Application: dolphin (18.12.0) Qt Version: 5.12.0 Frameworks Version: 5.53.0 Operating System: Linux 4.19.8-arch1-1-ARCH x86_64 Distribution (Platform): Archlinux Packages -- Information about the crash: How to reproduce: Press Win+Q, make sure that you have two plasma activities running. Start dolphin in current activity. Press Win+Q again and stop current activity. Dolphin crashes while it is stopping. It does not matter if you have another instance of dolphin running in the other activity. In the backtrace it looks suspicious that there is a recursive call to the destructor of KItemListViewAccessible. The crash can be reproduced every time. -- Backtrace: Application: Dolphin (dolphin), signal: Segmentation fault Using host libthread_db library "/usr/lib/libthread_db.so.1". [Current thread is 1 (Thread 0x7f1f1495f800 (LWP 2117))] Thread 8 (Thread 0x7f1ef3fff700 (LWP 2133)): #0 0x00007f1f1d3057a4 in read () from /usr/lib/libc.so.6 #1 0x00007f1f18b70781 in ?? () from /usr/lib/libglib-2.0.so.0 #2 0x00007f1f18bc0a50 in g_main_context_check () from /usr/lib/libglib-2.0.so.0 #3 0x00007f1f18bc1e86 in ?? () from /usr/lib/libglib-2.0.so.0 #4 0x00007f1f18bc1fce in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0 #5 0x00007f1f1b3f65c4 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQt5Core.so.5 #6 0x00007f1f1b39f58c in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQt5Core.so.5 #7 0x00007f1f1b1e35c9 in QThread::exec() () from /usr/lib/libQt5Core.so.5 #8 0x00007f1f1b1e49cc in ?? () from /usr/lib/libQt5Core.so.5 #9 0x00007f1f19adea9d in start_thread () from /usr/lib/libpthread.so.0 #10 0x00007f1f1d314b23 in clone () from /usr/lib/libc.so.6 Thread 7 (Thread 0x7f1f09a25700 (LWP 2128)): #0 0x00007f1f19ae4afc in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/lib/libpthread.so.0 #1 0x00007f1f0b35fd94 in ?? () from /usr/lib/dri/swrast_dri.so #2 0x00007f1f0b35fcd8 in ?? () from /usr/lib/dri/swrast_dri.so #3 0x00007f1f19adea9d in start_thread () from /usr/lib/libpthread.so.0 #4 0x00007f1f1d314b23 in clone () from /usr/lib/libc.so.6 Thread 6 (Thread 0x7f1f0a226700 (LWP 2127)): #0 0x00007f1f19ae4afc in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/lib/libpthread.so.0 #1 0x00007f1f0b35fd94 in ?? () from /usr/lib/dri/swrast_dri.so #2 0x00007f1f0b35fcd8 in ?? () from /usr/lib/dri/swrast_dri.so #3 0x00007f1f19adea9d in start_thread () from /usr/lib/libpthread.so.0 #4 0x00007f1f1d314b23 in clone () from /usr/lib/libc.so.6 Thread 5 (Thread 0x7f1f0aa27700 (LWP 2126)): #0 0x00007f1f19ae4afc in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/lib/libpthread.so.0 #1 0x00007f1f0b35fd94 in ?? () from /usr/lib/dri/swrast_dri.so #2 0x00007f1f0b35fcd8 in ?? () from /usr/lib/dri/swrast_dri.so #3 0x00007f1f19adea9d in start_thread () from /usr/lib/libpthread.so.0 #4 0x00007f1f1d314b23 in clone () from /usr/lib/libc.so.6 Thread 4 (Thread 0x7f1f0b228700 (LWP 2125)): #0 0x00007f1f19ae4afc in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/lib/libpthread.so.0 #1 0x00007f1f0b35fd94 in ?? () from /usr/lib/dri/swrast_dri.so #2 0x00007f1f0b35fcd8 in ?? () from /usr/lib/dri/swrast_dri.so #3 0x00007f1f19adea9d in start_thread () from /usr/lib/libpthread.so.0 #4 0x00007f1f1d314b23 in clone () from /usr/lib/libc.so.6 Thread 3 (Thread 0x7f1f11e90700 (LWP 2120)): #0 0x00007f1f1d3057a4 in read () from /usr/lib/libc.so.6 #1 0x00007f1f18b70781 in ?? () from /usr/lib/libglib-2.0.so.0 #2 0x00007f1f18bc0a50 in g_main_context_check () from /usr/lib/libglib-2.0.so.0 #3 0x00007f1f18bc1e86 in ?? () from /usr/lib/libglib-2.0.so.0 #4 0x00007f1f18bc1fce in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0 #5 0x00007f1f1b3f65c4 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQt5Core.so.5 #6 0x00007f1f1b39f58c in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQt5Core.so.5 #7 0x00007f1f1b1e35c9 in QThread::exec() () from /usr/lib/libQt5Core.so.5 #8 0x00007f1f1b669ba6 in ?? () from /usr/lib/libQt5DBus.so.5 #9 0x00007f1f1b1e49cc in ?? () from /usr/lib/libQt5Core.so.5 #10 0x00007f1f19adea9d in start_thread () from /usr/lib/libpthread.so.0 #11 0x00007f1f1d314b23 in clone () from /usr/lib/libc.so.6 Thread 2 (Thread 0x7f1f1327a700 (LWP 2118)): #0 0x00007f1f1d309c21 in poll () from /usr/lib/libc.so.6 #1 0x00007f1f18676630 in ?? () from /usr/lib/libxcb.so.1 #2 0x00007f1f186782db in xcb_wait_for_event () from /usr/lib/libxcb.so.1 #3 0x00007f1f1426196b in ?? () from /usr/lib/libQt5XcbQpa.so.5 #4 0x00007f1f1b1e49cc in ?? () from /usr/lib/libQt5Core.so.5 #5 0x00007f1f19adea9d in start_thread () from /usr/lib/libpthread.so.0 #6 0x00007f1f1d314b23 in clone () from /usr/lib/libc.so.6 Thread 1 (Thread 0x7f1f1495f800 (LWP 2117)): [KCrash Handler] #6 0x00000000f7cd7ba2 in ?? () #7 0x00007f1f1b7d0e8b in QAccessible::registerAccessibleInterface(QAccessibleInterface*) () from /usr/lib/libQt5Gui.so.5 #8 0x00007f1f1d179a9e in KItemListViewAccessible::~KItemListViewAccessible() () from /usr/lib/libdolphinprivate.so.5 #9 0x00007f1f1d179b7a in KItemListViewAccessible::~KItemListViewAccessible() () from /usr/lib/libdolphinprivate.so.5 #10 0x00007f1f1b7d7093 in QAccessibleCache::deleteInterface(unsigned int, QObject*) () from /usr/lib/libQt5Gui.so.5 #11 0x00007f1f1b7d76d1 in QAccessibleCache::~QAccessibleCache() () from /usr/lib/libQt5Gui.so.5 #12 0x00007f1f1b7d7859 in ?? () from /usr/lib/libQt5Gui.so.5 #13 0x00007f1f1b3a2aa2 in qt_call_post_routines() () from /usr/lib/libQt5Core.so.5 #14 0x00007f1f1bdf8517 in QApplication::~QApplication() () from /usr/lib/libQt5Widgets.so.5 #15 0x00007f1f1d41d6a9 in kdemain () from /usr/lib/libkdeinit5_dolphin.so #16 0x00007f1f1d23d223 in __libc_start_main () from /usr/lib/libc.so.6 #17 0x000055aed450f05e in _start () [Inferior 1 (process 2117) detached] Reported using DrKonqi
The problem is that when we stop the activity, the KItemListViewAccessible destructor is called *after* QApplication::exec() from the main() returns (no idea why). At that point, m_cells contains only dangling pointers and everything falls apart.
*** Bug 403216 has been marked as a duplicate of this bug. ***
*** Bug 403773 has been marked as a duplicate of this bug. ***
(In reply to Elvis Angelaccio from comment #1) > The problem is that when we stop the activity, the KItemListViewAccessible > destructor is called *after* QApplication::exec() from the main() returns > (no idea why). At that point, m_cells contains only dangling pointers and > everything falls apart. Hi Elvis, I was looking at the code for this and I was thinking if a solution could be to change the m_cells type to store QAccessible::Id instead of a pointer to QAccessibleInterface, since Qt provides easy access to the QAccessibleInterface* given the Id. Then in the destructor we could simply lookup the QAccessibleInterface* pointer with the Id and delete it if it was found?
Created attachment 118117 [details] New crash information added by DrKonqi dolphin (18.12.2) using Qt 5.12.0 - What I was doing when the application crashed: Can report the same problem: dolphin crashes on system shutdown and activity closure. -- Backtrace (Reduced): #7 0x00007f2799590d5a in QAccessible::registerAccessibleInterface (iface=0x55644e583b50) at accessible/qaccessible.cpp:746 #8 0x00007f279e8c5f9d in KItemListViewAccessible::~KItemListViewAccessible() () from /usr/lib/x86_64-linux-gnu/libdolphinprivate.so.5 #9 0x00007f279e8c6079 in KItemListViewAccessible::~KItemListViewAccessible() () from /usr/lib/x86_64-linux-gnu/libdolphinprivate.so.5 #10 0x00007f2799596d7a in QAccessibleCache::deleteInterface (this=this@entry=0x55644db37d00, id=<optimized out>, obj=<optimized out>, obj@entry=0x0) at accessible/qaccessiblecache.cpp:153 #11 0x00007f2799597350 in QAccessibleCache::~QAccessibleCache (this=0x55644db37d00, __in_chrg=<optimized out>) at accessible/qaccessiblecache.cpp:67
(In reply to David Hallas from comment #4) > (In reply to Elvis Angelaccio from comment #1) > > The problem is that when we stop the activity, the KItemListViewAccessible > > destructor is called *after* QApplication::exec() from the main() returns > > (no idea why). At that point, m_cells contains only dangling pointers and > > everything falls apart. > > Hi Elvis, > > I was looking at the code for this and I was thinking if a solution could be > to change the m_cells type to store QAccessible::Id instead of a pointer to > QAccessibleInterface, since Qt provides easy access to the > QAccessibleInterface* given the Id. Then in the destructor we could simply > lookup the QAccessibleInterface* pointer with the Id and delete it if it was > found? This sounds interesting. Feel free to try and submit a patch if it works :)
I have created a patch here: https://phabricator.kde.org/D19083 Please take a look at it and see what you think :) Also, I haven't been able to reproduce the crash myself, so I would really like someone who can reproduce it to check if this fixes it.
Git commit c72fdaa77380ef811dfef626a4edadbb824ed252 by David Hallas. Committed on 18/02/2019 at 07:58. Pushed by hallas into branch 'master'. Fix crash during shutdown Summary: Fix crash during shutdown. The root cause is that when Dolphin in stopped as part of an activity, the KItemListViewAccessible destructor is called after QApplication::exec has returned causing Qt to already having cleaned up the QAccessibleInterface instances kept in KItemListViewAccessible. Instead of storing the pointers to QAccessibleInterface we store the QAccessible::Id so that we can use the QAccessible::deleteAccessibleInterface function for deleting the instances. Test Plan: I wasn't able to reproduce the crash in the first place, but I have just opened and closed Dolphin a few times and verified the the QAccessibleInterface instances are correctly cleaned up. Reviewers: #dolphin, elvisangelaccio, ngraham Reviewed By: #dolphin, elvisangelaccio Subscribers: kfm-devel Tags: #dolphin Differential Revision: https://phabricator.kde.org/D19083 M +15 -10 src/kitemviews/kitemlistviewaccessible.cpp M +7 -1 src/kitemviews/kitemlistviewaccessible.h https://commits.kde.org/dolphin/c72fdaa77380ef811dfef626a4edadbb824ed252
The fixed would need to be committed to 18.12 branch if the fix should appear in 18.12.3.
Yes, that's in progress. :)
Git commit b1ccec70f28fefca8fcd464ec21dd13070c72e5c by David Hallas. Committed on 18/02/2019 at 19:21. Pushed by hallas into branch 'Applications/18.12'. Fix crash during shutdown Summary: Fix crash during shutdown. The root cause is that when Dolphin in stopped as part of an activity, the KItemListViewAccessible destructor is called after QApplication::exec has returned causing Qt to already having cleaned up the QAccessibleInterface instances kept in KItemListViewAccessible. Instead of storing the pointers to QAccessibleInterface we store the QAccessible::Id so that we can use the QAccessible::deleteAccessibleInterface function for deleting the instances. Test Plan: I wasn't able to reproduce the crash in the first place, but I have just opened and closed Dolphin a few times and verified the the QAccessibleInterface instances are correctly cleaned up. Reviewers: #dolphin, elvisangelaccio, ngraham Reviewed By: #dolphin, elvisangelaccio Subscribers: kfm-devel Tags: #dolphin Differential Revision: https://phabricator.kde.org/D19083 M +15 -10 src/kitemviews/kitemlistviewaccessible.cpp M +7 -1 src/kitemviews/kitemlistviewaccessible.h https://commits.kde.org/dolphin/b1ccec70f28fefca8fcd464ec21dd13070c72e5c
Should be there now :)
Created attachment 118487 [details] New crash information added by DrKonqi dolphin (18.12.2) using Qt 5.12.0 - What I was doing when the application crashed: Just a Dolphin instance open with an open terminal then loging out is needed to trigger. -- Backtrace (Reduced): #7 0x00007fa28d1547ca in QAccessible::registerAccessibleInterface (iface=0x5584fc9ea7d0) at accessible/qaccessible.cpp:746 #8 0x00007fa28eb89a4d in KItemListViewAccessible::~KItemListViewAccessible() () from /usr/lib64/libdolphinprivate.so.5 #9 0x00007fa28eb89b19 in KItemListViewAccessible::~KItemListViewAccessible() () from /usr/lib64/libdolphinprivate.so.5 #10 0x00007fa28d15a743 in QAccessibleCache::deleteInterface (this=this@entry=0x5584fc28e5f0, id=<optimized out>, obj=<optimized out>, obj@entry=0x0) at accessible/qaccessiblecache.cpp:153 #11 0x00007fa28d15ad70 in QAccessibleCache::~QAccessibleCache (this=0x5584fc28e5f0, __in_chrg=<optimized out>) at accessible/qaccessiblecache.cpp:67
Created attachment 118488 [details] New crash information added by DrKonqi dolphin (18.12.2) using Qt 5.12.0 - What I was doing when the application crashed: Just a Dolphin instance open with an open terminal then loging out is needed to trigger. -- Backtrace (Reduced): #7 0x00007fa28d1547ca in QAccessible::registerAccessibleInterface (iface=0x5584fc9ea7d0) at accessible/qaccessible.cpp:746 #8 0x00007fa28eb89a4d in KItemListViewAccessible::~KItemListViewAccessible() () from /usr/lib64/libdolphinprivate.so.5 #9 0x00007fa28eb89b19 in KItemListViewAccessible::~KItemListViewAccessible() () from /usr/lib64/libdolphinprivate.so.5 #10 0x00007fa28d15a743 in QAccessibleCache::deleteInterface (this=this@entry=0x5584fc28e5f0, id=<optimized out>, obj=<optimized out>, obj@entry=0x0) at accessible/qaccessiblecache.cpp:153 #11 0x00007fa28d15ad70 in QAccessibleCache::~QAccessibleCache (this=0x5584fc28e5f0, __in_chrg=<optimized out>) at accessible/qaccessiblecache.cpp:67
This bug is marked as being fixed in 18.12.3; there is no need to post additional crash reports from 18.12.2 or earlier. We'll be interested to know if you still see it in 18.12.3 once that's released though!
OS: Arch x86_64 DE: KDE 5.55.0 / Plasma 5.15.2 dolphin 18.12.3-1 The patch has fixed the issue for me (I have and use only one "KDE Plasma activity") Initial bug (now marked RESOLVED DUPLICATE) : https://bugs.kde.org/show_bug.cgi?id=403216 Thank you for the work !