Ubuntu
kdebase package

race condition in konqueror, backtrace shows XUnlockDisplay in libx11 as possible cause

Bug #20271 reported by Tobi Vollebregt
10
Affects Status Importance Assigned to Milestone
kdebase (Ubuntu)
Fix Released
Medium
Kubuntu Bugs

Bug Description

I've been experiencing random crashes of konqueror when opening new documents or webpages. I captured 3
backtraces, two identical (besides function addresses of course).

By examining the first approx. 5 function calls of the backtraces I conclude this is a race condition in
libx11, triggered by konqueror.

As almost always with race conditions, it's very hard to reproduce them, so I can not (yet) provide a testcase
which has a high probability of reproducing the problem.

The next race condition happened twice when right clicking just after opening a website with embedded ASF
video object.
(http://portal.omroep.nl/mplayer?&nav=vvnvGsHEbGcZtHjIjF&omroep=ogssGsHEbGcZtHjPpDqJ&mpstream=wmbb&mpurl=http%3A%2F%2Fcgi.omroep.nl%2Fcgi-bin%2Fstreams%3F%2Ftv%2Frkk%2Fkruispunt%2Fbb.20050821.asf&titel=WJD+journaal%3A+De+finale&afb=http%3A%2F%2Fwww.katholieknederland.nl%2Fimages%2Frtv_imglib%2Frtv_2375_wjdlogo.jpg&body=De+grote+finale%2C+wanneer+%E9%E9n+miljoen+jongeren+de+nacht+doorbrengen+in+het+open+veld+en+daar+wakend+de+uren+doorbrengen+om+in+de+ochtend+de+eucharistieviering+met+de+nieuwe+paus+Benedictus+XVI+bij+te+wonen.
+&progurl=http%3A%2F%2Fwww.katholieknederland.nl%2Fkruispunt%2Farchief%2F2005%2Fdetail_objectID2400.html)

Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1".
`system-supplied DSO at 0xffffe000' has disappeared; keeping its symbols.
[Thread debugging using libthread_db enabled]
[New Thread -1231984960 (LWP 12815)]
[KCrash handler]
#4 0xb72e2ea4 in pthread_mutex_lock ()
   from /lib/tls/i686/cmov/libpthread.so.0
#5 0xb7d03cbe in pthread_mutex_lock () from /lib/tls/i686/cmov/libc.so.6
#6 0xb6aafc4c in XUnlockDisplay () from /usr/lib/libX11.so.6
#7 0xb6acb0bd in XrmEnumerateDatabase () from /usr/lib/libX11.so.6
#8 0xb6aaf135 in XKeysymToString () from /usr/lib/libX11.so.6
#9 0xb7443575 in KKeyServer::Sym::toString () from /usr/lib/libkdecore.so.4
#10 0xb7443af3 in KKeyServer::Sym::toStringInternal ()
   from /usr/lib/libkdecore.so.4
#11 0xb7443b97 in KKey::toStringInternal () from /usr/lib/libkdecore.so.4
#12 0xb744472d in KKeySequence::toStringInternal ()
   from /usr/lib/libkdecore.so.4
#13 0xb744601c in KShortcut::toStringInternal () from /usr/lib/libkdecore.so.4
#14 0xb7446339 in KAccelBase::insertConnection ()
   from /usr/lib/libkdecore.so.4
#15 0xb744ff93 in KAccelBase::insert () from /usr/lib/libkdecore.so.4
#16 0xb745031f in KAccel::insert () from /usr/lib/libkdecore.so.4
#17 0xb773786a in KAction::updateKAccelShortcut () from /usr/lib/libkdeui.so.4
#18 0xb7737bd6 in KAction::insertKAccel () from /usr/lib/libkdeui.so.4
#19 0xb7737d2c in KAction::plugShortcut () from /usr/lib/libkdeui.so.4
#20 0xb7737d71 in KAction::plug () from /usr/lib/libkdeui.so.4
#21 0xb7738e3b in KToolBarPopupAction::plug () from /usr/lib/libkdeui.so.4
#22 0xb7685365 in KXMLGUI::BuildHelper::processActionElement ()
   from /usr/lib/libkdeui.so.4
#23 0xb77163bb in KXMLGUI::BuildHelper::processActionOrCustomElement ()
   from /usr/lib/libkdeui.so.4
#24 0xb77971f5 in KXMLGUI::BuildHelper::processElement ()
   from /usr/lib/libkdeui.so.4
#25 0xb7797481 in KXMLGUI::BuildHelper::build () from /usr/lib/libkdeui.so.4
#26 0xb7796cf0 in KXMLGUI::BuildHelper::processContainerElement ()
   from /usr/lib/libkdeui.so.4
#27 0xb77973a4 in KXMLGUI::BuildHelper::processElement ()
   from /usr/lib/libkdeui.so.4
#28 0xb7797481 in KXMLGUI::BuildHelper::build () from /usr/lib/libkdeui.so.4
#29 0xb779785c in KXMLGUIFactory::addClient () from /usr/lib/libkdeui.so.4
#30 0xb7c0c6e8 in KonqPopupMenu::setup () from /usr/lib/libkonq.so.4
#31 0xb7c0fca5 in KonqPopupMenu::init () from /usr/lib/libkonq.so.4
#32 0xb7c0fe64 in KonqPopupMenu::KonqPopupMenu () from /usr/lib/libkonq.so.4
#33 0xb7ee0758 in KonqMainWindow::slotPopupMenu ()
   from /usr/lib/libkdeinit_konqueror.so
#34 0xb7ee180d in KonqMainWindow::slotPopupMenu ()
   from /usr/lib/libkdeinit_konqueror.so
#35 0xb7f1aa9d in KonqMainWindow::qt_invoke ()
   from /usr/lib/libkdeinit_konqueror.so
#36 0xb6dd9d52 in QObject::activate_signal () from /usr/lib/libqt-mt.so.3
#37 0xb7b35fa9 in KParts::BrowserExtension::popupMenu ()
   from /usr/lib/libkparts.so.2
#38 0xb636ab86 in KHTMLPart::popupMenu () from /usr/lib/libkhtml.so.4
#39 0xb636c493 in KHTMLPart::khtmlMousePressEvent ()
   from /usr/lib/libkhtml.so.4
#40 0xb631d6d1 in KHTMLPart::customEvent () from /usr/lib/libkhtml.so.4
#41 0xb6dd9ba9 in QObject::event () from /usr/lib/libqt-mt.so.3
#42 0xb6d80453 in QApplication::internalNotify () from /usr/lib/libqt-mt.so.3
#43 0xb6d80c7c in QApplication::notify () from /usr/lib/libqt-mt.so.3
#44 0xb7466ae7 in KApplication::notify () from /usr/lib/libkdecore.so.4
#45 0xb6331491 in KHTMLView::viewportMousePressEvent ()
   from /usr/lib/libkhtml.so.4
#46 0xb6edf9f8 in QScrollView::eventFilter () from /usr/lib/libqt-mt.so.3
#47 0xb63267ea in KHTMLView::eventFilter () from /usr/lib/libkhtml.so.4
#48 0xb6dd9adc in QObject::activate_filters () from /usr/lib/libqt-mt.so.3
#49 0xb6dd9b3f in QObject::event () from /usr/lib/libqt-mt.so.3
#50 0xb6e0f6ce in QWidget::event () from /usr/lib/libqt-mt.so.3
#51 0xb6d80453 in QApplication::internalNotify () from /usr/lib/libqt-mt.so.3
#52 0xb6d81433 in QApplication::notify () from /usr/lib/libqt-mt.so.3
#53 0xb7466ae7 in KApplication::notify () from /usr/lib/libkdecore.so.4
#54 0xb6d1e7d1 in QETWidget::translateMouseEvent ()
   from /usr/lib/libqt-mt.so.3
#55 0xb6d1dda0 in QApplication::x11ProcessEvent () from /usr/lib/libqt-mt.so.3
#56 0xb6d30264 in QEventLoop::processEvents () from /usr/lib/libqt-mt.so.3
#57 0xb6d95bf2 in QEventLoop::enterLoop () from /usr/lib/libqt-mt.so.3
#58 0xb6d95b16 in QEventLoop::exec () from /usr/lib/libqt-mt.so.3
#59 0xb6d7fea1 in QApplication::exec () from /usr/lib/libqt-mt.so.3
#60 0xb7f14f79 in kdemain () from /usr/lib/libkdeinit_konqueror.so
#61 0xb7c42ea2 in __libc_start_main () from /lib/tls/i686/cmov/libc.so.6

The following backtrace happened when opening a local pdf file (embedded) while browsing my local file system.

Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1".
`system-supplied DSO at 0xffffe000' has disappeared; keeping its symbols.
[Thread debugging using libthread_db enabled]
[New Thread -1231530304 (LWP 13591)]
[KCrash handler]
#4 0xb7351ea4 in pthread_mutex_lock ()
   from /lib/tls/i686/cmov/libpthread.so.0
#5 0xb7d72cbe in pthread_mutex_lock () from /lib/tls/i686/cmov/libc.so.6
#6 0xb6b1ec4c in XUnlockDisplay () from /usr/lib/libX11.so.6
#7 0xb6b3c141 in XrmQGetResource () from /usr/lib/libX11.so.6
#8 0xb6b2cd19 in XStringToKeysym () from /usr/lib/libX11.so.6
#9 0xb7456e84 in KKeyServer::Sym::init () from /usr/lib/libkdecore.so.4
#10 0xb7472f18 in KKey::init () from /usr/lib/libkdecore.so.4
#11 0xb7472f9a in KKey::KKey () from /usr/lib/libkdecore.so.4
#12 0xb7473100 in KKeySequence::init () from /usr/lib/libkdecore.so.4
#13 0xb74732a7 in KShortcut::init () from /usr/lib/libkdecore.so.4
#14 0xb747371c in KShortcut::KShortcut () from /usr/lib/libkdecore.so.4
#15 0xb5612d1d in KPDF::Part::Part () from /usr/lib/kde3/libkpdfpart.so
#16 0xb5617a60 in KParts::GenericFactory<KPDF::Part>::createPartObject ()
   from /usr/lib/kde3/libkpdfpart.so
#17 0xb7ba13b3 in KParts::Factory::createPart () from /usr/lib/libkparts.so.2
#18 0xb7f363a7 in KonqViewFactory::create ()
   from /usr/lib/libkdeinit_konqueror.so
#19 0xb7f62027 in KonqFrame::attach () from /usr/lib/libkdeinit_konqueror.so
#20 0xb7f6215d in KonqView::switchView ()
   from /usr/lib/libkdeinit_konqueror.so
#21 0xb7f6ce74 in KonqView::changeViewMode ()
   from /usr/lib/libkdeinit_konqueror.so
#22 0xb7f7230c in KonqMainWindow::openView ()
   from /usr/lib/libkdeinit_konqueror.so
#23 0xb7f73c2b in KonqMainWindow::openURL ()
   from /usr/lib/libkdeinit_konqueror.so
#24 0xb7f76698 in KonqMainWindow::openURL ()
   from /usr/lib/libkdeinit_konqueror.so
#25 0xb7f87670 in KonqMainWindow::slotOpenURLRequest ()
   from /usr/lib/libkdeinit_konqueror.so
#26 0xb7f89b93 in KonqMainWindow::qt_invoke ()
   from /usr/lib/libkdeinit_konqueror.so
#27 0xb6e48d52 in QObject::activate_signal () from /usr/lib/libqt-mt.so.3
#28 0xb7ba468d in KParts::BrowserExtension::openURLRequestDelayed ()
   from /usr/lib/libkparts.so.2
#29 0xb7bb1105 in KParts::BrowserExtension::slotEmitOpenURLRequestDelayed ()
   from /usr/lib/libkparts.so.2
#30 0xb7bb1278 in KParts::BrowserExtension::qt_invoke ()
   from /usr/lib/libkparts.so.2
#31 0xb57b8a77 in IconViewBrowserExtension::qt_invoke ()
   from /usr/lib/kde3/konq_iconview.so
#32 0xb6e48d52 in QObject::activate_signal () from /usr/lib/libqt-mt.so.3
#33 0xb71588dc in QSignal::signal () from /usr/lib/libqt-mt.so.3
#34 0xb6e63999 in QSignal::activate () from /usr/lib/libqt-mt.so.3
#35 0xb6e6a959 in QSingleShotTimer::event () from /usr/lib/libqt-mt.so.3
#36 0xb6def453 in QApplication::internalNotify () from /usr/lib/libqt-mt.so.3
#37 0xb6defc7c in QApplication::notify () from /usr/lib/libqt-mt.so.3
#38 0xb74d5ae7 in KApplication::notify () from /usr/lib/libkdecore.so.4
#39 0xb6de5013 in QEventLoop::activateTimers () from /usr/lib/libqt-mt.so.3
#40 0xb6d9f5d8 in QEventLoop::processEvents () from /usr/lib/libqt-mt.so.3
#41 0xb6e04bf2 in QEventLoop::enterLoop () from /usr/lib/libqt-mt.so.3
#42 0xb6e04b16 in QEventLoop::exec () from /usr/lib/libqt-mt.so.3
#43 0xb6deeea1 in QApplication::exec () from /usr/lib/libqt-mt.so.3
#44 0xb7f83f79 in kdemain () from /usr/lib/libkdeinit_konqueror.so
#45 0xb7cb1ea2 in __libc_start_main () from /lib/tls/i686/cmov/libc.so.6

Revision history for this message
Tobi Vollebregt (tobivollebregt) wrote :

Sorry, I forgot to say I'm using Breezy Colony 3 fresh install, changed to Kubuntu by apt-get install kubuntu-desktop,
with upgrades until August 23th.

KDE 3.4.2
Konqueror 3.4.1
X Window System Version 6.8.2 (Ubuntu 6.8.2-53 20050820201910 <email address hidden>)

Revision history for this message
Daniel Stone (daniels) wrote :

I'm going to go out on a limb and say that libX11 probably doesn't have
hideously broken race conditions. What it does, however, have is terrible and
unfriendly locking code, that will break if you sneeze on it incorrectly.
Reassigning to Konq, as this looks like a double-XUD().

Revision history for this message
Daniel Stone (daniels) wrote :

ah, rather, XStringToKeysym(). hm. broken threaded app?

Revision history for this message
Carthik Sharma (carthik) wrote :

Is this still a bug when using the latest Dapper packages?

If someone knows that it is not, or that this has been fixed by a later upgrade, can we please close this bug?

Thank you for reporting this bug.

Frode M. Døving (frode)
Changed in kdebase:
assignee: jr → kubuntu-team
Revision history for this message
Carthik Sharma (carthik) wrote :

Fixed by not using kaffeine any more with konqueror.

Please reopen this bug if you think it has been closed in error.

Thank you for reporting this bug.

Changed in kdebase:
status: Unconfirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.