286646 – Dolphin crashed after closing window

Bug 286646 - Dolphin crashed after closing window

Summary: Dolphin crashed after closing window

Status:	RESOLVED UPSTREAM

Alias:	None

Product:	Oxygen
Classification:	Plasma
Component:	style (show other bugs)
Version:	4.0
Platform:	Ubuntu Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Hugo Pereira Da Costa

URL:
Keywords:

Duplicates (4):	277308 294060 306894 308883 (view as bug list)
Depends on:
Blocks:

Reported:	2011-11-15 02:22 UTC by Franja Lovric
Modified:	2012-10-23 15:25 UTC (History)
CC List:	7 users (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Franja Lovric 2011-11-15 02:22:04 UTC

Application: dolphin (1.7)
KDE Platform Version: 4.7.3 (4.7.3)
Qt Version: 4.7.4
Operating System: Linux 3.0.0-12-generic x86_64
Distribution: Ubuntu 11.10

-- Information about the crash:
it usually happens while multitasking.jdownloader was working in the background and vlc player was running.immediately after closing vlc i closed dolphin and it crashed.

The crash can be reproduced some of the time.

-- Backtrace:
Application: Dolphin (dolphin), signal: Segmentation fault
[Current thread is 1 (Thread 0x7f44c4762780 (LWP 11632))]

Thread 3 (Thread 0x7f44b2137700 (LWP 11635)):
#0  0x00007f44c4035773 in __GI___poll (fds=<optimized out>, nfds=<optimized out>, timeout=<optimized out>) at ../sysdeps/unix/sysv/linux/poll.c:87
#1  0x00007f44bc765f68 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007f44bc766429 in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007f44c047df3e in QEventDispatcherGlib::processEvents (this=0xbdb1a0, flags=<optimized out>) at kernel/qeventdispatcher_glib.cpp:424
#4  0x00007f44c0451cf2 in QEventLoop::processEvents (this=<optimized out>, flags=...) at kernel/qeventloop.cpp:149
#5  0x00007f44c0451ef7 in QEventLoop::exec (this=0x7f44b2136dd0, flags=...) at kernel/qeventloop.cpp:201
#6  0x00007f44c036927f in QThread::exec (this=<optimized out>) at thread/qthread.cpp:498
#7  0x00007f44c0434cbf in QInotifyFileSystemWatcherEngine::run (this=0xbdba40) at io/qfilesystemwatcher_inotify.cpp:248
#8  0x00007f44c036bd05 in QThreadPrivate::start (arg=0xbdba40) at thread/qthread_unix.cpp:331
#9  0x00007f44bcc37efc in start_thread (arg=0x7f44b2137700) at pthread_create.c:304
#10 0x00007f44c404189d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#11 0x0000000000000000 in ?? ()

Thread 2 (Thread 0x7f44af3ee700 (LWP 11639)):
#0  0x00007f44bc764fad in g_main_context_prepare () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#1  0x00007f44bc765dfd in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007f44bc766429 in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007f44c047df3e in QEventDispatcherGlib::processEvents (this=0xee0140, flags=<optimized out>) at kernel/qeventdispatcher_glib.cpp:424
#4  0x00007f44c0451cf2 in QEventLoop::processEvents (this=<optimized out>, flags=...) at kernel/qeventloop.cpp:149
#5  0x00007f44c0451ef7 in QEventLoop::exec (this=0x7f44af3eddd0, flags=...) at kernel/qeventloop.cpp:201
#6  0x00007f44c036927f in QThread::exec (this=<optimized out>) at thread/qthread.cpp:498
#7  0x00007f44c0434cbf in QInotifyFileSystemWatcherEngine::run (this=0xa837b0) at io/qfilesystemwatcher_inotify.cpp:248
#8  0x00007f44c036bd05 in QThreadPrivate::start (arg=0xa837b0) at thread/qthread_unix.cpp:331
#9  0x00007f44bcc37efc in start_thread (arg=0x7f44af3ee700) at pthread_create.c:304
#10 0x00007f44c404189d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#11 0x0000000000000000 in ?? ()

Thread 1 (Thread 0x7f44c4762780 (LWP 11632)):
[KCrash Handler]
#6  deref (this=0x2018ffc58) at ../../include/QtCore/../../src/corelib/arch/qatomic_x86_64.h:133
#7  ~QExplicitlySharedDataPointer (this=0x1835338, __in_chrg=<optimized out>) at ../../include/QtCore/../../src/corelib/tools/qshareddata.h:161
#8  QPixmap::~QPixmap (this=0x1835328, __in_chrg=<optimized out>) at image/qpixmap.cpp:321
#9  0x00007f44b6915ca7 in QVector<QPixmap>::free (x=0x1835270, this=<optimized out>) at /usr/include/qt4/QtCore/qvector.h:438
#10 0x00007f44b69169ae in ~QVector (this=0x1093c58, __in_chrg=<optimized out>) at /usr/include/qt4/QtCore/qvector.h:119
#11 ~TileSet (this=0x1093c50, __in_chrg=<optimized out>) at ../../../libs/oxygen/oxygentileset.h:77
#12 Oxygen::TileSet::~TileSet (this=0x1093c50, __in_chrg=<optimized out>) at ../../../libs/oxygen/oxygentileset.h:77
#13 0x00007f44b694ff2f in clear (this=0xa77f60) at /usr/include/qt4/QtCore/qcache.h:139
#14 ~QCache (this=0xa77f60, __in_chrg=<optimized out>) at /usr/include/qt4/QtCore/qcache.h:103
#15 ~BaseCache (this=0xa77f60, __in_chrg=<optimized out>) at ../../../libs/oxygen/oxygenhelper.h:63
#16 Oxygen::StyleHelper::~StyleHelper (this=0xa77ab0, __in_chrg=<optimized out>) at ../../../kstyles/oxygen/oxygenstylehelper.h:59
#17 0x00007f44b69507d9 in Oxygen::StyleHelper::~StyleHelper (this=0xa77ab0, __in_chrg=<optimized out>) at ../../../kstyles/oxygen/oxygenstylehelper.h:59
#18 0x00007f44b691a4fd in Oxygen::Style::~Style (this=0xa2a820, __in_chrg=<optimized out>) at ../../../kstyles/oxygen/oxygenstyle.cpp:195
#19 0x00007f44b691a549 in Oxygen::Style::~Style (this=0xa2a820, __in_chrg=<optimized out>) at ../../../kstyles/oxygen/oxygenstyle.cpp:195
#20 0x00007f44c0e5ce25 in QApplication::~QApplication (this=0x7fff1a1ec6b0, __in_chrg=<optimized out>) at kernel/qapplication.cpp:1168
#21 0x00007f44c434a273 in kdemain (argc=6, argv=0x7fff1a1ecb98) at ../../../dolphin/src/main.cpp:79
#22 0x00007f44c3f8130d in __libc_start_main (main=0x400640 <main(int, char**)>, argc=6, ubp_av=0x7fff1a1ecb98, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fff1a1ecb88) at libc-start.c:226
#23 0x0000000000400671 in _start ()

Possible duplicates by query: bug 279952, bug 275656, bug 269246, bug 268923.

Reported using DrKonqi

Comment 1 Hugo Pereira Da Costa 2011-11-15 10:52:55 UTC

the crash is all in the deletion chain of QStyle triggered by closing dolphin. Most likely X or Qt issue. Nothing I can do about it. Sorry :(

Comment 2 Jekyll Wu 2011-12-04 17:46:30 UTC

*** Bug 277308 has been marked as a duplicate of this bug. ***

Comment 3 Matthias Kretz 2012-01-04 23:02:38 UTC

I just experienced this crash when closing Kontact. From reading through the stack trace it looks to me like a double free. I.e. something inside Oxygen keeps a pointer/reference to an object that was already freed, which leads to a second cleanup through the now dangling pointer/reference. (e.g. delete QVector<QPixmap>::data() would lead to a double free of the QPixmap.)

I can't see a reason from the stack trace why it would be a bug in X or Qt. Might be, but I believe this must be debugged in Oxygen.

Additional info that might be related:
Before I closed Kontact, I changed the font hinting (should not make a difference) and the global application fonts (which surely triggers a lot inside Oxygen). I could not reproduce the crash, that way, though.

I suggest to change the status of the bug to unconfirmed or verified.

BTW: KDE 4.8 RC1 (Kubuntu Packages) here

Comment 4 Hugo Pereira Da Costa 2012-01-05 08:22:01 UTC

I humbly disagree, notably because oxygen does not explicitly free the incriminated objects (pixmaps, here, which are explicitly shared). Hence my comment.
so that I won't reopen the report. But feel free to double check the code.

Comment 5 Matthias Kretz 2012-01-05 12:32:50 UTC

I checked the code. I'm now even more convinced that this can't be an X issue. Qt issue may be (no idea how that could go unnoticed, though), but I'd rather expect it an incorrect usage of Qt instead.

Of course, I didn't spot the error inside Oxygen either. If I get the crash again I can try to dig deeper with gdb.

Comment 6 Hugo Pereira Da Costa 2012-01-05 13:11:02 UTC

Sounds good. Thanks for helping.

Comment 7 Hugo Pereira Da Costa 2012-01-05 13:27:26 UTC

Some clues about why I believe it is not an oxygen bug:

1/ there is no way to double-free QPixmap inside oxygen, because there is no explicit "new QPixmap" call anywhere.

2/ there are quite some "new Tileset" calls everywhere, but they are never freed by oxygen directly. They are handled by Qt, inside QCache, who has ownership (and there is no way to avoid this, if you want to use QCache);

3/ you could imagine deleting StyleHelper multiple times, but I checked that there is only one of this guy, created and freed, inside Oxygen::Style. 

4/ Also, StyleHelper being a pointer member of Oxygen::Style, well, there it could in principle get wrongly assigned to multiple instances of the Style, and deleted twice (which would indeed create a double-free). Except that Style, which derive from QStyle, can't get copied either, as cannot any QObject inside Qt.

Last (and not least), I have run oxygen multiple times on some extensive test application inside valgrind, which did not detect any double free, invalid read, or invalid write, nor memory leak. 

Thats all I can think of to try to convince you.

Comment 8 Matthias Kretz 2012-01-05 14:17:42 UTC

Yeah, the code looked safe to me. And I believe those points. The only other thing I could think of is some memory corruption in a completely unrelated part of the application/libs. This would be hard to find, especially as we don't know how to reproduce the crash.

Comment 9 Christoph Feck 2012-02-14 11:57:40 UTC

*** Bug 294060 has been marked as a duplicate of this bug. ***

Comment 10 Jekyll Wu 2012-09-17 00:39:46 UTC

*** Bug 306894 has been marked as a duplicate of this bug. ***

Comment 11 Jekyll Wu 2012-10-23 15:25:20 UTC

*** Bug 308883 has been marked as a duplicate of this bug. ***