Bug 125206

Summary: [site-issue] konqueror crashes at dom_nodeimpl.cpp:804 on site novinky.cz
Product: [Applications] konqueror Reporter: kavol <kavol>
Component: khtmlAssignee: Konqueror Developers <konq-bugs>
Status: RESOLVED FIXED    
Severity: crash CC: lex.lists, maksim
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Gentoo Packages   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: console log

Description kavol 2006-04-09 10:03:26 UTC 
Version:            (using KDE KDE 3.5.2)
Installed from:    Gentoo Packages
Compiler:          gcc version 3.4.5 (Gentoo 3.4.5, ssp-3.4.5-1.0, pie-8.7.9) 
OS:                Linux

Hello,

I have one nasty crash here. Maybe it is duplicate of bug 89277, but
a) bug 89277 is for KDE 3.3, and meanwhile (in 3.4.x) it worked for me
b) I see no common point between the trace in bug 89277 and my output

So here it goes ...

Since I use Gentoo, I recompiled konqueror using:

# FEATURES="nostrip" USE="debug" emerge --oneshot konqueror

Then I run

$ konqueror http://www.novinky.cz/

and got the following console output:

kio (KSycoca): Trying to open ksycoca from /var/tmp/kdecache-pes/ksycoca
kio (KTrader): query for KURIFilter/Plugin : returning 4 offers
konqueror: KonqMisc::createNewWindow url=http://www.novinky.cz/
konqueror: void KonqMisc::createBrowserWindowFromProfile()
konqueror: path=/usr/kde/3.5/share/apps/konqueror/profiles/webbrowsing,filename=webbrowsing,url=http://www.novinky.cz/
kio (KTrader): query for Browser/View : returning 31 offers
libkonq: ## loaded: 500 entries.
kdecore (KConfigSkeleton): Creating KConfigSkeleton (0x9328f0)
kdecore (KConfigSkeleton): KConfigSkeleton::readConfig()
konqueror: KonqMainWindow::enableAllActions false
kparts: found KParts Plugin : /usr/kde/3.5/share/apps/konqueror/kpartplugins/searchbar.rc
kparts: load plugin searchbar
kurifilter (plugins): (22877) Keywords Engine: Loading config...
kurifilter (plugins): (22877) Keyword Delimiter: :
kurifilter (plugins): (22877) Default Search Engine:
kurifilter (plugins): (22877) Web Shortcuts Enabled: true
kurifilter (plugins): (22877) Verbose: false
kio (KTrader): query for SearchProvider : returning 1 offers
kurifilter (plugins): (22877) user query = 'some keyword'
kurifilter (plugins): (22877) query definition = 'http://www.google.com/search?q=\{@}&ie=UTF-8&oe=UTF-8'
kurifilter (plugins): (22877) Generating substitution map:
kurifilter (plugins): (22877)   map['0'] = 'some keyword'
kurifilter (plugins): (22877)   map['1'] = 'some'
kurifilter (plugins): (22877)   map['2'] = 'keyword'
kurifilter (plugins): (22877) Substitute references:
kurifilter (plugins): (22877)   reference list = '@'
kurifilter (plugins): (22877)   newurl = 'http://www.google.com/search?q=\@&ie=UTF-8&oe=UTF-8'
kurifilter (plugins): (22877)     rest = 'some keyword'
kurifilter (plugins): (22877) substituted query = 'http://www.google.com/search?q=some+keyword&ie=UTF-8&oe=UTF-8'
kparts: MainWindow::createGUI, part=(nil)
kparts: found KParts Plugin : /usr/kde/3.5/share/apps/konqueror/kpartplugins/searchbar.rc
konqueror: KonqViewManager::clear
konqueror: Trying to create view for "KonqAboutPage"
kio (KTrader): query for KonqAboutPage, KParts/ReadOnlyPart : returning 1 offers
konqueror: Found requested service konq_aboutpage
konqueror: Trying to open lib for requested service konq_aboutpage
konqueror: KonqViewManager::setupView passiveMode=false
konqueror: KonqView::switchView
kparts: found KParts Plugin : /usr/kde/3.5/share/apps/khtml/kpartplugins/akregator_konqfeedicon.rc
kparts: found KParts Plugin : /usr/kde/3.5/share/apps/khtml/kpartplugins/autorefresh.rc
kparts: found KParts Plugin : /usr/kde/3.5/share/apps/khtml/kpartplugins/crashesplugin.rc
kparts: found KParts Plugin : /usr/kde/3.5/share/apps/khtml/kpartplugins/khtmlkttsd.rc
kparts: found KParts Plugin : /usr/kde/3.5/share/apps/khtml/kpartplugins/khtmlsettingsplugin.rc
kparts: found KParts Plugin : /usr/kde/3.5/share/apps/khtml/kpartplugins/mf_konqmficon.rc
kparts: found KParts Plugin : /usr/kde/3.5/share/apps/khtml/kpartplugins/minitoolsplugin.rc
kparts: found KParts Plugin : /usr/kde/3.5/share/apps/khtml/kpartplugins/plugin_babelfish.rc
kparts: found KParts Plugin : /usr/kde/3.5/share/apps/khtml/kpartplugins/plugin_domtreeviewer.rc
kparts: found KParts Plugin : /usr/kde/3.5/share/apps/khtml/kpartplugins/plugin_rellinks.rc
kparts: found KParts Plugin : /usr/kde/3.5/share/apps/khtml/kpartplugins/plugin_validators.rc
kparts: found KParts Plugin : /usr/kde/3.5/share/apps/khtml/kpartplugins/plugin_webarchiver.rc
kparts: found KParts Plugin : /usr/kde/3.5/share/apps/khtml/kpartplugins/uachangerplugin.rc
kparts: load plugin konqfeedicon
kparts: load plugin khtmlkttsdplugin
konqueror: KHTMLPLuginKTTSD::KHTMLPluginKTTSD: KTrader did not find KTTSD.
kparts: load plugin khtmlsettingsplugin
kparts: load plugin Minitools
kparts: load plugin babelfish
kparts: load plugin webarchiver
kparts: load plugin UserAgentChanger
konqueror: KonqMainWindow::insertChildView 0x9aab10
konqueror: KonqMainWindow::enableAllActions true
konqueror: KonqMainWindow::viewCountChanged
kparts: 0x82ec30 emitting activePartChanged 0x9ab6f0
konqueror: KonqMainWindow::slotPartActivated 0x9ab6f0 khtml
konqueror: New current view 0x9aab10
kparts: MainWindow::createGUI, part=0x9ab6f0 KonqAboutPage
konqueror: KonqMainWindow::setLocationBarURL: url =
konqueror: KonqMainWindow::openURL : url = 'http://www.novinky.cz/'  serviceType=' req=[forceAutoEmbed]' view=0x9aab10
konqueror: trying openView for http://www.novinky.cz/ (serviceType )
konqueror: setLocationBarURL : url = http://www.novinky.cz/
konqueror: KonqMainWindow::setLocationBarURL: url = http://www.novinky.cz/
konqueror: Creating new konqrun for http://www.novinky.cz/ req.typedURL=
kparts: BrowserRun::scanfile http://www.novinky.cz/
kparts: slotBrowserMimetype: found text/html for http://www.novinky.cz/
kio (KIOJob): Job::kill this=0x81ba20 KIO::TransferJob m_progressId=0 quietly=true
kio (KTrader): KServiceTypeProfile::offers serviceType=text/html genericServiceType=Application
konqueror: KonqMainWindow::openView text/html http://www.novinky.cz/ 0x9aab10 req:[forceAutoEmbed]
konqueror: changeViewMode: serviceType is text/html serviceName is  current service name is konq_aboutpage
konqueror: Switching view modes...
konqueror: Trying to create view for "text/html"
kio (KTrader): KServiceTypeProfile::offers serviceType=text/html genericServiceType=Application
kio (KTrader): query for text/html, Application : returning 2 offers
kio (KTrader): KServiceTypeProfile::offers serviceType=text/html genericServiceType=KParts/ReadOnlyPart
kio (KTrader): query for text/html, KParts/ReadOnlyPart : returning 3 offers
konqueror: khtml : X-KDE-BrowserView-AllowAsDefault is valid : false
konqueror: KonqView::switchView
kparts: found KParts Plugin : /usr/kde/3.5/share/apps/khtml/kpartplugins/akregator_konqfeedicon.rc
kparts: found KParts Plugin : /usr/kde/3.5/share/apps/khtml/kpartplugins/autorefresh.rc
kparts: found KParts Plugin : /usr/kde/3.5/share/apps/khtml/kpartplugins/crashesplugin.rc
kparts: found KParts Plugin : /usr/kde/3.5/share/apps/khtml/kpartplugins/khtmlkttsd.rc
kparts: found KParts Plugin : /usr/kde/3.5/share/apps/khtml/kpartplugins/khtmlsettingsplugin.rc
kparts: found KParts Plugin : /usr/kde/3.5/share/apps/khtml/kpartplugins/mf_konqmficon.rc
kparts: found KParts Plugin : /usr/kde/3.5/share/apps/khtml/kpartplugins/minitoolsplugin.rc
kparts: found KParts Plugin : /usr/kde/3.5/share/apps/khtml/kpartplugins/plugin_babelfish.rc
kparts: found KParts Plugin : /usr/kde/3.5/share/apps/khtml/kpartplugins/plugin_domtreeviewer.rc
kparts: found KParts Plugin : /usr/kde/3.5/share/apps/khtml/kpartplugins/plugin_rellinks.rc
kparts: found KParts Plugin : /usr/kde/3.5/share/apps/khtml/kpartplugins/plugin_validators.rc
kparts: found KParts Plugin : /usr/kde/3.5/share/apps/khtml/kpartplugins/plugin_webarchiver.rc
kparts: found KParts Plugin : /usr/kde/3.5/share/apps/khtml/kpartplugins/uachangerplugin.rc
kparts: load plugin konqfeedicon
kparts: load plugin khtmlkttsdplugin
konqueror: KHTMLPLuginKTTSD::KHTMLPluginKTTSD: KTrader did not find KTTSD.
kparts: load plugin khtmlsettingsplugin
kparts: load plugin Minitools
kparts: load plugin babelfish
kparts: load plugin webarchiver
kparts: load plugin UserAgentChanger
konqueror: KonqMainWindow::slotPartChanged
konqueror: KonqMainWindow::setLocationBarURL: url = http://www.novinky.cz/
kparts: 0x82ec30 emitting activePartChanged 0xc36780
konqueror: KonqMainWindow::slotPartActivated 0xc36780 khtml
konqueror: New current view 0x9aab10
kparts: MainWindow::createGUI, part=0xc36780 KHTMLPart
kparts: deactivating GUI for 0x9ab6f0 KonqAboutPage
konqueror: KonqMainWindow::setLocationBarURL: url = http://www.novinky.cz/
kparts: Part::~Part 0x9ab6f0
kparts: deleting widget [KHTMLView pointer (0xa9a450) to widget view widget, geometry=1276x844+0+0] view widget
konqueror: KonqView::openURL url=http://www.novinky.cz/ locationBarURL=http://www.novinky.cz/
konqueror: KonqMainWindow::setLocationBarURL: url = http://www.novinky.cz/
khtml (part): KHTMLPart(0xc36780)::openURL http://www.novinky.cz/
khtml (part): saveState this=0xc36780 '' saving URL http://www.novinky.cz/
libkonq: ## addToHistory: http://www.novinky.cz/ Typed URL: http://www.novinky.cz/, Title:
konqueror: KonqMainWindow::openView ok=true bOthersFollowed=false returning true
kio (Scheduler): Resume metadata is ''
kio (Scheduler): HOLD: Reusing held slave for http://www.novinky.cz/
konqueror: KonqMainWindow::slotRunFinished()
khtml (html):  using transitional parseMode
konqueror: KonqMainWindow::setCaption(Novinky)
khtml (frames & objects): RenderPartObject::partLoadingErrorNotify serviceType=application/x-shockwave-flash
khtml (frames & objects): RenderPartObject::partLoadingErrorNotify serviceType=application/x-shockwave-flash
konqueror: dom_nodeimpl.cpp:804: virtual void DOM::NodeImpl::attach(): Předpoklad `!attached()' nesplněn.
KCrash: crashing... crashRecursionCounter = 2
KCrash: Application Name = konqueror path = <unknown> pid = 22877


The crashandler backtrace (which does not seem any useful to me) says:

Using host libthread_db library "/lib/tls/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread 46912569705152 (LWP 22877)]
0x00002aaaaef3b262 in nanosleep () from /lib/tls/libc.so.6
#0  0x00002aaaaef3b262 in nanosleep () from /lib/tls/libc.so.6
#1  0x00002aaaaef3b100 in sleep () from /lib/tls/libc.so.6
#2  0x00002aaaac01c60c in KCrash::startDrKonqi (argv=0x7fffffac6800, argc=17)
    at kcrash.cpp:311
#3  0x00002aaaac03fbd8 in KCrash::defaultCrashHandler (sig=5314208)
    at kcrash.cpp:228
#4  0x00002aaaaeedd890 in killpg () from /lib/tls/libc.so.6
#5  0x0000000000000000 in ?? ()
Comment 1 Tommi Tervo 2006-09-08 14:18:26 UTC 
No crash for me (3.5.2 and svn r581k)
Comment 2 kavol 2006-09-21 15:14:00 UTC 
Konqueror 3.5.4 just crashed after entering the page http://www.novinky.cz/krimi/kradeny-automobil-zastavila-policie-strelbou_96373_51gdh.html

unfortunately, I have not compiled with debug this time so the backtrace says nothing and the crash is not reproducible (maybe because of some replaced advertisement?)
Comment 3 lexual 2006-10-20 00:27:40 UTC 
I can open both of the above links in 3.5.5 with no crash.
Comment 4 kavol 2006-11-02 13:20:20 UTC 
Created attachment 18364 [details]
console log

with Konqueror 3.5.5, it crashes for me just after opening the site home page
http://www.novinky.cz/

unfortunatelly I cannot produce any reasonable backtrace (recompiling kdelibs
and konqueror with USE debug and FEATURES nostrip won't help, only the messages
"cannot find debugging symbols" disappear)

if you cannot reproduce, please see the log if the page loads the same objects
(as stated before, the cause may be some replaced content)

btw, it happens on AMD64, right now I can't verify on x86 ... and meanwhile I
upgraded to gcc 4.1.1
Comment 5 kavol 2006-12-01 11:16:56 UTC 
just another crash, this time providing better backtrace ...

Using host libthread_db library "/lib/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread 47345609012480 (LWP 15946)]
[KCrash handler]
#5  0x00002b0f82150575 in raise () from /lib/libc.so.6
#6  0x00002b0f8215177e in abort () from /lib/libc.so.6
#7  0x00002b0f82149eb6 in __assert_fail () from /lib/libc.so.6
#8  0x00002b0f83927baa in DOM::NodeImpl::attach (this=0x1c26b30)
    at dom_nodeimpl.cpp:839
#9  0x00002b0f83927bce in DOM::NodeBaseImpl::attach (this=0x1c272e0)
    at dom_nodeimpl.cpp:1391
#10 0x00002b0f83927bce in DOM::NodeBaseImpl::attach (this=0xf33a30)
    at dom_nodeimpl.cpp:1391
#11 0x00002b0f83927bce in DOM::NodeBaseImpl::attach (this=0x1ae8ff0)
    at dom_nodeimpl.cpp:1391
#12 0x00002b0f8393eb8d in DOM::NodeBaseImpl::appendChild (this=0x19d6e80, 
    newChild=0x1ae8ff0, exceptioncode=@0x7fff2c967c8c) at dom_nodeimpl.cpp:1297
#13 0x00002b0f83a8dcd9 in DOM::Node::appendChild (this=<value optimized out>, 
    newChild=@0x7fff2c967e40) at dom_node.cpp:296
#14 0x00002b0f83a431df in KJS::DOMNodeProtoFunc::tryCall (
    this=<value optimized out>, exec=0x7fff2c968ef0, thisObj=@0x7fff2c9685e0, 
    args=<value optimized out>) at kjs_dom.cpp:576
#15 0x00002b0f83a698c4 in KJS::DOMFunction::call (this=0x3e4a, exec=0x6, 
    thisObj=@0xffffffffffffffff, args=@0x2b0f8234f500) at kjs_binding.cpp:136
#16 0x00002b0f83ce83a8 in KJS::Object::call (this=<value optimized out>, 
    exec=0x7fff2c968ef0, thisObj=@0xffffffffffffffff, args=@0x2b0f8234f500)
    at object.cpp:73
#17 0x00002b0f83d01444 in KJS::FunctionCallNode::evaluate (
    this=<value optimized out>, exec=0x7fff2c968ef0) at nodes.cpp:870
#18 0x00002b0f83ceabd3 in KJS::ExprStatementNode::execute (this=0x1a078e0, 
    exec=0x7fff2c968ef0) at nodes.cpp:1980
#19 0x00002b0f83cea9f8 in KJS::IfNode::execute (this=0x1a07930, 
    exec=0x7fff2c968ef0) at nodes.cpp:2028
#20 0x00002b0f83ce9766 in KJS::SourceElementsNode::execute (this=0x1, 
    exec=0x7fff2c968ef0) at nodes.cpp:3097
#21 0x00002b0f83cdb16e in KJS::BlockNode::execute (this=0x12e1d70, 
    exec=0x7fff2c968ef0) at nodes.cpp:1942
#22 0x00002b0f83ceaa9a in KJS::IfNode::execute (this=0x12e1dc0, 
    exec=0x7fff2c968ef0) at nodes.cpp:2021
#23 0x00002b0f83ce961c in KJS::SourceElementsNode::execute (this=0x12e1e20, 
    exec=0x7fff2c968ef0) at nodes.cpp:3091
#24 0x00002b0f83cdb16e in KJS::BlockNode::execute (this=0x12e1e70, 
    exec=0x7fff2c968ef0) at nodes.cpp:1942
#25 0x00002b0f83cecb6b in KJS::ForInNode::execute (this=0xb14c60, 
    exec=0x7fff2c968ef0) at nodes.cpp:2306
#26 0x00002b0f83ce961c in KJS::SourceElementsNode::execute (this=0xb14cd0, 
    exec=0x7fff2c968ef0) at nodes.cpp:3091
#27 0x00002b0f83cdb16e in KJS::BlockNode::execute (this=0xb14d20, 
    exec=0x7fff2c968ef0) at nodes.cpp:1942
#28 0x00002b0f83ce2f68 in KJS::DeclaredFunctionImp::execute (
    this=<value optimized out>, exec=0x6) at function.cpp:588
#29 0x00002b0f83cee6bb in KJS::FunctionImp::call (this=0x10909c0, 
    exec=0x7fff2c9694a0, thisObj=@0x7fff2c969090, args=@0x7fff2c969070)
    at function.cpp:363
#30 0x00002b0f83ce83a8 in KJS::Object::call (this=<value optimized out>, 
    exec=0x7fff2c9694a0, thisObj=@0xffffffffffffffff, args=@0x2b0f8234f500)
    at object.cpp:73
#31 0x00002b0f83d01444 in KJS::FunctionCallNode::evaluate (
    this=<value optimized out>, exec=0x7fff2c9694a0) at nodes.cpp:870
#32 0x00002b0f83ceabd3 in KJS::ExprStatementNode::execute (this=0x15745f0, 
    exec=0x7fff2c9694a0) at nodes.cpp:1980
#33 0x00002b0f83ce961c in KJS::SourceElementsNode::execute (this=0xf4a690, 
    exec=0x7fff2c9694a0) at nodes.cpp:3091
#34 0x00002b0f83cdb16e in KJS::BlockNode::execute (this=0xbe0930, 
    exec=0x7fff2c9694a0) at nodes.cpp:1942
#35 0x00002b0f83d0001b in KJS::InterpreterImp::evaluate (this=0x12e1970, 
    code=<value optimized out>, thisV=@0x7fff2c969680) at internal.cpp:904
#36 0x00002b0f83d003cd in KJS::Interpreter::evaluate (
    this=<value optimized out>, code=@0x6, thisV=@0xffffffffffffffff)
    at interpreter.cpp:166
#37 0x00002b0f83a69510 in KJS::KJSProxyImpl::evaluate (this=0x14f8c00, 
    filename=<value optimized out>, baseLine=<value optimized out>, 
    str=@0x7fff2c969b20, n=@0x7fff2c9698f0, completion=0x7fff2c969770)
    at kjs_proxy.cpp:164
#38 0x00002b0f838f03de in KHTMLPart::executeScript (this=0xb7b8a0, 
    filename=@0x7fff2c969900, baseLine=909, n=@0x7fff2c9698f0, 
    script=@0x7fff2c969b20) at khtml_part.cpp:1155
#39 0x00002b0f8396bc67 in khtml::HTMLTokenizer::scriptExecution (
    this=0xd5df30, str=@0x7fff2c969b20, scriptURL=<value optimized out>, 
    baseLine=908) at htmltokenizer.cpp:452
#40 0x00002b0f8396ed84 in khtml::HTMLTokenizer::scriptHandler (this=0xd5df30)
    at htmltokenizer.cpp:416
#41 0x00002b0f8396f710 in khtml::HTMLTokenizer::parseSpecial (this=0xd5df30, 
    src=@0xd5e4b8) at htmltokenizer.cpp:332
#42 0x00002b0f8397075d in khtml::HTMLTokenizer::parseTag (this=0xd5df30, 
    src=@0xd5e4b8) at htmltokenizer.cpp:1204
#43 0x00002b0f839717b1 in khtml::HTMLTokenizer::write (this=0xd5df30, 
    str=@0x7fff2c96a340, appendData=<value optimized out>)
    at htmltokenizer.cpp:1450
#44 0x00002b0f8396bebe in khtml::HTMLTokenizer::notifyFinished (this=0xd5df30)
    at htmltokenizer.cpp:1761
#45 0x00002b0f83a0afc8 in khtml::CachedScript::checkNotify (this=0x1370960)
    at loader.cpp:369
#46 0x00002b0f83a0d718 in khtml::CachedScript::data (this=0x1370960, 
    buffer=<value optimized out>, eof=<value optimized out>) at loader.cpp:361
#47 0x00002b0f83a0aae1 in khtml::Loader::slotFinished (this=0x9eb150, 
    job=0x1d33020) at loader.cpp:1171
#48 0x00002b0f83a0ac4e in khtml::Loader::qt_invoke (this=0x9eb150, _id=2, 
    _o=0x7fff2c96a660) at loader.moc:260
#49 0x00002b0f7fc5d6fc in QObject::activate_signal ()
   from /usr/qt/3/lib64/libqt-mt.so.3
#50 0x00002b0f7e505bd5 in KIO::Job::result (this=<value optimized out>, 
    t0=0x1d33020) at jobclasses.moc:162
#51 0x00002b0f7e52040b in KIO::Job::emitResult (this=0x1d33020) at job.cpp:226
#52 0x00002b0f7e52e29c in KIO::SimpleJob::slotFinished (this=0x1d33020)
    at job.cpp:574
#53 0x00002b0f7e538c6f in KIO::TransferJob::slotFinished (this=0x1d33020)
    at job.cpp:944
#54 0x00002b0f7e51ec5f in KIO::TransferJob::qt_invoke (this=0x1d33020, _id=17, 
    _o=0x7fff2c96ab40) at jobclasses.moc:1071
#55 0x00002b0f7fc5d6fc in QObject::activate_signal ()
   from /usr/qt/3/lib64/libqt-mt.so.3
#56 0x00002b0f7fc5e3a3 in QObject::activate_signal ()
   from /usr/qt/3/lib64/libqt-mt.so.3
#57 0x00002b0f7e52f91b in KIO::SlaveInterface::dispatch (this=0xbb3fd0, 
    _cmd=104, rawdata=@0x7fff2c96ae80) at slaveinterface.cpp:243
#58 0x00002b0f7e51ffb0 in KIO::SlaveInterface::dispatch (this=0xbb3fd0)
    at slaveinterface.cpp:173
#59 0x00002b0f7e51518d in KIO::Slave::gotInput (this=0xbb3fd0) at slave.cpp:300
#60 0x00002b0f7e531ebd in KIO::Slave::qt_invoke (this=0xbb3fd0, _id=4, 
    _o=0x7fff2c96afd0) at slave.moc:113
#61 0x00002b0f7fc5d6fc in QObject::activate_signal ()
   from /usr/qt/3/lib64/libqt-mt.so.3
#62 0x00002b0f7fc5e2d5 in QObject::activate_signal ()
   from /usr/qt/3/lib64/libqt-mt.so.3
#63 0x00002b0f7fc77e3b in QSocketNotifier::event ()
   from /usr/qt/3/lib64/libqt-mt.so.3
#64 0x00002b0f7fc07565 in QApplication::internalNotify ()
   from /usr/qt/3/lib64/libqt-mt.so.3
#65 0x00002b0f7fc08167 in QApplication::notify ()
   from /usr/qt/3/lib64/libqt-mt.so.3
#66 0x00002b0f7f043db1 in KApplication::notify (this=0x7fff2c96b560, 
    receiver=0xbb3ec0, event=0x7fff2c96b2b0) at kapplication.cpp:550
#67 0x00002b0f7fbfd76b in QEventLoop::activateSocketNotifiers ()
   from /usr/qt/3/lib64/libqt-mt.so.3
#68 0x00002b0f7fbbe9d3 in QEventLoop::processEvents ()
   from /usr/qt/3/lib64/libqt-mt.so.3
#69 0x00002b0f7fc1bd42 in QEventLoop::enterLoop ()
   from /usr/qt/3/lib64/libqt-mt.so.3
#70 0x00002b0f7fc1bbf2 in QEventLoop::exec ()
   from /usr/qt/3/lib64/libqt-mt.so.3
#71 0x00002b0f825eae47 in kdemain (argc=<value optimized out>, 
    argv=<value optimized out>) at konq_main.cc:206
#72 0x00000000004072b2 in launch (argc=4, _name=0x5c72b8 "konqueror", 
    args=0x5c7301 "", cwd=0x5c7302 "/home/kavol", envc=52, envs=0x5c7bd7 "", 
    reset_env=true, tty=0x0, avoid_loops=false, 
    startup_id_str=0x5c7be0 "jarmilka;1164961467;829346;2685_TIME1025327999")
    at kinit.cpp:673
#73 0x0000000000407f64 in handle_launcher_request (sock=5) at kinit.cpp:1240
#74 0x000000000040866c in handle_requests (waitForPid=0) at kinit.cpp:1433
#75 0x0000000000408d33 in main (argc=2, argv=<value optimized out>, 
    envp=0x7fff2c96c720) at kinit.cpp:1909
Comment 6 Daniel Hahler 2007-02-18 00:47:44 UTC 
Could not reproduce the crash with KDE 3.5.6 on Ubuntu Feisty.
Comment 7 lexual 2007-02-24 21:59:22 UTC 
Is the reporter sure this isn't due to the compile flags they are using.
I can't reproduce with debian 3.5.6.
Comment 8 Maksim Orlovich 2007-02-24 22:10:41 UTC 
As this is an assertion failure, it can only occur in debug builds, which most packages aren't.
Comment 9 kavol 2007-02-24 23:03:14 UTC 
> As this is an assertion failure, it can only occur in debug builds,
> which most packages aren't. 

as I have written within the initial post, I've intentionally recompiled konqueror with debug enabled to get some info - but it crashed even with the "default" compile options

if I will experience problems with 3.5.6, I'll report here - but right now I am not going to upgrade, sorry ... and the other thing is that the cause of the crash is, most probably, some of the replaced content, so it is hard to catch (even with 3.5.5 it does not occured for me for a long time) - I tried to save the page using other browsers and wget to get you some material to study but Konqueror had no problems opening the offline version ...
Comment 10 kavol 2007-12-26 23:38:04 UTC 
and once again, the crash is here, this time Konqueror 3.5.8
gcc version 4.1.2 (Gentoo 4.1.2 p1.0.2)


Using host libthread_db library "/lib/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread 0x2b93e0438190 (LWP 12956)]
[KCrash handler]
#5  0x00002b93e01253c5 in *__GI_raise (sig=<value optimized out>)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#6  0x00002b93e012673e in *__GI_abort () at abort.c:88
#7  0x00002b93e011eb1f in *__GI___assert_fail (
    assertion=0x2b93e2236cfd "!attached()", 
    file=0x2b93e2236cec "dom_nodeimpl.cpp", line=835, 
    function=0x2b93e2238180 "virtual void DOM::NodeImpl::attach()")
    at assert.c:78
#8  0x00002b93e2097e2a in DOM::NodeImpl::attach (this=0xf4cc00)
    at dom_nodeimpl.cpp:835
#9  0x00002b93e2097e4e in DOM::NodeBaseImpl::attach (this=0xf9fbc0)
    at dom_nodeimpl.cpp:1402
#10 0x00002b93e2097e4e in DOM::NodeBaseImpl::attach (this=0x1184800)
    at dom_nodeimpl.cpp:1402
#11 0x00002b93e2097e4e in DOM::NodeBaseImpl::attach (this=0xfdd7a0)
    at dom_nodeimpl.cpp:1402
#12 0x00002b93e20aef6c in DOM::NodeBaseImpl::appendChild (this=0x10ea5c0, 
    newChild=0xfdd7a0, exceptioncode=@0x7fffd0751bdc) at dom_nodeimpl.cpp:1308
#13 0x00002b93e2216bbb in DOM::Node::appendChild (this=<value optimized out>, 
    newChild=@0x7fffd0751d90) at dom_node.cpp:296
#14 0x00002b93e21bddaf in KJS::DOMNodeProtoFunc::tryCall (
    this=<value optimized out>, exec=0x7fffd0752f50, thisObj=@0x7fffd0752530, 
    args=<value optimized out>) at kjs_dom.cpp:582
#15 0x00002b93e21e5994 in KJS::DOMFunction::call (this=0x329c, exec=0x6, 
    thisObj=@0xffffffffffffffff, args=@0x0) at kjs_binding.cpp:136
#16 0x00002b93e258c338 in KJS::Object::call (this=<value optimized out>, 
    exec=0x7fffd0752f50, thisObj=@0xffffffffffffffff, args=@0x0)
    at object.cpp:73
#17 0x00002b93e25a57d4 in KJS::FunctionCallNode::evaluate (
    this=<value optimized out>, exec=0x7fffd0752f50) at nodes.cpp:870
#18 0x00002b93e258ebc3 in KJS::ExprStatementNode::execute (this=0xeadd30, 
    exec=0x7fffd0752f50) at nodes.cpp:1980
#19 0x00002b93e258d60c in KJS::SourceElementsNode::execute (this=0xeadd80, 
    exec=0x7fffd0752f50) at nodes.cpp:3108
#20 0x00002b93e257ed3e in KJS::BlockNode::execute (this=0xe3c9e0, 
    exec=0x7fffd0752f50) at nodes.cpp:1942
#21 0x00002b93e258e9e8 in KJS::IfNode::execute (this=0x11a9660, 
    exec=0x7fffd0752f50) at nodes.cpp:2028
#22 0x00002b93e258d756 in KJS::SourceElementsNode::execute (this=0x1, 
    exec=0x7fffd0752f50) at nodes.cpp:3114
#23 0x00002b93e257ed3e in KJS::BlockNode::execute (this=0xa97d20, 
    exec=0x7fffd0752f50) at nodes.cpp:1942
#24 0x00002b93e258ea8a in KJS::IfNode::execute (this=0xacfae0, 
    exec=0x7fffd0752f50) at nodes.cpp:2021
#25 0x00002b93e258d60c in KJS::SourceElementsNode::execute (this=0xa97d70, 
    exec=0x7fffd0752f50) at nodes.cpp:3108
#26 0x00002b93e257ed3e in KJS::BlockNode::execute (this=0xa786e0, 
    exec=0x7fffd0752f50) at nodes.cpp:1942
#27 0x00002b93e2590b59 in KJS::ForInNode::execute (this=0xa920b0, 
    exec=0x7fffd0752f50) at nodes.cpp:2306
#28 0x00002b93e258d60c in KJS::SourceElementsNode::execute (this=0xa78730, 
    exec=0x7fffd0752f50) at nodes.cpp:3108
#29 0x00002b93e257ed3e in KJS::BlockNode::execute (this=0xacfee0, 
    exec=0x7fffd0752f50) at nodes.cpp:1942
#30 0x00002b93e2586d18 in KJS::DeclaredFunctionImp::execute (
    this=<value optimized out>, exec=0x6) at function.cpp:613
#31 0x00002b93e25926ab in KJS::FunctionImp::call (this=0xaada00, 
    exec=0x7fffd0753500, thisObj=@0x7fffd07530f0, args=@0x7fffd07530d0)
    at function.cpp:373
#32 0x00002b93e258c338 in KJS::Object::call (this=<value optimized out>, 
    exec=0x7fffd0753500, thisObj=@0xffffffffffffffff, args=@0x0)
    at object.cpp:73
#33 0x00002b93e25a57d4 in KJS::FunctionCallNode::evaluate (
    this=<value optimized out>, exec=0x7fffd0753500) at nodes.cpp:870
#34 0x00002b93e258ebc3 in KJS::ExprStatementNode::execute (this=0xff0750, 
    exec=0x7fffd0753500) at nodes.cpp:1980
#35 0x00002b93e258d60c in KJS::SourceElementsNode::execute (this=0x1103ed0, 
    exec=0x7fffd0753500) at nodes.cpp:3108
#36 0x00002b93e257ed3e in KJS::BlockNode::execute (this=0x119ffe0, 
    exec=0x7fffd0753500) at nodes.cpp:1942
#37 0x00002b93e25a43ab in KJS::InterpreterImp::evaluate (this=0xa7ec40, 
    code=<value optimized out>, thisV=@0x7fffd07536e0) at internal.cpp:904
#38 0x00002b93e25a475d in KJS::Interpreter::evaluate (
    this=<value optimized out>, code=@0x6, thisV=@0xffffffffffffffff)
    at interpreter.cpp:166
#39 0x00002b93e21e55e0 in KJS::KJSProxyImpl::evaluate (this=0xcd6990, 
    filename=<value optimized out>, baseLine=<value optimized out>, 
    str=@0x7fffd0753b80, n=@0x7fffd0753950, completion=0x7fffd07537d0)
    at kjs_proxy.cpp:164
#40 0x00002b93e20601be in KHTMLPart::executeScript (this=0xc56400, 
    filename=@0x7fffd0753960, baseLine=615, n=@0x7fffd0753950, 
    script=@0x7fffd0753b80) at khtml_part.cpp:1155
#41 0x00002b93e20dc277 in khtml::HTMLTokenizer::scriptExecution (
    this=0xf0d7a0, str=@0x7fffd0753b80, scriptURL=<value optimized out>, 
    baseLine=614) at htmltokenizer.cpp:452
#42 0x00002b93e20df3f4 in khtml::HTMLTokenizer::scriptHandler (this=0xf0d7a0)
    at htmltokenizer.cpp:416
#43 0x00002b93e20dfd6e in khtml::HTMLTokenizer::parseSpecial (this=0xf0d7a0, 
    src=@0xf0dd28) at htmltokenizer.cpp:332
#44 0x00002b93e20e0dbd in khtml::HTMLTokenizer::parseTag (this=0xf0d7a0, 
    src=@0xf0dd28) at htmltokenizer.cpp:1211
#45 0x00002b93e20e1e11 in khtml::HTMLTokenizer::write (this=0xf0d7a0, 
    str=@0x7fffd07543a0, appendData=<value optimized out>)
    at htmltokenizer.cpp:1457
#46 0x00002b93e20dc4ce in khtml::HTMLTokenizer::notifyFinished (this=0xf0d7a0)
    at htmltokenizer.cpp:1768
#47 0x00002b93e217ced8 in khtml::CachedScript::checkNotify (this=0x1036ae0)
    at loader.cpp:369
#48 0x00002b93e217f738 in khtml::CachedScript::data (this=0x1036ae0, 
    buffer=<value optimized out>, eof=<value optimized out>) at loader.cpp:361
#49 0x00002b93e217c9f1 in khtml::Loader::slotFinished (this=0xa53720, 
    job=0xc15fa0) at loader.cpp:1205
#50 0x00002b93e217cb5e in khtml::Loader::qt_invoke (this=0xa53720, _id=2, 
    _o=0x7fffd07546c0) at loader.moc:260
#51 0x00002b93dc9c224c in QObject::activate_signal (this=0xc15fa0, 
    clist=<value optimized out>, o=0x7fffd07546c0) at kernel/qobject.cpp:2356
#52 0x00002b93da92e1b5 in KIO::Job::result (this=<value optimized out>, 
    t0=0xc15fa0) at jobclasses.moc:162
#53 0x00002b93da948dbb in KIO::Job::emitResult (this=0xc15fa0) at job.cpp:235
#54 0x00002b93da956e3c in KIO::SimpleJob::slotFinished (this=0xc15fa0)
    at job.cpp:601
#55 0x00002b93da96185f in KIO::TransferJob::slotFinished (this=0xc15fa0)
    at job.cpp:971
#56 0x00002b93da9475af in KIO::TransferJob::qt_invoke (this=0xc15fa0, _id=17, 
    _o=0x7fffd0754ba0) at jobclasses.moc:1071
#57 0x00002b93dc9c224c in QObject::activate_signal (this=0xcbb000, 
    clist=<value optimized out>, o=0x7fffd0754ba0) at kernel/qobject.cpp:2356
#58 0x00002b93dc9c2ef3 in QObject::activate_signal (this=0x329c, 
    signal=<value optimized out>) at kernel/qobject.cpp:2325
#59 0x00002b93da9584bb in KIO::SlaveInterface::dispatch (this=0xcbb000, 
    _cmd=104, rawdata=@0x7fffd0754ee0) at slaveinterface.cpp:243
#60 0x00002b93da948900 in KIO::SlaveInterface::dispatch (this=0xcbb000)
    at slaveinterface.cpp:173
#61 0x00002b93da93dadd in KIO::Slave::gotInput (this=0xcbb000)
    at slave.cpp:300
#62 0x00002b93da95aa5d in KIO::Slave::qt_invoke (this=0xcbb000, _id=4, 
    _o=0x7fffd0755030) at slave.moc:113
#63 0x00002b93dc9c224c in QObject::activate_signal (this=0xdf6b10, 
    clist=<value optimized out>, o=0x7fffd0755030) at kernel/qobject.cpp:2356
#64 0x00002b93dc9c2e25 in QObject::activate_signal (this=0xdf6b10, 
    signal=<value optimized out>, param=<value optimized out>)
    at kernel/qobject.cpp:2449
#65 0x00002b93dc9dc95b in QSocketNotifier::event (this=0xdf6b10, 
    e=0x7fffd0755320) at kernel/qsocketnotifier.cpp:258
#66 0x00002b93dc96bcb5 in QApplication::internalNotify (
    this=<value optimized out>, receiver=0xdf6b10, e=0x7fffd0755320)
    at kernel/qapplication.cpp:2635
#67 0x00002b93dc96c8b7 in QApplication::notify (this=0x7fffd07555d0, 
    receiver=0xdf6b10, e=0x7fffd0755320) at kernel/qapplication.cpp:2358
#68 0x00002b93db89dfea in KApplication::notify (this=0x7fffd07555d0, 
    receiver=0xdf6b10, event=0x7fffd0755320) at kapplication.cpp:550
#69 0x00002b93dc961e9b in QEventLoop::activateSocketNotifiers (this=0x6d9910)
    at kernel/qapplication.h:496
#70 0x00002b93dc922bd3 in QEventLoop::processEvents (this=0x6d9910, 
    flags=<value optimized out>) at kernel/qeventloop_x11.cpp:383
#71 0x00002b93dc980402 in QEventLoop::enterLoop (this=0x329c)
    at kernel/qeventloop.cpp:198
#72 0x00002b93dc9802b2 in QEventLoop::exec (this=0x329c)
    at kernel/qeventloop.cpp:145
#73 0x00002b93e09cb7a7 in kdemain (argc=<value optimized out>, 
    argv=<value optimized out>) at konq_main.cc:206
#74 0x0000000000407402 in launch (argc=1, _name=0x64da28 "konqueror", 
    args=0x64da32 "\001", cwd=0x0, envc=1, envs=0x64da46 "", reset_env=false, 
    tty=0x0, avoid_loops=false, 
    startup_id_str=0x64da4f "jarmilka;1198708613;813593;6698_TIME412738123")
    at kinit.cpp:673
#75 0x00000000004080b4 in handle_launcher_request (sock=9) at kinit.cpp:1240
#76 0x00000000004086b2 in handle_requests (waitForPid=0) at kinit.cpp:1443
#77 0x0000000000408e78 in main (argc=5, argv=<value optimized out>, 
    envp=0x7fffd07567a8) at kinit.cpp:1908
Current language:  auto; currently c
Comment 11 Maksim Orlovich 2007-12-27 04:41:21 UTC 
Thanks for retesting it.
Comment 12 Maksim Orlovich 2007-12-27 04:43:52 UTC 
Heh, it crashes the JS debugger code I am working on in trunk. (and mysteriously works in 3.5.x, perhaps I have assertions off)
Comment 13 Maksim Orlovich 2007-12-27 05:32:08 UTC 
I think I got it. The problem is the dispatch of a load event inside HTMLObjectBaseElementImpl::attach(). That causes a recalcStyle.
Will attach a partial fix, though the proper onload dispatch needs to be done regardless.. Don't think my object loading tree fixes that, either.

Still, I am a tad worried that this sort of thing might happen in other ways.
Focus events or such have be known to cause such trouble in the past, at the very least.
Comment 14 Maksim Orlovich 2007-12-27 05:54:36 UTC 
SVN commit 753268 by orlovich:

Do not dispatch events directly from HTMLObjectBaseImpl::attach.
That's dangerous since it can cause a recalcStyle, which can mess
up the tree state when in the middle of an another attachment.

Fixes #125206, and probably many otherwise (which may be hard to
recognize since they'll likely not show up with the assert failure)

BUG:125206


 M  +5 -0      html_objectimpl.cpp  
 M  +1 -0      html_objectimpl.h  


WebSVN link: http://websvn.kde.org/?view=rev&revision=753268
Comment 15 kavol 2007-12-27 10:49:48 UTC 
so ... I have taken the patches generated from the provided websvn link, recompiled kdelibs, and now I am able to browse the site without any problems, while today just before the reinstallation it crashed on every article

great, thanks!
Comment 16 Carsten Lohrke 2007-12-27 17:28:53 UTC 
Will you fix this in branch as well, Maksim? I mean it looks like it'll apply fine, but I do not know to what degree the trunk and branch differ already. I'm asking, because kavol opened a bug in Gentoo Bugzilla. You're the one being comfortable with KHTML and we'd like to stick with the vanilla code, instead unnecessarily causing you troubles with distribution specific patches.
Comment 17 Maksim Orlovich 2007-12-27 17:35:55 UTC 
Thanks for the report, patience, and testing kavol.

As for fixing in branch... Yeah, this should apply directly, and probably should be applied. I will hopefully do so myself, but I sometimes tend to forget...
Comment 18 Carsten Lohrke 2008-01-02 17:29:43 UTC 
> but I sometimes tend to forget...

How about keeping the bug open - better than a knot in your handkerchief, eh? ;)
Comment 19 Maksim Orlovich 2008-01-02 17:43:21 UTC 
I have about 190 open bug reports bookmarked as sort-of-todo-items. Some have partial patches, and some have patches that work but I don't like. Won't help. Polite reminders work, though. (Not now, though --- out of town and no net access on my lappy. boo :( )
Comment 20 kavol 2008-04-06 11:12:11 UTC 
ping? - it looks like the patch did not make it into 3.5.9? :-/