RESOLVED FIXED36290
[Qt] WebKit crash when leaving the application after loading certain URLs 
https://bugs.webkit.org/show_bug.cgi?id=36290
Summary [Qt] WebKit crash when leaving the application after loading certain URLs
Benjamin Poulain
Reported 2010-03-18 03:18:44 PDT
With WebKit trunk and Qt 4.7 trunk, WebKit crashes after some URL. To reproduce the issue: -open http://digg.com/hockey/Post_Office_Loses_5_000_in_Hockey_Cards with QtLauncher -close QtLauncher -enjoy ;) Here is the trace of the crash: #0 QHttpNetworkConnectionPrivate::removeReply (this=0x0, reply=0x7fffdc1b1220) at /home/ikipou/dev/oslo-staging-1/src/network/access/qhttpnetworkconnection.cpp:630 #1 0x00007ffff6515f4c in ~QHttpNetworkReply (this=0x7fffdc1b1220, __in_chrg=<value optimized out>) at /home/ikipou/dev/oslo-staging-1/src/network/access/qhttpnetworkreply.cpp:66 #2 0x00007ffff525f4df in QObjectPrivate::deleteChildren (this=0x7fffddf29160) at /home/ikipou/dev/oslo-staging-1/src/corelib/kernel/qobject.cpp:1981 #3 0x00007ffff5264dd5 in ~QObject (this=<value optimized out>, __in_chrg=<value optimized out>) at /home/ikipou/dev/oslo-staging-1/src/corelib/kernel/qobject.cpp:978 #4 0x00007ffff6538824 in ~QNetworkAccessHttpBackend (this=0x7fffddbcc2f0, __in_chrg=<value optimized out>) at /home/ikipou/dev/oslo-staging-1/src/network/access/qnetworkaccesshttpbackend.cpp:311 #5 0x00007ffff525f3bd in QObject::event (this=0x7fffddbcc2f0, e=0x7fffddd70c50) at /home/ikipou/dev/oslo-staging-1/src/corelib/kernel/qobject.cpp:1226 #6 0x00007ffff576e29c in QApplicationPrivate::notify_helper (this=0x6c43e0, receiver=0x7fffddbcc2f0, e=0x7fffddd70c50) at /home/ikipou/dev/oslo-staging-1/src/gui/kernel/qapplication.cpp:4336 #7 0x00007ffff577599d in QApplication::notify (this=0x7fffffffdde0, receiver=0x7fffddbcc2f0, e=0x7fffddd70c50) at /home/ikipou/dev/oslo-staging-1/src/gui/kernel/qapplication.cpp:4219 #8 0x00007ffff524dcbc in QCoreApplication::notifyInternal (this=0x7fffffffdde0, receiver=0x7fffddbcc2f0, event=0x7fffddd70c50) at /home/ikipou/dev/oslo-staging-1/src/corelib/kernel/qcoreapplication.cpp:704 #9 0x00007ffff5251ab4 in QCoreApplication::sendEvent (receiver=0x0, event_type=<value optimized out>, data=0x6bf190) at ../../include/QtCore/../../../oslo-staging-1/src/corelib/kernel/qcoreapplication.h:215 #10 QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=<value optimized out>, data=0x6bf190) at /home/ikipou/dev/oslo-staging-1/src/corelib/kernel/qcoreapplication.cpp:1345 #11 0x00007ffff5251ddc in QCoreApplication::exec () at /home/ikipou/dev/oslo-staging-1/src/corelib/kernel/qcoreapplication.cpp:988 #12 0x0000000000424b81 in main ()
Attachments
Add attachment proposed patch, testcase, etc.
Antonio Gomes
Comment 1 2010-03-18 10:24:07 PDT
Benjamin, I was about to file a bug about QtLauncher crashing, when I saw yours:) I got these warnings, and then it crashes on exiting: $ run-launcher --qt google.com Starting webkit launcher, running against the built WebKit in /home/agomes/webkit/staikos/webkit/WebKitBuild/Qt/Release/lib... QMetaObject::invokeMethod: No such method QObject::_q_startNextRequest() QMetaObject::invokeMethod: No such method QObject::_q_startNextRequest() QMetaObject::invokeMethod: No such method QObject::_q_startNextRequest() QMetaObject::invokeMethod: No such method QObject::_q_startNextRequest() QMetaObject::invokeMethod: No such method QObject::_q_startNextRequest() QMetaObject::invokeMethod: No such method QObject::_q_startNextRequest() Segmentation fault sounds related
Markus Goetz
Comment 2 2010-03-19 01:58:54 PDT
Related to 35964 ?
Jędrzej Nowacki
Comment 3 2010-03-22 08:47:49 PDT
Benjamin, I can't reproduce the issue with trunk (Qt, WebKit). I tried: - Debian/testing (32) - Windows Vista (32) Can it be that the crash is related to your 64 bits system? The page contain dynamic content, so it could be problematic to reproduce. Antonio, I can't reproduce yours warnings too (at least on linux).
Benjamin Poulain
Comment 4 2010-03-22 08:54:22 PDT
I cannot reproduce it with a QtWebkit from this week-end. I guess this has been fixed. I will start the robustness test again.
Benjamin Poulain
Comment 5 2010-03-22 10:02:03 PDT
My bad, it is just more random than I thought. I just had the same crash.
Markus Goetz
Comment 6 2010-03-24 02:39:30 PDT
I get this similar/same crash when running Qt 4.6's tst_qnetworkreply via gdb: #0 0x00007ffff789771e in QHttpNetworkConnectionPrivate::q_func (this=0x0) at /home/mgoetz/Development/depot/qt/oslo-staging-1/src/network/access/qhttpnetworkconnection_p.h:155 #1 0x00007ffff7894f21 in QHttpNetworkConnectionPrivate::removeReply (this=0x0, reply=0x6dab70) at /home/mgoetz/Development/depot/qt/oslo-staging-1/src/network/access/qhttpnetworkconnection.cpp:627 #2 0x00007ffff788b418 in ~QHttpNetworkReply (this=0x6dab70, __in_chrg=<value optimized out>) at /home/mgoetz/Development/depot/qt/oslo-staging-1/src/network/access/qhttpnetworkreply.cpp:66 #3 0x00007ffff74c00ba in QObjectPrivate::deleteChildren (this=0x75fa50) at /home/mgoetz/Development/depot/qt/oslo-staging-1/src/corelib/kernel/qobject.cpp:1978 #4 0x00007ffff74bda9f in ~QObject (this=0x75f9a0, __in_chrg=<value optimized out>) at /home/mgoetz/Development/depot/qt/oslo-staging-1/src/corelib/kernel/qobject.cpp:975 #5 0x00007ffff78abf98 in ~QNetworkAccessBackend (this=0x75f9a0, __in_chrg=<value optimized out>) at /home/mgoetz/Development/depot/qt/oslo-staging-1/src/network/access/qnetworkaccessbackend.cpp:157 #6 0x00007ffff78b6059 in ~QNetworkAccessHttpBackend (this=0x75f9a0, __in_chrg=<value optimized out>) at /home/mgoetz/Development/depot/qt/oslo-staging-1/src/network/access/qnetworkaccesshttpbackend.cpp:309 #7 0x00007ffff74c00ba in QObjectPrivate::deleteChildren (this=0x75c080) at /home/mgoetz/Development/depot/qt/oslo-staging-1/src/corelib/kernel/qobject.cpp:1978 #8 0x00007ffff74bda9f in ~QObject (this=0x766a30, __in_chrg=<value optimized out>) at /home/mgoetz/Development/depot/qt/oslo-staging-1/src/corelib/kernel/qobject.cpp:975 #9 0x00007ffff74285ac in ~QIODevice (this=0x766a30, __in_chrg=<value optimized out>) at /home/mgoetz/Development/depot/qt/oslo-staging-1/src/corelib/io/qiodevice.cpp:407 #10 0x00007ffff78c6406 in ~QNetworkReply (this=0x766a30, __in_chrg=<value optimized out>) at /home/mgoetz/Development/depot/qt/oslo-staging-1/src/network/access/qnetworkreply.cpp:355 #11 0x00007ffff78c9cd1 in ~QNetworkReplyImpl (this=0x766a30, __in_chrg=<value optimized out>) at /home/mgoetz/Development/depot/qt/oslo-staging-1/src/network/access/qnetworkreplyimpl.cpp:587 #12 0x00007ffff74c00ba in QObjectPrivate::deleteChildren (this=0x6a9f60) at /home/mgoetz/Development/depot/qt/oslo-staging-1/src/corelib/kernel/qobject.cpp:1978 #13 0x00007ffff74bda9f in ~QObject (this=0x7fffffffcbe0, __in_chrg=<value optimized out>) at /home/mgoetz/Development/depot/qt/oslo-staging-1/src/corelib/kernel/qobject.cpp:975 #14 0x0000000000441268 in ~HttpRecursiveCreationHelper (this=0x7fffffffcbe0, __in_chrg=<value optimized out>) at /home/mgoetz/Development/depot/qt/oslo-staging-1/tests/auto/qnetworkreply/tst_qnetworkreply.cpp:3968 #15 0x0000000000439b2c in tst_QNetworkReply::httpRecursiveCreation (this=0x7fffffffdf20) at /home/mgoetz/Development/depot/qt/oslo-staging-1/tests/auto/qnetworkreply/tst_qnetworkreply.cpp:4029 I'll try to look into it before my easter holiday on friday, but I can't promise anything.
Markus Goetz
Comment 7 2010-03-25 07:21:17 PDT
We pushed a fix to Qt 4.6 as 656c02f128c56177c48b3de47f7b1e17dbbfa4d3 It is still pending in the staging repository and also will need to be merged up to 4.7. It definitely fixes the issue we saw in Qt's tst_qnetworkreply. Could you check with qtwebkit too?
Benjamin Poulain
Comment 8 2010-04-07 01:26:50 PDT
(In reply to comment #7) > We pushed a fix to Qt 4.6 as 656c02f128c56177c48b3de47f7b1e17dbbfa4d3 > It is still pending in the staging repository and also will need to be merged > up to 4.7. > > It definitely fixes the issue we saw in Qt's tst_qnetworkreply. Could you check > with qtwebkit too? I cannot reproduce the problem anymore with the patch of Markus. I close the task.
Andreas Kling
Comment 9 2010-04-20 18:10:23 PDT
*** Bug 35964 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.