341213 – Konqueror hangs in infinite loop allocating and freeing memory

Bug 341213 - Konqueror hangs in infinite loop allocating and freeing memory

Summary: Konqueror hangs in infinite loop allocating and freeing memory

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	konqueror
Classification:	Applications
Component:	kjs (show other bugs)
Version:	4.13.3
Platform:	Ubuntu Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Konqueror Developers

URL:
Keywords:

Depends on:
Blocks:

Reported:	2014-11-24 07:48 UTC by phma
Modified:	2018-11-12 16:28 UTC (History)
CC List:	1 user (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description phma 2014-11-24 07:48:10 UTC

This happens sporadically and unpredictably with various websites.

strace looks like this:
munmap(0x7fd2e51c1000, 61440)           = 0
mmap(NULL, 126976, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd2e51b1000
munmap(0x7fd2e51b1000, 61440)           = 0
mmap(NULL, 126976, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd2e51a1000
munmap(0x7fd2e51a1000, 61440)           = 0
mmap(NULL, 126976, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd2e5191000
munmap(0x7fd2e5191000, 61440)           = 0
mmap(NULL, 126976, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd2e5181000
munmap(0x7fd2e5181000, 61440)           = 0
mmap(NULL, 126976, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd2e5171000
munmap(0x7fd2e5171000, 61440)           = 0
mmap(NULL, 126976, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd2e5161000
munmap(0x7fd2e5161000, 61440)           = 0
mmap(NULL, 126976, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd2e5151000
munmap(0x7fd2e5151000, 61440)           = 0
mmap(NULL, 126976, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd2e5141000
munmap(0x7fd2e5141000, 61440)           = 0
mmap(NULL, 126976, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd2e5131000
munmap(0x7fd2e5131000, 61440)           = 0
mmap(NULL, 126976, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd2e5101000
munmap(0x7fd2e5101000, 61440)           = 0
mmap(NULL, 126976, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd2e50f1000
munmap(0x7fd2e50f1000, 61440)           = 0
munmap(0x7fd2e5120000, 65536)           = 0
munmap(0x7fd313160000, 65536)           = 0
munmap(0x7fd2e5110000, 65536)           = 0
munmap(0x7fd2e5140000, 65536)           = 0
munmap(0x7fd2e5150000, 65536)           = 0
munmap(0x7fd2e5160000, 65536)           = 0
munmap(0x7fd2e5170000, 65536)           = 0
munmap(0x7fd2e5180000, 65536)           = 0
munmap(0x7fd2e5190000, 65536)           = 0
munmap(0x7fd2e51a0000, 65536)           = 0
munmap(0x7fd2e51b0000, 65536)           = 0
munmap(0x7fd2e51c0000, 65536)           = 0
munmap(0x7fd2e51d0000, 65536)           = 0
munmap(0x7fd2e51e0000, 65536)           = 0
munmap(0x7fd2e51f0000, 65536)           = 0
munmap(0x7fd2e5200000, 65536)           = 0
munmap(0x7fd2e5210000, 65536)           = 0
munmap(0x7fd2e5220000, 65536)           = 0
munmap(0x7fd2e5230000, 65536)           = 0
munmap(0x7fd2e5240000, 65536)           = 0
munmap(0x7fd2e5250000, 65536)           = 0
munmap(0x7fd2e5260000, 65536)           = 0
munmap(0x7fd2e5270000, 65536)           = 0
munmap(0x7fd2e5280000, 65536)           = 0
munmap(0x7fd2e5290000, 65536)           = 0
munmap(0x7fd2e52a0000, 65536)           = 0
munmap(0x7fd2e52b0000, 65536)           = 0
munmap(0x7fd2e52c0000, 65536)           = 0
munmap(0x7fd2e52d0000, 65536)           = 0
munmap(0x7fd2e52e0000, 65536)           = 0
munmap(0x7fd2e52f0000, 65536)           = 0
munmap(0x7fd2e5300000, 65536)           = 0
munmap(0x7fd2e5310000, 65536)           = 0
munmap(0x7fd2e5320000, 65536)           = 0
munmap(0x7fd2e5330000, 65536)           = 0
munmap(0x7fd2e5340000, 65536)           = 0
munmap(0x7fd2e5350000, 65536)           = 0
munmap(0x7fd2e5360000, 65536)           = 0
munmap(0x7fd2e5370000, 65536)           = 0
munmap(0x7fd2e5380000, 65536)           = 0
munmap(0x7fd2e5390000, 65536)           = 0
munmap(0x7fd2e53a0000, 65536)           = 0
munmap(0x7fd2e53b0000, 65536)           = 0
munmap(0x7fd2e53c0000, 65536)           = 0
munmap(0x7fd2e53d0000, 65536)           = 0
munmap(0x7fd2e53e0000, 65536)           = 0
munmap(0x7fd2e53f0000, 65536)           = 0
munmap(0x7fd2e5400000, 65536)           = 0
munmap(0x7fd2e5410000, 65536)           = 0
munmap(0x7fd2e5420000, 65536)           = 0
munmap(0x7fd2e5430000, 65536)           = 0
munmap(0x7fd2e5440000, 65536)           = 0
munmap(0x7fd2e5450000, 65536)           = 0
munmap(0x7fd2e5460000, 65536)           = 0
munmap(0x7fd2e5470000, 65536)           = 0
munmap(0x7fd2e5480000, 65536)           = 0
munmap(0x7fd2e5490000, 65536)           = 0
munmap(0x7fd2e54a0000, 65536)           = 0
munmap(0x7fd2e54b0000, 65536)           = 0
munmap(0x7fd2e54c0000, 65536)           = 0
munmap(0x7fd2e54d0000, 65536)           = 0
munmap(0x7fd2e54e0000, 65536)           = 0
munmap(0x7fd2e54f0000, 65536)           = 0
munmap(0x7fd2e5500000, 65536)           = 0
munmap(0x7fd2e5510000, 65536)           = 0
munmap(0x7fd2e5520000, 65536)           = 0
munmap(0x7fd2e5530000, 65536)           = 0
munmap(0x7fd2e5540000, 65536)           = 0
munmap(0x7fd2e5550000, 65536)           = 0
munmap(0x7fd2e5560000, 65536)           = 0
munmap(0x7fd2e5570000, 65536)           = 0
munmap(0x7fd2e5580000, 65536)           = 0
munmap(0x7fd2e5590000, 65536)           = 0
munmap(0x7fd2e55a0000, 65536)           = 0
munmap(0x7fd2e55b0000, 65536)           = 0
munmap(0x7fd2e55c0000, 65536)           = 0
munmap(0x7fd2e55d0000, 65536)           = 0
munmap(0x7fd2e55e0000, 65536)           = 0
munmap(0x7fd2e55f0000, 65536)           = 0
munmap(0x7fd2e5600000, 65536)           = 0
munmap(0x7fd2e5610000, 65536)           = 0
munmap(0x7fd2e5620000, 65536)           = 0
munmap(0x7fd2e5630000, 65536)           = 0
munmap(0x7fd2e5640000, 65536)           = 0

Backtrace:
(gdb) where
#0  _int_malloc (av=0x7fd3343ea760 <main_arena>, bytes=16) at malloc.c:3792
#1  0x00007fd3340ae230 in __GI___libc_malloc (bytes=16) at malloc.c:2891
#2  0x00007fd31a024ea0 in fastMalloc (n=16) at ../../kjs/wtf/FastMalloc.h:37
#3  KJS::ArrayInstance::ArrayInstance (this=0x7fd2e547b640, 
    prototype=<optimized out>, list=...) at ../../kjs/array_instance.cpp:120
#4  0x00007fd31a021154 in KJS::ArrayObjectImp::construct (
    this=<optimized out>, exec=<optimized out>, args=...)
    at ../../kjs/array_object.cpp:706
#5  0x00007fd31a04bd61 in KJS::Machine::runBlock (exec=0x7fff957798c0, 
    codeBlock=..., parentExec=0x7fd3343ea768 <main_arena+8>, 
    parentExec@entry=0x7fff95779ba0) at codes.def:873
#6  0x00007fd31a02ff71 in KJS::FunctionImp::callAsFunction (
    this=0x7fd310094100, exec=0x7fff95779ba0, thisObj=<optimized out>, 
    args=...) at ../../kjs/function.cpp:171
#7  0x00007fd31a04b9cd in call (args=..., thisObj=<optimized out>, 
    exec=<optimized out>, this=<optimized out>) at ../../kjs/object.h:632
#8  KJS::Machine::runBlock (exec=0x7fff95779ba0, codeBlock=..., 
    parentExec=0x7fd3343ea768 <main_arena+8>, parentExec@entry=0x7fff95779e80)
    at codes.def:1233
#9  0x00007fd31a02ff71 in KJS::FunctionImp::callAsFunction (
    this=0x7fd31bfba140, exec=0x7fff95779e80, thisObj=<optimized out>, 
    args=...) at ../../kjs/function.cpp:171
#10 0x00007fd31a04b9cd in call (args=..., thisObj=<optimized out>, 
    exec=<optimized out>, this=<optimized out>) at ../../kjs/object.h:632
#11 KJS::Machine::runBlock (exec=0x7fff95779e80, codeBlock=..., 
    parentExec=0x7fd3343ea768 <main_arena+8>, parentExec@entry=0x284b6070)
    at codes.def:1233
#12 0x00007fd31a02ff71 in KJS::FunctionImp::callAsFunction (
    this=0x7fd31bfba2c0, exec=0x284b6070, thisObj=<optimized out>, args=...)
    at ../../kjs/function.cpp:171
#13 0x00007fd31a02e36d in KJS::BoundFunction::callAsFunction (
    this=<optimized out>, exec=0x284b6070, extraArgs=...)
    at ../../kjs/function.cpp:409
#14 0x00007fd31abd5e10 in call (args=..., thisObj=0x7fd318084c80, 
    exec=0x284b6070, this=<optimized out>) at ../../kjs/object.h:632
#15 KJS::ScheduledAction::execute (this=0x2f9c2140, window=0x7fd318084c80)
    at ../../khtml/ecma/kjs_window.cpp:2504
#16 0x00007fd31abd6041 in KJS::WindowQObject::timerEvent (this=0x253ff220)
    at ../../khtml/ecma/kjs_window.cpp:2679
#17 0x00007fd330d58a31 in QObject::event (this=0x253ff220, e=<optimized out>)
    at kernel/qobject.cpp:1156
#18 0x00007fd331732e2c in QApplicationPrivate::notify_helper (
    this=this@entry=0x19802d0, receiver=receiver@entry=0x253ff220, e=e@entry=
    0x7fff9577a4d0) at kernel/qapplication.cpp:4567
#19 0x00007fd3317394a0 in QApplication::notify (
    this=this@entry=0x7fff9577a920, receiver=receiver@entry=0x253ff220, 
    e=e@entry=0x7fff9577a4d0) at kernel/qapplication.cpp:4353
#20 0x00007fd33243dd1a in KApplication::notify (this=0x7fff9577a920, 
    receiver=0x253ff220, event=0x7fff9577a4d0)
    at ../../kdeui/kernel/kapplication.cpp:311
#21 0x00007fd330d404dd in QCoreApplication::notifyInternal (this=
    0x7fff9577a920, receiver=0x253ff220, event=0x7fff9577a4d0)
    at kernel/qcoreapplication.cpp:953
#22 0x00007fd330d70323 in sendEvent (event=<optimized out>, 
    receiver=<optimized out>)
    at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:231
#23 QTimerInfoList::activateTimers (this=0x1988fd0)
    at kernel/qeventdispatcher_unix.cpp:621
#24 0x00007fd330d6d5f1 in timerSourceDispatch (source=<optimized out>)
    at kernel/qeventdispatcher_glib.cpp:193
#25 0x00007fd32d042e04 in g_main_context_dispatch ()
   from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#26 0x00007fd32d043048 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#27 0x00007fd32d0430ec in g_main_context_iteration ()
   from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#28 0x00007fd330d6d7a1 in QEventDispatcherGlib::processEvents (this=0x1944b50, 
    flags=...) at kernel/qeventdispatcher_glib.cpp:434
#29 0x00007fd3317d4bb6 in QGuiEventDispatcherGlib::processEvents (
    this=<optimized out>, flags=...) at kernel/qguieventdispatcher_glib.cpp:204
#30 0x00007fd330d3f0af in QEventLoop::processEvents (this=this@entry=
    0x7fff9577a740, flags=...) at kernel/qeventloop.cpp:149
#31 0x00007fd330d3f3a5 in QEventLoop::exec (this=this@entry=0x7fff9577a740, 
    flags=...) at kernel/qeventloop.cpp:204
#32 0x00007fd330d44b79 in QCoreApplication::exec ()
    at kernel/qcoreapplication.cpp:1225
#33 0x00007fd33173137c in QApplication::exec () at kernel/qapplication.cpp:3828
#34 0x00007fd3344a2e4e in kdemain (argc=<optimized out>, argv=<optimized out>)
    at ../../../konqueror/src/konqmain.cpp:227
#35 0x00007fd33404cec5 in __libc_start_main (
    main=0x4006d0 <main(int, char**)>, argc=2, argv=0x7fff9577aac8, 
    init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, 
    stack_end=0x7fff9577aab8) at libc-start.c:287
#36 0x00000000004006fe in _start ()

Konqueror does not respond to any sort of clicking or dragging on its window, but dies when sent an ALRM signal.

Reproducible: Sometimes

Steps to Reproduce:
Beats me. Sometimes it happens when I'm not looking. It just happened while I was scrolling a webpage.



Exact version is 4.13.3-0ubuntu0.1 on a 64-bit Core I7.

Comment 1 Andrew Crouthamel 2018-10-31 03:57:02 UTC

Dear Bug Submitter,

This bug has been stagnant for a long time. Could you help us out and re-test if the bug is valid in the latest version? I am setting the status to NEEDSINFO pending your response, please change the Status back to REPORTED when you respond.

Thank you for helping us make KDE software even better for everyone!

Comment 2 phma 2018-11-12 06:18:26 UTC

I haven't seen this happen lately. As all Konqueror windows are now run by the same process, which was not the case in Artful, if this bug happened, it would hang all the windows at once.

Comment 3 Andrew Crouthamel 2018-11-12 16:28:42 UTC

Thanks for the update!