Bug 291697

Summary: Konqueror crashed in operator new
Product: [Applications] konqueror Reporter: Christopher Yeleighton <giecrilj>
Component: generalAssignee: Konqueror Developers <konq-bugs>
Status: RESOLVED WORKSFORME    
Severity: crash CC: adawit
Priority: NOR    
Version: 4.7.2   
Target Milestone: ---   
Platform: openSUSE   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Christopher Yeleighton 2012-01-16 20:55:33 UTC 
Application: konqueror (4.7.2 (4.7.2) "release 5")
KDE Platform Version: 4.7.2 (4.7.2) "release 5"
Qt Version: 4.7.4
Operating System: Linux 3.1.0-1.2-desktop x86_64
Distribution: "openSUSE 12.1 (x86_64)"

-- Information about the crash:
- What I was doing when the application crashed:

I told Konqueror to visit 
<URL: http://doc.opensuse.org/documentation/src/openSUSE/ >

-- Backtrace:
Application: Konqueror (kdeinit4), signal: Aborted
[Current thread is 1 (Thread 0x7f555b71e760 (LWP 5590))]

Thread 9 (Thread 0x7f554254b700 (LWP 5591)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:162
#1  0x00007f55502f29dc in WTF::TCMalloc_PageHeap::scavengerThread (this=0x7f5550ca9200) at ../../../Source/JavaScriptCore/wtf/FastMalloc.cpp:2495
#2  0x00007f55502f2b09 in WTF::TCMalloc_PageHeap::runScavengerThread (context=<optimized out>) at ../../../Source/JavaScriptCore/wtf/FastMalloc.cpp:1618
#3  0x00007f5559ffef05 in start_thread (arg=0x7f554254b700) at pthread_create.c:301
#4  0x00007f5558d9763d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115

Thread 8 (Thread 0x7f5541c32700 (LWP 5592)):
#0  0x00007f555a00211f in __pthread_mutex_unlock_usercnt (mutex=0x7f553c0009b8, decr=0) at pthread_mutex_unlock.c:52
#1  0x00007f5555b8325e in g_main_context_check (context=0x7f553c0009b0, max_priority=2147483647, fds=<optimized out>, n_fds=<optimized out>) at gmain.c:2941
#2  0x00007f5555b83ab2 in g_main_context_iterate (context=0x7f553c0009b0, block=<optimized out>, dispatch=1, self=<optimized out>) at gmain.c:3070
#3  0x00007f5555b83f59 in g_main_context_iteration (context=0x7f553c0009b0, may_block=1) at gmain.c:3136
#4  0x00007f555a3a0576 in QEventDispatcherGlib::processEvents (this=0x7f553c0008c0, flags=<optimized out>) at kernel/qeventdispatcher_glib.cpp:424
#5  0x00007f555a374a22 in QEventLoop::processEvents (this=<optimized out>, flags=...) at kernel/qeventloop.cpp:149
#6  0x00007f555a374c1f in QEventLoop::exec (this=0x7f5541c31e20, flags=...) at kernel/qeventloop.cpp:201
#7  0x00007f555a28c5df in QThread::exec (this=<optimized out>) at thread/qthread.cpp:498
#8  0x00007f555a28f025 in QThreadPrivate::start (arg=0xa80680) at thread/qthread_unix.cpp:331
#9  0x00007f5559ffef05 in start_thread (arg=0x7f5541c32700) at pthread_create.c:301
#10 0x00007f5558d9763d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115

Thread 7 (Thread 0x7f54f54cb700 (LWP 6657)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:162
#1  0x00007f54f54f0c01 in queue_processor(void*) () from /usr/lib64/IcedTeaPlugin.so
#2  0x00007f5559ffef05 in start_thread (arg=0x7f54f54cb700) at pthread_create.c:301
#3  0x00007f5558d9763d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115

Thread 6 (Thread 0x7f54f4cca700 (LWP 6658)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:162
#1  0x00007f54f54f0c01 in queue_processor(void*) () from /usr/lib64/IcedTeaPlugin.so
#2  0x00007f5559ffef05 in start_thread (arg=0x7f54f4cca700) at pthread_create.c:301
#3  0x00007f5558d9763d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115

Thread 5 (Thread 0x7f54f44c9700 (LWP 6659)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:162
#1  0x00007f54f54f0c01 in queue_processor(void*) () from /usr/lib64/IcedTeaPlugin.so
#2  0x00007f5559ffef05 in start_thread (arg=0x7f54f44c9700) at pthread_create.c:301
#3  0x00007f5558d9763d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115

Thread 4 (Thread 0x7f54f2229700 (LWP 6728)):
#0  0x00007f555a001014 in __pthread_mutex_lock (mutex=0x7f54ec0009b8) at pthread_mutex_lock.c:61
#1  0x00007f5555b82ffa in g_main_context_check (context=0x7f54ec0009b0, max_priority=2147483647, fds=0x7f54ec0022c0, n_fds=1) at gmain.c:2884
#2  0x00007f5555b83ab2 in g_main_context_iterate (context=0x7f54ec0009b0, block=<optimized out>, dispatch=1, self=<optimized out>) at gmain.c:3070
#3  0x00007f5555b83f59 in g_main_context_iteration (context=0x7f54ec0009b0, may_block=1) at gmain.c:3136
#4  0x00007f555a3a0576 in QEventDispatcherGlib::processEvents (this=0x7f54ec0008c0, flags=<optimized out>) at kernel/qeventdispatcher_glib.cpp:424
#5  0x00007f555a374a22 in QEventLoop::processEvents (this=<optimized out>, flags=...) at kernel/qeventloop.cpp:149
#6  0x00007f555a374c1f in QEventLoop::exec (this=0x7f54f2228df0, flags=...) at kernel/qeventloop.cpp:201
#7  0x00007f555a28c5df in QThread::exec (this=<optimized out>) at thread/qthread.cpp:498
#8  0x00007f555a357aef in QInotifyFileSystemWatcherEngine::run (this=0x12945f0) at io/qfilesystemwatcher_inotify.cpp:248
#9  0x00007f555a28f025 in QThreadPrivate::start (arg=0x12945f0) at thread/qthread_unix.cpp:331
#10 0x00007f5559ffef05 in start_thread (arg=0x7f54f2229700) at pthread_create.c:301
#11 0x00007f5558d9763d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115

Thread 3 (Thread 0x7f54ebfff700 (LWP 7313)):
#0  0x00007f555a00211f in __pthread_mutex_unlock_usercnt (mutex=0x7f54e00009b8, decr=0) at pthread_mutex_unlock.c:52
#1  0x00007f5555b8325e in g_main_context_check (context=0x7f54e00009b0, max_priority=2147483647, fds=<optimized out>, n_fds=<optimized out>) at gmain.c:2941
#2  0x00007f5555b83ab2 in g_main_context_iterate (context=0x7f54e00009b0, block=<optimized out>, dispatch=1, self=<optimized out>) at gmain.c:3070
#3  0x00007f5555b83f59 in g_main_context_iteration (context=0x7f54e00009b0, may_block=1) at gmain.c:3136
#4  0x00007f555a3a0576 in QEventDispatcherGlib::processEvents (this=0x7f54e00008c0, flags=<optimized out>) at kernel/qeventdispatcher_glib.cpp:424
#5  0x00007f555a374a22 in QEventLoop::processEvents (this=<optimized out>, flags=...) at kernel/qeventloop.cpp:149
#6  0x00007f555a374c1f in QEventLoop::exec (this=0x7f54ebffedf0, flags=...) at kernel/qeventloop.cpp:201
#7  0x00007f555a28c5df in QThread::exec (this=<optimized out>) at thread/qthread.cpp:498
#8  0x00007f55535ead4e in KIO::NameLookUpThread::run (this=0x160d240) at /usr/src/debug/kdelibs-4.7.2/kio/kio/hostinfo.cpp:226
#9  0x00007f555a28f025 in QThreadPrivate::start (arg=0x160d240) at thread/qthread_unix.cpp:331
#10 0x00007f5559ffef05 in start_thread (arg=0x7f54ebfff700) at pthread_create.c:301
#11 0x00007f5558d9763d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115

Thread 2 (Thread 0x7f54eb7fe700 (LWP 7314)):
[KCrash Handler]
#4  0x00007f5558cf2d95 in __GI_raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#5  0x00007f5558cf42ab in __GI_abort () at abort.c:93
#6  0x00007f555910bf2d in __gnu_cxx::__verbose_terminate_handler () at ../../../../libstdc++-v3/libsupc++/vterminate.cc:95
#7  0x00007f555910a0d6 in __cxxabiv1::__terminate (handler=<optimized out>) at ../../../../libstdc++-v3/libsupc++/eh_terminate.cc:40
#8  0x00007f555910a103 in std::terminate () at ../../../../libstdc++-v3/libsupc++/eh_terminate.cc:50
#9  0x00007f555910a1fe in __cxxabiv1::__cxa_throw (obj=0x7f55593448a0, tinfo=<optimized out>, dest=<optimized out>) at ../../../../libstdc++-v3/libsupc++/eh_throw.cc:83
#10 0x00007f555910a6dd in operator new (sz=16) at ../../../../libstdc++-v3/libsupc++/new_op.cc:58
#11 0x00007f555a28e52a in QThreadPrivate::createEventDispatcher (data=0x7f54e00024c0) at thread/qthread_unix.cpp:272
#12 0x00007f555a28f006 in QThreadPrivate::start (arg=0x7f54e00022d0) at thread/qthread_unix.cpp:324
#13 0x00007f5559ffef05 in start_thread (arg=0x7f54eb7fe700) at pthread_create.c:301
#14 0x00007f5558d9763d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115

Thread 1 (Thread 0x7f555b71e760 (LWP 5590)):
#0  0x00007f5558d8e523 in __GI___poll (fds=<optimized out>, nfds=<optimized out>, timeout=<optimized out>) at ../sysdeps/unix/sysv/linux/poll.c:87
#1  0x00007f5556ca4c62 in _xcb_conn_wait (c=0x6ebce0, cond=<optimized out>, vector=0x7fff25f71368, count=0x7fff25f71364) at xcb_conn.c:313
#2  0x00007f5556ca51bf in _xcb_out_send (c=0x6ebce0, vector=0x7fff25f713e0, count=3) at xcb_out.c:338
#3  0x00007f5556ca5244 in xcb_writev (c=0x6ebce0, vector=<optimized out>, count=<optimized out>, requests=27) at xcb_out.c:286
#4  0x00007f555abcaab7 in _XSend (dpy=0x6e7900, data=<optimized out>, size=<optimized out>) at xcb_io.c:428
#5  0x00007f555abbf075 in SendZImage (dest_scanline_pad=0, dest_bits_per_pixel=32, req_yoffset=<optimized out>, req_xoffset=0, image=0x7fff25f71730, req=<optimized out>, dpy=0x6e7900) at PutImage.c:802
#6  PutImageRequest (dest_scanline_pad=0, dest_bits_per_pixel=32, req_height=<optimized out>, req_width=<optimized out>, y=<optimized out>, x=0, req_yoffset=<optimized out>, req_xoffset=0, image=0x7fff25f71730, d=102891552, dpy=0x6e7900, gc=<optimized out>) at PutImage.c:870
#7  PutSubImage (dpy=0x6e7900, d=102891552, gc=0x10a7730, image=0x7fff25f71730, req_xoffset=0, req_yoffset=<optimized out>, x=0, y=0, req_width=32, req_height=32, dest_bits_per_pixel=32, dest_scanline_pad=32) at PutImage.c:908
#8  0x00007f555abbf252 in XPutImage (dpy=0x6e7900, d=102920266, gc=0x10a7730, image=0x7fff25f71730, req_xoffset=0, req_yoffset=0, x=0, y=0, req_width=32, req_height=32) at PutImage.c:1027
#9  0x00007f555779c583 in XcursorImageLoadCursor (dpy=0x6e7900, image=0x1689ef0) at cursor.c:583
#10 0x00007f555779cee6 in XcursorImagesLoadCursors (dpy=0x6e7900, images=0x13304a0) at cursor.c:682
#11 0x00007f555779cfa6 in XcursorImagesLoadCursor (dpy=0x6e7900, images=0x13304a0) at cursor.c:701
#12 0x00007f555779fe44 in XcursorLibraryLoadCursor (dpy=0x6e7900, file=0x7f5559ba5a61 "left_ptr_watch") at library.c:337
#13 0x00007f55595ad0a0 in QCursorData::update (this=0x7058a0) at kernel/qcursor_x11.cpp:291
#14 0x00007f55595ad7d5 in QCursor::handle (this=0x7fff25f71a20) at kernel/qcursor_x11.cpp:145
#15 0x00007f55595b837e in qt_x11_enforce_cursor (w=<optimized out>, force=<optimized out>) at kernel/qwidget_x11.cpp:332
#16 0x00007f55595b8dad in QWidgetPrivate::setCursor_sys (this=<optimized out>) at kernel/qwidget_x11.cpp:1374
#17 0x00007f5559577a5f in QWidget::setCursor (this=0xb089c0, cursor=...) at kernel/qwidget.cpp:5063
#18 0x00007f5548e6c8ae in KonqView::setRun (this=0xb143f0, run=0x15efca0) at /usr/src/debug/kde-baseapps-4.7.2/konqueror/src/konqview.cpp:889
#19 0x00007f5548eb8989 in KonqMainWindow::openUrl (this=0x8200e0, _view=<optimized out>, _url=<optimized out>, _mimeType=<optimized out>, _req=<optimized out>, trustedSource=false) at /usr/src/debug/kde-baseapps-4.7.2/konqueror/src/konqmainwindow.cpp:730
#20 0x00007f5548ebb27d in KonqMainWindow::openFilteredUrl (this=0x8200e0, url=<optimized out>, req=...) at /usr/src/debug/kde-baseapps-4.7.2/konqueror/src/konqmainwindow.cpp:481
#21 0x00007f5548ebb631 in KonqMainWindow::openFilteredUrl (this=0x8200e0, _url=..., inNewTab=false, tempFile=<optimized out>) at /usr/src/debug/kde-baseapps-4.7.2/konqueror/src/konqmainwindow.cpp:497
#22 0x00007f5548ebb80b in KonqMainWindow::slotURLEntered (this=0x8200e0, text=..., modifiers=<optimized out>) at /usr/src/debug/kde-baseapps-4.7.2/konqueror/src/konqmainwindow.cpp:2247
#23 0x00007f5548ec485d in KonqMainWindow::qt_metacall (this=0x8200e0, _c=QMetaObject::InvokeMetaMethod, _id=65, _a=0x7fff25f72560) at /usr/src/debug/kde-baseapps-4.7.2/build/konqueror/src/konqmainwindow.moc:401
#24 0x00007f555a38859a in QMetaObject::activate (sender=0x9216e0, m=<optimized out>, local_signal_index=<optimized out>, argv=0x7fff25f72560) at kernel/qobject.cpp:3287
#25 0x00007f5548e9c5e7 in KonqCombo::activated (this=<optimized out>, _t1=<optimized out>, _t2=<optimized out>) at /usr/src/debug/kde-baseapps-4.7.2/build/konqueror/src/konqcombo.moc:96
#26 0x00007f5548e9de2c in KonqCombo::slotActivated (this=0x9216e0, text=...) at /usr/src/debug/kde-baseapps-4.7.2/konqueror/src/konqcombo.cpp:588
#27 0x00007f5548e9de91 in KonqCombo::qt_metacall (this=0x9216e0, _c=QMetaObject::InvokeMetaMethod, _id=<optimized out>, _a=0x7fff25f726c0) at /usr/src/debug/kde-baseapps-4.7.2/build/konqueror/src/konqcombo.moc:84
#28 0x00007f555a38859a in QMetaObject::activate (sender=0x9216e0, m=<optimized out>, local_signal_index=<optimized out>, argv=0x7fff25f726c0) at kernel/qobject.cpp:3287
#29 0x00007f55598f3c95 in QComboBox::activated (this=<optimized out>, _t1=<optimized out>) at .moc/release-shared/moc_qcombobox.cpp:281
#30 0x00007f555b1b5712 in KHistoryComboBox::slotSimulateActivated (this=0x9216e0, text=...) at /usr/src/debug/kdelibs-4.7.2/kdeui/widgets/khistorycombobox.cpp:434
#31 0x00007f555b1b5bf1 in KHistoryComboBox::qt_metacall (this=0x9216e0, _c=QMetaObject::InvokeMetaMethod, _id=<optimized out>, _a=0xd38600) at /usr/src/debug/kdelibs-4.7.2/build/kdeui/khistorycombobox.moc:94
#32 0x00007f5548e9de60 in KonqCombo::qt_metacall (this=0x9216e0, _c=QMetaObject::InvokeMetaMethod, _id=<optimized out>, _a=0xd38600) at /usr/src/debug/kde-baseapps-4.7.2/build/konqueror/src/konqcombo.moc:75
#33 0x00007f555a38c14a in QObject::event (this=0x9216e0, e=<optimized out>) at kernel/qobject.cpp:1226
#34 0x00007f5559577d4b in QWidget::event (this=0x9216e0, event=0x134c3b0) at kernel/qwidget.cpp:8754
#35 0x00007f5559527c34 in notify_helper (e=0x134c3b0, receiver=0x9216e0, this=0x6e02f0) at kernel/qapplication.cpp:4481
#36 QApplicationPrivate::notify_helper (this=0x6e02f0, receiver=0x9216e0, e=0x134c3b0) at kernel/qapplication.cpp:4453
#37 0x00007f555952cac1 in QApplication::notify (this=0x7fff25f734e0, receiver=0x9216e0, e=0x134c3b0) at kernel/qapplication.cpp:4360
#38 0x00007f555b107e36 in KApplication::notify (this=0x7fff25f734e0, receiver=0x9216e0, event=0x134c3b0) at /usr/src/debug/kdelibs-4.7.2/kdeui/kernel/kapplication.cpp:311
#39 0x00007f555a37581c in QCoreApplication::notifyInternal (this=0x7fff25f734e0, receiver=0x9216e0, event=0x134c3b0) at kernel/qcoreapplication.cpp:787
#40 0x00007f555a378bf8 in sendEvent (event=0x134c3b0, receiver=0x9216e0) at kernel/qcoreapplication.h:215
#41 QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x615800) at kernel/qcoreapplication.cpp:1428
#42 0x00007f555a3a00b3 in sendPostedEvents () at kernel/qcoreapplication.h:220
#43 postEventSourceDispatch (s=<optimized out>) at kernel/qeventdispatcher_glib.cpp:277
#44 0x00007f5555b8358d in g_main_dispatch (context=0x6e2ce0) at gmain.c:2425
#45 g_main_context_dispatch (context=0x6e2ce0) at gmain.c:2995
#46 0x00007f5555b83d88 in g_main_context_iterate (context=0x6e2ce0, block=<optimized out>, dispatch=1, self=<optimized out>) at gmain.c:3073
#47 0x00007f5555b83f59 in g_main_context_iteration (context=0x6e2ce0, may_block=1) at gmain.c:3136
#48 0x00007f555a3a050f in QEventDispatcherGlib::processEvents (this=0x616ce0, flags=<optimized out>) at kernel/qeventdispatcher_glib.cpp:422
#49 0x00007f55595caf9e in QGuiEventDispatcherGlib::processEvents (this=<optimized out>, flags=<optimized out>) at kernel/qguieventdispatcher_glib.cpp:204
#50 0x00007f555a374a22 in QEventLoop::processEvents (this=<optimized out>, flags=...) at kernel/qeventloop.cpp:149
#51 0x00007f555a374c1f in QEventLoop::exec (this=0x7fff25f73310, flags=...) at kernel/qeventloop.cpp:201
#52 0x00007f555a378de7 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1064
#53 0x00007f5548ee38e2 in kdemain (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/kde-baseapps-4.7.2/konqueror/src/konqmain.cpp:227
#54 0x0000000000408897 in launch (argc=4, _name=0x6bd598 "konqueror", args=<optimized out>, cwd=0x6bd5f2 "/home/krzysztof/Dokumenty", envc=<optimized out>, envs=<optimized out>, reset_env=true, tty=0x0, avoid_loops=false, startup_id_str=0x6be1d9 "ne-1-26;1326730601;885694;5556_TIME2434936") at /usr/src/debug/kdelibs-4.7.2/kinit/kinit.cpp:734
#55 0x0000000000409966 in handle_launcher_request (sock=18, who=<optimized out>) at /usr/src/debug/kdelibs-4.7.2/kinit/kinit.cpp:1226
#56 0x0000000000409f42 in handle_requests (waitForPid=0) at /usr/src/debug/kdelibs-4.7.2/kinit/kinit.cpp:1410
#57 0x00000000004057a7 in main (argc=4, argv=0x7fff00000001, envp=0x7fff25f74ec0) at /usr/src/debug/kdelibs-4.7.2/kinit/kinit.cpp:1907

Possible duplicates by query: bug 286974, bug 286792, bug 286604, bug 286570, bug 284830.

Reported using DrKonqi
Comment 1 Dawit Alemayehu 2012-01-27 16:33:57 UTC 
The specified test URL is not accessable. I get access forbidden error page from the server. Can you reliably reproduce this crash ? Or is this one of those crashes that happen one time and cannot be reproduced ?
Comment 2 Christopher Yeleighton 2012-01-27 16:56:35 UTC 
(In reply to comment #1)
> The specified test URL is not accessable. I get access forbidden error page
> from the server. 

That is right, and Konqueror crashed on that (of all things).

> Can you reliably reproduce this crash ? 

No.
Comment 3 Dawit Alemayehu 2012-01-27 17:13:07 UTC 
(In reply to comment #2)
> (In reply to comment #1)
> > The specified test URL is not accessable. I get access forbidden error page
> > from the server. 
> 
> That is right, and Konqueror crashed on that (of all things).

Well, cannot reproduce it here. Tried visiting the link multiple times in both rendering engines (khtml/webkit). No crash. And the back trace is also weird. The crash seems to have occurred on unrelated thread (not the main event thread) inside of a system call.

> > Can you reliably reproduce this crash ? 
> 
> No.

And that makes it impossible to identify the problem. Will leave ticket open for a while to see if you encounter this crash again and perhaps provide a way to reproduce it.
Comment 4 Christopher Yeleighton 2012-01-27 23:36:16 UTC 
(In reply to comment #3)

> The crash seems to have occurred on unrelated thread (not the main event
> thread) inside of a system call.

The crash seems to have been elicited by a memory exception inside operator new.
Comment 5 Dawit Alemayehu 2012-01-28 00:31:24 UTC 
(In reply to comment #4)
> (In reply to comment #3)
> 
> > The crash seems to have occurred on unrelated thread (not the main event
> > thread) inside of a system call.
> 
> The crash seems to have been elicited by a memory exception inside operator
> new.

Right, inside QThreadPrivate::createEventDispatcher. However, that does not tell us much. We cannot infer that the crash is in QThread at all because we cannot see if something like a nested event loop is involved somewhere in that thread.
Comment 6 Dawit Alemayehu 2012-04-21 12:08:57 UTC 
Cannot reproduce this crash. Feel free to reopen this if the issue occurs again with newer version of KDE (4.8.0 or higher).