Bug 325359 - Dolphin crash
Summary: Dolphin crash
Status: RESOLVED FIXED
Alias: None
Product: dolphin
Classification: Unclassified
Component: general (show other bugs)
Version: 4.11.1
Platform: Ubuntu Packages Linux
: NOR crash (vote)
Target Milestone: ---
Assignee: Dolphin Bug Assignee
URL:
Keywords: drkonqi
: 326566 330022 330731 335249 (view as bug list)
Depends on:
Blocks:
 
Reported: 2013-09-27 08:38 UTC by ruben.mueller
Modified: 2014-05-23 16:14 UTC (History)
4 users (show)

See Also:
Latest Commit:
Version Fixed In: 4.12.0


Attachments
Unit test (does not always crash, but Valgrind warns about invalid memory access) (3.03 KB, patch)
2013-09-30 21:45 UTC, Frank Reininghaus
Details

Note You need to log in before you can comment on or make changes to this bug.
Description ruben.mueller 2013-09-27 08:38:30 UTC
Application: dolphin (4.11.1)
KDE Platform Version: 4.11.1
Qt Version: 4.8.4
Operating System: Linux 3.11.0-8-generic x86_64
Distribution: Ubuntu Saucy Salamander (development branch)

-- Information about the crash:
- What I was doing when the application crashed:
Dolphin crashed as I tried to click on a file/folder while having the focus on another window.

-- Backtrace:
Application: Dolphin (dolphin), signal: Segmentation fault
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[Current thread is 1 (Thread 0x7ffd9a3f87c0 (LWP 2756))]

Thread 4 (Thread 0x7ffd7e9a5700 (LWP 2757)):
#0  0x00007ffd99ca547d in poll () at ../sysdeps/unix/syscall-template.S:81
#1  0x00007ffd916e6734 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007ffd916e683c in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007ffd95b69a76 in QEventDispatcherGlib::processEvents (this=0x7ffd780008c0, flags=...) at kernel/qeventdispatcher_glib.cpp:426
#4  0x00007ffd95b3b5ef in QEventLoop::processEvents (this=this@entry=0x7ffd7e9a4d70, flags=...) at kernel/qeventloop.cpp:149
#5  0x00007ffd95b3b8e5 in QEventLoop::exec (this=this@entry=0x7ffd7e9a4d70, flags=...) at kernel/qeventloop.cpp:204
#6  0x00007ffd95a3a88f in QThread::exec (this=this@entry=0x1f1bc90) at thread/qthread.cpp:542
#7  0x00007ffd95b1cd13 in QInotifyFileSystemWatcherEngine::run (this=0x1f1bc90) at io/qfilesystemwatcher_inotify.cpp:265
#8  0x00007ffd95a3cf2f in QThreadPrivate::start (arg=0x1f1bc90) at thread/qthread_unix.cpp:338
#9  0x00007ffd91bbef6e in start_thread (arg=0x7ffd7e9a5700) at pthread_create.c:311
#10 0x00007ffd99cb1ecd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113

Thread 3 (Thread 0x7ffd7da80700 (LWP 2758)):
#0  0x00007fffacbfea2f in clock_gettime ()
#1  0x00007ffd99cc6e6d in clock_gettime (clock_id=<optimized out>, tp=<optimized out>) at ../sysdeps/unix/clock_gettime.c:115
#2  0x00007ffd95a91757 in do_gettime (frac=0x7ffd7da7fb00, sec=0x7ffd7da7faf8) at tools/qelapsedtimer_unix.cpp:123
#3  qt_gettime () at tools/qelapsedtimer_unix.cpp:140
#4  0x00007ffd95b6afe5 in updateCurrentTime (this=0x7ffd70002660) at kernel/qeventdispatcher_unix.cpp:354
#5  QTimerInfoList::timerWait (this=0x7ffd70002660, tm=...) at kernel/qeventdispatcher_unix.cpp:461
#6  0x00007ffd95b6982c in timerSourcePrepareHelper (src=<optimized out>, timeout=0x7ffd7da7fbb4) at kernel/qeventdispatcher_glib.cpp:136
#7  0x00007ffd95b698d5 in timerSourcePrepare (source=<optimized out>, timeout=<optimized out>) at kernel/qeventdispatcher_glib.cpp:169
#8  0x00007ffd916e5ddd in g_main_context_prepare () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#9  0x00007ffd916e6653 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#10 0x00007ffd916e683c in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#11 0x00007ffd95b69a76 in QEventDispatcherGlib::processEvents (this=0x7ffd700008c0, flags=...) at kernel/qeventdispatcher_glib.cpp:426
#12 0x00007ffd95b3b5ef in QEventLoop::processEvents (this=this@entry=0x7ffd7da7fd70, flags=...) at kernel/qeventloop.cpp:149
#13 0x00007ffd95b3b8e5 in QEventLoop::exec (this=this@entry=0x7ffd7da7fd70, flags=...) at kernel/qeventloop.cpp:204
#14 0x00007ffd95a3a88f in QThread::exec (this=this@entry=0x211fbf0) at thread/qthread.cpp:542
#15 0x00007ffd95b1cd13 in QInotifyFileSystemWatcherEngine::run (this=0x211fbf0) at io/qfilesystemwatcher_inotify.cpp:265
#16 0x00007ffd95a3cf2f in QThreadPrivate::start (arg=0x211fbf0) at thread/qthread_unix.cpp:338
#17 0x00007ffd91bbef6e in start_thread (arg=0x7ffd7da80700) at pthread_create.c:311
#18 0x00007ffd99cb1ecd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113

Thread 2 (Thread 0x7ffd77fff700 (LWP 2763)):
#0  0x00007fffacbfea2f in clock_gettime ()
#1  0x00007ffd99cc6e6d in clock_gettime (clock_id=<optimized out>, tp=<optimized out>) at ../sysdeps/unix/clock_gettime.c:115
#2  0x00007ffd95a91757 in do_gettime (frac=0x7ffd77ffeb00, sec=0x7ffd77ffeaf8) at tools/qelapsedtimer_unix.cpp:123
#3  qt_gettime () at tools/qelapsedtimer_unix.cpp:140
#4  0x00007ffd95b6afe5 in updateCurrentTime (this=0x7ffd6c002860) at kernel/qeventdispatcher_unix.cpp:354
#5  QTimerInfoList::timerWait (this=0x7ffd6c002860, tm=...) at kernel/qeventdispatcher_unix.cpp:461
#6  0x00007ffd95b6982c in timerSourcePrepareHelper (src=<optimized out>, timeout=0x7ffd77ffebb4) at kernel/qeventdispatcher_glib.cpp:136
#7  0x00007ffd95b698d5 in timerSourcePrepare (source=<optimized out>, timeout=<optimized out>) at kernel/qeventdispatcher_glib.cpp:169
#8  0x00007ffd916e5ddd in g_main_context_prepare () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#9  0x00007ffd916e6653 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#10 0x00007ffd916e683c in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#11 0x00007ffd95b69a76 in QEventDispatcherGlib::processEvents (this=0x7ffd6c0008c0, flags=...) at kernel/qeventdispatcher_glib.cpp:426
#12 0x00007ffd95b3b5ef in QEventLoop::processEvents (this=this@entry=0x7ffd77ffed70, flags=...) at kernel/qeventloop.cpp:149
#13 0x00007ffd95b3b8e5 in QEventLoop::exec (this=this@entry=0x7ffd77ffed70, flags=...) at kernel/qeventloop.cpp:204
#14 0x00007ffd95a3a88f in QThread::exec (this=this@entry=0x2694100) at thread/qthread.cpp:542
#15 0x00007ffd95b1cd13 in QInotifyFileSystemWatcherEngine::run (this=0x2694100) at io/qfilesystemwatcher_inotify.cpp:265
#16 0x00007ffd95a3cf2f in QThreadPrivate::start (arg=0x2694100) at thread/qthread_unix.cpp:338
#17 0x00007ffd91bbef6e in start_thread (arg=0x7ffd77fff700) at pthread_create.c:311
#18 0x00007ffd99cb1ecd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113

Thread 1 (Thread 0x7ffd9a3f87c0 (LWP 2756)):
[KCrash Handler]
#6  0x00007ffd98fb93c3 in KFileItemModel::lessThan (this=this@entry=0x23680d0, a=0x2b45ac0, a@entry=0x27b0c30, b=0x7c800000e500) at ../../../dolphin/src/kitemviews/kfileitemmodel.cpp:1421
#7  0x00007ffd98fc050e in KFileItemModel::insertItems (this=0x23680d0, newItems=...) at ../../../dolphin/src/kitemviews/kfileitemmodel.cpp:1048
#8  0x00007ffd98fc0abf in KFileItemModel::dispatchPendingItemsToInsert (this=0x7ffd99f78740 <main_arena>) at ../../../dolphin/src/kitemviews/kfileitemmodel.cpp:996
#9  0x00007ffd98fc0c54 in KFileItemModel::slotCompleted (this=0x23680d0) at ../../../dolphin/src/kitemviews/kfileitemmodel.cpp:745
#10 0x00007ffd95b50a58 in QMetaObject::activate (sender=sender@entry=0x2368330, m=m@entry=0x7ffd97d34d60 <KDirLister::staticMetaObject>, local_signal_index=local_signal_index@entry=2, argv=argv@entry=0x7fffacba1520) at kernel/qobject.cpp:3539
#11 0x00007ffd979a4fb5 in KDirLister::completed (this=this@entry=0x2368330, _t1=...) at ./kdirlister.moc:234
#12 0x00007ffd979b239f in KDirListerCache::emitItemsFromCache (this=0x20deeb0, cachedItemsJob=cachedItemsJob@entry=0x2cb71f0, lister=lister@entry=0x2368330, _url=..., _reload=_reload@entry=false, _emitCompleted=<optimized out>) at ../../kio/kio/kdirlister.cpp:356
#13 0x00007ffd979b251a in KDirLister::Private::CachedItemsJob::done (this=0x2cb71f0) at ../../kio/kio/kdirlister.cpp:307
#14 0x00007ffd95b54dce in QObject::event (this=0x2cb71f0, e=<optimized out>) at kernel/qobject.cpp:1194
#15 0x00007ffd9652ddfc in QApplicationPrivate::notify_helper (this=this@entry=0x1e6e950, receiver=receiver@entry=0x2cb71f0, e=e@entry=0x2928690) at kernel/qapplication.cpp:4567
#16 0x00007ffd96534470 in QApplication::notify (this=this@entry=0x7fffacba1d60, receiver=receiver@entry=0x2cb71f0, e=e@entry=0x2928690) at kernel/qapplication.cpp:4353
#17 0x00007ffd972379aa in KApplication::notify (this=0x7fffacba1d60, receiver=0x2cb71f0, event=0x2928690) at ../../kdeui/kernel/kapplication.cpp:311
#18 0x00007ffd95b3c8bd in QCoreApplication::notifyInternal (this=0x7fffacba1d60, receiver=receiver@entry=0x2cb71f0, event=event@entry=0x2928690) at kernel/qcoreapplication.cpp:946
#19 0x00007ffd95b3fe1f in sendEvent (event=0x2928690, receiver=0x2cb71f0) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:231
#20 QCoreApplicationPrivate::sendPostedEvents (receiver=receiver@entry=0x0, event_type=event_type@entry=0, data=0x1e30180) at kernel/qcoreapplication.cpp:1570
#21 0x00007ffd95b402c3 in QCoreApplication::sendPostedEvents (receiver=receiver@entry=0x0, event_type=event_type@entry=0) at kernel/qcoreapplication.cpp:1463
#22 0x00007ffd95b6a073 in sendPostedEvents () at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:236
#23 postEventSourceDispatch (s=0x1e63e40) at kernel/qeventdispatcher_glib.cpp:279
#24 0x00007ffd916e6446 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#25 0x00007ffd916e6798 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#26 0x00007ffd916e683c in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#27 0x00007ffd95b69a55 in QEventDispatcherGlib::processEvents (this=0x1e63d60, flags=...) at kernel/qeventdispatcher_glib.cpp:424
#28 0x00007ffd965cf9d6 in QGuiEventDispatcherGlib::processEvents (this=<optimized out>, flags=...) at kernel/qguieventdispatcher_glib.cpp:204
#29 0x00007ffd95b3b5ef in QEventLoop::processEvents (this=this@entry=0x7fffacba1c30, flags=...) at kernel/qeventloop.cpp:149
#30 0x00007ffd95b3b8e5 in QEventLoop::exec (this=this@entry=0x7fffacba1c30, flags=...) at kernel/qeventloop.cpp:204
#31 0x00007ffd95b40e5b in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1218
#32 0x00007ffd9652c34c in QApplication::exec () at kernel/qapplication.cpp:3828
#33 0x00007ffd99fd03f7 in kdemain (argc=5, argv=0x7fffacba1e98) at ../../../dolphin/src/main.cpp:93
#34 0x00007ffd99bd9de5 in __libc_start_main (main=0x4006d0 <main(int, char**)>, argc=5, ubp_av=0x7fffacba1e98, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffacba1e88) at libc-start.c:260
#35 0x00000000004006fe in _start ()

Possible duplicates by query: bug 325059, bug 321744, bug 312679.

Reported using DrKonqi
Comment 1 Frank Reininghaus 2013-09-27 08:51:39 UTC
Thanks for the bug report!

It crashes when checking the condition of the following while-loop in

KFileItemModel::lessThan(const ItemData* a, const ItemData* b) const:

while (a->parent != b->parent) {
    a = a->parent;
    b = b->parent;
}

Looks like one of the ItemData* pointers a or b became dangling, possibly because one of them had a dangling "parent" and then got replaced by it in the loop body.

If this theory is correct, it would mean that an expanded folder was removed from the model, but at least one child remained in the model and kept its dangling "parent" pointer. I don't know how that could happen though...

Some questions:

(a) Is it correct that you used the "Details" view before the crash, and that at least one folder was expanded?

(b) Was there anything special about the folder where it happened (local folder, remote file system, ...)?

(c) Did you use a filter (which you can set, e.g., by pressing Ctrl+I and then entering some text)?

(d) Most importantly: can you reproduce the crash if you try to repeat what you did before the first crash?

Thanks for your help!
Comment 2 Frank Reininghaus 2013-09-30 21:45:56 UTC
Created attachment 82567 [details]
Unit test (does not always crash, but Valgrind warns about invalid memory access)
Comment 3 Frank Reininghaus 2013-09-30 21:49:34 UTC
Based on the backtrace and the code, I found out that this might be related to bug 324371.

I can indeed sometimes reproduce the crash when creating a tree structure like

test
    t
        a
    test1
        b
        test2
            c
            test3

and then entering the folder "test" in Details View, searching for "t", and expanding and collapsing some of the folders (it also depends on the order in which the items are reported by KDirLister).

I think I have an idea how this could be fixed.
Comment 4 Frank Reininghaus 2013-10-07 07:31:24 UTC
Git commit 84b40da88d9821c6fc0c9ccbc3a72ec752033763 by Frank Reininghaus.
Committed on 07/10/2013 at 07:26.
Pushed by freininghaus into branch 'master'.

Make the code that removes items from KFileItemModel more robust

When we remove items from the model, we called the function
KFileItemModel::removeItems(const KFileItemList&, RemoveItemsBehavior).
This function then looked up the indexes of the items using the hash
m_items. This is wasteful in the situations when the indexes of the
removed items are known in advance (like when an expanded folder is
collapsed in Details View), and it can cause trouble if one item is
contained in the model multiple times (can happen when searching, and a
file both matches the search and is a child of a folder that matches
the search). Even if expanding folders in the search results list might
not be particularly useful most of the time, it makes sense to make the
model more robust to prevent crashes and other unexpected behavior in
such situations.

This patch makes the following changes to achieve that goal:

* Change the argument of removeItems() from KFileItemList to
  KItemRangeList. To make this work, the "look the indexes up in
  m_items" code is moved from that function to slotItemsDeleted(). In
  the other places where removeItems() is called, the indexes are
  calculated directly (which is not more difficult than determining the
  removed items as a KFileItemList, if one considers that we needed the
  function childItems(KFileItem) for that, which is not needed any more
  with this patch).

* Also removeFilteredChildren() takes a KItemRangeList now. Rather than
  putting the parent KFileItems into a QSet for O(1) lookup (which
  prevents O(N^2) worst case behavior for the entire function), it uses
  a QSet<ItemData*> now, which should even be more efficient (hashing a
  pointer is cheaper than hashing a KFileItem/KUrl).
Related: bug 324371
FIXED-IN: 4.12.0
REVIEW: 113070

M  +77   -70   dolphin/src/kitemviews/kfileitemmodel.cpp
M  +2    -7    dolphin/src/kitemviews/kfileitemmodel.h
M  +1    -1    dolphin/src/tests/kfileitemmodelbenchmark.cpp
M  +58   -0    dolphin/src/tests/kfileitemmodeltest.cpp

http://commits.kde.org/kde-baseapps/84b40da88d9821c6fc0c9ccbc3a72ec752033763
Comment 5 Frank Reininghaus 2013-10-24 19:37:09 UTC
*** Bug 326566 has been marked as a duplicate of this bug. ***
Comment 6 Frank Reininghaus 2014-01-17 08:33:21 UTC
*** Bug 330022 has been marked as a duplicate of this bug. ***
Comment 7 Frank Reininghaus 2014-02-04 09:09:13 UTC
*** Bug 330731 has been marked as a duplicate of this bug. ***
Comment 8 Frank Reininghaus 2014-05-23 16:14:37 UTC
*** Bug 335249 has been marked as a duplicate of this bug. ***