Bug 116157 - konqueror crashes because of "corrupted double-linked list"
Summary: konqueror crashes because of "corrupted double-linked list"
Status: RESOLVED DUPLICATE of bug 116176
Alias: None
Product: konqueror
Classification: Applications
Component: general (show other bugs)
Version: unspecified
Platform: openSUSE Linux
: NOR crash
Target Milestone: ---
Assignee: Konqueror Developers
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-11-12 03:24 UTC by Roland Wolters
Modified: 2006-01-13 11:59 UTC (History)
1 user (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Roland Wolters 2005-11-12 03:24:22 UTC
Version:            (using KDE KDE 3.5.0)
Installed from:    SuSE RPMs
OS:                Linux

Since my update to KDE 3.5rc1 I have crahes when I try to access several wikipedia pages. One example with a crash every time:
http://de.wikipedia.org/wiki/Wikipedia:Kandidaten_für_exzellente_Artikel

If I start konqueror from konsole, I see this message:
$ konqueror
*** glibc detected *** corrupted double-linked list: 0x402158d8 ***
Der Wecker klingelt

Sometimes I see this:
$ konqueror
Try to load libthai dynamically...
Error, can't load libthai...
*** glibc detected *** corrupted double-linked list: 0x402158d8 ***
Der Wecker klingelt

By the way, "Der Wecker klingelt" is a german phrase and means something like "the alarmclock rings" - what's that? :)
Comment 1 Thiago Macieira 2005-11-12 04:18:03 UTC
No crash on 477777.

"Alarmclock" = the program received a SIGALARM.
Comment 2 Roland Wolters 2005-11-12 08:28:19 UTC
What means 477777?
Comment 3 Thiago Macieira 2005-11-12 13:59:29 UTC
Subversion revision 477777.
Comment 4 Roland Wolters 2005-11-12 19:36:04 UTC
I would like to tets a new package if someone could provide a new/updated one for suse.

I tested in this time with two other users (su - otheruser), and got some more information: the libthai-error can occur without browser crashes, so it looks like there is no connection.

And - if I switch with console to another user, start konqueror, and call this url, I get:

*** glibc detected *** corrupted double-linked list: 0x402158d8 ***
Alarm clock
kio (KIOConnection): ERROR: Header read failed, errno=104
kio (KIOConnection): ERROR: Header has invalid size (-1)
kio (KIOConnection): ERROR: Header read failed, errno=104
kio (KIOConnection): ERROR: Header has invalid size (-1)
kio (KIOConnection): ERROR: Header read failed, errno=104
kio (KIOConnection): ERROR: Header has invalid size (-1)
Comment 5 Maksim Orlovich 2005-11-12 19:45:52 UTC
Please try to run it in gdb, and paste the backtrace. Let me know if you need detailed instructions for that
Comment 6 Roland Wolters 2005-11-12 20:49:32 UTC
Here is the output (only net of the standard greeting message of gdb and some no debugging message):

$ gdb konqueror
(gdb) run
Starting program: /opt/kde3/bin/konqueror
(no debugging symbols found)
/* repeated 19 times */
[Thread debugging using libthread_db enabled]
[New Thread 1097199552 (LWP 27873)]
(no debugging symbols found)
*** glibc detected *** corrupted double-linked list: 0x402158d8 ***

Program received signal SIGABRT, Aborted.
[Switching to Thread 1097199552 (LWP 27873)]
0xffffe410 in __kernel_vsyscall ()

If you need more information or other use of gdb, I need instructions.
Comment 7 Maksim Orlovich 2005-11-12 20:53:48 UTC
OK, you got 99% there :-). Just give the 'bt' command once it crashes
Comment 8 Roland Wolters 2005-11-12 21:12:35 UTC
This time it asked me to press enter or q - I pressed enter:
(only the important part)

[Thread debugging using libthread_db enabled]
[New Thread 1097199552 (LWP 31828)]
(no debugging symbols found)
*** glibc detected *** corrupted double-linked list: 0x402158d8 ***

Program received signal SIGABRT, Aborted.
---Type <return> to continue, or q <return> to quit---
[Switching to Thread 1097199552 (LWP 31828)]
0xffffe410 in __kernel_vsyscall ()
(gdb) bt
#0  0xffffe410 in __kernel_vsyscall ()
#1  0x40120541 in raise () from /lib/tls/libc.so.6
#2  0x40121dbb in abort () from /lib/tls/libc.so.6
#3  0x401568b5 in __libc_message () from /lib/tls/libc.so.6
#4  0x4015c842 in malloc_printerr () from /lib/tls/libc.so.6
#5  0x4015c94f in malloc_consolidate () from /lib/tls/libc.so.6
#6  0x402158b4 in main_arena () from /lib/tls/libc.so.6
#7  0x402158c4 in main_arena () from /lib/tls/libc.so.6
#8  0x08908788 in ?? ()
#9  0x402158d8 in main_arena () from /lib/tls/libc.so.6
#10 0x00000000 in ?? ()
#11 0x00000000 in ?? ()
#12 0x40213ff4 in ?? () from /lib/tls/libc.so.6
#13 0x402158a0 in mp_ () from /lib/tls/libc.so.6
#14 0x00000000 in ?? ()
#15 0xbfc2709c in ?? ()
#16 0x4015d534 in _int_malloc () from /lib/tls/libc.so.6
Previous frame inner to this frame (corrupt stack?)
Comment 9 Stephan Binner 2005-11-17 15:49:17 UTC

*** This bug has been marked as a duplicate of 116176 ***
Comment 10 Torrie Fischer 2005-12-18 15:03:59 UTC
I get the same thing here, using the kde-redhat-testing repo version for Fedore Core 4, but with a slightly more detailed backtrace in the console.

*** glibc detected *** konqueror: corrupted double-linked list: 0x002d58b8 ***
======= Backtrace: =========
/lib/libc.so.6[0x21056f]
/lib/libc.so.6[0x211796]
/lib/libc.so.6(malloc+0x74)[0x212ec8]
/usr/X11R6/lib/libXft.so.2(XftFontOpenInfo+0x2c2)[0x605d17]
/usr/X11R6/lib/libXft.so.2(XftFontOpenPattern+0x44)[0x606cb6]
/usr/lib/qt-3.3/lib/libqt-mt.so.3[0x258dd67]
/usr/lib/qt-3.3/lib/libqt-mt.so.3(_ZN13QFontDatabase8findFontEN5QFont6ScriptEPK12QFontPrivateRK8QFontDefi+0x2fa)[0x25953a0]
/usr/lib/qt-3.3/lib/libqt-mt.so.3(_ZN12QFontPrivate4loadEN5QFont6ScriptE+0x463)[0x2512757]
/usr/lib/qt-3.3/lib/libqt-mt.so.3(_ZNK11QTextEngine5shapeEi+0x1d3)[0x266939f]
/usr/lib/qt-3.3/lib/libqt-mt.so.3(_ZN11QTextLayout11currentItemEv+0x53)[0x266791f]
/usr/lib/qt-3.3/lib/libqt-mt.so.3(_Z14qt_format_textRK5QFontRK5QRectiRK7QStringiPS2_iPiiPP10QTextParagP8QPainter+0x4f5)[0x25d62d7]
/usr/lib/qt-3.3/lib/libqt-mt.so.3(_ZN8QPainter8drawTextERK5QRectiRK7QStringiPS0_PP10QTextParag+0x8e)[0x25d6f0e]
/usr/lib/libkdeinit_konqueror.so(_ZN22KonqComboListBoxPixmap5paintEP8QPainter+0x399)[0x8a82b5]
/usr/lib/qt-3.3/lib/libqt-mt.so.3(_ZN8QListBox9paintCellEP8QPainterii+0x1d4)[0x26b1ab0]
/usr/lib/qt-3.3/lib/libqt-mt.so.3(_ZN8QListBox18viewportPaintEventEP11QPaintEvent+0x5dc)[0x26aeffe]
/usr/lib/qt-3.3/lib/libqt-mt.so.3(_ZN11QScrollView11eventFilterEP7QObjectP6QEvent+0xf4)[0x26f270e]
/usr/lib/qt-3.3/lib/libqt-mt.so.3(_ZN8QListBox11eventFilterEP7QObjectP6QEvent+0x2b)[0x26ab14f]
/usr/lib/libkdeui.so.4(_ZN14KCompletionBox11eventFilterEP7QObjectP6QEvent+0x42)[0x7a1b43a]
/usr/lib/qt-3.3/lib/libqt-mt.so.3(_ZN12QApplication14internalNotifyEP7QObjectP6QEvent+0x58)[0x256816e]
/usr/lib/qt-3.3/lib/libqt-mt.so.3(_ZN12QApplication6notifyEP7QObjectP6QEvent+0xb2)[0x2568ad6]
/usr/lib/libkdecore.so.4(_ZN12KApplication6notifyEP7QObjectP6QEvent+0x1ef)[0x74f4c7d]
/usr/lib/qt-3.3/lib/libqt-mt.so.3(_ZN9QETWidget19translatePaintEventEPK7_XEvent+0x376)[0x24f42e2]
/usr/lib/qt-3.3/lib/libqt-mt.so.3(_ZN12QApplication15x11ProcessEventEP7_XEvent+0xb67)[0x24fc8e5]
/usr/lib/qt-3.3/lib/libqt-mt.so.3(_ZN10QEventLoop13processEventsEj+0x238)[0x2510ae8]
/usr/lib/qt-3.3/lib/libqt-mt.so.3(_ZN10QEventLoop9enterLoopEv+0xad)[0x258082b]
/usr/lib/qt-3.3/lib/libqt-mt.so.3(_ZN10QEventLoop4execEv+0x26)[0x2580736]
/usr/lib/qt-3.3/lib/libqt-mt.so.3(_ZN12QApplication4execEv+0x1f)[0x2567b79]
/usr/lib/libkdeinit_konqueror.so(kdemain+0x4c9)[0x8e2341]
/lib/libc.so.6(__libc_start_main+0xdf)[0x1c250f]
konqueror[0x80483e5]
======= Memory map: ========
00111000-00123000 r-xp 00000000 fd:00 3045823    /usr/lib/libz.so.1.2.2.2
00123000-00124000 rwxp 00011000 fd:00 3045823    /usr/lib/libz.so.1.2.2.2
00124000-00132000 r-xp 00000000 fd:00 7503913    /lib/libpthread-2.3.90.so
00132000-00133000 r-xp 0000d000 fd:00 7503913    /lib/libpthread-2.3.90.so
00133000-00134000 rwxp 0000e000 fd:00 7503913    /lib/libpthread-2.3.90.so
00134000-00136000 rwxp 00134000 00:00 0
00136000-00144000 r-xp 00000000 fd:00 3045805    /usr/X11R6/lib/libXext.so.6.4
00144000-00145000 rwxp 0000e000 fd:00 3045805    /usr/X11R6/lib/libXext.so.6.4
00145000-0015c000 r-xp 00000000 fd:00 3045767    /usr/X11R6/lib/libICE.so.6.3
0015c000-0015d000 rwxp 00016000 fd:00 3045767    /usr/X11R6/lib/libICE.so.6.3
0015d000-0015f000 rwxp 0015d000 00:00 0
0015f000-0017c000 r-xp 00000000 fd:00 3045841    /usr/lib/libexpat.so.0.5.0
0017c000-0017e000 rwxp 0001c000 fd:00 3045841    /usr/lib/libexpat.so.0.5.0
0017e000-0017f000 r-xp 00000000 fd:00 3100920    /usr/X11R6/lib/X11/locale/lib/common/xlcUTF8Load.so.2
0017f000-00180000 rwxp 00000000 fd:00 3100920    /usr/X11R6/lib/X11/locale/lib/common/xlcUTF8Load.so.2
00180000-0018b000 r-xp 00000000 fd:00 3297635    /usr/lib/qt-3.3/plugins/inputmethods/libqxim.so
0018b000-0018c000 rwxp 0000a000 fd:00 3297635    /usr/lib/qt-3.3/plugins/inputmethods/libqxim.so
0018c000-0018d000 r-xp 00000000 fd:00 3215715    /usr/lib/kde3/libkhtmlpart.so
0018d000-0018e000 rwxp 00000000 fd:00 3215715    /usr/lib/kde3/libkhtmlpart.so
00190000-001a9000 r-xp 00000000 fd:00 7503888    /lib/ld-2.3.90.sAlarm clock

As for me, this crash happens when I type "do" as in "doc.trolltech.com" into the address bar. Typing "d" brings down a list, and the "o" crashes it. It hasn't failed with other letter permutations though.