Bug 151453 - memory leak in khtml exiting konqueror
Summary: memory leak in khtml exiting konqueror
Status: CONFIRMED
Alias: None
Product: konqueror
Classification: Applications
Component: khtml (show other bugs)
Version: 4.12.3
Platform: Compiled Sources Linux
: NOR major
Target Milestone: ---
Assignee: Konqueror Developers
URL:
Keywords: testcase
: 152655 152690 153186 153306 153392 153486 156172 161289 168550 168806 168871 169811 170395 171070 171447 172225 175393 177692 177711 182202 183321 183681 184112 184989 185131 187198 187459 187530 188403 188458 188957 189794 190276 192393 193842 193972 194244 194478 194756 195133 195372 195387 197404 197553 198265 198799 198845 199205 199343 199529 199888 200152 201955 202200 202869 204247 204327 204861 206623 206733 207133 207485 (view as bug list)
Depends on:
Blocks:
 
Reported: 2007-10-28 06:17 UTC by Scott Ortell
Modified: 2018-04-22 05:57 UTC (History)
59 users (show)

See Also:
Latest Commit:
Version Fixed In:


Attachments
Konqueror configuration file (5.37 KB, text/plain)
2009-06-09 14:24 UTC, Marcus Harrison
Details
a minimal testcase to reproduce the the problem (261 bytes, text/html)
2013-03-12 19:34 UTC, Andrea Iacovitti
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Scott Ortell 2007-10-28 06:17:52 UTC
Version:           svn 4.0 (using KDE Devel)
Installed from:    Compiled sources
OS:                Linux

first off I must mention that some QT stuff may be involved and I am using the kubuntu gutsy versions of qt 4.3.2 and kdesupport.
The rest I grabbed from svn today (using the techbase guidelines for a kde-devel user) and compiled.

I was at the google search page and closed the browser and got a crash report so Im posting it:

Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread -1237341488 (LWP 27722)]
[KCrash handler]
#6  0xffffe410 in __kernel_vsyscall ()
#7  0xb67a2875 in raise () from /lib/tls/i686/cmov/libc.so.6
#8  0xb67a4201 in abort () from /lib/tls/i686/cmov/libc.so.6
#9  0xb679bb6e in __assert_fail () from /lib/tls/i686/cmov/libc.so.6
#10 0xb45cd81c in ~KHTMLFactory (this=0x8308cc0)
    at /home/kde-devel/kde/src/KDE/kdelibs/khtml/khtml_factory.cpp:63
#11 0xb735e18f in QObjectCleanupHandler::clear () from /usr/lib/libQtCore.so.4
#12 0xb735e2f5 in QObjectCleanupHandler::~QObjectCleanupHandler ()
   from /usr/lib/libQtCore.so.4
#13 0xb7bce3b8 in destroy ()
    at /home/kde-devel/kde/src/KDE/kdelibs/kdecore/util/kpluginfactory.cpp:29
#14 0xb7abc24d in ~KCleanUpGlobalStatic (this=0xb7c099d4)
    at /home/kde-devel/kde/src/KDE/kdelibs/kdecore/kernel/kglobal.h:65
#15 0xb7bce330 in __tcf_0 ()
    at /home/kde-devel/kde/src/KDE/kdelibs/kdecore/util/kpluginfactory.cpp:29
#16 0xb67a5594 in exit () from /lib/tls/i686/cmov/libc.so.6
#17 0xb678e058 in __libc_start_main () from /lib/tls/i686/cmov/libc.so.6
#18 0x080486e1 in _start ()
#0  0xffffe410 in __kernel_vsyscall ()


hope its useful
Comment 1 Tommi Tervo 2007-11-22 09:47:30 UTC
*** Bug 152655 has been marked as a duplicate of this bug. ***
Comment 2 Tommi Tervo 2007-11-22 09:47:45 UTC
*** Bug 151773 has been marked as a duplicate of this bug. ***
Comment 3 Tommi Tervo 2007-11-22 11:17:19 UTC
*** Bug 152690 has been marked as a duplicate of this bug. ***
Comment 4 Tommi Tervo 2007-11-30 18:56:23 UTC
*** Bug 153186 has been marked as a duplicate of this bug. ***
Comment 5 Maksim Orlovich 2007-12-02 23:53:05 UTC
Bug #153306 seems to have one reproduction scenario
Comment 6 Tommi Tervo 2007-12-04 13:12:32 UTC
*** Bug 153392 has been marked as a duplicate of this bug. ***
Comment 7 Maksim Orlovich 2007-12-04 18:14:41 UTC
*** Bug 153306 has been marked as a duplicate of this bug. ***
Comment 8 Maksim Orlovich 2007-12-04 18:22:54 UTC
I think I know what's going on.. Simple testcase: (from dfaure and #153306)
konqueror ~
Ctrl-Shift-N
Alt-F4
make sure to move the mouse to click on the button, not use the keyboard

Here is where one of the references to the document is coming from:
0x894161c N3DOM16HTMLDocumentImplE "[
0: /opt/kde4/lib/libkdecore.so.5(_Z14kRealBacktracei+0x38) [0xb7a78f08]
1: /opt/kde4/lib/libkhtml.so.5 [0xb3be62b5]
2: /opt/kde4/lib/libkhtml.so.5(_ZN5khtml10TreeSharedIN3DOM8NodeImplEE3refEv+0x39) [0xb3c01b79]
3: /opt/kde4/lib/libkhtml.so.5(_ZN3DOM12DocumentImpl12setHoverNodeEPNS_8NodeImplE+0x32) [0xb3c61c92]
4: /opt/kde4/lib/libkhtml.so.5(_ZN5khtml11RenderLayer22updateHoverActiveStateERNS_12RenderObject8NodeInfoE+0x203) [0xb3d28813]
5: /opt/kde4/lib/libkhtml.so.5(_ZN5khtml11RenderLayer11nodeAtPointERNS_12RenderObject8NodeInfoEii+0x13d) [0xb3d2916d]
6: /opt/kde4/lib/libkhtml.so.5(_ZN3DOM12DocumentImpl17prepareMouseEventEbiiPNS_8NodeImpl10MouseEventE+0xb2) [0xb3c63512]
7: /opt/kde4/lib/libkhtml.so.5(_ZN9KHTMLView14mouseMoveEventEP11QMouseEvent+0x3ec) [0xb3bed83c]
8: /opt/kde4/lib/libkhtml.so.5(_ZN9KHTMLView10paintEventEP11QPaintEvent+0x896) [0xb3bf7af6]

Yep, we're setting the document as the hover node, hence forming a self-loop reference counting cycle. Would be nice if renderer folks familiar with the RenderLayer code took a look.. Can one even set a :hover selector on something corresponding to the document element?

Comment 9 Maksim Orlovich 2007-12-04 23:23:33 UTC
If anyone of the reporters is building from source, it would be helpful if you could test the change below and see if it eliminates the problem entirely. 
It is not the "proper" fix, but if it fixes thing, it'd confirm my analysis.

--- xml/dom_docimpl.cpp	(revision 744457)
+++ xml/dom_docimpl.cpp	(working copy)
@@ -2250,6 +2252,7 @@
 
 void DocumentImpl::setHoverNode(NodeImpl *newHoverNode)
 {
+    if (newHoverNode == this) newHoverNode = 0;
     NodeImpl* oldHoverNode = m_hoverNode;
     if (newHoverNode ) newHoverNode->ref();
     m_hoverNode = newHoverNode;
@@ -2258,6 +2261,7 @@
 
 void DocumentImpl::setActiveNode(NodeImpl* newActiveNode)
 {
+    if (newActiveNode == this) newActiveNode = 0;
     NodeImpl* oldActiveNode = m_activeNode;
     if (newActiveNode ) newActiveNode->ref();
     m_activeNode = newActiveNode;
Comment 10 Shieldfire 2007-12-05 07:37:53 UTC
Not having compiled KDE4 I don't know how usefull this is but the crash is still in 3.96.3 (this night update)

[?1034h(no debugging symbols found)
Using host libthread_db library "/lib/libthread_db.so.1".
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
[New Thread 0xb629ab70 (LWP 6655)]
0xffffe410 in __kernel_vsyscall ()
[Current thread is 0 (process 6655)]

Thread 1 (Thread 0xb629ab70 (LWP 6655)):
#0  0xffffe410 in __kernel_vsyscall ()
#1  0xb668d8b0 in nanosleep () from /lib/libc.so.6
#2  0xb668d6b7 in sleep () from /lib/libc.so.6
#3  0xb7805b89 in ?? () from /usr/lib/libkdeui.so.5
#4  0x00000001 in ?? ()
#5  0x00000000 in ?? ()
#0  0xffffe410 in __kernel_vsyscall ()
Comment 11 Germain Garand 2007-12-05 11:35:15 UTC
great findings.
re#8: it's not the document element (associated with the Root renderer) but the document node (associated with the Canvas/viewport renderer), so no there is no way to actively select that from CSS.
However there is nothing preventing the hover node to be indeed the Canvas, as the root is supposed to cover the entire viewport only in quirk mode. I have no idea if this is consistent with what other engines do though.
What bothers me here is that 3.5 branch works. I don't remember any changes in nodeAtPoint code.
Comment 12 Germain Garand 2007-12-05 11:54:24 UTC
just tried instrumenting both 3.5 and 4.0. 
In the same circumstances (hovering about:blank), the innerNode is never the Canvas's in 3.5 and is always in 4.0.
So there was indeed a change in node AtPoint
Comment 13 Germain Garand 2007-12-05 12:06:54 UTC
The change is that 3.5's about:blank is <><html><body>
whereas 4.0's is <> only.
Not sure why it changed but at anyrate you can safely put a condition preventing the document node from going in the hover node.
Maybe 
    if (!doc || info.innerNode() == doc) return;
in RenderLayer::updateHoverActiveState would do?
Your pick.
Comment 14 Tommi Tervo 2007-12-05 17:06:10 UTC
*** Bug 153486 has been marked as a duplicate of this bug. ***
Comment 15 Maksim Orlovich 2007-12-05 20:48:12 UTC
SVN commit 745229 by orlovich:

Make about: I/O slave actually write something for about:blank. 
Should avoid konqueror crash-on-exit KHTMLPart assert, though 
this is making some bugs latent, as they were KDE3...


CCBUG:151453


 M  +1 -0      kio_about.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=745229
Comment 16 Maksim Orlovich 2007-12-05 20:51:16 UTC
I think I can see why we're getting an empty tree --- see the about: i/o slave commit above, but that's sort of the surface, I think; there may be other bugs floating around:

1) We're probably not making anything in the parser for 0-byte documents --- I think there are related bugs on that, e.g. title not changing, things not repainting, etc. I know there are spots where we try to make sure that the <html> and <body> are at least there, so..

2) The hover issue above --- there may be DOM or other ways of triggering this scenario, so it might be good to make the code more robust against it. 
I don't know enough to comment on your suggested patch..
Comment 17 Linus Östberg 2008-04-21 10:01:00 UTC
Konqueror has not crashed for me during the last months, so I guess one can assume the bug is gone.
Comment 18 Eduardo Robles Elvira 2008-06-05 16:16:32 UTC
So should we close or not this bug?
Comment 19 Maksim Orlovich 2008-06-05 18:48:05 UTC
The bug is still there per bug report traffic, I just can't reproduce it myself, though.
Comment 20 Maksim Orlovich 2008-08-07 01:20:15 UTC
SVN commit 843323 by orlovich:

Fix the deterministic leak on websites such as google maps (and some other ones)
which also causes an assertion failure on exit.

There is still a more subtle one where the conservative collection keeps an object alive for 
a while. Happens e.g. for #164126. That one needs more thought...

CCBUG:156172
CCBUG:161289
CCBUG:151453
BUG:167354



 M  +7 -0      khtml/ecma/kjs_window.cpp  
 M  +1 -4      kjs/interpreter.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=843323
Comment 21 Maksim Orlovich 2008-08-07 01:21:47 UTC
SVN commit 843325 by orlovich:

Merged revision 843323:
Fix the deterministic leak on websites such as google maps (and some other ones)
which also causes an assertion failure on exit.

There is still a more subtle one where the conservative collection keeps an object alive for 
a while. Happens e.g. for #164126. That one needs more thought...

CCBUG:156172
CCBUG:161289
CCBUG:151453
BUG:167354

 M  +7 -0      khtml/ecma/kjs_window.cpp  
 M  +1 -4      kjs/interpreter.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=843325
Comment 22 Maksim Orlovich 2008-08-11 23:54:24 UTC
*** Bug 161289 has been marked as a duplicate of this bug. ***
Comment 23 Maksim Orlovich 2008-08-11 23:55:01 UTC
*** Bug 156172 has been marked as a duplicate of this bug. ***
Comment 24 Maksim Orlovich 2008-08-13 21:04:30 UTC
*** Bug 168550 has been marked as a duplicate of this bug. ***
Comment 25 Maksim Orlovich 2008-08-25 20:15:07 UTC
*** Bug 168806 has been marked as a duplicate of this bug. ***
Comment 26 Maksim Orlovich 2008-08-25 20:15:15 UTC
*** Bug 169811 has been marked as a duplicate of this bug. ***
Comment 27 Maksim Orlovich 2008-08-25 20:18:07 UTC
*** Bug 168871 has been marked as a duplicate of this bug. ***
Comment 28 Maksim Orlovich 2008-10-05 19:56:52 UTC
*** Bug 170395 has been marked as a duplicate of this bug. ***
Comment 29 Maksim Orlovich 2008-10-05 19:57:06 UTC
*** Bug 171070 has been marked as a duplicate of this bug. ***
Comment 30 Maksim Orlovich 2008-10-05 19:57:16 UTC
*** Bug 171447 has been marked as a duplicate of this bug. ***
Comment 31 Maksim Orlovich 2008-10-05 19:57:23 UTC
*** Bug 172225 has been marked as a duplicate of this bug. ***
Comment 32 Alex Merry 2008-11-02 13:09:35 UTC
I figure this is the same bug, but the backtrace has one extra line it.  So here it is in case it's useful:


Application: Konqueror (konqueror), signal SIGABRT

Thread 1 (Thread 0xb602e920 (LWP 5748)):
[KCrash Handler]
#6  0xb7ef7424 in __kernel_vsyscall ()
#7  0xb63b5720 in raise () from /lib/libc.so.6
#8  0xb63b7058 in abort () from /lib/libc.so.6
#9  0xb63ae65e in __assert_fail () from /lib/libc.so.6
#10 0xb27adeed in KHTMLGlobal::finalCheck () at /home/kde-devel/src/KDE/kdelibs/khtml/khtml_global.cpp:258
#11 0xb2e084e3 in ~KHTMLFactory (this=0x8d4e158) at /home/kde-devel/src/KDE/kdelibs/khtml/khtml_factory.cpp:35
#12 0xb75b5493 in qDeleteAll<QHash<QString, QPointer<KPluginFactory> >::const_iterator> (begin={i = 0x8d3daa8}, end={i = 0x8d3db10})
    at /home/kde-devel/src/qt-copy/include/QtCore/../../src/corelib/tools/qalgorithms.h:352
#13 0xb75b54f8 in qDeleteAll<FactoryHash> (c=@0x8d45258) at /home/kde-devel/src/qt-copy/include/QtCore/../../src/corelib/tools/qalgorithms.h:360
#14 0xb75b5711 in ~FactoryHash (this=0x8d45258) at /home/kde-devel/src/KDE/kdelibs/kdecore/util/klibrary.cpp:93
#15 0xb75b4599 in destroy () at /home/kde-devel/src/KDE/kdelibs/kdecore/util/klibrary.cpp:97
#16 0xb74875c1 in ~KCleanUpGlobalStatic (this=0xb760c560) at /home/kde-devel/src/KDE/kdelibs/kdecore/kernel/kglobal.h:67
#17 0xb63b86c9 in exit () from /lib/libc.so.6
#18 0xb63a15cd in __libc_start_main () from /lib/libc.so.6
#19 0x08048741 in _start ()


Console output:

konqueror(5748)/khtml KHTMLFactory::~KHTMLFactory: KHTMLFactory(0x8d4e158)
konqueror(5748)/khtml KHTMLGlobal::finalCheck: 1 docs not deleted
konqueror(5748)/khtml KHTMLGlobal::finalCheck: Document DOM::HTMLDocumentImpl(0xb2357d8) wasn't deleted
konqueror: /home/kde-devel/src/KDE/kdelibs/khtml/khtml_global.cpp:258: static void KHTMLGlobal::finalCheck(): Assertion `!s_refcnt' failed.
Comment 33 Dario Andres 2008-12-07 17:48:21 UTC
Here:

Qt: 4.4.3
KDE: 4.1.82 (KDE 4.1.82 (KDE 4.2 >= 20081204))
KWrite: 4.1.82 (KDE 4.1.82 (KDE 4.2 >= 20081204))
kdelibs svn rev.893007
kdebase svn rev.893019

while trying to reproduce bug 177070, I experienced this bug.

konqueror: /home/kde-devel/kde/src/KDE/kdelibs/khtml/khtml_global.cpp:258: static void KHTMLGlobal::finalCheck(): Assertion `!s_refcnt' failed.
Comment 34 Dario Andres 2008-12-13 19:09:40 UTC
*** Bug 177692 has been marked as a duplicate of this bug. ***
Comment 35 Tommi Tervo 2008-12-13 21:06:23 UTC
*** Bug 177711 has been marked as a duplicate of this bug. ***
Comment 36 FiNeX 2008-12-20 18:11:52 UTC
*** Bug 175393 has been marked as a duplicate of this bug. ***
Comment 37 Dario Andres 2009-01-29 15:08:30 UTC
*** Bug 182202 has been marked as a duplicate of this bug. ***
Comment 38 Frank Reininghaus 2009-02-20 03:09:41 UTC
*** Bug 184989 has been marked as a duplicate of this bug. ***
Comment 39 Maksim Orlovich 2009-02-21 23:18:57 UTC
*** Bug 183321 has been marked as a duplicate of this bug. ***
Comment 40 Maksim Orlovich 2009-02-21 23:19:08 UTC
*** Bug 183681 has been marked as a duplicate of this bug. ***
Comment 41 Maksim Orlovich 2009-02-21 23:20:20 UTC
*** Bug 184112 has been marked as a duplicate of this bug. ***
Comment 42 Maksim Orlovich 2009-02-21 23:20:36 UTC
*** Bug 185131 has been marked as a duplicate of this bug. ***
Comment 43 Tony White 2009-02-23 08:08:25 UTC
I can't reproduce this any more after quite a few updates.
Looks to be fixed using kde 4.2 & qt 4.5rc.
Comment 44 George 2009-03-12 15:55:04 UTC
Application: Konqueror (konqueror), signal SIGABRT
0x00007f4cda64f901 in nanosleep () from /lib/libc.so.6

Thread 1 (Thread 0x7f4cdf778750 (LWP 30523)):
[KCrash Handler]
#5  0x00007f4cda5e21e5 in raise () from /lib/libc.so.6
#6  0x00007f4cda5e3703 in abort () from /lib/libc.so.6
#7  0x00007f4cda5db229 in __assert_fail () from /lib/libc.so.6
#8  0x00007f4cd220401b in KHTMLGlobal::finalCheck () at /var/tmp/portage/kde-base/kdelibs-4.2.1/work/kdelibs-4.2.1/khtml/khtml_global.cpp:258
#9  0x00007f4ccd4ff82a in ~KHTMLFactory (this=0x9a5220) at /var/tmp/portage/kde-base/kdelibs-4.2.1/work/kdelibs-4.2.1/khtml/khtml_factory.cpp:35
#10 0x00007f4cdd63a0c1 in qDeleteAll<QHash<QString, QPointer<KPluginFactory> >::const_iterator> (begin={i = 0x152fb70}, end={i = 0x152d590}) at /usr/include/qt4/QtCore/qalgorithms.h:352
#11 0x00007f4cdd63a2e9 in ~FactoryHash (this=0x773b) at /var/tmp/portage/kde-base/kdelibs-4.2.1/work/kdelibs-4.2.1/kdecore/util/klibrary.cpp:93
#12 0x00007f4cdd639432 in destroy () at /var/tmp/portage/kde-base/kdelibs-4.2.1/work/kdelibs-4.2.1/kdecore/util/klibrary.cpp:97
#13 0x00007f4cda5e4d8d in exit () from /lib/libc.so.6
#14 0x00007f4cda5ce5cd in __libc_start_main () from /lib/libc.so.6
#15 0x00000000004008e9 in _start ()

this how crash after exiting looks like in kde-4.2.1 and qt-4.4.2 with latest patches from gentoo
Comment 45 Dario Andres 2009-03-15 12:46:14 UTC
*** Bug 187198 has been marked as a duplicate of this bug. ***
Comment 46 Dario Andres 2009-03-15 12:47:12 UTC
Reporter of bug 187198 is using KDE4.2.1 + Qt4.5
Comment 47 Dario Andres 2009-03-18 13:22:13 UTC
*** Bug 187459 has been marked as a duplicate of this bug. ***
Comment 48 Dario Andres 2009-03-18 18:58:38 UTC
*** Bug 187530 has been marked as a duplicate of this bug. ***
Comment 49 Dario Andres 2009-03-29 23:41:19 UTC
*** Bug 188403 has been marked as a duplicate of this bug. ***
Comment 50 Maksim Orlovich 2009-03-30 16:15:30 UTC
*** Bug 188458 has been marked as a duplicate of this bug. ***
Comment 51 Tommi Tervo 2009-04-06 13:34:33 UTC
*** Bug 188957 has been marked as a duplicate of this bug. ***
Comment 52 George 2009-04-17 11:22:16 UTC
[New process 29550]
#0  0x00007f89d53ec1e5 in raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
64      ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
        in ../nptl/sysdeps/unix/sysv/linux/raise.c
(gdb) bt
#0  0x00007f89d53ec1e5 in raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x00007f89d53ed703 in abort () at abort.c:88
#2  0x00007f89d53e5229 in __assert_fail (assertion=0x7f89cd32ecbe "!s_refcnt",
    file=0x7f89cd32eac0 "/var/tmp/portage/kde-base/kdelibs-4.2.2-r1/work/kdelibs-4.2.2/khtml/khtml_global.cpp", line=258,
    function=0x7f89cd32ed00 "static void KHTMLGlobal::finalCheck()") at assert.c:78
#3  0x00007f89ccf30d34 in KHTMLGlobal::finalCheck ()
    at /var/tmp/portage/kde-base/kdelibs-4.2.2-r1/work/kdelibs-4.2.2/khtml/khtml_global.cpp:258
#4  0x00007f89cd78c8d2 in ~KHTMLFactory (this=0x49002c0)
    at /var/tmp/portage/kde-base/kdelibs-4.2.2-r1/work/kdelibs-4.2.2/khtml/khtml_factory.cpp:35
#5  0x00007f89d7d9935e in QObjectCleanupHandler::clear () from /usr/lib64/qt4/libQtCore.so.4
#6  0x00007f89d7d99397 in QObjectCleanupHandler::~QObjectCleanupHandler () from /usr/lib64/qt4/libQtCore.so.4
#7  0x00007f89d53eed8d in exit (status=0) at exit.c:75
#8  0x00007f89d53d85cd in __libc_start_main (main=0x4009b0 <main>, argc=2, ubp_av=0x7fffe2819698, init=0x4009e0 <__libc_csu_init>,
    fini=<value optimized out>, rtld_fini=<value optimized out>, stack_end=0x7fffe2819688) at libc-start.c:258
#9  0x00000000004008e9 in _start () at ../sysdeps/x86_64/elf/start.S:113
Current language:  auto; currently c
Comment 53 Dario Andres 2009-04-17 16:36:04 UTC
*** Bug 189794 has been marked as a duplicate of this bug. ***
Comment 54 Dario Andres 2009-04-22 16:01:56 UTC
*** Bug 190276 has been marked as a duplicate of this bug. ***
Comment 55 Dario Andres 2009-05-24 14:53:46 UTC
*** Bug 193842 has been marked as a duplicate of this bug. ***
Comment 56 A. Spehr 2009-05-27 02:26:07 UTC
*** Bug 194244 has been marked as a duplicate of this bug. ***
Comment 57 A. Spehr 2009-05-29 04:56:11 UTC
*** Bug 194478 has been marked as a duplicate of this bug. ***
Comment 58 A. Spehr 2009-05-29 04:58:03 UTC
From prior duplicate report:

KDE Version: 4.2.88 (KDE 4.2.88 (KDE 4.3 >= 20090527))
Qt Version: 4.5.1
Operating System: Linux 2.6.27.21-0.1-default x86_64
Distribution: "openSUSE 11.1 (x86_64)"

What I was doing when the application crashed:
nsviewer.bin still open, thus could somehow be related to the flash player
plugin still open from another session. this session (which crashed) was
actually empty, just one open google page.
Comment 59 Christoph Feck 2009-06-01 08:30:35 UTC
*** Bug 194756 has been marked as a duplicate of this bug. ***
Comment 60 Christoph Feck 2009-06-01 08:31:40 UTC
*** Bug 193972 has been marked as a duplicate of this bug. ***
Comment 61 Oliver Putz 2009-06-02 12:49:22 UTC
I seem to be able to reproduce this one with youtube and KDE-4.2.3. 

Steps to reproduce for me: 

1) Go to youtube
2) Try to watch a video
3) See that konqueror for some reason does not pick up the fact that I have adobe-flash-10.0.22.87 installed (thus youtube only displays an error message
4) Close the konqueror instance
5) See a crash that looks like the one in comment #44
Comment 62 Dario Andres 2009-06-03 20:20:34 UTC
*** Bug 195133 has been marked as a duplicate of this bug. ***
Comment 63 Marcus Harrison 2009-06-09 14:21:43 UTC
Now, I receive a crash any time I close Konqueror. The backtrace:

Application: Konqueror (konqueror), signal SIGABRT

Thread 1 (Thread 0xb60d9700 (LWP 8870)):
[KCrash Handler]
#6  0xb8016424 in __kernel_vsyscall ()
#7  0xb6667980 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#8  0xb66691c8 in abort () at abort.c:88
#9  0xb6660a5e in __assert_fail (assertion=0xb468c72d "!s_refcnt", file=0xb468c688 "/var/tmp/portage/kde-base/kdelibs-4.2.4/work/kdelibs-4.2.4/khtml/khtml_global.cpp", line=258, 
    function=0xb468c8a0 "static void KHTMLGlobal::finalCheck()") at assert.c:78
#10 0xb42fcd94 in KHTMLGlobal::finalCheck () at /var/tmp/portage/kde-base/kdelibs-4.2.4/work/kdelibs-4.2.4/khtml/khtml_global.cpp:258
#11 0xb2c223bc in ~KHTMLFactory (this=0x9a8cea8) at /var/tmp/portage/kde-base/kdelibs-4.2.4/work/kdelibs-4.2.4/khtml/khtml_factory.cpp:35
#12 0xb76d4ea1 in qDeleteAll<QHash<QString, QPointer<KPluginFactory> >::const_iterator> (begin={i = 0x985d7c0}, end={i = 0x949f6f8}) at /usr/include/qt4/QtCore/qalgorithms.h:350
#13 0xb76d4f18 in qDeleteAll<FactoryHash> (c=@0x9487d98) at /usr/include/qt4/QtCore/qalgorithms.h:358
#14 0xb76d5142 in ~FactoryHash (this=0x9487d98) at /var/tmp/portage/kde-base/kdelibs-4.2.4/work/kdelibs-4.2.4/kdecore/util/klibrary.cpp:93
#15 0xb76d3f2d in destroy () at /var/tmp/portage/kde-base/kdelibs-4.2.4/work/kdelibs-4.2.4/kdecore/util/klibrary.cpp:97
#16 0xb75b682b in ~KCleanUpGlobalStatic (this=0xb77282a4) at /var/tmp/portage/kde-base/kdelibs-4.2.4/work/kdelibs-4.2.4/kdecore/kernel/kglobal.h:62
#17 0xb666a859 in __run_exit_handlers (status=0, listp=0xb6783304, run_list_atexit=true) at exit.c:78
#18 0xb666a8bf in exit (status=0) at exit.c:100
#19 0xb6653a6d in __libc_start_main (main=0x8048820 <main>, argc=2, ubp_av=0xbfc17af4, init=0x8048870 <__libc_csu_init>, fini=0x8048860 <__libc_csu_fini>, rtld_fini=0xb8009290 <_dl_fini>, 
    stack_end=0xbfc17aec) at libc-start.c:252
#20 0x08048761 in _start () at ../sysdeps/i386/elf/start.S:119



Sinse it seems that not many other people can reliably reproduce this, I'm attaching konquerorrc, to see if it helps.
Comment 64 Marcus Harrison 2009-06-09 14:24:15 UTC
Created attachment 34384 [details]
Konqueror configuration file
Comment 65 Bernhard Beschow 2009-06-10 00:54:29 UTC
*** Bug 195372 has been marked as a duplicate of this bug. ***
Comment 66 Dario Andres 2009-06-21 22:00:04 UTC
*** Bug 197404 has been marked as a duplicate of this bug. ***
Comment 67 Bernhard Beschow 2009-06-22 15:55:22 UTC
Since this seems to be the main thread of a family of bug reports, I copy&paste another way to reproduce this bug (from #195372):
1) visit maps.google.de
2) visit www.google.de
3) close konqueor
-> crash
Comment 68 Dario Andres 2009-06-23 03:27:33 UTC
*** Bug 197553 has been marked as a duplicate of this bug. ***
Comment 69 Dario Andres 2009-06-29 15:14:58 UTC
*** Bug 198265 has been marked as a duplicate of this bug. ***
Comment 70 Marcus Harrison 2009-06-29 17:06:53 UTC
I can confirm that the testcase above results in the crash.
Comment 71 Darin McBride 2009-07-04 00:28:44 UTC
I'll add getting this with kde 4.2.95 (wasn't getting it with 4.2.4) and qt 4.5.2.  Not going to bother opening a separate defect just to have to returned as duplicate of this.  Googled for kmuddy, opened one of the links, quit, crash.
Comment 72 Andrey Borzenkov 2009-07-04 09:26:02 UTC
Just had it with KDE 4.2.95/Qt 4.5.2 as well:

Application: Konqueror (kdeinit4), signal: Aborted
[KCrash Handler]
#5  0x00007f481354a915 in raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#6  0x00007f481354bf8a in abort () at abort.c:88
#7  0x00007f48135435aa in __assert_fail (assertion=0x7f48039a8979 "!s_refcnt", file=<value optimized out>, line=258, function=0x7f48039a8b00 "static void KHTMLGlobal::finalCheck()") at assert.c:78
#8  0x00007f4803674cd2 in KHTMLGlobal::finalCheck () at /usr/src/debug/kdelibs-4.2.95/khtml/khtml_global.cpp:258
#9  0x00007f4803e5d525 in ~KHTMLFactory (this=0x170e8c0) at /usr/src/debug/kdelibs-4.2.95/khtml/khtml_factory.cpp:35
#10 0x00007f4815f7227d in QObjectCleanupHandler::clear (this=0x1710b90) at kernel/qobjectcleanuphandler.cpp:140
#11 0x00007f4815f722c4 in ~QObjectCleanupHandler (this=0x699c) at kernel/qobjectcleanuphandler.cpp:86
#12 0x00007f481354d6a2 in __run_exit_handlers (status=0, listp=0x7f48138734a8, run_list_atexit=true) at exit.c:78
#13 0x00007f481354d705 in exit (status=27036) at exit.c:100
#14 0x00000000004067f9 in launch (argc=2, _name=<value optimized out>, args=<value optimized out>, cwd=<value optimized out>, envc=<value optimized out>, envs=<value optimized out>, reset_env=false, 
    tty=0x0, avoid_loops=false, startup_id_str=0x1111e34 "cooker;1246469288;135638;21886_TIME142474701") at /usr/src/debug/kdelibs-4.2.95/kinit/kinit.cpp:672
#15 0x0000000000406f88 in handle_launcher_request (sock=7, who=<value optimized out>) at /usr/src/debug/kdelibs-4.2.95/kinit/kinit.cpp:1164
#16 0x0000000000407c31 in handle_requests (waitForPid=0) at /usr/src/debug/kdelibs-4.2.95/kinit/kinit.cpp:1357
#17 0x0000000000408430 in main (argc=2, argv=<value optimized out>, envp=<value optimized out>) at /usr/src/debug/kdelibs-4.2.95/kinit/kinit.cpp:1784
Comment 73 Dario Andres 2009-07-07 22:59:05 UTC
*** Bug 199343 has been marked as a duplicate of this bug. ***
Comment 74 Dario Andres 2009-07-07 22:59:07 UTC
*** Bug 199205 has been marked as a duplicate of this bug. ***
Comment 75 Dario Andres 2009-07-07 22:59:12 UTC
*** Bug 198845 has been marked as a duplicate of this bug. ***
Comment 76 Dario Andres 2009-07-07 22:59:16 UTC
*** Bug 198799 has been marked as a duplicate of this bug. ***
Comment 77 FiNeX 2009-07-09 10:34:43 UTC
*** Bug 199529 has been marked as a duplicate of this bug. ***
Comment 78 FiNeX 2009-07-12 19:20:49 UTC
*** Bug 199888 has been marked as a duplicate of this bug. ***
Comment 79 Dario Andres 2009-07-14 16:11:28 UTC
*** Bug 200152 has been marked as a duplicate of this bug. ***
Comment 80 Martin Ammermüller 2009-07-14 21:34:07 UTC
Same here with 4.2.96:

Application: Konqueror (kdeinit4), signal: Aborted
[KCrash Handler]
#6  0xb7f8c424 in __kernel_vsyscall ()
#7  0xb652d680 in raise () from /lib/i686/cmov/libc.so.6
#8  0xb6530d68 in abort () from /lib/i686/cmov/libc.so.6
#9  0xb65265fe in __assert_fail () from /lib/i686/cmov/libc.so.6
#10 0xb18423ad in KHTMLGlobal::finalCheck () at /home/martin/sandkasten/kdelibs-4.2.96/khtml/khtml_global.cpp:258
#11 0xb206c323 in ~KHTMLFactory (this=0x91b84d8) at /home/martin/sandkasten/kdelibs-4.2.96/khtml/khtml_factory.cpp:35
#12 0xb7cb7e53 in qDeleteAll<QHash<QString, QPointer<KPluginFactory> >::const_iterator> (begin={i = 0x91c1580}, end={i = 0x91bee90}) at /usr/include/qt4/QtCore/qalgorithms.h:350
#13 0xb7cb7eb8 in qDeleteAll<FactoryHash> (c=@0x91fd0f8) at /usr/include/qt4/QtCore/qalgorithms.h:358
#14 0xb7cb80d1 in ~FactoryHash (this=0x91fd0f8) at /home/martin/sandkasten/kdelibs-4.2.96/kdecore/util/klibrary.cpp:93
#15 0xb7cb6f5a in destroy () at /home/martin/sandkasten/kdelibs-4.2.96/kdecore/util/klibrary.cpp:97
#16 0xb7b7a423 in ~KCleanUpGlobalStatic (this=0xb7d12290) at /home/martin/sandkasten/kdelibs-4.2.96/kdecore/kernel/kglobal.h:62
#17 0xb6532889 in exit () from /lib/i686/cmov/libc.so.6
#18 0x0804e95b in launch (argc=4, _name=0x8f083f4 "konqueror", args=0x8f0843d "/home/martin", cwd=0x8f0843d "/home/martin", envc=36, envs=0x8f089d2 "", reset_env=true, tty=0x0, avoid_loops=false, 
    startup_id_str=0x8f089d6 "arbeitstier;1247599295;759661;6650_TIME29145173") at /home/martin/sandkasten/kdelibs-4.2.96/kinit/kinit.cpp:676
#19 0x0804f0c2 in handle_launcher_request (sock=14, who=0x80527fc "wrapper") at /home/martin/sandkasten/kdelibs-4.2.96/kinit/kinit.cpp:1168
#20 0x0804f9c9 in handle_requests (waitForPid=0) at /home/martin/sandkasten/kdelibs-4.2.96/kinit/kinit.cpp:1352
#21 0x080503d6 in main (argc=2, argv=0xbfa6aeb4, envp=0xbfa6aec0) at /home/martin/sandkasten/kdelibs-4.2.96/kinit/kinit.cpp:1788
Comment 81 Dario Andres 2009-07-31 15:39:20 UTC
*** Bug 201955 has been marked as a duplicate of this bug. ***
Comment 82 Dario Andres 2009-08-01 15:53:29 UTC
*** Bug 202200 has been marked as a duplicate of this bug. ***
Comment 83 Dario Andres 2009-08-07 19:43:39 UTC
*** Bug 202869 has been marked as a duplicate of this bug. ***
Comment 84 Andrey Borzenkov 2009-08-14 18:45:52 UTC
Still valid for 4.3. Moreover, I reliably can reproduce it on http://christophe.varoqui.free.fr/multipath-tools/ using Mandriva x86_64 + 64 bit flash player (latest available). Open site, let flash appear, scroll several times up and down, close window - get dr. konqi.

Application: Konqueror (kdeinit4), signal: Aborted
[KCrash Handler]
#5  0x00007fe4e1c61545 in raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#6  0x00007fe4e1c62b60 in abort () at abort.c:88
#7  0x00007fe4e1c5a3da in __assert_fail (assertion=0x7fe4cf861d51 "!s_refcnt", file=<value optimized out>, line=258, function=0x7fe4cf861ec0 "static void KHTMLGlobal::finalCheck()") at assert.c:78
#8  0x00007fe4cf5398a2 in KHTMLGlobal::finalCheck () at /usr/src/debug/kdelibs-4.3.0/khtml/khtml_global.cpp:258
#9  0x00007fe4cfd17519 in ~KHTMLFactory (this=0x2866f20) at /usr/src/debug/kdelibs-4.3.0/khtml/khtml_factory.cpp:35
#10 0x00007fe4e404a1ce in qDeleteAll<QHash<QString, QPointer<KPluginFactory> >::const_iterator> (begin={i = 0x286a640}, end={i = 0x286ac90}) at /usr/lib/qt4/include/QtCore/qalgorithms.h:350
#11 0x00007fe4e404a3e9 in ~FactoryHash (this=0x4c4c) at /usr/src/debug/kdelibs-4.3.0/kdecore/util/klibrary.cpp:93
#12 0x00007fe4e4049582 in destroy () at /usr/src/debug/kdelibs-4.3.0/kdecore/util/klibrary.cpp:97
#13 0x00007fe4e1c64242 in __run_exit_handlers (status=0, listp=0x7fe4e1f884a8, run_list_atexit=true) at exit.c:78
#14 0x00007fe4e1c64295 in exit (status=19532) at exit.c:100
#15 0x0000000000406850 in launch (argc=4, _name=<value optimized out>, args=<value optimized out>, cwd=<value optimized out>, envc=<value optimized out>, envs=<value optimized out>, reset_env=true, 
    tty=0x0, avoid_loops=false, startup_id_str=0x226c484 "cooker;1250267923;998804;14568_TIME41202720") at /usr/src/debug/kdelibs-4.3.0/kinit/kinit.cpp:676
#16 0x0000000000406fb8 in handle_launcher_request (sock=41, who=<value optimized out>) at /usr/src/debug/kdelibs-4.3.0/kinit/kinit.cpp:1168
#17 0x0000000000407c10 in handle_requests (waitForPid=0) at /usr/src/debug/kdelibs-4.3.0/kinit/kinit.cpp:1352
#18 0x0000000000408440 in main (argc=2, argv=<value optimized out>, envp=<value optimized out>) at /usr/src/debug/kdelibs-4.3.0/kinit/kinit.cpp:1788
Comment 85 Tommi Tervo 2009-08-18 10:40:30 UTC
*** Bug 204247 has been marked as a duplicate of this bug. ***
Comment 86 Dario Andres 2009-08-18 21:50:29 UTC
*** Bug 204327 has been marked as a duplicate of this bug. ***
Comment 87 Dario Andres 2009-08-23 16:20:58 UTC
*** Bug 204861 has been marked as a duplicate of this bug. ***
Comment 88 Dario Andres 2009-09-07 14:00:36 UTC
*** Bug 206623 has been marked as a duplicate of this bug. ***
Comment 89 Dario Andres 2009-09-08 14:49:15 UTC
*** Bug 206733 has been marked as a duplicate of this bug. ***
Comment 90 Dario Andres 2009-09-12 16:33:03 UTC
*** Bug 207133 has been marked as a duplicate of this bug. ***
Comment 91 Dario Andres 2009-09-16 03:53:57 UTC
*** Bug 207485 has been marked as a duplicate of this bug. ***
Comment 92 David Faure 2009-11-17 22:33:57 UTC
I commented out the assert in r1027745 for kde-4.3.3, so that users experience less crashes. Of course this doesn't fix the bug (memory leak). Just wanted to mention this in case anyone wondered why it appeared to work better with 4.3.3 or later.
Comment 93 Dawit Alemayehu 2011-06-26 17:37:15 UTC
*** Bug 195387 has been marked as a duplicate of this bug. ***
Comment 94 Martin Koller 2011-07-25 12:35:14 UTC
*** Bug 192393 has been marked as a duplicate of this bug. ***
Comment 95 Andrea Iacovitti 2013-03-12 19:34:52 UTC
Created attachment 77989 [details]
a minimal testcase to reproduce the the problem

Just load the testcase then close konqueror.
I get this printed in console:

konqueror(7435)/khtml KHTMLGlobal::finalCheck: Document KUrl("file:///tmp/test.html") was not deleted

I get line above repeated the number of time i reolad the testcase in the same konqueror windowa (after closing it).
Comment 96 Andrea Iacovitti 2014-03-10 05:31:45 UTC
Git commit 3081de72b55cc8cd8303ba67c3dfa45a920d6f02 by Andrea Iacovitti.
Committed on 10/03/2014 at 05:30.
Pushed by aiacovitti into branch 'KDE/4.12'.

Do not leak nodes.

M  +1    -1    khtml/dom/dom_node.cpp
M  +1    -1    khtml/ecma/kjs_dom.cpp
M  +9    -8    khtml/ecma/kjs_html.cpp
M  +5    -5    khtml/editing/htmlediting_impl.cpp
M  +7    -9    khtml/html/html_headimpl.cpp
M  +1    -1    khtml/xml/dom_nodeimpl.cpp
M  +1    -1    khtml/xml/dom_nodeimpl.h

http://commits.kde.org/kdelibs/3081de72b55cc8cd8303ba67c3dfa45a920d6f02