Bug 251643

Summary: Web browsing crash with ktorrent [@ KHTMLPart::xmlDocImpl]
Product: [Applications] konqueror Reporter: Frans Oilinki <moilinki>
Component: khtmlAssignee: Konqueror Developers <konq-bugs>
Status: RESOLVED WAITINGFORINFO    
Severity: crash CC: dborba, marian.trenkwalder, moilinki
Priority: NOR Keywords: triaged
Version: 4.6.1   
Target Milestone: ---   
Platform: Ubuntu   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Frans Oilinki 2010-09-18 10:04:54 UTC 
Application: ktorrent (3.3.4)
KDE Platform Version: 4.4.2 (KDE 4.4.2)
Qt Version: 4.6.2
Operating System: Linux 2.6.32-24-generic x86_64
Distribution: Ubuntu 10.04.1 LTS

-- Information about the crash:
ktorrent comes with HTTP client. From a torrent page, I followed link to

    http://code.google.com/events/io/2010/sessions.html

This page contains delicious.com bookmark button, which I pressed. Login, enter bookmark data, returning to the code.google.com page crash badabum. Note that the bookmark was saved, so the crash might have something to do with redirection.

Kubuntu 10.04, up-to-date, no custom self-compiled or otherwise special KDE stuff installed.

 -- Backtrace:
Application: KTorrent (ktorrent), signal: Segmentation fault
[Current thread is 1 (Thread 0x7fe34bca3760 (LWP 3263))]

Thread 6 (Thread 0x7fe33e508710 (LWP 3265)):
#0  0x00007fe3478dffe3 in select () at ../sysdeps/unix/syscall-template.S:82
#1  0x00007fe34b84668e in ?? () from /usr/lib/libbtcore.so.12
#2  0x00007fe34925f775 in QThreadPrivate::start (arg=0x1929440) at thread/qthread_unix.cpp:248
#3  0x00007fe348fcf9ca in start_thread (arg=<value optimized out>) at pthread_create.c:300
#4  0x00007fe3478e76fd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#5  0x0000000000000000 in ?? ()

Thread 5 (Thread 0x7fe33d0d9710 (LWP 3287)):
#0  0xffffffffff60017b in ?? ()
#1  0x00007fe33d0d8d80 in ?? ()
#2  0x00007fffaddff714 in ?? ()
Backtrace stopped: previous frame identical to this frame (corrupt stack?)

Thread 4 (Thread 0x7fe33eda1710 (LWP 3288)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:162
#1  0x00007fe34926072b in QWaitConditionPrivate::wait (this=<value optimized out>, mutex=0x1816f20, time=18446744073709551615) at thread/qwaitcondition_unix.cpp:87
#2  QWaitCondition::wait (this=<value optimized out>, mutex=0x1816f20, time=18446744073709551615) at thread/qwaitcondition_unix.cpp:159
#3  0x00007fe34b7ec60c in ?? () from /usr/lib/libbtcore.so.12
#4  0x00007fe34b7ed6e9 in ?? () from /usr/lib/libbtcore.so.12
#5  0x00007fe34925f775 in QThreadPrivate::start (arg=0x1816eb0) at thread/qthread_unix.cpp:248
#6  0x00007fe348fcf9ca in start_thread (arg=<value optimized out>) at pthread_create.c:300
#7  0x00007fe3478e76fd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#8  0x0000000000000000 in ?? ()

Thread 3 (Thread 0x7fe3371dc710 (LWP 3289)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:162
#1  0x00007fe34926072b in QWaitConditionPrivate::wait (this=<value optimized out>, mutex=0x1b2dae0, time=18446744073709551615) at thread/qwaitcondition_unix.cpp:87
#2  QWaitCondition::wait (this=<value optimized out>, mutex=0x1b2dae0, time=18446744073709551615) at thread/qwaitcondition_unix.cpp:159
#3  0x00007fe34b7f0342 in ?? () from /usr/lib/libbtcore.so.12
#4  0x00007fe34925f775 in QThreadPrivate::start (arg=0x1b2dad0) at thread/qthread_unix.cpp:248
#5  0x00007fe348fcf9ca in start_thread (arg=<value optimized out>) at pthread_create.c:300
#6  0x00007fe3478e76fd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#7  0x0000000000000000 in ?? ()

Thread 2 (Thread 0x7fe3379dd710 (LWP 19934)):
#0  0x00007fe3478daf83 in *__GI___poll (fds=<value optimized out>, nfds=<value optimized out>, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:87
#1  0x00007fe343f6d4a9 in ?? () from /lib/libglib-2.0.so.0
#2  0x00007fe343f6d8fc in g_main_context_iteration () from /lib/libglib-2.0.so.0
#3  0x00007fe34937d566 in QEventDispatcherGlib::processEvents (this=0x7fe324000f90, flags=<value optimized out>) at kernel/qeventdispatcher_glib.cpp:414
#4  0x00007fe349352992 in QEventLoop::processEvents (this=<value optimized out>, flags=) at kernel/qeventloop.cpp:149
#5  0x00007fe349352d6c in QEventLoop::exec (this=0x7fe3379dcdb0, flags=) at kernel/qeventloop.cpp:201
#6  0x00007fe34925cd59 in QThread::exec (this=<value optimized out>) at thread/qthread.cpp:487
#7  0x00007fe349333178 in QInotifyFileSystemWatcherEngine::run (this=0x259bf10) at io/qfilesystemwatcher_inotify.cpp:248
#8  0x00007fe34925f775 in QThreadPrivate::start (arg=0x259bf10) at thread/qthread_unix.cpp:248
#9  0x00007fe348fcf9ca in start_thread (arg=<value optimized out>) at pthread_create.c:300
#10 0x00007fe3478e76fd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#11 0x0000000000000000 in ?? ()

Thread 1 (Thread 0x7fe34bca3760 (LWP 3263)):
[KCrash Handler]
#5  KHTMLPart::xmlDocImpl (this=0x0) at ../../khtml/khtml_part.cpp:1667
#6  0x00007fe32c8781ce in KHTMLView::mouseMoveEvent (this=0x2906520, _mouse=0x7fffadd20b00) at ../../khtml/khtmlview.cpp:1341
#7  0x00007fe3485461df in QWidget::event (this=0x2906520, event=0x7fffadd20b00) at kernel/qwidget.cpp:7983
#8  0x00007fe3488ed4e6 in QFrame::event (this=0x2906520, e=0x7fffadd20b00) at widgets/qframe.cpp:557
#9  0x00007fe32c8747c5 in KHTMLView::widgetEvent (this=0x2906520, e=0x7fffadd20b00) at ../../khtml/khtmlview.cpp:2362
#10 0x00007fe32c874acf in KHTMLView::eventFilter (this=0x2906520, o=0x2d24de0, e=0x7fffadd20b00) at ../../khtml/khtmlview.cpp:2207
#11 0x00007fe349353487 in QCoreApplicationPrivate::sendThroughObjectEventFilters (this=<value optimized out>, receiver=0x2d24de0, event=0x7fffadd20b00) at kernel/qcoreapplication.cpp:819
#12 0x00007fe3484f01fc in QApplicationPrivate::notify_helper (this=0x1849640, receiver=0x2d24de0, e=0x7fffadd20b00) at kernel/qapplication.cpp:4296
#13 0x00007fe3484f6ecb in QApplication::notify (this=0x7fffadd217e0, receiver=0x2d24de0, e=0x7fffadd20b00) at kernel/qapplication.cpp:3865
#14 0x00007fe34a99a526 in KApplication::notify (this=0x7fffadd217e0, receiver=0x2d24de0, event=0x7fffadd20b00) at ../../kdeui/kernel/kapplication.cpp:302
#15 0x00007fe34935406c in QCoreApplication::notifyInternal (this=0x7fffadd217e0, receiver=0x2d24de0, event=0x7fffadd20b00) at kernel/qcoreapplication.cpp:704
#16 0x00007fe3484f60ae in QCoreApplication::sendEvent (receiver=0x2d24de0, event=0x7fffadd20b00, alienWidget=0x2d24de0, nativeWidget=0x192b770, buttonDown=<value optimized out>, 
    lastMouseReceiver=<value optimized out>, spontaneous=true) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:215
#17 QApplicationPrivate::sendMouseEvent (receiver=0x2d24de0, event=0x7fffadd20b00, alienWidget=0x2d24de0, nativeWidget=0x192b770, buttonDown=<value optimized out>, 
    lastMouseReceiver=<value optimized out>, spontaneous=true) at kernel/qapplication.cpp:2965
#18 0x00007fe348575f65 in QETWidget::translateMouseEvent (this=0x192b770, event=<value optimized out>) at kernel/qapplication_x11.cpp:4368
#19 0x00007fe3485748ac in QApplication::x11ProcessEvent (this=<value optimized out>, event=0x7fffadd21420) at kernel/qapplication_x11.cpp:3501
#20 0x00007fe3485a0882 in x11EventSourceDispatch (s=0x184ea70, callback=<value optimized out>, user_data=<value optimized out>) at kernel/qguieventdispatcher_glib.cpp:146
#21 0x00007fe343f698c2 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#22 0x00007fe343f6d748 in ?? () from /lib/libglib-2.0.so.0
#23 0x00007fe343f6d8fc in g_main_context_iteration () from /lib/libglib-2.0.so.0
#24 0x00007fe34937d513 in QEventDispatcherGlib::processEvents (this=0x1814980, flags=<value optimized out>) at kernel/qeventdispatcher_glib.cpp:412
#25 0x00007fe3485a046e in QGuiEventDispatcherGlib::processEvents (this=0x0, flags=<value optimized out>) at kernel/qguieventdispatcher_glib.cpp:204
#26 0x00007fe349352992 in QEventLoop::processEvents (this=<value optimized out>, flags=) at kernel/qeventloop.cpp:149
#27 0x00007fe349352d6c in QEventLoop::exec (this=0x7fffadd21750, flags=) at kernel/qeventloop.cpp:201
#28 0x00007fe349356aab in QCoreApplication::exec () at kernel/qcoreapplication.cpp:981
#29 0x0000000000427294 in _start ()

Reported using DrKonqi
Comment 1 Frans Oilinki 2010-09-18 10:30:56 UTC 
I try with konqueror, and observe that following the steps mentioned in the original bug report, in the end (where ktorrent crashed) it shows me a pop-up dialog asking whether to close the window. So maybe the reported ktorrent crash was due to javascript closing window?

(Google Chrome will not close the window, just show blank page, but I do not know if this is different implementation of the browser or different content sent to different browser - I am mentioning this  because I have no idea which browser ktorrent claims to be, and I cannot be 100% sure if ktorrent gets the same content as konqueror...)
Comment 2 Joris Guisson 2010-09-18 12:22:07 UTC 
Reassigning to konqueror people
Comment 3 Tommi Tervo 2010-10-06 19:37:17 UTC 
*** Bug 253351 has been marked as a duplicate of this bug. ***
Comment 4 Myriam Schweingruber 2012-06-18 21:40:32 UTC 
*** Bug 269076 has been marked as a duplicate of this bug. ***
Comment 5 Myriam Schweingruber 2012-06-18 21:41:48 UTC 
Is this still reproducible with Konqueror 4.8.4 or later?
Comment 6 Andrew Crouthamel 2018-09-23 02:25:27 UTC 
Dear Bug Submitter,

This bug has been in NEEDSINFO status with no change for at least 15 days. Please provide the requested information as soon as possible and set the bug status as REPORTED. Due to regular bug tracker maintenance, if the bug is still in NEEDSINFO status with no change in 30 days, the bug will be closed as RESOLVED > WORKSFORME due to lack of needed information.

For more information about our bug triaging procedures please read the wiki located here: https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

If you have already provided the requested information, please set the bug status as REPORTED so that the KDE team knows that the bug is ready to be confirmed.

Thank you for helping us make KDE software even better for everyone!
Comment 7 Frans Oilinki 2018-09-23 14:44:44 UTC 
Hi Andrew,

Note this bug was never reproducible using konqueror, though ktorrent perhaps used konqueror web client/rendering engine.

Thus I can readily say that it is not reproducible using newer konqueror (the application, not the konqueror component/engine if there is such thing).

For the ktorrent application bug, I am not able to reproduce the bug for the following chain of reasons:

0. During writing the original bug report, I did not bother researching the actual reason for the crash further trusting that the developers could find it or confirm my hunch much quicklier as I had provided 100% reproducible method of triggering using the given URL. 
1.The page mentioned 8 years ago in the original report does not exist any more. 
2. Furthermore, my guess about the mechanism of the triggering events can not be tested using other page that would contain similar del.icio.us bookmarking widget as I am not able to quickly find one.
3. Even if I found one it might not work since del.icio.us seems to have some existential problems ("switching servers, back online July 24", but now is already September 23rd). 
4. I have no idea how the page triggered its own death, maybe it was a pop-up window that was somehow passed its own reference that was used to close the window? I do not how to do that, I am not fluent in (client-side) JavaScript.

I suggest you just close the bug.
Comment 8 Frans Oilinki 2018-09-23 15:06:29 UTC 
The other duplicated bug reports contained alternative ways to trigger apparently the same bug. I have some doubts about categorizing this as konqueror bug. Looks more like it might have been triggered by how the konqueror component close event was handled? 

I could not quickly find a way to open a web page using current version of ktorrent. The other bug reports mention web search function thing which I also could not find in the newer ktorrent. So it could be that it is not even possible to try to reproduce this bug because the functionality maybe is removed.