Bug 405158 - Konsole Crashes When Logging Out All Tabs in a Window Using "Copy Input To" Feature
Summary: Konsole Crashes When Logging Out All Tabs in a Window Using "Copy Input To" F...
Status: RESOLVED FIXED
Alias: None
Product: konsole
Classification: Applications
Component: general (show other bugs)
Version: unspecified
Platform: unspecified Linux
: NOR crash
Target Milestone: ---
Assignee: David Hallas
URL:
Keywords: drkonqi
: 403114 (view as bug list)
Depends on:
Blocks:
 
Reported: 2019-03-06 23:06 UTC by J Petersen
Modified: 2019-04-25 19:19 UTC (History)
3 users (show)

See Also:
Latest Commit:
Version Fixed In:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description J Petersen 2019-03-06 23:06:19 UTC
Application: kdeinit5 (18.12.2)

Qt Version: 5.11.3
Frameworks Version: 5.55.0
Operating System: Linux 4.20.13-200.fc29.x86_64 x86_64
Distribution (Platform): Fedora RPMs

-- Information about the crash:
- What I was doing when the application crashed:

Konsole crashes and closes unexpectedly when logging out of multiple tabs at once using the "Copy Input To" -> "All Tabs in Current Window" feature. Many times this crash will affect other separate Konsole windows, causing unexpected loss of active sessions and work in many cases.

A ticket has been opened with Fedora bugzilla as well (#1657013). For reference this issue first presented in Fedora 28 & 29 (current version) for me. It last worked correctly (no crashes) in Fedora 26. I am unsure the status of Fedora 27 though, as I skipped that version.

Steps to Reproduce:
1. Open Konsole window
2. Open multiple tabs within that Konsole window
3. (apparently an important piece) Scroll through the tabs and go back to the first one opened, on the far left of the tab bar
4. Select Edit menu -> Copy Input To -> All Tabs in Current Window
5. Type a ctrl-D to issue logout command to all tabs in window

It is at this point that the crash occurs, displaying the popup near the system tray, and, as mentioned above, this crash will often times cause other neighboring konsole windows to crash as well. It is seeminly inconsistent though, sometimes not affecting all other nearby windows, and not sometimes affecting no others. 


- Unusual behavior I noticed:

Interestingly, it seems that if you skip step 3 above and leave the active tab as the last one opened, and then make that last tab the one copying input to all tabs in current window, instead of the first, then the issue does not present itself. However, for me, after navigating back to the first tab opened (as in step 3) and making that first tab the master copying to all tabs in window, then the issue presents very consistently, with seemingly every try.

The crash can be reproduced every time.

-- Backtrace:
Application: Konsole (kdeinit5), signal: Segmentation fault
Using host libthread_db library "/lib64/libthread_db.so.1".
[Current thread is 1 (Thread 0x7f6677bec940 (LWP 2787))]

Thread 5 (Thread 0x7f6660d49700 (LWP 2791)):
#0  0x00007f667a40e73c in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
#1  0x00007f66617378a3 in ?? () from /usr/lib64/dri/swrast_dri.so
#2  0x00007f666173738b in ?? () from /usr/lib64/dri/swrast_dri.so
#3  0x00007f667a40858e in start_thread () from /lib64/libpthread.so.0
#4  0x00007f667a5dd6a3 in clone () from /lib64/libc.so.6

Thread 4 (Thread 0x7f666154a700 (LWP 2790)):
#0  0x00007f667a40e73c in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
#1  0x00007f66617378a3 in ?? () from /usr/lib64/dri/swrast_dri.so
#2  0x00007f666173738b in ?? () from /usr/lib64/dri/swrast_dri.so
#3  0x00007f667a40858e in start_thread () from /lib64/libpthread.so.0
#4  0x00007f667a5dd6a3 in clone () from /lib64/libc.so.6

Thread 3 (Thread 0x7f66637f8700 (LWP 2789)):
#0  0x00007f667a5d2421 in poll () from /lib64/libc.so.6
#1  0x00007f66781b33a6 in ?? () from /lib64/libglib-2.0.so.0
#2  0x00007f66781b34d0 in g_main_context_iteration () from /lib64/libglib-2.0.so.0
#3  0x00007f667ac815ab in QEventDispatcherGlib::processEvents (this=0x7f665c000b20, flags=...) at kernel/qeventdispatcher_glib.cpp:424
#4  0x00007f667ac2fe0b in QEventLoop::exec (this=this@entry=0x7f66637f7c30, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:140
#5  0x00007f667aa97e86 in QThread::exec (this=this@entry=0x7f667bc7e060 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at ../../include/QtCore/../../src/corelib/global/qflags.h:120
#6  0x00007f667bc02f89 in QDBusConnectionManager::run (this=0x7f667bc7e060 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at qdbusconnection.cpp:178
#7  0x00007f667aaa12fb in QThreadPrivate::start (arg=0x7f667bc7e060 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at thread/qthread_unix.cpp:367
#8  0x00007f667a40858e in start_thread () from /lib64/libpthread.so.0
#9  0x00007f667a5dd6a3 in clone () from /lib64/libc.so.6

Thread 2 (Thread 0x7f6669084700 (LWP 2788)):
#0  0x00007f667a5d2421 in poll () from /lib64/libc.so.6
#1  0x00007f667ba8839f in ?? () from /lib64/libxcb.so.1
#2  0x00007f667ba8a01a in xcb_wait_for_event () from /lib64/libxcb.so.1
#3  0x00007f666920cbf9 in QXcbEventReader::run (this=0x559b3244ae90) at qxcbconnection.h:409
#4  0x00007f667aaa12fb in QThreadPrivate::start (arg=0x559b3244ae90) at thread/qthread_unix.cpp:367
#5  0x00007f667a40858e in start_thread () from /lib64/libpthread.so.0
#6  0x00007f667a5dd6a3 in clone () from /lib64/libc.so.6

Thread 1 (Thread 0x7f6677bec940 (LWP 2787)):
[KCrash Handler]
#6  0x00007f666aa142d4 in QHash<Konsole::Profile::Property, QVariant>::findNode (this=this@entry=0x10, akey=akey@entry=@0x7fff8dee95d0: Konsole::Profile::ColorScheme, ahp=ahp@entry=0x0) at /usr/include/qt5/QtCore/qhash.h:926
#7  0x00007f666aa8521c in QHash<Konsole::Profile::Property, QVariant>::contains (akey=@0x7fff8dee95d0: Konsole::Profile::ColorScheme, this=0x10) at /usr/include/qt5/QtCore/qhash.h:904
#8  Konsole::Profile::property<QVariant> (p=<optimized out>, this=<optimized out>) at /usr/src/debug/konsole5-18.12.2-1.fc29.x86_64/src/Profile.h:681
#9  Konsole::Profile::property<QString> (p=Konsole::Profile::ColorScheme, this=<optimized out>) at /usr/src/debug/konsole5-18.12.2-1.fc29.x86_64/src/Profile.h:675
#10 Konsole::Profile::colorScheme (this=<optimized out>) at /usr/src/debug/konsole5-18.12.2-1.fc29.x86_64/src/Profile.h:460
#11 Konsole::ViewManager::colorSchemeForProfile (profile=...) at /usr/src/debug/konsole5-18.12.2-1.fc29.x86_64/src/ViewManager.cpp:775
#12 0x00007f666aa854d6 in Konsole::ViewManager::profileHasBlurEnabled (profile=...) at /usr/include/c++/8/bits/atomic_base.h:295
#13 0x00007f666ac18b5f in Konsole::MainWindow::activeViewChanged (this=0x559b3250c710, controller=0x559b328221e0) at /usr/include/c++/8/bits/atomic_base.h:390
#14 0x00007f667ac591c3 in QtPrivate::QSlotObjectBase::call (a=0x7fff8dee97d0, r=0x559b3250c710, this=0x559b325beb80) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:376
#15 QMetaObject::activate (sender=0x559b325b2640, signalOffset=<optimized out>, local_signal_index=<optimized out>, argv=<optimized out>) at kernel/qobject.cpp:3754
#16 0x00007f666aa9bff6 in Konsole::ViewManager::activeViewChanged (this=<optimized out>, _t1=<optimized out>) at /usr/src/debug/konsole5-18.12.2-1.fc29.x86_64/x86_64-redhat-linux-gnu/src/konsoleprivate_autogen/EWIEGA46WW/moc_ViewManager.cpp:461
#17 0x00007f667ac591c3 in QtPrivate::QSlotObjectBase::call (a=0x7fff8dee98f0, r=0x559b325b2640, this=0x559b328d6650) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:376
#18 QMetaObject::activate (sender=0x559b328221e0, signalOffset=<optimized out>, local_signal_index=<optimized out>, argv=<optimized out>) at kernel/qobject.cpp:3754
#19 0x00007f666aa9b6e3 in Konsole::SessionController::focused (this=this@entry=0x559b328221e0, _t1=<optimized out>, _t1@entry=0x559b328221e0) at /usr/src/debug/konsole5-18.12.2-1.fc29.x86_64/x86_64-redhat-linux-gnu/src/konsoleprivate_autogen/EWIEGA46WW/moc_SessionController.cpp:491
#20 0x00007f666aa5f3e4 in Konsole::SessionController::eventFilter (this=0x559b328221e0, watched=0x559b326b1810, event=0x7fff8dee9c10) at /usr/src/debug/konsole5-18.12.2-1.fc29.x86_64/src/SessionController.cpp:485
#21 0x00007f667ac30d0e in QCoreApplicationPrivate::sendThroughObjectEventFilters (event=<optimized out>, receiver=<optimized out>) at kernel/qcoreapplication.cpp:1173
#22 QCoreApplicationPrivate::sendThroughObjectEventFilters (receiver=receiver@entry=0x559b326b1810, event=event@entry=0x7fff8dee9c10) at kernel/qcoreapplication.cpp:1162
#23 0x00007f667b520275 in QApplicationPrivate::notify_helper (this=this@entry=0x559b3243dba0, receiver=receiver@entry=0x559b326b1810, e=e@entry=0x7fff8dee9c10) at kernel/qapplication.cpp:3722
#24 0x00007f667b5279a0 in QApplication::notify (this=0x559b3243d7c0, receiver=0x559b326b1810, e=0x7fff8dee9c10) at kernel/qapplication.cpp:3485
#25 0x00007f667ac30ec6 in QCoreApplication::notifyInternal2 (receiver=receiver@entry=0x559b326b1810, event=event@entry=0x7fff8dee9c10) at kernel/qcoreapplication.cpp:1047
#26 0x00007f667b5255ce in QCoreApplication::sendEvent (event=0x7fff8dee9c10, receiver=0x559b326b1810) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:234
#27 QApplicationPrivate::setFocusWidget (reason=2074243296, focus=<optimized out>) at kernel/qapplication.cpp:1801
#28 QApplicationPrivate::setFocusWidget (focus=focus@entry=0x559b326b1810, reason=reason@entry=Qt::OtherFocusReason) at kernel/qapplication.cpp:1755
#29 0x00007f667b55956e in QWidget::setFocus (reason=Qt::OtherFocusReason, this=<optimized out>) at kernel/qwidget.cpp:6552
#30 QWidget::setFocus (this=0x559b326b1810, reason=Qt::OtherFocusReason) at kernel/qwidget.cpp:6495
#31 0x00007f667ac591c3 in QtPrivate::QSlotObjectBase::call (a=0x7fff8dee9dd0, r=0x559b3264a610, this=0x559b325cc6d0) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:376
#32 QMetaObject::activate (sender=0x559b3264a610, signalOffset=<optimized out>, local_signal_index=<optimized out>, argv=<optimized out>) at kernel/qobject.cpp:3754
#33 0x00007f667b6e45f2 in QTabWidget::currentChanged (this=<optimized out>, _t1=<optimized out>) at .moc/moc_qtabwidget.cpp:321
#34 0x00007f667b6e6b2f in QTabWidget::qt_static_metacall (_o=<optimized out>, _c=<optimized out>, _id=<optimized out>, _a=<optimized out>) at ../../include/QtCore/../../src/corelib/global/qglobal.h:1038
#35 0x00007f667ac5909e in QMetaObject::activate (sender=0x559b32602910, signalOffset=<optimized out>, local_signal_index=<optimized out>, argv=<optimized out>) at kernel/qobject.cpp:3771
#36 0x00007f667b6c4f82 in QTabBar::currentChanged (this=this@entry=0x559b32602910, _t1=<optimized out>, _t1@entry=0) at .moc/moc_qtabbar.cpp:333
#37 0x00007f667b6c9665 in QTabBar::setCurrentIndex (this=this@entry=0x559b32602910, index=index@entry=0) at widgets/qtabbar.cpp:1366
#38 0x00007f667b6ccb3f in QTabBar::removeTab (this=0x559b32602910, index=index@entry=0) at widgets/qtabbar.cpp:1055
#39 0x00007f667b6e53cc in QTabWidgetPrivate::_q_removeTab (this=<optimized out>, index=0) at widgets/qtabwidget.cpp:765
#40 0x00007f667b6e6b17 in QTabWidget::qt_static_metacall (_o=<optimized out>, _c=<optimized out>, _id=<optimized out>, _a=<optimized out>) at ../../include/QtCore/../../src/corelib/global/qglobal.h:1038
#41 0x00007f667ac5909e in QMetaObject::activate (sender=0x559b325db900, signalOffset=<optimized out>, local_signal_index=<optimized out>, argv=<optimized out>) at kernel/qobject.cpp:3771
#42 0x00007f667b6c2a05 in QStackedWidget::widgetRemoved (this=<optimized out>, _t1=<optimized out>) at .moc/moc_qstackedwidget.cpp:221
#43 0x00007f667b6c2d7b in QStackedWidget::qt_static_metacall (_o=<optimized out>, _c=<optimized out>, _id=<optimized out>, _a=<optimized out>) at .moc/moc_qstackedwidget.cpp:101
#44 0x00007f667ac5909e in QMetaObject::activate (sender=0x559b325dbb70, signalOffset=<optimized out>, local_signal_index=<optimized out>, argv=<optimized out>) at kernel/qobject.cpp:3771
#45 0x00007f667b542822 in QStackedLayout::widgetRemoved (this=this@entry=0x559b325dbb70, _t1=<optimized out>, _t1@entry=0) at .moc/moc_qstackedlayout.cpp:215
#46 0x00007f667b543434 in QStackedLayout::takeAt (this=0x559b325dbb70, index=0) at kernel/qstackedlayout.cpp:280
#47 0x00007f667b53df1e in QLayout::removeWidget (this=0x559b325dbb70, widget=0x559b3256ebd0) at kernel/qlayout.cpp:1369
#48 0x00007f666aa801ef in Konsole::TabbedViewContainer::viewDestroyed (this=0x559b3264a610, view=0x559b3256ebd0) at /usr/src/debug/konsole5-18.12.2-1.fc29.x86_64/src/ViewContainer.cpp:277
#49 0x00007f667ac591c3 in QtPrivate::QSlotObjectBase::call (a=0x7fff8deea480, r=0x559b3264a610, this=0x559b3278e730) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:376
#50 QMetaObject::activate (sender=0x559b3256ebd0, signalOffset=<optimized out>, local_signal_index=<optimized out>, argv=<optimized out>) at kernel/qobject.cpp:3754
#51 0x00007f667ac597d3 in QObject::destroyed (this=this@entry=0x559b3256ebd0, _t1=<optimized out>, _t1@entry=0x559b3256ebd0) at .moc/moc_qobject.cpp:214
#52 0x00007f667b55ad1b in QWidget::~QWidget (this=0x559b3256ebd0, __in_chrg=<optimized out>) at kernel/qwidget.cpp:1671
#53 0x00007f666aa723cd in Konsole::TerminalDisplay::~TerminalDisplay (this=0x559b3256ebd0, __in_chrg=<optimized out>) at /usr/src/debug/konsole5-18.12.2-1.fc29.x86_64/src/TerminalDisplay.cpp:552
#54 0x00007f667ac59dc8 in QObject::event (this=this@entry=0x559b3256ebd0, e=e@entry=0x559b32794f50) at kernel/qobject.cpp:1242
#55 0x00007f667b55f80b in QWidget::event (this=0x559b3256ebd0, event=0x559b32794f50) at kernel/qwidget.cpp:9353
#56 0x00007f667b520285 in QApplicationPrivate::notify_helper (this=this@entry=0x559b3243dba0, receiver=receiver@entry=0x559b3256ebd0, e=e@entry=0x559b32794f50) at kernel/qapplication.cpp:3726
#57 0x00007f667b5279a0 in QApplication::notify (this=0x559b3243d7c0, receiver=0x559b3256ebd0, e=0x559b32794f50) at kernel/qapplication.cpp:3485
#58 0x00007f667ac30ec6 in QCoreApplication::notifyInternal2 (receiver=0x559b3256ebd0, event=0x559b32794f50) at kernel/qcoreapplication.cpp:1047
#59 0x00007f667ac3409b in QCoreApplication::sendEvent (event=0x559b32794f50, receiver=<optimized out>) at kernel/qcoreapplication.h:234
#60 QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x559b323e33f0) at kernel/qcoreapplication.cpp:1744
#61 0x00007f667ac81807 in postEventSourceDispatch (s=0x559b324f2100) at kernel/qeventdispatcher_glib.cpp:276
#62 0x00007f66781b306d in g_main_context_dispatch () from /lib64/libglib-2.0.so.0
#63 0x00007f66781b3438 in ?? () from /lib64/libglib-2.0.so.0
#64 0x00007f66781b34d0 in g_main_context_iteration () from /lib64/libglib-2.0.so.0
#65 0x00007f667ac81593 in QEventDispatcherGlib::processEvents (this=0x559b324a95d0, flags=...) at kernel/qeventdispatcher_glib.cpp:422
#66 0x00007f66692a0855 in QPAEventDispatcherGlib::processEvents (this=0x559b324a95d0, flags=...) at qeventdispatcher_glib.cpp:69
#67 0x00007f667ac2fe0b in QEventLoop::exec (this=this@entry=0x7fff8deeab10, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:140
#68 0x00007f667ac37ed6 in QCoreApplication::exec () at ../../include/QtCore/../../src/corelib/global/qflags.h:120
#69 0x00007f667afc7f40 in QGuiApplication::exec () at kernel/qguiapplication.cpp:1762
#70 0x00007f667b5201f9 in QApplication::exec () at kernel/qapplication.cpp:2900
#71 0x00007f666ac253de in kdemain (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/konsole5-18.12.2-1.fc29.x86_64/src/main.cpp:207
#72 0x0000559b32305687 in launch (argc=3, _name=0x559b32404858 "konsole", args=<optimized out>, cwd=<optimized out>, envc=0, envs=<optimized out>, reset_env=false, tty=0x0, avoid_loops=false, startup_id_str=0x559b32308192 "0") at /usr/src/debug/kf5-kinit-5.55.0-1.fc29.x86_64/src/kdeinit/kinit.cpp:706
#73 0x0000559b323066ba in handle_launcher_request (sock=8, who=<optimized out>) at /usr/src/debug/kf5-kinit-5.55.0-1.fc29.x86_64/src/kdeinit/kinit.cpp:1146
#74 0x0000559b32306fd8 in handle_requests (waitForPid=0) at /usr/src/debug/kf5-kinit-5.55.0-1.fc29.x86_64/src/kdeinit/kinit.cpp:1339
#75 0x0000559b32302065 in main (argc=5, argv=<optimized out>) at /usr/src/debug/kf5-kinit-5.55.0-1.fc29.x86_64/src/kdeinit/kinit.cpp:1785
[Inferior 1 (process 2787) detached]

Reported using DrKonqi
Comment 1 David Hallas 2019-03-09 19:26:26 UTC
Added a patch that fixes the crash

https://phabricator.kde.org/D19642
Comment 2 Kurt Hindenburg 2019-03-14 03:01:29 UTC
Git commit cb49c985a31692806be5f8f717d79b1425cfcbc9 by Kurt Hindenburg, on behalf of David Hallas.
Committed on 14/03/2019 at 03:01.
Pushed by hindenburg into branch 'master'.

Fixes crash when using the Copy Input To All Tabs feature

Summary:
Fixes crash when using the Copy Input To All Tabs feature. The crash is
caused because the sessions are removed from the SessionManager before
the MainWindow is updated. When the MainWindow receives the
activeViewChanged signal it assumes that the
SessionManager::sessionProfile returns a valid Profile pointer, but in
this case it has already been freed and is therefore nullptr. The fix is
to simply check if the new active Session has a valid Profile, if not
simply ignore it.

Test Plan:
1. Open Konsole window
2. Open multiple tabs within that Konsole window
3. (apparently an important piece) Scroll through the tabs and go back to the first one opened, on the far left of the tab bar
4. Select Edit menu -> Copy Input To -> All Tabs in Current Window
5. Type a ctrl-D to issue logout command to all tabs in window

Reviewers: #konsole, hindenburg

Reviewed By: #konsole, hindenburg

Subscribers: hindenburg, konsole-devel

Tags: #konsole

Differential Revision: https://phabricator.kde.org/D19642

M  +3    -0    src/MainWindow.cpp

https://commits.kde.org/konsole/cb49c985a31692806be5f8f717d79b1425cfcbc9
Comment 3 J Petersen 2019-04-11 15:49:28 UTC
I apologize if this is the wrong place to ask this. 

Can anyone give me an idea when this fix might make it down into Fedora Core 29 (currently on konsole5-18.12.2-1.fc29)? This issue affects me daily still. Thanks!
Comment 4 J Petersen 2019-04-11 16:39:40 UTC
Nevermind. It is being pulled in to FC for testing now.
Comment 5 Christoph Feck 2019-04-25 19:19:30 UTC
*** Bug 403114 has been marked as a duplicate of this bug. ***