Bug 335672 - Dolphin crashed when creating a new tab when current tab's URL is man:/
Summary: Dolphin crashed when creating a new tab when current tab's URL is man:/
Status: RESOLVED FIXED
Alias: None
Product: dolphin
Classification: Applications
Component: general (show other bugs)
Version: 4.13.0
Platform: Ubuntu Linux
: NOR crash
Target Milestone: ---
Assignee: Dolphin Bug Assignee
URL:
Keywords: drkonqi, reproducible
Depends on:
Blocks:
 
Reported: 2014-06-01 23:47 UTC by V字龍(Vdragon)
Modified: 2014-07-16 15:50 UTC (History)
1 user (show)

See Also:
Latest Commit:
Version Fixed In: 4.13.2


Attachments
Possible fix (a unit test should also be added though) (1.33 KB, patch)
2014-06-02 16:48 UTC, Frank Reininghaus
Details

Note You need to log in before you can comment on or make changes to this bug.
Description V字龍(Vdragon) 2014-06-01 23:47:39 UTC
Application: dolphin (4.13.0)
KDE Platform Version: 4.13.0
Qt Version: 4.8.6
Operating System: Linux 3.15.0-031500rc7-lowlatency x86_64
Distribution: Ubuntu 14.04 LTS

-- Information about the crash:
- What I was doing when the application crashed:
1. browse man:/
2. create a new tab

OS
Ubuntu 14.04LTS x86 64bit
Locale
zh_TW.UTF-8

-- Backtrace:
Application: Dolphin (dolphin), signal: Segmentation fault
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[Current thread is 1 (Thread 0x7f7d4069f800 (LWP 4096))]

Thread 4 (Thread 0x7f7d20f99700 (LWP 4097)):
#0  0x00007f7d3ff646bd in read () at ../sysdeps/unix/syscall-template.S:81
#1  0x00007f7d2c7fee41 in ?? () from /usr/lib/nvidia-331-updates/tls/libnvidia-tls.so.331.38
#2  0x00007f7d36f17c20 in read (__nbytes=16, __buf=0x7f7d20f98ba0, __fd=<optimized out>) at /usr/include/x86_64-linux-gnu/bits/unistd.h:44
#3  g_wakeup_acknowledge (wakeup=0xf536c0) at /build/buildd/glib2.0-2.40.0/./glib/gwakeup.c:210
#4  0x00007f7d36ed6b14 in g_main_context_check (context=context@entry=0x7f7d1c0009c0, max_priority=2147483647, fds=fds@entry=0x7f7d1c0034b0, n_fds=n_fds@entry=1) at /build/buildd/glib2.0-2.40.0/./glib/gmain.c:3532
#5  0x00007f7d36ed6f7b in g_main_context_iterate (context=context@entry=0x7f7d1c0009c0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at /build/buildd/glib2.0-2.40.0/./glib/gmain.c:3731
#6  0x00007f7d36ed70ec in g_main_context_iteration (context=0x7f7d1c0009c0, may_block=1) at /build/buildd/glib2.0-2.40.0/./glib/gmain.c:3795
#7  0x00007f7d3bfd67be in QEventDispatcherGlib::processEvents (this=0x7f7d1c0008e0, flags=...) at kernel/qeventdispatcher_glib.cpp:436
#8  0x00007f7d3bfa80af in QEventLoop::processEvents (this=this@entry=0x7f7d20f98da0, flags=...) at kernel/qeventloop.cpp:149
#9  0x00007f7d3bfa83a5 in QEventLoop::exec (this=this@entry=0x7f7d20f98da0, flags=...) at kernel/qeventloop.cpp:204
#10 0x00007f7d3bea4c5f in QThread::exec (this=this@entry=0x12d6580) at thread/qthread.cpp:537
#11 0x00007f7d3bf89823 in QInotifyFileSystemWatcherEngine::run (this=0x12d6580) at io/qfilesystemwatcher_inotify.cpp:265
#12 0x00007f7d3bea732f in QThreadPrivate::start (arg=0x12d6580) at thread/qthread_unix.cpp:349
#13 0x00007f7d373b6182 in start_thread (arg=0x7f7d20f99700) at pthread_create.c:312
#14 0x00007f7d3ff7330d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 3 (Thread 0x7f7d1bfff700 (LWP 4098)):
#0  __pthread_mutex_unlock_usercnt (decr=1, mutex=0x7f7d14000a80) at pthread_mutex_unlock.c:81
#1  __GI___pthread_mutex_unlock (mutex=0x7f7d14000a80) at pthread_mutex_unlock.c:310
#2  0x00007f7d36f189c1 in g_mutex_unlock (mutex=mutex@entry=0x7f7d140009c0) at /build/buildd/glib2.0-2.40.0/./glib/gthread-posix.c:228
#3  0x00007f7d36ed6ef6 in g_main_context_iterate (context=context@entry=0x7f7d140009c0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at /build/buildd/glib2.0-2.40.0/./glib/gmain.c:3712
#4  0x00007f7d36ed70ec in g_main_context_iteration (context=0x7f7d140009c0, may_block=1) at /build/buildd/glib2.0-2.40.0/./glib/gmain.c:3795
#5  0x00007f7d3bfd67be in QEventDispatcherGlib::processEvents (this=0x7f7d140008e0, flags=...) at kernel/qeventdispatcher_glib.cpp:436
#6  0x00007f7d3bfa80af in QEventLoop::processEvents (this=this@entry=0x7f7d1bffede0, flags=...) at kernel/qeventloop.cpp:149
#7  0x00007f7d3bfa83a5 in QEventLoop::exec (this=this@entry=0x7f7d1bffede0, flags=...) at kernel/qeventloop.cpp:204
#8  0x00007f7d3bea4c5f in QThread::exec (this=<optimized out>) at thread/qthread.cpp:537
#9  0x00007f7d3bea732f in QThreadPrivate::start (arg=0x13318a0) at thread/qthread_unix.cpp:349
#10 0x00007f7d373b6182 in start_thread (arg=0x7f7d1bfff700) at pthread_create.c:312
#11 0x00007f7d3ff7330d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 2 (Thread 0x7f7d13fff700 (LWP 4121)):
#0  0x00007f7d3ff65fbd in poll () at ../sysdeps/unix/syscall-template.S:81
#1  0x00007f7d36ed6fe4 in g_main_context_poll (priority=2147483647, n_fds=1, fds=0x7f7d080032b0, timeout=-1, context=0x7f7d080009c0) at /build/buildd/glib2.0-2.40.0/./glib/gmain.c:4028
#2  g_main_context_iterate (context=context@entry=0x7f7d080009c0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at /build/buildd/glib2.0-2.40.0/./glib/gmain.c:3729
#3  0x00007f7d36ed70ec in g_main_context_iteration (context=0x7f7d080009c0, may_block=1) at /build/buildd/glib2.0-2.40.0/./glib/gmain.c:3795
#4  0x00007f7d3bfd67be in QEventDispatcherGlib::processEvents (this=0x7f7d080008e0, flags=...) at kernel/qeventdispatcher_glib.cpp:436
#5  0x00007f7d3bfa80af in QEventLoop::processEvents (this=this@entry=0x7f7d13ffeda0, flags=...) at kernel/qeventloop.cpp:149
#6  0x00007f7d3bfa83a5 in QEventLoop::exec (this=this@entry=0x7f7d13ffeda0, flags=...) at kernel/qeventloop.cpp:204
#7  0x00007f7d3bea4c5f in QThread::exec (this=this@entry=0x19064e0) at thread/qthread.cpp:537
#8  0x00007f7d3bf89823 in QInotifyFileSystemWatcherEngine::run (this=0x19064e0) at io/qfilesystemwatcher_inotify.cpp:265
#9  0x00007f7d3bea732f in QThreadPrivate::start (arg=0x19064e0) at thread/qthread_unix.cpp:349
#10 0x00007f7d373b6182 in start_thread (arg=0x7f7d13fff700) at pthread_create.c:312
#11 0x00007f7d3ff7330d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 1 (Thread 0x7f7d4069f800 (LWP 4096)):
[KCrash Handler]
#6  operator! (this=<optimized out>) at /usr/include/qt4/QtCore/qshareddata.h:122
#7  KFileItem::url (this=0x0) at ../../kio/kio/kfileitem.cpp:1551
#8  0x00007f7d3f277f00 in KFileItemModel::index (this=this@entry=0x2be9000, url=...) at ../../../dolphin/src/kitemviews/kfileitemmodel.cpp:390
#9  0x00007f7d3f2780dc in KFileItemModel::index (this=0x2be9000, item=...) at ../../../dolphin/src/kitemviews/kfileitemmodel.cpp:366
#10 0x00007f7d3f2885c9 in KFileItemModelRolesUpdater::slotItemsRemoved (this=0x1ade450, itemRanges=...) at ../../../dolphin/src/kitemviews/kfileitemmodelrolesupdater.cpp:389
#11 0x00007f7d3f289ae1 in KFileItemModelRolesUpdater::qt_static_metacall (_o=0x1ade450, _id=0, _a=0x28c, _c=<optimized out>) at ./kfileitemmodelrolesupdater.moc:78
#12 0x00007f7d3bfbd87a in QMetaObject::activate (sender=sender@entry=0x2be9000, m=m@entry=0x7f7d3f502600 <KItemModelBase::staticMetaObject>, local_signal_index=local_signal_index@entry=1, argv=argv@entry=0x7fffbd12b040) at kernel/qobject.cpp:3539
#13 0x00007f7d3f2a1975 in KItemModelBase::itemsRemoved (this=this@entry=0x2be9000, _t1=...) at ./kitemmodelbase.moc:129
#14 0x00007f7d3f277c58 in KFileItemModel::removeItems (this=0x2be9000, itemRanges=..., behavior=<optimized out>) at ../../../dolphin/src/kitemviews/kfileitemmodel.cpp:1211
#15 0x00007f7d3f27ed51 in KFileItemModel::slotItemsDeleted (this=0x2be9000, items=...) at ../../../dolphin/src/kitemviews/kfileitemmodel.cpp:959
#16 0x00007f7d3bfbd87a in QMetaObject::activate (sender=0x2f63500, m=m@entry=0x7f7d3e1a6d60 <KDirLister::staticMetaObject>, local_signal_index=local_signal_index@entry=13, argv=argv@entry=0x7fffbd12b280) at kernel/qobject.cpp:3539
#17 0x00007f7d3de17895 in KDirLister::itemsDeleted (this=<optimized out>, _t1=...) at ./kdirlister.moc:308
#18 0x00007f7d3de191d5 in KDirLister::Private::emitItemsDeleted (this=0x4011e20, _items=...) at ../../kio/kio/kdirlister.cpp:2553
#19 0x00007f7d3de2017f in KDirListerCache::itemsDeleted (this=this@entry=0x12e4c80, listers=..., deletedItems=...) at ../../kio/kio/kdirlister.cpp:1893
#20 0x00007f7d3de2034e in KDirListerCache::deleteUnmarkedItems (this=this@entry=0x12e4c80, listers=..., lstItems=...) at ../../kio/kio/kdirlister.cpp:1887
#21 0x00007f7d3de2224f in KDirListerCache::slotUpdateResult (this=<optimized out>, j=<optimized out>) at ../../kio/kio/kdirlister.cpp:1823
#22 0x00007f7d3bfbd87a in QMetaObject::activate (sender=sender@entry=0x3573a00, m=m@entry=0x7f7d3c7c3600 <KJob::staticMetaObject>, local_signal_index=local_signal_index@entry=3, argv=argv@entry=0x7fffbd12b600) at kernel/qobject.cpp:3539
#23 0x00007f7d3c433622 in KJob::result (this=this@entry=0x3573a00, _t1=_t1@entry=0x3573a00) at ./kjob.moc:207
#24 0x00007f7d3c433660 in KJob::emitResult (this=this@entry=0x3573a00) at ../../kdecore/jobs/kjob.cpp:318
#25 0x00007f7d3de0139a in KIO::SimpleJob::slotFinished (this=this@entry=0x3573a00) at ../../kio/kio/job.cpp:496
#26 0x00007f7d3de05e4e in KIO::ListJob::slotFinished (this=0x3573a00) at ../../kio/kio/job.cpp:2713
#27 0x00007f7d3bfbd87a in QMetaObject::activate (sender=0x2fcfc80, m=m@entry=0x7f7d3e1aa580 <KIO::SlaveInterface::staticMetaObject>, local_signal_index=local_signal_index@entry=4, argv=argv@entry=0x0) at kernel/qobject.cpp:3539
#28 0x00007f7d3de9f263 in KIO::SlaveInterface::finished (this=<optimized out>) at ./slaveinterface.moc:184
#29 0x00007f7d3dea07a6 in KIO::SlaveInterface::dispatch (this=<optimized out>, _cmd=104, rawdata=...) at ../../kio/kio/slaveinterface.cpp:176
#30 0x00007f7d3de9e29e in KIO::SlaveInterface::dispatch (this=0x2fcfc80) at ../../kio/kio/slaveinterface.cpp:92
#31 0x00007f7d3de92f16 in KIO::Slave::gotInput (this=0x2fcfc80) at ../../kio/kio/slave.cpp:344
#32 0x00007f7d3bfbd87a in QMetaObject::activate (sender=0x24a0880, m=m@entry=0x7f7d3e1a3aa0 <KIO::Connection::staticMetaObject>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x0) at kernel/qobject.cpp:3539
#33 0x00007f7d3ddceb40 in KIO::Connection::readyRead (this=<optimized out>) at ./connection.moc:105
#34 0x00007f7d3ddcf231 in KIO::ConnectionPrivate::dequeue (this=0x41f8a70) at ../../kio/kio/connection.cpp:82
#35 0x00007f7d3bfc1c1e in QObject::event (this=0x24a0880, e=<optimized out>) at kernel/qobject.cpp:1194
#36 0x00007f7d3c99be2c in QApplicationPrivate::notify_helper (this=this@entry=0xfe3b00, receiver=receiver@entry=0x24a0880, e=e@entry=0x57f90c0) at kernel/qapplication.cpp:4567
#37 0x00007f7d3c9a24a0 in QApplication::notify (this=this@entry=0x7fffbd12c320, receiver=receiver@entry=0x24a0880, e=e@entry=0x57f90c0) at kernel/qapplication.cpp:4353
#38 0x00007f7d3d6a6baa in KApplication::notify (this=0x7fffbd12c320, receiver=0x24a0880, event=0x57f90c0) at ../../kdeui/kernel/kapplication.cpp:311
#39 0x00007f7d3bfa94dd in QCoreApplication::notifyInternal (this=0x7fffbd12c320, receiver=receiver@entry=0x24a0880, event=event@entry=0x57f90c0) at kernel/qcoreapplication.cpp:953
#40 0x00007f7d3bfacb3d in sendEvent (event=0x57f90c0, receiver=0x24a0880) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:231
#41 QCoreApplicationPrivate::sendPostedEvents (receiver=receiver@entry=0x0, event_type=event_type@entry=0, data=0xfaa1b0) at kernel/qcoreapplication.cpp:1577
#42 0x00007f7d3bfacfe3 in QCoreApplication::sendPostedEvents (receiver=receiver@entry=0x0, event_type=event_type@entry=0) at kernel/qcoreapplication.cpp:1470
#43 0x00007f7d3bfd6f83 in sendPostedEvents () at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:236
#44 postEventSourceDispatch (s=0xfece30) at kernel/qeventdispatcher_glib.cpp:287
#45 0x00007f7d36ed6e04 in g_main_dispatch (context=0xfe3fe0) at /build/buildd/glib2.0-2.40.0/./glib/gmain.c:3064
#46 g_main_context_dispatch (context=context@entry=0xfe3fe0) at /build/buildd/glib2.0-2.40.0/./glib/gmain.c:3663
#47 0x00007f7d36ed7048 in g_main_context_iterate (context=context@entry=0xfe3fe0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at /build/buildd/glib2.0-2.40.0/./glib/gmain.c:3734
#48 0x00007f7d36ed70ec in g_main_context_iteration (context=0xfe3fe0, may_block=1) at /build/buildd/glib2.0-2.40.0/./glib/gmain.c:3795
#49 0x00007f7d3bfd67a1 in QEventDispatcherGlib::processEvents (this=0xfabaa0, flags=...) at kernel/qeventdispatcher_glib.cpp:434
#50 0x00007f7d3ca3dbb6 in QGuiEventDispatcherGlib::processEvents (this=<optimized out>, flags=...) at kernel/qguieventdispatcher_glib.cpp:204
#51 0x00007f7d3bfa80af in QEventLoop::processEvents (this=this@entry=0x7fffbd12c1f0, flags=...) at kernel/qeventloop.cpp:149
#52 0x00007f7d3bfa83a5 in QEventLoop::exec (this=this@entry=0x7fffbd12c1f0, flags=...) at kernel/qeventloop.cpp:204
#53 0x00007f7d3bfadb79 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1225
#54 0x00007f7d3c99a37c in QApplication::exec () at kernel/qapplication.cpp:3828
#55 0x00007f7d4028e4f7 in kdemain (argc=5, argv=0x7fffbd12c458) at ../../../dolphin/src/main.cpp:93
#56 0x00007f7d3fe99ec5 in __libc_start_main (main=0x4006d0 <main(int, char**)>, argc=5, argv=0x7fffbd12c458, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffbd12c448) at libc-start.c:287
#57 0x00000000004006fe in _start ()

Reported using DrKonqi
Comment 1 Jekyll Wu 2014-06-02 00:37:29 UTC

*** This bug has been marked as a duplicate of bug 329494 ***
Comment 2 Martin Walch 2014-06-02 01:05:11 UTC
(In reply to comment #1)
> 
> 
> *** This bug has been marked as a duplicate of bug 329494 ***

Can you please double check this? Bug #329494 says "FIXED-IN: 4.13.0" while this bug report is against 4.13.0. Accordingly something is inconsistent. I see four possibilities that would explain this:
* the version number in this bug report is wrong
* the "FIXED-IN" version of #329494 is wrong
* this is not really a duplicate of bug #329494
* bug #329494 has not been completely fixed

(well, …or I have a wrong understanding of the "FIXED-IN" field)
Comment 3 V字龍(Vdragon) 2014-06-02 01:44:54 UTC
@Jekyll Wu @walch.martin
Hi, 
> *** This bug has been marked as a duplicate of bug 329494 ***
Currently I don't see much similarity on these two bug reports, I'm not running any activities over the CWD of Dolphin.
> * the version number in this bug report is wrong
The version number is reported by Dr.Konqi and is indeed 4.13.0

There's another people in the community(https://plus.google.com/118409732640227044376/posts/WvfijVNrpZK) using 4.13.1 can reproduce this issue, so I revert the status back to original.
Comment 4 Frank Reininghaus 2014-06-02 10:51:05 UTC
Thanks for the bug report! I can confirm the problem.

(In reply to comment #0)
> #17 0x00007f7d3de17895 in KDirLister::itemsDeleted (this=<optimized out>,
> _t1=...) at ./kdirlister.moc:308

It's a bit weird that the man kioslave reports that items are deleted when we open a new tab, but this seems unrelated to the actual cause of the crash.

I see the same crash when opening man:, then opening the filter bar with Ctrl+I, and pressing 'a'.
Comment 5 Frank Reininghaus 2014-06-02 16:48:45 UTC
Created attachment 86966 [details]
Possible fix (a unit test should also be added though)

For some reason, the man: kioslave adds multiple items with the same URL (for example, I have two items with the name '_exit' here when I view man:).

When opening a new tab, the kioslave reports some items as deleted (I do not know why). The problem is that some of the duplicate items are also reported as deleted, and then KFileItemModel tries to remove them twice. This corrupts the internal data structures and finally causes a crash.

I don't know why man: behaves as it does, but we should definitely not let Dolphin crash if a kioslave misbehaves. The solution is to remove duplicates from the list of deleted items.

We should definitely add a unit test for this problem though. Should be quite straightforward, I'll look into it.
Comment 6 Jekyll Wu 2014-06-04 00:49:08 UTC

*** This bug has been marked as a duplicate of bug 329494 ***
Comment 7 V字龍(Vdragon) 2014-06-04 00:57:10 UTC
@Jekyll Wu
Hi, I wondered why you kept marking this bug as a duplicate of an already-fixed-in-previous-versions-of-Dolphin bug?
Comment 8 Frank Reininghaus 2014-06-04 09:00:13 UTC
My patch from comment 5 still had a bug. An updated patch, including new tests, it at https://git.reviewboard.kde.org/r/118507/
Comment 9 Frank Reininghaus 2014-06-04 19:55:10 UTC
Git commit 4b4cbf5d9ac1e3b9eed9c258edbfbb4fe12df4fe by Frank Reininghaus.
Committed on 04/06/2014 at 19:48.
Pushed by freininghaus into branch 'KDE/4.13'.

Fix possible crash if a kioslave adds multiple items with the same URL

When opening the URL "man:", there are multiple items with the same
name (for example, _exit is shown twice here). When opening a new tab,
the kioslave reports some items as deleted (I have not quite understood
why). The problem is that it reports some of the duplicate items twice
in the list of deleted items. This confused KFileItemModel and
corrupted the internal data structures, and finally, caused a crash.

The fix is to remove all duplicates from
KItemRangeList::fromSortedContainer(const Container& container).

New unit tests included.
REVIEW: 118507
FIXED-IN: 4.13.2

M  +35   -1    dolphin/src/kitemviews/kfileitemmodel.cpp
M  +9    -1    dolphin/src/kitemviews/kitemrange.h
M  +7    -0    dolphin/src/tests/CMakeLists.txt
M  +22   -0    dolphin/src/tests/kfileitemmodeltest.cpp
A  +75   -0    dolphin/src/tests/kitemrangetest.cpp     [License: GPL (v2+)]

http://commits.kde.org/kde-baseapps/4b4cbf5d9ac1e3b9eed9c258edbfbb4fe12df4fe
Comment 10 V字龍(Vdragon) 2014-07-16 15:50:10 UTC
I confirmed that this bug is fixed in 4.13.2, thanks!