Bug 230501

Summary: Facebook Logout Crashes Konqueror
Product: [Applications] konqueror Reporter: Chris Espy <kon_chr2000-linux>
Component: generalAssignee: Konqueror Developers <konq-bugs>
Status: RESOLVED DUPLICATE    
Severity: crash CC: maksim
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Unlisted Binaries   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: Output from valgrind.

Description Chris Espy 2010-03-12 22:14:04 UTC 
Application that crashed: konqueror
Version of the application: 4.3.5 (KDE 4.3.5)
KDE Version: 4.3.5 (KDE 4.3.5)
Qt Version: 4.5.2
Operating System: Linux 2.6.31-20-generic x86_64
Distribution: Ubuntu 9.10

What I was doing when the application crashed:
I was logged into facebook only for a few minutes and then logged out, causing Konqueror to crash. No other tabs were open at the time. This is 100% reproduceable.

 -- Backtrace:
Application: Konqueror (kdeinit4), signal: Aborted
The current source language is "auto; currently c".
[Current thread is 1 (Thread 0x7f480c77c750 (LWP 5311))]

Thread 2 (Thread 0x7f47ff462910 (LWP 5312)):
#0  __lll_lock_wait_private () at ../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:97
#1  0x00007f4809aa7b11 in _L_lock_9274 () from /lib/libc.so.6
#2  0x00007f4809aa5741 in *__GI___libc_free (mem=0x7f4809d95e40) at malloc.c:3714
#3  0x00007f480917b4f3 in ?? () from /lib/libglib-2.0.so.0
#4  0x00007f480c2c9db3 in ~QEventDispatcherGlib (this=0x135a6c0, __in_chrg=<value optimized out>) at kernel/qeventdispatcher_glib.cpp:300
#5  0x00007f480c1ba5fc in QThreadPrivate::finish (arg=<value optimized out>) at thread/qthread_unix.cpp:212
#6  0x00007f480c1ba44d in ~__pthread_cleanup_class (arg=0x12d4a60) at /usr/include/pthread.h:535
#7  QThreadPrivate::start (arg=0x12d4a60) at thread/qthread_unix.cpp:190
#8  0x00007f4808f2aa04 in start_thread (arg=<value optimized out>) at pthread_create.c:300
#9  0x00007f4809b0a80d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#10 0x0000000000000000 in ?? ()

Thread 1 (Thread 0x7f480c77c750 (LWP 5311)):
[KCrash Handler]
#5  0x00007f4809a5e4b5 in *__GI_raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#6  0x00007f4809a61f50 in *__GI_abort () at abort.c:92
#7  0x00007f4809a96c97 in __libc_message (do_abort=<value optimized out>, fmt=<value optimized out>) at ../sysdeps/unix/sysv/linux/libc_fatal.c:189
#8  0x00007f4809aa0dd6 in malloc_printerr (action=3, str=0x7f4809b626f8 "free(): invalid next size (fast)", ptr=<value optimized out>) at malloc.c:6217
#9  0x00007f4809aa574c in *__GI___libc_free (mem=<value optimized out>) at malloc.c:3716
#10 0x00007f47f5b807dc in KJS::FunctionCallReferenceNode::~FunctionCallReferenceNode() () from /usr/lib/libkjs.so.4
#11 0x00007f47f5b63e8c in KJS::AssignExprNode::~AssignExprNode() () from /usr/lib/libkjs.so.4
#12 0x00007f47f5b6488c in KJS::VarDeclNode::~VarDeclNode() () from /usr/lib/libkjs.so.4
#13 0x00007f47f5b802cc in ~RefPtr (this=0x71465a0, __in_chrg=<value optimized out>) at ../../kjs/wtf/RefPtr.h:51
#14 ~VarDeclListNode (this=0x71465a0, __in_chrg=<value optimized out>) at ../../kjs/nodes.h:765
#15 0x00007f47f5b63b3c in KJS::VarStatementNode::~VarStatementNode() () from /usr/lib/libkjs.so.4
#16 0x00007f47f5b80465 in KJS::SourceElementsNode::~SourceElementsNode() () from /usr/lib/libkjs.so.4
#17 0x00007f47f5b80224 in WTF::RefPtr<KJS::SourceElementsNode>::operator= (this=0x2372f98, __in_chrg=<value optimized out>) at ../../kjs/wtf/RefPtr.h:128
#18 ~ListRefPtr (this=0x2372f98, __in_chrg=<value optimized out>) at ../../kjs/wtf/ListRefPtr.h:44
#19 0x00007f47f5b80457 in KJS::SourceElementsNode::~SourceElementsNode() () from /usr/lib/libkjs.so.4
#20 0x00007f47f5b63bbc in KJS::BlockNode::~BlockNode() () from /usr/lib/libkjs.so.4
#21 0x00007f47f5b8085c in KJS::ForNode::~ForNode() () from /usr/lib/libkjs.so.4
#22 0x00007f47f5b80465 in KJS::SourceElementsNode::~SourceElementsNode() () from /usr/lib/libkjs.so.4
#23 0x00007f47f5b80224 in WTF::RefPtr<KJS::SourceElementsNode>::operator= (this=0x240c788, __in_chrg=<value optimized out>) at ../../kjs/wtf/RefPtr.h:128
#24 ~ListRefPtr (this=0x240c788, __in_chrg=<value optimized out>) at ../../kjs/wtf/ListRefPtr.h:44
#25 0x00007f47f5b80457 in KJS::SourceElementsNode::~SourceElementsNode() () from /usr/lib/libkjs.so.4
#26 0x00007f47f5b80dfc in KJS::FunctionBodyNode::~FunctionBodyNode() () from /usr/lib/libkjs.so.4
#27 0x00007f47f5b551c8 in ~RefPtr (this=0x7f47f175aa00, __in_chrg=<value optimized out>) at ../../kjs/wtf/RefPtr.h:51
#28 ~FunctionImp (this=0x7f47f175aa00, __in_chrg=<value optimized out>) at ../../kjs/function.cpp:72
#29 0x00007f47f5b2ae2b in KJS::Collector::collect () at ../../kjs/collector.cpp:720
#30 0x00007f47f62149ad in KJS::KJSProxyImpl::clear (this=0x1af1320) at ../../khtml/ecma/kjs_proxy.cpp:224
#31 0x00007f47f5fb4eb2 in KHTMLPart::clear (this=0x25614f0) at ../../khtml/khtml_part.cpp:1563
#32 0x00007f47f5fb54dc in KHTMLPart::begin (this=0x25614f0, url=..., xOffset=0, yOffset=0) at ../../khtml/khtml_part.cpp:2013
#33 0x00007f47f5fb26c8 in KHTMLPart::slotData (this=0x25614f0, kio_job=<value optimized out>, data=...) at ../../khtml/khtml_part.cpp:1704
#34 0x00007f47f5fda4b8 in KHTMLPart::qt_metacall (this=0x25614f0, _c=QMetaObject::InvokeMetaMethod, _id=<value optimized out>, _a=0x7fff63d4ac50) at ./khtml_part.moc:271
#35 0x00007f480c2b5ddc in QMetaObject::activate (sender=0x68fa920, from_signal_index=<value optimized out>, to_signal_index=<value optimized out>, argv=0xffffffffffffffff) at kernel/qobject.cpp:3113
#36 0x00007f480b36f684 in KIO::TransferJob::data (this=0x14bf, _t1=0x68fa920, _t2=<value optimized out>) at ./jobclasses.moc:364
#37 0x00007f480b374f86 in KIO::TransferJob::qt_metacall (this=0x68fa920, _c=QMetaObject::InvokeMetaMethod, _id=<value optimized out>, _a=0x7fff63d4ad90) at ./jobclasses.moc:344
#38 0x00007f480c2b5ddc in QMetaObject::activate (sender=0x2302610, from_signal_index=<value optimized out>, to_signal_index=<value optimized out>, argv=0xffffffffffffffff) at kernel/qobject.cpp:3113
#39 0x00007f480b434732 in KIO::SlaveInterface::data (this=0x14bf, _t1=<value optimized out>) at ./slaveinterface.moc:140
#40 0x00007f480b438278 in KIO::SlaveInterface::dispatch (this=0x2302610, _cmd=100, rawdata=...) at ../../kio/kio/slaveinterface.cpp:163
#41 0x00007f480b4349f3 in KIO::SlaveInterface::dispatch (this=0x2302610) at ../../kio/kio/slaveinterface.cpp:91
#42 0x00007f480b42776d in KIO::Slave::gotInput (this=0x2302610) at ../../kio/kio/slave.cpp:323
#43 0x00007f480b42992c in KIO::Slave::qt_metacall (this=0x2302610, _c=QMetaObject::InvokeMetaMethod, _id=<value optimized out>, _a=0x7fff63d4b120) at ./slave.moc:76
#44 0x00007f480c2b5ddc in QMetaObject::activate (sender=0x31620d0, from_signal_index=<value optimized out>, to_signal_index=<value optimized out>, argv=0xffffffffffffffff) at kernel/qobject.cpp:3113
#45 0x00007f480b343287 in KIO::ConnectionPrivate::dequeue (this=0x3282eb0) at ../../kio/kio/connection.cpp:82
#46 0x00007f480b3433ad in KIO::Connection::qt_metacall (this=0x31620d0, _c=QMetaObject::InvokeMetaMethod, _id=<value optimized out>, _a=0x35dc4b0) at ./connection.moc:73
#47 0x00007f480c2b00f9 in QObject::event (this=0x31620d0, e=0x2f382f0) at kernel/qobject.cpp:1111
#48 0x00007f480a24aefc in QApplicationPrivate::notify_helper (this=0x12d0830, receiver=0x31620d0, e=0x2f382f0) at kernel/qapplication.cpp:4056
#49 0x00007f480a2521ce in QApplication::notify (this=0x7fff63d4bc20, receiver=0x31620d0, e=0x2f382f0) at kernel/qapplication.cpp:4021
#50 0x00007f480ae81f46 in KApplication::notify (this=0x7fff63d4bc20, receiver=0x31620d0, event=0x2f382f0) at ../../kdeui/kernel/kapplication.cpp:302
#51 0x00007f480c2a0c2c in QCoreApplication::notifyInternal (this=0x7fff63d4bc20, receiver=0x31620d0, event=0x2f382f0) at kernel/qcoreapplication.cpp:610
#52 0x00007f480c2a180a in QCoreApplication::sendEvent (receiver=0x0, event_type=<value optimized out>, data=0x12364d0) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:213
#53 QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=<value optimized out>, data=0x12364d0) at kernel/qcoreapplication.cpp:1247
#54 0x00007f480c2c9533 in QCoreApplication::sendPostedEvents (s=<value optimized out>) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:218
#55 postEventSourceDispatch (s=<value optimized out>) at kernel/qeventdispatcher_glib.cpp:210
#56 0x00007f480917bbce in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#57 0x00007f480917f598 in ?? () from /lib/libglib-2.0.so.0
#58 0x00007f480917f6c0 in g_main_context_iteration () from /lib/libglib-2.0.so.0
#59 0x00007f480c2c91a6 in QEventDispatcherGlib::processEvents (this=0x1239040, flags=<value optimized out>) at kernel/qeventdispatcher_glib.cpp:327
#60 0x00007f480a2df4be in QGuiEventDispatcherGlib::processEvents (this=0x14bf, flags=<value optimized out>) at kernel/qguieventdispatcher_glib.cpp:202
#61 0x00007f480c29f532 in QEventLoop::processEvents (this=<value optimized out>, flags=) at kernel/qeventloop.cpp:149
#62 0x00007f480c29f904 in QEventLoop::exec (this=0x7fff63d4ba20, flags=) at kernel/qeventloop.cpp:201
#63 0x00007f480c2a1ab9 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:888
#64 0x00007f48019efb06 in kdemain (argc=<value optimized out>, argv=<value optimized out>) at ../../../../apps/konqueror/src/konqmain.cpp:271
#65 0x0000000000406da8 in launch (argc=2, _name=<value optimized out>, args=<value optimized out>, cwd=<value optimized out>, envc=16, envs=<value optimized out>, reset_env=false, tty=0x0, 
    avoid_loops=false, startup_id_str=0x128b954 "Farnsworth;1268425098;978839;2039_TIME50563181") at ../../kinit/kinit.cpp:677
#66 0x0000000000407aa0 in handle_launcher_request (sock=7, who=<value optimized out>) at ../../kinit/kinit.cpp:1169
#67 0x0000000000407f51 in handle_requests (waitForPid=0) at ../../kinit/kinit.cpp:1362
#68 0x0000000000408bb2 in main (argc=2, argv=<value optimized out>, envp=<value optimized out>) at ../../kinit/kinit.cpp:1793
The current source language is "auto; currently asm".
The current source language is "auto; currently c".

Reported using DrKonqi
Comment 1 Maksim Orlovich 2010-03-13 17:32:09 UTC 
Hi... Thanks a lot for the report. There were a couple of other reports of crashes on facebook, but none had clues on how to reproduce it. Unfortunately, your way doesn't trigger the crash for me...

As such, it would be helpful if you could try reproducing it in valgrind, e.g.:
valgrind --num-callers=50 konqueror &> log, try to get the crash, and see if it outputs something interesting (lines starting with ==) to the log....
Comment 2 Chris Espy 2010-03-13 19:20:07 UTC 
Created attachment 41598 [details]
Output from valgrind.
Comment 3 Maksim Orlovich 2010-03-13 20:29:25 UTC 
The bug in your valgrind trace should be fixed in 4.4... but it seems potentially different from what your original backtrace suggested (though malloc stuff may get enough of a delayed failure to produce confusion..)
Comment 4 Maksim Orlovich 2010-05-16 17:39:51 UTC 

*** This bug has been marked as a duplicate of bug 223957 ***