Bug 233048

Summary: Reiable crash when accessing http://eh2010.muc.ccc.de/
Product: [Unmaintained] kdelibs Reporter: Richard Hartmann <richih-kde>
Component: kdewebkitAssignee: webkit-devel
Status: RESOLVED UPSTREAM    
Severity: crash CC: adawit, cfeck, kylemilz
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Debian unstable   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: New crash information added by DrKonqi

Description Richard Hartmann 2010-04-02 10:49:59 UTC 
Application: konqueror (4.4.2 (KDE 4.4.2))
KDE Platform Version: 4.4.2 (KDE 4.4.2)
Qt Version: 4.6.2
Operating System: Linux 2.6.31-1-686 i686
Distribution: Debian GNU/Linux unstable (sid)

-- Information about the crash:
When I navigate to http://eh2010.muc.ccc.de/ , Konqui segfaults each and every time

The crash can be reproduced every time.

 -- Backtrace:
Application: Konqueror (konqueror), signal: Segmentation fault
[Current thread is 1 (Thread 0xb53f2700 (LWP 3787))]

Thread 3 (Thread 0xb0c41b70 (LWP 4032)):
#0  0xb7731424 in __kernel_vsyscall ()
#1  0xb580b3d2 in pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/i386/i686/../i486/pthread_cond_timedwait.S:179
#2  0xb75d7864 in __pthread_cond_timedwait (cond=0x95f5fa0, mutex=0x95f5f88, abstime=0xb0c412d0) at forward.c:152
#3  0xb68147ef in QWaitConditionPrivate::wait (this=0x960de9c, mutex=0x960de98, time=30000) at thread/qwaitcondition_unix.cpp:85
#4  QWaitCondition::wait (this=0x960de9c, mutex=0x960de98, time=30000) at thread/qwaitcondition_unix.cpp:159
#5  0xb6808b7b in QThreadPoolThread::run (this=0x95f9738) at concurrent/qthreadpool.cpp:140
#6  0xb681393e in QThreadPrivate::start (arg=0x95f9738) at thread/qthread_unix.cpp:248
#7  0xb5807585 in start_thread (arg=0xb0c41b70) at pthread_create.c:300
#8  0xb75ca29e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130

Thread 2 (Thread 0xaedccb70 (LWP 4033)):
#0  0xb7731424 in __kernel_vsyscall ()
#1  0xb580b0a5 in pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/i386/i686/../i486/pthread_cond_wait.S:122
#2  0xb75d780d in __pthread_cond_wait (cond=0xb028a60c, mutex=0xb028a5f4) at forward.c:139
#3  0xaf4db207 in ?? () from /usr/lib/libQtWebKit.so.4
#4  0xaf4db251 in ?? () from /usr/lib/libQtWebKit.so.4
#5  0xb5807585 in start_thread (arg=0xaedccb70) at pthread_create.c:300
#6  0xb75ca29e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130

Thread 1 (Thread 0xb53f2700 (LWP 3787)):
[KCrash Handler]
#6  0xb5674e2d in FT_Get_PS_Font_Info () from /usr/lib/libfreetype.so.6
#7  0xb6104f3f in QFontEngineFT::init (this=0x8bbeca8, faceId=..., antialias=true, format=QFontEngineFT::Format_A8) at text/qfontengine_ft.cpp:671
#8  0xb60ff90c in QFontEngineX11FT (this=0x8bbeca8, pattern=0x95f7be0, fd=..., screen=0) at text/qfontengine_x11.cpp:1107
#9  0xb60446e7 in tryPatternLoad (p=<value optimized out>, screen=<value optimized out>, request=..., script=0, matchedPattern=0xbfe00424) at text/qfontdatabase_x11.cpp:1638
#10 0xb604d4da in loadFc (d=0x970b6d8, script=0) at text/qfontdatabase_x11.cpp:1706
#11 QFontDatabase::load (d=0x970b6d8, script=0) at text/qfontdatabase_x11.cpp:1939
#12 0xb6025c00 in QFontPrivate::engineForScript (this=0x970b6d8, script=0) at text/qfont.cpp:270
#13 0xb6060e78 in QTextEngine::fontEngine (this=0xbfe00eec, si=..., ascent=0x8909be0, descent=0x8909bdc, leading=0x8909be4) at text/qtextengine.cpp:1772
#14 0xb60644ce in QTextEngine::shapeTextWithHarfbuzz (this=0xbfe00eec, item=0) at text/qtextengine.cpp:1122
#15 0xb606559a in QTextEngine::shapeText (this=0xbfe00eec, item=0) at text/qtextengine.cpp:874
#16 0xb6065a5a in QTextEngine::shape (this=0xbfe00eec, item=0) at text/qtextengine.cpp:1359
#17 0xb6068ed6 in QTextEngine::shapeLine (this=0xbfe00eec, line=...) at text/qtextengine.cpp:844
#18 0xb5f5d0fd in QPainter::drawText (this=0xbfe0581c, p=..., str=..., tf=131072, justificationPadding=0) at painting/qpainter.cpp:5732
#19 0xaf96cede in ?? () from /usr/lib/libQtWebKit.so.4
#20 0xaf841788 in ?? () from /usr/lib/libQtWebKit.so.4
#21 0xaf844262 in ?? () from /usr/lib/libQtWebKit.so.4
#22 0xaf89fb39 in ?? () from /usr/lib/libQtWebKit.so.4
#23 0xaf8a346e in ?? () from /usr/lib/libQtWebKit.so.4
#24 0xaf89ee1a in ?? () from /usr/lib/libQtWebKit.so.4
#25 0xaf89ee1a in ?? () from /usr/lib/libQtWebKit.so.4
#26 0xaf89ee1a in ?? () from /usr/lib/libQtWebKit.so.4
#27 0xaf940d80 in ?? () from /usr/lib/libQtWebKit.so.4
#28 0xaf8fbcbb in ?? () from /usr/lib/libQtWebKit.so.4
#29 0xaf8aed13 in ?? () from /usr/lib/libQtWebKit.so.4
#30 0xaf8b5535 in ?? () from /usr/lib/libQtWebKit.so.4
#31 0xaf8af9c7 in ?? () from /usr/lib/libQtWebKit.so.4
#32 0xaf8aeb3a in ?? () from /usr/lib/libQtWebKit.so.4
#33 0xaf8b5535 in ?? () from /usr/lib/libQtWebKit.so.4
#34 0xaf8af9c7 in ?? () from /usr/lib/libQtWebKit.so.4
#35 0xaf8ff6c9 in ?? () from /usr/lib/libQtWebKit.so.4
#36 0xaf8aeb3a in ?? () from /usr/lib/libQtWebKit.so.4
#37 0xaf8b5535 in ?? () from /usr/lib/libQtWebKit.so.4
#38 0xaf8af9c7 in ?? () from /usr/lib/libQtWebKit.so.4
#39 0xaf8aeb3a in ?? () from /usr/lib/libQtWebKit.so.4
#40 0xaf8b5535 in ?? () from /usr/lib/libQtWebKit.so.4
#41 0xaf8af9c7 in ?? () from /usr/lib/libQtWebKit.so.4
#42 0xaf8aeb3a in ?? () from /usr/lib/libQtWebKit.so.4
#43 0xaf8b5535 in ?? () from /usr/lib/libQtWebKit.so.4
#44 0xaf8af9c7 in ?? () from /usr/lib/libQtWebKit.so.4
#45 0xaf8a7b9a in ?? () from /usr/lib/libQtWebKit.so.4
#46 0xaf8b556c in ?? () from /usr/lib/libQtWebKit.so.4
#47 0xaf8af9c7 in ?? () from /usr/lib/libQtWebKit.so.4
#48 0xaf8a7b71 in ?? () from /usr/lib/libQtWebKit.so.4
#49 0xaf8b556c in ?? () from /usr/lib/libQtWebKit.so.4
#50 0xaf8af9c7 in ?? () from /usr/lib/libQtWebKit.so.4
#51 0xaf8aeb3a in ?? () from /usr/lib/libQtWebKit.so.4
#52 0xaf8b5535 in ?? () from /usr/lib/libQtWebKit.so.4
#53 0xaf8af9c7 in ?? () from /usr/lib/libQtWebKit.so.4
#54 0xaf8fa1b4 in ?? () from /usr/lib/libQtWebKit.so.4
#55 0xaf8f9a79 in ?? () from /usr/lib/libQtWebKit.so.4
#56 0xaf8fa341 in ?? () from /usr/lib/libQtWebKit.so.4
#57 0xaf81b66d in ?? () from /usr/lib/libQtWebKit.so.4
#58 0xaf9ae06e in ?? () from /usr/lib/libQtWebKit.so.4
#59 0xaf9ae24a in QWebFrame::render(QPainter*, QRegion const&) () from /usr/lib/libQtWebKit.so.4
#60 0xaf9c2232 in QWebView::paintEvent(QPaintEvent*) () from /usr/lib/libQtWebKit.so.4
#61 0xb5e40c56 in QWidget::event (this=0x9587ea0, event=0xbfe05e14) at kernel/qwidget.cpp:8144
#62 0xaf9c22f3 in QWebView::event(QEvent*) () from /usr/lib/libQtWebKit.so.4
#63 0xb5de2bec in QApplicationPrivate::notify_helper (this=0x85a3780, receiver=0x9587ea0, e=0xbfe05e14) at kernel/qapplication.cpp:4300
#64 0xb5de97d9 in QApplication::notify (this=0xbfe06d00, receiver=0x9587ea0, e=0xbfe05e14) at kernel/qapplication.cpp:4265
#65 0xb6e637aa in KApplication::notify (this=0xbfe06d00, receiver=0x9587ea0, event=0xbfe05e14) at ../../kdeui/kernel/kapplication.cpp:302
#66 0xb691576b in QCoreApplication::notifyInternal (this=0xbfe06d00, receiver=0x9587ea0, event=0xbfe05e14) at kernel/qcoreapplication.cpp:704
#67 0xb5e49f76 in QCoreApplication::sendSpontaneousEvent (this=0x9588738, pdev=0x86243c4, rgn=..., offset=..., flags=<value optimized out>, sharedPainter=0x0, backingStore=0x8911880)
    at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:218
#68 QWidgetPrivate::drawWidget (this=0x9588738, pdev=0x86243c4, rgn=..., offset=..., flags=<value optimized out>, sharedPainter=0x0, backingStore=0x8911880) at kernel/qwidget.cpp:5339
#69 0xb601ee5b in QWidgetBackingStore::sync (this=0x8911880) at painting/qbackingstore.cpp:1283
#70 0xb5e3a6e3 in QWidgetPrivate::syncBackingStore (this=0x8638f50) at kernel/qwidget.cpp:1672
#71 0xb5e41416 in QWidget::event (this=0x863b548, event=0x965ed08) at kernel/qwidget.cpp:8291
#72 0xb62581f7 in QMainWindow::event (this=0x863b548, event=0x965ed08) at widgets/qmainwindow.cpp:1433
#73 0xb6f545b4 in KMainWindow::event (this=0x863b548, ev=0x965ed08) at ../../kdeui/widgets/kmainwindow.cpp:1103
#74 0xb6f9c30f in KXmlGuiWindow::event (this=0x863b548, ev=0x965ed08) at ../../kdeui/xmlgui/kxmlguiwindow.cpp:131
#75 0xb76ec9ad in KonqMainWindow::event (this=0x863b548, e=0x965ed08) at ../../../../apps/konqueror/src/konqmainwindow.cpp:5644
#76 0xb5de2bec in QApplicationPrivate::notify_helper (this=0x85a3780, receiver=0x863b548, e=0x965ed08) at kernel/qapplication.cpp:4300
#77 0xb5de97d9 in QApplication::notify (this=0xbfe06d00, receiver=0x863b548, e=0x965ed08) at kernel/qapplication.cpp:4265
#78 0xb6e637aa in KApplication::notify (this=0xbfe06d00, receiver=0x863b548, event=0x965ed08) at ../../kdeui/kernel/kapplication.cpp:302
#79 0xb691576b in QCoreApplication::notifyInternal (this=0xbfe06d00, receiver=0x863b548, event=0x965ed08) at kernel/qcoreapplication.cpp:704
#80 0xb6918143 in QCoreApplication::sendEvent (receiver=0x0, event_type=0, data=0x858bf40) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:215
#81 QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x858bf40) at kernel/qcoreapplication.cpp:1345
#82 0xb69182ad in QCoreApplication::sendPostedEvents (receiver=0x0, event_type=0) at kernel/qcoreapplication.cpp:1238
#83 0xb694169f in QCoreApplication::sendPostedEvents (s=0x85a5b10) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:220
#84 postEventSourceDispatch (s=0x85a5b10) at kernel/qeventdispatcher_glib.cpp:276
#85 0xb5775b38 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#86 0xb57793d0 in ?? () from /lib/libglib-2.0.so.0
#87 0xb5779503 in g_main_context_iteration () from /lib/libglib-2.0.so.0
#88 0xb6941195 in QEventDispatcherGlib::processEvents (this=0x858bc00, flags=...) at kernel/qeventdispatcher_glib.cpp:412
#89 0xb5ea1145 in QGuiEventDispatcherGlib::processEvents (this=0x858bc00, flags=...) at kernel/qguieventdispatcher_glib.cpp:204
#90 0xb6913d89 in QEventLoop::processEvents (this=0xbfe06b54, flags=) at kernel/qeventloop.cpp:149
#91 0xb69141da in QEventLoop::exec (this=0xbfe06b54, flags=...) at kernel/qeventloop.cpp:201
#92 0xb691836f in QCoreApplication::exec () at kernel/qcoreapplication.cpp:981
#93 0xb5de2c87 in QApplication::exec () at kernel/qapplication.cpp:3579
#94 0xb77169cf in kdemain (argc=2, argv=0xbfe06ff4) at ../../../../apps/konqueror/src/konqmain.cpp:257
#95 0x080485fb in main (argc=2, argv=0xbfe06ff4) at konqueror_dummy.cpp:3

Reported using DrKonqi
Comment 1 Dawit Alemayehu 2010-04-02 17:43:25 UTC 
This crash is in QtWebKit and we usually request that a ticket be opened upstream. However, I am currently using the upcoming release of QtWebKit 2.0 (more recent version than the one you are using) and I cannot duplicate this crash. That website works fine here with the recent version.

As such please feel free to reopen this ticket if you can duplicate the bug once QtWebKit 2.0 comes out probably sometime in May. Thanks for the report.
Comment 2 Kyle 2010-07-27 02:29:53 UTC 
Created attachment 49506 [details]
New crash information added by DrKonqi

konqueror (4.5.60 (KDE 4.5.60 (KDE 4.6 >= 20100627))) on KDE Platform 4.5.61 (KDE 4.5.61 (KDE 4.6 >= 20100724)) using Qt 4.8.0

- What I was doing when the application crashed:

Going to lots of websites with pictures, in general, crash frequently. I also crash when I go to the link supplied by the bug this one is attached to.

-- Backtrace (Reduced):
#7  0x00007fa1ed50a590 in QTextEngine::fontEngine (this=0x13fec50, si=..., ascent=0x354151c, descent=<value optimized out>, leading=<value optimized out>) at text/qtextengine.cpp:1830
#8  0x00007fa1ed50b690 in QTextEngine::shapeTextWithHarfbuzz (this=0x13fec50, item=0) at text/qtextengine.cpp:1122
#9  0x00007fa1ed50c013 in QTextEngine::shapeText (this=0x13fec50, item=0) at text/qtextengine.cpp:874
#10 0x00007fa1ed50c39d in QTextEngine::shape (this=0x13fec50, item=0) at text/qtextengine.cpp:1358
#11 0x00007fa1ed50ddb5 in QTextEngine::shapeLine (this=0x13fec50, line=...) at text/qtextengine.cpp:844
Comment 3 Richard Hartmann 2010-07-27 10:16:46 UTC 
Reopening so #2 by Kyle does not get lost.
Comment 4 Dawit Alemayehu 2010-07-27 17:10:26 UTC 
(In reply to comment #3)
> Reopening so #2 by Kyle does not get lost.

(In reply to comment #2)
> Created an attachment (id=49506) [details]
> New crash information added by DrKonqi
> 
> konqueror (4.5.60 (KDE 4.5.60 (KDE 4.6 >= 20100627))) on KDE Platform 4.5.61
> (KDE 4.5.61 (KDE 4.6 >= 20100724)) using Qt 4.8.0

Qt 4.8.0 ??? Are you using the latest trunk version of Qt or did you mean one of the RC releases of Qt 4.7.0 ??

> - What I was doing when the application crashed:
> 
> Going to lots of websites with pictures, in general, crash frequently. I also
> crash when I go to the link supplied by the bug this one is attached to.
> 
> -- Backtrace (Reduced):
> #7  0x00007fa1ed50a590 in QTextEngine::fontEngine (this=0x13fec50, si=...,
> ascent=0x354151c, descent=<value optimized out>, leading=<value optimized out>)
> at text/qtextengine.cpp:1830
> #8  0x00007fa1ed50b690 in QTextEngine::shapeTextWithHarfbuzz (this=0x13fec50,
> item=0) at text/qtextengine.cpp:1122
> #9  0x00007fa1ed50c013 in QTextEngine::shapeText (this=0x13fec50, item=0) at
> text/qtextengine.cpp:874
> #10 0x00007fa1ed50c39d in QTextEngine::shape (this=0x13fec50, item=0) at
> text/qtextengine.cpp:1358
> #11 0x00007fa1ed50ddb5 in QTextEngine::shapeLine (this=0x13fec50, line=...) at
> text/qtextengine.cpp:844
Comment 5 Dawit Alemayehu 2010-07-27 17:21:23 UTC 
(In reply to comment #3)
> Reopening so #2 by Kyle does not get lost.

Again as the original backtrace clearly shows, the crash seems to occur in Qt's font handling classes which is an upstream issue. The second backtrace is useless because it is missing critical information such as platform (read: distribution) and the actual point where the crash occurs. IOW, the whole backtrace needs to be posted.

Anyhow reopening this ticket will not get the issue fixed upstream for you guys since I do not have the time to track issues that far up the chain and still cannot reproduce this bug on Arch Linux, the latest KDE 4.5 branch and QtWebKit 2.0. My suggestion is for one of you to try and reproduce the bug with Arora, a Qt only based browser, to see if the issue is KDE specific...
Comment 6 Kyle 2010-07-29 04:07:25 UTC 
 On 07/27/10 09:21, Dawit Alemayehu wrote:
> https://bugs.kde.org/show_bug.cgi?id=233048
>
>
>
>
>
> --- Comment #5 from Dawit Alemayehu <adawit kde org>  2010-07-27 17:21:23 ---
> (In reply to comment #3)
>> Reopening so #2 by Kyle does not get lost.
> Again as the original backtrace clearly shows, the crash seems to occur in Qt's
> font handling classes which is an upstream issue. The second backtrace is
> useless because it is missing critical information such as platform (read:
> distribution) and the actual point where the crash occurs. IOW, the whole
> backtrace needs to be posted.
>
> Anyhow reopening this ticket will not get the issue fixed upstream for you guys
> since I do not have the time to track issues that far up the chain and still
> cannot reproduce this bug on Arch Linux, the latest KDE 4.5 branch and QtWebKit
> 2.0. My suggestion is for one of you to try and reproduce the bug with Arora, a
> Qt only based browser, to see if the issue is KDE specific...
>
Hi, this is on gentoo x86-64. I used the kde automatic bug reporter and
I thought it would submit distribution as well as my complete backtrace.

I will look at upstream qt and see if this bug is known over there.
Thanks for your time.
Comment 7 Christoph Feck 2010-08-08 23:52:15 UTC 
Could also simply be a freetype bug in FT_Get_PS_Font_Info(). It works here using both Konqueror in KHTML mode as well as in KWebKit mode, using freetype 2.3.12 and Qt from 4.7 branch.

Which freetype version do you use? There was some change around 2.3.8/2.3.9 time that could cause memory corruption in said function.