Bug 156172 - konqueror crashes on close, reproducably and while editing wikipedia
Summary: konqueror crashes on close, reproducably and while editing wikipedia
Status: RESOLVED DUPLICATE of bug 151453
Alias: None
Product: konqueror
Classification: Unclassified
Component: general (show other bugs)
Version: SVN
Platform: unspecified Linux
: NOR crash with 40 votes (vote)
Target Milestone: ---
Assignee: Konqueror Developers
URL:
Keywords:
: 153636 160036 163540 163663 165371 166637 166664 167616 (view as bug list)
Depends on:
Blocks:
 
Reported: 2008-01-19 15:01 UTC by Marcel Partap
Modified: 2008-08-11 23:54 UTC (History)
17 users (show)

See Also:
Latest Commit:
Version Fixed In:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcel Partap 2008-01-19 15:01:39 UTC
Version:           4.00.80 (KDE 4.0.80 >= 20080104) (using 4.00.80 (KDE 4.0.80 >= 20080104), Gentoo)
Compiler:          x86_64-pc-linux-gnu-gcc
OS:                Linux (x86_64) release 2.6.24-rc7-git2

I experienced this with http://doom.wikia.com/wiki/Image:All_SS_E1M1.png, but it seems it can be reproduced with any site. Open konqueror, load a website. Only time crash does not occur is when you don't scroll or move the mouse around, presumably. Do something and close the window -> crash. Here's my bt, hope this helps:
Using host libthread_db library "/lib/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread 0x2ba426570bc0 (LWP 8849)]
[KCrash handler]
#5  0x00002ba424fde185 in *__GI_raise (sig=<value optimized out>)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#6  0x00002ba424fdf630 in *__GI_abort () at abort.c:88
#7  0x00002ba424fd777f in *__GI___assert_fail (
    assertion=0x2ba42cae4b61 "!s_refcnt",
    file=0x2ba42cae4ab8 "/var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/khtml_global.cpp", line=244,
    function=0x2ba42cae4ce0 "static void KHTMLGlobal::finalCheck()")
    at assert.c:78
#8  0x00002ba42c8ef335 in KHTMLGlobal::finalCheck ()
   from /usr/kde/svn/lib64/libkhtml.so.5
#9  0x00002aaaaacb4829 in ?? ()
   from /mnt/bigtwo/usr-kde-svn/lib64/kde4/libkhtmlpart.so
#10 0x00002ba422b260f8 in QObjectCleanupHandler::clear (this=0x97b0d0)
    at kernel/qobjectcleanuphandler.cpp:133
#11 0x00002ba422b26184 in ~QObjectCleanupHandler (this=0x2291)
    at kernel/qobjectcleanuphandler.cpp:79
#12 0x00002ba424fe0b8e in *__GI_exit (status=0) at exit.c:75
#13 0x00002ba424fcb1fb in __libc_start_main (
    main=0x400a20 <__libc_start_main@plt+216>, argc=2, ubp_av=0x7fff8c474118,
    init=<value optimized out>, fini=<value optimized out>,
    rtld_fini=<value optimized out>, stack_end=0x7fff8c474108)
    at libc-start.c:259
#14 0x0000000000400989 in _start ()
#0  0x00002ba425044c41 in nanosleep () from /lib64/libc.so.6
Comment 1 Maksim Orlovich 2008-01-19 17:08:56 UTC
Aha. Thank you. It's very helpful to help a URL for one of those.
(I definitely can't trigger this everywhere, though)
Comment 2 Marcel Partap 2008-01-19 18:10:39 UTC
well it's a bit strange, it almost always happens on 'young' windows, often on 'old' ones aswell but not all the time...?!
I am just svn'in up and will report back with latest konqui ;)
Comment 3 Oliver Putz 2008-01-26 00:42:57 UTC
I can reproduce this bug on http://www.applegazette.com/wwdc/speculation-7-predictions-for-wwdc-2007/ with kdebase r765071. I'll include a GDB backtrace and an (apparently not too useful)  Valgrind log.

GDB:
Starting program: /usr/kde/svn/bin/konqueror 
[Thread debugging using libthread_db enabled]
[New Thread 0xb636aa10 (LWP 26739)]

Program received signal SIGABRT, Aborted.
[Switching to Thread 0xb636aa10 (LWP 26739)]
0xffffe410 in __kernel_vsyscall ()
#0  0xffffe410 in __kernel_vsyscall ()
#1  0xb658c1f1 in *__GI_raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#2  0xb658d9b8 in *__GI_abort () at abort.c:88
#3  0xb65857d5 in *__GI___assert_fail (assertion=0xb4a80e99 "!s_refcnt", 
    file=0xb4a80df4 "/var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/khtml_global.cpp", line=244, 
    function=0xb4a81020 "static void KHTMLGlobal::finalCheck()") at assert.c:78
#4  0xb4824f77 in KHTMLGlobal::finalCheck ()
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/khtml_global.cpp:244
#5  0xb2e41305 in ~KHTMLFactory (this=0x8431948)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/khtml_factory.cpp:35
#6  0xb728456d in QObjectCleanupHandler::clear (this=0x8226ff0) at kernel/qobjectcleanuphandler.cpp:133
#7  0xb7284600 in ~QObjectCleanupHandler (this=0x8226ff0) at kernel/qobjectcleanuphandler.cpp:79
#8  0xb7b4be1b in destroy ()
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/kdecore/util/kpluginfactory.cpp:29
#9  0xb7a2edbb in ~KCleanUpGlobalStatic (this=0xb7b84554)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/kdecore/kernel/kglobal.h:65
#10 0xb7b4bd80 in __tcf_0 ()
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/kdecore/util/kpluginfactory.cpp:29
#11 0xb658edbc in *__GI_exit (status=0) at exit.c:75
#12 0xb6578fe4 in __libc_start_main (main=0x80487c0 <main>, argc=1, ubp_av=0xbfa06794, init=0x8048810 <__libc_csu_init>, 
    fini=0x8048800 <__libc_csu_fini>, rtld_fini=0xb7f00100 <_dl_fini>, stack_end=0xbfa0678c) at libc-start.c:261
#13 0x08048731 in _start ()


Valgrind:
==26875== Memcheck, a memory error detector.
==26875== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==26875== Using LibVEX rev 1732, a library for dynamic binary translation.
==26875== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==26875== Using valgrind-3.2.3, a dynamic binary instrumentation framework.
==26875== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==26875== For more details, rerun with: -v
==26875== 
==26875== My PID = 26875, parent PID = 26783.  Prog and args are:
==26875==    konqueror
==26875== 
==26875== Conditional jump or move depends on uninitialised value(s)
==26875==    at 0x400A9B5: _dl_relocate_object (do-rel.h:65)
==26875==    by 0x400454C: dl_main (rtld.c:2214)
==26875==    by 0x4013C45: _dl_sysdep_start (dl-sysdep.c:239)
==26875==    by 0x400124E: _dl_start (rtld.c:327)
==26875==    by 0x40008A6: (within /lib/ld-2.6.1.so)
==26875== 
==26875== Conditional jump or move depends on uninitialised value(s)
==26875==    at 0x400A9BD: _dl_relocate_object (do-rel.h:68)
==26875==    by 0x400454C: dl_main (rtld.c:2214)
==26875==    by 0x4013C45: _dl_sysdep_start (dl-sysdep.c:239)
==26875==    by 0x400124E: _dl_start (rtld.c:327)
==26875==    by 0x40008A6: (within /lib/ld-2.6.1.so)
==26875== 
==26875== Conditional jump or move depends on uninitialised value(s)
==26875==    at 0x400B053: _dl_relocate_object (do-rel.h:104)
==26875==    by 0x400454C: dl_main (rtld.c:2214)
==26875==    by 0x4013C45: _dl_sysdep_start (dl-sysdep.c:239)
==26875==    by 0x400124E: _dl_start (rtld.c:327)
==26875==    by 0x40008A6: (within /lib/ld-2.6.1.so)
==26875== 
==26875== Conditional jump or move depends on uninitialised value(s)
==26875==    at 0x400AAF3: _dl_relocate_object (do-rel.h:117)
==26875==    by 0x400454C: dl_main (rtld.c:2214)
==26875==    by 0x4013C45: _dl_sysdep_start (dl-sysdep.c:239)
==26875==    by 0x400124E: _dl_start (rtld.c:327)
==26875==    by 0x40008A6: (within /lib/ld-2.6.1.so)
==26875== 
==26875== Conditional jump or move depends on uninitialised value(s)
==26875==    at 0x400A9B5: _dl_relocate_object (do-rel.h:65)
==26875==    by 0x4004169: dl_main (rtld.c:2284)
==26875==    by 0x4013C45: _dl_sysdep_start (dl-sysdep.c:239)
==26875==    by 0x400124E: _dl_start (rtld.c:327)
==26875==    by 0x40008A6: (within /lib/ld-2.6.1.so)
==26875== 
==26875== Conditional jump or move depends on uninitialised value(s)
==26875==    at 0x400A9BD: _dl_relocate_object (do-rel.h:68)
==26875==    by 0x4004169: dl_main (rtld.c:2284)
==26875==    by 0x4013C45: _dl_sysdep_start (dl-sysdep.c:239)
==26875==    by 0x400124E: _dl_start (rtld.c:327)
==26875==    by 0x40008A6: (within /lib/ld-2.6.1.so)
==26875== 
==26875== Conditional jump or move depends on uninitialised value(s)
==26875==    at 0x400AAF3: _dl_relocate_object (do-rel.h:117)
==26875==    by 0x4004169: dl_main (rtld.c:2284)
==26875==    by 0x4013C45: _dl_sysdep_start (dl-sysdep.c:239)
==26875==    by 0x400124E: _dl_start (rtld.c:327)
==26875==    by 0x40008A6: (within /lib/ld-2.6.1.so)
==26875== 
==26875== Source and destination overlap in mempcpy(0x6248C18, 0x6248C18, 21)
==26875==    at 0x4021E3A: (within /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==26875==    by 0x4022781: mempcpy (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==26875==    by 0x58E51D2: _IO_default_xsputn (genops.c:463)
==26875==    by 0x58C021E: vfprintf (vfprintf.c:1568)
==26875==    by 0x58D9CBA: vsprintf (iovsprintf.c:43)
==26875==    by 0x58C5ADD: sprintf (sprintf.c:34)
==26875==    by 0x4970942: parse_fontdata (omGeneric.c:618)
==26875==    by 0x4970AE2: parse_vw (omGeneric.c:1095)
==26875==    by 0x4971301: create_oc (omGeneric.c:1233)
==26875==    by 0x4930C0A: XCreateOC (OCWrap.c:53)
==26875==    by 0x49270A9: XCreateFontSet (FSWrap.c:185)
==26875==    by 0x551969D: getFontSet(QFont const&) (qximinputcontext_x11.cpp:319)
==26875== 
==26875== Conditional jump or move depends on uninitialised value(s)
==26875==    at 0x4B68212: (within /lib/libz.so.1.2.3)
==26875== 
==26875== ERROR SUMMARY: 24 errors from 9 contexts (suppressed: 21 from 3)
==26875== malloc/free: in use at exit: 5,721,930 bytes in 49,273 blocks.
==26875== malloc/free: 1,356,237 allocs, 1,306,964 frees, 213,944,554 bytes allocated.
==26875== For counts of detected errors, rerun with: -v
==26875== searching for pointers to 49,273 not-freed blocks.
==26875== checked 46,366,004 bytes.
==26875== 
==26875== LEAK SUMMARY:
==26875==    definitely lost: 15,936 bytes in 220 blocks.
==26875==      possibly lost: 84,040 bytes in 1,898 blocks.
==26875==    still reachable: 5,621,954 bytes in 47,155 blocks.
==26875==         suppressed: 0 bytes in 0 blocks.
==26875== Rerun with --leak-check=full to see details of leaked memory.
Comment 4 Marcel Partap 2008-01-29 11:51:26 UTC
mhhh I thought this might just be a temporary fix and wanted to close after svning up and a recompile.. however todays svn still crashes on both supplied test case URLs. Backtrace hasn't changed except mem addresses so not reposting that.
Comment 5 Marcel Partap 2008-02-09 17:54:22 UTC
the source of this seems to be some race condition because it does not always happen... somehow the DOM is not cleared in time, here's a debug log:
konqueror(16462) KonqMainWindow::closeEvent: KonqMainWindow::closeEvent begin
konqueror(16462) KonqViewManager::clear: KonqViewManager::clear
konqueror(16462) KonqMainWindow::setLocationBarURL: KonqMainWindow::setLocationBarURL: url =  "http://doom.wikia.com/wiki/Image:All_SS_E1M1.png"
konqueror(16462)/kparts KParts::PartManager::setActivePart: KonqViewManager(0x763800)  emitting activePartChanged  QObject(0x0)
konqueror(16462) KonqMainWindow::slotPartActivated: KonqMainWindow::slotPartActivated  QObject(0x0)    ""
konqueror(16462) KonqMainWindow::slotPartActivated: KonqMainWindow::slotPartActivated: New current view  QObject(0x0)
konqueror(16462) KonqMainWindow::slotPartActivated: KonqMainWindow::slotPartActivated: No part activated - returning
konqueror(16462)/kparts KParts::MainWindow::createGUI: MainWindow::createGUI, part= QObject(0x0)       ""
konqueror(16462)/kparts KParts::MainWindow::createGUI: deactivating GUI for  KHTMLPart(0xd03ea0)   KHTMLPart   ""
konqueror(16462) KonqViewManager::clear: 1  items
konqueror(16462) KonqMainWindow::removeChildView: Removing view  KonqView(0xadfe40)
konqueror(16462) KonqMainWindow::removeChildView: View  KonqView(0xadfe40)  removed from map
konqueror(16462) KonqMainWindow::dumpViewList: 0  views:
konqueror(16462) KonqViewManager::clear: Deleting  KonqView(0xadfe40)
konqueror(16462)/khtml (part) KHTMLPart::~KHTMLPart: KHTMLPart(0xd03ea0)
konqueror(16462)/kparts KParts::PartManager::setActivePart: KParts::PartManager(0xbf8580, name = "khtml part manager")  emitting activePartChanged  QObject(0x0)
konqueror(16462)/khtml (part) KHTMLPart::~KHTMLPart: KHTMLPart(0x15fc840, name = "<!--frame 1-->")
konqueror(16462)/kparts KParts::PartManager::setActivePart: KParts::PartManager(0x16fddb0, name = "khtml part manager")  emitting activePartChanged  QObject(0x0)
konqueror(16462)/khtml (part) KHTMLPart::~KHTMLPart: KHTMLPart(0x18c5d30, name = "google_ads_frame")
konqueror(16462)/kparts KParts::PartManager::setActivePart: KParts::PartManager(0x1984560, name = "khtml part manager")  emitting activePartChanged  QObject(0x0)
konqueror(16462)/kparts KParts::Part::~Part: deleting widget  KHTMLView(0x1939b70)   ""
konqueror(16462)/kparts KParts::Part::~Part: deleting widget  KHTMLView(0x13c1a40)   ""
konqueror(16462) KonqViewManager::removePart: KonqViewManager::removePart (  KParts::Part(0xd03ea0)  )
konqueror(16462) KonqViewManager::removePart: KonqViewManager::removePart (  KParts::Part(0xd03ea0)  ) done
konqueror(16462)/kparts KParts::Part::~Part: deleting widget  KHTMLView(0xd2cd40)   ""
konqueror(16462) KonqMainWindow::checkPreloadResourceUsage: Running from tty, not keeping for preloading
konqueror(16462) KonqMainWindow::closeEvent: KonqMainWindow::closeEvent end
konqueror(16462) KonqViewManager::clear: KonqViewManager::clear
konqueror(16462) KonqMainWindow::checkPreloadResourceUsage: Running from tty, not keeping for preloading
konqueror(16462) KonqViewManager::clear: KonqViewManager::clear
konqueror(16462)/khtml KHTMLFactory::~KHTMLFactory: KHTMLFactory(0xd028a0)
konqueror(16462)/khtml KHTMLGlobal::finalCheck: 1 docs not deleted 
konqueror(16462)/khtml KHTMLGlobal::finalCheck: Document DOM::HTMLDocumentImpl(0xbe2120) wasn't deleted 
konqueror: /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/khtml_global.cpp:244: static void KHTMLGlobal::finalCheck(): Assertion `!s_refcnt' failed.
KCrash: crashing... crashRecursionCounter = 2
KCrash: Application Name = konqueror path = <unknown> pid = 16462
Comment 6 Andrey 2008-02-10 20:52:44 UTC
I can reproduce on my Gentoo system. Here's gdb backtrace:

#0  0xb7f8d410 in __kernel_vsyscall ()
#1  0xb758fd81 in raise () from /lib/libc.so.6
#2  0xb75915a8 in abort () from /lib/libc.so.6
#3  0xb7589115 in __assert_fail () from /lib/libc.so.6
#4  0xb53606b7 in KHTMLGlobal::finalCheck ()
    at /usr/src/debug/kde-base/kdelibs-9999.4/kdelibs-9999.4/khtml/khtml_global.cpp:244
#5  0xb56b919a in ~KHTMLFactory (this=0x825e7c0)
    at /usr/src/debug/kde-base/kdelibs-9999.4/kdelibs-9999.4/khtml/khtml_factory.cpp:35
#6  0x458b2830 in QObjectCleanupHandler::clear ()
   from /usr/lib/qt4/libQtCore.so.4
#7  0x458b28c0 in QObjectCleanupHandler::~QObjectCleanupHandler ()
   from /usr/lib/qt4/libQtCore.so.4
#8  0xb7c1320b in destroy ()
    at /usr/src/debug/kde-base/kdelibs-9999.4/kdelibs-9999.4/kdecore/util/kpluginfactory.cpp:29
#9  0xb7b0888b in ~KCleanUpGlobalStatic (this=0xb7c4b434)
    at /usr/src/debug/kde-base/kdelibs-9999.4/kdelibs-9999.4/kdecore/kernel/kglobal.h:65
#10 0xb7592ccf in exit () from /lib/libc.so.6
#11 0xb757c3f4 in __libc_start_main () from /lib/libc.so.6
#12 0x080486d1 in _start ()
Comment 7 Oliver Putz 2008-03-11 13:15:42 UTC
I found an easier way to reproduce this crash:

1) Open dolphin and create a new text file. Call this file foo.htm
2) Right click on the file -> open with
3) Select konqueror by double clicking on it.
4) Close the page
5) See konqueror crash with the already posted backtrace (for completeness I'll also post one for the current kdelibs r783515)

Application: Konqueror (konqueror), signal SIGABRT
Using host libthread_db library "/lib/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread 0xb6271a20 (LWP 6948)]
[KCrash handler]
#6  0xffffe410 in __kernel_vsyscall ()
#7  0xb64c21f1 in *__GI_raise (sig=6)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#8  0xb64c39b8 in *__GI_abort () at abort.c:88
#9  0xb64bb7d5 in *__GI___assert_fail (assertion=0xb4b45d59 "!s_refcnt", 
    file=0xb4b45cb4 "/var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/khtml_global.cpp", line=244, 
    function=0xb4b45ee0 "static void KHTMLGlobal::finalCheck()")
    at assert.c:78
#10 0xb48e8327 in KHTMLGlobal::finalCheck ()
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/khtml_global.cpp:244
#11 0xb4cb1305 in ~KHTMLFactory (this=0x833b000)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/khtml_factory.cpp:35
#12 0xb72b230d in QObjectCleanupHandler::clear (this=0x834dd38)
    at kernel/qobjectcleanuphandler.cpp:142
#13 0xb72b23a0 in ~QObjectCleanupHandler (this=0x834dd38)
    at kernel/qobjectcleanuphandler.cpp:88
#14 0xb7c0540b in destroy ()
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/kdecore/util/kpluginfactory.cpp:29
#15 0xb7ae677b in ~KCleanUpGlobalStatic (this=0xb7c3e5b4)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/kdecore/kernel/kglobal.h:65
#16 0xb7c05370 in __tcf_0 ()
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/kdecore/util/kpluginfactory.cpp:29
#17 0xb64c4dbc in *__GI_exit (status=0) at exit.c:75
#18 0xb64aefe4 in __libc_start_main (main=0x80487c0 <main>, argc=2, 
    ubp_av=0xbfca7814, init=0x8048810 <__libc_csu_init>, 
    fini=0x8048800 <__libc_csu_fini>, rtld_fini=0xb7fc7100 <_dl_fini>, 
    stack_end=0xbfca780c) at libc-start.c:261
#19 0x08048731 in _start ()
#0  0xffffe410 in __kernel_vsyscall ()
Comment 8 Tommi Tervo 2008-03-28 21:18:29 UTC
*** Bug 160036 has been marked as a duplicate of this bug. ***
Comment 9 A. Spehr 2008-05-23 10:01:01 UTC
New site:  http://ratp.fr

And sorry, this one is still here in trunk r811446. 4.00.80

This also seems to be the bug I keep coming across when closing a page that has facebook or something in it.

#10 0xb24667d4 in KHTMLGlobal::finalCheck ()
    at /home/ax4/kde/src/KDE/kdelibs/khtml/khtml_global.cpp:247
#11 0xb2b8130d in ~KHTMLFactory (this=0x8287d68)
    at /home/ax4/kde/src/KDE/kdelibs/khtml/khtml_factory.cpp:35
#12 0xb768f056 in qDeleteAll<QHash<QString, QPointer<KPluginFactory> >::const_iterator> (begin={i = 0x82878d0}, end={i = 0x8287910})
    at /usr/include/qt4/QtCore/qalgorithms.h:352
#13 0xb768f0bc in qDeleteAll<FactoryHash> (c=@0x82822b8)
    at /usr/include/qt4/QtCore/qalgorithms.h:360
#14 0xb768f2d5 in ~FactoryHash (this=0x82822b8)
    at /home/ax4/kde/src/KDE/kdelibs/kdecore/util/klibrary.cpp:93
#15 0xb768e14b in destroy ()
    at /home/ax4/kde/src/KDE/kdelibs/kdecore/util/klibrary.cpp:97
#16 0xb756e00f in ~KCleanUpGlobalStatic (this=0xb76cd870)
    at /home/ax4/kde/src/KDE/kdelibs/kdecore/kernel/kglobal.h:67
#17 0xb768dc9c in __tcf_0 ()
    at /home/ax4/kde/src/KDE/kdelibs/kdecore/util/klibrary.cpp:97
#18 0xb6383eb4 in exit () from /lib/i686/cmov/libc.so.6
#19 0xb636c458 in __libc_start_main () from /lib/i686/cmov/libc.so.6
#20 0x080486f1 in _start ()
#0  0xffffe410 in __kernel_vsyscall ()
Comment 10 A. Spehr 2008-05-23 10:05:00 UTC
*** Bug 162474 has been marked as a duplicate of this bug. ***
Comment 11 A. Spehr 2008-05-23 10:21:58 UTC
*** Bug 153636 has been marked as a duplicate of this bug. ***
Comment 12 A. Spehr 2008-05-23 10:29:52 UTC
*** Bug 147247 has been marked as a duplicate of this bug. ***
Comment 13 A. Spehr 2008-05-23 10:33:30 UTC
I get the same bt as  #7 if I do the odd procedure in bug #147247:
 
Load a site, when the site is done loading, simultaneously right-click, and hit Ctrl-Q. 

811446 kdelibs
811447 kdebase
(same versions I had for #9; trunk) 
Comment 14 A. Spehr 2008-05-24 08:02:53 UTC
Oh looky, someone found a site where this is the first thing that happens. Immediate crash. 

http://download.opensuse.org/repositories/KDE:/Qt44/openSUSE_10.3/KDE:Qt44.repo 

Not sure what to make of that.

Konsole logs this time:

konqueror(12768) KonqMainWindow::openView: KonqMainWindow::openView  "application/x-yum-repo"   KUrl("http://download.opensuse.org/repositories/KDE:/Qt44/openSUSE_10.3/KDE:Qt44.repo")   KonqView(0x8252690)  req: "[]"
ASSERT: "d" in file /home/ax4/kde/include/ksharedptr.h, line 116
konqueror(12768)/khtml KHTMLFactory::~KHTMLFactory: KHTMLFactory(0x8240d70)
konqueror(12768)/khtml KHTMLGlobal::finalCheck: 1 parts not deleted
konqueror(12768)/khtml KHTMLGlobal::finalCheck: Part KonqAboutPage(0x82b01b8) wasn't deleted
konqueror(12768)/khtml KHTMLGlobal::finalCheck: 1 docs not deleted
konqueror(12768)/khtml KHTMLGlobal::finalCheck: Document DOM::HTMLDocumentImpl(0x8272f28) wasn't deleted
konqueror: /home/ax4/kde/src/KDE/kdelibs/khtml/khtml_global.cpp:247: static void KHTMLGlobal::finalCheck(): Assertion `!s_refcnt' failed.
KCrash: crashing... crashRecursionCounter = 2
Comment 15 Maksim Orlovich 2008-05-25 00:38:02 UTC
re: comment #14: I can't reproduce the problem on that URL, but I am 99% sure there is a different bug that causes the crash there. The code in question for bug report only runs when the application exits. However, that includes some cases when the application has crashed, in which case it aborts the application from within some crashing stuff.

IOW, please paste a backtrace.
Comment 16 Christophe Giboudeaux 2008-06-08 18:30:15 UTC
*** Bug 163540 has been marked as a duplicate of this bug. ***
Comment 17 Christophe Giboudeaux 2008-06-10 10:50:21 UTC
*** Bug 163663 has been marked as a duplicate of this bug. ***
Comment 18 A. Spehr 2008-06-16 04:36:47 UTC
*** Bug 164126 has been marked as a duplicate of this bug. ***
Comment 19 A. Spehr 2008-06-16 10:43:41 UTC
Ok, I went through all of the listed urls both in here and in the dups, and they all work. Including the one in #14 that doesn't match up. So I'm closing this. r821020
Comment 20 mario tuling 2008-06-19 23:28:03 UTC
i have this issue with rev 822278, it crashes on close whatever i did in konqueror before. if i delete .kde, it works again. so if i should post some settings, please say so. here is the backtrace:

Application: Konqueror (konqueror), signal SIGABRT

#5  0x00002ab1ff0ed3c5 in *__GI_raise (sig=<value optimized out>)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#6  0x00002ab1ff0ee73e in *__GI_abort () at abort.c:88
#7  0x00002ab1ff0e6b1f in *__GI___assert_fail (
    assertion=0x2ab204eac695 "!crash",
    file=0x2ab204eac810 "/var/tmp/portage/kde-base/kdelibs-9999/work/kdelibs-9999/khtml/misc/loader.cpp", line=1598,
    function=0x2ab204eacd80 "static void khtml::Cache::clear()")
    at assert.c:78
#8  0x00002ab204dda49c in khtml::Cache::clear ()
    at /var/tmp/portage/kde-base/kdelibs-9999/work/kdelibs-9999/khtml/misc/loader.cpp:1598
#9  0x00002ab204ca6f6f in ~KHTMLGlobal (this=<value optimized out>)
    at /var/tmp/portage/kde-base/kdelibs-9999/work/kdelibs-9999/khtml/khtml_global.cpp:99
#10 0x00002ab204ca6fd0 in KHTMLGlobal::deref ()
    at /var/tmp/portage/kde-base/kdelibs-9999/work/kdelibs-9999/khtml/khtml_global.cpp:133
#11 0x00002ab204ca70e5 in KHTMLGlobal::deregisterPart (part=0x8e8350)
    at /var/tmp/portage/kde-base/kdelibs-9999/work/kdelibs-9999/khtml/khtml_global.cpp:160
#12 0x00002ab204c9aaa4 in ~KHTMLPart (this=0x8e8350,
    __vtt_parm=0x2ab2094f7168)
    at /var/tmp/portage/kde-base/kdelibs-9999/work/kdelibs-9999/khtml/khtml_part.cpp:533
#13 0x00002ab2092ec2e2 in ~KonqAboutPage (this=0x8e8350)
    at /var/tmp/portage/kde-base/konqueror-9999/work/konqueror/apps/konqueror/about/konq_aboutpage.cc:376
#14 0x00002ab1f8a60463 in ~KonqView (this=0x902b20)
    at /var/tmp/portage/kde-base/konqueror-9999/work/konqueror/apps/konqueror/src/konqview.cpp:132
.....
Comment 21 mario tuling 2008-06-20 01:05:09 UTC
happens also if i do several other actions, eg trying to load applications:/ or my homedir
Comment 22 mario tuling 2008-06-24 00:09:24 UTC
oh sorry for reopening, this seems to be another issue here.
Comment 23 Drew Fisher 2008-06-30 08:54:28 UTC
New testcase: http://groups.google.com/group/alt.true-crime/browse_thread/thread/35862c8852818d49/49dc27e6852688f7?lnk=raot

SVN 823211 crashes on close after viewing that page with a bt same as that in comment 7.  Reopen?
Comment 24 A. Spehr 2008-06-30 09:46:22 UTC
Bah, yep, that's a reopen then.r825002
Comment 25 A. Spehr 2008-06-30 10:02:16 UTC
*** Bug 165371 has been marked as a duplicate of this bug. ***
Comment 26 A. Spehr 2008-07-15 23:00:40 UTC
bug #166637 crashes on Hulu.com
Comment 27 A. Spehr 2008-07-26 12:42:48 UTC
*** Bug 166637 has been marked as a duplicate of this bug. ***
Comment 28 A. Spehr 2008-07-26 12:44:20 UTC
*** Bug 167397 has been marked as a duplicate of this bug. ***
Comment 29 A. Spehr 2008-07-26 12:46:09 UTC
One of the last dups there is caused by editing wikipedia. Kinda bad, that.
Comment 30 Frank Reininghaus 2008-07-28 21:05:40 UTC
*** Bug 167616 has been marked as a duplicate of this bug. ***
Comment 31 Maksim Orlovich 2008-07-29 19:09:13 UTC
*** Bug 166664 has been marked as a duplicate of this bug. ***
Comment 32 Maksim Orlovich 2008-08-07 01:20:17 UTC
SVN commit 843323 by orlovich:

Fix the deterministic leak on websites such as google maps (and some other ones)
which also causes an assertion failure on exit.

There is still a more subtle one where the conservative collection keeps an object alive for 
a while. Happens e.g. for #164126. That one needs more thought...

CCBUG:156172
CCBUG:161289
CCBUG:151453
BUG:167354



 M  +7 -0      khtml/ecma/kjs_window.cpp  
 M  +1 -4      kjs/interpreter.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=843323
Comment 33 Maksim Orlovich 2008-08-07 01:21:48 UTC
SVN commit 843325 by orlovich:

Merged revision 843323:
Fix the deterministic leak on websites such as google maps (and some other ones)
which also causes an assertion failure on exit.

There is still a more subtle one where the conservative collection keeps an object alive for 
a while. Happens e.g. for #164126. That one needs more thought...

CCBUG:156172
CCBUG:161289
CCBUG:151453
BUG:167354

 M  +7 -0      khtml/ecma/kjs_window.cpp  
 M  +1 -4      kjs/interpreter.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=843325
Comment 34 Maksim Orlovich 2008-08-11 23:54:58 UTC
Consolidating since can't always be sure of exact cause anyway...

*** This bug has been marked as a duplicate of 151453 ***