283201 – Konqueror crash

Bug 283201 - Konqueror crash

Summary: Konqueror crash

Status:	RESOLVED DUPLICATE of bug 227837

Alias:	None

Product:	konqueror
Classification:	Applications
Component:	general (show other bugs)
Version:	unspecified
Platform:	Debian testing Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Konqueror Developers

URL:
Keywords:

Depends on:
Blocks:

Reported:	2011-10-02 19:52 UTC by Nick Leverton
Modified:	2011-11-07 15:21 UTC (History)
CC List:	1 user (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Backtrace of the crash on a newly created user. (11.02 KB, text/plain) 2011-10-04 10:38 UTC, Nick Leverton	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Nick Leverton 2011-10-02 19:52:13 UTC

Application: konqueror (4.6.5 (4.6.5))
KDE Platform Version: 4.6.5 (4.6.5)
Qt Version: 4.7.3
Operating System: Linux 3.0.0-1-amd64 x86_64
Distribution: Debian GNU/Linux testing (wheezy)

-- Information about the crash:
I was searching google, the search URL was

http://www.google.co.uk/search?num=100&hl=en&safe=off&biw=995&bih=615&q=%22firefox+7%22+%22location+bar%22+%22doesn%27t%22+%22drop+down%22&oq=%22firefox+7%22+%22location+bar%22+%22doesn%27t%22+%22drop+down%22&aq=f&aqi=&aql=&gs_sm=e&gs_upl=7383l10952l0l11123l13l13l1l0l0l3l223l1787l3.6.3l12l0

I have google "customise results" disabled, I am signed out of google.com, and all personalisation/tracking options turned off, so you should be able to get the same search results if that turns out to be important. 

I right clicked on the top link which is http://support.mozilla.com/en-US/kb/Location bar autocomplete.  I chose "open new tab" (an operation I do dozens of times per day).  On this occasion, Konqui crashed.  This is repeatable with this search and link.

The crash can be reproduced every time.

-- Backtrace:
Application: Konqueror (kdeinit4), signal: Segmentation fault
[Current thread is 1 (Thread 0x7fed81ad1760 (LWP 10242))]

Thread 9 (Thread 0x7fed50f73700 (LWP 10251)):
#0  pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:216
#1  0x00007fed5b08ffb1 in metronom_sync_loop (this=0x3fa5d40) at metronom.c:870
#2  0x00007fed7ce00b40 in start_thread (arg=<optimized out>) at pthread_create.c:304
#3  0x00007fed7f31036d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#4  0x0000000000000000 in ?? ()

Thread 8 (Thread 0x7fed4a62a700 (LWP 12014)):
#0  0x00007fed7f309e63 in select () at ../sysdeps/unix/syscall-template.S:82
#1  0x00007fed5b0b8ca5 in xine_usec_sleep (usec=<optimized out>) at utils.c:481
#2  0x00007fed5b09d9c9 in video_out_loop (this_gen=<optimized out>) at video_out.c:1246
#3  0x00007fed7ce00b40 in start_thread (arg=<optimized out>) at pthread_create.c:304
#4  0x00007fed7f31036d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#5  0x0000000000000000 in ?? ()

Thread 7 (Thread 0x7fed49e29700 (LWP 12015)):
[KCrash Handler]
#6  xine_event_dispose_queue (queue=0x0) at events.c:133
#7  0x00007fed4faff594 in open_plugin (class_gen=0x3fa6880, stream=0x8971ed0, input=0x7fed44213140) at demux_matroska.c:3007
#8  0x00007fed5b099150 in probe_demux (stream=0x8971ed0, method1=2, method2=<optimized out>, input=<optimized out>) at load_plugins.c:1319
#9  0x00007fed5b08e550 in open_internal (mrl=<optimized out>, stream=<optimized out>) at xine.c:1224
#10 xine_open (stream=<optimized out>, mrl=0x7 <Address 0x7 out of bounds>) at xine.c:1299
#11 0x00007fed6050e8dd in xineOpen (newstate=Phonon::StoppedState, this=0x42facb0) at ../../xine/xinestream.cpp:262
#12 Phonon::Xine::XineStream::xineOpen (this=0x42facb0, newstate=Phonon::StoppedState) at ../../xine/xinestream.cpp:242
#13 0x00007fed60513eea in Phonon::Xine::XineStream::event (this=0x42facb0, ev=0x8ba33a0) at ../../xine/xinestream.cpp:1264
#14 0x00007fed7fad39f4 in notify_helper (e=0x8ba33a0, receiver=0x42facb0, this=0x25b3b00) at kernel/qapplication.cpp:4467
#15 QApplicationPrivate::notify_helper (this=0x25b3b00, receiver=0x42facb0, e=0x8ba33a0) at kernel/qapplication.cpp:4439
#16 0x00007fed7fad8881 in QApplication::notify (this=0x7fffd6b5aab0, receiver=0x42facb0, e=0x8ba33a0) at kernel/qapplication.cpp:4346
#17 0x00007fed814c6a66 in KApplication::notify (this=0x7fffd6b5aab0, receiver=0x42facb0, event=0x8ba33a0) at ../../kdeui/kernel/kapplication.cpp:311
#18 0x00007fed8071afbc in QCoreApplication::notifyInternal (this=0x7fffd6b5aab0, receiver=0x42facb0, event=0x8ba33a0) at kernel/qcoreapplication.cpp:731
#19 0x00007fed8071e378 in sendEvent (event=0x8ba33a0, receiver=0x42facb0) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:215
#20 QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x7199f10) at kernel/qcoreapplication.cpp:1372
#21 0x00007fed80745663 in sendPostedEvents () at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:220
#22 postEventSourceDispatch (s=<optimized out>) at kernel/qeventdispatcher_glib.cpp:277
#23 0x00007fed7c3364a3 in g_main_dispatch (context=0x42f9420) at /tmp/buildd/glib2.0-2.28.6/./glib/gmain.c:2440
#24 g_main_context_dispatch (context=0x42f9420) at /tmp/buildd/glib2.0-2.28.6/./glib/gmain.c:3013
#25 0x00007fed7c336c80 in g_main_context_iterate (context=0x42f9420, block=1, dispatch=1, self=<optimized out>) at /tmp/buildd/glib2.0-2.28.6/./glib/gmain.c:3091
#26 0x00007fed7c336f1d in g_main_context_iteration (context=0x42f9420, may_block=1) at /tmp/buildd/glib2.0-2.28.6/./glib/gmain.c:3154
#27 0x00007fed80745abf in QEventDispatcherGlib::processEvents (this=0x7d23240, flags=<optimized out>) at kernel/qeventdispatcher_glib.cpp:422
#28 0x00007fed8071a1c2 in QEventLoop::processEvents (this=<optimized out>, flags=...) at kernel/qeventloop.cpp:149
#29 0x00007fed8071a3bf in QEventLoop::exec (this=0x7fed49e28dd0, flags=...) at kernel/qeventloop.cpp:201
#30 0x00007fed806321ef in QThread::exec (this=<optimized out>) at thread/qthread.cpp:492
#31 0x00007fed6050792e in Phonon::Xine::XineThread::run (this=0x7a5bd60) at ../../xine/xinethread.cpp:143
#32 0x00007fed80634c05 in QThreadPrivate::start (arg=0x7a5bd60) at thread/qthread_unix.cpp:320
#33 0x00007fed7ce00b40 in start_thread (arg=<optimized out>) at pthread_create.c:304
#34 0x00007fed7f31036d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#35 0x0000000000000000 in ?? ()

Thread 6 (Thread 0x7fed49424700 (LWP 12016)):
#0  0x00007fed7f305723 in *__GI___poll (fds=<optimized out>, nfds=<optimized out>, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:87
#1  0x00007fed72eccfdf in poll_func (ufds=0x868afe0, nfds=2, timeout=-1, userdata=0x868ad80) at pulse/thread-mainloop.c:75
#2  0x00007fed72ebee56 in pa_mainloop_poll (m=0x868ac80) at pulse/mainloop.c:879
#3  0x00007fed72ebf489 in pa_mainloop_iterate (m=0x868ac80, block=<optimized out>, retval=0x0) at pulse/mainloop.c:961
#4  0x00007fed72ebf540 in pa_mainloop_run (m=0x868ac80, retval=0x0) at pulse/mainloop.c:979
#5  0x00007fed72eccf8f in thread (userdata=0x8689c30) at pulse/thread-mainloop.c:94
#6  0x00007fed721f3a18 in internal_thread_func (userdata=0x868ae30) at pulsecore/thread-posix.c:83
#7  0x00007fed7ce00b40 in start_thread (arg=<optimized out>) at pthread_create.c:304
#8  0x00007fed7f31036d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#9  0x0000000000000000 in ?? ()

Thread 5 (Thread 0x7fed48c23700 (LWP 12017)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:162
#1  0x00007fed5b0a0b0b in fifo_peek_int (blocking=<optimized out>, fifo=<optimized out>) at audio_out.c:348
#2  fifo_peek (fifo=<optimized out>) at audio_out.c:388
#3  ao_loop (this_gen=<optimized out>) at audio_out.c:1015
#4  0x00007fed7ce00b40 in start_thread (arg=<optimized out>) at pthread_create.c:304
#5  0x00007fed7f31036d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#6  0x0000000000000000 in ?? ()

Thread 4 (Thread 0x7fed3fffe700 (LWP 12018)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:162
#1  0x00007fed5b0937db in fifo_buffer_get (fifo=0x89fea90) at buffer.c:230
#2  0x00007fed5b0996ed in video_decoder_loop (stream_gen=<optimized out>) at video_decoder.c:134
#3  0x00007fed7ce00b40 in start_thread (arg=<optimized out>) at pthread_create.c:304
#4  0x00007fed7f31036d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#5  0x0000000000000000 in ?? ()

Thread 3 (Thread 0x7fed3f630700 (LWP 12019)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:162
#1  0x00007fed5b0937db in fifo_buffer_get (fifo=0x7fed440ce0b0) at buffer.c:230
#2  0x00007fed5b09a745 in audio_decoder_loop (stream_gen=<optimized out>) at audio_decoder.c:66
#3  0x00007fed7ce00b40 in start_thread (arg=<optimized out>) at pthread_create.c:304
#4  0x00007fed7f31036d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#5  0x0000000000000000 in ?? ()

Thread 2 (Thread 0x7fed3ee2f700 (LWP 12020)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:162
#1  0x00007fed5b0a3c4b in xine_event_wait (queue=<optimized out>) at events.c:56
#2  listener_loop (queue_gen=<optimized out>) at events.c:214
#3  0x00007fed7ce00b40 in start_thread (arg=<optimized out>) at pthread_create.c:304
#4  0x00007fed7f31036d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#5  0x0000000000000000 in ?? ()

Thread 1 (Thread 0x7fed81ad1760 (LWP 10242)):
#0  0x00007fed7f305723 in *__GI___poll (fds=<optimized out>, nfds=<optimized out>, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:87
#1  0x00007fed7d86cc32 in ?? () from /usr/lib/x86_64-linux-gnu/libxcb.so.1
#2  0x00007fed7d86d17f in ?? () from /usr/lib/x86_64-linux-gnu/libxcb.so.1
#3  0x00007fed7d86d204 in xcb_writev () from /usr/lib/x86_64-linux-gnu/libxcb.so.1
#4  0x00007fed80f777d7 in _XSend () from /usr/lib/x86_64-linux-gnu/libX11.so.6
#5  0x00007fed80f77b49 in _XEventsQueued () from /usr/lib/x86_64-linux-gnu/libX11.so.6
#6  0x00007fed80f684bf in XEventsQueued () from /usr/lib/x86_64-linux-gnu/libX11.so.6
#7  0x00007fed7fb77857 in x11EventSourcePrepare (s=0x25b79d0, timeout=<optimized out>) at kernel/qguieventdispatcher_glib.cpp:77
#8  0x00007fed7c335957 in g_main_context_prepare (context=0x25b6880, priority=0x7fffd6b5a7ac) at /tmp/buildd/glib2.0-2.28.6/./glib/gmain.c:2761
#9  0x00007fed7c336879 in g_main_context_iterate (context=0x25b6880, block=1, dispatch=1, self=<optimized out>) at /tmp/buildd/glib2.0-2.28.6/./glib/gmain.c:3071
#10 0x00007fed7c336f1d in g_main_context_iteration (context=0x25b6880, may_block=1) at /tmp/buildd/glib2.0-2.28.6/./glib/gmain.c:3154
#11 0x00007fed80745abf in QEventDispatcherGlib::processEvents (this=0x24f4c60, flags=<optimized out>) at kernel/qeventdispatcher_glib.cpp:422
#12 0x00007fed7fb779ce in QGuiEventDispatcherGlib::processEvents (this=<optimized out>, flags=<optimized out>) at kernel/qguieventdispatcher_glib.cpp:204
#13 0x00007fed8071a1c2 in QEventLoop::processEvents (this=<optimized out>, flags=...) at kernel/qeventloop.cpp:149
#14 0x00007fed8071a3bf in QEventLoop::exec (this=0x7fffd6b5a900, flags=...) at kernel/qeventloop.cpp:201
#15 0x00007fed8071e567 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1008
#16 0x00007fed7015e1d2 in kdemain (argc=<optimized out>, argv=<optimized out>) at ../../../konqueror/src/konqmain.cpp:219
#17 0x00000000004088fa in launch (argc=2, _name=0x257ba58 "konqueror", args=<optimized out>, cwd=0x257babf "/home/leveret/Documents", envc=<optimized out>, envs=<optimized out>, reset_env=true, tty=0x0, avoid_loops=false, startup_id_str=0x257bfec "0") at ../../kinit/kinit.cpp:746
#18 0x0000000000409956 in handle_launcher_request (sock=<optimized out>, who=<optimized out>) at ../../kinit/kinit.cpp:1238
#19 0x000000000040a08a in handle_requests (waitForPid=0) at ../../kinit/kinit.cpp:1422
#20 0x0000000000405777 in main (argc=4, argv=0x7fff00000001, envp=0x7fffd6b5c530) at ../../kinit/kinit.cpp:1919

Possible duplicates by query: bug 265346, bug 259050, bug 257291.

Reported using DrKonqi

Comment 1 Gérard Talbot (no longer involved) 2011-10-03 03:31:40 UTC

> I right clicked on the top link which is
> http://support.mozilla.com/en-US/kb/Location bar autocomplete.  I chose "open
> new tab" (an operation I do dozens of times per day).

Nick,

Thank you for your bug report.

1-
Please confirm that the top link text is

Location bar autocomplete | How to | Firefox Help

and its href value (when you hover the mouse cursor over it: the status bar reports it) is

http://support.mozilla.com/en-US/kb/Location bar autocomplete

2-
Which rendering engine are you using? KHTML or WebKit?

3-
I can create a testcase for this. 

The link has a mousedown javascript handler attached to it. Chances are this *_may_* cause/trigger the crash.

<a href="http://support.mozilla.com/en-US/kb/Location%20bar%20autocomplete" class=l onmousedown="return rwt(this,'','','','1','AFQjCNFmd70hpgyNbO_2hlG2x_kyTcUNyQ','','0CB4QFjAA')"><em>Location bar</em> autocomplete | How to | Firefox Help</a>

4- Do you have "Open new tabs in background" checkbox checked in your Configure Konqueror/General section?
See help:/kcontrol/khtml-general/index.html

5- 
When I follow your steps, I do not crash.

I am using
KDE Platform version: 4.7.1
Konqueror version: 4.7.1 (KHTML rendering engine)
Qt version: 4.7.2
Operating System: Linux 2.6.38-11-generic-pae i686 (32bits)
Distribution: Kubuntu 11.04
here.

Gérard Talbot

Comment 2 Gérard Talbot (no longer involved) 2011-10-03 03:41:05 UTC

6- Do you crash if you just click on the link?

7- Can you a) clear cache, b) clear history, c) disable javascript debugger and  then, in a single-tab window, do your search and then right-click on that Location bar autocomplete | How to | Firefox Help link and then report back if you still crash?

8- If your search string is

Location bar autocomplete 
(without any quotes)

do you still crash if you click on the top first link which should be the same as your previous search (with link text: Location bar autocomplete | How to | Firefox Help)
?

Gérard

Comment 3 Gérard Talbot (no longer involved) 2011-10-03 04:06:26 UTC

I found the rwt function in a 305 Kilo-Bytes of javascript external file (with the lovely name ZfvMLhmyCDg.js) (among other external files and local functions): a real nightmare!

(function(){window.rwt=function(a,b,n,o,j,e,c,k,f)
{
	try {var g=google.getEI(a);if(a===window) {a=window.event.srcElement;for(g=google.getEI(a);a;){if(a.href)break;a=a.parentNode}} var b=encodeURIComponent||escape,l=google.browser.engine.IE?a.getAttribute("href",2):a.getAttribute("href"),d,h,i;if(google.v6)d=google.v6.src,h=google.v6.complete||google.v6s?2:1,i=(new Date).getTime()-google.v6t,delete google.v6;c&&c.substring(0,6)!="&sig2="&&(c="&sig2="+c);var m=["/url?sa=t&source=",google.sn,"&cd=",b(j),google.j&&google.j.pf?
"&sqi=2":"","&ved=",b(k),"&url=",b(l).replace(/\+/g,"%2B"),"&ei=",g,f?"&authuser="+b(f.toString()):"",d?"&v6u="+b(d)+"&v6s="+h+"&v6t="+i:"",e?"&usg="+e:"",c].join("");a.href=m;a.onmousedown=""}

	catch(p){}

	return true};
})();

Even if I was crashing myself, it would probably take me months to fully understand the intrications of that function with the hundreds of others. The page results of those google pages has thousands of lines of javascript with objects and functions identifiers being 1 or 2 single characters.

Gérard

Comment 4 Nick Leverton 2011-10-04 10:38:23 UTC

Created attachment 64195 [details]
Backtrace of the crash on a newly created user.

Comment 5 Nick Leverton 2011-10-04 10:40:03 UTC

Hi,

I've narrowed it down quite a bit, sorry that I didn't try this before uploading the original drkonqui report.

Running on a newly created user with no existing history and all KDE settings as default, the crash still occurs.  It's not related to tabbed browsing it seems.  Konqueror crashes whilst loading and partially rendering the page <http://support.mozilla.com/en-US/kb/Location%20bar%20autocomplete>

I'll attach another backtrace from this test, in case it's clearer than the previous one.

Comment 6 Christoph Feck 2011-11-07 15:21:48 UTC


*** This bug has been marked as a duplicate of bug 227837 ***