241702 – Konqueror with Webkit Crashes on Javascript-heavy sites

Bug 241702 - Konqueror with Webkit Crashes on Javascript-heavy sites

Summary: Konqueror with Webkit Crashes on Javascript-heavy sites

Status:	RESOLVED UPSTREAM

Alias:	None

Product:	kdelibs
Classification:	Frameworks and Libraries
Component:	kdewebkit (show other bugs)
Version:	unspecified
Platform:	Ubuntu Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	webkit-devel

URL:
Keywords:

Duplicates (13):	241471 241701 241734 242084 242209 245945 246199 246425 246455 246457 250726 251449 253158 (view as bug list)
Depends on:
Blocks:

Reported:	2010-06-14 07:48 UTC by Evan Cofsky
Modified:	2010-10-03 21:39 UTC (History)
CC List:	16 users (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
New crash information added by DrKonqi (9.45 KB, text/plain) 2010-06-14 08:12 UTC, Evan Cofsky	Details
New crash information added by DrKonqi (11.19 KB, text/plain) 2010-06-14 08:15 UTC, Evan Cofsky	Details
New crash information added by DrKonqi (10.79 KB, text/plain) 2010-09-22 08:46 UTC, BRULE Herman	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Evan Cofsky 2010-06-14 07:48:22 UTC

Application: konqueror (4.4.85 (KDE 4.4.85 (KDE 4.5 Beta2)))
KDE Platform Version: 4.4.85 (KDE 4.4.85 (KDE 4.5 Beta2))
Qt Version: 4.7.0
Operating System: Linux 2.6.32-22-generic i686
Distribution: Ubuntu 10.04 LTS

-- Information about the crash:
This particular crash seems fairly consistent on Facebook. However, I just changed from using Tor to connecting directly to the Internet and Konqueror seems quite a bit more stable.

-- Backtrace:
Application: Konqueror (konqueror), signal: Segmentation fault
[Current thread is 1 (Thread 0xb7831930 (LWP 9471))]

Thread 4 (Thread 0xae3b7b70 (LWP 9486)):
#0  0x00a4f422 in __kernel_vsyscall ()
#1  0x005cb015 in pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/i386/i686/../i486/pthread_cond_wait.S:122
#2  0x00c959dd in __pthread_cond_wait (cond=0xb185a3f0, mutex=0xb185a3d8) at forward.c:139
#3  0xb1366aad in WTF::TCMalloc_PageHeap::scavengerThread (this=0xb1855300) at wtf/FastMalloc.cpp:2378
#4  0xb1366b91 in WTF::TCMalloc_PageHeap::runScavengerThread (context=0xb1855300) at wtf/FastMalloc.cpp:1497
#5  0x005c696e in start_thread (arg=0xae3b7b70) at pthread_create.c:300
#6  0x00c88a4e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130

Thread 3 (Thread 0xb217ab70 (LWP 9528)):
#0  __i686.get_pc_thunk.bx () at ../nptl/sysdeps/unix/sysv/linux/i386/i686/../i486/sem_post.S:171
#1  0x005c8f27 in __pthread_mutex_lock (mutex=0x9437e1c) at pthread_mutex_lock.c:47
#2  0x00c95ba6 in pthread_mutex_lock (mutex=0x9437e1c) at forward.c:182
#3  0x07911b03 in g_main_context_prepare () from /lib/libglib-2.0.so.0
#4  0x07911ee9 in ?? () from /lib/libglib-2.0.so.0
#5  0x079124b8 in g_main_context_iteration () from /lib/libglib-2.0.so.0
#6  0x036bef1f in QEventDispatcherGlib::processEvents (this=0x8f989e0, flags=...) at kernel/qeventdispatcher_glib.cpp:414
#7  0x0368f1a9 in QEventLoop::processEvents (this=0xb217a290, flags=) at kernel/qeventloop.cpp:149
#8  0x0368f5fa in QEventLoop::exec (this=0xb217a290, flags=...) at kernel/qeventloop.cpp:201
#9  0x0358caee in QThread::exec (this=0x8ebf598) at thread/qthread.cpp:490
#10 0x0366e2eb in QInotifyFileSystemWatcherEngine::run (this=0x8ebf598) at io/qfilesystemwatcher_inotify.cpp:248
#11 0x0358fdc9 in QThreadPrivate::start (arg=0x8ebf598) at thread/qthread_unix.cpp:266
#12 0x005c696e in start_thread (arg=0xb217ab70) at pthread_create.c:300
#13 0x00c88a4e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130

Thread 2 (Thread 0xad295b70 (LWP 9535)):
#0  0x00a4f422 in __kernel_vsyscall ()
#1  0x005cb015 in pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/i386/i686/../i486/pthread_cond_wait.S:122
#2  0x00c959dd in __pthread_cond_wait (cond=0x215c290, mutex=0x215c278) at forward.c:139
#3  0x02059437 in QTWTF::TCMalloc_PageHeap::scavengerThread (this=0x21571a0) at ../3rdparty/javascriptcore/JavaScriptCore/wtf/FastMalloc.cpp:2359
#4  0x02059481 in QTWTF::TCMalloc_PageHeap::runScavengerThread (context=0x21571a0) at ../3rdparty/javascriptcore/JavaScriptCore/wtf/FastMalloc.cpp:1464
#5  0x005c696e in start_thread (arg=0xad295b70) at pthread_create.c:300
#6  0x00c88a4e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130

Thread 1 (Thread 0xb7831930 (LWP 9471)):
[KCrash Handler]
#7  0x0280b705 in IA__gdk_pixbuf_new_from_data (data=0xa48ef964 "\377\377\377", colorspace=GDK_COLORSPACE_RGB, has_alpha=1, bits_per_sample=8, width=64, height=64, rowstride=256, destroy_fn=0, 
    destroy_fn_data=0xa48ef964) at /build/buildd/gtk+2.0-2.20.1/gdk-pixbuf/gdk-pixbuf-data.c:76
#8  0x0281300f in IA__gdk_pixbuf_from_pixdata (pixdata=0xbfbacde4, copy_pixels=0, error=0x0) at /build/buildd/gtk+2.0-2.20.1/gdk-pixbuf/gdk-pixdata.c:497
#9  0x028132d3 in IA__gdk_pixbuf_new_from_inline (data_length=-1, data=0xa48ef94c "GdkP", copy_pixels=0, error=0x0) at /build/buildd/gtk+2.0-2.20.1/gdk-pixbuf/gdk-pixdata.c:899
#10 0xa3fe3335 in ?? () from /usr/lib/flashplugin-installer/libflashplayer.so
#11 0xa3fe1d8e in ?? () from /usr/lib/flashplugin-installer/libflashplayer.so
#12 0xa3fe628e in NP_Initialize () from /usr/lib/flashplugin-installer/libflashplayer.so
#13 0xb10f65b0 in WebCore::PluginPackage::load (this=0xa5e88a80) at plugins/qt/PluginPackageQt.cpp:131
#14 0xb10f79d2 in WebCore::PluginPackage::fetchInfo (this=0xa5e88a80) at plugins/qt/PluginPackageQt.cpp:40
#15 0xb0f8b589 in WebCore::PluginPackage::createPackage (path=..., lastModified=@0xbfbad12c) at plugins/PluginPackage.cpp:159
#16 0xb0f8972a in WebCore::PluginDatabase::refresh (this=0xa57c2870) at plugins/PluginDatabase.cpp:121
#17 0xb0f8a164 in WebCore::PluginDatabase::installedPlugins (populate=true) at plugins/PluginDatabase.cpp:54
#18 0xb10bd29c in WebCore::FrameLoaderClientQt::objectContentType (this=0xb195300, url=..., _mimeType=...) at ../WebKit/qt/WebCoreSupport/FrameLoaderClientQt.cpp:1119
#19 0xb0e138d2 in WebCore::HTMLPlugInImageElement::isImageType (this=0xa5ea4150) at html/HTMLPlugInImageElement.cpp:48
#20 0xb0e06b24 in WebCore::HTMLObjectElement::parseMappedAttribute (this=0xa5ea4150, attr=0xa6cf70e0) at html/HTMLObjectElement.cpp:81
#21 0xb0d1f711 in WebCore::StyledElement::attributeChanged (this=0xa5ea4150, attr=0xa6cf70e0, preserveDecls=false) at dom/StyledElement.cpp:190
#22 0xb0ce7dbb in WebCore::Element::setAttributeMap (this=0xa5ea4150, list=..., scriptingPermission=WebCore::FragmentScriptingAllowed) at dom/Element.cpp:717
#23 0xb0e12851 in WebCore::HTMLParser::parseToken (this=0xa5b83558, t=0xbfbad6c4) at html/HTMLParser.cpp:283
#24 0xb0e2524d in WebCore::HTMLTokenizer::processToken (this=0xbfbad6a8) at html/HTMLTokenizer.cpp:1949
#25 0xb0e2c92c in WebCore::HTMLTokenizer::parseTag (this=0xbfbad6a8, src=..., state=...) at html/HTMLTokenizer.cpp:1521
#26 0xb0e2eb6d in WebCore::HTMLTokenizer::write (this=0xbfbad6a8, str=..., appendData=true) at html/HTMLTokenizer.cpp:1772
#27 0xb0e31322 in WebCore::parseHTMLDocumentFragment (source=..., fragment=0xa68760c0, scriptingPermission=WebCore::FragmentScriptingAllowed) at html/HTMLTokenizer.cpp:2148
#28 0xb0ce4a3b in WebCore::Element::createContextualFragment (this=0xa6d71480, markup=..., scriptingPermission=WebCore::FragmentScriptingAllowed) at dom/Element.cpp:105
#29 0xb0ddc032 in WebCore::HTMLElement::createContextualFragment (this=0xa6d71480, markup=..., scriptingPermission=WebCore::FragmentScriptingAllowed) at html/HTMLElement.cpp:290
#30 0xb0ddec6e in WebCore::HTMLElement::setInnerHTML (this=0xa6d71480, html=..., ec=@0xbfbae21c) at html/HTMLElement.cpp:352
#31 0xb0907fbc in WebCore::setJSHTMLElementInnerHTML (exec=0xb325c180, thisObject=0xa6238840, value=...) at generated/JSHTMLElement.cpp:364
#32 0xb0907805 in lookupPut<WebCore::JSHTMLElement> (this=0xa6238840, exec=0xb325c180, propertyName=..., value=..., slot=...) at ../JavaScriptCore/runtime/Lookup.h:303
#33 lookupPut<WebCore::JSHTMLElement, WebCore::JSElement> (this=0xa6238840, exec=0xb325c180, propertyName=..., value=..., slot=...) at ../JavaScriptCore/runtime/Lookup.h:317
#34 WebCore::JSHTMLElement::put (this=0xa6238840, exec=0xb325c180, propertyName=..., value=..., slot=...) at generated/JSHTMLElement.cpp:307
#35 0xb08ff018 in lookupPut<WebCore::JSHTMLDivElement, WebCore::JSHTMLElement> (this=0xa6238840, exec=0xb325c180, propertyName=..., value=..., slot=...) at ../JavaScriptCore/runtime/Lookup.h:318
#36 WebCore::JSHTMLDivElement::put (this=0xa6238840, exec=0xb325c180, propertyName=..., value=..., slot=...) at generated/JSHTMLDivElement.cpp:157
#37 0xb12bfed8 in JSC::JSValue::put (args=0x0) at runtime/JSObject.h:669
#38 cti_op_put_by_id (args=0x0) at jit/JITStubs.cpp:1170
#39 0x0697b07f in ?? ()
#40 0xb12a1cb7 in JSC::JITCode::execute (this=0xadaf8720, functionExecutable=0xadb973a8, callFrame=0x9f9f464, function=0xa6c5d600, thisObj=0xb3200040, args=..., scopeChain=0xac432258, 
    exception=0xadadada8) at jit/JITCode.h:77
#41 JSC::Interpreter::execute (this=0xadaf8720, functionExecutable=0xadb973a8, callFrame=0x9f9f464, function=0xa6c5d600, thisObj=0xb3200040, args=..., scopeChain=0xac432258, exception=0xadadada8)
    at interpreter/Interpreter.cpp:687
#42 0xb12f6b3d in JSC::JSFunction::call (this=0xa6c5d600, exec=0x9f9f464, thisValue=..., args=...) at runtime/JSFunction.cpp:122
#43 0xb12d0dee in JSC::call (exec=0x9f9f464, functionObject=<value optimized out>, callType=JSC::CallTypeJS, callData=..., thisValue=..., args=...) at runtime/CallData.cpp:39
#44 0xb0c1515a in WebCore::ScheduledAction::executeFunctionInContext (this=0xa5b6f8c0, globalObject=0xa5f0bac0, thisValue=...) at bindings/js/ScheduledAction.cpp:106
#45 0xb0c159a7 in WebCore::ScheduledAction::execute (this=0xa5b6f8c0, document=0xa4cea000) at bindings/js/ScheduledAction.cpp:126
#46 0xb0ee07ab in WebCore::DOMTimer::fired (this=0xadb97900) at page/DOMTimer.cpp:149
#47 0xb0f81701 in WebCore::ThreadTimers::sharedTimerFiredInternal (this=0xadab9288) at platform/ThreadTimers.cpp:112
#48 0xb0f817ed in WebCore::ThreadTimers::sharedTimerFired () at platform/ThreadTimers.cpp:90
#49 0xb10afb06 in WebCore::SharedTimerQt::timerEvent (this=0x9425278, ev=0xbfbaec10) at platform/qt/SharedTimerQt.cpp:117
#50 0x036a3014 in QObject::event (this=0x9425278, e=0x0) at kernel/qobject.cpp:1183
#51 0x051ef32c in QApplicationPrivate::notify_helper (this=0x8588f30, receiver=0x9425278, e=0xbfbaec10) at kernel/qapplication.cpp:4358
#52 0x051f66fe in QApplication::notify (this=0xbfbaf09c, receiver=0x9425278, e=0xbfbaec10) at kernel/qapplication.cpp:3762
#53 0x0171b90a in KApplication::notify (this=0xbfbaf09c, receiver=0x9425278, event=0xbfbaec10) at ../../kdeui/kernel/kapplication.cpp:302
#54 0x036906cb in QCoreApplication::notifyInternal (this=0xbfbaf09c, receiver=0x9425278, event=0xbfbaec10) at kernel/qcoreapplication.cpp:732
#55 0x036c2426 in QCoreApplication::sendEvent (this=0x858c134) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:215
#56 QTimerInfoList::activateTimers (this=0x858c134) at kernel/qeventdispatcher_unix.cpp:602
#57 0x036bf227 in timerSourceDispatch (source=0x858c170) at kernel/qeventdispatcher_glib.cpp:184
#58 idleTimerSourceDispatch (source=0x858c170) at kernel/qeventdispatcher_glib.cpp:231
#59 0x0790e5e5 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#60 0x079122d8 in ?? () from /lib/libglib-2.0.so.0
#61 0x079124b8 in g_main_context_iteration () from /lib/libglib-2.0.so.0
#62 0x036beee5 in QEventDispatcherGlib::processEvents (this=0x8570e18, flags=...) at kernel/qeventdispatcher_glib.cpp:412
#63 0x052b0105 in QGuiEventDispatcherGlib::processEvents (this=0x8570e18, flags=...) at kernel/qguieventdispatcher_glib.cpp:204
#64 0x0368f1a9 in QEventLoop::processEvents (this=0xbfbaeed4, flags=) at kernel/qeventloop.cpp:149
#65 0x0368f5fa in QEventLoop::exec (this=0xbfbaeed4, flags=...) at kernel/qeventloop.cpp:201
#66 0x03693baf in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1009
#67 0x051ee157 in QApplication::exec () at kernel/qapplication.cpp:3637
#68 0x001d162a in kdemain (argc=2, argv=0xbfbaf394) at ../../../../apps/konqueror/src/konqmain.cpp:243
#69 0x080485fb in main (argc=2, argv=0xbfbaf394) at konqueror_dummy.cpp:3

Reported using DrKonqi

Comment 1 Evan Cofsky 2010-06-14 08:12:58 UTC

Created attachment 47984 [details]
New crash information added by DrKonqi

konqueror (4.4.85 (KDE 4.4.85 (KDE 4.5 Beta2))) on KDE Platform 4.4.85 (KDE 4.4.85 (KDE 4.5 Beta2)) using Qt 4.7.0

Another crash with WebKit, this time I think news.google.com and slashdot.

-- Backtrace (Reduced):
#7  0x026fa705 in IA__gdk_pixbuf_new_from_data (data=0xa4f0f964 "\377\377\377", colorspace=GDK_COLORSPACE_RGB, has_alpha=1, bits_per_sample=8, width=64, height=64, rowstride=256, destroy_fn=0, 
    destroy_fn_data=0xa4f0f964) at /build/buildd/gtk+2.0-2.20.1/gdk-pixbuf/gdk-pixbuf-data.c:76
#8  0x0270200f in IA__gdk_pixbuf_from_pixdata (pixdata=0xbf875654, copy_pixels=0, error=0x0) at /build/buildd/gtk+2.0-2.20.1/gdk-pixbuf/gdk-pixdata.c:497
#9  0x027022d3 in IA__gdk_pixbuf_new_from_inline (data_length=-1, data=0xa4f0f94c "GdkP", copy_pixels=0, error=0x0) at /build/buildd/gtk+2.0-2.20.1/gdk-pixbuf/gdk-pixdata.c:899
[...]
[...]
#12 0xa460628e in NP_Initialize () from /usr/lib/flashplugin-installer/libflashplayer.so
#13 0xab1b95b0 in WebCore::PluginPackage::load (this=0xa95cc000) at plugins/qt/PluginPackageQt.cpp:131

Comment 2 Evan Cofsky 2010-06-14 08:15:03 UTC

Created attachment 47985 [details]
New crash information added by DrKonqi

konqueror (4.4.85 (KDE 4.4.85 (KDE 4.5 Beta2))) on KDE Platform 4.4.85 (KDE 4.4.85 (KDE 4.5 Beta2)) using Qt 4.7.0

Another crash on Google, slashdot, and loading bookmarks I think.

-- Backtrace (Reduced):
#7  0x02143705 in IA__gdk_pixbuf_new_from_data (data=0xa3997964 "\377\377\377", colorspace=GDK_COLORSPACE_RGB, has_alpha=1, bits_per_sample=8, width=64, height=64, rowstride=256, destroy_fn=0, 
    destroy_fn_data=0xa3997964) at /build/buildd/gtk+2.0-2.20.1/gdk-pixbuf/gdk-pixbuf-data.c:76
#8  0x0214b00f in IA__gdk_pixbuf_from_pixdata (pixdata=0xbf800214, copy_pixels=0, error=0x0) at /build/buildd/gtk+2.0-2.20.1/gdk-pixbuf/gdk-pixdata.c:497
#9  0x0214b2d3 in IA__gdk_pixbuf_new_from_inline (data_length=-1, data=0xa399794c "GdkP", copy_pixels=0, error=0x0) at /build/buildd/gtk+2.0-2.20.1/gdk-pixbuf/gdk-pixdata.c:899
[...]
[...]
#12 0xa308e28e in NP_Initialize () from /usr/lib/flashplugin-installer/libflashplayer.so
#13 0xaccb15b0 in WebCore::PluginPackage::load (this=0xa79d7a80) at plugins/qt/PluginPackageQt.cpp:131

Comment 3 Christoph Feck 2010-06-14 15:58:24 UTC

This bug is caused by the new Flash 10.1 player. Please install the previous
version until it is fixed by Adobe.

Comment 4 Dawit Alemayehu 2010-06-14 17:01:20 UTC

*** Bug 241734 has been marked as a duplicate of this bug. ***

Comment 5 Dawit Alemayehu 2010-06-14 17:03:46 UTC

Refer to the following ticket opened upstream for flash view plugin 10.1.53.64 related crashes like this one: http://webkit.org/b/40567

Comment 6 Tommi Tervo 2010-06-18 17:47:05 UTC

*** Bug 241471 has been marked as a duplicate of this bug. ***

Comment 7 Tommi Tervo 2010-06-18 17:47:21 UTC

*** Bug 241701 has been marked as a duplicate of this bug. ***

Comment 8 Tommi Tervo 2010-06-18 17:47:55 UTC

*** Bug 242084 has been marked as a duplicate of this bug. ***

Comment 9 Nicolas L. 2010-06-20 00:05:15 UTC

*** Bug 242209 has been marked as a duplicate of this bug. ***

Comment 10 Christoph Feck 2010-07-27 22:25:47 UTC

*** Bug 245945 has been marked as a duplicate of this bug. ***

Comment 11 Tommi Tervo 2010-07-30 07:50:06 UTC

*** Bug 246199 has been marked as a duplicate of this bug. ***

Comment 12 Christoph Feck 2010-08-01 23:50:51 UTC

*** Bug 246455 has been marked as a duplicate of this bug. ***

Comment 13 Christoph Feck 2010-08-01 23:52:16 UTC

*** Bug 246457 has been marked as a duplicate of this bug. ***

Comment 14 Christoph Feck 2010-08-01 23:54:47 UTC

*** Bug 246425 has been marked as a duplicate of this bug. ***

Comment 15 Christoph Feck 2010-09-10 01:42:57 UTC

*** Bug 250726 has been marked as a duplicate of this bug. ***

Comment 16 Dawit Alemayehu 2010-09-16 18:57:51 UTC

*** Bug 251449 has been marked as a duplicate of this bug. ***

Comment 17 BRULE Herman 2010-09-22 08:46:21 UTC

Created attachment 51873 [details]
New crash information added by DrKonqi

konqueror (4.5.1 (KDE 4.5.1)) on KDE Platform 4.5.1 (KDE 4.5.1) using Qt 4.6.3

- What I was doing when the application crashed:
I have try to open the url: http://html5test.com/

-- Backtrace (Reduced):
#6  0x00007f78c6621686 in IA__gdk_pixbuf_new_from_data (data=0x7f78cf4410c4 "\377\377\377", colorspace=<value optimized out>, has_alpha=1, bits_per_sample=<value optimized out>, width=64, height=64, 
    rowstride=256, destroy_fn=0, destroy_fn_data=0x7f78cf4410c4) at gdk-pixbuf-data.c:76
#7  0x00007f78c66289bf in IA__gdk_pixbuf_from_pixdata (pixdata=0x7fff151fe1a0, copy_pixels=<value optimized out>, error=<value optimized out>) at gdk-pixdata.c:497
#8  0x00007f78c6628c9e in IA__gdk_pixbuf_new_from_inline (data_length=<value optimized out>, data=<value optimized out>, copy_pixels=0, error=0x0) at gdk-pixdata.c:899
[...]
[...]
#11 0x00007f78dae5983b in WebCore::PluginPackage::load (this=0x7f78cf9c1000) at plugins/qt/PluginPackageQt.cpp:131
#12 0x00007f78dae5a6d9 in WebCore::PluginPackage::fetchInfo (this=0x4) at plugins/qt/PluginPackageQt.cpp:40

Comment 18 Tommi Tervo 2010-10-03 21:39:41 UTC

*** Bug 253158 has been marked as a duplicate of this bug. ***