Bug 345758 - kquitapp5 plasmashell causes crash in QQuickItemPrivate::updateSubFocusItem
Summary: kquitapp5 plasmashell causes crash in QQuickItemPrivate::updateSubFocusItem
Status: VERIFIED FIXED
Alias: None
Product: plasmashell
Classification: Plasma
Component: general (show other bugs)
Version: master
Platform: Other Linux
: NOR crash
Target Milestone: 1.0
Assignee: David Edmundson
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-04-01 13:20 UTC by Bhushan Shah
Modified: 2015-04-13 09:40 UTC (History)
5 users (show)

See Also:
Latest Commit: http://commits.kde.org/plasma-workspace/b4df3adace0ef5a471318250c4a948f6ee2b1322
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Bhushan Shah 2015-04-01 13:20:34 UTC 
#0  0xffffffff in QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData> >::data() const (this=0x5) at /home/diau/git/qt5/qtbase/include/QtCore/../../src/corelib/tools/qscopedpointer.h:135
#1  0xffffffff in qGetPtrHelper<QScopedPointer<QObjectData> >(QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData> > const&) (p=...)
    at /home/diau/git/qt5/qtbase/include/QtCore/../../src/corelib/global/qglobal.h:961
#2  0xffffffff in QQuickItem::d_func() (this=0x1)
    at ../../include/QtQuick/../../src/quick/items/qquickitem.h:443
#3  0xffffffff in QQuickItemPrivate::get(QQuickItem*) (item=0x1)
    at ../../include/QtQuick/5.4.2/QtQuick/private/../../../../../src/quick/items/qquickitem_p.h:232
#4  0xffffffff in QQuickItemPrivate::updateSubFocusItem(QQuickItem*, bool) (this=0x8a7bc08, scope=0x8d64488, focus=false) at items/qquickitem.cpp:1632
#5  0xffffffff in QQuickWindowPrivate::clearFocusInScope(QQuickItem*, QQuickItem*, Qt::FocusReason, QFlags<QQuickWindowPrivate::FocusOption>) (this=
    0x8d6d928, scope=0x8d64488, item=0x8f1e078, reason=Qt::OtherFocusReason, options=...)
    at items/qquickwindow.cpp:873
#6  0xffffffff in QQuickItem::setParentItem(QQuickItem*) (this=0x8df8d50, parentItem=0x0)
    at items/qquickitem.cpp:2513
#7  0xffffffff in QQuickItem::~QQuickItem() (this=0x8df8d50, __in_chrg=<optimized out>)
    at items/qquickitem.cpp:2238
#8  0xffffffff in QQmlPrivate::QQmlElement<QQuickItem>::~QQmlElement() (this=0x8df8d50, __in_chrg=<optimized out>) at ../../include/QtQml/../../src/qml/qml/qqmlprivate.h:98
#9  0xffffffff in QQmlPrivate::QQmlElement<QQuickItem>::~QQmlElement() (this=0x8df8d50, __in_chrg=<optimized out>) at ../../include/QtQml/../../src/qml/qml/qqmlprivate.h:98
#10 0xffffffff in QQuickView::~QQuickView() (this=0x8d62f68, __in_chrg=<optimized out>)
    at items/qquickview.cpp:225
#11 0xffffffff in PlasmaQuick::View::~View() (this=0x8d62f68, __in_chrg=<optimized out>)
    at /home/diau/git/kf5/frameworks/plasma-framework/src/plasmaquick/view.cpp:222
#12 0x080b5a79 in DesktopView::~DesktopView() ()
#13 0x080b5ab7 in DesktopView::~DesktopView() ()
#14 0x080dacd4 in void qDeleteAll<QList<DesktopView*>::const_iterator>(QList<DesktopView*>::const_iter---Type <return> to continue, or q <return> to quit---
ator, QList<DesktopView*>::const_iterator) ()
#15 0x080d6bdd in void qDeleteAll<QList<DesktopView*> >(QList<DesktopView*> const&) ()
#16 0x080cacf5 in ShellCorona::~ShellCorona() ()
#17 0x080cae0b in ShellCorona::~ShellCorona() ()
#18 0xffffffff in QObjectPrivate::deleteChildren() (this=0x81d72c8) at kernel/qobject.cpp:1950
#19 0xffffffff in QObject::~QObject() (this=0x81f4ac8, __in_chrg=<optimized out>)
    at kernel/qobject.cpp:1030
#20 0x080e3add in ShellManager::~ShellManager() ()
#21 0x080e3b15 in ShellManager::~ShellManager() ()
#22 0xffffffff in qDeleteInEventHandler(QObject*) (o=0x81f4ac8) at kernel/qobject.cpp:4391
#23 0xffffffff in QObject::event(QEvent*) (this=0x81f4ac8, e=0xa0abe88) at kernel/qobject.cpp:1236
#24 0xffffffff in QApplicationPrivate::notify_helper(QObject*, QEvent*) (this=0x815ceb0, receiver=0x81f4ac8, e=0xa0abe88) at kernel/qapplication.cpp:3720
#25 0xffffffff in QApplication::notify(QObject*, QEvent*) (this=
    0xbfffed48, receiver=0x81f4ac8, e=0xa0abe88) at kernel/qapplication.cpp:3164
#26 0xffffffff in QCoreApplication::notifyInternal(QObject*, QEvent*) (this=0xbfffed48, receiver=0x81f4ac8, event=0xa0abe88) at kernel/qcoreapplication.cpp:935
#27 0xffffffff in QCoreApplication::sendEvent(QObject*, QEvent*) (receiver=0x81f4ac8, event=0xa0abe88) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:228
#28 0xffffffff in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (receiver=0x0, event_type=52, data=0x81573b0) at kernel/qcoreapplication.cpp:1552
#29 0xffffffff in QCoreApplication::sendPostedEvents(QObject*, int) (receiver=0x0, event_type=52)
    at kernel/qcoreapplication.cpp:1410
#30 0xffffffff in QCoreApplication::exec() () at kernel/qcoreapplication.cpp:1195
#31 0xffffffff in QGuiApplication::exec() () at kernel/qguiapplication.cpp:1507
#32 0xffffffff in QApplication::exec() () at kernel/qapplication.cpp:2956
#33 0x080ad2a7 in main ()
Comment 1 Hrvoje Senjan 2015-04-05 17:25:13 UTC 
Slightly different numbers with 5.4 branch:

Thread 1 (Thread 0x7fcf070ac880 (LWP 28216)):
[KCrash Handler]
#5  0x00007fcf04b6fa84 in QQuickItem::parentItem() const (this=this@entry=0x527eaa0) at /usr/src/debug/qtdeclarative-opensource-src-5.4.2/src/quick/items/qquickitem.cpp:2472
#6  0x00007fcf04b6fb10 in QQuickItemPrivate::updateSubFocusItem(QQuickItem*, bool) (this=<optimized out>, scope=scope@entry=0x21bedb0, focus=focus@entry=true) at /usr/src/debug/qtdeclarative-opensource-src-5.4.2/src/quick/items/qquickitem.cpp:1639
#7  0x00007fcf04b7d00d in QQuickItem::setParentItem(QQuickItem*) (this=this@entry=0x21bedb0, parentItem=parentItem@entry=0x0) at /usr/src/debug/qtdeclarative-opensource-src-5.4.2/src/quick/items/qquickitem.cpp:2515
#8  0x00007fcf04b7d506 in QQuickItem::~QQuickItem() (this=0x21bedb0, __in_chrg=<optimized out>) at /usr/src/debug/qtdeclarative-opensource-src-5.4.2/src/quick/items/qquickitem.cpp:2238
#9  0x00007fcf04b96416 in QQmlPrivate::QQmlElement<QQuickItem>::~QQmlElement() (this=0x21bedb0, __in_chrg=<optimized out>) at ../../../src/qml/qml/qqmlprivate.h:98
#10 0x00007fcf04b96416 in QQmlPrivate::QQmlElement<QQuickItem>::~QQmlElement() (this=0x21bedb0, __in_chrg=<optimized out>) at ../../../src/qml/qml/qqmlprivate.h:98
#11 0x00007fcf04c2f76a in QQuickView::~QQuickView() (this=0x20b5960, __in_chrg=<optimized out>) at /usr/src/debug/qtdeclarative-opensource-src-5.4.2/src/quick/items/qquickview.cpp:225
#12 0x000000000043d4f9 in DesktopView::~DesktopView() ()
#13 0x000000000045620e in ShellCorona::~ShellCorona() ()
#14 0x0000000000456489 in ShellCorona::~ShellCorona() ()
#15 0x00007fcf0141d60c in QObjectPrivate::deleteChildren() (this=this@entry=0x126c330) at kernel/qobject.cpp:1950
#16 0x00007fcf0142732c in QObject::~QObject() (this=<optimized out>, __in_chrg=<optimized out>) at kernel/qobject.cpp:1030
#17 0x000000000045e693 in ShellManager::~ShellManager() ()
#18 0x00007fcf0141fb28 in QObject::event(QEvent*) (this=0x12a73b0, e=<optimized out>) at kernel/qobject.cpp:1236
#19 0x00007fcf02744acc in QApplicationPrivate::notify_helper(QObject*, QEvent*) (this=this@entry=0x11b2620, receiver=receiver@entry=0x12a73b0, e=e@entry=0x65a96d0) at kernel/qapplication.cpp:3720
#20 0x00007fcf02749996 in QApplication::notify(QObject*, QEvent*) (this=0x7ffde5868490, receiver=0x12a73b0, e=0x65a96d0) at kernel/qapplication.cpp:3503
#21 0x00007fcf013ef425 in QCoreApplication::notifyInternal(QObject*, QEvent*) (this=0x7ffde5868490, receiver=0x12a73b0, event=event@entry=0x65a96d0) at kernel/qcoreapplication.cpp:935
#22 0x00007fcf013f12bf in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (event=0x65a96d0, receiver=<optimized out>) at kernel/qcoreapplication.h:228
#23 0x00007fcf013f12bf in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (receiver=receiver@entry=0x0, event_type=event_type@entry=52, data=0x11a7570) at kernel/qcoreapplication.cpp:1552
#24 0x00007fcf013f18f8 in QCoreApplication::sendPostedEvents(QObject*, int) (receiver=receiver@entry=0x0, event_type=event_type@entry=52) at kernel/qcoreapplication.cpp:1410
#25 0x00007fcf013f4a3d in QCoreApplication::exec() () at kernel/qcoreapplication.cpp:1195
#26 0x0000000000432878 in main ()
Comment 2 David Edmundson 2015-04-10 14:42:10 UTC 
Valgrind shows this is our fault, we're deleting the desktopview's root item old parent when we delete the containment interface, and our desktopview's main item doesn't seem to know.

==23845==    at 0x4FDC7A9: QQuickWindowPrivate::clearFocusInScope(QQuickItem*, QQuickItem*, Qt::FocusReason, QFlags<QQuickWindowPrivate::FocusOption>) (in /usr/lib/x86_64-linux-gnu/libQt5Quick.so.5.4.1)
==23845==    by 0x4FCD00A: QQuickItem::setParentItem(QQuickItem*) (in /usr/lib/x86_64-linux-gnu/libQt5Quick.so.5.4.1)
==23845==    by 0x4FCD545: QQuickItem::~QQuickItem() (in /usr/lib/x86_64-linux-gnu/libQt5Quick.so.5.4.1)
==23845==    by 0x4FE77C5: QQmlPrivate::QQmlElement<QQuickItem>::~QQmlElement() (in /usr/lib/x86_64-linux-gnu/libQt5Quick.so.5.4.1)
==23845==    by 0x50889D9: QQuickView::~QQuickView() (in /usr/lib/x86_64-linux-gnu/libQt5Quick.so.5.4.1)
==23845==    by 0x599B88C: PlasmaQuick::View::~View() (view.cpp:222)
==23845==    by 0x4815F5: DesktopView::~DesktopView() (desktopview.cpp:69)
==23845==    by 0x48168F: DesktopView::~DesktopView() (desktopview.cpp:72)
==23845==    by 0x4CEE88: void qDeleteAll<QList<DesktopView*>::const_iterator>(QList<DesktopView*>::const_iterator, QList<DesktopView*>::const_iterator) (qalgorithms.h:315)
==23845==    by 0x4C66EB: void qDeleteAll<QList<DesktopView*> >(QList<DesktopView*> const&) (qalgorithms.h:323)
==23845==    by 0x4AC2BF: ShellCorona::~ShellCorona() (shellcorona.cpp:184)
==23845==    by 0x4AC573: ShellCorona::~ShellCorona() (shellcorona.cpp:186)



==23845==  Address 0x282bb388 is 8 bytes inside a block of size 32 free'd
==23845==    at 0x4C2D2E0: operator delete(void*) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23845==    by 0x9A8418B: QObjectPrivate::deleteChildren() (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.4.1)
==23845==    by 0x9A8E7F2: QObject::~QObject() (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.4.1)
==23845==    by 0x4FCD865: QQuickItem::~QQuickItem() (in /usr/lib/x86_64-linux-gnu/libQt5Quick.so.5.4.1)
==23845==    by 0x36E1887D: QQmlPrivate::QQmlElement<DeclarativeDropArea>::~QQmlElement() (in /usr/lib/x86_64-linux-gnu/qt5/qml/org/kde/draganddrop/libdraganddropplugin.so)
==23845==    by 0x5986D24: PlasmaQuick::AppletQuickItem::~AppletQuickItem() (appletquickitem.cpp:405)
==23845==    by 0x2868FC18: AppletInterface::~AppletInterface() (appletinterface.cpp:158)
==23845==    by 0x286AD3E2: ContainmentInterface::~ContainmentInterface() (in /usr/lib/x86_64-linux-gnu/qt5/plugins/plasma_appletscript_declarative.so)
==23845==    by 0x286AD41B: ContainmentInterface::~ContainmentInterface() (containmentinterface.h:50)
==23845==    by 0x9A8418B: QObjectPrivate::deleteChildren() (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.4.1)
==23845==    by 0x9A8E7F2: QObject::~QObject() (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.4.1)
==23845==    by 0x57241DB: Plasma::ScriptEngine::~ScriptEngine() (scriptengine.cpp:42)
Comment 3 Marco Martin 2015-04-13 09:15:30 UTC 
hmm, here it seems when the view gets deleted the associated containmentiterface has already been deleted (but yes, the crash is reproduceable)
Comment 4 Marco Martin 2015-04-13 09:34:20 UTC 
Git commit b4df3adace0ef5a471318250c4a948f6ee2b1322 by Marco Martin.
Committed on 13/04/2015 at 09:33.
Pushed by mart into branch 'master'.

delete the views before containments

if we delete containments before views, an invalid delete
will be done at views delete

M  +1    -1    shell/shellcorona.cpp

http://commits.kde.org/plasma-workspace/b4df3adace0ef5a471318250c4a948f6ee2b1322
Comment 5 Lukáš Tinkl 2015-04-13 09:40:26 UTC 
Yup, thx!