169851 – KJS crash while using Horde bugtracker

Bug 169851 - KJS crash while using Horde bugtracker

Summary: KJS crash while using Horde bugtracker

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	konqueror
Classification:	Applications
Component:	general (show other bugs)
Version:	unspecified
Platform:	unspecified Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Konqueror Developers

URL:
Keywords:

Depends on:
Blocks:

Reported:	2008-08-26 13:50 UTC by Thomas Jarosch
Modified:	2008-10-13 11:12 UTC (History)
CC List:	3 users (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Jarosch 2008-08-26 13:50:11 UTC

Version:           4.1.00 (KDE 4.1.0) (using 4.1.00 (KDE 4.1.0), 4.1.0-5.fc9 Fedora)
Compiler:          gcc
OS:                Linux (i686) release 2.6.25.14-108.fc9.i686

Hello,

while answering a ticket in the Horde bugtracker, I used the back button and suddenly konqueror crashed. This time I had the kdelibs-debuginfo package intalled.

Here's the backtrace:
Application: Konqueror (konqueror), signal SIGSEGV
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
[New Thread 0xb7f28770 (LWP 23968)]
[KCrash handler]
#6  0x04869907 in KJS::Error::create (exec=<value optimized out>, 
    errtype=<value optimized out>, message=<value optimized out>, 
    lineno=<value optimized out>, sourceId=<value optimized out>, 
    sourceURL=<value optimized out>)
    at /usr/src/debug/kdelibs-4.1.0/kjs/object.cpp:671
#7  0x04869c89 in KJS::throwError (exec=<value optimized out>, 
    type=<value optimized out>, message=<value optimized out>)
    at /usr/src/debug/kdelibs-4.1.0/kjs/object.cpp:717
#8  0x0487a9fd in KJS::JSImmediate::toObject (v=<value optimized out>, 
    exec=<value optimized out>)
    at /usr/src/debug/kdelibs-4.1.0/kjs/JSImmediate.cpp:33
#9  0x0487fefd in KJS::Machine::runBlock (exec=<value optimized out>, 
    codeBlock=<value optimized out>, parentExec=<value optimized out>)
    at /usr/src/debug/kdelibs-4.1.0/kjs/value.h:481
#10 0x0483a695 in KJS::FunctionBodyNode::execute (this=<value optimized out>, 
    exec=<value optimized out>)
    at /usr/src/debug/kdelibs-4.1.0/kjs/nodes.cpp:927
#11 0x0486cfba in KJS::Interpreter::evaluate (this=<value optimized out>, 
    sourceURL=<value optimized out>, 
    startingLineNumber=<value optimized out>, code=<value optimized out>, 
    codeLength=<value optimized out>, thisV=<value optimized out>)
    at /usr/src/debug/kdelibs-4.1.0/kjs/interpreter.cpp:557
#12 0x0486d157 in KJS::Interpreter::evaluate (this=)
    at /usr/src/debug/kdelibs-4.1.0/kjs/interpreter.cpp:499
#13 0x04bf5ec2 in KJS::KJSProxyImpl::evaluate (this=<value optimized out>, 
    filename=<value optimized out>, baseLine=<value optimized out>, 
    str=<value optimized out>, n=<value optimized out>, 
    completion=<value optimized out>)
    at /usr/src/debug/kdelibs-4.1.0/khtml/ecma/kjs_proxy.cpp:157
#14 0x049be8f4 in KHTMLPart::executeScript (this=<value optimized out>, 
    filename=<value optimized out>, baseLine=<value optimized out>, 
    n=<value optimized out>, script=<value optimized out>)
    at /usr/src/debug/kdelibs-4.1.0/khtml/khtml_part.cpp:1219
#15 0x04a692b9 in khtml::HTMLTokenizer::scriptExecution (
    this=<value optimized out>, str=<value optimized out>, 
    scriptURL=<value optimized out>, baseLine=<value optimized out>)
    at /usr/src/debug/kdelibs-4.1.0/khtml/html/htmltokenizer.cpp:475
#16 0x04a6d424 in khtml::HTMLTokenizer::scriptHandler (
    this=<value optimized out>)
    at /usr/src/debug/kdelibs-4.1.0/khtml/html/htmltokenizer.cpp:428
#17 0x04a6ee5d in khtml::HTMLTokenizer::parseSpecial (
    this=<value optimized out>, src=<value optimized out>)
    at /usr/src/debug/kdelibs-4.1.0/khtml/html/htmltokenizer.cpp:344
#18 0x04a70df2 in khtml::HTMLTokenizer::parseTag (this=<value optimized out>, 
    src=<value optimized out>)
    at /usr/src/debug/kdelibs-4.1.0/khtml/html/htmltokenizer.cpp:1535
#19 0x04a72335 in khtml::HTMLTokenizer::write (this=<value optimized out>, 
    str=<value optimized out>, appendData=<value optimized out>)
    at /usr/src/debug/kdelibs-4.1.0/khtml/html/htmltokenizer.cpp:1789
#20 0x049c9e71 in KHTMLPart::write (this=<value optimized out>, 
    data=<value optimized out>, len=<value optimized out>)
    at /usr/src/debug/kdelibs-4.1.0/khtml/khtml_part.cpp:1972
#21 0x049d0e3a in KHTMLPart::slotData (this=<value optimized out>, kio_job=)
    at /usr/src/debug/kdelibs-4.1.0/khtml/khtml_part.cpp:1662
#22 0x049e3837 in KHTMLPart::qt_metacall (this=<value optimized out>, 
    _c=<value optimized out>, _id=<value optimized out>, 
    _a=<value optimized out>)
    at /usr/src/debug/kdelibs-4.1.0/i386-redhat-linux-gnu/khtml/khtml_part.moc:264
#23 0x07b013e0 in QMetaObject::activate () from /usr/lib/libQtCore.so.4
#24 0x07b02162 in QMetaObject::activate () from /usr/lib/libQtCore.so.4
#25 0x03bd47b9 in KIO::TransferJob::data (this=)
    at /usr/src/debug/kdelibs-4.1.0/i386-redhat-linux-gnu/kio/jobclasses.moc:356
#26 0x03bd50f2 in KIO::TransferJob::slotData (this=<value optimized out>, 
    _data=) at /usr/src/debug/kdelibs-4.1.0/kio/kio/job.cpp:927
#27 0x03bdc855 in KIO::TransferJob::qt_metacall (this=<value optimized out>, 
    _c=<value optimized out>, _id=<value optimized out>, 
    _a=<value optimized out>)
    at /usr/src/debug/kdelibs-4.1.0/i386-redhat-linux-gnu/kio/jobclasses.moc:337
#28 0x07b013e0 in QMetaObject::activate () from /usr/lib/libQtCore.so.4
#29 0x07b02162 in QMetaObject::activate () from /usr/lib/libQtCore.so.4
#30 0x03c870f3 in KIO::SlaveInterface::data (this=)
    at /usr/src/debug/kdelibs-4.1.0/i386-redhat-linux-gnu/kio/slaveinterface.moc:136
#31 0x03c89be4 in KIO::SlaveInterface::dispatch (this=<value optimized out>, 
    _cmd=<value optimized out>, rawdata=<value optimized out>)
    at /usr/src/debug/kdelibs-4.1.0/kio/kio/slaveinterface.cpp:162
#32 0x03c87887 in KIO::SlaveInterface::dispatch (this=<value optimized out>)
    at /usr/src/debug/kdelibs-4.1.0/kio/kio/slaveinterface.cpp:90
#33 0x03c7a500 in KIO::Slave::gotInput (this=<value optimized out>)
    at /usr/src/debug/kdelibs-4.1.0/kio/kio/slave.cpp:319
#34 0x03c7a873 in KIO::Slave::qt_metacall (this=<value optimized out>, 
    _c=<value optimized out>, _id=<value optimized out>, 
    _a=<value optimized out>)
    at /usr/src/debug/kdelibs-4.1.0/i386-redhat-linux-gnu/kio/slave.moc:75
#35 0x07b013e0 in QMetaObject::activate () from /usr/lib/libQtCore.so.4
#36 0x07b02162 in QMetaObject::activate () from /usr/lib/libQtCore.so.4
#37 0x03baa877 in KIO::Connection::readyRead (this=)
    at /usr/src/debug/kdelibs-4.1.0/i386-redhat-linux-gnu/kio/connection.moc:84
#38 0x03bac2a3 in KIO::ConnectionPrivate::dequeue (this=<value optimized out>)
    at /usr/src/debug/kdelibs-4.1.0/kio/kio/connection.cpp:82
#39 0x03bac8f6 in KIO::Connection::qt_metacall (this=<value optimized out>, 
    _c=<value optimized out>, _id=<value optimized out>, 
    _a=<value optimized out>)
    at /usr/src/debug/kdelibs-4.1.0/i386-redhat-linux-gnu/kio/connection.moc:72
#40 0x07afa53b in QMetaCallEvent::placeMetaCall ()
   from /usr/lib/libQtCore.so.4
#41 0x07afc0f9 in QObject::event () from /usr/lib/libQtCore.so.4
#42 0x02f5630c in QApplicationPrivate::notify_helper ()
   from /usr/lib/libQtGui.so.4
#43 0x02f5e16e in QApplication::notify () from /usr/lib/libQtGui.so.4
#44 0x038dbddd in KApplication::notify (this=<value optimized out>, 
    receiver=<value optimized out>, event=<value optimized out>)
    at /usr/src/debug/kdelibs-4.1.0/kdeui/kernel/kapplication.cpp:311
#45 0x07aec731 in QCoreApplication::notifyInternal ()
   from /usr/lib/libQtCore.so.4
#46 0x07aed3a5 in QCoreApplicationPrivate::sendPostedEvents ()
   from /usr/lib/libQtCore.so.4
#47 0x07aed5bd in QCoreApplication::sendPostedEvents ()
   from /usr/lib/libQtCore.so.4
#48 0x07b1725f in ?? () from /usr/lib/libQtCore.so.4
#49 0x0061d0d8 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#50 0x00620783 in ?? () from /lib/libglib-2.0.so.0
#51 0x00620941 in g_main_context_iteration () from /lib/libglib-2.0.so.0
#52 0x07b16ea8 in QEventDispatcherGlib::processEvents ()
   from /usr/lib/libQtCore.so.4
#53 0x02feed95 in ?? () from /usr/lib/libQtGui.so.4
#54 0x07aeae1a in QEventLoop::processEvents () from /usr/lib/libQtCore.so.4
#55 0x07aeafda in QEventLoop::exec () from /usr/lib/libQtCore.so.4
#56 0x07aed685 in QCoreApplication::exec () from /usr/lib/libQtCore.so.4
#57 0x02f56187 in QApplication::exec () from /usr/lib/libQtGui.so.4
#58 0x020e900f in kdemain () from /usr/lib/libkdeinit4_konqueror.so
#59 0x08048792 in _start ()

Providing an URL is not really possible, as you need an account for the system and it's restricted to Horde developers only.

Thomas

Comment 1 Maksim Orlovich 2008-08-26 15:14:43 UTC

Thanks for the report. The line it crashes on, though:
  JSObject *err = static_cast<JSObject *>(cons->construct(exec,args));
... is not really something that ought to ever crash --- it's invoking 
a builtin constructor, that's there all the time (from context it's a TypeError 
due to trying to access a field inside undefined). I presume it's not reproducible?

P.S. Sound like you could perhaps comment on bug #169722.

Comment 2 Thomas Jarosch 2008-08-26 15:29:57 UTC

You are right, I can't reproduce it for now. When konqueror crashed and I was asked to resume the session upon restart, it crashed every time I used the back button again. Tried it three times. It was the same with #169817. Smells like stack corruption to me.

I use lots of tabs for browsing, maybe it's somehow related. If I get another crash log, I'll post it here.

I'll try to see if I can reproduce #169722.

Comment 3 Thomas Jarosch 2008-08-26 20:54:33 UTC

Is there a good reason why I was able to crash it every time once it resumed the "broken" session? I guess the konqueror session saves URL, window size and other stuff in there. Where does this get saved to? Maybe the session data gets corrupted and that's why I was able to trigger it over and over again once it happens.

Comment 4 Eduardo Robles Elvira 2008-08-26 22:23:54 UTC

(In reply to comment #3)
> Is there a good reason why I was able to crash it every time once it resumed
> the "broken" session? I guess the konqueror session saves URL, window size and
> other stuff in there. Where does this get saved to? Maybe the session data gets
> corrupted and that's why I was able to trigger it over and over again once it
> happens.
> 

Well the reason is konqueror saves everything it can, even the buffer (which is normally the largest part), for every historyitems (back &forward arrows for each konq view). I plan to make the crash session manager smarter smarter for 4.2 so that it can detect  when a session is crashy and try to somehow deal with it but it's not done yet.

You can see the saved session as files (one per konqueror process) inside ~/.kde/share/apps/konqueror/autosave.

Comment 5 Thomas Jarosch 2008-08-28 09:21:11 UTC

Thanks for the session path. Konqueror didn't crash on me for two days, I'll close the ticket and will reopen it in case I should get another backtrace.

Comment 6 Thomas Jarosch 2008-08-28 16:10:39 UTC

A coworker generated a HTML code documentation with "DoxyS" under Windows and mentioned "make sure you have Javascript turned on, it makes heavy use of that".
When I openeded the index page, konqueror crashed :-)

Here's the backtrace:
Application: KDE Daemon (kded4), signal SIGSEGV
[Thread debugging using libthread_db enabled]
[New Thread 0xb8082770 (LWP 3446)]
[KCrash handler]
#6  QString::operator= (this=<value optimized out>, 
    other=<value optimized out>) at ../../src/corelib/arch/qatomic_i386.h:122
#7  0x00f510a8 in KCookieJar::stripDomain (this=0x9de76a8, _fqdn=@0xbfeb2fb8, 
    _domain=@0xbfeb3008)
    at /usr/src/debug/kdelibs-4.1.0/kioslave/http/kcookiejar/kcookiejar.cpp:520
#8  0x00f5171c in KCookieJar::stripDomain (this=0x9de76a8, cookie=@0x9f55020)
    at /usr/src/debug/kdelibs-4.1.0/kioslave/http/kcookiejar/kcookiejar.cpp:527
#9  0x00f51941 in KCookieJar::addCookie (this=0x9de76a8, cookie=@0x9f55020)
    at /usr/src/debug/kdelibs-4.1.0/kioslave/http/kcookiejar/kcookiejar.cpp:935
#10 0x00f564b6 in KCookieServer::checkCookies (this=0x9e76170, 
    cookieList=0xbfeb3190)
    at /usr/src/debug/kdelibs-4.1.0/kioslave/http/kcookiejar/kcookieserver.cpp:181
#11 0x00f57083 in KCookieServer::addCookies (this=0x9e76170, url=@0x9f00e58, 
    cookieHeader=@0x9eef728, windowId=<value optimized out>, 
    useDOMFormat=false)
    at /usr/src/debug/kdelibs-4.1.0/kioslave/http/kcookiejar/kcookieserver.cpp:151
#12 0x00f573f5 in KCookieServer::addCookies (this=0x9e76170, arg1=@0x9f00e58, 
    arg2=@0x9eef728, arg3=33)
    at /usr/src/debug/kdelibs-4.1.0/kioslave/http/kcookiejar/kcookieserver.cpp:418
#13 0x00f5f01f in KCookieServerAdaptor::qt_metacall (this=0x9dd6710, 
    _c=QMetaObject::InvokeMetaMethod, _id=0, _a=0xbfeb3388)
    at /usr/src/debug/kdelibs-4.1.0/i386-redhat-linux-gnu/kioslave/http/kcookiejar/kcookieserveradaptor.cpp:39
#14 0x002cd74e in QDBusConnectionPrivate::deliverCall (
    this=<value optimized out>, object=<value optimized out>, 
    msg=<value optimized out>, metaTypes=<value optimized out>, 
    slotIdx=<value optimized out>) at qdbusintegrator.cpp:865
#15 0x002cea81 in QDBusConnectionPrivate::activateCall (
    this=<value optimized out>, object=<value optimized out>, 
    flags=<value optimized out>, msg=<value optimized out>)
    at qdbusintegrator.cpp:777
#16 0x002cee91 in QDBusConnectionPrivate::activateObject (
    this=<value optimized out>, node=<value optimized out>, 
    msg=<value optimized out>, pathStartPos=<value optimized out>)
    at qdbusintegrator.cpp:1318
#17 0x002cf3fa in QDBusActivateObjectEvent::placeMetaCall (this=)
    at qdbusintegrator.cpp:1412
#18 0x07afc0f9 in QObject::event (this=<value optimized out>, 
    e=<value optimized out>) at kernel/qobject.cpp:1140
#19 0x02f5630c in QApplicationPrivate::notify_helper (
    this=<value optimized out>, receiver=<value optimized out>, 
    e=<value optimized out>) at kernel/qapplication.cpp:3800
#20 0x02f5e16e in QApplication::notify (this=<value optimized out>, 
    receiver=<value optimized out>, e=<value optimized out>)
    at kernel/qapplication.cpp:3392
#21 0x038dbddd in KApplication::notify (this=<value optimized out>, 
    receiver=<value optimized out>, event=<value optimized out>)
    at /usr/src/debug/kdelibs-4.1.0/kdeui/kernel/kapplication.cpp:311
#22 0x07aec731 in QCoreApplication::notifyInternal (
    this=<value optimized out>, receiver=<value optimized out>, 
    event=<value optimized out>) at kernel/qcoreapplication.cpp:591
#23 0x07aed3a5 in QCoreApplicationPrivate::sendPostedEvents (
    receiver=<value optimized out>, event_type=<value optimized out>, 
    data=<value optimized out>)
    at ../../src/corelib/kernel/qcoreapplication.h:215
#24 0x07aed5bd in QCoreApplication::sendPostedEvents (receiver=)
    at kernel/qcoreapplication.cpp:1095
#25 0x07b1725f in postEventSourceDispatch (s=)
    at ../../src/corelib/kernel/qcoreapplication.h:220
#26 0x0061d0d8 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#27 0x00620783 in ?? () from /lib/libglib-2.0.so.0
#28 0x00620941 in g_main_context_iteration () from /lib/libglib-2.0.so.0
#29 0x07b16ea8 in QEventDispatcherGlib::processEvents (
    this=<value optimized out>, flags=<value optimized out>)
    at kernel/qeventdispatcher_glib.cpp:325
#30 0x02feed95 in QGuiEventDispatcherGlib::processEvents (this=)
    at kernel/qguieventdispatcher_glib.cpp:204
#31 0x07aeae1a in QEventLoop::processEvents (this=<value optimized out>, 
    flags=<value optimized out>) at kernel/qeventloop.cpp:149
#32 0x07aeafda in QEventLoop::exec (this=<value optimized out>, 
    flags=<value optimized out>) at kernel/qeventloop.cpp:200
#33 0x07aed685 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:849
#34 0x02f56187 in QApplication::exec () at kernel/qapplication.cpp:3330
#35 0x00395366 in kdemain (argc=<value optimized out>, 
    argv=<value optimized out>)
    at /usr/src/debug/kdelibs-4.1.0/kded/kded.cpp:847
#36 0x08048752 in main (argc=)
    at /usr/src/debug/kdelibs-4.1.0/i386-redhat-linux-gnu/kded/kded4_dummy.cpp:3

There's not KJS in there, but I suspect the stack somehow gets corrupted...

Comment 7 Thomas Jarosch 2008-08-29 16:25:47 UTC

Here's another while tracing some PHP/libxml2 issue which returned an empty page instead of the Horde web application:

Application: Konqueror (konqueror), signal SIGSEGV
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
[New Thread 0xb7ee2770 (LWP 9743)]
[New Thread 0xb673cb90 (LWP 17618)]
[KCrash handler]
#6  0x02f60f07 in QWidget::testAttribute (this=)
    at ../../src/gui/kernel/qwidget.h:990
#7  0x02f5d154 in QApplication::setActiveWindow (act=<value optimized out>)
    at ../../src/gui/kernel/qwidget.h:952
#8  0x02fc6acc in QApplication::x11ProcessEvent (this=<value optimized out>, 
    event=<value optimized out>) at kernel/qapplication_x11.cpp:3087
#9  0x02fef6cc in x11EventSourceDispatch (s=<value optimized out>, 
    callback=<value optimized out>, user_data=<value optimized out>)
    at kernel/qguieventdispatcher_glib.cpp:148
#10 0x0061d0d8 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#11 0x00620783 in ?? () from /lib/libglib-2.0.so.0
#12 0x00620941 in g_main_context_iteration () from /lib/libglib-2.0.so.0
#13 0x07b16ea8 in QEventDispatcherGlib::processEvents (
    this=<value optimized out>, flags=<value optimized out>)
    at kernel/qeventdispatcher_glib.cpp:325
#14 0x02feed95 in QGuiEventDispatcherGlib::processEvents (this=)
    at kernel/qguieventdispatcher_glib.cpp:204
#15 0x07aeae1a in QEventLoop::processEvents (this=<value optimized out>, 
    flags=<value optimized out>) at kernel/qeventloop.cpp:149
#16 0x07aeafda in QEventLoop::exec (this=<value optimized out>, 
    flags=<value optimized out>) at kernel/qeventloop.cpp:200
#17 0x07aed685 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:849
#18 0x02f56187 in QApplication::exec () at kernel/qapplication.cpp:3330
#19 0x020e900f in kdemain () from /usr/lib/libkdeinit4_konqueror.so
#20 0x08048792 in _start ()

Hope they are any good.

Comment 8 Maksim Orlovich 2008-08-29 19:39:43 UTC

Comment #6 is probably because the local page set a cookie --- you were opening a local file, right --- and it's the cookie jar (inside kded4) crashing, not konqueror, I should fix it either way..

Comment #7 is some internal UI stuff in Qt, and really doesn't tell me a thing, I am afraid.

Comment 9 Thomas Jarosch 2008-08-29 19:56:41 UTC

Yes, I was opening a local file in comment #6.

The backtrace of comment #7 really looks strange, but that's the one I can reproduce easily. It involves a segfaulted http server process which then aborts the connections and this crashes konqueror later on. Multiple backtraces from the same issue almost look the same. My gut tells me konqueror still uses a widget that is already freed. Konqueror just shows a blank page and states "Page loaded." in the status bar though the connection must have been aborted.

Comment 10 Michael Pyne 2008-09-01 00:46:03 UTC

See bug 170147 for discussion of the kcookiejar crash.

Comment 11 Thomas Jarosch 2008-10-13 11:12:44 UTC

I didn't see a Konqueror crash since KDE 4.1.1 for a long time, so I guess we can close this one :-)