Bug 170185

Summary: Konqueror crash: going back in history [testcase]
Product: [Applications] konqueror Reporter: David Palacio <dpalacio>
Component: khtmlAssignee: Konqueror Developers <konq-bugs>
Status: CLOSED FIXED    
Severity: critical CC: aacid, almoner, bugs, chungalitos, cronopios, finex, frank78ac, graham.stark, jcd, jensrune, jesusmaga_9, kde-bugs, mail, maksim, masagoengs, mikebwilliams, nplevis, olivier.emery, ophilar, ossi, pascal, prathapc_ms, proud2bnepali, rtavenar, sacarde, siaromez, skunk, usenbinz, woebbeking
Priority: NOR    
Version: 4.1.0   
Target Milestone: ---   
Platform: unspecified   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: backtrace
1st part of a test case (HTML page inside a frameset)
This HTML page (containing a frameset) crashes Konqueror when you go back to it

Description David Palacio 2008-09-01 14:12:23 UTC
Version:           4.1.00 (KDE 4.1.0) (using 4.1.00 (KDE 4.1.0), Debian packages)
Compiler:          cc
OS:                Linux (x86_64) release 2.6.25-2-amd64

How to reproduce:

1. Open http://www.nagomiko.net/
2. Open a link in the left side
3. Go back in history

Found this behavior in Debian's  precompiled packages and 4.2 compiled sources (r855347)
Comment 1 David Palacio 2008-09-01 14:14:56 UTC
Created attachment 27164 [details]
backtrace
Comment 2 Pino Toscano 2008-09-01 14:47:58 UTC
Please paste backtraces directly, it is easier for us to look for duplicates.

Aplicación: Konqueror (konqueror), señal SIGSEGV
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
[New Thread 0x7fb011107780 (LWP 5441)]
[KCrash handler]
#5  0x00007fb001eb57f5 in KJS::DOMNodeConstants::self (exec=0x7fff19243210)
    at /tmp/buildd/kde4libs-4.1.0/kjs/lookup.h:293
#6  0x00007fb001eb5895 in KJS::DOMNodeProto::self (exec=0x7fff19243210)
    at /tmp/buildd/kde4libs-4.1.0/khtml/ecma/kjs_dom.h:77
#7  0x00007fb001eb5c15 in KJS::DOMDocumentProto::self (exec=0x7fff19243210)
    at /tmp/buildd/kde4libs-4.1.0/khtml/ecma/kjs_dom.h:139
#8  0x00007fb001ec7375 in KJS::HTMLDocumentProto::self (exec=0x7fff19243210)
    at /tmp/buildd/kde4libs-4.1.0/khtml/ecma/kjs_html.cpp:74
#9  0x00007fb001ec73ec in HTMLDocument (this=0x7faffb174ec0, 
    exec=0x7fff19243210, d=0x310bfa0)
    at /tmp/buildd/kde4libs-4.1.0/khtml/ecma/kjs_html.cpp:200
#10 0x00007fb001eb820c in KJS::getDOMNode (exec=0x7fff19243210, n=0x23de818)
    at /tmp/buildd/kde4libs-4.1.0/khtml/ecma/kjs_dom.cpp:1731
#11 0x00007fb001eedb7b in KJS::Window::getValueProperty (
    this=<value optimized out>, exec=0x7fff19243210, 
    token=<value optimized out>)
    at /tmp/buildd/kde4libs-4.1.0/khtml/ecma/kjs_window.cpp:765
#12 0x00007fb0016a69f0 in KJS::JSObject::get (this=0x7faffb180080, 
    exec=0x7fff19243210, propertyName=@0x33fc598)
    at /tmp/buildd/kde4libs-4.1.0/kjs/property_slot.h:46
#13 0x00007fb0016bb5a5 in KJS::Machine::runBlock (exec=0x7fff19243210, 
    codeBlock=<value optimized out>, parentExec=0x0) at codes.def:680
#14 0x00007fb0016792c9 in KJS::FunctionBodyNode::execute (this=0x2a8f830, 
    exec=0x7fff19243210) at /tmp/buildd/kde4libs-4.1.0/kjs/nodes.cpp:927
#15 0x00007fb0016aa25a in KJS::Interpreter::evaluate (this=0x2a88cd0, 
    sourceURL=@0x7fff19243560, startingLineNumber=20, code=0x33fba30, 
    codeLength=148, thisV=0x7faffb180000)
    at /tmp/buildd/kde4libs-4.1.0/kjs/interpreter.cpp:557
#16 0x00007fb0016aa3b3 in KJS::Interpreter::evaluate (this=0x7fff19243210, 
    sourceURL=@0x310bfa0, startingLineNumber=-82368512, 
    code=<value optimized out>, thisV=<value optimized out>)
    at /tmp/buildd/kde4libs-4.1.0/kjs/interpreter.cpp:499
#17 0x00007fb001f02ac4 in KJS::KJSProxyImpl::evaluate (this=0x33b5480, 
    filename=<value optimized out>, baseLine=20, str=@0x7fff192439a0, 
    n=<value optimized out>, completion=0x7fff192435f0)
    at /tmp/buildd/kde4libs-4.1.0/khtml/ecma/kjs_proxy.cpp:157
#18 0x00007fb001cf45de in KHTMLPart::executeScript (this=0x3041d10, 
    filename=@0x7fff19243740, baseLine=20, n=@0x7fff19243700, 
    script=@0x7fff192439a0)
    at /tmp/buildd/kde4libs-4.1.0/khtml/khtml_part.cpp:1219
#19 0x00007fb001d74959 in khtml::HTMLTokenizer::scriptExecution (
    this=0x33cac60, str=@0x7fff192439a0, scriptURL=<value optimized out>, 
    baseLine=19)
    at /tmp/buildd/kde4libs-4.1.0/khtml/html/htmltokenizer.cpp:475
#20 0x00007fb001d768fc in khtml::HTMLTokenizer::scriptHandler (this=0x33cac60)
    at /tmp/buildd/kde4libs-4.1.0/khtml/html/htmltokenizer.cpp:428
#21 0x00007fb001d79c35 in khtml::HTMLTokenizer::parseSpecial (this=0x33cac60, 
    src=@0x33cb1b0)
    at /tmp/buildd/kde4libs-4.1.0/khtml/html/htmltokenizer.cpp:344
#22 0x00007fb001d7c616 in khtml::HTMLTokenizer::parseTag (this=0x33cac60, 
    src=@0x33cb1b0)
    at /tmp/buildd/kde4libs-4.1.0/khtml/html/htmltokenizer.cpp:1535
#23 0x00007fb001d7db45 in khtml::HTMLTokenizer::write (this=0x33cac60, 
    str=@0x7fff19244080, appendData=true)
    at /tmp/buildd/kde4libs-4.1.0/khtml/html/htmltokenizer.cpp:1789
#24 0x00007fb001cce79d in KHTMLPart::write (this=0x3041d10, 
    data=0x2ff4948 "<html>\r\n<head>\r\n<title>\226�\221�\203h\203L\203\205\203\201\203\223\203g</title>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=Shift_JIS\">\r\n</head>\r\n\r\n<body bgcolor=\"#FFFFFF\" text=\"#000000\" link=\"#999999\" vlink=\"#99999"..., len=<value optimized out>)
    at /tmp/buildd/kde4libs-4.1.0/khtml/khtml_part.cpp:1972
#25 0x00007fb001cc3928 in KHTMLPart::slotRestoreData (this=0x3041d10, 
    data=@0x7fff19244360)
    at /tmp/buildd/kde4libs-4.1.0/khtml/khtml_part.cpp:1685
#26 0x00007fb001cf2619 in KHTMLPart::qt_metacall (this=0x3041d10, 
    _c=QMetaObject::InvokeMetaMethod, _id=<value optimized out>, 
    _a=0x7fff19244330)
    at /tmp/buildd/kde4libs-4.1.0/obj-x86_64-linux-gnu/khtml/khtml_part.moc:266
#27 0x00007fb00dc0b764 in QMetaObject::activate (sender=0x33d8570, 
    from_signal_index=<value optimized out>, to_signal_index=4, 
    argv=0x7faffb172800) at kernel/qobject.cpp:3010
#28 0x00007fb001d190b2 in KHTMLPageCacheDelivery::emitData (this=0x2ed3870, 
    _t1=<value optimized out>)
    at /tmp/buildd/kde4libs-4.1.0/obj-x86_64-linux-gnu/khtml/khtml_pagecache.moc:131
#29 0x00007fb001d1a334 in KHTMLPageCache::sendData (this=0x1cd20e0)
    at /tmp/buildd/kde4libs-4.1.0/khtml/khtml_pagecache.cpp:250
#30 0x00007fb001d1a49d in KHTMLPageCache::qt_metacall (this=0x1cd20e0, 
    _c=QMetaObject::InvokeMetaMethod, _id=48, _a=0x7fff19244450)
    at /tmp/buildd/kde4libs-4.1.0/obj-x86_64-linux-gnu/khtml/khtml_pagecache.moc:68
#31 0x00007fb00dc0b764 in QMetaObject::activate (sender=0x1cdb010, 
    from_signal_index=<value optimized out>, to_signal_index=4, 
    argv=0x7faffb172800) at kernel/qobject.cpp:3010
#32 0x00007fb00dc11a4f in QSingleShotTimer::timerEvent (this=0x1cdb010)
    at kernel/qtimer.cpp:300
#33 0x00007fb00dc06073 in QObject::event (this=0x1cdb010, e=0x7fff19243210)
    at kernel/qobject.cpp:1105
#34 0x00007fb00e316e5d in QApplicationPrivate::notify_helper (this=0x15ffad0, 
    receiver=0x1cdb010, e=0x7fff19244b20) at kernel/qapplication.cpp:3772
#35 0x00007fb00e31eb2a in QApplication::notify (this=0x7fff192452b0, 
    receiver=0x1cdb010, e=0x7fff19244b20) at kernel/qapplication.cpp:3739
#36 0x00007fb00fcf7bfb in KApplication::notify (this=0x7fff192452b0, 
    receiver=0x1cdb010, event=0x7fff19244b20)
    at /tmp/buildd/kde4libs-4.1.0/kdeui/kernel/kapplication.cpp:311
#37 0x00007fb00dbf7411 in QCoreApplication::notifyInternal (
    this=0x7fff192452b0, receiver=0x1cdb010, event=0x7fff19244b20)
    at kernel/qcoreapplication.cpp:587
#38 0x00007fb00dc233b6 in QTimerInfoList::activateTimers (this=0x16004d0)
    at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:215
#39 0x00007fb00dc23678 in QEventDispatcherUNIX::processEvents (
    this=0x15faff0, flags={i = 421810032})
    at kernel/qeventdispatcher_unix.cpp:899
#40 0x00007fb00e3a912a in QEventDispatcherX11::processEvents (this=0x15faff0, 
    flags={i = 421810112}) at kernel/qeventdispatcher_x11.cpp:154
#41 0x00007fb00dbf5d22 in QEventLoop::processEvents (
    this=<value optimized out>, flags={i = 421810160})
    at kernel/qeventloop.cpp:149
#42 0x00007fb00dbf5ead in QEventLoop::exec (this=0x7fff19245030, flags=
      {i = 421810240}) at kernel/qeventloop.cpp:200
#43 0x00007fb00dbf837d in QCoreApplication::exec ()
    at kernel/qcoreapplication.cpp:845
#44 0x00007fb010dfea61 in kdemain () from /usr/lib/libkdeinit4_konqueror.so
#45 0x00007fb0109fe1a6 in __libc_start_main () from /lib/libc.so.6
#46 0x0000000000400629 in _start ()
#0  0x00007fb010a7e0e1 in nanosleep () from /lib/libc.so.6
Comment 3 Tommi Tervo 2008-09-01 15:04:22 UTC
*** Bug 165776 has been marked as a duplicate of this bug. ***
Comment 4 Frank Reininghaus 2008-09-01 22:31:24 UTC
Created attachment 27179 [details]
1st part of a test case (HTML page inside a frameset)
Comment 5 Frank Reininghaus 2008-09-01 22:38:34 UTC
Created attachment 27180 [details]
This HTML page (containing a frameset) crashes Konqueror when you go back to it

I can confirm the crash with 4.1 and trunk rev. 855891. I get a different signal (SIGABRT) and a slightly different backtrace for both the original page and this reduced testcase. All frames starting from #12 in comment 2 appear in my bt as well, though.

How to crash Konqueror:
1. Load the test case.
2. Go to some other page, e.g., http://www.kde.org/.
3. Click "Back".

Seems to be due to the 'document.write(parent.document.referrer);' command in the frame inside the frameset. 

In Konsole, a failed assertion is reported:

konqueror: /home/kde-devel/kde/src/KDE/kdelibs/khtml/html/htmltokenizer.cpp:164: void khtml::HTMLTokenizer::reset(): Assertion `m_executingScript == 0' failed.
Comment 6 Daniel Richard G. 2008-09-29 07:44:56 UTC
That last assertion failure is basically bug 145666. It happens in cases like e.g. restoring an autosaved session, so it's not just about going back in the history. (Test case crash and autosave crash both confirmed as of r865565)
Comment 7 Sebastian Sauer 2008-10-26 23:00:28 UTC
maybe dup of bug #170185 or bug #167966 - all 3 are *not* reproducable for me with KDE trunk.
Comment 8 Frank Reininghaus 2008-10-26 23:12:28 UTC
(In reply to comment #7)
> maybe dup of bug #170185 or bug #167966 - all 3 are *not* reproducable

You probably meant bug 173066 and bug 167966. All these going back crashes are probably related, and I've also noticed that I can't reproduce these any more since a week or so. Maksim told me it's timing-sensitive and therefore not always easy to reproduce. The problem is that the page you're trying to go back to has iframes, and an iframe which is already restored tries to access its parent which is in some cases not fully restored yet.
Comment 9 David Palacio 2008-10-28 20:44:19 UTC
Testcase still crashes as of revision 877144 from trunk/
Comment 10 David Palacio 2008-10-28 20:45:58 UTC
Forgot backtrace (r877144)

Application: Konqueror (konqueror), signal SIGABRT
0x00007fb28008fff1 in nanosleep () from /lib/libc.so.6

Thread 1 (Thread 0x7fb2854916f0 (LWP 26848)):
[KCrash Handler]
#5  0x00007fb280023ed5 in raise () from /lib/libc.so.6
#6  0x00007fb2800253f3 in abort () from /lib/libc.so.6
#7  0x00007fb28001cdc9 in __assert_fail () from /lib/libc.so.6
#8  0x00007fb273a7d535 in khtml::HTMLTokenizer::reset (this=0x2595a80) at /home/kde/src/KDE/kdelibs/khtml/html/htmltokenizer.cpp:183
#9  0x00007fb273a7d713 in ~HTMLTokenizer (this=0x2595a80) at /home/kde/src/KDE/kdelibs/khtml/html/htmltokenizer.cpp:2076
#10 0x00007fb273a13684 in DOM::DocumentImpl::detach (this=0x2a0b900) at /home/kde/src/KDE/kdelibs/khtml/xml/dom_docimpl.cpp:1539
#11 0x00007fb2739b32ac in KHTMLPart::clear (this=0x18d0410) at /home/kde/src/KDE/kdelibs/khtml/khtml_part.cpp:1454
#12 0x00007fb2739c5242 in ~KHTMLPart (this=0x18d0410) at /home/kde/src/KDE/kdelibs/khtml/khtml_part.cpp:534
#13 0x00007fb2739b35c3 in KHTMLPart::clear (this=0x198e950) at /home/kde/src/KDE/kdelibs/khtml/khtml_part.cpp:1493
#14 0x00007fb2739b4787 in KHTMLPart::begin (this=0x198e950, url=@0x7fff8d5ca1b0, xOffset=0, yOffset=0) at /home/kde/src/KDE/kdelibs/khtml/khtml_part.cpp:1890
#15 0x00007fb273c8260d in KJS::Window::getValueProperty (this=0x7fb26fbd0100, exec=0x7fff8d5ccb10, token=4) at /home/kde/src/KDE/kdelibs/khtml/ecma/kjs_window.cpp:730
#16 0x00007fb273c91219 in KJS::staticValueGetter<KJS::Window> (exec=0x7fff8d5ccb10, slot=@0x7fff8d5ca340) at /home/kde/src/KDE/kdelibs/kjs/lookup.h:147
#17 0x00007fb2734f4597 in KJS::PropertySlot::getValue (this=0x7fff8d5ca340, exec=0x7fff8d5ccb10, originalObject=0x7fb26fbd0100, propertyName=@0x2a20a48)
    at /home/kde/src/KDE/kdelibs/kjs/property_slot.h:46
#18 0x00007fb2734f3038 in KJS::JSObject::get (this=0x7fb26fbd0100, exec=0x7fff8d5ccb10, propertyName=@0x2a20a48) at /home/kde/src/KDE/kdelibs/kjs/object.cpp:166
#19 0x00007fb273510ef2 in KJS::Machine::runBlock (exec=0x7fff8d5ccb10, codeBlock=@0x26164b8, parentExec=0x0) at codes.def:680
#20 0x00007fb2734b8e9f in KJS::FunctionBodyNode::execute (this=0x2616430, exec=0x7fff8d5ccb10) at /home/kde/src/KDE/kdelibs/kjs/nodes.cpp:927
#21 0x00007fb2734f5e3e in KJS::Interpreter::evaluate (this=0x29f3d20, sourceURL=@0x7fff8d5cce90, startingLineNumber=20, code=0x28837c0, codeLength=148, thisV=0x7fb26fbd0000)
    at /home/kde/src/KDE/kdelibs/kjs/interpreter.cpp:557
#22 0x00007fb2734f606b in KJS::Interpreter::evaluate (this=0x29f3d20, sourceURL=@0x7fff8d5cce90, startingLineNumber=20, code=@0x7fff8d5cce80, thisV=0x7fb26fbd0000)
    at /home/kde/src/KDE/kdelibs/kjs/interpreter.cpp:499
#23 0x00007fb273c99df8 in KJS::KJSProxyImpl::evaluate (this=0x29ba6a0, filename=
      {static null = {<No data fields>}, static shared_null = {ref = {_q_value = 34362}, alloc = 0, size = 0, data = 0x7fb283a4bcda, clean = 0, simpletext = 0, righttoleft = 0, asciiCache = 0, capacity = 0, reserved = 0, array = {0}}, static shared_empty = {ref = {_q_value = 169}, alloc = 0, size = 0, data = 0x7fb283a4bcfa, clean = 0, simpletext = 0, righttoleft = 0, asciiCache = 0, capacity = 0, reserved = 0, array = {0}}, d = 0x7fff8d5ccfd0, static codecForCStrings = 0x0}, baseLine=20, str=@0x7fff8d5cd210, n=@0x7fff8d5cd110, completion=0x7fff8d5ccfb0)
    at /home/kde/src/KDE/kdelibs/khtml/ecma/kjs_proxy.cpp:158
#24 0x00007fb2739b6714 in KHTMLPart::executeScript (this=0x18d0410, filename=@0x7fff8d5cd0c0, baseLine=20, n=@0x7fff8d5cd110, script=@0x7fff8d5cd210)
    at /home/kde/src/KDE/kdelibs/khtml/khtml_part.cpp:1225
#25 0x00007fb273a81018 in khtml::HTMLTokenizer::scriptExecution (this=0x2595a80, str=@0x7fff8d5cd210, scriptURL=@0x7fff8d5cd300, baseLine=19)
    at /home/kde/src/KDE/kdelibs/khtml/html/htmltokenizer.cpp:498
#26 0x00007fb273a81b5e in khtml::HTMLTokenizer::scriptHandler (this=0x2595a80) at /home/kde/src/KDE/kdelibs/khtml/html/htmltokenizer.cpp:451
#27 0x00007fb273a82b53 in khtml::HTMLTokenizer::parseSpecial (this=0x2595a80, src=@0x2595fe8) at /home/kde/src/KDE/kdelibs/khtml/html/htmltokenizer.cpp:367
#28 0x00007fb273a86a81 in khtml::HTMLTokenizer::parseTag (this=0x2595a80, src=@0x2595fe8) at /home/kde/src/KDE/kdelibs/khtml/html/htmltokenizer.cpp:1548
#29 0x00007fb273a8744e in khtml::HTMLTokenizer::write (this=0x2595a80, str=@0x7fff8d5cdff0, appendData=true) at /home/kde/src/KDE/kdelibs/khtml/html/htmltokenizer.cpp:1807
#30 0x00007fb2739af18e in KHTMLPart::write (this=0x18d0410, 
    data=0x259a728 "<html>\r\n<head>\r\n<title>\226�\221�\203h\203L\203\205\203\201\203\223\203g</title>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=Shift_JIS\">\r\n</head>\r\n\r\n<body bgcolor=\"#FFFFFF\" text=\"#000000\" link=\"#999999\" vlink=\"#99999"..., len=3008) at /home/kde/src/KDE/kdelibs/khtml/khtml_part.cpp:1981
#31 0x00007fb27399277b in KHTMLPart::slotRestoreData (this=0x18d0410, data=@0x7fff8d5ce2f0) at /home/kde/src/KDE/kdelibs/khtml/khtml_part.cpp:1689
#32 0x00007fb2739be106 in KHTMLPart::qt_metacall (this=0x18d0410, _c=QMetaObject::InvokeMetaMethod, _id=21, _a=0x7fff8d5ce2b0) at /home/kde/build/KDE/kdelibs/khtml/khtml_part.moc:266
#33 0x00007fb2837796d4 in QMetaObject::activate (sender=0x2b3fc30, from_signal_index=<value optimized out>, to_signal_index=4, argv=0xffffffffffffffff) at kernel/qobject.cpp:3031
#34 0x00007fb273a007e5 in KHTMLPageCacheDelivery::emitData (this=0x2b3fc30, _t1=@0x7fff8d5ce2f0) at /home/kde/build/KDE/kdelibs/khtml/khtml_pagecache.moc:131
#35 0x00007fb273a00dfd in KHTMLPageCache::sendData (this=0x19d36f0) at /home/kde/src/KDE/kdelibs/khtml/khtml_pagecache.cpp:250
#36 0x00007fb273a00f90 in KHTMLPageCache::qt_metacall (this=0x19d36f0, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0x7fff8d5ce3e0) at /home/kde/build/KDE/kdelibs/khtml/khtml_pagecache.moc:68
#37 0x00007fb2837796d4 in QMetaObject::activate (sender=0x2794780, from_signal_index=<value optimized out>, to_signal_index=4, argv=0xffffffffffffffff) at kernel/qobject.cpp:3031
#38 0x00007fb28377f93f in QSingleShotTimer::timerEvent (this=0x2794780) at kernel/qtimer.cpp:294
#39 0x00007fb283773fe3 in QObject::event (this=0x2794780, e=0x68e0) at kernel/qobject.cpp:1120
#40 0x00007fb2822cca5d in QApplicationPrivate::notify_helper (this=0x138d310, receiver=0x2794780, e=0x7fff8d5cead0) at kernel/qapplication.cpp:3803
#41 0x00007fb2822d47da in QApplication::notify (this=0x7fff8d5cf0e0, receiver=0x2794780, e=0x7fff8d5cead0) at kernel/qapplication.cpp:3768
#42 0x00007fb284356ffa in KApplication::notify (this=0x7fff8d5cf0e0, receiver=0x2794780, event=0x7fff8d5cead0) at /home/kde/src/KDE/kdelibs/kdeui/kernel/kapplication.cpp:307
#43 0x00007fb283765381 in QCoreApplication::notifyInternal (this=0x7fff8d5cf0e0, receiver=0x2794780, event=0x7fff8d5cead0) at kernel/qcoreapplication.cpp:587
#44 0x00007fb283791256 in QTimerInfoList::activateTimers (this=0x138de50) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:209
#45 0x00007fb283791518 in QEventDispatcherUNIX::processEvents (this=0x138cae0, flags={i = -1923289312}) at kernel/qeventdispatcher_unix.cpp:893
#46 0x00007fb28235f3e2 in QEventDispatcherX11::processEvents (this=0x138cae0, flags={i = -1923289232}) at kernel/qeventdispatcher_x11.cpp:148
#47 0x00007fb283763ca2 in QEventLoop::processEvents (this=<value optimized out>, flags={i = -1923289184}) at kernel/qeventloop.cpp:143
#48 0x00007fb283763e2d in QEventLoop::exec (this=0x7fff8d5cefe0, flags={i = -1923289104}) at kernel/qeventloop.cpp:194
#49 0x00007fb2837662dd in QCoreApplication::exec () at kernel/qcoreapplication.cpp:845
#50 0x00007fb2851766e9 in kdemain (argc=2, argv=0x7fff8d5cfd58) at /home/kde/src/KDE/kdebase/apps/konqueror/src/konqmain.cpp:257
#51 0x0000000000400887 in main (argc=2, argv=0x7fff8d5cfd58) at /home/kde/build/KDE/kdebase/apps/konqueror/src/konqueror_dummy.cpp:3

Comment 11 David Palacio 2008-11-28 23:52:23 UTC
Does not crash in revision 890303. But 4.1.3 still crashes.
Comment 12 Pascal d'Hermilly 2008-12-21 13:23:04 UTC
Still chrashes in KDE 4.2 Beta 2
Comment 13 FiNeX 2008-12-28 14:16:56 UTC
*** Bug 173066 has been marked as a duplicate of this bug. ***
Comment 14 FiNeX 2008-12-28 14:17:16 UTC
*** Bug 178966 has been marked as a duplicate of this bug. ***
Comment 15 Andre Woebbeking 2009-01-10 12:31:33 UTC
I've this on http://www.wetteronline.de/Berlin/Berlin.htm :
1) select "Trend" in the middle of the page
2) go back -> crash

But my backtrace is different:

#5  QString::operator== (this=<value optimized out>, other=@0x7fd5143680f8) at tools/qstring.cpp:1768
#6  0x00007fd509c49d3d in KHTMLPart::restoreState (this=0x1b56c00, stream=<value optimized out>) at /Devel/src/kde4/qt-copy/include/QtCore/../../src/corelib/tools/qstring.h:372
#7  0x00007fd509c49cec in KHTMLPart::restoreState (this=0x15cac00, stream=<value optimized out>) at /Devel/src/kde4/4.2/kdelibs/khtml/khtml_part.cpp:5362
#8  0x00007fd515038ef0 in KonqView::restoreHistory (this=0x15cb150) at /Devel/src/kde4/4.2/kdebase/apps/konqueror/src/konqview.cpp:869
#9  0x00007fd515086d0c in KonqMainWindow::slotGoHistoryDelayed (this=0xf76150) at /Devel/src/kde4/4.2/kdebase/apps/konqueror/src/konqmainwindow.cpp:2833

I'm using 4.2 branch.
Comment 16 Tommi Tervo 2009-01-20 21:49:14 UTC
*** Bug 181419 has been marked as a duplicate of this bug. ***
Comment 17 giuseppe 2009-01-20 22:14:43 UTC
Unfixed on 4.1.96

Same thing happen on those
two sites

www.imdb.com
http://labiobottega.com/
Comment 18 giuseppe 2009-01-21 20:28:02 UTC
4.2.0 from svn tags
not fixed..

Comment 19 Frank Reininghaus 2009-01-28 22:10:48 UTC
*** Bug 180788 has been marked as a duplicate of this bug. ***
Comment 20 Maksim Orlovich 2009-02-05 00:19:46 UTC
*** Bug 181808 has been marked as a duplicate of this bug. ***
Comment 21 Maksim Orlovich 2009-02-05 00:19:47 UTC
*** Bug 182918 has been marked as a duplicate of this bug. ***
Comment 22 Maksim Orlovich 2009-02-05 00:19:47 UTC
*** Bug 179000 has been marked as a duplicate of this bug. ***
Comment 23 Maksim Orlovich 2009-02-05 00:19:47 UTC
*** Bug 172684 has been marked as a duplicate of this bug. ***
Comment 24 Maksim Orlovich 2009-02-05 00:19:48 UTC
*** Bug 174544 has been marked as a duplicate of this bug. ***
Comment 25 Maksim Orlovich 2009-02-05 00:19:48 UTC
*** Bug 182945 has been marked as a duplicate of this bug. ***
Comment 26 Maksim Orlovich 2009-02-05 00:33:25 UTC
*** Bug 182758 has been marked as a duplicate of this bug. ***
Comment 27 Tommi Tervo 2009-02-05 11:02:11 UTC
*** Bug 183271 has been marked as a duplicate of this bug. ***
Comment 28 Maksim Orlovich 2009-02-10 03:16:05 UTC
*** Bug 183852 has been marked as a duplicate of this bug. ***
Comment 29 Frank Reininghaus 2009-02-11 23:26:57 UTC
*** Bug 158300 has been marked as a duplicate of this bug. ***
Comment 30 Maksim Orlovich 2009-02-14 18:53:17 UTC
SVN commit 926130 by orlovich:

Remove this hack; I don't want it anyway, and having it can cause the going-back buginess to crash;
with it gone is will 'merely' lead to JS errors, so the restore code for frames still needs rework,
but at least it removes the major stability issue.

CCBUG:170185


 M  +0 -6      kjs_window.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=926130
Comment 31 Maksim Orlovich 2009-02-14 18:55:15 UTC
SVN commit 926133 by orlovich:

Merged revision 926130:
Remove this hack; I don't want it anyway, and having it can cause the going-back buginess to crash;
with it gone is will 'merely' lead to JS errors, so the restore code for frames still needs rework,
but at least it removes the major stability issue.

CCBUG:170185

 M  +0 -6      kjs_window.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=926133
Comment 32 Maksim Orlovich 2009-02-15 17:13:54 UTC
*** Bug 184416 has been marked as a duplicate of this bug. ***
Comment 33 Maksim Orlovich 2009-02-15 23:48:09 UTC
*** Bug 184470 has been marked as a duplicate of this bug. ***
Comment 34 Maksim Orlovich 2009-02-21 23:11:23 UTC
*** Bug 185172 has been marked as a duplicate of this bug. ***
Comment 35 Maksim Orlovich 2009-02-21 23:14:30 UTC
*** Bug 185083 has been marked as a duplicate of this bug. ***
Comment 36 Maksim Orlovich 2009-02-28 16:52:30 UTC
*** Bug 185807 has been marked as a duplicate of this bug. ***
Comment 37 Tommi Tervo 2009-03-02 12:52:19 UTC
*** Bug 185948 has been marked as a duplicate of this bug. ***
Comment 38 Maksim Orlovich 2009-03-27 16:56:39 UTC
*** Bug 188264 has been marked as a duplicate of this bug. ***
Comment 39 Andre Woebbeking 2009-05-29 14:24:11 UTC
I still have the same crash with current 4.2 branch (4.2.4).
Comment 40 Olivier E. 2009-07-05 10:49:43 UTC
The same crash happens to me with KDE 4.3 RC1
Konqueror crashes when I click back to a phoronix.com page.
No problem when I browse nagomiko.net and bugs.kde.org/attachment.cgi?id=27164

Backtrace:
Application: Konqueror (kdeinit4), signal: Segmentation fault
[Current thread is 0 (LWP 2483)]

Thread 4 (Thread 0xb032fb70 (LWP 2489)):
#0  0xb7fc6424 in __kernel_vsyscall ()
#1  0xb67fcf21 in select () from /lib/libc.so.6
#2  0xb7e8e745 in QProcessManager::run (this=0x881cf50) at io/qprocess_unix.cpp:296
#3  0xb7dc1022 in QThreadPrivate::start (arg=0x881cf50) at thread/qthread_unix.cpp:188
#4  0xb7d606bc in start_thread () from /lib/libpthread.so.0
#5  0xb6803ffe in clone () from /lib/libc.so.6

Thread 3 (Thread 0xaf9ffb70 (LWP 2496)):
#0  0xb7fc6424 in __kernel_vsyscall ()
#1  0xb7d64f82 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#2  0xb7dc1fbf in QWaitCondition::wait (this=0x8bbe800, mutex=0x8bbe7fc, time=30000) at thread/qwaitcondition_unix.cpp:85
#3  0xb7db781e in QThreadPoolThread::run (this=0x8a45d80) at concurrent/qthreadpool.cpp:140
#4  0xb7dc1022 in QThreadPrivate::start (arg=0x8a45d80) at thread/qthread_unix.cpp:188
#5  0xb7d606bc in start_thread () from /lib/libpthread.so.0
#6  0xb6803ffe in clone () from /lib/libc.so.6

Thread 2 (Thread 0xaf134b70 (LWP 2501)):
#0  0xb7fc6424 in __kernel_vsyscall ()
#1  0xb7d64f82 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#2  0xb7dc1fbf in QWaitCondition::wait (this=0x8bbe800, mutex=0x8bbe7fc, time=30000) at thread/qwaitcondition_unix.cpp:85
#3  0xb7db781e in QThreadPoolThread::run (this=0x8c63b78) at concurrent/qthreadpool.cpp:140
#4  0xb7dc1022 in QThreadPrivate::start (arg=0x8c63b78) at thread/qthread_unix.cpp:188
#5  0xb7d606bc in start_thread () from /lib/libpthread.so.0
#6  0xb6803ffe in clone () from /lib/libc.so.6

Thread 1 (Thread 0xb5df6710 (LWP 2483)):
[KCrash Handler]
#6  0xb7e0404c in QString::operator== (this=0x8e883d4, other=@0x8052a74) at tools/qstring.cpp:1912
#7  0xb18cd890 in KHTMLPart::restoreState () from /usr/lib/libkhtml.so.5
#8  0xb18f620e in KHTMLPartBrowserExtension::restoreState () from /usr/lib/libkhtml.so.5
#9  0xb18cd807 in KHTMLPart::restoreState () from /usr/lib/libkhtml.so.5
#10 0xb18f620e in KHTMLPartBrowserExtension::restoreState () from /usr/lib/libkhtml.so.5
#11 0xb37af0f8 in KonqView::restoreHistory (this=0x8b05210) at /home/jan/kdemod/testing/kdebase/src/kdebase-4.2.95/apps/konqueror/src/konqview.cpp:871
#12 0xb3802f88 in KonqMainWindow::slotGoHistoryDelayed (this=0x88f2570) at /home/jan/kdemod/testing/kdebase/src/kdebase-4.2.95/apps/konqueror/src/konqmainwindow.cpp:2859
#13 0xb380c950 in KonqMainWindow::qt_metacall (this=0x88f2570, _c=QMetaObject::InvokeMetaMethod, _id=106, _a=0xbfc8fa9c)
    at /home/jan/kdemod/testing/kdebase/src/kdebase-4.2.95/apps/konqueror/src/konqmainwindow.moc:441
#14 0xb7ec58bc in QMetaObject::activate (sender=0x8ef10a8, from_signal_index=<value optimized out>, to_signal_index=4, argv=0x0) at kernel/qobject.cpp:3112
#15 0xb7ec64f2 in QMetaObject::activate (sender=0x8ef10a8, m=0xb7f9eae8, local_signal_index=0, argv=0x0) at kernel/qobject.cpp:3186
#16 0xb7eca947 in QSingleShotTimer::timeout (this=0x8ef10a8) at .moc/release-shared/qtimer.moc:76
#17 0xb7ecaa5c in QSingleShotTimer::timerEvent (this=0x8ef10a8) at kernel/qtimer.cpp:298
#18 0xb7ebfa6f in QObject::event (this=0x8ef10a8, e=0xbfc8ff30) at kernel/qobject.cpp:1074
#19 0xb6a8f674 in QApplicationPrivate::notify_helper (this=0x881aa28, receiver=0x8ef10a8, e=0xbfc8ff30) at kernel/qapplication.cpp:4056
#20 0xb6a96d5c in QApplication::notify (this=0xbfc90334, receiver=0x8ef10a8, e=0xbfc8ff30) at kernel/qapplication.cpp:3603
#21 0xb74cfa7a in KApplication::notify () from /usr/lib/libkdeui.so.5
#22 0xb7eafedb in QCoreApplication::notifyInternal (this=0xbfc90334, receiver=0x8ef10a8, event=0xbfc8ff30) at kernel/qcoreapplication.cpp:610
#23 0xb7edd64e in QTimerInfoList::activateTimers (this=0x881d794) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:213
#24 0xb7eda630 in timerSourceDispatch (source=0x881d760) at kernel/qeventdispatcher_glib.cpp:165
#25 0xb6697d98 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#26 0xb669b3e0 in g_main_context_iterate () from /usr/lib/libglib-2.0.so.0
#27 0xb669b513 in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#28 0xb7eda57c in QEventDispatcherGlib::processEvents (this=0x8763610, flags={i = 36}) at kernel/qeventdispatcher_glib.cpp:327
#29 0xb6b2d475 in QGuiEventDispatcherGlib::processEvents (this=0x8763610, flags={i = 36}) at kernel/qguieventdispatcher_glib.cpp:202
#30 0xb7eae489 in QEventLoop::processEvents (this=0xbfc901f4, flags=) at kernel/qeventloop.cpp:149
#31 0xb7eae8da in QEventLoop::exec (this=0xbfc901f4, flags={i = 0}) at kernel/qeventloop.cpp:201
#32 0xb7eb0d4f in QCoreApplication::exec () at kernel/qcoreapplication.cpp:888
#33 0xb6a8f4f7 in QApplication::exec () at kernel/qapplication.cpp:3525
#34 0xb383eb99 in kdemain (argc=1, argv=0x87d0b58) at /home/jan/kdemod/testing/kdebase/src/kdebase-4.2.95/apps/konqueror/src/konqmain.cpp:271
#35 0x0804de0c in _start ()
Comment 41 Maksim Orlovich 2009-07-17 20:30:07 UTC
SVN commit 998473 by orlovich:

Do full restore on going back when frame count doesn't match. Should fix the restoreState/QString::operator==
crash. I am not at all happy with full restore path, but its flaws should be considerably less, uhm, crashy.
CCBUG: 170185
BUG: 158794
BUG: 173870
BUG: 183733
BUG: 193828
BUG: 196724
BUG: 196795
BUG: 197435
BUG: 198646
BUG: 199806
BUG: 200425
(Not dup'ing those to avoid sending a whole bunch of people 10 e-mails. Plus, it's more fun this way!)


 M  +1 -1      khtml_part.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=998473
Comment 42 Maksim Orlovich 2009-07-18 00:25:28 UTC
SVN commit 998543 by orlovich:

Merged revision:r998473 | orlovich | 2009-07-17 14:29:18 -0400 (Fri, 17 Jul 2009) | 15 lines

Do full restore on going back when frame count doesn't match. Should fix the restoreState/QString::operator==
crash. I am not at all happy with full restore path, but its flaws should be considerably less, uhm, crashy.
CCBUG: 170185
BUG: 158794
BUG: 173870
BUG: 183733
BUG: 193828
BUG: 196724
BUG: 196795
BUG: 197435
BUG: 198646
BUG: 199806
BUG: 200425
(Not dup'ing those to avoid sending a whole bunch of people 10 e-mails. Plus, it's more fun this way!)

 M  +1 -1      khtml_part.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=998543
Comment 43 A. Spehr 2009-08-06 13:00:14 UTC
*** Bug 202783 has been marked as a duplicate of this bug. ***
Comment 44 jesus 2009-10-05 22:18:07 UTC
linuxmint
Comment 45 FiNeX 2010-08-03 17:52:36 UTC
Konqueror 4.4.5 doesn't crash anymore :-)