Bug 419585 - Dolphin crashes most of the time on start when QT is updated to 5.14.2
Summary: Dolphin crashes most of the time on start when QT is updated to 5.14.2
Status: RESOLVED FIXED
Alias: None
Product: dolphin
Classification: Applications
Component: general (show other bugs)
Version: 19.12.3
Platform: Arch Linux Linux
: NOR crash
Target Milestone: ---
Assignee: Dolphin Bug Assignee
URL:
Keywords:
: 419640 419674 419790 419803 419828 419849 419896 (view as bug list)
Depends on:
Blocks:
 
Reported: 2020-04-03 12:49 UTC by 322997am
Modified: 2020-05-03 16:44 UTC (History)
12 users (show)

See Also:
Latest Commit:
Version Fixed In:


Attachments
New crash information added by DrKonqi (35.50 KB, patch)
2020-04-03 14:08 UTC, Andreas Sturmlechner
Details
A quick and dirty, but simple, patch (1.72 KB, patch)
2020-04-07 15:13 UTC, Martin Sandsmark
Details

Note You need to log in before you can comment on or make changes to this bug.
Description 322997am 2020-04-03 12:49:37 UTC
SUMMARY
Upon a new update to QT, Dolphin crashes most of the time when it is opened. 

STEPS TO REPRODUCE
1. Open Dolphin 19.12.3 with QT 5.14.2 with Plasma 5.18.4 with X11(the current state on Arch Linux)
2. Open dolphin once, it runs correctly
3. open dolphin twice, it will crash nearly every time, and it crashes about 50% of the time afterwards

OBSERVED RESULT
Crash, Segmentation fault

EXPECTED RESULT


SOFTWARE/OS VERSIONS
Windows: 
macOS: 
Linux/KDE Plasma: 
(available in About System)
KDE Plasma Version: 5.18.4
KDE Frameworks Version: 5.68.0
Qt Version: 5.14.2

ADDITIONAL INFORMATION
Comment 1 Andreas Sturmlechner 2020-04-03 14:08:15 UTC
Created attachment 127235 [details]
New crash information added by DrKonqi

dolphin (20.03.80) using Qt 5.14.2

I can confirm this is what happens very time I start dolphin now, after a few seconds, with Qt 5.14.2. Attaching backtrace with debug symbols.

-- Backtrace (Reduced):
#7  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#8  0x00007ff08d4c855b in __GI_abort () at abort.c:79
[...]
#10 0x00007ff08d529f2a in malloc_printerr (str=str@entry=0x7ff08d62b0f8 "free(): invalid size") at malloc.c:5339
#11 0x00007ff08d52b98c in _int_free (av=<optimized out>, p=0x7ff0899a10c0 <vtable for icu::RuleBasedCollator>, have_lock=0) at malloc.c:4177
#12 0x00007ff08d52eefb in tcache_thread_shutdown () at malloc.c:2964
Comment 2 Elvis Angelaccio 2020-04-05 15:51:21 UTC
Can you post a valgrind log?
Comment 3 322997am 2020-04-05 19:09:00 UTC
(In reply to Elvis Angelaccio from comment #2)
> Can you post a valgrind log?

Interestingly enough, I could not get the crash to happen under valgrind. Given that the crash almost never happens on the *first* time dolphin is opened after system boot leads me to believe that it has something to do with the speed at which dolphin is opened(and the page cache guarantees this speed on the second opening). I have pasted a non-crash valgrind log, but I could not reproduce the crash with valgrind.

==15495== Memcheck, a memory error detector
==15495== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==15495== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
==15495== Command: dolphin
==15495== 
==15495== Conditional jump or move depends on uninitialised value(s)
==15495==    at 0xD9B6D53: ???
==15495==    by 0xFC7A267: ???
==15495== 
==15495== Conditional jump or move depends on uninitialised value(s)
==15495==    at 0xD9B6D53: ???
==15495==    by 0xFC82337: ???
==15495== 
==15495== Conditional jump or move depends on uninitialised value(s)
==15495==    at 0xD9B6D53: ???
==15495==    by 0xFCD0E37: ???
==15495== 
==15495== Conditional jump or move depends on uninitialised value(s)
==15495==    at 0xD9B6D53: ???
==15495==    by 0xFD362C7: ???
==15495== 
==15495== Conditional jump or move depends on uninitialised value(s)
==15495==    at 0xD9B6D53: ???
==15495==    by 0x10221EC7: ???
==15495== 
==15495== Conditional jump or move depends on uninitialised value(s)
==15495==    at 0xD9B6D53: ???
==15495==    by 0xE8017D7: ???
==15495== 
==15495== Conditional jump or move depends on uninitialised value(s)
==15495==    at 0xD9B6D53: ???
==15495==    by 0xE7BBE37: ???
==15495== 
==15495== Conditional jump or move depends on uninitialised value(s)
==15495==    at 0xD9B6D53: ???
==15495==    by 0xE88BFC7: ???
==15495== 
==15495== Conditional jump or move depends on uninitialised value(s)
==15495==    at 0xD9B6D53: ???
==15495==    by 0xE88DC37: ???
==15495== 
==15495== Conditional jump or move depends on uninitialised value(s)
==15495==    at 0xD9B6D53: ???
==15495==    by 0xE88EAC7: ???
==15495== 
==15495== Conditional jump or move depends on uninitialised value(s)
==15495==    at 0xD9B6D53: ???
==15495==    by 0xE8BE4A7: ???
==15495== 
==15495== Conditional jump or move depends on uninitialised value(s)
==15495==    at 0xD9B6D53: ???
==15495==    by 0xE8A8607: ???
==15495== 
==15495== Conditional jump or move depends on uninitialised value(s)
==15495==    at 0xD9B6D53: ???
==15495==    by 0xE901927: ???
==15495== 
==15495== Conditional jump or move depends on uninitialised value(s)
==15495==    at 0xD9B624D: ???
==15495==    by 0xF407FB9: ???
==15495== 
==15495== Conditional jump or move depends on uninitialised value(s)
==15495==    at 0xD9B624D: ???
==15495==    by 0xF4512E9: ???
==15495== 
==15495== Conditional jump or move depends on uninitialised value(s)
==15495==    at 0xD9B624D: ???
==15495==    by 0xF46A349: ???
==15495== 
==15495== Conditional jump or move depends on uninitialised value(s)
==15495==    at 0xD9B624D: ???
==15495==    by 0xF46B8B9: ???
==15495== 
==15495== Conditional jump or move depends on uninitialised value(s)
==15495==    at 0xD9B624D: ???
==15495==    by 0xF482F89: ???
==15495== 
==15495== Conditional jump or move depends on uninitialised value(s)
==15495==    at 0xD9B624D: ???
==15495==    by 0xF490E59: ???
==15495== 
==15495== Conditional jump or move depends on uninitialised value(s)
==15495==    at 0xD9B624D: ???
==15495==    by 0xF4B7E59: ???
==15495== 
==15495== Conditional jump or move depends on uninitialised value(s)
==15495==    at 0xD9B624D: ???
==15495==    by 0xF4C5519: ???
==15495== 
==15495== Conditional jump or move depends on uninitialised value(s)
==15495==    at 0xD9B624D: ???
==15495==    by 0xF4D1D59: ???
==15495== 
==15495== Conditional jump or move depends on uninitialised value(s)
==15495==    at 0xD9B624D: ???
==15495==    by 0xF4D6D39: ???
==15495== 
==15495== Conditional jump or move depends on uninitialised value(s)
==15495==    at 0xD9B624D: ???
==15495==    by 0xC355FC9: ???
==15495== 
==15495== Conditional jump or move depends on uninitialised value(s)
==15495==    at 0xD9B624D: ???
==15495==    by 0x142C2909: ???
==15495== 
==15495== Conditional jump or move depends on uninitialised value(s)
==15495==    at 0xD9B624D: ???
==15495==    by 0xC3660A9: ???
==15495== 
==15495== Conditional jump or move depends on uninitialised value(s)
==15495==    at 0xD9B624D: ???
==15495==    by 0xE534E49: ???
==15495== 
==15495== Conditional jump or move depends on uninitialised value(s)
==15495==    at 0xD9B624D: ???
==15495==    by 0x142D23A9: ???
==15495== 
==15495== Conditional jump or move depends on uninitialised value(s)
==15495==    at 0xD9B624D: ???
==15495==    by 0x142D5589: ???
==15495== 
==15495== Conditional jump or move depends on uninitialised value(s)
==15495==    at 0xD9B624D: ???
==15495==    by 0x142567B9: ???
==15495== 
==15495== Conditional jump or move depends on uninitialised value(s)
==15495==    at 0xD9B624D: ???
==15495==    by 0x14276899: ???
==15495== 
==15495== Conditional jump or move depends on uninitialised value(s)
==15495==    at 0xD9B624D: ???
==15495==    by 0x14267829: ???
==15495== 
==15495== Conditional jump or move depends on uninitialised value(s)
==15495==    at 0xD9B624D: ???
==15495==    by 0x1427BE79: ???
==15495== 
kf5.kio.core: We got some errors while running testparm "Error loading services."
kf5.kio.core: We got some errors while running 'net usershare info'
kf5.kio.core: "Can't load /etc/samba/smb.conf - run testparm to debug it\n"
==15495== 
==15495== HEAP SUMMARY:
==15495==     in use at exit: 588,129 bytes in 8,281 blocks
==15495==   total heap usage: 512,859 allocs, 504,578 frees, 81,509,235 bytes allocated
==15495== 
==15495== LEAK SUMMARY:
==15495==    definitely lost: 354 bytes in 9 blocks
==15495==    indirectly lost: 85,811 bytes in 368 blocks
==15495==      possibly lost: 320 bytes in 2 blocks
==15495==    still reachable: 501,644 bytes in 7,902 blocks
==15495==                       of which reachable via heuristic:
==15495==                         newarray           : 4,264 bytes in 1 blocks
==15495==         suppressed: 0 bytes in 0 blocks
==15495== Rerun with --leak-check=full to see details of leaked memory
==15495== 
==15495== Use --track-origins=yes to see where uninitialised values come from
==15495== For lists of detected and suppressed errors, rerun with: -s
==15495== ERROR SUMMARY: 33 errors from 33 contexts (suppressed: 0 from 0)
Comment 4 Elvis Angelaccio 2020-04-05 21:32:34 UTC
*** Bug 419640 has been marked as a duplicate of this bug. ***
Comment 5 Martin Sandsmark 2020-04-07 14:38:12 UTC
I don't think that was a duplicate bug, this looks related to ICU. And I get semi-inconsistent crashes now when opening dolphin as well, pointing at ICU.

One suspect thing is that there's multiple threads accessing the m_collator in KFileItemModel, might be that Qt removed some internal thread protection.

I also get semi-random invalid frees on exit.
Comment 6 Martin Sandsmark 2020-04-07 14:42:35 UTC
I'm not sure if this is because of a new version of Qt either, I just got a new version of ICU installed as well.
Comment 7 Martin Sandsmark 2020-04-07 15:07:59 UTC
9e3418bd558293a92b2e8bcba55f5a3f5d3cc5a4 is probably the culprit.

And a good example of why I don't like auto and lambdas like that, it should be in an explicit function so it's obvious why it is full of race conditions.
Comment 8 Martin Sandsmark 2020-04-07 15:13:41 UTC
Created attachment 127356 [details]
A quick and dirty, but simple, patch

The simplest patch possible, I think.
Comment 9 Nate Graham 2020-04-07 16:55:32 UTC
*** Bug 419803 has been marked as a duplicate of this bug. ***
Comment 10 Nate Graham 2020-04-07 16:56:14 UTC
There's a patch that should fix this: https://phabricator.kde.org/D28659
Comment 11 Elvis Angelaccio 2020-04-07 16:57:11 UTC
*** Bug 419790 has been marked as a duplicate of this bug. ***
Comment 12 Christoph Feck 2020-04-08 12:38:52 UTC
*** Bug 419828 has been marked as a duplicate of this bug. ***
Comment 13 Elvis Angelaccio 2020-04-12 10:15:57 UTC
*** Bug 419849 has been marked as a duplicate of this bug. ***
Comment 14 Martin Sandsmark 2020-04-12 10:17:54 UTC
Git commit 35b4c6d4df1281afd621374e686f19e654ad7bae by Martin T. H. Sandsmark.
Committed on 12/04/2020 at 10:15.
Pushed by sandsmark into branch 'release/20.04'.

Fix crashing on starting and quitting

QCollator (especially with Qt 5.14 and ICU 65.1) is very unhappy with
threads.

To avoid having to lock and unlock the mutex everywhere (and ensure it
is unlocked before calling other things that might lock it, etc.), we do
it as locally as possible. Even if for some reason Qt and ICU make
QCollator threadsafe in the future locking here should have minimal
impact.

Differential Revision: https://phabricator.kde.org/D28659

M  +5    -0    src/kitemviews/kfileitemmodel.cpp

https://commits.kde.org/dolphin/35b4c6d4df1281afd621374e686f19e654ad7bae
Comment 15 Elvis Angelaccio 2020-04-12 10:21:48 UTC
*** Bug 419896 has been marked as a duplicate of this bug. ***
Comment 16 Elvis Angelaccio 2020-05-03 16:44:54 UTC
*** Bug 419674 has been marked as a duplicate of this bug. ***