Bug 278180

Summary: Konqueror crashed after viewing a page with embedded flash video.
Product: [Applications] konqueror Reporter: Gordon Robert Speirs <gordon>
Component: generalAssignee: Konqueror Bugs <konqueror-bugs-null>
Status: RESOLVED DUPLICATE    
Severity: crash CC: bugs.kde.org.id324, juusohe, martin
Priority: NOR    
Version First Reported In: unspecified   
Target Milestone: ---   
Platform: Fedora RPMs   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:
Attachments: New crash information added by DrKonqi
New crash information added by DrKonqi

Description Gordon Robert Speirs 2011-07-21 06:47:39 UTC 
Application: konqueror (4.6.3 (4.6.3))
KDE Platform Version: 4.6.3 (4.6.3)
Qt Version: 4.7.3
Operating System: Linux 2.6.38.8-35.fc15.x86_64 x86_64
Distribution (Platform): Fedora RPMs

-- Information about the crash:
- What I was doing when the application crashed:

Viewing a blog that had an embedded YouTube video in it. The clicked a link to view an entry and Konqueror crashed.

- Custom settings of the application:

I have the new libflashplayer 11 beta and using webkit, not KHTML.

The crash can be reproduced every time.

-- Backtrace:
Application: Konqueror (konqueror), signal: Segmentation fault
82	T_PSEUDO (SYSCALL_SYMBOL, SYSCALL_NAME, SYSCALL_NARGS)
[Current thread is 1 (Thread 0x7f2b98a7f840 (LWP 12433))]

Thread 5 (Thread 0x7f2b8b02a700 (LWP 12435)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:165
#1  0x0000003db60cb09a in WTF::TCMalloc_PageHeap::scavengerThread (this=0x3db68d02a0) at wtf/FastMalloc.cpp:2378
#2  0x0000003db60cb189 in WTF::TCMalloc_PageHeap::runScavengerThread (context=<optimized out>) at wtf/FastMalloc.cpp:1497
#3  0x0000003d88a07af1 in start_thread (arg=0x7f2b8b02a700) at pthread_create.c:305
#4  0x0000003d886dfb7d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115

Thread 4 (Thread 0x7f2b89821700 (LWP 12438)):
#0  pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:219
#1  0x0000003d9167454e in wait (time=30000, this=0x810820) at thread/qwaitcondition_unix.cpp:86
#2  QWaitCondition::wait (this=<optimized out>, mutex=0xdb5a00, time=30000) at thread/qwaitcondition_unix.cpp:160
#3  0x0000003d91668edf in QThreadPoolThread::run (this=0xdb5ad0) at concurrent/qthreadpool.cpp:140
#4  0x0000003d91674145 in QThreadPrivate::start (arg=0xdb5ad0) at thread/qthread_unix.cpp:320
#5  0x0000003d88a07af1 in start_thread (arg=0x7f2b89821700) at pthread_create.c:305
#6  0x0000003d886dfb7d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115

Thread 3 (Thread 0x7f2b7f45a700 (LWP 12446)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:165
#1  0x00007f2b82cd373c in ?? () from /home/grs/.mozilla/plugins/libflashplayer.so
#2  0x00007f2b82dee8c0 in ?? () from /home/grs/.mozilla/plugins/libflashplayer.so
#3  0x00007f2b82cd386c in ?? () from /home/grs/.mozilla/plugins/libflashplayer.so
#4  0x00007f2b82cd3d6e in ?? () from /home/grs/.mozilla/plugins/libflashplayer.so
#5  0x0000003d88a07af1 in start_thread (arg=0x7f2b7f45a700) at pthread_create.c:305
#6  0x0000003d886dfb7d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115

Thread 2 (Thread 0x7f2b7ec59700 (LWP 12447)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:165
#1  0x00007f2b82cd373c in ?? () from /home/grs/.mozilla/plugins/libflashplayer.so
#2  0x00007f2b82dee8c0 in ?? () from /home/grs/.mozilla/plugins/libflashplayer.so
#3  0x00007f2b82cd386c in ?? () from /home/grs/.mozilla/plugins/libflashplayer.so
#4  0x00007f2b82cd3d6e in ?? () from /home/grs/.mozilla/plugins/libflashplayer.so
#5  0x0000003d88a07af1 in start_thread (arg=0x7f2b7ec59700) at pthread_create.c:305
#6  0x0000003d886dfb7d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115

Thread 1 (Thread 0x7f2b98a7f840 (LWP 12433)):
[KCrash Handler]
#6  0x0000003d8c60f6ad in g_object_unref (_object=0x107e180) at gobject.c:2728
#7  0x00007f2b82cd0bb8 in ?? () from /home/grs/.mozilla/plugins/libflashplayer.so
#8  0x00007f2b82cd0d7d in ?? () from /home/grs/.mozilla/plugins/libflashplayer.so
#9  0x00007f2b82ccd440 in ?? () from /home/grs/.mozilla/plugins/libflashplayer.so
#10 0x00007f2b82cc6822 in ?? () from /home/grs/.mozilla/plugins/libflashplayer.so
#11 0x0000003db5d0164f in WebCore::PluginView::stop (this=0x7f2b88394380) at plugins/PluginView.cpp:380
#12 0x0000003db5d02573 in (anonymous namespace)::PluginView::~PluginView (this=0x7f2b88394380, __in_chrg=<optimized out>) at plugins/PluginView.cpp:287
#13 0x0000003db5d02d59 in (anonymous namespace)::PluginView::~PluginView (this=0x7f2b88394380, __in_chrg=<optimized out>) at plugins/PluginView.cpp:300
#14 0x0000003db5db5b40 in derefBase (this=<optimized out>) at ../JavaScriptCore/wtf/RefCounted.h:76
#15 deref (this=<optimized out>) at ../JavaScriptCore/wtf/RefCounted.h:108
#16 derefIfNotNull<WebCore::Widget> (ptr=<optimized out>) at ../JavaScriptCore/wtf/PassRefPtr.h:53
#17 ~RefPtr (this=<optimized out>, __in_chrg=<optimized out>) at ../JavaScriptCore/wtf/RefPtr.h:54
#18 ~pair (this=<optimized out>, __in_chrg=<optimized out>) at /usr/include/c++/4.6.0/bits/stl_pair.h:87
#19 WTF::HashTable<WTF::RefPtr<WebCore::Widget>, std::pair<WTF::RefPtr<WebCore::Widget>, WebCore::FrameView*>, WTF::PairFirstExtractor<std::pair<WTF::RefPtr<WebCore::Widget>, WebCore::FrameView*> >, WTF::PtrHash<WTF::RefPtr<WebCore::Widget> >, WTF::PairHashTraits<WTF::HashTraits<WTF::RefPtr<WebCore::Widget> >, WTF::HashTraits<WebCore::FrameView*> >, WTF::HashTraits<WTF::RefPtr<WebCore::Widget> > >::deallocateTable (table=0x7f2b88719c00, size=<optimized out>) at ../JavaScriptCore/wtf/HashTable.h:881
#20 0x0000003db5db684d in ~HashTable (this=0x7fff443cd2b0, __in_chrg=<optimized out>) at ../JavaScriptCore/wtf/HashTable.h:298
#21 ~HashMap (this=0x7fff443cd2b0, __in_chrg=<optimized out>) at ../JavaScriptCore/wtf/RefPtrHashMap.h:45
#22 WebCore::RenderWidget::resumeWidgetHierarchyUpdates () at rendering/RenderWidget.cpp:63
#23 0x0000003db5a4b534 in WebCore::ContainerNode::detach (this=0x7f2b8a744000) at dom/ContainerNode.cpp:626
#24 0x0000003db5a60b08 in WebCore::Document::detach (this=0x7f2b8a744000) at dom/Document.cpp:1554
#25 0x0000003db5c76258 in WebCore::Frame::setView (this=0x7f2b8a737000, view=...) at page/Frame.cpp:256
#26 0x0000003db5c7721f in WebCore::Frame::createView (this=0x7f2b8a737000, viewportSize=..., backgroundColor=..., transparent=false, fixedLayoutSize=..., useFixedLayout=false, horizontalScrollbarMode=(anonymous namespace)::ScrollbarAuto, horizontalLock=false, verticalScrollbarMode=(anonymous namespace)::ScrollbarAuto, verticalLock=false) at page/Frame.cpp:1785
#27 0x0000003db5e1a66f in WebCore::FrameLoaderClientQt::transitionToCommittedForNewPage (this=0xc1e040) at ../WebKit/qt/WebCoreSupport/FrameLoaderClientQt.cpp:231
#28 0x0000003db5c0a07b in WebCore::FrameLoader::transitionToCommitted (this=0x7f2b8a737060, cachedPage=...) at loader/FrameLoader.cpp:2598
#29 0x0000003db5c0cb07 in WebCore::FrameLoader::commitProvisionalLoad (this=0x7f2b8a737060, prpCachedPage=<optimized out>) at loader/FrameLoader.cpp:2460
#30 0x0000003db5bf5212 in WebCore::DocumentLoader::commitIfReady (this=<optimized out>) at loader/DocumentLoader.cpp:258
#31 0x0000003db5bf582c in WebCore::DocumentLoader::commitLoad (this=0x7f2b7d9a0680, data=0x116b458 "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n<html xmlns=\"http://www.w3.org/1999/xhtml\" dir=\"ltr\" lang=\"en-US\">\n\n<head prof"..., length=1399) at loader/DocumentLoader.cpp:278
#32 0x0000003db5c36b41 in WebCore::ResourceLoader::didReceiveData (this=0x7f2b8a796b00, data=0x116b458 "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n<html xmlns=\"http://www.w3.org/1999/xhtml\" dir=\"ltr\" lang=\"en-US\">\n\n<head prof"..., length=1399, lengthReceived=1399, allAtOnce=<optimized out>) at loader/ResourceLoader.cpp:260
#33 0x0000003db5c24b7c in WebCore::MainResourceLoader::didReceiveData (this=0x7f2b8a796b00, data=0x116b458 "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n<html xmlns=\"http://www.w3.org/1999/xhtml\" dir=\"ltr\" lang=\"en-US\">\n\n<head prof"..., length=1399, lengthReceived=1399, allAtOnce=false) at loader/MainResourceLoader.cpp:405
#34 0x0000003db5c36423 in WebCore::ResourceLoader::didReceiveData (this=0x7f2b8a796b00, data=0x116b458 "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n<html xmlns=\"http://www.w3.org/1999/xhtml\" dir=\"ltr\" lang=\"en-US\">\n\n<head prof"..., length=1399, lengthReceived=1399) at loader/ResourceLoader.cpp:431
#35 0x0000003db5dfcf73 in WebCore::QNetworkReplyHandler::forwardData (this=0xe447d0) at platform/network/qt/QNetworkReplyHandler.cpp:407
#36 0x0000003db5dfd904 in WebCore::QNetworkReplyHandler::qt_metacall (this=0xe447d0, _c=QMetaObject::InvokeMetaMethod, _id=<optimized out>, _a=0x7fff443cd860) at .moc/release-shared/moc_QNetworkReplyHandler.cpp:86
#37 0x0000003d9176ceba in QMetaObject::activate (sender=0x1168a50, m=<optimized out>, local_signal_index=<optimized out>, argv=0x0) at kernel/qobject.cpp:3278
#38 0x0000003daf8bd1a7 in ?? () from /usr/lib64/libkio.so.5
#39 0x0000003d9176ceba in QMetaObject::activate (sender=0x1165730, m=<optimized out>, local_signal_index=<optimized out>, argv=0x7fff443cd9c0) at kernel/qobject.cpp:3278
#40 0x0000003daf8f60b4 in KIO::TransferJob::data(KIO::Job*, QByteArray const&) () from /usr/lib64/libkio.so.5
#41 0x0000003daf8f6118 in KIO::TransferJob::slotData(QByteArray const&) () from /usr/lib64/libkio.so.5
#42 0x0000003daf8fa936 in KIO::TransferJob::qt_metacall(QMetaObject::Call, int, void**) () from /usr/lib64/libkio.so.5
#43 0x0000003d9176ceba in QMetaObject::activate (sender=0xb02b70, m=<optimized out>, local_signal_index=<optimized out>, argv=0x7fff443cdb50) at kernel/qobject.cpp:3278
#44 0x0000003daf99ac52 in KIO::SlaveInterface::data(QByteArray const&) () from /usr/lib64/libkio.so.5
#45 0x0000003daf99de80 in KIO::SlaveInterface::dispatch(int, QByteArray const&) () from /usr/lib64/libkio.so.5
#46 0x0000003daf99a645 in KIO::SlaveInterface::dispatch() () from /usr/lib64/libkio.so.5
#47 0x0000003daf98ddee in KIO::Slave::gotInput() () from /usr/lib64/libkio.so.5
#48 0x0000003daf98e43c in KIO::Slave::qt_metacall(QMetaObject::Call, int, void**) () from /usr/lib64/libkio.so.5
#49 0x0000003d9176ceba in QMetaObject::activate (sender=0xad7170, m=<optimized out>, local_signal_index=<optimized out>, argv=0x0) at kernel/qobject.cpp:3278
#50 0x0000003daf8c5c77 in ?? () from /usr/lib64/libkio.so.5
#51 0x0000003daf8c5d1d in KIO::Connection::qt_metacall(QMetaObject::Call, int, void**) () from /usr/lib64/libkio.so.5
#52 0x0000003d91770a7a in QObject::event (this=0xad7170, e=<optimized out>) at kernel/qobject.cpp:1217
#53 0x0000003dacbb7444 in notify_helper (e=0x1168800, receiver=0xad7170, this=0x73bde0) at kernel/qapplication.cpp:4462
#54 QApplicationPrivate::notify_helper (this=0x73bde0, receiver=0xad7170, e=0x1168800) at kernel/qapplication.cpp:4434
#55 0x0000003dacbbc2d1 in QApplication::notify (this=0x7fff443ceab0, receiver=0xad7170, e=0x1168800) at kernel/qapplication.cpp:4341
#56 0x0000003daee41806 in KApplication::notify(QObject*, QEvent*) () from /usr/lib64/libkdeui.so.5
#57 0x0000003d9175a1ac in QCoreApplication::notifyInternal (this=0x7fff443ceab0, receiver=0xad7170, event=0x1168800) at kernel/qcoreapplication.cpp:731
#58 0x0000003d9175d774 in sendEvent (event=0x1168800, receiver=0xad7170) at kernel/qcoreapplication.h:215
#59 QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x715210) at kernel/qcoreapplication.cpp:1372
#60 0x0000003d917848b3 in sendPostedEvents () at kernel/qcoreapplication.h:220
#61 postEventSourceDispatch (s=0x73f380) at kernel/qeventdispatcher_glib.cpp:277
#62 0x0000003d882427ed in g_main_dispatch (context=0x73e4e0) at gmain.c:2441
#63 g_main_context_dispatch (context=0x73e4e0) at gmain.c:3014
#64 0x0000003d88242fc8 in g_main_context_iterate (context=0x73e4e0, block=<optimized out>, dispatch=1, self=<optimized out>) at gmain.c:3092
#65 0x0000003d8824325c in g_main_context_iteration (context=0x73e4e0, may_block=1) at gmain.c:3155
#66 0x0000003d91784d0f in QEventDispatcherGlib::processEvents (this=0x716900, flags=<optimized out>) at kernel/qeventdispatcher_glib.cpp:422
#67 0x0000003dacc59fde in QGuiEventDispatcherGlib::processEvents (this=<optimized out>, flags=<optimized out>) at kernel/qguieventdispatcher_glib.cpp:207
#68 0x0000003d917596c2 in QEventLoop::processEvents (this=<optimized out>, flags=...) at kernel/qeventloop.cpp:149
#69 0x0000003d917598bf in QEventLoop::exec (this=0x7fff443ce900, flags=...) at kernel/qeventloop.cpp:201
#70 0x0000003d9175da07 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1008
#71 0x0000003dab0b38c2 in kdemain () from /usr/lib64/libkdeinit4_konqueror.so
#72 0x0000003d8862139d in __libc_start_main (main=0x4007b0, argc=2, ubp_av=0x7fff443cf348, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fff443cf338) at libc-start.c:226
#73 0x00000000004007e1 in _start ()

Reported using DrKonqi
Comment 1 Martin Koller 2011-07-23 16:50:42 UTC 
The crash seems to come from inside the flashplayer itself, which is not a KDE product.
Comment 2 Dawit Alemayehu 2011-11-21 19:04:01 UTC 
*** Bug 286925 has been marked as a duplicate of this bug. ***
Comment 3 Victor B. Gonzalez 2011-11-28 08:37:27 UTC 
Created attachment 66139 [details]
New crash information added by DrKonqi

konqueror (4.7.3 (4.7.3)) on KDE Platform 4.7.3 (4.7.3) using Qt 4.8.0

- What I was doing when the application crashed:

Just finished installing flash 11 x64 from the official adobe repo.

- Custom settings of the application:

Using webkit for konqueror, visting a youtube page caused a consistent crash. Visiting the same page using KHTML, the crash didn't occur. The crash was 100% consistent using webkit.

-- Backtrace (Reduced):
#11 0x00000033bf31442a in WebCore::PluginView::stop (this=0x7f8467b2b340) at ../../../Source/WebCore/plugins/PluginView.cpp:385
#12 0x00000033bf316021 in (anonymous namespace)::PluginView::~PluginView (this=0x7f8467b2b340, __in_chrg=<optimized out>) at ../../../Source/WebCore/plugins/PluginView.cpp:301
#13 0x00000033bf3167b9 in (anonymous namespace)::PluginView::~PluginView (this=0x7f8467b2b340, __in_chrg=<optimized out>) at ../../../Source/WebCore/plugins/PluginView.cpp:314
[...]
#15 derefIfNotNull<WebCore::Widget> (ptr=<optimized out>) at ../../../Source/JavaScriptCore/wtf/PassRefPtr.h:59
#16 derefIfNotNull<WebCore::Widget> (ptr=<optimized out>) at ../../../Source/JavaScriptCore/wtf/HashTable.h:888
Comment 4 Victor B. Gonzalez 2011-11-28 08:37:28 UTC 
Created attachment 66140 [details]
New crash information added by DrKonqi

konqueror (4.7.3 (4.7.3)) on KDE Platform 4.7.3 (4.7.3) using Qt 4.8.0

- What I was doing when the application crashed:

Just finished installing flash 11 x64 from the official adobe repo.

- Custom settings of the application:

Using webkit for konqueror, visting a youtube page caused a consistent crash. Visiting the same page using KHTML, the crash didn't occur. The crash was 100% consistent using webkit.

-- Backtrace (Reduced):
#11 0x00000033bf31442a in WebCore::PluginView::stop (this=0x7f8467b2b340) at ../../../Source/WebCore/plugins/PluginView.cpp:385
#12 0x00000033bf316021 in (anonymous namespace)::PluginView::~PluginView (this=0x7f8467b2b340, __in_chrg=<optimized out>) at ../../../Source/WebCore/plugins/PluginView.cpp:301
#13 0x00000033bf3167b9 in (anonymous namespace)::PluginView::~PluginView (this=0x7f8467b2b340, __in_chrg=<optimized out>) at ../../../Source/WebCore/plugins/PluginView.cpp:314
[...]
#15 derefIfNotNull<WebCore::Widget> (ptr=<optimized out>) at ../../../Source/JavaScriptCore/wtf/PassRefPtr.h:59
#16 derefIfNotNull<WebCore::Widget> (ptr=<optimized out>) at ../../../Source/JavaScriptCore/wtf/HashTable.h:888
Comment 5 Myriam Schweingruber 2011-12-09 12:02:09 UTC 

*** This bug has been marked as a duplicate of bug 287429 ***