Bug 260623

Summary: Konqueror crashed when loading few web pages opened from Plasma rss news widget
Product: [Frameworks and Libraries] kwebkitpart Reporter: Marko Hänninen <bugitus>
Component: generalAssignee: webkit-devel
Status: RESOLVED WORKSFORME    
Severity: crash CC: adawit, andresbajotierra
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Compiled Sources   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Marko Hänninen 2010-12-18 11:36:32 UTC 
Application: konqueror (4.5.4 (KDE 4.5.4))
KDE Platform Version: 4.5.4 (KDE 4.5.4) (Compiled from sources)
Qt Version: 4.7.1
Operating System: Linux 2.6.36.2 x86_64
Distribution (Platform): Gentoo Packages

-- Information about the crash:
- What I was doing when the application crashed:
I opened few web pages (maybe 5) from Plasma rss news widget and Konqueror crashed during loading the pages. The pages aren't the problem, I tried to open the very same pages again after the crash, and it didn't crash again. I have seen this same crash many times lately, but I can't reproduce it reliably.

- Custom settings of the application:
I use webkit in Konqueror.

I have following gentoo ebuilds installed:
kde-base/konqueror-4.5.4
kde-misc/kwebkitpart-0.9.6
x11-libs/qt-webkit-4.7.1-r1

The crash can be reproduced some of the time.

-- Backtrace:
Application: Konqueror (kdeinit4), signal: Segmentation fault
[Current thread is 1 (Thread 0x7f2347053760 (LWP 9727))]

Thread 5 (Thread 0x7f2330f20710 (LWP 9775)):
#0  0x00007f234593388c in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#1  0x00007f233d9619ad in WTF::TCMalloc_PageHeap::scavengerThread (this=<value optimized out>) at wtf/FastMalloc.cpp:2378
#2  0x00007f233d961aa9 in WTF::TCMalloc_PageHeap::runScavengerThread (context=0x7f233e0fabb4) at wtf/FastMalloc.cpp:1497
#3  0x00007f234592e9ca in start_thread () from /lib/libpthread.so.0
#4  0x00007f23446e587d in clone () from /lib/libc.so.6

Thread 4 (Thread 0x7f232aa87710 (LWP 9791)):
#0  0x00007f234593388c in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#1  0x00007f232cbf7141 in queue_processor(void*) () from /opt/icedtea6-bin-1.9.1/jre/lib/amd64/IcedTeaPlugin.so
#2  0x00007f234592e9ca in start_thread () from /lib/libpthread.so.0
#3  0x00007f23446e587d in clone () from /lib/libc.so.6

Thread 3 (Thread 0x7f232a286710 (LWP 9792)):
#0  0x00007f234593388c in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#1  0x00007f232cbf7141 in queue_processor(void*) () from /opt/icedtea6-bin-1.9.1/jre/lib/amd64/IcedTeaPlugin.so
#2  0x00007f234592e9ca in start_thread () from /lib/libpthread.so.0
#3  0x00007f23446e587d in clone () from /lib/libc.so.6

Thread 2 (Thread 0x7f2329a85710 (LWP 9793)):
#0  0x00007f234593388c in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#1  0x00007f232cbf7141 in queue_processor(void*) () from /opt/icedtea6-bin-1.9.1/jre/lib/amd64/IcedTeaPlugin.so
#2  0x00007f234592e9ca in start_thread () from /lib/libpthread.so.0
#3  0x00007f23446e587d in clone () from /lib/libc.so.6

Thread 1 (Thread 0x7f2347053760 (LWP 9727)):
[KCrash Handler]
#6  0x0000000000000000 in ?? ()
#7  0x00007f233d6cd1d7 in WebCore::QNetworkReplyHandler::forwardData (this=0x1ee8f20) at platform/network/qt/QNetworkReplyHandler.cpp:399
#8  0x00007f233d6ce9c4 in WebCore::QNetworkReplyHandler::qt_metacall (this=0x1ee8f20, _c=QMetaObject::InvokeMetaMethod, _id=<value optimized out>, _a=0x7fffafd6a8b0)
    at .moc/release-shared/moc_QNetworkReplyHandler.cpp:86
#9  0x00007f2345cc5f1f in QMetaObject::activate (sender=0x1e99530, m=<value optimized out>, local_signal_index=<value optimized out>, argv=0xb0) at kernel/qobject.cpp:3272
#10 0x00007f233fbd0fc7 in KDEPrivate::AccessManagerReply::qt_metacall (this=0x1e99530, _c=QMetaObject::InvokeMetaMethod, _id=<value optimized out>, _a=0x7fffafd6aa20)
    at /var/tmp/portage/kde-base/kdelibs-4.5.4/work/kdelibs-4.5.4_build/kio/accessmanagerreply_p.moc:81
#11 0x00007f2345cc5f1f in QMetaObject::activate (sender=0x1df2c60, m=<value optimized out>, local_signal_index=<value optimized out>, argv=0xb0) at kernel/qobject.cpp:3272
#12 0x00007f233fc05134 in KIO::TransferJob::data (this=0x7f2324a9b510, _t1=0x1df2c60, _t2=<value optimized out>)
    at /var/tmp/portage/kde-base/kdelibs-4.5.4/work/kdelibs-4.5.4_build/kio/jobclasses.moc:388
#13 0x00007f233fc078a0 in KIO::TransferJob::slotData (this=0x1df2c60, _data=...) at /var/tmp/portage/kde-base/kdelibs-4.5.4/work/kdelibs-4.5.4/kio/kio/job.cpp:1005
#14 0x00007f233fc0b0de in KIO::TransferJob::qt_metacall (this=0x1df2c60, _c=QMetaObject::InvokeMetaMethod, _id=<value optimized out>, _a=0x7fffafd6ac00)
    at /var/tmp/portage/kde-base/kdelibs-4.5.4/work/kdelibs-4.5.4_build/kio/jobclasses.moc:368
#15 0x00007f2345cc5f1f in QMetaObject::activate (sender=0x1e4c0b0, m=<value optimized out>, local_signal_index=<value optimized out>, argv=0xb0) at kernel/qobject.cpp:3272
#16 0x00007f233fcb66c2 in KIO::SlaveInterface::data (this=0x7f2324a9b510, _t1=<value optimized out>) at /var/tmp/portage/kde-base/kdelibs-4.5.4/work/kdelibs-4.5.4_build/kio/slaveinterface.moc:146
#17 0x00007f233fcb99b5 in KIO::SlaveInterface::dispatch (this=0x1e4c0b0, _cmd=100, rawdata=...) at /var/tmp/portage/kde-base/kdelibs-4.5.4/work/kdelibs-4.5.4/kio/kio/slaveinterface.cpp:163
#18 0x00007f233fcb696c in KIO::SlaveInterface::dispatch (this=0x1e4c0b0) at /var/tmp/portage/kde-base/kdelibs-4.5.4/work/kdelibs-4.5.4/kio/kio/slaveinterface.cpp:91
#19 0x00007f233fcaa526 in KIO::Slave::gotInput (this=0x1e4c0b0) at /var/tmp/portage/kde-base/kdelibs-4.5.4/work/kdelibs-4.5.4/kio/kio/slave.cpp:347
#20 0x00007f233fcaa704 in KIO::Slave::qt_metacall (this=0x1e4c0b0, _c=QMetaObject::InvokeMetaMethod, _id=<value optimized out>, _a=0x7fffafd6b040)
    at /var/tmp/portage/kde-base/kdelibs-4.5.4/work/kdelibs-4.5.4_build/kio/slave.moc:82
#21 0x00007f2345cc5f1f in QMetaObject::activate (sender=0x14b4e40, m=<value optimized out>, local_signal_index=<value optimized out>, argv=0xb0) at kernel/qobject.cpp:3272
#22 0x00007f233fbda12d in KIO::ConnectionPrivate::dequeue (this=0x1d5fda0) at /var/tmp/portage/kde-base/kdelibs-4.5.4/work/kdelibs-4.5.4/kio/kio/connection.cpp:82
#23 0x00007f233fbda23d in KIO::Connection::qt_metacall (this=0x14b4e40, _c=QMetaObject::InvokeMetaMethod, _id=<value optimized out>, _a=0x1376c00)
    at /var/tmp/portage/kde-base/kdelibs-4.5.4/work/kdelibs-4.5.4_build/kio/connection.moc:79
#24 0x00007f2345cc016e in QObject::event (this=0x14b4e40, e=0x7f2324a9b510) at kernel/qobject.cpp:1211
#25 0x00007f2344e4fc4c in QApplicationPrivate::notify_helper (this=0x812e60, receiver=0x14b4e40, e=0xf17690) at kernel/qapplication.cpp:4445
#26 0x00007f2344e562ad in QApplication::notify (this=0x7fffafd6bcc0, receiver=0x14b4e40, e=0xf17690) at kernel/qapplication.cpp:4324
#27 0x00007f2346a3cb36 in KApplication::notify (this=0x7fffafd6bcc0, receiver=0x14b4e40, event=0xf17690)
    at /var/tmp/portage/kde-base/kdelibs-4.5.4/work/kdelibs-4.5.4/kdeui/kernel/kapplication.cpp:310
#28 0x00007f2345cae7ab in QCoreApplication::notifyInternal (this=0x7fffafd6bcc0, receiver=0x14b4e40, event=0xf17690) at kernel/qcoreapplication.cpp:732
#29 0x00007f2345cb1701 in QCoreApplication::sendEvent (receiver=0x0, event_type=<value optimized out>, data=0x7c2b00) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:215
#30 QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=<value optimized out>, data=0x7c2b00) at kernel/qcoreapplication.cpp:1373
#31 0x00007f2345cda353 in QCoreApplication::sendPostedEvents (s=0x838070) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:220
#32 postEventSourceDispatch (s=0x838070) at kernel/qeventdispatcher_glib.cpp:277
#33 0x00007f2341bb1a53 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#34 0x00007f2341bb5858 in g_main_context_iterate () from /usr/lib/libglib-2.0.so.0
#35 0x00007f2341bb5a14 in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#36 0x00007f2345cd9eb3 in QEventDispatcherGlib::processEvents (this=0x7c4d30, flags=<value optimized out>) at kernel/qeventdispatcher_glib.cpp:415
#37 0x00007f2344effcee in QGuiEventDispatcherGlib::processEvents (this=0x7f2324a9b510, flags=<value optimized out>) at kernel/qguieventdispatcher_glib.cpp:204
#38 0x00007f2345cad532 in QEventLoop::processEvents (this=<value optimized out>, flags=) at kernel/qeventloop.cpp:149
#39 0x00007f2345cad91d in QEventLoop::exec (this=0x7fffafd6bab0, flags=) at kernel/qeventloop.cpp:201
#40 0x00007f2345cb1913 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1009
#41 0x00007f233a1cd38a in kdemain (argc=<value optimized out>, argv=<value optimized out>) at /var/tmp/portage/kde-base/konqueror-4.5.4/work/konqueror-4.5.4/konqueror/src/konqmain.cpp:219
#42 0x0000000000407f33 in launch (argc=2, _name=<value optimized out>, args=<value optimized out>, cwd=<value optimized out>, envc=2, envs=<value optimized out>, reset_env=false, tty=0x0, 
    avoid_loops=false, startup_id_str=0x40b28b "0") at /var/tmp/portage/kde-base/kdelibs-4.5.4/work/kdelibs-4.5.4/kinit/kinit.cpp:716
#43 0x0000000000408b18 in handle_launcher_request (sock=8, who=<value optimized out>) at /var/tmp/portage/kde-base/kdelibs-4.5.4/work/kdelibs-4.5.4/kinit/kinit.cpp:1208
#44 0x0000000000409063 in handle_requests (waitForPid=0) at /var/tmp/portage/kde-base/kdelibs-4.5.4/work/kdelibs-4.5.4/kinit/kinit.cpp:1401
#45 0x0000000000409c16 in main (argc=4, argv=<value optimized out>, envp=<value optimized out>) at /var/tmp/portage/kde-base/kdelibs-4.5.4/work/kdelibs-4.5.4/kinit/kinit.cpp:1885

This bug may be a duplicate of or related to bug 247311.

Possible duplicates by query: bug 260264, bug 258205, bug 253340, bug 252473, bug 247311.

Reported using DrKonqi
Comment 1 Dario Andres 2010-12-18 13:43:54 UTC 
[Comment from a bug triager]
This looks related to bug 253340 and or bug 247311, so it could be fixed for KDE SC 4.6
Regards
Comment 2 Dawit Alemayehu 2010-12-18 19:32:24 UTC 
This makes no sense. The fix for this crash has been backported prior to the release of KDE 4.5.4. Specifically the crash at the following location

Thread 1 (Thread 0x7f2347053760 (LWP 9727)):
[KCrash Handler]
#6  0x0000000000000000 in ?? ()
#7  0x00007f233d6cd1d7 in WebCore::QNetworkReplyHandler::forwardData
(this=0x1ee8f20) at platform/network/qt/QNetworkReplyHandler.cpp:399

should only occur for the version of Qt you are using for versions of KDE where we incorrectly returned a NULL network reply pointer when we were unable to handle the requested operation. Returning a NULL causes QtWebKit to crash at line #399 because it does not check for a NULL pointer as can be seen in the link below:

http://gitorious.org/+qtwebkit-developers/webkit/qtwebkit/blobs/qtwebkit-2.0/WebCore/platform/network/qt/QNetworkReplyHandler.cpp

Since you compiled from source, can you please check to make sure the version of kdelibs/kio/kio/accessmanager.cpp you have, specially the default switch handler case (lines #167-171) matches the lines from the source code below:

http://websvn.kde.org/tags/KDE/4.5.4/kdelibs/kio/kio/accessmanager.cpp?revision=1193669&view=markup
Comment 3 Marko Hänninen 2010-12-19 10:59:40 UTC 
(In reply to comment #2)

> Since you compiled from source, can you please check to make sure the version
> of kdelibs/kio/kio/accessmanager.cpp you have, specially the default switch
> handler case (lines #167-171) matches the lines from the source code below:
> 
> http://websvn.kde.org/tags/KDE/4.5.4/kdelibs/kio/kio/accessmanager.cpp?revision=1193669&view=markup

Yes, they are exactly the same versions. I downloaded accessmanager.cpp from your url and diffed it with my sources. Also md5sums were same:  74e3e4b02c4b4855cd717bcfc0f3d451.

Maybe webkit should be patched to check null pointer? On the other hand that won't fix the originating problem, only hides it...
Comment 4 Dawit Alemayehu 2010-12-19 22:51:26 UTC 
(In reply to comment #3)
> (In reply to comment #2)
> 
> > Since you compiled from source, can you please check to make sure the version
> > of kdelibs/kio/kio/accessmanager.cpp you have, specially the default switch
> > handler case (lines #167-171) matches the lines from the source code below:
> > 
> > http://websvn.kde.org/tags/KDE/4.5.4/kdelibs/kio/kio/accessmanager.cpp?revision=1193669&view=markup
> 
> Yes, they are exactly the same versions. I downloaded accessmanager.cpp from
> your url and diffed it with my sources. Also md5sums were same: 
> 74e3e4b02c4b4855cd717bcfc0f3d451.
> 
> Maybe webkit should be patched to check null pointer? On the other hand that
> won't fix the originating problem, only hides it...

That is just it... We do not return a NULL reply pointer anymore starting with KDE 4.5.4 ; so the crash should not be because of that. The only difference in your backtrace is that there is an additional unknown code path hit before the crash, i.e. the 

[KCrash Handler]
#6  0x0000000000000000 in ?? ()

so it might be a different cause for the crash, but still without being able to duplicate the issue or somehow find a way to reproduce it, I dunnot what to tell you...
Comment 5 Dawit Alemayehu 2011-04-25 19:51:15 UTC 
Is this issue still valid ? I have been unable to reproduce after the original fix that was committed prior to 4.5.4.
Comment 6 Marko Hänninen 2011-05-14 08:42:04 UTC 
(In reply to comment #5)
> Is this issue still valid ? I have been unable to reproduce after the original
> fix that was committed prior to 4.5.4.

Sorry that it took so long time to reply. The problem seems to be vanished with some update, but I can't tell which one. Right now I'm using KDE 4.6.3 with QT 4.7.3 and everything is working again =)

Thanks for investigating the issue!