Bug 310521

Summary: Kontact/akregator crash
Product: [Frameworks and Libraries] kwebkitpart Reporter: adizakup
Component: generalAssignee: webkit-devel
Status: RESOLVED FIXED    
Severity: crash    
Priority: NOR    
Version: 1.3.0   
Target Milestone: ---   
Platform: Fedora RPMs   
OS: Linux   
Latest Commit: http://commits.kde.org/kwebkitpart/3b4a55087ae9cf230b0aea2d122c10f11b0acb91 Version Fixed In: 1.3.1
Sentry Crash Report:

Description adizakup 2012-11-22 17:44:15 UTC 
Application: kontact (4.9.3)
KDE Platform Version: 4.9.3
Qt Version: 4.8.3
Operating System: Linux 3.4.6-2.fc17.x86_64 x86_64
Distribution: "Fedora release 18 (Spherical Cow)"

-- Information about the crash:
- What I was doing when the application crashed:
Just clicked on a link in akgregator to open page in new tab.

- Unusual behavior I noticed:
Nothing unusual observed, it happened during normal reading of RSS.

The crash can be reproduced some of the time.

-- Backtrace:
Application: Kontact (kontact), signal: Segmentation fault
Using host libthread_db library "/lib64/libthread_db.so.1".
[Current thread is 1 (Thread 0x7f631954d880 (LWP 1830))]

Thread 10 (Thread 0x7f630d5e1700 (LWP 1938)):
#0  0x000000336940b5e5 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
#1  0x0000003394c1672d in WTF::TCMalloc_PageHeap::scavengerThread (this=0x3395600ce0 <WTF::pageheap_memory>) at wtf/FastMalloc.cpp:2495
#2  0x0000003394c16839 in WTF::TCMalloc_PageHeap::runScavengerThread (context=<optimized out>) at wtf/FastMalloc.cpp:1618
#3  0x0000003369407d15 in start_thread () from /lib64/libpthread.so.0
#4  0x0000003368cf22cd in clone () from /lib64/libc.so.6

Thread 9 (Thread 0x7f630cce0700 (LWP 1942)):
#0  0x0000003368ce97ed in poll () from /lib64/libc.so.6
#1  0x000000336c447d44 in g_main_context_iterate.isra.24 () from /usr/lib64/libglib-2.0.so.0
#2  0x000000336c447e64 in g_main_context_iteration () from /usr/lib64/libglib-2.0.so.0
#3  0x0000003374da6176 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib64/libQtCore.so.4
#4  0x0000003374d76e2f in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib64/libQtCore.so.4
#5  0x0000003374d770b8 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib64/libQtCore.so.4
#6  0x0000003374c787f0 in QThread::exec() () from /lib64/libQtCore.so.4
#7  0x0000003374c7b7cc in QThreadPrivate::start(void*) () from /lib64/libQtCore.so.4
#8  0x0000003369407d15 in start_thread () from /lib64/libpthread.so.0
#9  0x0000003368cf22cd in clone () from /lib64/libc.so.6

Thread 8 (Thread 0x7f62b3fff700 (LWP 29390)):
#0  0x000000336940b5e5 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
#1  0x00007f62afa12503 in queue_processor(void*) () from /usr/lib64/IcedTeaPlugin.so
#2  0x0000003369407d15 in start_thread () from /lib64/libpthread.so.0
#3  0x0000003368cf22cd in clone () from /lib64/libc.so.6

Thread 7 (Thread 0x7f62ac539700 (LWP 29391)):
#0  0x000000336940b5e5 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
#1  0x00007f62afa12503 in queue_processor(void*) () from /usr/lib64/IcedTeaPlugin.so
#2  0x0000003369407d15 in start_thread () from /lib64/libpthread.so.0
#3  0x0000003368cf22cd in clone () from /lib64/libc.so.6

Thread 6 (Thread 0x7f62abd38700 (LWP 29392)):
#0  0x000000336940b5e5 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
#1  0x00007f62afa12503 in queue_processor(void*) () from /usr/lib64/IcedTeaPlugin.so
#2  0x0000003369407d15 in start_thread () from /lib64/libpthread.so.0
#3  0x0000003368cf22cd in clone () from /lib64/libc.so.6

Thread 5 (Thread 0x7f62a7010700 (LWP 29423)):
#0  0x000000336940b5e5 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
#1  0x00007f62aa3f84fc in ?? () from /usr/lib64/mozilla/plugins/libflashplayer.so
#2  0x00007f62aa0465f0 in ?? () from /usr/lib64/mozilla/plugins/libflashplayer.so
#3  0x00007f62aa3f875c in ?? () from /usr/lib64/mozilla/plugins/libflashplayer.so
#4  0x00007f62aa3f8cae in ?? () from /usr/lib64/mozilla/plugins/libflashplayer.so
#5  0x0000003369407d15 in start_thread () from /lib64/libpthread.so.0
#6  0x0000003368cf22cd in clone () from /lib64/libc.so.6

Thread 4 (Thread 0x7f62a680f700 (LWP 29424)):
#0  0x000000336940b5e5 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
#1  0x00007f62aa3f84fc in ?? () from /usr/lib64/mozilla/plugins/libflashplayer.so
#2  0x00007f62aa0465f0 in ?? () from /usr/lib64/mozilla/plugins/libflashplayer.so
#3  0x00007f62aa3f875c in ?? () from /usr/lib64/mozilla/plugins/libflashplayer.so
#4  0x00007f62aa3f8cae in ?? () from /usr/lib64/mozilla/plugins/libflashplayer.so
#5  0x0000003369407d15 in start_thread () from /lib64/libpthread.so.0
#6  0x0000003368cf22cd in clone () from /lib64/libc.so.6

Thread 3 (Thread 0x7f62a5cd1700 (LWP 29425)):
#0  0x000000336940b952 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
#1  0x00007f62aa3f84d1 in ?? () from /usr/lib64/mozilla/plugins/libflashplayer.so
#2  0x00007f62aa35742d in ?? () from /usr/lib64/mozilla/plugins/libflashplayer.so
#3  0x00007f62aa3f875c in ?? () from /usr/lib64/mozilla/plugins/libflashplayer.so
#4  0x00007f62aa3f8cae in ?? () from /usr/lib64/mozilla/plugins/libflashplayer.so
#5  0x0000003369407d15 in start_thread () from /lib64/libpthread.so.0
#6  0x0000003368cf22cd in clone () from /lib64/libc.so.6

Thread 2 (Thread 0x7f62a4b04700 (LWP 29442)):
#0  0x0000003368ce97ed in poll () from /lib64/libc.so.6
#1  0x000000336c447d44 in g_main_context_iterate.isra.24 () from /usr/lib64/libglib-2.0.so.0
#2  0x000000336c4481a2 in g_main_loop_run () from /usr/lib64/libglib-2.0.so.0
#3  0x00000033744cc546 in gdbus_shared_thread_func () from /usr/lib64/libgio-2.0.so.0
#4  0x000000336c46b5f5 in g_thread_proxy () from /usr/lib64/libglib-2.0.so.0
#5  0x0000003369407d15 in start_thread () from /lib64/libpthread.so.0
#6  0x0000003368cf22cd in clone () from /lib64/libc.so.6

Thread 1 (Thread 0x7f631954d880 (LWP 1830)):
[KCrash Handler]
#5  WebPluginFactory::create (this=this@entry=0xd88dd70, _mimeType=..., url=..., argumentNames=..., argumentValues=...) at /usr/src/debug/kwebkitpart-1.3.0/src/webpluginfactory.cpp:208
#6  0x00000033943a1c8b in WebCore::FrameLoaderClientQt::createPlugin (this=0xe206a30, pluginSize=..., element=0xd9167f0, url=..., paramNames=..., paramValues=..., mimeType=..., loadManually=false) at WebCoreSupport/FrameLoaderClientQt.cpp:1575
#7  0x0000003394718fc6 in WebCore::SubframeLoader::loadPlugin (this=this@entry=0x7f62a8ae4b10, pluginElement=pluginElement@entry=0xd9167f0, url=..., mimeType=..., paramNames=..., paramValues=..., useFallback=false) at loader/SubframeLoader.cpp:363
#8  0x0000003394719194 in WebCore::SubframeLoader::requestPlugin (this=this@entry=0x7f62a8ae4b10, ownerElement=ownerElement@entry=0xd9167f0, url=..., mimeType=..., paramNames=..., paramValues=..., useFallback=false) at loader/SubframeLoader.cpp:122
#9  0x000000339471a0a6 in WebCore::SubframeLoader::requestObject (this=0x7f62a8ae4b10, ownerElement=0xd9167f0, url=..., frameName=..., mimeType=..., paramNames=..., paramValues=...) at loader/SubframeLoader.cpp:142
#10 0x00000033945f81fa in WebCore::HTMLEmbedElement::updateWidget (this=0xd9167f0, pluginCreationOption=<optimized out>) at html/HTMLEmbedElement.cpp:183
#11 0x000000339475e16f in WebCore::FrameView::updateWidget (this=<optimized out>, object=0x7f62949f0448) at page/FrameView.cpp:1938
#12 0x0000003394761442 in WebCore::FrameView::updateWidgets (this=this@entry=0x7f62a81a1000) at page/FrameView.cpp:1970
#13 0x00000033947615b9 in WebCore::FrameView::performPostLayoutTasks (this=0x7f62a81a1000) at page/FrameView.cpp:2014
#14 0x00000033947621df in WebCore::FrameView::layout (this=0x7f62a81a1000, allowSubtree=<optimized out>) at page/FrameView.cpp:1022
#15 0x00000033944f215a in WebCore::Document::updateLayoutIgnorePendingStylesheets (this=0x7f62906c8c00) at dom/Document.cpp:1611
#16 0x00000033945d9a6d in WebCore::HTMLBodyElement::scrollLeft (this=<optimized out>) at html/HTMLBodyElement.cpp:308
#17 0x0000003393f6b061 in WebCore::jsElementScrollLeft (exec=<optimized out>, slotBase=...) at ../../WebCore/generated/JSElement.cpp:380
#18 0x0000003393ee4154 in JSC::PropertySlot::getValue (this=<optimized out>, exec=<optimized out>, propertyName=...) at ../../JavaScriptCore/runtime/PropertySlot.h:75
#19 0x0000003394c544f6 in get (slot=..., propertyName=..., exec=<optimized out>, this=<optimized out>) at runtime/JSObject.h:760
#20 JSC::JSValue::get (this=<optimized out>, exec=0x7f62c77c8088, propertyName=..., slot=...) at runtime/JSObject.h:752
#21 0x0000003394c4883f in JSC::cti_op_get_by_id (args=0x7fffb6da78c0) at jit/JITStubs.cpp:1592
#22 0x00007f62c7efde38 in ?? ()
#23 0x0000000000000000 in ?? ()

Reported using DrKonqi
Comment 1 Dawit Alemayehu 2012-11-23 07:19:41 UTC 
Git commit 9b7a61ba77486e7ec096228be6fc1b229a1d94ab by Dawit Alemayehu.
Committed on 23/11/2012 at 08:18.
Pushed by adawit into branch 'master'.

Protect against potential random crashes.
FIXED-IN: 1.3.1
(cherry picked from commit 3b4a55087ae9cf230b0aea2d122c10f11b0acb91)

M  +4    -2    src/webpluginfactory.cpp

http://commits.kde.org/kwebkitpart/9b7a61ba77486e7ec096228be6fc1b229a1d94ab
Comment 2 Dawit Alemayehu 2012-11-23 07:27:37 UTC 
Git commit 3b4a55087ae9cf230b0aea2d122c10f11b0acb91 by Dawit Alemayehu.
Committed on 23/11/2012 at 08:18.
Pushed by adawit into tag 'v1.3.1'.

Protect against potential random crashes.
FIXED-IN: 1.3.1

M  +4    -2    src/webpluginfactory.cpp

http://commits.kde.org/kwebkitpart/3b4a55087ae9cf230b0aea2d122c10f11b0acb91