418352 – Kate crashes when moving selections of text with Crtl+Shift+Arrow keys

Bug 418352 - Kate crashes when moving selections of text with Crtl+Shift+Arrow keys

Summary: Kate crashes when moving selections of text with Crtl+Shift+Arrow keys

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	kate
Classification:	Applications
Component:	general (show other bugs)
Version:	19.12.2
Platform:	openSUSE Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	KWrite Developers

URL:
Keywords:	drkonqi

Depends on:
Blocks:

Reported:	2020-03-01 10:17 UTC by Jürgen Thomann
Modified:	2021-02-05 21:57 UTC (History)
CC List:	7 users (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Crash report with more debug symbols installed (22.01 KB, text/plain) 2020-03-03 07:02 UTC, 2012gdwu+k2	Details
Sample text file (66.36 KB, text/plain) 2020-07-04 16:19 UTC, Jürgen Thomann	Details
reproducer script (7.32 KB, application/x-shellscript) 2020-07-04 16:22 UTC, Jürgen Thomann	Details
New crash information added by DrKonqi (17.89 KB, text/plain) 2020-11-10 14:31 UTC, Marian	Details
New crash information added by DrKonqi (2.21 KB, text/plain) 2021-01-31 08:52 UTC, niluxv.opensource.C-h2ty6xl	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Jürgen Thomann 2020-03-01 10:17:34 UTC

Application: kate (19.12.2)

Qt Version: 5.14.1
Frameworks Version: 5.67.0
Operating System: Linux 5.5.5-1-default x86_64
Windowing system: X11
Distribution: "openSUSE Tumbleweed"

-- Information about the crash:
- What I was doing when the application crashed:

I moved a selected line of text with Ctrl+Shift+Arrow key to a different position within Kate. It worked for some time and after some more times of using it, it crashed two out of two times. It seems like I used the feature round about the same amount before the crash happened so could be like a buffer of something is reached and crashes...

The crash can be reproduced sometimes.

-- Backtrace:
Application: Kate (kate), signal: Segmentation fault
Using host libthread_db library "/lib64/libthread_db.so.1".
[Current thread is 1 (Thread 0x7f55e035e800 (LWP 28667))]

Thread 7 (Thread 0x7f55c3fff700 (LWP 28673)):
#0  0x00007f55e16d9795 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
#1  0x00007f55d636550b in ?? () from /usr/lib64/dri/i965_dri.so
#2  0x00007f55d6365387 in ?? () from /usr/lib64/dri/i965_dri.so
#3  0x00007f55e16d2efa in start_thread () from /lib64/libpthread.so.0
#4  0x00007f55e47bf3bf in clone () from /lib64/libc.so.6

Thread 6 (Thread 0x7f55d4cae700 (LWP 28672)):
#0  0x00007f55e16d9795 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
#1  0x00007f55d636550b in ?? () from /usr/lib64/dri/i965_dri.so
#2  0x00007f55d6365387 in ?? () from /usr/lib64/dri/i965_dri.so
#3  0x00007f55e16d2efa in start_thread () from /lib64/libpthread.so.0
#4  0x00007f55e47bf3bf in clone () from /lib64/libc.so.6

Thread 5 (Thread 0x7f55d54af700 (LWP 28671)):
#0  0x00007f55e16d9795 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
#1  0x00007f55d636550b in ?? () from /usr/lib64/dri/i965_dri.so
#2  0x00007f55d6365387 in ?? () from /usr/lib64/dri/i965_dri.so
#3  0x00007f55e16d2efa in start_thread () from /lib64/libpthread.so.0
#4  0x00007f55e47bf3bf in clone () from /lib64/libc.so.6

Thread 4 (Thread 0x7f55d5cb0700 (LWP 28670)):
#0  0x00007f55e16d9795 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
#1  0x00007f55d636550b in ?? () from /usr/lib64/dri/i965_dri.so
#2  0x00007f55d6365387 in ?? () from /usr/lib64/dri/i965_dri.so
#3  0x00007f55e16d2efa in start_thread () from /lib64/libpthread.so.0
#4  0x00007f55e47bf3bf in clone () from /lib64/libc.so.6

Thread 3 (Thread 0x7f55dceaf700 (LWP 28669)):
#0  0x00007f55e0d2d634 in g_mutex_unlock () from /usr/lib64/libglib-2.0.so.0
#1  0x00007f55e0ce1b45 in g_main_context_query () from /usr/lib64/libglib-2.0.so.0
#2  0x00007f55e0ce2278 in ?? () from /usr/lib64/libglib-2.0.so.0
#3  0x00007f55e0ce241f in g_main_context_iteration () from /usr/lib64/libglib-2.0.so.0
#4  0x00007f55e2a9cc6b in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib64/libQt5Core.so.5
#5  0x00007f55e2a44bfb in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib64/libQt5Core.so.5
#6  0x00007f55e286f62e in QThread::exec() () from /usr/lib64/libQt5Core.so.5
#7  0x00007f55e2d28507 in ?? () from /usr/lib64/libQt5DBus.so.5
#8  0x00007f55e28706f8 in ?? () from /usr/lib64/libQt5Core.so.5
#9  0x00007f55e16d2efa in start_thread () from /lib64/libpthread.so.0
#10 0x00007f55e47bf3bf in clone () from /lib64/libc.so.6

Thread 2 (Thread 0x7f55de2bf700 (LWP 28668)):
#0  0x00007f55e47b4acf in poll () from /lib64/libc.so.6
#1  0x00007f55e170e752 in ?? () from /usr/lib64/libxcb.so.1
#2  0x00007f55e170f40a in xcb_wait_for_event () from /usr/lib64/libxcb.so.1
#3  0x00007f55de4b0ab0 in ?? () from /usr/lib64/libQt5XcbQpa.so.5
#4  0x00007f55e28706f8 in ?? () from /usr/lib64/libQt5Core.so.5
#5  0x00007f55e16d2efa in start_thread () from /lib64/libpthread.so.0
#6  0x00007f55e47bf3bf in clone () from /lib64/libc.so.6

Thread 1 (Thread 0x7f55e035e800 (LWP 28667)):
[KCrash Handler]
#6  0x00007f55e21dd9ac in QV4::MarkStack::drain (this=this@entry=0x7ffc079f6e30) at /usr/src/debug/libqt5-qtdeclarative-5.14.1-1.3.x86_64/include/QtQml/5.14.1/QtQml/private/../../../../../src/qml/memory/qv4heap_p.h:73
#7  0x00007f55e2264179 in QV4::PersistentValueStorage::mark (this=<optimized out>, markStack=markStack@entry=0x7ffc079f6e30) at /usr/src/debug/libqt5-qtdeclarative-5.14.1-1.3.x86_64/src/qml/jsruntime/qv4persistent.cpp:243
#8  0x00007f55e21ddd4b in QV4::MemoryManager::collectRoots (this=this@entry=0x5576d9236950, markStack=markStack@entry=0x7ffc079f6e30) at /usr/src/debug/libqt5-qtdeclarative-5.14.1-1.3.x86_64/src/qml/memory/qv4mm.cpp:876
#9  0x00007f55e21ddf3d in QV4::MemoryManager::mark (this=this@entry=0x5576d9236950) at /usr/src/debug/libqt5-qtdeclarative-5.14.1-1.3.x86_64/src/qml/memory/qv4mm.cpp:917
#10 0x00007f55e21dfa16 in QV4::MemoryManager::runGC (this=0x5576d9236950) at /usr/src/debug/libqt5-qtdeclarative-5.14.1-1.3.x86_64/src/qml/memory/qv4mm.cpp:1052
#11 0x00007f55e21e1ce8 in QV4::MemoryManager::allocate (size=96, allocator=0x5576d9236960, this=this@entry=0x5576d9236950) at /usr/src/debug/libqt5-qtdeclarative-5.14.1-1.3.x86_64/include/QtQml/5.14.1/QtQml/private/../../../../../src/qml/memory/qv4mm_p.h:328
#12 QV4::MemoryManager::allocData (this=this@entry=0x5576d9236950, size=size@entry=96) at /usr/src/debug/libqt5-qtdeclarative-5.14.1-1.3.x86_64/src/qml/memory/qv4mm.cpp:802
#13 0x00007f55e21e1d43 in QV4::MemoryManager::allocObjectWithMemberData (this=0x5576d9236950, vtable=<optimized out>, nMembers=<optimized out>) at /usr/src/debug/libqt5-qtdeclarative-5.14.1-1.3.x86_64/src/qml/memory/qv4mm.cpp:825
#14 0x00007f55e23148e1 in QV4::MemoryManager::allocateObject<QV4::ArgumentsObject> (ic=0x7f55c2721200, this=<optimized out>) at /usr/src/debug/libqt5-qtdeclarative-5.14.1-1.3.x86_64/src/qml/jsruntime/qv4argumentsobject_p.h:93
#15 QV4::MemoryManager::allocObject<QV4::ArgumentsObject, QV4::CppStackFrame*> (ic=0x7f55c2721200, this=<optimized out>) at /usr/src/debug/libqt5-qtdeclarative-5.14.1-1.3.x86_64/include/QtQml/5.14.1/QtQml/private/../../../../../src/qml/memory/qv4mm_p.h:227
#16 QV4::Runtime::CreateMappedArgumentsObject::call (engine=<optimized out>) at /usr/src/debug/libqt5-qtdeclarative-5.14.1-1.3.x86_64/src/qml/jsruntime/qv4runtime.cpp:1917
#17 0x00007f55d6c1f06e in ?? ()
#18 0x0000000000000000 in ?? ()
[Inferior 1 (process 28667) detached]

Possible duplicates by query: bug 416384.

Reported using DrKonqi

Comment 1 2012gdwu+k2 2020-03-03 07:01:38 UTC

The attached crash report was generated with more debug symobls installed and could be useful.
Here's how I got the crash:

1. Select multiple lines of text
2. Move selection up (ctrl+shift)
3. Attempt to move selection down (-> crash)

I can't reproduce it consistently.

Comment 2 2012gdwu+k2 2020-03-03 07:02:38 UTC

Created attachment 126558 [details]
Crash report with more debug symbols installed

Comment 3 Dominik Haumann 2020-07-01 21:59:55 UTC

Isn't Qt 5.14 broken? Can you try with Qt 5.15?

Comment 4 Jürgen Thomann 2020-07-02 19:25:23 UTC

Still crashes with QT 5.15.

Application: kate (20.04.2)

Qt Version: 5.15.0
Frameworks Version: 5.71.0
Operating System: Linux 5.7.2-1-default x86_64
Windowing system: X11
Distribution: "openSUSE Tumbleweed"

-- Backtrace:
Application: Kate (kate), signal: Segmentation fault

[KCrash Handler]
#4  QV4::Heap::Base::mark (markStack=0x7ffd811b6a40, this=0x7fc9ee3be658) at /usr/src/debug/libqt5-qtdeclarative-5.15.0-1.1.x86_64/include/QtQml/5.15.0/QtQml/private/../../../../../src/qml/memory/qv4heap_p.h:190
#5  QV4::Managed::mark (markStack=0x7ffd811b6a40, this=0x7fc9ee3be668) at /usr/src/debug/libqt5-qtdeclarative-5.15.0-1.1.x86_64/src/qml/jsruntime/qv4managed_p.h:204
#6  QV4::MemoryManager::collectFromJSStack (this=<optimized out>, markStack=0x7ffd811b6a40) at /usr/src/debug/libqt5-qtdeclarative-5.15.0-1.1.x86_64/src/qml/memory/qv4mm.cpp:1219
#7  0x00007fca00d62f7e in QV4::MemoryManager::collectRoots (this=0x555f5b6b4500, markStack=0x7ffd811b6a40) at /usr/src/debug/libqt5-qtdeclarative-5.15.0-1.1.x86_64/src/qml/memory/qv4mm.cpp:876
#8  0x00007fca00d631dd in QV4::MemoryManager::mark (this=this@entry=0x555f5b6b4500) at /usr/src/debug/libqt5-qtdeclarative-5.15.0-1.1.x86_64/src/qml/memory/qv4mm.cpp:916
#9  0x00007fca00d64ef1 in QV4::MemoryManager::runGC (this=0x555f5b6b4500) at /usr/src/debug/libqt5-qtdeclarative-5.15.0-1.1.x86_64/src/qml/memory/qv4mm.cpp:1050
#10 0x00007fca00d66b88 in QV4::MemoryManager::allocate (size=96, allocator=0x555f5b6b4510, this=this@entry=0x555f5b6b4500) at /usr/src/debug/libqt5-qtdeclarative-5.15.0-1.1.x86_64/include/QtQml/5.15.0/QtQml/private/../../../../../src/qml/memory/qv4mm_p.h:328
#11 QV4::MemoryManager::allocData (this=this@entry=0x555f5b6b4500, size=size@entry=96) at /usr/src/debug/libqt5-qtdeclarative-5.15.0-1.1.x86_64/src/qml/memory/qv4mm.cpp:803
#12 0x00007fca00d66be3 in QV4::MemoryManager::allocObjectWithMemberData (this=0x555f5b6b4500, vtable=<optimized out>, nMembers=<optimized out>) at /usr/src/debug/libqt5-qtdeclarative-5.15.0-1.1.x86_64/src/qml/memory/qv4mm.cpp:826
#13 0x00007fca00e7a0f1 in QV4::MemoryManager::allocateObject<QV4::ArgumentsObject> (ic=0x7fc9edfc1200, this=<optimized out>) at /usr/src/debug/libqt5-qtdeclarative-5.15.0-1.1.x86_64/src/qml/jsruntime/qv4argumentsobject_p.h:93
#14 QV4::MemoryManager::allocObject<QV4::ArgumentsObject, QV4::CppStackFrame*> (ic=0x7fc9edfc1200, this=<optimized out>) at /usr/src/debug/libqt5-qtdeclarative-5.15.0-1.1.x86_64/include/QtQml/5.15.0/QtQml/private/../../../../../src/qml/memory/qv4mm_p.h:227
#15 QV4::Runtime::CreateMappedArgumentsObject::call (engine=<optimized out>) at /usr/src/debug/libqt5-qtdeclarative-5.15.0-1.1.x86_64/src/qml/jsruntime/qv4runtime.cpp:1928
#16 0x00007fc9f571906e in ?? ()
#17 0x0000000000000000 in ?? ()
[Inferior 1 (process 29715) detached]

Comment 5 Jürgen Thomann 2020-07-04 16:19:23 UTC

Created attachment 129894 [details]
Sample text file

Comment 6 Jürgen Thomann 2020-07-04 16:22:37 UTC

Created attachment 129895 [details]
reproducer script

It is a bit of hack, but the attached reproducer script will crash Kate every time with the attached sample text file.

It seems that Kate crashes a lot faster if the lines are longer. The sample file crashes quite fast. I had a different file where I ran the reproducer and completed but running it a second time crashed Kate.

Comment 7 Christoph Cullmann 2020-07-11 15:55:29 UTC

You are unfortunately right, seems not all fixes did make it into Qt 5.15 :(

Comment 8 Oded Arbel 2020-10-14 15:51:36 UTC

I got a crash that is possibly related:

Application: kate (20.11.70)

Qt Version: 5.15.0
Frameworks Version: 5.76.0
Operating System: Linux 5.8.0-22-generic x86_64
Windowing system: X11
Distribution: Ubuntu Groovy Gorilla (development branch)

Thread 1 (Thread 0x7f0402f5c800 (LWP 1109451)):
[KCrash Handler]
#4  QV4::Heap::Base::mark (markStack=0x7ffc1e53a620, this=0x7f03e03ba9f0) at ../../include/QtQml/5.15.0/QtQml/private/../../../../../src/qml/memory/qv4heap_p.h:190
#5  QV4::Managed::mark (markStack=0x7ffc1e53a620, this=0x7f03e03baa00) at jsruntime/qv4managed_p.h:204
#6  QV4::MemoryManager::collectFromJSStack (this=<optimized out>, markStack=0x7ffc1e53a620) at memory/qv4mm.cpp:1219
#7  0x00007f040697a450 in QV4::MemoryManager::collectRoots (this=0x560ed49b9390, markStack=0x7ffc1e53a620) at memory/qv4mm.cpp:876
#8  0x00007f040697a6a1 in QV4::MemoryManager::mark (this=this@entry=0x560ed49b9390) at memory/qv4mm.cpp:916
#9  0x00007f040697c1c6 in QV4::MemoryManager::runGC (this=0x560ed49b9390) at memory/qv4mm.cpp:1050
#10 0x00007f040697e498 in QV4::MemoryManager::allocate (size=96, allocator=0x560ed49b93a0, this=0x560ed49b9390) at ../../include/QtQml/5.15.0/QtQml/private/../../../../../src/qml/memory/qv4mm_p.h:328
#11 QV4::MemoryManager::allocData (this=this@entry=0x560ed49b9390, size=size@entry=96) at memory/qv4mm.cpp:803
#12 0x00007f040697e4f7 in QV4::MemoryManager::allocObjectWithMemberData (this=0x560ed49b9390, vtable=<optimized out>, nMembers=<optimized out>) at memory/qv4mm.cpp:826
#13 0x00007f0406ab6c35 in QV4::MemoryManager::allocateObject<QV4::ArgumentsObject> (ic=0x7f03a9401200, this=<optimized out>) at jsruntime/qv4argumentsobject_p.h:93
#14 QV4::MemoryManager::allocObject<QV4::ArgumentsObject, QV4::CppStackFrame*> (ic=0x7f03a9401200, this=<optimized out>) at ../../include/QtQml/5.15.0/QtQml/private/../../../../../src/qml/memory/qv4mm_p.h:227
#15 QV4::Runtime::CreateMappedArgumentsObject::call (engine=<optimized out>) at jsruntime/qv4runtime.cpp:1928
#16 0x00007f03e864663e in ?? ()
#17 0x0000000000000000 in ?? ()
[Inferior 1 (process 1109451) detached]

------------
I can reproduce this often (but not always) when editing a large ruby script. I believe it happens when the auto completer tries to show me stuff.

Comment 9 Dominik Haumann 2020-10-21 06:03:20 UTC

@Allen: can you comment on the V4 crash or maybe redirect us to someone who can?

Comment 10 Allan Sandfeld 2020-10-21 06:34:09 UTC

It is in the garbage collector. Perhaps we have injected an object with the wrong ownership policy and then deleted it underneath JS?

Comment 11 Allan Sandfeld 2020-10-21 06:44:23 UTC

I can't seem to reproduce it. Perhaps it requires a special kate settings?

Comment 12 Marian 2020-11-10 14:31:36 UTC

Created attachment 133203 [details]
New crash information added by DrKonqi

kwrite (20.08.2) using Qt 5.15.0

- What I was doing when the application crashed:
It was lua script (with lua settings).
- cut out all text (CTRL-X)
- insert text again (CTRL-V)

I wantend to update all Tabs to lua style.

-- Backtrace (Reduced):
#4  QV4::Heap::Base::mark (markStack=0x7ffcae43c910, this=0x7eff101b57d0) at ../../include/QtQml/5.15.0/QtQml/private/../../../../../src/qml/memory/qv4heap_p.h:190
#5  QV4::Managed::mark (markStack=0x7ffcae43c910, this=0x7eff101b57e0) at jsruntime/qv4managed_p.h:204
#6  QV4::MemoryManager::collectFromJSStack (this=<optimized out>, markStack=0x7ffcae43c910) at memory/qv4mm.cpp:1219
#7  0x00007eff637e9450 in QV4::MemoryManager::collectRoots (this=0x55c745ee9f80, markStack=0x7ffcae43c910) at memory/qv4mm.cpp:876
#8  0x00007eff637e96a1 in QV4::MemoryManager::mark (this=this@entry=0x55c745ee9f80) at memory/qv4mm.cpp:916

Comment 13 Jürgen Thomann 2020-11-10 15:59:19 UTC

Can someone else reproduce this errors with Qt 5.15.1?

openSUSE Tumbleweed has now 5.15.1 and I can't reproduce it anymore with the script I once shared here. So I would assume for now that an update to the latest Qt version will fix this problem.

Comment 14 Waqar Ahmed 2020-12-14 17:58:05 UTC

Cannot reproduce it with Qt 5.15.2 and latest Kate built from master

Comment 15 niluxv.opensource.C-h2ty6xl 2021-01-31 08:52:04 UTC

Created attachment 135321 [details]
New crash information added by DrKonqi

kate (20.08.2) using Qt 5.14.2

- What I was doing when the application crashed:
Editing a .lua file (just typing text). Then kate suddenly crashed.

-- Backtrace (Reduced):
#4  0x00007f1dedd16964 in QV4::MarkStack::drain (this=this@entry=0x7ffdbd5e4e40) at ../../include/QtQml/5.14.2/QtQml/private/../../../../../src/qml/memory/qv4heap_p.h:82
#5  0x00007f1dedd93aa9 in QV4::PersistentValueStorage::mark (this=<optimized out>, markStack=markStack@entry=0x7ffdbd5e4e40) at jsruntime/qv4persistent.cpp:243
#6  0x00007f1dedd16d11 in QV4::MemoryManager::collectRoots (this=this@entry=0x559c2763b560, markStack=markStack@entry=0x7ffdbd5e4e40) at memory/qv4mm.cpp:876
#7  0x00007f1dedd16f28 in QV4::MemoryManager::mark (this=this@entry=0x559c2763b560) at memory/qv4mm.cpp:917
#8  0x00007f1dedd18c81 in QV4::MemoryManager::runGC (this=0x559c2763b560) at memory/qv4mm.cpp:1052

Comment 16 Dominik Haumann 2021-02-02 02:15:07 UTC

@Allan: you likely already tested with Qt 5.15.1 or so back then, right?

I'd assume this issue is fixed then.

Comment 17 Allan Sandfeld 2021-02-02 07:44:24 UTC

(In reply to Dominik Haumann from comment #16)
> @Allan: you likely already tested with Qt 5.15.1 or so back then, right?
> 
> I'd assume this issue is fixed then.

In October I probably tested with 5.15.2, but yes, couldn't reproduce.

Comment 18 Dominik Haumann 2021-02-05 21:57:50 UTC

Likely fixed with Qt 5.12.2 or so.