Bug 290579

Summary: OOM and crash viewing CSS3 animation page
Product: [Unmaintained] rekonq Reporter: skierpage <skierpage>
Component: generalAssignee: Andrea Diamantini <adjam7>
Status: RESOLVED DUPLICATE    
Severity: crash    
Priority: NOR    
Version: 0.8.0   
Target Milestone: ---   
Platform: Ubuntu   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description skierpage 2012-01-04 10:26:04 UTC 
Application: rekonq (0.8.0)
KDE Platform Version: 4.7.3 (4.7.3)
Qt Version: 4.7.4
Operating System: Linux 3.0.0-15-generic x86_64
Distribution: Ubuntu 11.10

-- Information about the crash:
- What I was doing when the application crashed:

Load the CSS animation demo http://attasi.com/labs/picsselz/ , crash!

The crash can be reproduced every time.

-- Backtrace:
Application: rekonq (rekonq), signal: Segmentation fault
[Current thread is 1 (Thread 0x7fb031a4b780 (LWP 11461))]

Thread 6 (Thread 0x7fb012d23700 (LWP 11462)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:162
#1  0x00007fb030329c2c in WTF::TCMalloc_PageHeap::scavengerThread (this=0x7fb030ce0220) at wtf/FastMalloc.cpp:2495
#2  0x00007fb030329d59 in WTF::TCMalloc_PageHeap::runScavengerThread (context=<optimized out>) at wtf/FastMalloc.cpp:1618
#3  0x00007fb02ba5defc in start_thread (arg=0x7fb012d23700) at pthread_create.c:304
#4  0x00007fb03128889d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#5  0x0000000000000000 in ?? ()

Thread 5 (Thread 0x7fb012422700 (LWP 11463)):
#0  0x00007fb03127c773 in __GI___poll (fds=<optimized out>, nfds=<optimized out>, timeout=<optimized out>) at ../sysdeps/unix/sysv/linux/poll.c:87
#1  0x00007fb029e90f68 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007fb029e91429 in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007fb02c111f3e in QEventDispatcherGlib::processEvents (this=0x1ca0020, flags=<optimized out>) at kernel/qeventdispatcher_glib.cpp:424
#4  0x00007fb02c0e5cf2 in QEventLoop::processEvents (this=<optimized out>, flags=...) at kernel/qeventloop.cpp:149
#5  0x00007fb02c0e5ef7 in QEventLoop::exec (this=0x7fb012421e00, flags=...) at kernel/qeventloop.cpp:201
#6  0x00007fb02bffd27f in QThread::exec (this=<optimized out>) at thread/qthread.cpp:498
#7  0x00007fb02bfffd05 in QThreadPrivate::start (arg=0x1924120) at thread/qthread_unix.cpp:331
#8  0x00007fb02ba5defc in start_thread (arg=0x7fb012422700) at pthread_create.c:304
#9  0x00007fb03128889d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#10 0x0000000000000000 in ?? ()

Thread 4 (Thread 0x7fb0115aa700 (LWP 11464)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:162
#1  0x00007fb030e8afe2 in ?? () from /usr/lib/x86_64-linux-gnu/libQtScript.so.4
#2  0x00007fb030e8b019 in ?? () from /usr/lib/x86_64-linux-gnu/libQtScript.so.4
#3  0x00007fb02ba5defc in start_thread (arg=0x7fb0115aa700) at pthread_create.c:304
#4  0x00007fb03128889d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#5  0x0000000000000000 in ?? ()

Thread 3 (Thread 0x7fb0100ba700 (LWP 11465)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:162
#1  0x00007fb02c0001ab in wait (time=18446744073709551615, this=0x2068020) at thread/qwaitcondition_unix.cpp:88
#2  QWaitCondition::wait (this=<optimized out>, mutex=0x20d6730, time=18446744073709551615) at thread/qwaitcondition_unix.cpp:160
#3  0x00007fb02bffcba5 in QSemaphore::acquire (this=0x20c33f8, n=1) at thread/qsemaphore.cpp:144
#4  0x00007fb02e60f547 in KIO::HostInfo::lookupHost (hostName=<optimized out>, timeout=1500) at ../../kio/kio/hostinfo.cpp:266
#5  0x00007fb02e5d0c4f in KUriFilterPlugin::resolveName (this=<optimized out>, hostname=<optimized out>, timeout=<optimized out>) at ../../kio/kio/kurifilter.cpp:574
#6  0x00007fb0102cd8ad in FixHostUriFilter::isResolvable (this=<optimized out>, host=<optimized out>) at ../../../kurifilter-plugins/fixhost/fixhosturifilter.cpp:87
#7  0x00007fb0102cdb3e in FixHostUriFilter::filterUri (this=0x1d54480, data=...) at ../../../kurifilter-plugins/fixhost/fixhosturifilter.cpp:69
#8  0x00007fb02e5d1954 in KUriFilter::filterUri (this=0x1c93750, data=..., filters=<optimized out>) at ../../kio/kio/kurifilter.cpp:622
#9  0x00007fb0315abbac in run (this=0x20e0040) at /build/buildd/rekonq-0.8.0/src/filterurljob.cpp:73
#10 FilterUrlJob::run (this=0x20e0040) at /build/buildd/rekonq-0.8.0/src/filterurljob.cpp:59
#11 0x00007fb02e012491 in ThreadWeaver::JobRunHelper::runTheJob (this=0x7fb0100b9da0, th=0x1ce6c00, job=0x20e0040) at ../../../threadweaver/Weaver/Job.cpp:106
#12 0x00007fb02e0125bc in ThreadWeaver::Job::execute (this=0x20e0040, th=0x1ce6c00) at ../../../threadweaver/Weaver/Job.cpp:135
#13 0x00007fb02e011c9f in ThreadWeaver::ThreadRunHelper::run (this=0x7fb0100b9e20, parent=0x177b620, th=0x1ce6c00) at ../../../threadweaver/Weaver/Thread.cpp:95
#14 0x00007fb02e011d5b in ThreadWeaver::Thread::run (this=0x1ce6c00) at ../../../threadweaver/Weaver/Thread.cpp:142
#15 0x00007fb02bfffd05 in QThreadPrivate::start (arg=0x1ce6c00) at thread/qthread_unix.cpp:331
#16 0x00007fb02ba5defc in start_thread (arg=0x7fb0100ba700) at pthread_create.c:304
#17 0x00007fb03128889d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#18 0x0000000000000000 in ?? ()

Thread 2 (Thread 0x7fafcd8ef700 (LWP 11466)):
#0  0x00007fff56dff92c in clock_gettime ()
#1  0x00007fb02637107b in __GI_clock_gettime (clock_id=1, tp=0x7fafcd8eeb40) at ../sysdeps/unix/clock_gettime.c:100
#2  0x00007fb02c050074 in do_gettime (frac=0x7fafcd8eeb58, sec=0x7fafcd8eeb50) at tools/qelapsedtimer_unix.cpp:123
#3  qt_gettime () at tools/qelapsedtimer_unix.cpp:140
#4  0x00007fb02c1126ed in QTimerInfoList::updateCurrentTime (this=0x1e33c60) at kernel/qeventdispatcher_unix.cpp:339
#5  0x00007fb02c112a33 in QTimerInfoList::timerWait (this=0x1e33c60, tm=...) at kernel/qeventdispatcher_unix.cpp:442
#6  0x00007fb02c11144c in timerSourcePrepareHelper (src=<optimized out>, timeout=0x7fafcd8eec3c) at kernel/qeventdispatcher_glib.cpp:136
#7  0x00007fb02c1114f5 in timerSourcePrepare (source=<optimized out>, timeout=<optimized out>) at kernel/qeventdispatcher_glib.cpp:169
#8  0x00007fb029e8fff2 in g_main_context_prepare () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#9  0x00007fb029e90dfd in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#10 0x00007fb029e91429 in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#11 0x00007fb02c111f3e in QEventDispatcherGlib::processEvents (this=0x1cdc8f0, flags=<optimized out>) at kernel/qeventdispatcher_glib.cpp:424
#12 0x00007fb02c0e5cf2 in QEventLoop::processEvents (this=<optimized out>, flags=...) at kernel/qeventloop.cpp:149
#13 0x00007fb02c0e5ef7 in QEventLoop::exec (this=0x7fafcd8eedd0, flags=...) at kernel/qeventloop.cpp:201
#14 0x00007fb02bffd27f in QThread::exec (this=<optimized out>) at thread/qthread.cpp:498
#15 0x00007fb02c0c8cbf in QInotifyFileSystemWatcherEngine::run (this=0x1e2ece0) at io/qfilesystemwatcher_inotify.cpp:248
#16 0x00007fb02bfffd05 in QThreadPrivate::start (arg=0x1e2ece0) at thread/qthread_unix.cpp:331
#17 0x00007fb02ba5defc in start_thread (arg=0x7fafcd8ef700) at pthread_create.c:304
#18 0x00007fb03128889d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#19 0x0000000000000000 in ?? ()

Thread 1 (Thread 0x7fb031a4b780 (LWP 11461)):
[KCrash Handler]
#6  0x00007fb03032cb97 in do_malloc<true> (size=<optimized out>) at wtf/FastMalloc.cpp:3635
#7  fastMalloc<true> (size=<optimized out>) at wtf/FastMalloc.cpp:3838
#8  WTF::fastMalloc (size=<optimized out>) at wtf/FastMalloc.cpp:3811
#9  0x00007fb02fb72e62 in operator new (size=128) at ../JavaScriptCore/wtf/RefCounted.h:136
#10 create (numProperties=1, properties=0x7fb0124fb800, parentRule=0x7fafca58d6f0) at css/CSSMutableStyleDeclaration.h:72
#11 WebCore::CSSParser::createStyleRule (this=0x7fff56dd23a0, selectors=0x7fff56dd2520) at css/CSSParser.cpp:6317
#12 0x00007fb02fa3315c in cssyyparse (parser=0x7fff56dd23a0) at ../Source/WebCore/css/CSSGrammar.y:819
#13 0x00007fb02fb59753 in WebCore::CSSParser::parseSheet (this=0x7fff56dd23a0, sheet=<optimized out>, string=..., startLineNumber=0, ruleRangeMap=<optimized out>) at css/CSSParser.cpp:239
#14 0x00007fb02fbae2a7 in WebCore::CSSStyleSheet::parseStringAtLine (this=<optimized out>, string=..., strict=<optimized out>, startLineNumber=0) at css/CSSStyleSheet.cpp:204
#15 0x00007fb02fcfd571 in WebCore::HTMLLinkElement::setCSSStyleSheet (this=0x7fafccd385a0, href=..., baseURL=..., charset=..., sheet=0x7fafccd5be00) at html/HTMLLinkElement.cpp:388
#16 0x00007fb02fdc3868 in WebCore::CachedCSSStyleSheet::checkNotify (this=0x7fafccd5be00) at loader/cache/CachedCSSStyleSheet.cpp:116
#17 0x00007fb02fdc3aa1 in WebCore::CachedCSSStyleSheet::data (this=0x7fafccd5be00, data=<optimized out>, allDataReceived=<optimized out>) at loader/cache/CachedCSSStyleSheet.cpp:104
#18 0x00007fb03027c4c0 in WebCore::CachedResourceRequest::didFinishLoading (this=0x7fafcccffb70, loader=0x7fafccd83900) at loader/cache/CachedResourceRequest.cpp:166
#19 0x00007fb02fe15790 in WebCore::SubresourceLoader::didFinishLoading (this=0x7fafccd83900, finishTime=0) at loader/SubresourceLoader.cpp:196
#20 0x00007fb0300057eb in WebCore::QNetworkReplyHandler::finish (this=0x20d6440) at platform/network/qt/QNetworkReplyHandler.cpp:454
#21 0x00007fb030005698 in flush (this=0x20d6478) at platform/network/qt/QNetworkReplyHandler.cpp:195
#22 WebCore::QNetworkReplyHandlerCallQueue::flush (this=0x20d6478) at platform/network/qt/QNetworkReplyHandler.cpp:187
#23 0x00007fb030005705 in WebCore::QNetworkReplyHandlerCallQueue::push (this=0x20d6478, method=(void (WebCore::QNetworkReplyHandler::*)(WebCore::QNetworkReplyHandler * const)) 0x7fb030005710 <WebCore::QNetworkReplyHandler::finish()>) at platform/network/qt/QNetworkReplyHandler.cpp:164
#24 0x00007fb03000613c in WebCore::QNetworkReplyWrapper::didReceiveFinished (this=0x20a61f0) at platform/network/qt/QNetworkReplyHandler.cpp:349
#25 0x00007fb03000681d in WebCore::QNetworkReplyWrapper::qt_metacall (this=0x20a61f0, _c=QMetaObject::InvokeMetaMethod, _id=<optimized out>, _a=<optimized out>) at ./moc_QNetworkReplyHandler.cpp:80
#26 0x00007fb02c0f9eba in QMetaObject::activate (sender=0x202eab0, m=<optimized out>, local_signal_index=<optimized out>, argv=0x0) at kernel/qobject.cpp:3278
#27 0x00007fb02db0d224 in QNetworkReplyImplPrivate::finished (this=0x204b890) at access/qnetworkreplyimpl.cpp:687
#28 0x00007fb02daf5871 in QNetworkAccessHttpBackend::replyFinished (this=0x20d6090) at access/qnetworkaccesshttpbackend.cpp:768
#29 0x00007fb02db0b85d in QNetworkReplyImplPrivate::handleNotifications (this=0x204b890) at access/qnetworkreplyimpl.cpp:390
#30 0x00007fb02db0b8b1 in QNetworkReplyImpl::event (this=<optimized out>, e=<optimized out>) at access/qnetworkreplyimpl.cpp:899
#31 0x00007fb02c617424 in notify_helper (e=0x1f11d70, receiver=0x202eab0, this=0x167d360) at kernel/qapplication.cpp:4486
#32 QApplicationPrivate::notify_helper (this=0x167d360, receiver=0x202eab0, e=0x1f11d70) at kernel/qapplication.cpp:4458
#33 0x00007fb02c61c291 in QApplication::notify (this=0x7fff56dd3200, receiver=0x202eab0, e=0x1f11d70) at kernel/qapplication.cpp:4365
#34 0x00007fb02eb4f126 in KApplication::notify (this=0x7fff56dd3200, receiver=0x202eab0, event=0x1f11d70) at ../../kdeui/kernel/kapplication.cpp:311
#35 0x00007fb02c0e6afc in QCoreApplication::notifyInternal (this=0x7fff56dd3200, receiver=0x202eab0, event=0x1f11d70) at kernel/qcoreapplication.cpp:787
#36 0x00007fb02c0ea51f in sendEvent (event=0x1f11d70, receiver=0x202eab0) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:215
#37 QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x164e430) at kernel/qcoreapplication.cpp:1428
#38 0x00007fb02c111a73 in sendPostedEvents () at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:220
#39 postEventSourceDispatch (s=<optimized out>) at kernel/qeventdispatcher_glib.cpp:277
#40 0x00007fb029e90a5d in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#41 0x00007fb029e91258 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#42 0x00007fb029e91429 in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#43 0x00007fb02c111ed6 in QEventDispatcherGlib::processEvents (this=0x164ff40, flags=<optimized out>) at kernel/qeventdispatcher_glib.cpp:422
#44 0x00007fb02c6bf07e in QGuiEventDispatcherGlib::processEvents (this=<optimized out>, flags=<optimized out>) at kernel/qguieventdispatcher_glib.cpp:204
#45 0x00007fb02c0e5cf2 in QEventLoop::processEvents (this=<optimized out>, flags=...) at kernel/qeventloop.cpp:149
#46 0x00007fb02c0e5ef7 in QEventLoop::exec (this=0x7fff56dd3190, flags=...) at kernel/qeventloop.cpp:201
#47 0x00007fb02c0ea789 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1064
#48 0x00007fb03163ab97 in kdemain (argc=1, argv=<optimized out>) at /build/buildd/rekonq-0.8.0/src/main.cpp:215
#49 0x00007fb0311c830d in __libc_start_main (main=0x400630 <main(int, char**)>, argc=1, ubp_av=0x7fff56dd3b98, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fff56dd3b88) at libc-start.c:226
#50 0x0000000000400661 in _start ()

This bug may be a duplicate of or related to bug 289261.

Possible duplicates by query: bug 289261.

Reported using DrKonqi
Comment 1 Andrea Diamantini 2012-01-04 10:39:54 UTC 

*** This bug has been marked as a duplicate of bug 289261 ***
Comment 2 skierpage 2012-01-04 11:16:57 UTC 
It seems it only crashes if I limit memory, I normally set `ulimit -v 1536000`
to guard against out-of-control browser memory consumption.  This CSS page consumed enough virtual memory to trigger the crash.  With `ulimit -v unlimited`, it doesn't crash and animates quite well, but rekonq's memory consumption with only the one tab open is extremely high, VSZ at 1.6 GB whereas Firefox is only 0.6 GB rendering the same page.

Andrea Diamantini made this a dupe of another FastMalloc crash in *Konqueror*.  It's unclear if that crash is related to running out of memory.  Maybe the crash here is due to poor OOM handling in wtf/FastMalloc.cpp, but maybe by design FastMalloc crashes on OOM, and the real issue is excessive memory consumption in CSS parsing. So I left this a dupe and filed a separate bug 290583 about the high virtual memory consumption.
Comment 3 Andrea Diamantini 2012-01-04 15:53:47 UTC 
I set that to be a dupe of konqueror bug because they have the same bt and the issue described here is obviously a qtwebkit one.
But when testing against qtwebkit 2.2 I noticed everything works well with both browsers against the reported page.
Didn't have yet info about memory limit. Testing and replying in bug 290583 you created and eventually reporting it upstream.