Qt Version: 5.4.0 -- Information about the crash: - What I was doing when the application crashed: I can't reproduce this every time, but sometimes when I scroll to the bottom of a file in vim konsole crashes. I suspect it's trying to send a notification and somehow fails in the process. -- Backtrace: Application: Konsole (kdeinit5), signal: Segmentation fault Using host libthread_db library "/lib64/libthread_db.so.1". [Current thread is 1 (Thread 0x7f97715d0800 (LWP 696))] Thread 2 (Thread 0x7f976e7df700 (LWP 697)): #0 0x00007f977421a66d in poll () at /lib64/libc.so.6 #1 0x00007f9773e4d052 in _xcb_conn_wait () at /usr/lib64/libxcb.so.1 #2 0x00007f9773e4eaef in xcb_wait_for_event () at /usr/lib64/libxcb.so.1 #3 0x00007f976ee50dd9 in QXcbEventReader::run() () at /usr/lib64/qt5/plugins/platforms/libqxcb.so #4 0x00007f977499d08f in QThreadPrivate::start(void*) () at /usr/lib64/libQt5Core.so.5 #5 0x00007f9773f23034 in start_thread () at /lib64/libpthread.so.0 #6 0x00007f977422331d in clone () at /lib64/libc.so.6 Thread 1 (Thread 0x7f97715d0800 (LWP 696)): [KCrash Handler] #5 0x00007f9774b83f37 in QMetaObject::cast(QObject*) const () at /usr/lib64/libQt5Core.so.5 #6 0x00007f9770899329 in NotifyByPopup::onGalagoServerReply(QDBusPendingCallWatcher*) () at /usr/lib64/libKF5Notifications.so.5 #7 0x00007f9774baa9dd in QMetaObject::activate(QObject*, int, int, void**) () at /usr/lib64/libQt5Core.so.5 #8 0x00007f9775b0d18f in QDBusPendingCallWatcher::finished(QDBusPendingCallWatcher*) () at /usr/lib64/libQt5DBus.so.5 #9 0x00007f9775b0e765 in QDBusPendingCallWatcher::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) () at /usr/lib64/libQt5DBus.so.5 #10 0x00007f9774babaa2 in QObject::event(QEvent*) () at /usr/lib64/libQt5Core.so.5 #11 0x00007f9774f1709c in QApplicationPrivate::notify_helper(QObject*, QEvent*) () at /usr/lib64/libQt5Widgets.so.5 #12 0x00007f9774f1c330 in QApplication::notify(QObject*, QEvent*) () at /usr/lib64/libQt5Widgets.so.5 #13 0x00007f9774b7c613 in QCoreApplication::notifyInternal(QObject*, QEvent*) () at /usr/lib64/libQt5Core.so.5 #14 0x00007f9774b7e5cb in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () at /usr/lib64/libQt5Core.so.5 #15 0x00007f9774bd1073 in postEventSourceDispatch(_GSource*, int (*)(void*), void*) () at /usr/lib64/libQt5Core.so.5 #16 0x00007f9771e0a044 in g_main_context_dispatch () at /usr/lib64/libglib-2.0.so.0 #17 0x00007f9771e0a288 in g_main_context_iterate.isra () at /usr/lib64/libglib-2.0.so.0 #18 0x00007f9771e0a32c in g_main_context_iteration () at /usr/lib64/libglib-2.0.so.0 #19 0x00007f9774bd1467 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib64/libQt5Core.so.5 #20 0x00007f9774b7a1e2 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib64/libQt5Core.so.5 #21 0x00007f9774b8192d in QCoreApplication::exec() () at /usr/lib64/libQt5Core.so.5 #22 0x00007f976f77f93c in kdemain(int, char**) (argc=3, argv=0x1e45970) at /var/tmp/paludis/build/kde-konsole-scm/work/konsole-scm/src/main.cpp:90 #23 0x00000000004086f4 in launch(int, char const*, char const*, char const*, int, char const*, bool, char const*, bool, char const*) () #24 0x0000000000409e99 in handle_launcher_request(int, char const*) [clone .isra.23] () #25 0x000000000040a488 in handle_requests(int) () #26 0x0000000000405402 in main () An https://bugs.kde.org/ berichten Reproducible: Sometimes
Thanks for the report If you run Konsole from Konsole (erm..), is there any output prior to the crash?
I'm sorry, I can't reproduce this anymore.
Just happened to get the same backtrace. while re-connecting to the network (I think). Still seems to be an issue. kded5 version: 5.5.0-0ubuntu1 Application: kded5 (kded5), signal: Segmentation fault Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". [Current thread is 1 (Thread 0x7f2ba05667c0 (LWP 5765))] Thread 3 (Thread 0x7f2b91b82700 (LWP 5766)): #0 0x00007f2b9fe9545d in poll () at ../sysdeps/unix/syscall-template.S:81 #1 0x00007f2b9a144b72 in poll (__timeout=-1, __nfds=1, __fds=0x7f2b91b81d00) at /usr/include/x86_64-linux-gnu/bits/poll2.h:46 #2 _xcb_conn_wait (c=c@entry=0xc42450, cond=cond@entry=0xc42490, vector=vector@entry=0x0, count=count@entry=0x0) at ../../src/xcb_conn.c:447 #3 0x00007f2b9a14664f in xcb_wait_for_event (c=0xc42450) at ../../src/xcb_in.c:622 #4 0x00007f2b94911e39 in ?? () from /usr/lib/x86_64-linux-gnu/qt5/plugins/platforms/libqxcb.so #5 0x00007f2b9d9876ce in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5 #6 0x00007f2b9d3c50a5 in start_thread (arg=0x7f2b91b82700) at pthread_create.c:309 #7 0x00007f2b9fe9f90d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 Thread 2 (Thread 0x7f2b678e8700 (LWP 5783)): #0 0x00007f2b9fe9545d in poll () at ../sysdeps/unix/syscall-template.S:81 #1 0x00007f2b9cea614c in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #2 0x00007f2b9cea64d2 in g_main_loop_run () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #3 0x00007f2b78620d56 in ?? () from /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0 #4 0x00007f2b9ceccb95 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #5 0x00007f2b9d3c50a5 in start_thread (arg=0x7f2b678e8700) at pthread_create.c:309 #6 0x00007f2b9fe9f90d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 Thread 1 (Thread 0x7f2ba05667c0 (LWP 5765)): [KCrash Handler] #6 0x00007f2b9dbcc7c7 in QMetaObject::cast(QObject*) const () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5 #7 0x00007f2b905e1c6c in qobject_cast<KNotification*> (object=<optimized out>) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qobject.h:522 #8 object (v=...) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qvariant.h:695 #9 invoke (a=...) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qvariant.h:101 #10 qvariant_cast<KNotification*> (v=...) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qvariant.h:810 #11 value<KNotification*> (this=0x7fffe0e16420) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qvariant.h:348 #12 NotifyByPopup::onGalagoServerReply (this=0x10ac5f0, watcher=0xcbe460) at ../../src/notifybypopup.cpp:467 #13 0x00007f2b9dbf3b0d in QMetaObject::activate(QObject*, int, int, void**) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5 #14 0x00007f2b9ea1fc8f in QDBusPendingCallWatcher::finished(QDBusPendingCallWatcher*) () from /usr/lib/x86_64-linux-gnu/libQt5DBus.so.5 #15 0x00007f2b9ea213e5 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5DBus.so.5 #16 0x00007f2b9dbf4a0a in QObject::event(QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5 #17 0x00007f2b9f68f0ec in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5 #18 0x00007f2b9f6945c0 in QApplication::notify(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5 #19 0x00007f2b9dbc48fb in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5 #20 0x00007f2b9dbc68f3 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5 #21 0x00007f2b9dc1c8d3 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5 #22 0x00007f2b9cea5ecd in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #23 0x00007f2b9cea61b0 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #24 0x00007f2b9cea625c in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #25 0x00007f2b9dc1cce7 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5 #26 0x00007f2b9dbc2042 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5 #27 0x00007f2b9dbc9c8c in QCoreApplication::exec() () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5 #28 0x00007f2ba0176161 in kdemain (argc=1, argv=<optimized out>) at ../../src/kded.cpp:827 #29 0x00007f2b9fdc6ec5 in __libc_start_main (main=0x400720 <main(int, char**)>, argc=1, argv=0x7fffe0e16d88, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffe0e16d78) at libc-start.c:287 #30 0x000000000040074e in _start ()
I'm really unsure about why it would crash in the way it crashed. The code in question is KNotification *notification = watcher->property("notificationObject").value<KNotification*>(); ...followed by checks for notification being null of course, but it crashes on this very line. Any ideas?
the KNotification object gets deleted before the DBus call completes. NotifyByPopup::onGalagoServerReply now does a qobject_cast on a dangly pointer I have a patch. See RB in a few seconds.
Git commit eb9f3dd53f5c1f0ded9c9d24dff2a55224aae9f9 by David Edmundson. Committed on 01/01/2015 at 23:22. Pushed by davidedmundson into branch 'master'. Fix crash accessing dangling pointer in NotifyByPopup sendNotificationToGalagoServer creates a new QDBusPendingCallWatcher for a sent DBus message. It puts the original KNotification as a proprty on the QObject. If the local KNotification object got destroyed whilst that DBus operation was happening this meant we would read a dangling pointer. By setting the parent of the call watcher to the notification we can make sure we don't process the call finishing if the notification no longer exists. REVIEW: 121786 M +3 -2 src/notifybypopup.cpp http://commits.kde.org/knotifications/eb9f3dd53f5c1f0ded9c9d24dff2a55224aae9f9