This crash happened randomly (twice in the past two days) when editing c++ code: #0 0x00007f2d923f1400 in QIcon::QIcon(QIcon const&) () from /KDevelop-5.4.0/usr/lib/libQt5Gui.so.5 #1 0x00007f2d92c46524 in QAction::icon() const () from /KDevelop-5.4.0/usr/lib/libQt5Widgets.so.5 #2 0x00007f2d734b3e69 in ActionsQuickOpenItem::icon() const () from /KDevelop-5.4.0/usr/lib/qt5/plugins/kdevplatform/32/kdevquickopen.so #3 0x00007f2d7349b57a in QuickOpenModel::data(QModelIndex const&, int) const () from /KDevelop-5.4.0/usr/lib/qt5/plugins/kdevplatform/32/kdevquickopen.so #4 0x00007f2d91898beb in QAbstractProxyModel::data(QModelIndex const&, int) const () from /KDevelop-5.4.0/usr/lib/libQt5Core.so.5 #5 0x00007f2d92ea01db in QItemDelegate::rect(QStyleOptionViewItem const&, QModelIndex const&, int) const () from /KDevelop-5.4.0/usr/lib/libQt5Widgets.so.5 #6 0x00007f2d92ea0903 in QItemDelegate::sizeHint(QStyleOptionViewItem const&, QModelIndex const&) const () from /KDevelop-5.4.0/usr/lib/libQt5Widgets.so.5 #7 0x00007f2d734b6792 in ExpandingDelegate::sizeHint(QStyleOptionViewItem const&, QModelIndex const&) const () from /KDevelop-5.4.0/usr/lib/qt5/plugins/kdevplatform/32/kdevquickopen.so #8 0x00007f2d92ee69c3 in QTreeView::indexRowSizeHint(QModelIndex const&) const () from /KDevelop-5.4.0/usr/lib/libQt5Widgets.so.5 #9 0x00007f2d92ee7d6c in QTreeViewPrivate::itemHeight(int) const () from /KDevelop-5.4.0/usr/lib/libQt5Widgets.so.5 #10 0x00007f2d92ee96be in QTreeViewPrivate::updateScrollBars() () from /KDevelop-5.4.0/usr/lib/libQt5Widgets.so.5 #11 0x00007f2d92ef0721 in QTreeView::updateGeometries() () from /KDevelop-5.4.0/usr/lib/libQt5Widgets.so.5 #12 0x00007f2d92c88ce2 in QWidget::event(QEvent*) () from /KDevelop-5.4.0/usr/lib/libQt5Widgets.so.5 #13 0x00007f2d92d2de4e in QFrame::event(QEvent*) () from /KDevelop-5.4.0/usr/lib/libQt5Widgets.so.5 #14 0x00007f2d92e89c7c in QAbstractItemView::viewportEvent(QEvent*) () from /KDevelop-5.4.0/usr/lib/libQt5Widgets.so.5 #15 0x00007f2d92eef54c in QTreeView::viewportEvent(QEvent*) () from /KDevelop-5.4.0/usr/lib/libQt5Widgets.so.5 #16 0x00007f2d918e8590 in QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*) () from /KDevelop-5.4.0/usr/lib/libQt5Core.so.5 #17 0x00007f2d92c4bcf5 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /KDevelop-5.4.0/usr/lib/libQt5Widgets.so.5 #18 0x00007f2d92c53021 in QApplication::notify(QObject*, QEvent*) () from /KDevelop-5.4.0/usr/lib/libQt5Widgets.so.5 #19 0x00007f2d918e87f8 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /KDevelop-5.4.0/usr/lib/libQt5Core.so.5 #20 0x00007f2d92c81922 in QWidgetPrivate::sendPendingMoveAndResizeEvents(bool, bool) () from /KDevelop-5.4.0/usr/lib/libQt5Widgets.so.5 #21 0x00007f2d92c853f3 in QWidgetPrivate::show_helper() () from /KDevelop-5.4.0/usr/lib/libQt5Widgets.so.5 #22 0x00007f2d92c880d5 in QWidget::setVisible(bool) () from /KDevelop-5.4.0/usr/lib/libQt5Widgets.so.5 #23 0x00007f2d92c853a8 in QWidgetPrivate::showChildren(bool) () from /KDevelop-5.4.0/usr/lib/libQt5Widgets.so.5 #24 0x00007f2d92c8540f in QWidgetPrivate::show_helper() () from /KDevelop-5.4.0/usr/lib/libQt5Widgets.so.5 #25 0x00007f2d92c880d5 in QWidget::setVisible(bool) () from /KDevelop-5.4.0/usr/lib/libQt5Widgets.so.5 #26 0x00007f2d92c853a8 in QWidgetPrivate::showChildren(bool) () from /KDevelop-5.4.0/usr/lib/libQt5Widgets.so.5 #27 0x00007f2d92c8540f in QWidgetPrivate::show_helper() () from /KDevelop-5.4.0/usr/lib/libQt5Widgets.so.5 #28 0x00007f2d92c880d5 in QWidget::setVisible(bool) () from /KDevelop-5.4.0/usr/lib/libQt5Widgets.so.5 #29 0x00007f2d7348e335 in QuickOpenLineEdit::focusInEvent(QFocusEvent*) () from /KDevelop-5.4.0/usr/lib/qt5/plugins/kdevplatform/32/kdevquickopen.so #30 0x00007f2d92c89049 in QWidget::event(QEvent*) () from /KDevelop-5.4.0/usr/lib/libQt5Widgets.so.5 #31 0x00007f2d92d8dda5 in QLineEdit::event(QEvent*) () from /KDevelop-5.4.0/usr/lib/libQt5Widgets.so.5 #32 0x00007f2d92c4bd1c in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /KDevelop-5.4.0/usr/lib/libQt5Widgets.so.5 #33 0x00007f2d92c53021 in QApplication::notify(QObject*, QEvent*) () from /KDevelop-5.4.0/usr/lib/libQt5Widgets.so.5 #34 0x00007f2d918e87f8 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /KDevelop-5.4.0/usr/lib/libQt5Core.so.5 #35 0x00007f2d92c50d2e in QApplicationPrivate::setFocusWidget(QWidget*, Qt::FocusReason) () from /KDevelop-5.4.0/usr/lib/libQt5Widgets.so.5 #36 0x00007f2d92c82f35 in QWidget::setFocus(Qt::FocusReason) () from /KDevelop-5.4.0/usr/lib/libQt5Widgets.so.5 #37 0x00007f2d92c4c28d in QApplicationPrivate::giveFocusAccordingToFocusPolicy(QWidget*, QEvent*, QPoint) () from /KDevelop-5.4.0/usr/lib/libQt5Widgets.so.5 #38 0x00007f2d92c54c1c in QApplication::notify(QObject*, QEvent*) () from /KDevelop-5.4.0/usr/lib/libQt5Widgets.so.5 #39 0x00007f2d918e87f8 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /KDevelop-5.4.0/usr/lib/libQt5Core.so.5 #40 0x00007f2d92c5260d in QApplicationPrivate::sendMouseEvent(QWidget*, QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&, bool) () from /KDevelop-5.4.0/usr/lib/libQt5Widgets.so.5 #41 0x00007f2d92ca1f1e in ?? () from /KDevelop-5.4.0/usr/lib/libQt5Widgets.so.5 #42 0x00007f2d92ca480b in ?? () from /KDevelop-5.4.0/usr/lib/libQt5Widgets.so.5 #43 0x00007f2d92c4bd1c in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /KDevelop-5.4.0/usr/lib/libQt5Widgets.so.5 #44 0x00007f2d92c53021 in QApplication::notify(QObject*, QEvent*) () from /KDevelop-5.4.0/usr/lib/libQt5Widgets.so.5 #45 0x00007f2d918e87f8 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /KDevelop-5.4.0/usr/lib/libQt5Core.so.5 #46 0x00007f2d92377ee3 in QGuiApplicationPrivate::processMouseEvent(QWindowSystemInterfacePrivate::MouseEvent*) () from /KDevelop-5.4.0/usr/lib/libQt5Gui.so.5 #47 0x00007f2d92379945 in QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) () from /KDevelop-5.4.0/usr/lib/libQt5Gui.so.5 #48 0x00007f2d923547cb in QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /KDevelop-5.4.0/usr/lib/libQt5Gui.so.5 #49 0x00007f2d86c87206 in ?? () from /KDevelop-5.4.0/usr/lib/libQt5XcbQpa.so.5 #50 0x00007f2d918e6e4a in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /KDevelop-5.4.0/usr/lib/libQt5Core.so.5 #51 0x00007f2d918ef754 in QCoreApplication::exec() () from /KDevelop-5.4.0/usr/lib/libQt5Core.so.5 #52 0x000000000040c3a9 in main ()
Thanks for the report. Never seen before. Can you remember what you exactly did? What language do you develop with? Did you enable/disable plugins? Developer notes: Backtrace possibly hints to a QAction accessed which no longer exists. The QAction pointed to by ActionsQuickOpenItem is added during a filtering run, where ActionsQuickOpenProvider::setFilterText() queries KActionCollection::allCollections() for all actions. But there is no mechanism to catch actions being deleted at a later point, while the item is still existing. The rest of the backtrace hints that the popup of the QuickOpen menu is triggered, and possibly at that point it still holds the results of the last search. Needs more investigation.
(In reply to Friedrich W. H. Kossebau from comment #1) > Thanks for the report. Never seen before. Can you remember what you exactly > did? What language do you develop with? Did you enable/disable plugins? > > Developer notes: > Backtrace possibly hints to a QAction accessed which no longer exists. The > QAction pointed to by ActionsQuickOpenItem is added during a filtering run, > where ActionsQuickOpenProvider::setFilterText() queries > KActionCollection::allCollections() for all actions. But there is no > mechanism to catch actions being deleted at a later point, while the item is > still existing. > > The rest of the backtrace hints that the popup of the QuickOpen menu is > triggered, and possibly at that point it still holds the results of the last > search. > > Needs more investigation. The codebase I was editing is C++. Just before the crash, I pasted two lines of template code in a .h file. The weird thing is that in the callstack I saw references to quickopen which you also mentioned, but I'm pretty sure I was not trying to use the quick open box. The mouse pointer was hovering somewhere near the new pasted lines in the editor panel and I didn't hit any of the shortcuts for the quick open actions. I have some plugins disabled: svn, perforce, bazaar, ninja, meson, ctags, man pages The core file is unfortunately not very helpful, there are no debug symbols
(In reply to Friedrich W. H. Kossebau from comment #1) > Thanks for the report. Never seen before. Can you remember what you exactly > did? What language do you develop with? Did you enable/disable plugins? > > Developer notes: > Backtrace possibly hints to a QAction accessed which no longer exists. The > QAction pointed to by ActionsQuickOpenItem is added during a filtering run, > where ActionsQuickOpenProvider::setFilterText() queries > KActionCollection::allCollections() for all actions. But there is no > mechanism to catch actions being deleted at a later point, while the item is > still existing. > > The rest of the backtrace hints that the popup of the QuickOpen menu is > triggered, and possibly at that point it still holds the results of the last > search. > > Needs more investigation. just in case it helps, I poked around a little bit in gdb at the disassembled code and indeed ActionsQuickOpenItem::m_action value looks like a horked pointer: 0x4000000000000090 Dump of assembler code for function _ZNK7QAction4iconEv: 0x00007f2d92c46510 <+0>: push rbx 0x00007f2d92c46511 <+1>: mov rsi,QWORD PTR [rsi+0x8] 0x00007f2d92c46515 <+5>: mov rbx,rdi 0x00007f2d92c46518 <+8>: add rsi,0x90 0x00007f2d92c4651f <+15>: call 0x7f2d92c3c780 <QIcon::QIcon(QIcon const&)@plt> => 0x00007f2d92c46524 <+20>: mov rax,rbx (gdb) info registers rax 0x1 1 rbx 0x7ffe08c73b00 140729045695232 rcx 0xca89030 212373552 rdx 0x188607a0 411436960 rsi 0x4000000000000090 4611686018427388048 rdi 0x7ffe08c73b00 140729045695232 rbp 0x7ffe08c73b70 0x7ffe08c73b70 rsp 0x7ffe08c73b00 0x7ffe08c73b00 r8 0x7f01fec0 2130837184 r9 0x83 131 r10 0xffffffff 4294967295 r11 0x0 0 r12 0x171e9fd0 387882960 r13 0x7ffe08c73bd0 140729045695440 r14 0x2a529d0 44378576 r15 0x1 1 rip 0x7f2d734b3e69 0x7f2d734b3e69 <ActionsQuickOpenItem::icon() const+41> eflags 0x206 [ PF IF ] cs 0x33 51 ss 0x2b 43 ds 0x0 0 es 0x0 0 fs 0x0 0 gs 0x0 0
(In reply to Wood from comment #3) > just in case it helps, I poked around a little bit in gdb at the > disassembled code and indeed ActionsQuickOpenItem::m_action value looks like > a horked pointer: 0x4000000000000090 Interesting, that would rather hint the ActionsQuickOpenItem struct itself is bogus, as the m_action is set in the constructor (where it should be a proper pointer value) and never changed later. Something to look out for as well.
This happens not only in the Appimage. Just hit this when using the neon package.
(In reply to David Redondo from comment #5) > This happens not only in the Appimage. Just hit this when using the neon > package. Same backtrace? Do you remember what you did? The best idea I have so far is that QuickOpenModel::data() does not protect against being called with an invalid index (here coming from direct mapping call from QAbstractProxyModel), or rather QuickOpenModel::getItem not against being called with row == -1, where it would return a out-of-array-bounds item for ActionsQuickOpenProvider then. Though only if that provider is first in the list, where it gets added as last and would be only first if all the othes are disabled...
I would be interested in the value of the QModelIndex arguments passed to QAbstractProxyModel::data and even more the one passed to QuickOpenModel::data. The r & c member values are of most interest to me. Looking around at the code I found a possible code path which might lead to bogus ActionsQuickOpenItem objects due to out-of-bounds array access. But not sure yet how it could be reached or rather triggered from the backtrace, having the values of those QModelIndex arguments would at least prove that code path is reached here. Still no idea why the quickopen code is run here at all. The QCoreApplicationPrivate::sendThroughObjectEventFilters might give a hint though, perhaps something is broken in the logic of QuickOpenLineEdit which does a qApp->installEventFilter(this); call though tries to unregister when not active...
(In reply to Friedrich W. H. Kossebau from comment #7) > I would be interested in the value of the QModelIndex arguments passed to > QAbstractProxyModel::data and even more the one passed to > QuickOpenModel::data. The r & c member values are of most interest to me. > > Looking around at the code I found a possible code path which might lead to > bogus ActionsQuickOpenItem objects due to out-of-bounds array access. But > not sure yet how it could be reached or rather triggered from the backtrace, > having the values of those QModelIndex arguments would at least prove that > code path is reached here. > > Still no idea why the quickopen code is run here at all. The > QCoreApplicationPrivate::sendThroughObjectEventFilters might give a hint > though, perhaps something is broken in the logic of QuickOpenLineEdit which > does a > qApp->installEventFilter(this); > call though tries to unregister when not active... Unfortunately I lost the coredump file (got cleaned-up automatically this weekend).
(In reply to Wood from comment #8) > (In reply to Friedrich W. H. Kossebau from comment #7) > > I would be interested in the value of the QModelIndex arguments passed to > > QAbstractProxyModel::data and even more the one passed to > > QuickOpenModel::data. The r & c member values are of most interest to me. > > > > Looking around at the code I found a possible code path which might lead to > > bogus ActionsQuickOpenItem objects due to out-of-bounds array access. But > > not sure yet how it could be reached or rather triggered from the backtrace, > > having the values of those QModelIndex arguments would at least prove that > > code path is reached here. > > > > Still no idea why the quickopen code is run here at all. The > > QCoreApplicationPrivate::sendThroughObjectEventFilters might give a hint > > though, perhaps something is broken in the logic of QuickOpenLineEdit which > > does a > > qApp->installEventFilter(this); > > call though tries to unregister when not active... > > Unfortunately I lost the coredump file (got cleaned-up automatically this > weekend). Crashed again, very similar call stack. The lack of debug symbols makes it hard to figure out what r and c are in the index param passed to QuickOpenModel::data. But I'm pretty sure the c was 1 and the "role" paramter is Qt::DecorationRole. I couldn't figure out the value of r(In reply to Wood from comment #8) > (In reply to Friedrich W. H. Kossebau from comment #7) > > I would be interested in the value of the QModelIndex arguments passed to > > QAbstractProxyModel::data and even more the one passed to > > QuickOpenModel::data. The r & c member values are of most interest to me. > > > > Looking around at the code I found a possible code path which might lead to > > bogus ActionsQuickOpenItem objects due to out-of-bounds array access. But > > not sure yet how it could be reached or rather triggered from the backtrace, > > having the values of those QModelIndex arguments would at least prove that > > code path is reached here. > > > > Still no idea why the quickopen code is run here at all. The > > QCoreApplicationPrivate::sendThroughObjectEventFilters might give a hint > > though, perhaps something is broken in the logic of QuickOpenLineEdit which > > does a > > qApp->installEventFilter(this); > > call though tries to unregister when not active... > > Unfortunately I lost the coredump file (got cleaned-up automatically this > weekend). Crashed again, very similar call stack. The lack of debug symbols makes it hard to figure out what r and c are in the index param passed to QuickOpenModel::data. But I'm pretty sure the c was 1 and the "role" paramter is Qt::DecorationRole. I couldn't figure out the value of r
Crash stopped happening in 5.4.x > 5.4.0.