Version: (using KDE 4.3.0) OS: Linux Installed from: Ubuntu Packages I tried to make a new tab in dolphin by double-clicking next to an existing tab and the application suddenly crashed giving me the following feedback : Application: Dolphin (dolphin), signal: Segmentation fault [Current thread is 0 (LWP 13868)] Thread 3 (Thread 0xb3ef4b90 (LWP 27353)): #0 0xb7f42430 in __kernel_vsyscall () #1 0xb6085412 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0 #2 0xb642a344 in pthread_cond_timedwait () from /lib/tls/i686/cmov/libc.so.6 #3 0xb3513ae3 in ?? () from /usr/lib/libxine.so.1 Backtrace stopped: previous frame inner to this frame (corrupt stack?) Thread 2 (Thread 0xad8ccb90 (LWP 27359)): #0 0xb7f42430 in __kernel_vsyscall () #1 0xb6410ae7 in poll () from /lib/tls/i686/cmov/libc.so.6 #2 0xb5e9074b in g_poll () from /usr/lib/libglib-2.0.so.0 #3 0xb5e82f82 in ?? () from /usr/lib/libglib-2.0.so.0 #4 0xb5e83268 in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0 #5 0xb672e317 in QEventDispatcherGlib::processEvents (this=0xa2f1f48, flags={i = -1383284120}) at kernel/qeventdispatcher_glib.cpp:329 #6 0xb67011fa in QEventLoop::processEvents (this=0xad8cc2e0, flags={i = -1383284056}) at kernel/qeventloop.cpp:149 #7 0xb6701642 in QEventLoop::exec (this=0xad8cc2e0, flags={i = -1383283992}) at kernel/qeventloop.cpp:201 #8 0xb660ae19 in QThread::exec (this=0x9ee2ea0) at thread/qthread.cpp:487 #9 0xb357620a in ?? () from /usr/lib/kde4/plugins/phonon_backend/phonon_xine.so #10 0xb660e132 in QThreadPrivate::start (arg=0x9ee2ea0) at thread/qthread_unix.cpp:188 #11 0xb60814ff in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #12 0xb641b49e in clone () from /lib/tls/i686/cmov/libc.so.6 Thread 1 (Thread 0xb5bfd700 (LWP 13868)): [KCrash Handler] #6 0xb6d9cbb7 in QTabBarPrivate::_q_moveTabFinished (this=0x9225640, index=2) at widgets/qtabbar.cpp:1847 #7 0xb6d9d72f in QTabBarPrivate::refresh (this=0x9225640) at widgets/qtabbar.cpp:667 #8 0xb6d9deea in QTabBar::setTabText (this=0x9293130, index=2, text=@0xbf95f0b0) at widgets/qtabbar.cpp:961 #9 0xb76b4d87 in ?? () from /usr/lib/libkdeui.so.5 #10 0xb76b6e67 in ?? () from /usr/lib/libkdeui.so.5 #11 0xb76b6f64 in KAcceleratorManager::manage () from /usr/lib/libkdeui.so.5 #12 0xb76b8198 in ?? () from /usr/lib/libkdeui.so.5 #13 0xb76b852a in ?? () from /usr/lib/libkdeui.so.5 #14 0xb76b860b in ?? () from /usr/lib/libkdeui.so.5 #15 0xb67181b8 in QMetaObject::activate (sender=0x90c198c, from_signal_index=4, to_signal_index=4, argv=0x0) at kernel/qobject.cpp:3113 #16 0xb6718e42 in QMetaObject::activate (sender=0x90c198c, m=0xb67f5904, local_signal_index=0, argv=0x0) at kernel/qobject.cpp:3187 #17 0xb6754687 in QTimer::timeout (this=0x90c198c) at .moc/release-shared/moc_qtimer.cpp:128 #18 0xb671e5ce in QTimer::timerEvent (this=0x90c198c, e=0xbf95f6fc) at kernel/qtimer.cpp:261 #19 0xb671316f in QObject::event (this=0x90c198c, e=0xbf95f6fc) at kernel/qobject.cpp:1075 #20 0xb6919d3c in QApplicationPrivate::notify_helper (this=0x9034480, receiver=0x90c198c, e=0xbf95f6fc) at kernel/qapplication.cpp:4056 #21 0xb692203e in QApplication::notify (this=0xbf95f994, receiver=0x90c198c, e=0xbf95f6fc) at kernel/qapplication.cpp:3603 #22 0xb765e5cd in KApplication::notify () from /usr/lib/libkdeui.so.5 #23 0xb6702bcb in QCoreApplication::notifyInternal (this=0xbf95f994, receiver=0xbf95f994, event=0xbf95f6fc) at kernel/qcoreapplication.cpp:610 #24 0xb6731d51 in QTimerInfoList::activateTimers (this=0x90312b4) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:213 #25 0xb672e3a0 in timerSourceDispatch (source=0x9031280) at kernel/qeventdispatcher_glib.cpp:165 #26 0xb5e7fb88 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #27 0xb5e830eb in ?? () from /usr/lib/libglib-2.0.so.0 #28 0xb5e83268 in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0 #29 0xb672e2f8 in QEventDispatcherGlib::processEvents (this=0x9010d10, flags={i = -1080690568}) at kernel/qeventdispatcher_glib.cpp:327 #30 0xb69bba75 in QGuiEventDispatcherGlib::processEvents (this=0x9010d10, flags={i = -1080690520}) at kernel/qguieventdispatcher_glib.cpp:202 #31 0xb67011fa in QEventLoop::processEvents (this=0xbf95f920, flags={i = -1080690456}) at kernel/qeventloop.cpp:149 #32 0xb6701642 in QEventLoop::exec (this=0xbf95f920, flags={i = -1080690392}) at kernel/qeventloop.cpp:201 #33 0xb6703ae9 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:888 #34 0xb6919bb7 in QApplication::exec () at kernel/qapplication.cpp:3525 #35 0x0807aa4f in _start ()
Thanks for the bug report! I guess you're using Qt 4.5.2 (run dolphin --version from Konsole to check)? The backtrace looks like it's related to the changes in QTabBar's tab moving code in Qt 4.5.2 that led to bug 198075 (related to middle-clicking tabs, now fixed). I can't try to reproduce because I'm not at home right now. I don't have much time during the next few days, but I'll try to look into this for KDE 4.3.1.
> I guess you're using Qt 4.5.2 Yes I am. Thanks for trying to fix it !
I can't reproduce using KDE 4.3.0/Qt 4.5.2 and trunk rev. 1007432/Qt 4.5.2 from kde-qt. 1. Can you reproduce this crash every time you double click the empty area to the right of the tabs? If you need a particular number or kind of tabs to reproduce, it would help if you could provide detailed steps (starting with opening Dolphin) which lead to this this crash. 2. It might also help if you could provide a more detailed backtrace (frames #9-14, which could provide some information about what's going wrong, are missing). If you install the kdelibs debugging info using sudo apt-get install kdelibs5-dbg and reproduce the crash, you should get a better backtrace. Thanks for you help!
Here is exactly what I did to get the new bug report : 1- I installed kdelibs5-dbg (I thought it was already installed, sorry for that) 2- I started Dolphin 3- I entered Ctrl+T to get a new tab 4- I double-clicked next to the new tab, it created another one without crashing 5- I double-clicked next to the new tab once again, this time it crashed and gave me the following report : Application: Dolphin (dolphin), signal: Segmentation fault [KCrash Handler] #6 0xb6dd5bb7 in QTabBarPrivate::_q_moveTabFinished (this=0x8a3a6e0, index=3) at widgets/qtabbar.cpp:1847 #7 0xb6dd672f in QTabBarPrivate::refresh (this=0x8a3a6e0) at widgets/qtabbar.cpp:667 #8 0xb6dd6eea in QTabBar::setTabText (this=0x8aac9b0, index=3, text=@0xbfb993c0) at widgets/qtabbar.cpp:961 #9 0xb76edd87 in KAcceleratorManagerPrivate::calculateAccelerators (item=0x957fe10, used=@0xbfb99404) at /build/buildd/kde4libs-4.3.0/kdeui/shortcuts/kacceleratormanager.cpp:229 #10 0xb76efe67 in KAcceleratorManagerPrivate::manage (widget=0x88af5b8) at /build/buildd/kde4libs-4.3.0/kdeui/shortcuts/kacceleratormanager.cpp:192 #11 0xb76eff64 in KAcceleratorManager::manage (widget=0x88af5b8, programmers_mode=false) at /build/buildd/kde4libs-4.3.0/kdeui/shortcuts/kacceleratormanager.cpp:505 #12 0xb76f1198 in KCheckAccelerators::checkAccelerators (this=0x88ac218, automatic=true) at /build/buildd/kde4libs-4.3.0/kdeui/shortcuts/kcheckaccelerators.cpp:243 #13 0xb76f152a in KCheckAccelerators::autoCheckSlot (this=0x88ac218) at /build/buildd/kde4libs-4.3.0/kdeui/shortcuts/kcheckaccelerators.cpp:197 #14 0xb76f160b in KCheckAccelerators::qt_metacall (this=0x88ac218, _c=QMetaObject::InvokeMetaMethod, _id=0, _a=0xbfb99588) at /build/buildd/kde4libs-4.3.0/obj-i486-linux-gnu/kdeui/kcheckaccelerators.moc:68 #15 0xb67511b8 in QMetaObject::activate (sender=0x88ac22c, from_signal_index=4, to_signal_index=4, argv=0x0) at kernel/qobject.cpp:3113 #16 0xb6751e42 in QMetaObject::activate (sender=0x88ac22c, m=0xb682e904, local_signal_index=0, argv=0x0) at kernel/qobject.cpp:3187 #17 0xb678d687 in QTimer::timeout (this=0x88ac22c) at .moc/release-shared/moc_qtimer.cpp:128 #18 0xb67575ce in QTimer::timerEvent (this=0x88ac22c, e=0xbfb99a0c) at kernel/qtimer.cpp:261 #19 0xb674c16f in QObject::event (this=0x88ac22c, e=0xbfb99a0c) at kernel/qobject.cpp:1075 #20 0xb6952d3c in QApplicationPrivate::notify_helper (this=0x8845610, receiver=0x88ac22c, e=0xbfb99a0c) at kernel/qapplication.cpp:4056 #21 0xb695b03e in QApplication::notify (this=0xbfb99ca4, receiver=0x88ac22c, e=0xbfb99a0c) at kernel/qapplication.cpp:3603 #22 0xb76975cd in KApplication::notify (this=0xbfb99ca4, receiver=0x88ac22c, event=0xbfb99a0c) at /build/buildd/kde4libs-4.3.0/kdeui/kernel/kapplication.cpp:302 #23 0xb673bbcb in QCoreApplication::notifyInternal (this=0xbfb99ca4, receiver=0x88ac22c, event=0xbfb99a0c) at kernel/qcoreapplication.cpp:610 #24 0xb676ad51 in QTimerInfoList::activateTimers (this=0x883df34) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:213 #25 0xb67673a0 in timerSourceDispatch (source=0x883df00) at kernel/qeventdispatcher_glib.cpp:165 #26 0xb5eb8b88 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #27 0xb5ebc0eb in ?? () from /usr/lib/libglib-2.0.so.0 #28 0xb5ebc268 in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0 #29 0xb67672f8 in QEventDispatcherGlib::processEvents (this=0x881cd10, flags={i = -1078355064}) at kernel/qeventdispatcher_glib.cpp:327 #30 0xb69f4a75 in QGuiEventDispatcherGlib::processEvents (this=0x881cd10, flags={i = -1078355016}) at kernel/qguieventdispatcher_glib.cpp:202 #31 0xb673a1fa in QEventLoop::processEvents (this=0xbfb99c30, flags={i = -1078354952}) at kernel/qeventloop.cpp:149 #32 0xb673a642 in QEventLoop::exec (this=0xbfb99c30, flags={i = -1078354888}) at kernel/qeventloop.cpp:201 #33 0xb673cae9 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:888 #34 0xb6952bb7 in QApplication::exec () at kernel/qapplication.cpp:3525 #35 0x0807aa4f in _start () Hope this helps...
Thanks for the update! It seems that the crash happens while new keyboard shortcuts for the tabs are generated - a new shortcut requires a new tab title. The problem is that QTabBar incorrectly thinks that an unfinished tab move operation is in progress. It tries to finish it before changing the title, and QTabBarPrivate dereferences its movingTab member which is a null pointer because the move operation never really started. The next question would be why QTabBar thinks that a tab is moving. The cause must be different from the one of bug 198075, but I'm clueless at the moment what it could be :-( You could do two more little things, maybe they could help: 1. After either step 3 or step 4 from your comment 4, change the order of the tabs by clicking a tab and dragging it to a new position. If proceeding to step 5 does not crash Dolphin in that case, it would confirm my analysis. 2. Maybe it's got something to do with the tab names because the keyboard shortcuts depend on them. Could you tell us what name the tabs have (probably your user name)? Thanks!
*** Bug 203401 has been marked as a duplicate of this bug. ***
For your first point : the problem is that it does not allways crash on creating the 4th tab, so this is not easy to reproduce the bug exactly using drag-and-drop in the middle. I tryied drag-and-drop and saw no crash, but maybe it would not have crashed even without drag-and-drop, I don't know. About the second point, all my tabs are called "rtavenar". Hope this helps.
Thanks for the update! I've reproduced the crash now in trunk. It seems that the window width is important - I only get the crash if the window is so narrow that the empty area at the right of the tab bar is about as wide (or maybe a bit smaller) than the already openened tabs.
I did some more investigation yesterday: When double-clicking the empty area in the tab bar, 5 events are generated: mouse press, mouse release, mouse double click (which opens the new tab), mouse press, and mouse release. The double-click event also starts a timer in KCheckAccelerators which happens to expire just between the last press and release events and which calls KCheckAccelerators::autoCheckSlot which in turn assigns keyboard shortcuts to the tabs and changes the tab titles accordingly. The problem is that the last press event occurs when the new tab is already there, such that it appears that a tab has been clicked, and QTabBarPrivate's pressedIndex contains the new tab's index, such that QTabBar thinks that a tab move operation is just beginning. If a mouse release would be the next event, everything would be fine, but a tab title change which tries to finish the not-fully-started tab move operation leads to a crash. IMHO, this is a Qt bug: changing a tab title between a mouse press event and a mouse release event in the tab bar should not lead to a crash. I'm away for a couple of days at the moment, but I'll look a bit more into this next week. I think it should be possible to come up with a simple Qt-only test case, and the fix inside QTabBar should be straightforward (just check that QTabBarPrivate's movingTab member is not 0 before dereferencing it).
*** Bug 205225 has been marked as a duplicate of this bug. ***
Created attachment 36473 [details] Qt-only test case It turns out that tab title changes between a mouse press and a mouse release event do not always lead to a crash - it only crashes if a double-click event is involved.
I've filed a merge request for Qt: http://qt.gitorious.org/qt/qt/merge_requests/1337 I'm not sure if my proposed patch is the preferred way to fix this (there are other possibilities as well), but I hope that at least the reduced test case and the unit test will help a bit :-)
My patch was accepted for Qt 4.6.0: http://qt.gitorious.org/qt/qt/commit/8ac7e812604d24fcbf28132a611d3b3e06120349 I'll close this report :-)
The fix is now also backported to the Qt 4.5 branch, which means that upgrading Qt to any version after Qt 4.5.2 should fix this crash: http://qt.gitorious.org/qt/qt/commit/b42b00a36b5b48bffcbccc9b1c7ecafa89b4e18e
Great, thanks Frank!
*** Bug 205980 has been marked as a duplicate of this bug. ***
*** Bug 207469 has been marked as a duplicate of this bug. ***
*** Bug 207564 has been marked as a duplicate of this bug. ***
*** Bug 207938 has been marked as a duplicate of this bug. ***
*** Bug 206335 has been marked as a duplicate of this bug. ***
*** Bug 208803 has been marked as a duplicate of this bug. ***
*** Bug 215263 has been marked as a duplicate of this bug. ***
*** Bug 215277 has been marked as a duplicate of this bug. ***
*** Bug 214812 has been marked as a duplicate of this bug. ***
@Frank: can you check if bug 214243 and bug 203889 could be the same as this ? Thanks
*** Bug 214243 has been marked as a duplicate of this bug. ***
*** Bug 203889 has been marked as a duplicate of this bug. ***
(In reply to comment #25) > @Frank: can you check if bug 214243 and bug 203889 could be the same as this ? > Thanks Yes, they are. The way the crash was triggered seems different in these reports, but the root cause is the same. Thanks for the hint!
*** Bug 218181 has been marked as a duplicate of this bug. ***
*** Bug 221046 has been marked as a duplicate of this bug. ***
*** Bug 223640 has been marked as a duplicate of this bug. ***