Bug 159031

Summary: Undo Closed Tab Crash
Product: [Applications] konqueror Reporter: Bernhard Friedreich <friesoft>
Component: khtml partAssignee: Konqueror Developers <konq-bugs>
Status: RESOLVED DUPLICATE    
Severity: crash CC: gerhard.rauniak, mwelbers, Regnaron
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Compiled Sources   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: Backtrace of konqueror (undo closed tab) crash

Description Bernhard Friedreich 2008-03-09 18:09:59 UTC
Version:            (using Devel)
Installed from:    Compiled sources
Compiler:          g++ (GCC) 4.2.3 (Ubuntu 4.2.3-2ubuntu2) 
OS:                Linux

Konqueror crashes when trying to recover a tab (think it uses flash.. so maybe also nspluginviewer related)

Steps to reproduce:
open in tab1: http://www.google.at
open in tab2: http://derstandard.at
close tab2
recover tab2 (derstandard)
--> crash


"/kde/bin/konqueror --version" output:
Qt: 4.4.0-beta1
KDE: 4.00.65 (KDE 4.0.65 >= 20080305)
Konqueror: 4.00.64 (KDE 4.0.64 >= 20080228)


Konsole output: http://mustermaxi.googlepages.com/konqueror_crash_konsole_output
Backtrace: http://mustermaxi.googlepages.com/konqueror_undo_close_crash
Comment 1 Oliver Putz 2008-03-09 21:37:09 UTC
I can reproduce this crash with KDE4 (kdelibs 783515) with the following backtrace:

Application: Konqueror (konqueror), signal SIGABRT
Using host libthread_db library "/lib/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread 0xb6298a20 (LWP 32514)]
[KCrash handler]
#6  0xffffe410 in __kernel_vsyscall ()
#7  0xb64e91f1 in *__GI_raise (sig=6)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#8  0xb64ea9b8 in *__GI_abort () at abort.c:88
#9  0xb64e27d5 in *__GI___assert_fail (
    assertion=0xb4b74634 "m_executingScript == 0", 
    file=0xb4b74524 "/var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/html/htmltokenizer.cpp", line=156, 
    function=0xb4b74500 "void khtml::HTMLTokenizer::reset()") at assert.c:78
#10 0xb49748dc in khtml::HTMLTokenizer::reset (this=0x83d48e8)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/html/htmltokenizer.cpp:156
#11 0xb4974a10 in ~HTMLTokenizer (this=0x83d48e8)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/html/htmltokenizer.cpp:1713
#12 0xb4938086 in DOM::DocumentImpl::detach (this=0x8bf45e8)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/xml/dom_docimpl.cpp:1292
#13 0xb48f19f2 in KHTMLPart::clear (this=0x8997d10)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/khtml_part.cpp:1431
#14 0xb48feb06 in ~KHTMLPart (this=0x8997d10)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/khtml_part.cpp:509
#15 0xb48f1c4c in KHTMLPart::clear (this=0x85ea6d0)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/khtml_part.cpp:1470
#16 0xb48f2711 in KHTMLPart::begin (this=0x85ea6d0, url=@0xbff65880, 
    xOffset=0, yOffset=0)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/khtml_part.cpp:1872
#17 0xb4ad4eba in KJS::Window::getValueProperty (this=0xb2d800c0, 
    exec=0xbff65ba0, token=4)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/ecma/kjs_window.cpp:759
#18 0xb4adcca5 in KJS::staticValueGetter<KJS::Window> (exec=0xbff65ba0, 
    slot=@0xbff6594c)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/kjs/lookup.h:147
#19 0xb475d421 in KJS::PropertySlot::getValue (this=0xbff6594c, 
    exec=0xbff65ba0, originalObject=0xb2d800c0, propertyName=@0x8611cf4)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/kjs/property_slot.h:46
#20 0xb4799138 in KJS::JSObject::get (this=0xb2d800c0, exec=0xbff65ba0, 
    propertyName=@0x8611cf4)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/kjs/object.cpp:165
#21 0xb4757614 in KJS::DotAccessorNode::evaluate (this=0x8611ce8, 
    exec=0xbff65ba0)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/kjs/nodes.cpp:860
#22 0xb47575b7 in KJS::DotAccessorNode::evaluate (this=0x9260378, 
    exec=0xbff65ba0)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/kjs/nodes.cpp:858
#23 0xb475b91b in KJS::AssignDotNode::evaluate (this=0x93b8948, 
    exec=0xbff65ba0)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/kjs/nodes.cpp:1817
#24 0xb475385a in KJS::ExprStatementNode::execute (this=0x8a1e040, 
    exec=0xbff65ba0)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/kjs/nodes.cpp:2168
#25 0xb4752e4e in KJS::SourceElementsNode::execute (this=0x87b7e80, 
    exec=0xbff65ba0)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/kjs/nodes.cpp:2979
#26 0xb474f77b in KJS::BlockNode::execute (this=0x881dd00, exec=0xbff65ba0)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/kjs/nodes.cpp:2145
#27 0xb479ecda in KJS::Interpreter::evaluate (this=0x8c9f788, 
    sourceURL=@0xbff65ca0, startingLineNumber=3, code=0x86682a8, 
    codeLength=745, thisV=0xb2d80040)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/kjs/interpreter.cpp:501
#28 0xb479ed9e in KJS::Interpreter::evaluate (this=0x8c9f788, 
    sourceURL=@0xbff65ca0, startingLineNumber=3, code=@0xbff65c9c, 
    thisV=0xb2d80040)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/kjs/interpreter.cpp:442
#29 0xb4ae4a86 in KJS::KJSProxyImpl::evaluate (this=0x92602c0, 
    filename=@0xbff65d30, baseLine=3, str=@0xbff65ed0, n=@0xbff65d9c, 
    completion=0xbff65d20)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/ecma/kjs_proxy.cpp:157
#30 0xb48f3b62 in KHTMLPart::executeScript (this=0x8997d10, 
    filename=@0xbff65da4, baseLine=3, n=@0xbff65d9c, script=@0xbff65ed0)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/khtml_part.cpp:1180
#31 0xb4976472 in khtml::HTMLTokenizer::scriptExecution (this=0x83d48e8, 
    str=@0xbff65ed0, scriptURL=@0xbff65ed8, baseLine=2)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/html/htmltokenizer.cpp:450
#32 0xb4976b9a in khtml::HTMLTokenizer::scriptHandler (this=0x83d48e8)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/html/htmltokenizer.cpp:414
#33 0xb49771e1 in khtml::HTMLTokenizer::parseSpecial (this=0x83d48e8, 
    src=@0x83d4db0)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/html/htmltokenizer.cpp:330
#34 0xb4979951 in khtml::HTMLTokenizer::parseTag (this=0x83d48e8, 
    src=@0x83d4db0)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/html/htmltokenizer.cpp:1210
#35 0xb4979cfb in khtml::HTMLTokenizer::write (this=0x83d48e8, 
    str=@0xbff661e8, appendData=true)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/html/htmltokenizer.cpp:1456
#36 0xb48efe59 in KHTMLPart::write (this=0x8997d10, 
    data=0x9331290 "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\" >\r\n<html><head><title>Werbung</title></head><body style=\"background-position: right 46px;\">\r\n<script type=\"text/javascript\">\r\nvar htimer0"..., len=1312)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/khtml_part.cpp:1961
#37 0xb48db0b2 in KHTMLPart::slotRestoreData (this=0x8997d10, 
    data=@0xbff663d0)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/khtml_part.cpp:1669
#38 0xb48f953d in KHTMLPart::qt_metacall (this=0x8997d10, 
    _c=QMetaObject::InvokeMetaMethod, _id=35, _a=0xbff6639c)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs_build/khtml/khtml_part.moc:266
#39 0xb72d32c8 in QMetaObject::activate (sender=0x874d338, 
    from_signal_index=<value optimized out>, to_signal_index=4, 
    argv=<value optimized out>) at kernel/qobject.cpp:2995
#40 0xb72d3a44 in QMetaObject::activate (sender=0x874d338, m=0xb4c64348, 
    local_signal_index=0, argv=0xbff6639c) at kernel/qobject.cpp:3065
#41 0xb4928201 in KHTMLPageCacheDelivery::emitData (this=0x874d338, 
    _t1=@0xbff663d0)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs_build/khtml/khtml_pagecache.moc:131
#42 0xb4928739 in KHTMLPageCache::sendData (this=0x83fc248)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/khtml_pagecache.cpp:250
#43 0xb492888e in KHTMLPageCache::qt_metacall (this=0x83fc248, 
    _c=QMetaObject::InvokeMetaMethod, _id=5, _a=0xbff66478)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs_build/khtml/khtml_pagecache.moc:68
#44 0xb72d32c8 in QMetaObject::activate (sender=0x944b768, 
    from_signal_index=<value optimized out>, to_signal_index=4, 
    argv=<value optimized out>) at kernel/qobject.cpp:2995
#45 0xb72d3a44 in QMetaObject::activate (sender=0x944b768, m=0xb73aa9a4, 
    local_signal_index=0, argv=0x0) at kernel/qobject.cpp:3065
#46 0xb72dc1b3 in QSingleShotTimer::timeout (this=0x944b768)
    at .moc/debug-shared/qtimer.moc:74
#47 0xb72dc2dc in QSingleShotTimer::timerEvent (this=0x944b768)
    at kernel/qtimer.cpp:300
#48 0xb72cf107 in QObject::event (this=0x944b768, e=0xbff669a8)
    at kernel/qobject.cpp:1096
#49 0xb687e71f in QApplicationPrivate::notify_helper (this=0x80587c8, 
    receiver=0x944b768, e=0xbff669a8) at kernel/qapplication.cpp:3735
#50 0xb68802fa in QApplication::notify (this=0xbff66e48, receiver=0x944b768, 
    e=0xbff669a8) at kernel/qapplication.cpp:3329
#51 0xb7922c93 in KApplication::notify (this=0xbff66e48, receiver=0x944b768, 
    event=0xbff669a8)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/kdeui/kernel/kapplication.cpp:311
#52 0xb72bccf7 in QCoreApplication::notifyInternal (this=0xbff66e48, 
    receiver=0x944b768, event=0xbff669a8) at kernel/qcoreapplication.cpp:586
#53 0xb72ed67b in QTimerInfoList::activateTimers (this=0x8058f5c)
    at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:215
#54 0xb72ed751 in QEventDispatcherUNIX::activateTimers (this=0x8057f58)
    at kernel/qeventdispatcher_unix.cpp:837
#55 0xb72ed88b in QEventDispatcherUNIX::processEvents (this=0x8057f58, 
    flags=@0xbff66b28) at kernel/qeventdispatcher_unix.cpp:899
#56 0xb6916cfe in QEventDispatcherX11::processEvents (this=0x8057f58, 
    flags=@0xbff66b54) at kernel/qeventdispatcher_x11.cpp:154
#57 0xb72bbe61 in QEventLoop::processEvents (this=0xbff66bc0, 
    flags=@0xbff66b88) at kernel/qeventloop.cpp:146
#58 0xb72bbf8f in QEventLoop::exec (this=0xbff66bc0, flags=@0xbff66bc8)
    at kernel/qeventloop.cpp:197
#59 0xb72be476 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:838
#60 0xb687de37 in QApplication::exec () at kernel/qapplication.cpp:3267
#61 0xb7fc8597 in kdemain (argc=1, argv=0xbff671c4)
    at /var/tmp/portage/kde-base/kdebase-9999.4/work/kdebase-9999.4/apps/konqueror/src/konqmain.cpp:218
#62 0x080487e2 in main (argc=)
    at /var/tmp/portage/kde-base/kdebase-9999.4/work/kdebase_build/apps/konqueror/src/konqueror_dummy.cpp:3
#63 0xb64d5fdc in __libc_start_main (main=0x80487c0 <main>, argc=1, 
    ubp_av=0xbff671c4, init=0x8048810 <__libc_csu_init>, 
    fini=0x8048800 <__libc_csu_fini>, rtld_fini=0xb7fed100 <_dl_fini>, 
    stack_end=0xbff671bc) at libc-start.c:229
#64 0x08048731 in _start ()
#0  0xffffe410 in __kernel_vsyscall ()
Comment 2 Bernhard Friedreich 2008-07-05 11:21:11 UTC
Created attachment 25853 [details]
Backtrace of konqueror (undo closed tab) crash
Comment 3 Bernhard Friedreich 2008-07-05 11:22:19 UTC
sadly this bug is still persistent in a current svn builds :-(

As far as i can see the backtrace has changed, so I'll attach a new one (see above).

I haven't coded anything for KDE yet because I didn't have the time yet to dive into the codebase but maybe it's a trivial fix... so I'll see what I can do...
Comment 4 Eduardo Robles Elvira 2008-07-05 12:23:17 UTC
BTW, it seems that this a KHTML bug and not a konqueror one. When saving the session and then restoring it (File > Sessions > Save as..) khtml also crashes konqueror. So It appears to be related to the khtml code to restore a page.
Comment 5 Bernhard Friedreich 2008-07-05 13:40:05 UTC
yeah .. seems so.. I started looking through the code but I'm totally overstrained by such an massive amount of code, source files... I've got no idea how they work together... so I'll leave this to someone who has got the picture ^^
Comment 6 Maksim Orlovich 2008-07-05 14:00:44 UTC
This means a child frame is somehow restored before the parent one.
Comment 7 Christophe Marin 2008-08-04 00:26:13 UTC
*** Bug 168250 has been marked as a duplicate of this bug. ***
Comment 8 Christophe Marin 2008-08-04 00:29:25 UTC
*** Bug 168103 has been marked as a duplicate of this bug. ***
Comment 9 A. Spehr 2008-08-05 22:34:20 UTC

*** This bug has been marked as a duplicate of 145666 ***