Bug 70731 - Konqueror crash on close
Summary: Konqueror crash on close
Status: RESOLVED DUPLICATE of bug 85057
Alias: None
Product: konqueror
Classification: Applications
Component: khtml (show other bugs)
Version: 4.0
Platform: unspecified Linux
: NOR crash
Target Milestone: ---
Assignee: Konqueror Developers
URL:
Keywords:
: 70964 70965 71131 71454 (view as bug list)
Depends on:
Blocks:
 
Reported: 2003-12-18 01:07 UTC by Malte S. Stretz
Modified: 2005-10-31 14:46 UTC (History)
4 users (show)

See Also:
Latest Commit:
Version Fixed In:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Malte S. Stretz 2003-12-18 01:07:18 UTC
Version:           4.0 (using KDE 3.1.94 (CVS >= 20031206), Gentoo)
Compiler:          gcc version 3.2.3 20030422 (Gentoo Linux 1.4 3.2.3-r3, propolice)
OS:          Linux (i686) release 2.4.20-gentoo-r9

Yet another unreproducable crash on close. This time in HTML mode (related to bug 67710 anyway?). Let's see what the Dup Finder says about the backtrace:

(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...[New Thread 16384 (LWP 1439)]
0x4443bf47 in waitpid ()
   from /lib/libpthread.so.0
#0  0x4443bf47 in waitpid () from /lib/libpthread.so.0
#1  0x4385c191 in KCrash::defaultCrashHandler(int) ()
   from /usr/kde/cvs/lib/libkdecore.so.4
#2  0x4443adfa in __pthread_sighandler () from /lib/libpthread.so.0
#3  <signal handler called>
#4  0x445a4f61 in kill () from /lib/libc.so.6
#5  0x444383d3 in pthread_kill () from /lib/libpthread.so.0
#6  0x444386eb in raise () from /lib/libpthread.so.0
#7  0x445a4d12 in raise () from /lib/libc.so.6
#8  0x445a61dc in abort () from /lib/libc.so.6
#9  0x4459e5e3 in __assert_fail () from /lib/libc.so.6
#10 0x44e90614 in khtml::Cache::clear() () from /usr/kde/cvs/lib/libkhtml.so.4
#11 0x44db4397 in KHTMLFactory::~KHTMLFactory() ()
   from /usr/kde/cvs/lib/libkhtml.so.4
#12 0x44db4598 in KHTMLFactory::deref() () from /usr/kde/cvs/lib/libkhtml.so.4
#13 0x44db4291 in KHTMLFactory::~KHTMLFactory() ()
   from /usr/kde/cvs/lib/libkhtml.so.4
#14 0x43874cff in KLibrary::~KLibrary() ()
   from /usr/kde/cvs/lib/libkdecore.so.4
#15 0x438755f5 in KLibrary::slotTimeout() ()
   from /usr/kde/cvs/lib/libkdecore.so.4
#16 0x43876c29 in KLibrary::qt_invoke(int, QUObject*) ()
   from /usr/kde/cvs/lib/libkdecore.so.4
#17 0x43cdde3e in QObject::activate_signal(QConnectionList*, QUObject*) (
    this=0x9025958, clist=0x8ebe148, o=0xb78836c0) at kernel/qobject.cpp:2333
#18 0x43cddc96 in QObject::activate_signal(int) (this=0x9025958, signal=2)
    at kernel/qobject.cpp:2302
#19 0x440b19ee in QTimer::timeout() (this=0x9025958)
    at .moc/debug-shared-mt/moc_qtimer.cpp:82
#20 0x43d0958a in QTimer::event(QEvent*) (this=0x9025958, e=0xb7883970)
    at kernel/qtimer.cpp:219
#21 0x43c6c51d in QApplication::internalNotify(QObject*, QEvent*) (
    this=0xb7883d50, receiver=0x9025958, e=0xb7883970)
    at kernel/qapplication.cpp:2582
#22 0x43c6b760 in QApplication::notify(QObject*, QEvent*) (this=0xb7883d50, 
    receiver=0x9025958, e=0xb7883970) at kernel/qapplication.cpp:2305
#23 0x437d6c65 in KApplication::notify(QObject*, QEvent*) ()
   from /usr/kde/cvs/lib/libkdecore.so.4
#24 0x430f8e3d in QApplication::sendEvent(QObject*, QEvent*) ()
   from /usr/kde/cvs/lib/libkparts.so.2
#25 0x43c57853 in QEventLoop::activateTimers() (this=0x80d5a00)
    at kernel/qeventloop_unix.cpp:557
#26 0x43c07290 in QEventLoop::processEvents(unsigned) (this=0x80d5a00, flags=4)
    at kernel/qeventloop_x11.cpp:346
#27 0x43c85a31 in QEventLoop::enterLoop() (this=0x80d5a00)
    at kernel/qeventloop.cpp:198
#28 0x43c8594a in QEventLoop::exec() (this=0x80d5a00)
    at kernel/qeventloop.cpp:145
#29 0x43c6c6db in QApplication::exec() (this=0xb7883d50)
    at kernel/qapplication.cpp:2705
#30 0x449a55f6 in kdemain () from /usr/kde/cvs/lib/libkdeinit_konqueror.so
#31 0x439568f6 in kdeinitmain () from /usr/kde/cvs/lib/kde3/konqueror.so
#32 0x0804df29 in strcpy ()
#33 0x0804eed3 in strcpy ()
#34 0x0804f48e in strcpy ()
#35 0x08050344 in strcpy ()
#36 0x4459190b in __libc_start_main () from /lib/libc.so.6
Comment 1 Thiago Macieira 2003-12-18 16:52:14 UTC
It does. It's the same backtrace as bug #53054. It's marked WORKSFORME because no one could reproduce it.
Comment 2 Malte S. Stretz 2003-12-19 14:05:18 UTC
Yeah, I still hadn't made up my mind about it. Bug 53054 and bug 53520 are both from January this year. So either this is a really old bug which occurs only on some rare occasions or the bug got re-introduced lately.

As I said before, I can't reproduce it; I don't even know which pages I had open when I closed that window. Might have been a tabbed view or not, I dunno.
Comment 3 Stephan Kulow 2003-12-21 13:44:21 UTC
*** Bug 70964 has been marked as a duplicate of this bug. ***
Comment 4 Stephan Kulow 2003-12-21 13:44:38 UTC
*** Bug 70965 has been marked as a duplicate of this bug. ***
Comment 5 Thiago Macieira 2003-12-23 20:45:15 UTC
*** Bug 71131 has been marked as a duplicate of this bug. ***
Comment 6 Thiago Macieira 2003-12-23 20:48:32 UTC
Bug 71131 has line numbers. However, the line number being pointed is already outside khtml::Cache::clear(). It would help to know the CVS date of the compilation.
Comment 7 Dieter Nützel 2003-12-24 00:13:10 UTC
Should be traced from SuSE?
3.1.94 for SuSE 9.0

Maybe the *.src.rpm helps?
ftp://ftp.kde.org/pub/kde/unstable/3.1.94/SuSE/src

Greetings,
	Dieter
Comment 8 Thiago Macieira 2003-12-24 00:23:56 UTC
People using other distributions have reported it. Unfortunately, we haven't yet been able to reliably reproduce it, so we can't find its cause.

However, if SuSE's RPMs are the KDE_3_2_0_BETA_2 tag, then the faulty code is:

1340 #ifndef NDEBUG
1341     for (QDictIterator<CachedObject> it(*cache); it.current(); ++it)
1342         assert(it.current()->canDelete());
1343     for (QPtrListIterator<CachedObject> it(*freeList); it.current(); ++it)
1344         assert(it.current()->canDelete());
1345 #endif

1342 being the faulty line.
Comment 9 Dieter Nützel 2003-12-24 00:45:41 UTC
Yes, SuSE's *.src.rpm show the KDE_3_2_0_BETA_2 tag.

But I only find kdebase3-3.1.94-0.src.rpm in there ftp archive and my packages show that they were built from kdebase3-3.1.94-1.src.rpm.

/opt/Mesa-newtree> rpm -qi kdebase3
Name        : kdebase3                     Relocations: (not relocateable)
Version     : 3.1.94                            Vendor: SuSE Linux AG, Nuernberg, Germany
Release     : 1                             Build Date: Di 02 Dez 2003 12:05:27 CET
Install date: Do 11 Dez 2003 00:08:13 CET      Build Host: monteverdi.suse.de
Group       : System/GUI/KDE                Source RPM: kdebase3-3.1.94-1.src.rpm
Size        : 121429277                        License: GPL
Signature   : (none)
Packager    : http://www.suse.de/feedback
URL         : http://www.kde.org/
Summary     : The KDE core components
Description :
This package contains kdebase, one of the basic packages of the K
Desktop Environment. It contains among others kwin (the KDE window
manager), konqueror (the KDE web browser), and KControl (the
configuration program)

This package is needed if you want to use the KDE Desktop. It is not
needed if you only want to start some KDE applications.

Authors:
--------
    The KDE Team <kde@kde.org>
Distribution: SuSE Linux 9.0 (i386)

***************************************************

Where can I find your code snipped?
Comment 10 Dieter Nützel 2003-12-24 01:05:07 UTC
OK, found it in khtml/misc/loader.cpp.

Line 1342 is the same.
Comment 11 Malte S. Stretz 2004-01-09 00:55:03 UTC
*** Bug 71454 has been marked as a duplicate of this bug. ***
Comment 12 Malte S. Stretz 2004-01-09 01:00:36 UTC
Hey, I finally found a way to reproduce this bug :)

1. Go to http://www.theage.com.au/articles/2004/01/08/1073437391747.html
2. Click on the link titled "correspondence between lawyers"
3. You will be asked what you want to do with that PDF document.
4. Say "Open"
5. Close the window.

Backtrace:
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...[New Thread 16384 (LWP 26792)]
0x413a1f67 in waitpid ()
   from /lib/libpthread.so.0
#0  0x413a1f67 in waitpid () from /lib/libpthread.so.0
#1  0x407a760d in KCrash::defaultCrashHandler(int) ()
   from /usr/kde/cvs/lib/libkdecore.so.4
#2  0x413a0e1a in __pthread_sighandler () from /lib/libpthread.so.0
#3  <signal handler called>
#4  0x41526f61 in kill () from /lib/libc.so.6
#5  0x4139e403 in pthread_kill () from /lib/libpthread.so.0
#6  0x4139e71b in raise () from /lib/libpthread.so.0
#7  0x41526d12 in raise () from /lib/libc.so.6
#8  0x415281fc in abort () from /lib/libc.so.6
#9  0x415205f5 in __assert_fail () from /lib/libc.so.6
#10 0x41d44d34 in khtml::Cache::clear() () from /usr/kde/cvs/lib/libkhtml.so.4
#11 0x41c68c37 in KHTMLFactory::~KHTMLFactory() ()
   from /usr/kde/cvs/lib/libkhtml.so.4
#12 0x41c68e38 in KHTMLFactory::deref() () from /usr/kde/cvs/lib/libkhtml.so.4
#13 0x41c68b31 in KHTMLFactory::~KHTMLFactory() ()
   from /usr/kde/cvs/lib/libkhtml.so.4
#14 0x407c026f in KLibrary::~KLibrary() ()
   from /usr/kde/cvs/lib/libkdecore.so.4
#15 0x407c0b65 in KLibrary::slotTimeout() ()
   from /usr/kde/cvs/lib/libkdecore.so.4
#16 0x407c2199 in KLibrary::qt_invoke(int, QUObject*) ()
   from /usr/kde/cvs/lib/libkdecore.so.4
#17 0x40c29eee in QObject::activate_signal(QConnectionList*, QUObject*) (
    this=0x8338858, clist=0x8386b10, o=0xbfffeb00) at kernel/qobject.cpp:2359
#18 0x40c29d46 in QObject::activate_signal(int) (this=0x8338858, signal=2)
    at kernel/qobject.cpp:2328
#19 0x410118fe in QTimer::timeout() (this=0x8338858)
    at .moc/debug-shared-mt/moc_qtimer.cpp:82
#20 0x40c55722 in QTimer::event(QEvent*) (this=0x8338858, e=0xbfffedb0)
    at kernel/qtimer.cpp:219
#21 0x40bb91c5 in QApplication::internalNotify(QObject*, QEvent*) (
    this=0xbffff230, receiver=0x8338858, e=0xbfffedb0)
    at kernel/qapplication.cpp:2614
#22 0x40bb8408 in QApplication::notify(QObject*, QEvent*) (this=0xbffff230, 
    receiver=0x8338858, e=0xbfffedb0) at kernel/qapplication.cpp:2337
#23 0x40721df5 in KApplication::notify(QObject*, QEvent*) ()
   from /usr/kde/cvs/lib/libkdecore.so.4
#24 0x4004900d in QApplication::sendEvent(QObject*, QEvent*) ()
   from /usr/kde/cvs/lib/libkparts.so.2
#25 0x40ba4723 in QEventLoop::activateTimers() (this=0x80d0ce0)
    at kernel/qeventloop_unix.cpp:558
#26 0x40b5575c in QEventLoop::processEvents(unsigned) (this=0x80d0ce0, flags=4)
    at kernel/qeventloop_x11.cpp:389
#27 0x40bd0331 in QEventLoop::enterLoop() (this=0x80d0ce0)
    at kernel/qeventloop.cpp:198
#28 0x40bd024a in QEventLoop::exec() (this=0x80d0ce0)
    at kernel/qeventloop.cpp:145
#29 0x40bb9383 in QApplication::exec() (this=0xbffff230)
    at kernel/qapplication.cpp:2737
#30 0x4182b736 in kdemain () from /usr/kde/cvs/lib/libkdeinit_konqueror.so
#31 0x408a28f6 in kdeinitmain () from /usr/kde/cvs/lib/kde3/konqueror.so
#32 0x0804df31 in strcpy ()
#33 0x0804eec4 in strcpy ()
#34 0x0804f49e in strcpy ()
#35 0x08050451 in strcpy ()
#36 0x4151390c in __libc_start_main () from /lib/libc.so.6
Comment 13 Dirk Mueller 2004-01-13 21:49:12 UTC
Subject: kdelibs/khtml

CVS commit by mueller: 

CCMAIL: 70731-done@bugs.kde.org


  M +5 -0      ChangeLog   1.157
  M +2 -0      css/css_ruleimpl.cpp   1.46


--- kdelibs/khtml/ChangeLog  #1.156:1.157
@@ -1,2 +1,7 @@
+2004-01-13  Dirk Mueller  <mueller@kde.org>
+
+        * css/css_ruleimpl.cpp (CSSMediaRuleImpl): set parent to 0
+        to avoid leak (#70731).
+
 2004-01-13  Germain Garand  <germain@ebooksfrance.org>
 

--- kdelibs/khtml/css/css_ruleimpl.cpp  #1.45:1.46
@@ -254,4 +254,6 @@ CSSMediaRuleImpl::~CSSMediaRuleImpl()
         m_lstMedia->deref();
     }
+    for ( int i = 0; i < m_lstCSSRules->length(); ++i )
+        m_lstCSSRules->item(  i )->setParent(  0 );
     m_lstCSSRules->deref();
 }


Comment 14 Tommi Tervo 2005-10-31 11:11:50 UTC
I'm getting this again with 3.5-svn and Martin too
http://lists.kde.org/?l=kfm-devel&m=113048836627070&w=2

#7  0xb6b4d865 in __assert_fail () from /lib/tls/i686/cmov/libc.so.6
#8  0xb65f497d in khtml::Cache::clear () at loader.cpp:1305
#9  0xb64870a7 in ~KHTMLFactory (this=0x82dacd0) at khtml_factory.cpp:98
#10 0xb6475864 in KHTMLFactory::deref () at khtml_factory.cpp:139
#11 0xb64870b8 in ~KHTMLFactory (this=0x83ecd88) at khtml_factory.cpp:103
#12 0xb783f379 in ~KLibrary (this=0x83f0b08) at klibloader.cpp:131
#13 0xb77cc29c in KLibLoader::close_pending (this=0x828be68, wrap=0x83ef028)
    at klibloader.cpp:516
#14 0xb783ed38 in ~KLibLoader (this=0x828be68) at klibloader.cpp:328
#15 0xb77876d0 in KLibLoader::cleanUp () at klibloader.cpp:298
#16 0xb782a88d in ~KApplication (this=0xbff2ec74) at kapplication.cpp:1610
#17 0xb69d3559 in ~KonquerorApplication (this=0xbff2ec74) at konq_main.h:10
#18 0xb69d2d31 in kdemain (argc=2, argv=0x80743e0) at konq_main.cc:221
#19 0xb76cf70d in kdeinitmain (argc=2, argv=0x80743e0) at konqueror_dummy.cc:
Comment 15 Maksim Orlovich 2005-10-31 14:46:12 UTC
Tommi: I need a URL to fix this (or rather, to fix an instance of this --- this backtrace means an image is getting leaked, could be tons of reasons for that).

*** This bug has been marked as a duplicate of 85057 ***