Bug 246457

Summary: Konqueror with WebKit crashed when selecting link to another site
Product: [Applications] konqueror Reporter: John Hudson <j.r.hudson>
Component: generalAssignee: Konqueror Developers <konq-bugs>
Status: RESOLVED DUPLICATE    
Severity: crash    
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: openSUSE   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description John Hudson 2010-08-01 21:28:23 UTC 
Application: konqueror (4.4.4 (KDE 4.4.4) "release 2")
KDE Platform Version: 4.4.4 (KDE 4.4.4) "release 2"
Qt Version: 4.6.3
Operating System: Linux 2.6.34-12-default i686
Distribution: "openSUSE 11.3 (i586)"

-- Information about the crash:
While viewing bradlug.co.uk in WebKit mode, I selected the Forum link to bradlug.proboards.com. This site showed briefly and then crashed.

I regularly view both sites independently with Konqueror, mostly in normal mode but sometimes with bradlug.co.uk in WebKit mode.

The crash can be reproduced every time.

 -- Backtrace:
Application: Konqueror (kdeinit4), signal: Segmentation fault
[Current thread is 1 (Thread 0xb5613710 (LWP 6752))]

Thread 3 (Thread 0xaf1e6b70 (LWP 6765)):
#0  0xffffe430 in __kernel_vsyscall ()
#1  0xb6c0b452 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#2  0xb6c8069c in wait (this=0x88b2734, mutex=0x88b2730, time=30000) at thread/qwaitcondition_unix.cpp:85
#3  QWaitCondition::wait (this=0x88b2734, mutex=0x88b2730, time=30000) at thread/qwaitcondition_unix.cpp:159
#4  0xb6c75cc4 in QThreadPoolThread::run (this=0x885b010) at concurrent/qthreadpool.cpp:140
#5  0xb6c8004f in QThreadPrivate::start (arg=0x885b010) at thread/qthread_unix.cpp:248
#6  0xb6c06b25 in start_thread () from /lib/libpthread.so.0
#7  0xb5ff346e in clone () from /lib/libc.so.6

Thread 2 (Thread 0xb01e8b70 (LWP 6771)):
#0  0xffffe430 in __kernel_vsyscall ()
#1  0xb6c0b125 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#2  0xb430d157 in WTF::TCMalloc_PageHeap::scavengerThread() () from /usr/lib/libQtWebKit.so.4
#3  0xb430d19f in WTF::TCMalloc_PageHeap::runScavengerThread(void*) () from /usr/lib/libQtWebKit.so.4
#4  0xb6c06b25 in start_thread () from /lib/libpthread.so.0
#5  0xb5ff346e in clone () from /lib/libc.so.6

Thread 1 (Thread 0xb5613710 (LWP 6752)):
[KCrash Handler]
#6  0xade4863c in IA__gdk_pixbuf_new_from_data (data=0xacfba964 "\377\377\377", colorspace=GDK_COLORSPACE_RGB, has_alpha=1, bits_per_sample=8, width=64, height=64, rowstride=256, destroy_fn=0, 
    destroy_fn_data=0xacfba964) at gdk-pixbuf-data.c:76
#7  0xade5040f in IA__gdk_pixbuf_from_pixdata (pixdata=0xbfe1d4a4, copy_pixels=<value optimized out>, error=0x0) at gdk-pixdata.c:497
#8  0xade53b53 in IA__gdk_pixbuf_new_from_inline (data_length=-1, data=0xacfba94c "GdkP", copy_pixels=0, error=0x0) at gdk-pixdata.c:899
#9  0xac6ae335 in ?? () from /usr/lib/browser-plugins/libflashplayer.so
#10 0xac6acd8e in ?? () from /usr/lib/browser-plugins/libflashplayer.so
#11 0xac6b128e in NP_Initialize () from /usr/lib/browser-plugins/libflashplayer.so
#12 0xb48352c9 in WebCore::PluginPackage::load() () from /usr/lib/libQtWebKit.so.4
#13 0xb4835324 in WebCore::PluginPackage::fetchInfo() () from /usr/lib/libQtWebKit.so.4
#14 0xb46eaacc in WebCore::PluginPackage::createPackage(WebCore::String const&, long const&) () from /usr/lib/libQtWebKit.so.4
#15 0xb46e8e2b in WebCore::PluginDatabase::refresh() () from /usr/lib/libQtWebKit.so.4
#16 0xb46e93a8 in WebCore::PluginDatabase::installedPlugins(bool) () from /usr/lib/libQtWebKit.so.4
#17 0xb480490c in WebCore::FrameLoaderClientQt::objectContentType(WebCore::KURL const&, WebCore::String const&) () from /usr/lib/libQtWebKit.so.4
#18 0xb4594a7a in WebCore::HTMLPlugInImageElement::isImageType() () from /usr/lib/libQtWebKit.so.4
#19 0xb4588363 in WebCore::HTMLObjectElement::parseMappedAttribute(WebCore::MappedAttribute*) () from /usr/lib/libQtWebKit.so.4
#20 0xb44a9a9b in WebCore::StyledElement::attributeChanged(WebCore::Attribute*, bool) () from /usr/lib/libQtWebKit.so.4
#21 0xb447bceb in WebCore::Element::setAttributeMap(WTF::PassRefPtr<WebCore::NamedNodeMap>) () from /usr/lib/libQtWebKit.so.4
#22 0xb4593997 in WebCore::HTMLParser::parseToken(WebCore::Token*) () from /usr/lib/libQtWebKit.so.4
#23 0xb45a57b9 in WebCore::HTMLTokenizer::processToken() () from /usr/lib/libQtWebKit.so.4
#24 0xb45ab377 in WebCore::HTMLTokenizer::parseTag(WebCore::SegmentedString&, WebCore::HTMLTokenizer::State) () from /usr/lib/libQtWebKit.so.4
#25 0xb45aeb10 in WebCore::HTMLTokenizer::write(WebCore::SegmentedString const&, bool) () from /usr/lib/libQtWebKit.so.4
#26 0xb4461dca in WebCore::Document::write(WebCore::SegmentedString const&, WebCore::Document*) () from /usr/lib/libQtWebKit.so.4
#27 0xb4371914 in WebCore::documentWrite(JSC::ExecState*, JSC::ArgList const&, WebCore::HTMLDocument*, WebCore::NewlineRequirement) () from /usr/lib/libQtWebKit.so.4
#28 0xb43725f7 in WebCore::JSHTMLDocument::write(JSC::ExecState*, JSC::ArgList const&) () from /usr/lib/libQtWebKit.so.4
#29 0xb4ad7693 in WebCore::jsHTMLDocumentPrototypeFunctionWrite(JSC::ExecState*, JSC::JSObject*, JSC::JSValue, JSC::ArgList const&) () from /usr/lib/libQtWebKit.so.4
#30 0xae9e216e in ?? ()
#31 0xb421f362 in JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::ScopeChainNode*, JSC::JSObject*, JSC::JSValue*) () from /usr/lib/libQtWebKit.so.4
#32 0xb4293450 in JSC::evaluate(JSC::ExecState*, JSC::ScopeChain&, JSC::SourceCode const&, JSC::JSValue) () from /usr/lib/libQtWebKit.so.4
#33 0xb439c566 in WebCore::evaluateInWorld(JSC::ExecState*, JSC::ScopeChain&, JSC::SourceCode const&, JSC::JSValue, WebCore::DOMWrapperWorld*) () from /usr/lib/libQtWebKit.so.4
#34 0xb43a6b6a in WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld*) () from /usr/lib/libQtWebKit.so.4
#35 0xb43a72db in WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&) () from /usr/lib/libQtWebKit.so.4
#36 0xb43ba1d6 in WebCore::ScriptController::executeScript(WebCore::ScriptSourceCode const&) () from /usr/lib/libQtWebKit.so.4
#37 0xb45a463c in WebCore::HTMLTokenizer::scriptExecution(WebCore::ScriptSourceCode const&, WebCore::HTMLTokenizer::State) () from /usr/lib/libQtWebKit.so.4
#38 0xb45a8b5d in WebCore::HTMLTokenizer::notifyFinished(WebCore::CachedResource*) () from /usr/lib/libQtWebKit.so.4
#39 0xb45e96cc in WebCore::CachedScript::checkNotify() () from /usr/lib/libQtWebKit.so.4
#40 0xb4622a4f in WebCore::Loader::Host::didFinishLoading(WebCore::SubresourceLoader*) () from /usr/lib/libQtWebKit.so.4
#41 0xb46356cd in WebCore::SubresourceLoader::didFinishLoading() () from /usr/lib/libQtWebKit.so.4
#42 0xb4630e7f in WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle*) () from /usr/lib/libQtWebKit.so.4
#43 0xb47e212e in WebCore::QNetworkReplyHandler::finish() () from /usr/lib/libQtWebKit.so.4
#44 0xb47e294c in WebCore::QNetworkReplyHandler::qt_metacall(QMetaObject::Call, int, void**) () from /usr/lib/libQtWebKit.so.4
#45 0xb6d7fefd in QMetaObject::metacall (object=0x8e9d3c8, cl=QMetaObject::InvokeMetaMethod, idx=5, argv=0x8a26c58) at kernel/qmetaobject.cpp:237
#46 0xb6d89945 in QMetaCallEvent::placeMetaCall (this=0x87b4490, object=0x8e9d3c8) at kernel/qobject.cpp:561
#47 0xb6d8c93f in QObject::event (this=0x8e9d3c8, e=0x87b4490) at kernel/qobject.cpp:1248
#48 0xb62b3c64 in QApplicationPrivate::notify_helper (this=0x80aa1d0, receiver=0x8e9d3c8, e=0x87b4490) at kernel/qapplication.cpp:4302
#49 0xb62bbbf7 in QApplication::notify (this=0xbfe1ef34, receiver=0x8e9d3c8, e=0x87b4490) at kernel/qapplication.cpp:3706
#50 0xb6fbd9d1 in KApplication::notify (this=0xbfe1ef34, receiver=0x8e9d3c8, event=0x87b4490) at /usr/src/debug/kdelibs-4.4.4/kdeui/kernel/kapplication.cpp:302
#51 0xb6d79e0e in QCoreApplication::notifyInternal (this=0xbfe1ef34, receiver=0x8e9d3c8, event=0x87b4490) at kernel/qcoreapplication.cpp:726
#52 0xb6d7d9b4 in sendEvent (receiver=0x0, event_type=0, data=0x805ae00) at kernel/qcoreapplication.h:215
#53 QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x805ae00) at kernel/qcoreapplication.cpp:1367
#54 0xb6d7db9c in QCoreApplication::sendPostedEvents (receiver=0x0, event_type=0) at kernel/qcoreapplication.cpp:1260
#55 0xb6da583d in sendPostedEvents (s=0x80acdb8) at kernel/qcoreapplication.h:220
#56 postEventSourceDispatch (s=0x80acdb8) at kernel/qeventdispatcher_glib.cpp:276
#57 0xb59fcb49 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#58 0xb59fd350 in ?? () from /usr/lib/libglib-2.0.so.0
#59 0xb59fd60e in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#60 0xb6da5d4b in QEventDispatcherGlib::processEvents (this=0x805ee10, flags=...) at kernel/qeventdispatcher_glib.cpp:412
#61 0xb636419a in QGuiEventDispatcherGlib::processEvents (this=0x805ee10, flags=...) at kernel/qguieventdispatcher_glib.cpp:204
#62 0xb6d7911d in QEventLoop::processEvents (this=0xbfe1ed44, flags=...) at kernel/qeventloop.cpp:149
#63 0xb6d79319 in QEventLoop::exec (this=0xbfe1ed44, flags=...) at kernel/qeventloop.cpp:201
#64 0xb6d7dc70 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1003
#65 0xb62b1164 in QApplication::exec () at kernel/qapplication.cpp:3581
#66 0xb34f4685 in kdemain (argc=2, argv=0x809e6b8) at /usr/src/debug/kdebase-4.4.4/apps/konqueror/src/konqmain.cpp:257
#67 0x0804e5b1 in _start ()

This bug may be a duplicate of or related to bug 246455.

Possible duplicates by query: bug 246455, bug 246199, bug 245945, bug 242209, bug 241734.

Reported using DrKonqi
Comment 1 Christoph Feck 2010-08-01 23:52:16 UTC 

*** This bug has been marked as a duplicate of bug 241702 ***
Comment 2 John Hudson 2010-08-02 00:18:47 UTC 
Though the backtrace may have revealed a similarity, neither of the sites concerned are obviously Javascript heavy sites and this is the first time I have experienced a crash while using Konqueror on either of them.

Also the symptoms were different from another Konqueror crash involving a Javascript heavy site where Konqueror crashed in both normal and WebKit mode. In this case the crash occurred as a pagelink within the site was selected and without showing any of the page selected.

In bug report 246457 the crash did not involve a pagelink within the site but a link to a different site and did not occur until after the second site had been displayed. That was why I reported it as a different bug.
Comment 3 John Hudson 2010-08-02 00:28:05 UTC 
I have been able to replicate the behaviour by directly loading the bradlug.proboards.com site with WebKit enabled; so ignore the last comment about the diagnosis; the different behaviour of the earlier WebKit/Javascript crash misled me.