenview.

A Dolphin-specific merge request was started by the bug reporter themself: https://invent.kde.org/system/dolphin/-/merge_requests/377

Moving this report from Dolphin to KConfigWidgets.
Comment 4 Ahmad Samir 2022-05-05 09:47:11 UTC 
Git commit 556f3b719ddecbf01eacaa286ce609e8322ed870 by Ahmad Samir.
Committed on 05/05/2022 at 09:41.
Pushed by ahmadsamir into branch 'master'.

KCommandBar: remove installed event filter in destructor

- Start Dolphin, Ctrl+Alt+I to invoked the KCommandBar
- Click "Close tab" (crash doesn't happen when you press Enter)
- Dolphin is being closed, KCommandBar is being torn down
- The eventFilter() tries to access d, which already have been destroyed
  down, which causes Dolphin to segfault and crash

This similar to the issue described here:
https://blogs.kde.org/2021/02/20/uniqueptr-difference-between-libstdc-and-libc-crashes-your-application

The gist of it is, always remove all installed event filters on child
widgets of the private class in the public class's desructor.
FIXED-IN: 5.94

M  +7    -0    src/kcommandbar.cpp

https://invent.kde.org/frameworks/kconfigwidgets/commit/556f3b719ddecbf01eacaa286ce609e8322ed870