Bug 463304

Summary: Crash when deleting file/folder
Product: [Applications] filelight Reporter: QeMXA2JNeU.bugs.kde.org
Component: generalAssignee: Unassigned bugs mailing-list <unassigned-bugs>
Status: RESOLVED FIXED    
Severity: crash CC: martin.sandsmark, sitter
Priority: NOR    
Version: 22.12.0   
Target Milestone: ---   
Platform: Arch Linux   
OS: Linux   
Latest Commit: https://invent.kde.org/utilities/filelight/commit/b5b77ffc7e784ff2fed662fadba060e10451b569 Version Fixed In:
Sentry Crash Report:

Description QeMXA2JNeU.bugs.kde.org 2022-12-21 12:39:20 UTC 
SUMMARY
When deleting a file and confirming the dialog, the application crashes, but the file got deleted successfully.

STEPS TO REPRODUCE
1. Run filelight and scan any directory with files
2. Delete any file
3. Confirm delete-dialog

OBSERVED RESULT
Segfault Crash

EXPECTED RESULT
No crash / Rescan folder

SOFTWARE/OS VERSIONS
KDE Plasma Version: 5.26.4
KDE Frameworks Version: 5.101.0
Qt Version: 5.15.7

ADDITIONAL INFORMATION
$ valgrind --log-file=filelight.log filelight Downloads

filelight.log
----------------
==39376== Memcheck, a memory error detector
==39376== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al.
==39376== Using Valgrind-3.19.0 and LibVEX; rerun with -h for copyright info
==39376== Command: filelight Downloads
==39376== Parent PID: 18814
==39376== 
==39376== Conditional jump or move depends on uninitialised value(s)
==39376==    at 0x5CDB7B1: UnknownInlinedFun (stl_algobase.h:1463)
==39376==    by 0x5CDB7B1: UnknownInlinedFun (stl_algo.h:2004)
==39376==    by 0x5CDB7B1: QV4::CppStackFrame::lineNumber() const (qv4stackframe.cpp:67)
==39376==    by 0x5E4B92D: QV4::QQmlBindingFunction::currentLocation() const (qqmlbuiltinfunctions.cpp:1453)
==39376==    by 0x5CEF304: QV4::QObjectWrapper::setProperty(QV4::ExecutionEngine*, QObject*, QQmlPropertyData*, QV4::Value const&) (qv4qobjectwrapper.cpp:472)
==39376==    by 0x5CEF9D5: QV4::QObjectWrapper::setQmlProperty(QV4::ExecutionEngine*, QQmlContextData*, QObject*, QV4::String*, QV4::QObjectWrapper::RevisionMode, QV4::Value const&) (qv4qobjectwrapper.cpp:435)
==39376==    by 0x5CF2826: QV4::QObjectWrapper::virtualPut(QV4::Managed*, QV4::PropertyKey, QV4::Value const&, QV4::Value*) (qv4qobjectwrapper.cpp:722)
==39376==    by 0x5DC6707: QQmlComponentPrivate::setInitialProperties(QV4::ExecutionEngine*, QV4::QmlContext*, QV4::Value const&, QV4::Value const&, RequiredProperties&, QObject*) (qqmlcomponent.cpp:1406)
==39376==    by 0x5DC6AAC: QQmlComponentPrivate::initializeObjectWithInitialProperties(QV4::QmlContext*, QV4::Value const&, QObject*, RequiredProperties&) (qqmlcomponent.cpp:1642)
==39376==    by 0x58F9E2F: UnknownInlinedFun (qquickloader.cpp:677)
==39376==    by 0x58F9E2F: QQuickLoaderIncubator::setInitialState(QObject*) (qquickloader.cpp:641)
==39376==    by 0x5DC710D: QQmlIncubatorPrivate::incubate(QQmlInstantiationInterrupt&) (qqmlincubator.cpp:332)
==39376==    by 0x5DC7595: QQmlEnginePrivate::incubate(QQmlIncubator&, QQmlContextData*) (qqmlincubator.cpp:89)
==39376==    by 0x5DC7811: QQmlComponent::create(QQmlIncubator&, QQmlContext*, QQmlContext*) (qqmlcomponent.cpp:1191)
==39376==    by 0x58FCD5A: QQuickLoaderPrivate::_q_sourceLoaded() (qquickloader.cpp:751)
==39376== 
==39376== Conditional jump or move depends on uninitialised value(s)
==39376==    at 0x1D295D69: ???
==39376==    by 0xD81E827: ???
==39376== 
==39376== Conditional jump or move depends on uninitialised value(s)
==39376==    at 0x1D295D69: ???
==39376==    by 0xD8030C7: ???
==39376== 
==39376== Conditional jump or move depends on uninitialised value(s)
==39376==    at 0x1D295D69: ???
==39376==    by 0x1CA317D7: ???
==39376== 
==39376== Conditional jump or move depends on uninitialised value(s)
==39376==    at 0x1D295D69: ???
==39376==    by 0x178F6C67: ???
==39376== 
==39376== Conditional jump or move depends on uninitialised value(s)
==39376==    at 0x1D295D69: ???
==39376==    by 0x1B90DD27: ???
==39376== 
==39376== Conditional jump or move depends on uninitialised value(s)
==39376==    at 0x1D295D69: ???
==39376==    by 0xD406957: ???
==39376== 
==39376== Conditional jump or move depends on uninitialised value(s)
==39376==    at 0x1D295D69: ???
==39376==    by 0x1C9AC047: ???
==39376== 
==39376== Conditional jump or move depends on uninitialised value(s)
==39376==    at 0x1D295D69: ???
==39376==    by 0xE3C44B7: ???
==39376== 
==39376== Conditional jump or move depends on uninitialised value(s)
==39376==    at 0x1D295D69: ???
==39376==    by 0xDDBA1F7: ???
==39376== 
==39376== Conditional jump or move depends on uninitialised value(s)
==39376==    at 0x1D295D69: ???
==39376==    by 0x1DA87807: ???
==39376== 
==39376== Conditional jump or move depends on uninitialised value(s)
==39376==    at 0x1D295D69: ???
==39376==    by 0xBB2B017: ???
==39376== 
==39376== Conditional jump or move depends on uninitialised value(s)
==39376==    at 0x1D295D69: ???
==39376==    by 0x1C71B767: ???
==39376== 
==39376== Conditional jump or move depends on uninitialised value(s)
==39376==    at 0x1D295D69: ???
==39376==    by 0xDB868E7: ???
==39376== 
==39376== Conditional jump or move depends on uninitialised value(s)
==39376==    at 0x1D295D69: ???
==39376==    by 0x1C66D5C7: ???
==39376== 
==39376== Conditional jump or move depends on uninitialised value(s)
==39376==    at 0x1D295D47: ???
==39376==    by 0x17779437: ???
==39376== 
==39376== Conditional jump or move depends on uninitialised value(s)
==39376==    at 0x1D295D69: ???
==39376==    by 0xD560537: ???
==39376== 
==39376== Invalid read of size 8
==39376==    at 0x12451B: ??? (in /usr/bin/filelight)
==39376==    by 0x6958A50: UnknownInlinedFun (qobjectdefs_impl.h:398)
==39376==    by 0x6958A50: void doActivate<false>(QObject*, int, void**) (qobject.cpp:3919)
==39376==    by 0x66426E6: KJob::finished(KJob*, KJob::QPrivateSignal) (moc_kjob.cpp:612)
==39376==    by 0x6648824: KJob::finishJob(bool) (kjob.cpp:95)
==39376==    by 0x694BBDF: QObject::event(QEvent*) (qobject.cpp:1347)
==39376==    by 0x50FDB1B: QApplicationPrivate::notify_helper(QObject*, QEvent*) (qapplication.cpp:3637)
==39376==    by 0x6927F97: QCoreApplication::notifyInternal2(QObject*, QEvent*) (qcoreapplication.cpp:1064)
==39376==    by 0x6928AA2: QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (qcoreapplication.cpp:1821)
==39376==    by 0x696EE67: postEventSourceDispatch(_GSource*, int (*)(void*), void*) (qeventdispatcher_glib.cpp:277)
==39376==    by 0x82E387A: UnknownInlinedFun (gmain.c:3444)
==39376==    by 0x82E387A: g_main_context_dispatch (gmain.c:4162)
==39376==    by 0x833A298: g_main_context_iterate.constprop.0 (gmain.c:4238)
==39376==    by 0x82E2131: g_main_context_iteration (gmain.c:4303)
==39376==  Address 0x18 is not stack'd, malloc'd or (recently) free'd
==39376== 
==39376== 
==39376== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==39376==  Access not within mapped region at address 0x18
==39376==    at 0x12451B: ??? (in /usr/bin/filelight)
==39376==    by 0x6958A50: UnknownInlinedFun (qobjectdefs_impl.h:398)
==39376==    by 0x6958A50: void doActivate<false>(QObject*, int, void**) (qobject.cpp:3919)
==39376==    by 0x66426E6: KJob::finished(KJob*, KJob::QPrivateSignal) (moc_kjob.cpp:612)
==39376==    by 0x6648824: KJob::finishJob(bool) (kjob.cpp:95)
==39376==    by 0x694BBDF: QObject::event(QEvent*) (qobject.cpp:1347)
==39376==    by 0x50FDB1B: QApplicationPrivate::notify_helper(QObject*, QEvent*) (qapplication.cpp:3637)
==39376==    by 0x6927F97: QCoreApplication::notifyInternal2(QObject*, QEvent*) (qcoreapplication.cpp:1064)
==39376==    by 0x6928AA2: QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (qcoreapplication.cpp:1821)
==39376==    by 0x696EE67: postEventSourceDispatch(_GSource*, int (*)(void*), void*) (qeventdispatcher_glib.cpp:277)
==39376==    by 0x82E387A: UnknownInlinedFun (gmain.c:3444)
==39376==    by 0x82E387A: g_main_context_dispatch (gmain.c:4162)
==39376==    by 0x833A298: g_main_context_iterate.constprop.0 (gmain.c:4238)
==39376==    by 0x82E2131: g_main_context_iteration (gmain.c:4303)
==39376==  If you believe this happened as a result of a stack
==39376==  overflow in your program's main thread (unlikely but
==39376==  possible), you can try to increase the size of the
==39376==  main thread stack using the --main-stacksize= flag.
==39376==  The main thread stack size used in this run was 8388608.
==39376== 
==39376== HEAP SUMMARY:
==39376==     in use at exit: 27,656,107 bytes in 225,442 blocks
==39376==   total heap usage: 709,349 allocs, 483,907 frees, 415,055,195 bytes allocated
==39376== 
==39376== LEAK SUMMARY:
==39376==    definitely lost: 1,720 bytes in 198 blocks
==39376==    indirectly lost: 224 bytes in 4 blocks
==39376==      possibly lost: 532,614 bytes in 3,342 blocks
==39376==    still reachable: 27,121,549 bytes in 221,898 blocks
==39376==                       of which reachable via heuristic:
==39376==                         newarray           : 1,177,864 bytes in 448 blocks
==39376==                         multipleinheritance: 19,456 bytes in 52 blocks
==39376==         suppressed: 0 bytes in 0 blocks
==39376== Rerun with --leak-check=full to see details of leaked memory
==39376== 
==39376== Use --track-origins=yes to see where uninitialised values come from
==39376== For lists of detected and suppressed errors, rerun with: -s
==39376== ERROR SUMMARY: 41 errors from 18 contexts (suppressed: 0 from 0)
Comment 1 Harald Sitter 2022-12-22 19:28:44 UTC 
A backtrace with the filelight frame would be handy. https://community.kde.org/Guidelines_and_HOWTOs/Debugging/How_to_create_useful_crash_reports
Comment 2 QeMXA2JNeU.bugs.kde.org 2022-12-23 10:08:10 UTC 
(In reply to Harald Sitter from comment #1)
> A backtrace with the filelight frame would be handy.
> https://community.kde.org/Guidelines_and_HOWTOs/Debugging/
> How_to_create_useful_crash_reports

Ah, my bad.

$ gdb --args filelight Downloads
[..]
(gdb) run
[..]
Thread 1 "filelight" received signal SIGSEGV, Segmentation fault.
0x000055555557051b in ?? ()
(gdb) backtrace
#0  0x000055555557051b in ?? ()
#1  0x00007ffff58bda51 in QtPrivate::QSlotObjectBase::call (a=<optimized out>, r=<optimized out>, this=<optimized out>, 
    this=<optimized out>, r=<optimized out>, a=<optimized out>)
    at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#2  doActivate<false> (sender=0x5555561a8b20, signal_index=3, argv=0x7fffffffcdc0) at kernel/qobject.cpp:3919
#3  0x00007ffff78386e7 in KJob::finished (this=this@entry=0x5555561a8b20, _t1=<optimized out>, _t1@entry=0x5555561a8b20, 
    _t2=...) at /usr/src/debug/kcoreaddons/build/src/lib/KF5CoreAddons_autogen/include/moc_kjob.cpp:612
#4  0x00007ffff783e825 in KJob::finishJob (this=0x5555561a8b20, emitResult=<optimized out>)
    at /usr/src/debug/kcoreaddons/kcoreaddons-5.101.0/src/lib/jobs/kjob.cpp:95
#5  0x00007ffff58b0be0 in QObject::event (this=0x5555561a8b20, e=0x7fff5c001d80) at kernel/qobject.cpp:1347
#6  0x00007ffff7178b1c in QApplicationPrivate::notify_helper (this=<optimized out>, receiver=0x5555561a8b20, 
    e=0x7fff5c001d80) at kernel/qapplication.cpp:3637
#7  0x00007ffff588cf98 in QCoreApplication::notifyInternal2 (receiver=0x5555561a8b20, event=0x7fff5c001d80)
    at kernel/qcoreapplication.cpp:1064
#8  0x00007ffff588daa3 in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x5555555cbef0)
    at kernel/qcoreapplication.cpp:1821
#9  0x00007ffff58d3e68 in postEventSourceDispatch (s=0x55555570ecf0) at kernel/qeventdispatcher_glib.cpp:277
#10 0x00007ffff466d87b in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#11 0x00007ffff46c4299 in ?? () from /usr/lib/libglib-2.0.so.0
#12 0x00007ffff466c132 in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#13 0x00007ffff58d7c4c in QEventDispatcherGlib::processEvents (this=0x555555710180, flags=...)
    at kernel/qeventdispatcher_glib.cpp:423
#14 0x00007ffff588573c in QEventLoop::exec (this=0x7fffffffd240, flags=...)
    at ../../include/QtCore/../../src/corelib/global/qflags.h:69
#15 0x00007ffff5890269 in QCoreApplication::exec () at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#16 0x0000555555567519 in ?? ()
#17 0x00007ffff683c290 in __libc_start_call_main (main=main@entry=0x5555555652d0, argc=argc@entry=2, 
    argv=argv@entry=0x7fffffffd698) at ../sysdeps/nptl/libc_start_call_main.h:58
#18 0x00007ffff683c34a in __libc_start_main_impl (main=0x5555555652d0, argc=2, argv=0x7fffffffd698, 
    init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffd688)
    at ../csu/libc-start.c:381
#19 0x0000555555567e15 in ?? ()
Comment 3 Harald Sitter 2022-12-23 15:55:34 UTC 
Unfortunately that is still missing the relevant frame. Are you sure this crash also happens with folders?
Comment 4 QeMXA2JNeU.bugs.kde.org 2022-12-25 11:35:02 UTC 
(In reply to Harald Sitter from comment #3)
> Unfortunately that is still missing the relevant frame. Are you sure this
> crash also happens with folders?

I have just tested. The crash only happens when deleting a single file.
I am not sure how to get the backtrace that would help here :/
Comment 5 Harald Sitter 2022-12-25 12:01:14 UTC 
Git commit b5b77ffc7e784ff2fed662fadba060e10451b569 by Harald Sitter.
Committed on 25/12/2022 at 12:01.
Pushed by sitter into branch 'release/22.12'.

not all files are folders

don't crash on nullptrs when it's a file. already fixed in master

M  +1    -1    src/fileTree.h
M  +1    -1    src/radialMap/item.cpp

https://invent.kde.org/utilities/filelight/commit/b5b77ffc7e784ff2fed662fadba060e10451b569