SUMMARY Upon a new update to QT, Dolphin crashes most of the time when it is opened. STEPS TO REPRODUCE 1. Open Dolphin 19.12.3 with QT 5.14.2 with Plasma 5.18.4 with X11(the current state on Arch Linux) 2. Open dolphin once, it runs correctly 3. open dolphin twice, it will crash nearly every time, and it crashes about 50% of the time afterwards OBSERVED RESULT Crash, Segmentation fault EXPECTED RESULT SOFTWARE/OS VERSIONS Windows: macOS: Linux/KDE Plasma: (available in About System) KDE Plasma Version: 5.18.4 KDE Frameworks Version: 5.68.0 Qt Version: 5.14.2 ADDITIONAL INFORMATION
Created attachment 127235 [details] New crash information added by DrKonqi dolphin (20.03.80) using Qt 5.14.2 I can confirm this is what happens very time I start dolphin now, after a few seconds, with Qt 5.14.2. Attaching backtrace with debug symbols. -- Backtrace (Reduced): #7 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 #8 0x00007ff08d4c855b in __GI_abort () at abort.c:79 [...] #10 0x00007ff08d529f2a in malloc_printerr (str=str@entry=0x7ff08d62b0f8 "free(): invalid size") at malloc.c:5339 #11 0x00007ff08d52b98c in _int_free (av=<optimized out>, p=0x7ff0899a10c0 <vtable for icu::RuleBasedCollator>, have_lock=0) at malloc.c:4177 #12 0x00007ff08d52eefb in tcache_thread_shutdown () at malloc.c:2964
Can you post a valgrind log?
(In reply to Elvis Angelaccio from comment #2) > Can you post a valgrind log? Interestingly enough, I could not get the crash to happen under valgrind. Given that the crash almost never happens on the *first* time dolphin is opened after system boot leads me to believe that it has something to do with the speed at which dolphin is opened(and the page cache guarantees this speed on the second opening). I have pasted a non-crash valgrind log, but I could not reproduce the crash with valgrind. ==15495== Memcheck, a memory error detector ==15495== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==15495== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info ==15495== Command: dolphin ==15495== ==15495== Conditional jump or move depends on uninitialised value(s) ==15495== at 0xD9B6D53: ??? ==15495== by 0xFC7A267: ??? ==15495== ==15495== Conditional jump or move depends on uninitialised value(s) ==15495== at 0xD9B6D53: ??? ==15495== by 0xFC82337: ??? ==15495== ==15495== Conditional jump or move depends on uninitialised value(s) ==15495== at 0xD9B6D53: ??? ==15495== by 0xFCD0E37: ??? ==15495== ==15495== Conditional jump or move depends on uninitialised value(s) ==15495== at 0xD9B6D53: ??? ==15495== by 0xFD362C7: ??? ==15495== ==15495== Conditional jump or move depends on uninitialised value(s) ==15495== at 0xD9B6D53: ??? ==15495== by 0x10221EC7: ??? ==15495== ==15495== Conditional jump or move depends on uninitialised value(s) ==15495== at 0xD9B6D53: ??? ==15495== by 0xE8017D7: ??? ==15495== ==15495== Conditional jump or move depends on uninitialised value(s) ==15495== at 0xD9B6D53: ??? ==15495== by 0xE7BBE37: ??? ==15495== ==15495== Conditional jump or move depends on uninitialised value(s) ==15495== at 0xD9B6D53: ??? ==15495== by 0xE88BFC7: ??? ==15495== ==15495== Conditional jump or move depends on uninitialised value(s) ==15495== at 0xD9B6D53: ??? ==15495== by 0xE88DC37: ??? ==15495== ==15495== Conditional jump or move depends on uninitialised value(s) ==15495== at 0xD9B6D53: ??? ==15495== by 0xE88EAC7: ??? ==15495== ==15495== Conditional jump or move depends on uninitialised value(s) ==15495== at 0xD9B6D53: ??? ==15495== by 0xE8BE4A7: ??? ==15495== ==15495== Conditional jump or move depends on uninitialised value(s) ==15495== at 0xD9B6D53: ??? ==15495== by 0xE8A8607: ??? ==15495== ==15495== Conditional jump or move depends on uninitialised value(s) ==15495== at 0xD9B6D53: ??? ==15495== by 0xE901927: ??? ==15495== ==15495== Conditional jump or move depends on uninitialised value(s) ==15495== at 0xD9B624D: ??? ==15495== by 0xF407FB9: ??? ==15495== ==15495== Conditional jump or move depends on uninitialised value(s) ==15495== at 0xD9B624D: ??? ==15495== by 0xF4512E9: ??? ==15495== ==15495== Conditional jump or move depends on uninitialised value(s) ==15495== at 0xD9B624D: ??? ==15495== by 0xF46A349: ??? ==15495== ==15495== Conditional jump or move depends on uninitialised value(s) ==15495== at 0xD9B624D: ??? ==15495== by 0xF46B8B9: ??? ==15495== ==15495== Conditional jump or move depends on uninitialised value(s) ==15495== at 0xD9B624D: ??? ==15495== by 0xF482F89: ??? ==15495== ==15495== Conditional jump or move depends on uninitialised value(s) ==15495== at 0xD9B624D: ??? ==15495== by 0xF490E59: ??? ==15495== ==15495== Conditional jump or move depends on uninitialised value(s) ==15495== at 0xD9B624D: ??? ==15495== by 0xF4B7E59: ??? ==15495== ==15495== Conditional jump or move depends on uninitialised value(s) ==15495== at 0xD9B624D: ??? ==15495== by 0xF4C5519: ??? ==15495== ==15495== Conditional jump or move depends on uninitialised value(s) ==15495== at 0xD9B624D: ??? ==15495== by 0xF4D1D59: ??? ==15495== ==15495== Conditional jump or move depends on uninitialised value(s) ==15495== at 0xD9B624D: ??? ==15495== by 0xF4D6D39: ??? ==15495== ==15495== Conditional jump or move depends on uninitialised value(s) ==15495== at 0xD9B624D: ??? ==15495== by 0xC355FC9: ??? ==15495== ==15495== Conditional jump or move depends on uninitialised value(s) ==15495== at 0xD9B624D: ??? ==15495== by 0x142C2909: ??? ==15495== ==15495== Conditional jump or move depends on uninitialised value(s) ==15495== at 0xD9B624D: ??? ==15495== by 0xC3660A9: ??? ==15495== ==15495== Conditional jump or move depends on uninitialised value(s) ==15495== at 0xD9B624D: ??? ==15495== by 0xE534E49: ??? ==15495== ==15495== Conditional jump or move depends on uninitialised value(s) ==15495== at 0xD9B624D: ??? ==15495== by 0x142D23A9: ??? ==15495== ==15495== Conditional jump or move depends on uninitialised value(s) ==15495== at 0xD9B624D: ??? ==15495== by 0x142D5589: ??? ==15495== ==15495== Conditional jump or move depends on uninitialised value(s) ==15495== at 0xD9B624D: ??? ==15495== by 0x142567B9: ??? ==15495== ==15495== Conditional jump or move depends on uninitialised value(s) ==15495== at 0xD9B624D: ??? ==15495== by 0x14276899: ??? ==15495== ==15495== Conditional jump or move depends on uninitialised value(s) ==15495== at 0xD9B624D: ??? ==15495== by 0x14267829: ??? ==15495== ==15495== Conditional jump or move depends on uninitialised value(s) ==15495== at 0xD9B624D: ??? ==15495== by 0x1427BE79: ??? ==15495== kf5.kio.core: We got some errors while running testparm "Error loading services." kf5.kio.core: We got some errors while running 'net usershare info' kf5.kio.core: "Can't load /etc/samba/smb.conf - run testparm to debug it\n" ==15495== ==15495== HEAP SUMMARY: ==15495== in use at exit: 588,129 bytes in 8,281 blocks ==15495== total heap usage: 512,859 allocs, 504,578 frees, 81,509,235 bytes allocated ==15495== ==15495== LEAK SUMMARY: ==15495== definitely lost: 354 bytes in 9 blocks ==15495== indirectly lost: 85,811 bytes in 368 blocks ==15495== possibly lost: 320 bytes in 2 blocks ==15495== still reachable: 501,644 bytes in 7,902 blocks ==15495== of which reachable via heuristic: ==15495== newarray : 4,264 bytes in 1 blocks ==15495== suppressed: 0 bytes in 0 blocks ==15495== Rerun with --leak-check=full to see details of leaked memory ==15495== ==15495== Use --track-origins=yes to see where uninitialised values come from ==15495== For lists of detected and suppressed errors, rerun with: -s ==15495== ERROR SUMMARY: 33 errors from 33 contexts (suppressed: 0 from 0)
*** Bug 419640 has been marked as a duplicate of this bug. ***
I don't think that was a duplicate bug, this looks related to ICU. And I get semi-inconsistent crashes now when opening dolphin as well, pointing at ICU. One suspect thing is that there's multiple threads accessing the m_collator in KFileItemModel, might be that Qt removed some internal thread protection. I also get semi-random invalid frees on exit.
I'm not sure if this is because of a new version of Qt either, I just got a new version of ICU installed as well.
9e3418bd558293a92b2e8bcba55f5a3f5d3cc5a4 is probably the culprit. And a good example of why I don't like auto and lambdas like that, it should be in an explicit function so it's obvious why it is full of race conditions.
Created attachment 127356 [details] A quick and dirty, but simple, patch The simplest patch possible, I think.
*** Bug 419803 has been marked as a duplicate of this bug. ***
There's a patch that should fix this: https://phabricator.kde.org/D28659
*** Bug 419790 has been marked as a duplicate of this bug. ***
*** Bug 419828 has been marked as a duplicate of this bug. ***
*** Bug 419849 has been marked as a duplicate of this bug. ***
Git commit 35b4c6d4df1281afd621374e686f19e654ad7bae by Martin T. H. Sandsmark. Committed on 12/04/2020 at 10:15. Pushed by sandsmark into branch 'release/20.04'. Fix crashing on starting and quitting QCollator (especially with Qt 5.14 and ICU 65.1) is very unhappy with threads. To avoid having to lock and unlock the mutex everywhere (and ensure it is unlocked before calling other things that might lock it, etc.), we do it as locally as possible. Even if for some reason Qt and ICU make QCollator threadsafe in the future locking here should have minimal impact. Differential Revision: https://phabricator.kde.org/D28659 M +5 -0 src/kitemviews/kfileitemmodel.cpp https://commits.kde.org/dolphin/35b4c6d4df1281afd621374e686f19e654ad7bae
*** Bug 419896 has been marked as a duplicate of this bug. ***
*** Bug 419674 has been marked as a duplicate of this bug. ***