363470 – Krita crashes after drag&drop specific *.kra over the canvas to insert as layers

Bug 363470 - Krita crashes after drag&drop specific *.kra over the canvas to insert as layers

Summary: Krita crashes after drag&drop specific *.kra over the canvas to insert as layers

Status:	RESOLVED FIXED

Alias:	None

Product:	krita
Classification:	Applications
Component:	Layer Stack (show other bugs)
Version:	git master (please specify the git hash!)
Platform:	Compiled Sources Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Krita Bugs

URL:
Keywords:

Depends on:
Blocks:

Reported:	2016-05-24 14:11 UTC by David REVOY
Modified:	2016-05-27 10:08 UTC (History)
CC List:	3 users (show)

See Also:
Latest Commit:	http://commits.kde.org/krita/ea7592e93feadb2080a6c48ca6ce44b88ee3230e
Version Fixed In:
Sentry Crash Report:

Attachments
[ ^ gdb crash report ] (13.29 KB, text/plain) 2016-05-24 14:11 UTC, David REVOY	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description David REVOY 2016-05-24 14:11:04 UTC

Created attachment 99155 [details]
[ ^ gdb crash report ]

Here is a bug I crash I can reproduce. A recent behavior. 

To reproduce: 
=========== 
1. Download this *.kra file https://share.kde.org/index.php/s/AhJBHPsIgFLcgW7 ( a page of P&C episode14 , 14MB ) and extract it to get the *.kra file 
2. Open Krita with and a canvas
3. Drag and Drop the *.kra comic page over the canvas, and select the top option : 'insert as layer'

Result:
======
Krita crashes ( GDB output in attachement ). 

( Note: it doesn't crash with all *.kra; mostly those using Adjustement Layers , as Pepper&Carrot pages does. )

Comment 1 Halla Rempt 2016-05-24 14:27:16 UTC

Weird... It doesn't crash with this file for me.

Comment 2 Halla Rempt 2016-05-24 14:28:39 UTC

That said, it's probably a timing issue since it happens when the progress reporter is destroyed.

Comment 3 Camille Bissuel 2016-05-24 16:43:36 UTC

I can reproduce always under Antergos and Krita3 compiled today from Git

Comment 4 Raghavendra kamath 2016-05-24 19:01:21 UTC

I can reproduce this with the file that David shared.

here is a back trace from Dr. qonqi


Application: Krita (krita), signal: Segmentation fault
Using host libthread_db library "/usr/lib/libthread_db.so.1".
[Current thread is 1 (Thread 0x7f78b6e51840 (LWP 29425))]

Thread 13 (Thread 0x7f789544a700 (LWP 29427)):
#0  0x00007f78ae79d68d in poll () from /usr/lib/libc.so.6
#1  0x00007f78a9bc3fd6 in ?? () from /usr/lib/libglib-2.0.so.0
#2  0x00007f78a9bc40ec in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#3  0x00007f78af5d86eb in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQt5Core.so.5
#4  0x00007f78af58046a in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQt5Core.so.5
#5  0x00007f78af3a72f3 in QThread::exec() () from /usr/lib/libQt5Core.so.5
#6  0x00007f78aa9dfa65 in ?? () from /usr/lib/libQt5DBus.so.5
#7  0x00007f78af3ac1d8 in ?? () from /usr/lib/libQt5Core.so.5
#8  0x00007f78ab091474 in start_thread () from /usr/lib/libpthread.so.0
#9  0x00007f78ae7a669d in clone () from /usr/lib/libc.so.6

Thread 12 (Thread 0x7f788281a700 (LWP 29428)):
#0  0x00007f78ab09709f in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/lib/libpthread.so.0
#1  0x00007f78af3ad08b in QWaitCondition::wait(QMutex*, unsigned long) () from /usr/lib/libQt5Core.so.5
#2  0x00007f78af3a5d53 in QSemaphore::acquire(int) () from /usr/lib/libQt5Core.so.5
#3  0x00007f78b59d965d in KisTileDataPooler::waitForWork (this=0x7f78b5eb7ce0 <(anonymous namespace)::Q_QGS_s_instance::innerFunction()::holder>) at /home/raghu/kf5/src/krita/libs/image/tiles3/kis_tile_data_pooler.cc:165
#4  KisTileDataPooler::run (this=0x7f78b5eb7ce0 <(anonymous namespace)::Q_QGS_s_instance::innerFunction()::holder>) at /home/raghu/kf5/src/krita/libs/image/tiles3/kis_tile_data_pooler.cc:187
#5  0x00007f78af3ac1d8 in ?? () from /usr/lib/libQt5Core.so.5
#6  0x00007f78ab091474 in start_thread () from /usr/lib/libpthread.so.0
#7  0x00007f78ae7a669d in clone () from /usr/lib/libc.so.6

Thread 11 (Thread 0x7f7882019700 (LWP 29429)):
#0  0x00007f78ae7764fd in nanosleep () from /usr/lib/libc.so.6
#1  0x00007f78af457e0d in ?? () from /usr/lib/libQt5Core.so.5
#2  0x00007f78af3ab598 in QThread::msleep(unsigned long) () from /usr/lib/libQt5Core.so.5
#3  0x00007f78b59f4e7a in KisTileDataSwapper::run (this=0x7f78b5eb7d20 <(anonymous namespace)::Q_QGS_s_instance::innerFunction()::holder+64>) at /home/raghu/kf5/src/krita/libs/image/tiles3/swap/kis_tile_data_swapper.cpp:97
#4  0x00007f78af3ac1d8 in ?? () from /usr/lib/libQt5Core.so.5
#5  0x00007f78ab091474 in start_thread () from /usr/lib/libpthread.so.0
#6  0x00007f78ae7a669d in clone () from /usr/lib/libc.so.6

Thread 10 (Thread 0x7f7881818700 (LWP 29432)):
#0  0x00007f78ab09709f in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/lib/libpthread.so.0
#1  0x00007f78af3ad08b in QWaitCondition::wait(QMutex*, unsigned long) () from /usr/lib/libQt5Core.so.5
#2  0x00007f78b04dc139 in ?? () from /usr/lib/libQt5Widgets.so.5
#3  0x00007f78af3ac1d8 in ?? () from /usr/lib/libQt5Core.so.5
#4  0x00007f78ab091474 in start_thread () from /usr/lib/libpthread.so.0
#5  0x00007f78ae7a669d in clone () from /usr/lib/libc.so.6

Thread 9 (Thread 0x7f7857fff700 (LWP 29565)):
#0  0x00007f78ab097448 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /usr/lib/libpthread.so.0
#1  0x00007f78af3acfc6 in QWaitCondition::wait(QMutex*, unsigned long) () from /usr/lib/libQt5Core.so.5
#2  0x00007f78af3a8644 in ?? () from /usr/lib/libQt5Core.so.5
#3  0x00007f78af3ac1d8 in ?? () from /usr/lib/libQt5Core.so.5
#4  0x00007f78ab091474 in start_thread () from /usr/lib/libpthread.so.0
#5  0x00007f78ae7a669d in clone () from /usr/lib/libc.so.6

Thread 8 (Thread 0x7f784d5fc700 (LWP 29566)):
#0  0x00007f78ab097448 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /usr/lib/libpthread.so.0
#1  0x00007f78af3acfc6 in QWaitCondition::wait(QMutex*, unsigned long) () from /usr/lib/libQt5Core.so.5
#2  0x00007f78af3a8644 in ?? () from /usr/lib/libQt5Core.so.5
#3  0x00007f78af3ac1d8 in ?? () from /usr/lib/libQt5Core.so.5
#4  0x00007f78ab091474 in start_thread () from /usr/lib/libpthread.so.0
#5  0x00007f78ae7a669d in clone () from /usr/lib/libc.so.6

Thread 7 (Thread 0x7f784edff700 (LWP 29567)):
#0  0x00007f78ab097448 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /usr/lib/libpthread.so.0
#1  0x00007f78af3acfc6 in QWaitCondition::wait(QMutex*, unsigned long) () from /usr/lib/libQt5Core.so.5
#2  0x00007f78af3a8644 in ?? () from /usr/lib/libQt5Core.so.5
#3  0x00007f78af3ac1d8 in ?? () from /usr/lib/libQt5Core.so.5
#4  0x00007f78ab091474 in start_thread () from /usr/lib/libpthread.so.0
#5  0x00007f78ae7a669d in clone () from /usr/lib/libc.so.6

Thread 6 (Thread 0x7f7872fff700 (LWP 29568)):
#0  0x00007f78ab097448 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /usr/lib/libpthread.so.0
#1  0x00007f78af3acfc6 in QWaitCondition::wait(QMutex*, unsigned long) () from /usr/lib/libQt5Core.so.5
#2  0x00007f78af3a8644 in ?? () from /usr/lib/libQt5Core.so.5
#3  0x00007f78af3ac1d8 in ?? () from /usr/lib/libQt5Core.so.5
#4  0x00007f78ab091474 in start_thread () from /usr/lib/libpthread.so.0
#5  0x00007f78ae7a669d in clone () from /usr/lib/libc.so.6

Thread 5 (Thread 0x7f7871ffc700 (LWP 29569)):
#0  0x00007f78ab097448 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /usr/lib/libpthread.so.0
#1  0x00007f78af3acfc6 in QWaitCondition::wait(QMutex*, unsigned long) () from /usr/lib/libQt5Core.so.5
#2  0x00007f78af3a8644 in ?? () from /usr/lib/libQt5Core.so.5
#3  0x00007f78af3ac1d8 in ?? () from /usr/lib/libQt5Core.so.5
#4  0x00007f78ab091474 in start_thread () from /usr/lib/libpthread.so.0
#5  0x00007f78ae7a669d in clone () from /usr/lib/libc.so.6

Thread 4 (Thread 0x7f78717fb700 (LWP 29570)):
#0  0x00007f78ab097448 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /usr/lib/libpthread.so.0
#1  0x00007f78af3acfc6 in QWaitCondition::wait(QMutex*, unsigned long) () from /usr/lib/libQt5Core.so.5
#2  0x00007f78af3a8644 in ?? () from /usr/lib/libQt5Core.so.5
#3  0x00007f78af3ac1d8 in ?? () from /usr/lib/libQt5Core.so.5
#4  0x00007f78ab091474 in start_thread () from /usr/lib/libpthread.so.0
#5  0x00007f78ae7a669d in clone () from /usr/lib/libc.so.6

Thread 3 (Thread 0x7f784e5fe700 (LWP 29571)):
#0  0x00007f78ab097448 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /usr/lib/libpthread.so.0
#1  0x00007f78af3acfc6 in QWaitCondition::wait(QMutex*, unsigned long) () from /usr/lib/libQt5Core.so.5
#2  0x00007f78af3a8644 in ?? () from /usr/lib/libQt5Core.so.5
#3  0x00007f78af3ac1d8 in ?? () from /usr/lib/libQt5Core.so.5
#4  0x00007f78ab091474 in start_thread () from /usr/lib/libpthread.so.0
#5  0x00007f78ae7a669d in clone () from /usr/lib/libc.so.6

Thread 2 (Thread 0x7f784ddfd700 (LWP 29572)):
#0  0x00007f78ab097448 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /usr/lib/libpthread.so.0
#1  0x00007f78af3acfc6 in QWaitCondition::wait(QMutex*, unsigned long) () from /usr/lib/libQt5Core.so.5
#2  0x00007f78af3a8644 in ?? () from /usr/lib/libQt5Core.so.5
#3  0x00007f78af3ac1d8 in ?? () from /usr/lib/libQt5Core.so.5
#4  0x00007f78ab091474 in start_thread () from /usr/lib/libpthread.so.0
#5  0x00007f78ae7a669d in clone () from /usr/lib/libc.so.6

Thread 1 (Thread 0x7f78b6e51840 (LWP 29425)):
[KCrash Handler]
#5  0x0000000000000000 in ?? ()
#6  0x00007f78b5af043a in KisSharedPtr<KisNode>::deref (sp=0x7ffeb5d07a70, t=<optimized out>) at /home/raghu/kf5/src/krita/libs/global/kis_shared_ptr.h:214
#7  KisSharedPtr<KisNode>::deref (this=0x7ffeb5d07a70) at /home/raghu/kf5/src/krita/libs/global/kis_shared_ptr.h:221
#8  KisSharedPtr<KisNode>::~KisSharedPtr (this=0x7ffeb5d07a70, __in_chrg=<optimized out>) at /home/raghu/kf5/src/krita/libs/global/kis_shared_ptr.h:109
#9  KisNodeProgressProxy::setRange (this=<optimized out>, _minimum=<optimized out>, _maximum=<optimized out>) at /home/raghu/kf5/src/krita/libs/image/kis_node_progress_proxy.cpp:93
#10 0x00007f78b5af0701 in KisBusyProgressIndicator::Private::stopProgressReport (this=<optimized out>, this=<optimized out>) at /home/raghu/kf5/src/krita/libs/image/kis_busy_progress_indicator.cpp:50
#11 KisBusyProgressIndicator::endUpdatesBeforeDestroying (this=<optimized out>) at /home/raghu/kf5/src/krita/libs/image/kis_busy_progress_indicator.cpp:73
#12 0x00007f78b5ae992b in KisNode::~KisNode (this=0x12fc4480, __in_chrg=<optimized out>) at /home/raghu/kf5/src/krita/libs/image/kis_node.cpp:217
#13 0x00007f78b5a41f29 in KisAdjustmentLayer::~KisAdjustmentLayer (this=0x12fc4480, __in_chrg=<optimized out>) at /home/raghu/kf5/src/krita/libs/image/kis_adjustment_layer.cc:61
#14 0x00007f78b6822706 in KisSharedPtr<KisNode>::deref (t=<optimized out>, sp=0x12ee3648) at /home/raghu/kf5/src/krita/libs/global/kis_shared_ptr.h:214
#15 0x00007f78b6829a54 in KisSharedPtr<KisNode>::deref (this=0x12ee3648) at /home/raghu/kf5/src/krita/libs/global/kis_shared_ptr.h:221
#16 KisSharedPtr<KisNode>::~KisSharedPtr (this=0x12ee3648, __in_chrg=<optimized out>) at /home/raghu/kf5/src/krita/libs/global/kis_shared_ptr.h:109
#17 KisDocument::Private::~Private (this=0x12ee34a0, __in_chrg=<optimized out>) at /home/raghu/kf5/src/krita/libs/ui/KisDocument.cpp:281
#18 KisDocument::~KisDocument (this=0x12337e10, __in_chrg=<optimized out>) at /home/raghu/kf5/src/krita/libs/ui/KisDocument.cpp:582
#19 0x00007f78b6829bc9 in KisDocument::~KisDocument (this=0x12337e10, __in_chrg=<optimized out>) at /home/raghu/kf5/src/krita/libs/ui/KisDocument.cpp:583
#20 0x00007f78af5b01b0 in QObject::event(QEvent*) () from /usr/lib/libQt5Core.so.5
#21 0x00007f78b02aa7bc in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/libQt5Widgets.so.5
#22 0x00007f78b02af95f in QApplication::notify(QObject*, QEvent*) () from /usr/lib/libQt5Widgets.so.5
#23 0x00007f78b681b517 in KisApplication::notify (this=<optimized out>, receiver=0x12337e10, event=0x12355880) at /home/raghu/kf5/src/krita/libs/ui/KisApplication.cpp:496
#24 0x00007f78af582280 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /usr/lib/libQt5Core.so.5
#25 0x00007f78af5841fc in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /usr/lib/libQt5Core.so.5
#26 0x00007f78af5d82c3 in ?? () from /usr/lib/libQt5Core.so.5
#27 0x00007f78a9bc3dd7 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#28 0x00007f78a9bc4040 in ?? () from /usr/lib/libglib-2.0.so.0
#29 0x00007f78a9bc40ec in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#30 0x00007f78af5d86cf in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQt5Core.so.5
#31 0x00007f78af58046a in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQt5Core.so.5
#32 0x00007f78af588a0c in QCoreApplication::exec() () from /usr/lib/libQt5Core.so.5
#33 0x0000000000404a37 in main (argc=<optimized out>, argv=<optimized out>) at /home/raghu/kf5/src/krita/krita/main.cc:224

Comment 5 Halla Rempt 2016-05-25 09:28:58 UTC

*** This bug has been marked as a duplicate of bug 363416 ***

Comment 6 Friedrich W. H. Kossebau 2016-05-27 10:08:40 UTC

Git commit ea7592e93feadb2080a6c48ca6ce44b88ee3230e by Friedrich W. H. Kossebau.
Committed on 27/05/2016 at 10:05.
Pushed by kossebau into branch 'master'.

Fix double-deletion crash on destruction of KisNode with KisNodeProgressProxy

Summary:
The emission of the signal KisNodeProgressProxy::percentageChanged due to
KisBusyProgressIndicator::endUpdatesBeforeDestroying()
KisBusyProgressIndicator::Private::stopProgressReport()
KisNodeProgressProxy::setRange(int, int)
resulted in a temporary KisNodeSP being created, which called ref() and
deref() on the KisNode object, whose KisShared part already was at 0
ref count, which results in deref() to trigger another delete call
on the KisNode.
Related: bug 363416

Fixes T2393

Test Plan: KisFileLayerTest no longer fails, other tests still as before.

Reviewers: #krita:_next, rempt, dkazakov

Differential Revision: https://phabricator.kde.org/D1695

M  +12   -6    libs/image/kis_busy_progress_indicator.cpp
M  +13   -2    libs/image/kis_busy_progress_indicator.h
M  +2    -1    libs/image/kis_node.cpp
M  +6    -0    libs/image/kis_node_progress_proxy.cpp
M  +8    -0    libs/image/kis_node_progress_proxy.h

http://commits.kde.org/krita/ea7592e93feadb2080a6c48ca6ce44b88ee3230e