Bug 333432 - Race condition in keyboard navigation while loading next page
Summary: Race condition in keyboard navigation while loading next page
Status: RESOLVED WORKSFORME
Alias: None
Product: kwebkitpart
Classification: Frameworks and Libraries
Component: general (show other bugs)
Version: unspecified
Platform: Debian unstable Linux
: NOR crash
Target Milestone: ---
Assignee: webkit-devel
URL:
Keywords: drkonqi
Depends on:
Blocks:
 
Reported: 2014-04-14 22:58 UTC by Dominik George
Modified: 2018-10-31 14:47 UTC (History)
3 users (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Dominik George 2014-04-14 22:58:25 UTC 
Application: konqueror (4.11.5)
KDE Platform Version: 4.11.5
Qt Version: 4.8.6
Operating System: Linux 3.13-1-amd64 x86_64
Distribution: Debian GNU/Linux unstable (sid)

-- Information about the crash:
- What I was doing when the application crashed:

Pressing the Ctrl key shows keyboard shortcuts for all links on the page. In a dynamic menu, hovering over the top level menu items reveals a submenu with more links (e.g. https://www.teckids.org), and clicking the link leads to a submenu page. Now doing the following leads to a situation where invalid links are referenced:

1. Press Ctrl to activate keyboard navigation
2. Press the key for a toplevel menu item that has a submenu
3. After the submenu opens and before the next page loads, press Ctrl again
4. Wait for the next page to load

The keyboard shortcuts for the submenu items will remain active, pressing one of the keys denoted by them will reference an invisible link (the submenu is not active on the newly loaded page) and crash Konqueror.

-- Backtrace:
Application: Konqueror (konqueror), signal: Segmentation fault
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[Current thread is 1 (Thread 0x7fd593145780 (LWP 3430))]

Thread 3 (Thread 0x7fd57711f700 (LWP 3899)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
#1  0x00007fd56f5cb7d2 in WTF::TCMalloc_PageHeap::scavengerThread (this=<optimized out>) at wtf/FastMalloc.cpp:2499
#2  0x00007fd56f5cb809 in WTF::TCMalloc_PageHeap::runScavengerThread (context=<optimized out>) at wtf/FastMalloc.cpp:1622
#3  0x00007fd58bd5e062 in start_thread (arg=0x7fd57711f700) at pthread_create.c:312
#4  0x00007fd5929a5a3d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 2 (Thread 0x7fd56df58700 (LWP 3900)):
#0  0x00007fd592998f3d in read () at ../sysdeps/unix/syscall-template.S:81
#1  0x00007fd58b8bec20 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007fd58b87db14 in g_main_context_check () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007fd58b87df7b in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#4  0x00007fd58b87e0ec in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#5  0x00007fd58f5b4746 in QEventDispatcherGlib::processEvents (this=0x7fd5700031e0, flags=...) at kernel/qeventdispatcher_glib.cpp:427
#6  0x00007fd58f5860bf in QEventLoop::processEvents (this=this@entry=0x7fd56df57e60, flags=...) at kernel/qeventloop.cpp:149
#7  0x00007fd58f5863b5 in QEventLoop::exec (this=this@entry=0x7fd56df57e60, flags=...) at kernel/qeventloop.cpp:204
#8  0x00007fd58f482c5f in QThread::exec (this=<optimized out>) at thread/qthread.cpp:537
#9  0x00007fd58f48532f in QThreadPrivate::start (arg=0x4313a50) at thread/qthread_unix.cpp:349
#10 0x00007fd58bd5e062 in start_thread (arg=0x7fd56df58700) at pthread_create.c:312
#11 0x00007fd5929a5a3d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 1 (Thread 0x7fd593145780 (LWP 3430)):
[KCrash Handler]
#6  QWebFrame::scrollPosition (this=this@entry=0x0) at Api/qwebframe.cpp:1179
#7  0x00007fd576301af8 in WebView::checkForAccessKey (this=this@entry=0x272b040, event=event@entry=0x7fff182a3cf0) at ../../src/webview.cpp:849
#8  0x00007fd576301e2b in WebView::keyPressEvent (this=0x272b040, e=0x7fff182a3cf0) at ../../src/webview.cpp:266
#9  0x00007fd58ffdcb64 in QWidget::event (this=this@entry=0x272b040, event=event@entry=0x7fff182a3cf0) at kernel/qwidget.cpp:8422
#10 0x00007fd56ed6b358 in QWebView::event (this=0x272b040, e=0x7fff182a3cf0) at Api/qwebview.cpp:865
#11 0x00007fd58ff8d6cc in QApplicationPrivate::notify_helper (this=this@entry=0x21e49a0, receiver=receiver@entry=0x272b040, e=e@entry=0x7fff182a3cf0) at kernel/qapplication.cpp:4567
#12 0x00007fd58ff94f91 in QApplication::notify (this=this@entry=0x7fff182a4820, receiver=receiver@entry=0x272b040, e=e@entry=0x7fff182a3cf0) at kernel/qapplication.cpp:4008
#13 0x00007fd590caf48a in KApplication::notify (this=0x7fff182a4820, receiver=0x272b040, event=0x7fff182a3cf0) at ../../kdeui/kernel/kapplication.cpp:311
#14 0x00007fd58f5874ed in QCoreApplication::notifyInternal (this=0x7fff182a4820, receiver=receiver@entry=0x272b040, event=event@entry=0x7fff182a3cf0) at kernel/qcoreapplication.cpp:953
#15 0x00007fd58ff8c066 in sendSpontaneousEvent (event=event@entry=0x7fff182a3cf0, receiver=receiver@entry=0x272b040) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:234
#16 qt_sendSpontaneousEvent (receiver=receiver@entry=0x272b040, event=event@entry=0x7fff182a3cf0) at kernel/qapplication.cpp:5565
#17 0x00007fd590028bb7 in QKeyMapper::sendKeyEvent (keyWidget=keyWidget@entry=0x272b040, grab=grab@entry=false, type=QEvent::KeyPress, code=70, modifiers=..., text=..., autorepeat=autorepeat@entry=false, count=1, nativeScanCode=41, nativeVirtualKey=102, nativeModifiers=0) at kernel/qkeymapper_x11.cpp:1866
#18 0x00007fd590028f59 in QKeyMapperPrivate::translateKeyEvent (this=0x22311e0, keyWidget=keyWidget@entry=0x272b040, event=event@entry=0x7fff182a4270, grab=grab@entry=false) at kernel/qkeymapper_x11.cpp:1836
#19 0x00007fd5900040bf in QApplication::x11ProcessEvent (this=0x7fff182a4820, event=event@entry=0x7fff182a4270) at kernel/qapplication_x11.cpp:3556
#20 0x00007fd59002b6c2 in x11EventSourceDispatch (s=0x21de890, callback=0x0, user_data=0x0) at kernel/qguieventdispatcher_glib.cpp:146
#21 0x00007fd58b87de04 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#22 0x00007fd58b87e048 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#23 0x00007fd58b87e0ec in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#24 0x00007fd58f5b4725 in QEventDispatcherGlib::processEvents (this=0x21a3af0, flags=...) at kernel/qeventdispatcher_glib.cpp:425
#25 0x00007fd59002b776 in QGuiEventDispatcherGlib::processEvents (this=<optimized out>, flags=...) at kernel/qguieventdispatcher_glib.cpp:204
#26 0x00007fd58f5860bf in QEventLoop::processEvents (this=this@entry=0x7fff182a4640, flags=...) at kernel/qeventloop.cpp:149
#27 0x00007fd58f5863b5 in QEventLoop::exec (this=this@entry=0x7fff182a4640, flags=...) at kernel/qeventloop.cpp:204
#28 0x00007fd58f58bb89 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1225
#29 0x00007fd58ff8be8c in QApplication::exec () at kernel/qapplication.cpp:3828
#30 0x00007fd592d2d4ae in kdemain (argc=<optimized out>, argv=<optimized out>) at ../../../konqueror/src/konqmain.cpp:227
#31 0x00007fd5928e1b45 in __libc_start_main (main=0x4006d0 <main(int, char**)>, argc=2, argv=0x7fff182a49c8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fff182a49b8) at libc-start.c:287
#32 0x00000000004006fe in _start ()

Reported using DrKonqi
Comment 1 Dominik George 2014-04-14 23:04:11 UTC 
Ok, it is even easier. Just navigate alink using the keyboard shortcut, then press trl again before the next page starts to render.

The submenu thing has nothing to do with it.
Comment 2 Dominik George 2014-04-18 08:36:50 UTC 
Tracked in Debian at: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=745124
Comment 3 Dawit Alemayehu 2014-06-14 21:27:55 UTC 
I cannot reproduce the crash here.
Comment 4 Andrew Crouthamel 2018-10-31 04:02:00 UTC 
Dear Bug Submitter,

This bug has been stagnant for a long time. Could you help us out and re-test if the bug is valid in the latest version? I am setting the status to NEEDSINFO pending your response, please change the Status back to REPORTED when you respond.

Thank you for helping us make KDE software even better for everyone!
Comment 5 Dominik George 2018-10-31 09:35:16 UTC 
It seems the keyboard navigation feature has been removed from Konqueror?
Comment 6 Andrew Crouthamel 2018-10-31 14:47:24 UTC 
Thanks for the update!