Bug 223957

Summary: konqueror crashes while requesting info about a friend in facebook
Product: [Applications] konqueror Reporter: Pol <xtekhne>
Component: khtmlAssignee: Konqueror Developers <konq-bugs>
Status: RESOLVED WORKSFORME    
Severity: major CC: groszdanielpub, kon_chr2000-linux, lacsilva, milamby, moose, mtadeunet, ph.fondrillon
Priority: HI    
Version: unspecified   
Target Milestone: ---   
Platform: Ubuntu   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: Result of first valgrind run
Result of second valgrind run

Description Pol 2010-01-23 19:38:02 UTC 
Application: konqueror (4.3.95 (KDE 4.3.95 (KDE 4.4 RC2)))
KDE Platform Version: 4.3.95 (KDE 4.3.95 (KDE 4.4 RC2))
Qt Version: 4.6.0
Operating System: Linux 2.6.31-17-generic i686
Distribution: Ubuntu 9.10

-- Information about the crash:
konqueror crashes while requesting info about a friend in facebook

 -- Backtrace:
Application: Konqueror (konqueror), signal: Aborted
[Current thread is 1 (Thread 0xb7885760 (LWP 3598))]

Thread 3 (Thread 0xb6368b70 (LWP 3669)):
#0  0x00f2d422 in __kernel_vsyscall ()
#1  0x00c21bd3 in __lll_lock_wait_private () at ../nptl/sysdeps/unix/sysv/linux/i386/i686/../i486/lowlevellock.S:95
#2  0x00bb8f57 in _L_lock_9510 () from /lib/tls/i686/cmov/libc.so.6
#3  0x00bb77c6 in *__GI___libc_free (mem=0x8b39ed8) at malloc.c:3714
#4  0x00ac8196 in g_free () from /lib/libglib-2.0.so.0
#5  0x00abf871 in ?? () from /lib/libglib-2.0.so.0
#6  0x02d846fa in ~QEventDispatcherGlib (this=0x8a92b88, __in_chrg=<value optimized out>) at kernel/qeventdispatcher_glib.cpp:361
#7  0x02c55f1a in QThreadPrivate::finish (arg=0x2e6d8b0) at thread/qthread_unix.cpp:280
#8  0x02c563b6 in ~__pthread_cleanup_class (arg=0x2e6d8b0) at /usr/include/pthread.h:535
#9  QThreadPrivate::start (arg=0x2e6d8b0) at thread/qthread_unix.cpp:249
#10 0x0054480e in start_thread (arg=0xb6368b70) at pthread_create.c:300
#11 0x00c148de in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130

Thread 2 (Thread 0xb0796b70 (LWP 6553)):
#0  0x00f2d422 in __kernel_vsyscall ()
#1  0x00c21bd3 in __lll_lock_wait_private () at ../nptl/sysdeps/unix/sysv/linux/i386/i686/../i486/lowlevellock.S:95
#2  0x00bb8f57 in _L_lock_9510 () from /lib/tls/i686/cmov/libc.so.6
#3  0x00bb77c6 in *__GI___libc_free (mem=0xcf4f318) at malloc.c:3714
#4  0x00ac8196 in g_free () from /lib/libglib-2.0.so.0
#5  0x00abf871 in ?? () from /lib/libglib-2.0.so.0
#6  0x02d846fa in ~QEventDispatcherGlib (this=0xce224f8, __in_chrg=<value optimized out>) at kernel/qeventdispatcher_glib.cpp:361
#7  0x02c55f1a in QThreadPrivate::finish (arg=0x998eb50) at thread/qthread_unix.cpp:280
#8  0x02c563b6 in ~__pthread_cleanup_class (arg=0x998eb50) at /usr/include/pthread.h:535
#9  QThreadPrivate::start (arg=0x998eb50) at thread/qthread_unix.cpp:249
#10 0x0054480e in start_thread (arg=0xb0796b70) at pthread_create.c:300
#11 0x00c148de in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130

Thread 1 (Thread 0xb7885760 (LWP 3598)):
[KCrash Handler]
#6  0x00f2d422 in __kernel_vsyscall ()
#7  0x00b724d1 in *__GI_raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#8  0x00b75932 in *__GI_abort () at abort.c:92
#9  0x00ba8ee5 in __libc_message (do_abort=2, fmt=0xc6c578 "*** glibc detected *** %s: %s: 0x%s ***\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:189
#10 0x00bb2ff1 in malloc_printerr (action=<value optimized out>, str=0x6 <Address 0x6 out of bounds>, ptr=0xc15ff10) at malloc.c:6217
#11 0x00bb46f2 in _int_free (av=<value optimized out>, p=<value optimized out>) at malloc.c:4750
#12 0x00bb77cd in *__GI___libc_free (mem=0xc15ff10) at malloc.c:3716
#13 0x002b76f1 in operator delete(void*) () from /usr/lib/libstdc++.so.6
#14 0x018f8bb6 in KJS::IfNode::~IfNode() () from /usr/lib/libkjs.so.4
#15 0x018bb45c in KJS::Node::deref (this=0xc15ff10) at ../../kjs/nodes.cpp:121
#16 0x01915e2c in ~RefPtr (this=0xc15ff30, __in_chrg=<value optimized out>) at ../../kjs/wtf/RefPtr.h:51
#17 ~SourceElementsNode (this=0xc15ff30, __in_chrg=<value optimized out>) at ../../kjs/nodes.h:1153
#18 0x018bb45c in KJS::Node::deref (this=0xc15ff30) at ../../kjs/nodes.cpp:121
#19 0x01915be5 in WTF::RefPtr<KJS::SourceElementsNode>::operator= (this=0xca049d8, __in_chrg=<value optimized out>) at ../../kjs/wtf/RefPtr.h:128
#20 ~ListRefPtr (this=0xca049d8, __in_chrg=<value optimized out>) at ../../kjs/wtf/ListRefPtr.h:44
#21 0x01915e1d in ~SourceElementsNode (this=0xca049c8, __in_chrg=<value optimized out>) at ../../kjs/nodes.h:1153
#22 0x018bb45c in KJS::Node::deref (this=0xca049c8) at ../../kjs/nodes.cpp:121
#23 0x01916c00 in ~RefPtr (this=0xc501980, __in_chrg=<value optimized out>) at ../../kjs/wtf/RefPtr.h:51
#24 ~BlockNode (this=0xc501980, __in_chrg=<value optimized out>) at ../../kjs/nodes.h:795
#25 ~FunctionBodyNode (this=0xc501980, __in_chrg=<value optimized out>) at ../../kjs/nodes.h:1027
#26 0x018bb45c in KJS::Node::deref (this=0xc501980) at ../../kjs/nodes.cpp:121
#27 0x018e7bb1 in ~RefPtr (this=0xaf4a2ce0, __in_chrg=<value optimized out>) at ../../kjs/wtf/RefPtr.h:51
#28 ~FunctionImp (this=0xaf4a2ce0, __in_chrg=<value optimized out>) at ../../kjs/function.cpp:72
#29 0x018b9c67 in KJS::Collector::collect () at ../../kjs/collector.cpp:720
#30 0x018eef27 in KJS::Interpreter::collect () at ../../kjs/interpreter.cpp:743
#31 0x015cd2d5 in KJS::KJSProxyImpl::clear (this=0xbb97650) at ../../khtml/ecma/kjs_proxy.cpp:224
#32 0x01356df7 in KHTMLPart::clear (this=0xb9976e0) at ../../khtml/khtml_part.cpp:1565
#33 0x0135740e in KHTMLPart::begin (this=0xb9976e0, url=..., xOffset=0, yOffset=0) at ../../khtml/khtml_part.cpp:2015
#34 0x013544d7 in KHTMLPart::slotData (this=0xb9976e0, kio_job=0xc0c0298, data=...) at ../../khtml/khtml_part.cpp:1706
#35 0x01378e16 in KHTMLPart::qt_metacall (this=0xb9976e0, _c=QMetaObject::InvokeMetaMethod, _id=19, _a=0xbfa95e54) at ./khtml_part.moc:277
#36 0x02d5d11a in QMetaObject::metacall (object=0xb9976e0, cl=3598, idx=33, argv=0xbfa95e54) at kernel/qmetaobject.cpp:237
#37 0x02d6b89b in QMetaObject::activate (sender=0xc0c0298, m=0x11a32d0, local_signal_index=0, argv=0xbfa95e54) at kernel/qobject.cpp:3294
#38 0x00fef449 in KIO::TransferJob::data (this=0xc0c0298, _t1=0xc0c0298, _t2=...) at ./jobclasses.moc:388
#39 0x00ff22a2 in KIO::TransferJob::slotData (this=0xc0c0298, _data=...) at ../../kio/kio/job.cpp:930
#40 0x00ff5e05 in KIO::TransferJob::qt_metacall (this=0xc0c0298, _c=QMetaObject::InvokeMetaMethod, _id=48, _a=0xbfa95fe8) at ./jobclasses.moc:368
#41 0x02d5d11a in QMetaObject::metacall (object=0xc0c0298, cl=3598, idx=48, argv=0xbfa95fe8) at kernel/qmetaobject.cpp:237
#42 0x02d6b89b in QMetaObject::activate (sender=0xbb1e850, m=0x11a5f44, local_signal_index=0, argv=0xbfa95fe8) at kernel/qobject.cpp:3294
#43 0x010c2083 in KIO::SlaveInterface::data (this=0xbb1e850, _t1=...) at ./slaveinterface.moc:146
#44 0x010c534f in KIO::SlaveInterface::dispatch (this=0xbb1e850, _cmd=100, rawdata=...) at ../../kio/kio/slaveinterface.cpp:163
#45 0x010c2423 in KIO::SlaveInterface::dispatch (this=0xbb1e850) at ../../kio/kio/slaveinterface.cpp:91
#46 0x010b57c8 in KIO::Slave::gotInput (this=0xbb1e850) at ../../kio/kio/slave.cpp:324
#47 0x010b59d3 in KIO::Slave::qt_metacall (this=0xbb1e850, _c=QMetaObject::InvokeMetaMethod, _id=30, _a=0xbfa962cc) at ./slave.moc:82
#48 0x02d5d11a in QMetaObject::metacall (object=0xbb1e850, cl=3598, idx=30, argv=0xbfa962cc) at kernel/qmetaobject.cpp:237
#49 0x02d6b89b in QMetaObject::activate (sender=0xbdca8a8, m=0x11a2820, local_signal_index=0, argv=0x0) at kernel/qobject.cpp:3294
#50 0x00fc0537 in KIO::Connection::readyRead (this=0xbdca8a8) at ./connection.moc:92
#51 0x00fc28de in KIO::ConnectionPrivate::dequeue (this=0xc1da580) at ../../kio/kio/connection.cpp:82
#52 0x00fc2a0e in KIO::Connection::qt_metacall (this=0xbdca8a8, _c=QMetaObject::InvokeMetaMethod, _id=5, _a=0xd059fd0) at ./connection.moc:79
#53 0x02d5d11a in QMetaObject::metacall (object=0xbdca8a8, cl=3598, idx=5, argv=0xd059fd0) at kernel/qmetaobject.cpp:237
#54 0x02d67856 in QMetaCallEvent::placeMetaCall (this=0xc18a458, object=0xbdca8a8) at kernel/qobject.cpp:574
#55 0x02d688ae in QObject::event (this=0xbdca8a8, e=0xc18a458) at kernel/qobject.cpp:1260
#56 0x03a2b19c in QApplicationPrivate::notify_helper (this=0x89c1f20, receiver=0xbdca8a8, e=0xc18a458) at kernel/qapplication.cpp:4242
#57 0x03a31df7 in QApplication::notify (this=0xbfa96d34, receiver=0xbdca8a8, e=0xc18a458) at kernel/qapplication.cpp:3661
#58 0x08399a1a in KApplication::notify (this=0xbfa96d34, receiver=0xbdca8a8, event=0xc18a458) at ../../kdeui/kernel/kapplication.cpp:302
#59 0x02d57eab in QCoreApplication::notifyInternal (this=0xbfa96d34, receiver=0xbdca8a8, event=0xc18a458) at kernel/qcoreapplication.cpp:704
#60 0x02d5a8e3 in QCoreApplication::sendEvent (receiver=0x0, event_type=0, data=0x89aa340) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:215
#61 QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x89aa340) at kernel/qcoreapplication.cpp:1345
#62 0x02d5aa4d in QCoreApplication::sendPostedEvents (receiver=0x0, event_type=0) at kernel/qcoreapplication.cpp:1238
#63 0x02d840df in QCoreApplication::sendPostedEvents (s=0x89c42c0) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:220
#64 postEventSourceDispatch (s=0x89c42c0) at kernel/qeventdispatcher_glib.cpp:276
#65 0x00abfe88 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#66 0x00ac3730 in ?? () from /lib/libglib-2.0.so.0
#67 0x00ac3863 in g_main_context_iteration () from /lib/libglib-2.0.so.0
#68 0x02d83bd5 in QEventDispatcherGlib::processEvents (this=0x89aa518, flags=...) at kernel/qeventdispatcher_glib.cpp:407
#69 0x03ae8b75 in QGuiEventDispatcherGlib::processEvents (this=0x89aa518, flags=...) at kernel/qguieventdispatcher_glib.cpp:202
#70 0x02d564c9 in QEventLoop::processEvents (this=0xbfa96b14, flags=) at kernel/qeventloop.cpp:149
#71 0x02d5691a in QEventLoop::exec (this=0xbfa96b14, flags=...) at kernel/qeventloop.cpp:201
#72 0x02d5ab0f in QCoreApplication::exec () at kernel/qcoreapplication.cpp:981
#73 0x03a2b237 in QApplication::exec () at kernel/qapplication.cpp:3570
#74 0x0093772e in kdemain (argc=3, argv=0xbfa97064) at ../../../../apps/konqueror/src/konqmain.cpp:271
#75 0x080485cb in main (argc=3, argv=0xbfa97064) at konqueror_dummy.cpp:3

Possible duplicates by query: bug 223723, bug 220452, bug 205967, bug 178348, bug 163538.

Reported using DrKonqi
Comment 1 Maksim Orlovich 2010-02-16 15:59:38 UTC 
*** Bug 227104 has been marked as a duplicate of this bug. ***
Comment 2 Maksim Orlovich 2010-05-16 17:36:44 UTC 
*** Bug 221844 has been marked as a duplicate of this bug. ***
Comment 3 Maksim Orlovich 2010-05-16 17:36:56 UTC 
*** Bug 234917 has been marked as a duplicate of this bug. ***
Comment 4 Maksim Orlovich 2010-05-16 17:39:25 UTC 
*** Bug 237729 has been marked as a duplicate of this bug. ***
Comment 5 Maksim Orlovich 2010-05-16 17:39:51 UTC 
*** Bug 230501 has been marked as a duplicate of this bug. ***
Comment 6 Maksim Orlovich 2010-05-16 17:41:42 UTC 
*** Bug 222680 has been marked as a duplicate of this bug. ***
Comment 7 Maksim Orlovich 2010-05-16 17:42:25 UTC 
*** Bug 208926 has been marked as a duplicate of this bug. ***
Comment 8 Maksim Orlovich 2010-05-16 17:42:34 UTC 
*** Bug 237825 has been marked as a duplicate of this bug. ***
Comment 9 Maksim Orlovich 2010-05-16 17:44:07 UTC 
*** Bug 230614 has been marked as a duplicate of this bug. ***
Comment 10 Maksim Orlovich 2010-05-16 19:50:01 UTC 
OK, it's pretty clear we have an issue here, but I can't seem to get it to trigger myself, and running through facebook in valgrind comes up clean.
Any ideas on how to get this crash to trigger semi-consistently would be helpful.
Comment 11 Luis Silva 2010-05-17 11:30:33 UTC 
Hi. I can reproduce this bug and probably provide you with the information you need. How should I run konqueror through valgrind (what parameters?) and where should I send the resulting output results?
Comment 12 Maksim Orlovich 2010-05-17 16:15:43 UTC 
First, it would likely help the most if you could tell me how to reproduce it reliably.... since there is garbage collection involved even valgrind might not be able to help by itself..

But anyway, 
valgrind --num-callers=50 konqueror http://whatever &>log, and then attach it here.
Comment 13 Luis Silva 2010-05-25 00:32:42 UTC 
Created attachment 43860 [details]
Result of first valgrind run
Comment 14 Luis Silva 2010-05-25 00:33:58 UTC 
Created attachment 43861 [details]
Result of second valgrind run
Comment 15 Luis Silva 2010-05-25 00:34:14 UTC 
Ok! After hours of facebook I finally managed to reproduce the bug. The behavior is very erratic so I couldn't find a reliable way to reproduce it unless spending lots of time in facebook and crossing fingers.

I'm posting two different valgrind logs which I hope might help. The first one was produced by:
valgrind --num-callers=50 konqueror http://facebook.com  2&> konqueror.log

Following the suggestions from the end of the first log I rerun a second time like so:
valgrind --num-callers=50 --track-origins=yes --leak-check=full -v konqueror http://facebook.com  2&> konqueror2.log

I did a lot of opening and closing tabs.

If you need me to run more targeted tests, I'll be happy to do so. Just tell me how.
Comment 16 Maksim Orlovich 2010-05-30 22:19:30 UTC 
Thanks. The first log is clean, but the second one reveals a bug. I doubt that that bug is what's underlying this report (I suspect it shows up only because of the slowdown caused by valgrind), but I won't know for sure until I've figured out why it occurs...
Comment 17 Andrew Crouthamel 2018-11-06 15:17:30 UTC 
Dear Bug Submitter,

This bug has been stagnant for a long time. Could you help us out and re-test if the bug is valid in the latest version? I am setting the status to NEEDSINFO pending your response, please change the Status back to REPORTED when you respond.

Thank you for helping us make KDE software even better for everyone!
Comment 18 Andrew Crouthamel 2018-11-18 03:26:35 UTC 
Dear Bug Submitter,

This is a reminder that this bug has been stagnant for a long time. Could you help us out and re-test if the bug is valid in the latest version? This bug will be moved back to REPORTED Status for manual review later, which may take a while. If you are able to, please lend us a hand.

Thank you for helping us make KDE software even better for everyone!
Comment 19 Justin Zobel 2022-12-20 07:49:57 UTC 
Thank you for reporting this issue in KDE software. As it has been a while since this issue was reported, can we please ask you to see if you can reproduce the issue with a recent software version?

If you can reproduce the issue, please change the status to "REPORTED" when replying. Thank you!
Comment 20 Bug Janitor Service 2023-01-04 05:24:31 UTC 
Dear Bug Submitter,

This bug has been in NEEDSINFO status with no change for at least
15 days. Please provide the requested information as soon as
possible and set the bug status as REPORTED. Due to regular bug
tracker maintenance, if the bug is still in NEEDSINFO status with
no change in 30 days the bug will be closed as RESOLVED > WORKSFORME
due to lack of needed information.

For more information about our bug triaging procedures please read the
wiki located here:
https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

If you have already provided the requested information, please
mark the bug as REPORTED so that the KDE team knows that the bug is
ready to be confirmed.

Thank you for helping us make KDE software even better for everyone!
Comment 21 Bug Janitor Service 2023-01-19 05:14:56 UTC 
This bug has been in NEEDSINFO status with no change for at least
30 days. The bug is now closed as RESOLVED > WORKSFORME
due to lack of needed information.

For more information about our bug triaging procedures please read the
wiki located here:
https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

Thank you for helping us make KDE software even better for everyone!