Bug 29420

Summary: [Qt] On Linux, the demo browser crashes on some system when Adobe Flash is enabled
Product: WebKit Reporter: Tor Arne Vestbø <vestbo>
Component: Plug-insAssignee: QtWebKit Unassigned <webkit-qt-unassigned>
Status: RESOLVED INVALID    
Severity: Critical CC: jturcotte, kenneth, kling
Priority: P2 Keywords: Qt
Version: 528+ (Nightly build)   
Hardware: Other   
OS: Linux   
Bug Depends on:    
Bug Blocks: 35962    
Attachments:
Description Flags
Formated backtrace none

Description Tor Arne Vestbø 2009-09-18 07:38:12 PDT 
This bug report originated from issue QTBUG-3973
<http://bugreports.qt.nokia.com/browse/QTBUG-3973>

--- Description ---

On some Linux system, the demo browser crashes when Adobe Flash is enabled.

Here it the backtrace of the crash:
address=0x7fd78c4b79f0) at tools/qmutexpool.cpp:141
mo_name=0x7fd78c0fc4f0 "QMotifStyle", func=0x7fd78c03b244 
<QMotifStyle::staticMetaObject()>) at kernel/qmetaobject.cpp:1209
(__initialize_p=1, __priority=65535) at 
.moc/debug-shared-mt/moc_qmotifstyle.cpp:28
moc_qmotifstyle.cpp () at .moc/debug-shared-mt/moc_qmotifstyle.cpp:91
/usr/qt/3/lib/libqt-mt.so.3
/usr/lib64/gtk-2.0/2.10.0/engines/libqtengine.so
argv=0x7fffb09a74f8, env=0xfbb190) at dl-init.c:70
argv=0x7fffb09a74f8, env=0xfbb190) at dl-init.c:134
dl-open.c:516
errstring=0x7fffb09a12e8, mallocedp=0x7fffb09a12ff, 
operate=0x7fd7a879e980 <dl_open_worker>, args=0x7fffb09a12a0) at 
dl-error.c:178
"/usr/lib64/gtk-2.0/2.10.0/engines/libqtengine.so", mode=-2147483647, 
caller_dlopen=0x7fd791e1aca3, nsid=-2, argc=1, argv=0x7fffb09a74f8, 
env=0xfbb190) at dl-open.c:596
dlopen.c:67
errstring=0xf77018, mallocedp=0xf77008, operate=0x7fd7a3313f50 
<dlopen_doit>, args=0x7fffb09a14c0) at dl-error.c:178
<dlopen_doit>, args=0x7fffb09a14c0) at dlerror.c:164
mode=<value optimized out>) at dlopen.c:88
"/usr/lib64/gtk-2.0/2.10.0/engines/libqtengine.so", 
flags=G_MODULE_BIND_MASK) at gmodule-dl.c:99
gtkthemes.c:80
gtypemodule.c:257
"qtengine") at gtkthemes.c:181
scanner=0x1293f50) at gtkrc.c:3665
input_name=<value optimized out>, input_fd=<value optimized out>, 
input_string=<value optimized out>) at gtkrc.c:2908
(context=0x195a300, filename=0x1293e70 
"/usr/share/themes/Qt/gtk-2.0/gtkrc", priority=<value optimized out>, 
reload=<value optimized out>) at gtkrc.c:1022
input_name=<value optimized out>, input_fd=<value optimized out>, 
input_string=<value optimized out>) at gtkrc.c:2876
(context=0x195a300, filename=0x1715550 "/home/user/.gtkrc-2.0-kde", 
priority=<value optimized out>, reload=<value optimized out>) at 
gtkrc.c:1022
(settings=<value optimized out>, force_load=1) at gtkrc.c:851
(screen=0x1cee0c0) at gtksettings.c:1006
optimized out>) at gtype.c:1674
n_construct_properties=2353756656, construct_params=0x100000080) at 
gobject.c:1334
n_parameters=<value optimized out>, parameters=<value optimized out>) at 
gobject.c:1211
first_property_name=0x0, var_args=0x7fffb09a1ea0) at gobject.c:1274
first_property_name=0x0) at gobject.c:1056
gtkwidget.c:6344
gtkwidget.c:2659
optimized out>) at gtype.c:1666
n_construct_properties=2353756656, construct_params=0x100000080) at 
gobject.c:1334
n_parameters=<value optimized out>, parameters=<value optimized out>) at 
gobject.c:1211
first_property_name=0x0, var_args=0x7fffb09a2390) at gobject.c:1274
first_property_name=0x0) at gobject.c:1056
(display=0x207c0d0, socket_id=62914679) at gtkplug.c:528
(this=0x1d53cf0, rect=@0x7fffb09a2560) at plugins/qt/PluginViewQt.cpp:188
plugins/qt/PluginViewQt.cpp:484
child=0x1d53cf0) at platform/ScrollView.cpp:65
(this=0x132e670, widget=0x1d53cf0) at rendering/RenderWidget.cpp:147
(this=0x132e670, widget=0x1d53cf0) at rendering/RenderPart.cpp:64
(this=0x1117908, renderer=0x132e670, url=@0x7fffb09a2770, 
mimeType=@0x7fffb09a2ab0, paramNames=@0x7fffb09a2a10, 
paramValues=@0x7fffb09a29f0, useFallback=false) at 
loader/FrameLoader.cpp:1753
(this=0x1117908, renderer=0x132e670, url=@0x7fffb09a2ac0, 
frameName=@0x7fffb09a2a40, mimeType=@0x7fffb09a2ab0, 
paramNames=@0x7fffb09a2a10, paramValues=@0x7fffb09a29f0) at 
loader/FrameLoader.cpp:1701
(this=0x132e670, onlyCreateNonNetscapePlugins=false) at 
rendering/RenderPartObject.cpp:245
(this=0x14d74b0) at page/FrameView.cpp:999
optimized out>, allowSubtree=208) at page/FrameView.cpp:617
WebCore::Document::updateLayoutIgnorePendingStylesheets (this=0x12d5300) 
at dom/Document.cpp:1250
WebCore::HTMLObjectElement::renderWidgetForJSBindings (this=0x1bc4ae0) 
at html/HTMLObjectElement.cpp:64
(this=0x7fd78c4b79f0) at html/HTMLPlugInElement.cpp:85
bindings/js/JSPluginElementFunctions.cpp:50
node=0x7fd78c4b79f0) at bindings/js/JSPluginElementFunctions.cpp:58
(exec=0xf5a190, propertyName=@0x1202a50, slot=@0x100000080, 
element=0xfbb190) at bindings/js/JSPluginElementFunctions.cpp:84
WebCore::JSHTMLObjectElement::getOwnPropertySlot (this=0x7fd7a87de980, 
exec=0x7fd79c50abb8, propertyName=@0x1202a50, slot=@0x7fffb09a3160) at 
generated/JSHTMLObjectElement.cpp:165
(this=0x11f6960, flag=<value optimized out>, registerFile=0x11f6980, 
callFrame=0x7fd79c50abb8, exception=0x11f5f90) at 
../JavaScriptCore/runtime/JSObject.h:331
functionBodyNode=<value optimized out>, callFrame=0x7fd79c50a351, 
function=0x7fd7a87d7100, thisObj=<value optimized out>, args=<value 
optimized out>, scopeChain=0x1d2b080, exception=0x11f5f90)
    at ../JavaScriptCore/interpreter/Interpreter.cpp:975
exec=0x7fd79c50a350, thisValue=<value optimized out>, 
args=@0x7fffb09a3a00) at ../JavaScriptCore/runtime/JSFunction.cpp:82
functionObject={m_ptr = 0x7fffb09a0d40}, callType=<value optimized out>, 
callData=@0x7fd78bf64000, thisValue={m_ptr = 0x0}, args=@0xfbb190) at 
../JavaScriptCore/runtime/CallData.cpp:39
thisValue={m_ptr = 0x7fd7a87d7100}, args=@0x7fffb09a3de0) at 
../JavaScriptCore/runtime/FunctionPrototype.cpp:133
(this=0x11f6960, flag=<value optimized out>, registerFile=0x11f6980, 
callFrame=0x7fd79c50a2d8, exception=0x11f5f90) at 
../JavaScriptCore/interpreter/Interpreter.cpp:3371
functionBodyNode=<value optimized out>, callFrame=0x7fd79c50a291, 
function=0x7fd7a87d7000, thisObj=<value optimized out>, args=<value 
optimized out>, scopeChain=0x17b9530, exception=0x11f5f90)
---Type <return> to continue, or q <return> to quit---
    at ../JavaScriptCore/interpreter/Interpreter.cpp:975
exec=0x7fd79c50a290, thisValue=<value optimized out>, 
args=@0x7fffb09a4780) at ../JavaScriptCore/runtime/JSFunction.cpp:82
functionObject={m_ptr = 0x7fffb09a0d40}, callType=<value optimized out>, 
callData=@0x7fd78bf64000, thisValue={m_ptr = 0x0}, args=@0xfbb190) at 
../JavaScriptCore/runtime/CallData.cpp:39
thisValue={m_ptr = 0x7fd7a87d7000}, args=@0x7fffb09a4b60) at 
../JavaScriptCore/runtime/FunctionPrototype.cpp:133
(this=0x11f6960, flag=<value optimized out>, registerFile=0x11f6980, 
callFrame=0x7fd79c50a228, exception=0x11f5f90) at 
../JavaScriptCore/interpreter/Interpreter.cpp:3371
functionBodyNode=<value optimized out>, callFrame=0x7fd79c50a1c9, 
function=0x7fd79c3edb80, thisObj=<value optimized out>, args=<value 
optimized out>, scopeChain=0x13fd000, exception=0x11f5f90)
    at ../JavaScriptCore/interpreter/Interpreter.cpp:975
exec=0x7fd79c50a1c8, thisValue=<value optimized out>, 
args=@0x7fffb09a5500) at ../JavaScriptCore/runtime/JSFunction.cpp:82
functionObject={m_ptr = 0x7fffb09a0d40}, callType=<value optimized out>, 
callData=@0x7fd78bf64000, thisValue={m_ptr = 0x0}, args=@0xfbb190) at 
../JavaScriptCore/runtime/CallData.cpp:39
thisValue={m_ptr = 0x7fd79c3edb80}, args=@0x7fffb09a58e0) at 
../JavaScriptCore/runtime/FunctionPrototype.cpp:133
(this=0x11f6960, flag=<value optimized out>, registerFile=0x11f6980, 
callFrame=0x7fd79c50a0f8, exception=0x11f5f90) at 
../JavaScriptCore/interpreter/Interpreter.cpp:3371
functionBodyNode=<value optimized out>, callFrame=0x1927489, 
function=0x7fd78e6c4980, thisObj=<value optimized out>, args=<value 
optimized out>, scopeChain=0x146f180, exception=0x11f5f90)
    at ../JavaScriptCore/interpreter/Interpreter.cpp:975
exec=0x1927488, thisValue=<value optimized out>, args=@0x7fffb09a62c0) 
at ../JavaScriptCore/runtime/JSFunction.cpp:82
functionObject={m_ptr = 0x7fffb09a0d40}, callType=<value optimized out>, 
callData=@0x7fd78bf64000, thisValue={m_ptr = 0x0}, args=@0xfbb190) at 
../JavaScriptCore/runtime/CallData.cpp:39
(this=0x13bc8f0, event=0x16f7000, isWindowEvent=false) at 
bindings/js/JSEventListener.cpp:115
(this=<value optimized out>, event=0x16f7000, useCapture=false) at 
dom/EventTargetNode.cpp:219
(this=0x12d5300, prpEvent=<value optimized out>, ec=<value optimized 
out>) at dom/EventTargetNode.cpp:340
(this=0x12d5300, e=<value optimized out>, ec=@0x7fffb09a650c) at 
dom/EventTargetNode.cpp:273
(this=0x12d5300) at dom/Document.cpp:3899
optimized out>, str=<value optimized out>, appendData=<value optimized 
out>) at html/HTMLTokenizer.cpp:1768
(this=0x194d310) at html/HTMLTokenizer.cpp:2012
(this=0x12d5300) at dom/Document.cpp:2168
(this=0x1599b60) at html/HTMLStyleElement.cpp:101
(this=0x13ceb80) at css/CSSStyleSheet.cpp:185
(this=0x12abde0, url=<value optimized out>, charset=<value optimized 
out>, sheet=0x120d7a0) at css/CSSImportRule.cpp:67
(this=0x120d7a0) at loader/CachedCSSStyleSheet.cpp:116
(this=0x120d7a0, data=<value optimized out>, allDataReceived=<value 
optimized out>) at loader/CachedCSSStyleSheet.cpp:104
(this=0x1d00390, loader=0x18b85d0) at loader/loader.cpp:301
(this=0x18b85d0) at loader/SubresourceLoader.cpp:183
(this=0x109ab00) at platform/network/qt/QNetworkReplyHandler.cpp:224
(this=0x109ab00, _c=QMetaObject::InvokeMetaMethod, _id=944, _a=<value 
optimized out>) at .moc/debug-shared/moc_QNetworkReplyHandler.cpp:69
at kernel/qobject.cpp:1106
(this=0xf59cd0, receiver=0x109ab00, e=0x1768dd0) at 
kernel/qapplication.cpp:4084
receiver=0x109ab00, e=0x1768dd0) at kernel/qapplication.cpp:4049
(this=0x7fffb09a73e0, receiver=0x109ab00, event=0x1768dd0) at 
kernel/qcoreapplication.cpp:598
(receiver=0x0, event_type=0, data=0xf59700) at kernel/qcoreapplication.h:213
out>) at kernel/qcoreapplication.h:218
(context=0xf5d040) at gmain.c:2144
block=1, dispatch=1, self=<value optimized out>) at gmain.c:2778
(context=0xf5d040, may_block=1) at gmain.c:2841
(this=0xf5a640, flags=<value optimized out>) at 
kernel/qeventdispatcher_glib.cpp:323
(this=0xf5a190, flags=<value optimized out>) at 
kernel/qguieventdispatcher_glib.cpp:202
optimized out>, flags={i = -1332055232}) at kernel/qeventloop.cpp:149
flags={i = -1332055152}) at kernel/qeventloop.cpp:196
kernel/qcoreapplication.cpp:880
main.cpp:51
Comment 1 Jocelyn Turcotte 2009-10-08 09:31:35 PDT 
Created attachment 40879 [details]
Formated backtrace

By looking at the backtrace, dynamic library libqtengine.so seems to crash while loaded from GTK inside libflashplayer.so.
Comment 2 Kenneth Rohde Christiansen 2009-10-18 09:31:59 PDT 
If you set your Qt theme to Gtk, and the Gtk theme to Qt, it will end up in an infinite loop. Maybe that is what is going on here, or something similar?

Jocelyn, try talking to Jens Bache, as he might have some ideas.
Comment 3 Andreas Kling 2010-04-07 06:27:37 PDT 
Cannot reproduce, needs testcase.