Bug 192380

Summary: khtml crash by browsing http://ofono.org
Product: [Applications] konqueror Reporter: Thiago Macieira <thiago>
Component: khtmlAssignee: Konqueror Developers <konq-bugs>
Status: RESOLVED FIXED    
Severity: crash CC: andresbajotierra, gregor.rosenauer, maksim, paul, Tanktalus
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Unlisted Binaries   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: The testcase

Description Thiago Macieira 2009-05-12 00:01:56 UTC 
Application that crashed: konqueror
Version of the application: 4.2.71 (KDE 4.2.71 (KDE 4.3 >= 20090428))
KDE Version: 4.2.85 (KDE 4.2.85 (KDE 4.3 Beta1))
Qt Version: 4.5.2
Operating System: Linux 2.6.29.1-tmb-laptop-3mdv i686
Distribution: "Mandriva Linux 2009.1"

What I was doing when the application crashed:
Just load the website. Before it finishes loading, it crashes with the backtrace below.

 -- Backtrace:
Application: Konqueror (konqueror), signal: Segmentation fault
[Current thread is 1 (Thread 0xb5b84ac0 (LWP 32535))]

Thread 2 (Thread 0xb093ab90 (LWP 32540)):
#0  0xffffe424 in __kernel_vsyscall ()
#1  0xb6273f72 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/i686/libpthread.so.0
#2  0xb7e9f934 in pthread_cond_timedwait () from /lib/i686/libc.so.6
#3  0xb6f6f1ea in QWaitConditionPrivate::wait (this=0x8b37560, time=30000) at /home/thiago/src/troll/qt-4.5/src/corelib/thread/qwaitcondition_unix.cpp:85
#4  0xb6f6ed03 in QWaitCondition::wait (this=0x8b374c0, mutex=0x8b374bc, time=30000) at /home/thiago/src/troll/qt-4.5/src/corelib/thread/qwaitcondition_unix.cpp:159
#5  0xb6f5fa88 in QThreadPoolThread::run (this=0x8a73ec0) at /home/thiago/src/troll/qt-4.5/src/corelib/concurrent/qthreadpool.cpp:140
#6  0xb6f6e7a8 in QThreadPrivate::start (arg=0x8a73ec0) at /home/thiago/src/troll/qt-4.5/src/corelib/thread/qthread_unix.cpp:188
#7  0xb6270315 in start_thread () from /lib/i686/libpthread.so.0
#8  0xb7e9225e in clone () from /lib/i686/libc.so.6

Thread 1 (Thread 0xb5b84ac0 (LWP 32535)):
[KCrash Handler]
#6  0x00000000 in ?? ()
#7  0xb217aba7 in khtml::InlineBox::root (this=0x9046a20) at /home/tmacieir/src/kde4/KDE/kdelibs/khtml/rendering/render_line.cpp:175
#8  0xb217aefd in khtml::InlineFlowBox::removeFromLine (this=0x9046a20, child=0x9046ab8) at /home/tmacieir/src/kde4/KDE/kdelibs/khtml/rendering/render_line.cpp:226
#9  0xb217a669 in khtml::InlineBox::remove (this=0x9046ab8) at /home/tmacieir/src/kde4/KDE/kdelibs/khtml/rendering/render_line.cpp:76
#10 0xb212d15b in khtml::RenderText::detach (this=0x8b76378) at /home/tmacieir/src/kde4/KDE/kdelibs/khtml/rendering/render_text.cpp:722
#11 0xb203c4ce in DOM::NodeImpl::detach (this=0x8fd13e0) at /home/tmacieir/src/kde4/KDE/kdelibs/khtml/xml/dom_nodeimpl.cpp:973
#12 0xb203ed6b in DOM::NodeBaseImpl::detach (this=0x8c7cd68) at /home/tmacieir/src/kde4/KDE/kdelibs/khtml/xml/dom_nodeimpl.cpp:1834
#13 0xb204afaf in DOM::ElementImpl::detach (this=0x8c7cd68) at /home/tmacieir/src/kde4/KDE/kdelibs/khtml/xml/dom_elementimpl.cpp:862
#14 0xb204b35d in DOM::ElementImpl::recalcStyle (this=0x8c7cd68, change=DOM::NodeImpl::Force) at /home/tmacieir/src/kde4/KDE/kdelibs/khtml/xml/dom_elementimpl.cpp:936
#15 0xb209b8a5 in DOM::HTMLElementImpl::recalcStyle (this=0x8c7cd68, ch=DOM::NodeImpl::Force) at /home/tmacieir/src/kde4/KDE/kdelibs/khtml/html/html_elementimpl.cpp:270
#16 0xb204b49b in DOM::ElementImpl::recalcStyle (this=0x8ef04a8, change=DOM::NodeImpl::Force) at /home/tmacieir/src/kde4/KDE/kdelibs/khtml/xml/dom_elementimpl.cpp:967
#17 0xb209b8a5 in DOM::HTMLElementImpl::recalcStyle (this=0x8ef04a8, ch=DOM::NodeImpl::Force) at /home/tmacieir/src/kde4/KDE/kdelibs/khtml/html/html_elementimpl.cpp:270
#18 0xb204b49b in DOM::ElementImpl::recalcStyle (this=0x8c81918, change=DOM::NodeImpl::Force) at /home/tmacieir/src/kde4/KDE/kdelibs/khtml/xml/dom_elementimpl.cpp:967
#19 0xb209b8a5 in DOM::HTMLElementImpl::recalcStyle (this=0x8c81918, ch=DOM::NodeImpl::Force) at /home/tmacieir/src/kde4/KDE/kdelibs/khtml/html/html_elementimpl.cpp:270
#20 0xb204b49b in DOM::ElementImpl::recalcStyle (this=0x8cc45d8, change=DOM::NodeImpl::Force) at /home/tmacieir/src/kde4/KDE/kdelibs/khtml/xml/dom_elementimpl.cpp:967
#21 0xb209b8a5 in DOM::HTMLElementImpl::recalcStyle (this=0x8cc45d8, ch=DOM::NodeImpl::Force) at /home/tmacieir/src/kde4/KDE/kdelibs/khtml/html/html_elementimpl.cpp:270
#22 0xb204b49b in DOM::ElementImpl::recalcStyle (this=0x8edf2f8, change=DOM::NodeImpl::Force) at /home/tmacieir/src/kde4/KDE/kdelibs/khtml/xml/dom_elementimpl.cpp:967
#23 0xb209b8a5 in DOM::HTMLElementImpl::recalcStyle (this=0x8edf2f8, ch=DOM::NodeImpl::Force) at /home/tmacieir/src/kde4/KDE/kdelibs/khtml/html/html_elementimpl.cpp:270
#24 0xb204b49b in DOM::ElementImpl::recalcStyle (this=0x8b87d28, change=DOM::NodeImpl::Force) at /home/tmacieir/src/kde4/KDE/kdelibs/khtml/xml/dom_elementimpl.cpp:967
#25 0xb209b8a5 in DOM::HTMLElementImpl::recalcStyle (this=0x8b87d28, ch=DOM::NodeImpl::Force) at /home/tmacieir/src/kde4/KDE/kdelibs/khtml/html/html_elementimpl.cpp:270
#26 0xb204b49b in DOM::ElementImpl::recalcStyle (this=0x8fcc8e0, change=DOM::NodeImpl::Force) at /home/tmacieir/src/kde4/KDE/kdelibs/khtml/xml/dom_elementimpl.cpp:967
#27 0xb209b8a5 in DOM::HTMLElementImpl::recalcStyle (this=0x8fcc8e0, ch=DOM::NodeImpl::Force) at /home/tmacieir/src/kde4/KDE/kdelibs/khtml/html/html_elementimpl.cpp:270
#28 0xb204b49b in DOM::ElementImpl::recalcStyle (this=0x8cb2ca0, change=DOM::NodeImpl::Force) at /home/tmacieir/src/kde4/KDE/kdelibs/khtml/xml/dom_elementimpl.cpp:967
#29 0xb209b8a5 in DOM::HTMLElementImpl::recalcStyle (this=0x8cb2ca0, ch=DOM::NodeImpl::Force) at /home/tmacieir/src/kde4/KDE/kdelibs/khtml/html/html_elementimpl.cpp:270
#30 0xb204b49b in DOM::ElementImpl::recalcStyle (this=0x8cc5420, change=DOM::NodeImpl::Force) at /home/tmacieir/src/kde4/KDE/kdelibs/khtml/xml/dom_elementimpl.cpp:967
#31 0xb209b8a5 in DOM::HTMLElementImpl::recalcStyle (this=0x8cc5420, ch=DOM::NodeImpl::Force) at /home/tmacieir/src/kde4/KDE/kdelibs/khtml/html/html_elementimpl.cpp:270
#32 0xb204b49b in DOM::ElementImpl::recalcStyle (this=0x8cc54b0, change=DOM::NodeImpl::Force) at /home/tmacieir/src/kde4/KDE/kdelibs/khtml/xml/dom_elementimpl.cpp:967
#33 0xb209b8a5 in DOM::HTMLElementImpl::recalcStyle (this=0x8cc54b0, ch=DOM::NodeImpl::Force) at /home/tmacieir/src/kde4/KDE/kdelibs/khtml/html/html_elementimpl.cpp:270
#34 0xb204b49b in DOM::ElementImpl::recalcStyle (this=0x8fb62e0, change=DOM::NodeImpl::Force) at /home/tmacieir/src/kde4/KDE/kdelibs/khtml/xml/dom_elementimpl.cpp:967
#35 0xb209b8a5 in DOM::HTMLElementImpl::recalcStyle (this=0x8fb62e0, ch=DOM::NodeImpl::Force) at /home/tmacieir/src/kde4/KDE/kdelibs/khtml/html/html_elementimpl.cpp:270
#36 0xb204b49b in DOM::ElementImpl::recalcStyle (this=0x8f83a40, change=DOM::NodeImpl::Force) at /home/tmacieir/src/kde4/KDE/kdelibs/khtml/xml/dom_elementimpl.cpp:967
#37 0xb209b8a5 in DOM::HTMLElementImpl::recalcStyle (this=0x8f83a40, ch=DOM::NodeImpl::NoChange) at /home/tmacieir/src/kde4/KDE/kdelibs/khtml/html/html_elementimpl.cpp:270
#38 0xb204b49b in DOM::ElementImpl::recalcStyle (this=0x8b86c68, change=DOM::NodeImpl::NoChange) at /home/tmacieir/src/kde4/KDE/kdelibs/khtml/xml/dom_elementimpl.cpp:967
#39 0xb209b8a5 in DOM::HTMLElementImpl::recalcStyle (this=0x8b86c68, ch=DOM::NodeImpl::NoChange) at /home/tmacieir/src/kde4/KDE/kdelibs/khtml/html/html_elementimpl.cpp:270
#40 0xb2028eac in DOM::DocumentImpl::recalcStyle (this=0x87d6f20, change=DOM::NodeImpl::NoChange) at /home/tmacieir/src/kde4/KDE/kdelibs/khtml/xml/dom_docimpl.cpp:1448
#41 0xb2028fa7 in DOM::DocumentImpl::updateRendering (this=0x87d6f20) at /home/tmacieir/src/kde4/KDE/kdelibs/khtml/xml/dom_docimpl.cpp:1477
#42 0xb202900f in DOM::DocumentImpl::updateDocumentsRendering () at /home/tmacieir/src/kde4/KDE/kdelibs/khtml/xml/dom_docimpl.cpp:1490
#43 0xb2265dd4 in KJS::Window::afterScriptExecution (this=0xb0000000) at /home/tmacieir/src/kde4/KDE/kdelibs/khtml/ecma/kjs_window.cpp:1265
#44 0xb228d0fb in KJS::JSEventListener::handleEvent (this=0x8f00860, evt=@0xbff487e4) at /home/tmacieir/src/kde4/KDE/kdelibs/khtml/ecma/kjs_events.cpp:119
#45 0xb203b9fa in DOM::NodeImpl::handleLocalEvents (this=0x87d6f2c, evt=0x8c49cd8, useCapture=false) at /home/tmacieir/src/kde4/KDE/kdelibs/khtml/xml/dom_nodeimpl.cpp:716
#46 0xb203ab5c in DOM::NodeImpl::dispatchGenericEvent (this=0x87d6f2c, evt=0x8c49cd8) at /home/tmacieir/src/kde4/KDE/kdelibs/khtml/xml/dom_nodeimpl.cpp:501
#47 0xb203af80 in DOM::NodeImpl::dispatchWindowEvent (this=0x87d6f2c, _id=36, canBubbleArg=false, cancelableArg=false) at /home/tmacieir/src/kde4/KDE/kdelibs/khtml/xml/dom_nodeimpl.cpp:566
#48 0xb1fc2e1c in KHTMLPart::slotFinishedParsing (this=0x8a42108) at /home/tmacieir/src/kde4/KDE/kdelibs/khtml/khtml_part.cpp:2207
#49 0xb1fe23f6 in KHTMLPart::qt_metacall (this=0x8a42108, _c=QMetaObject::InvokeMetaMethod, _id=22, _a=0xbff489f4) at /home/tmacieir/obj/kde4/KDE/kdelibs/khtml/khtml_part.moc:274
#50 0xb70a0298 in QMetaObject::activate (sender=0x87d6f20, from_signal_index=4, to_signal_index=4, argv=0x0) at /home/thiago/src/troll/qt-4.5/src/corelib/kernel/qobject.cpp:3111
#51 0xb70a189f in QMetaObject::activate (sender=0x87d6f20, m=0xb265b168, local_signal_index=0, argv=0x0) at /home/thiago/src/troll/qt-4.5/src/corelib/kernel/qobject.cpp:3185
#52 0xb2031a84 in DOM::DocumentImpl::finishedParsing (this=0x87d6f20) at /home/tmacieir/obj/kde4/KDE/kdelibs/khtml/dom_docimpl.moc:79
#53 0xb2031a3f in DOM::DocumentImpl::qt_metacall (this=0x87d6f20, _c=QMetaObject::InvokeMetaMethod, _id=0, _a=0xbff48b24) at /home/tmacieir/obj/kde4/KDE/kdelibs/khtml/dom_docimpl.moc:68
#54 0xb20a0d97 in DOM::HTMLDocumentImpl::qt_metacall (this=0x87d6f20, _c=QMetaObject::InvokeMetaMethod, _id=4, _a=0xbff48b24) at /home/tmacieir/obj/kde4/KDE/kdelibs/khtml/html_documentimpl.moc:63
#55 0xb70a0298 in QMetaObject::activate (sender=0x8782030, from_signal_index=4, to_signal_index=4, argv=0x0) at /home/thiago/src/troll/qt-4.5/src/corelib/kernel/qobject.cpp:3111
#56 0xb70a189f in QMetaObject::activate (sender=0x8782030, m=0xb265cc20, local_signal_index=0, argv=0x0) at /home/thiago/src/troll/qt-4.5/src/corelib/kernel/qobject.cpp:3185
#57 0xb206110c in khtml::Tokenizer::finishedParsing (this=0x8782030) at /home/tmacieir/obj/kde4/KDE/kdelibs/khtml/xml_tokenizer.moc:77
#58 0xb208a731 in khtml::HTMLTokenizer::end (this=0x8782030) at /home/tmacieir/src/kde4/KDE/kdelibs/khtml/html/htmltokenizer.cpp:1947
#59 0xb208a4ed in khtml::HTMLTokenizer::write (this=0x8782030, str=@0xbff48cc8, appendData=false) at /home/tmacieir/src/kde4/KDE/kdelibs/khtml/html/htmltokenizer.cpp:1906
#60 0xb208ba0b in khtml::HTMLTokenizer::notifyFinished (this=0x8782030) at /home/tmacieir/src/kde4/KDE/kdelibs/khtml/html/htmltokenizer.cpp:2136
#61 0xb21e1164 in khtml::CachedScript::checkNotify (this=0x8beca88) at /home/tmacieir/src/kde4/KDE/kdelibs/khtml/misc/loader.cpp:389
#62 0xb21e11d3 in khtml::CachedScript::error (this=0x8beca88) at /home/tmacieir/src/kde4/KDE/kdelibs/khtml/misc/loader.cpp:396
#63 0xb21e64e7 in khtml::Loader::slotFinished (this=0x8a50518, job=0x9004af0) at /home/tmacieir/src/kde4/KDE/kdelibs/khtml/misc/loader.cpp:1448
#64 0xb21e8d95 in khtml::Loader::qt_metacall (this=0x8a50518, _c=QMetaObject::InvokeMetaMethod, _id=3, _a=0xbff48ed8) at /home/tmacieir/obj/kde4/KDE/kdelibs/khtml/loader.moc:131
#65 0xb70a0298 in QMetaObject::activate (sender=0x9004af0, from_signal_index=7, to_signal_index=7, argv=0xbff48ed8) at /home/thiago/src/troll/qt-4.5/src/corelib/kernel/qobject.cpp:3111
#66 0xb70a189f in QMetaObject::activate (sender=0x9004af0, m=0xb7481828, local_signal_index=3, argv=0xbff48ed8) at /home/thiago/src/troll/qt-4.5/src/corelib/kernel/qobject.cpp:3185
#67 0xb72f01b7 in KJob::result (this=0x9004af0, _t1=0x9004af0) at /home/tmacieir/obj/kde4/KDE/kdelibs/kdecore/kjob.moc:188
#68 0xb72ef800 in KJob::emitResult (this=0x9004af0) at /home/tmacieir/src/kde4/KDE/kdelibs/kdecore/jobs/kjob.cpp:304
#69 0xb7985622 in KIO::SimpleJob::slotFinished (this=0x9004af0) at /home/tmacieir/src/kde4/KDE/kdelibs/kio/kio/job.cpp:485
#70 0xb7987fd2 in KIO::TransferJob::slotFinished (this=0x9004af0) at /home/tmacieir/src/kde4/KDE/kdelibs/kio/kio/job.cpp:962
#71 0xb7985713 in KIO::SimpleJob::slotError (this=0x9004af0, err=123, errorText=@0xbff492d4) at /home/tmacieir/src/kde4/KDE/kdelibs/kio/kio/job.cpp:497
#72 0xb798f232 in KIO::SimpleJob::qt_metacall (this=0x9004af0, _c=QMetaObject::InvokeMetaMethod, _id=0, _a=0xbff49234) at /home/tmacieir/obj/kde4/KDE/kdelibs/kio/jobclasses.moc:158
#73 0xb798f683 in KIO::TransferJob::qt_metacall (this=0x9004af0, _c=QMetaObject::InvokeMetaMethod, _id=31, _a=0xbff49234) at /home/tmacieir/obj/kde4/KDE/kdelibs/kio/jobclasses.moc:331
#74 0xb70a0298 in QMetaObject::activate (sender=0x8c09740, from_signal_index=6, to_signal_index=6, argv=0xbff49234) at /home/thiago/src/troll/qt-4.5/src/corelib/kernel/qobject.cpp:3111
#75 0xb70a189f in QMetaObject::activate (sender=0x8c09740, m=0xb7b8fcc4, local_signal_index=2, argv=0xbff49234) at /home/thiago/src/troll/qt-4.5/src/corelib/kernel/qobject.cpp:3185
#76 0xb7a43fae in KIO::SlaveInterface::error (this=0x8c09740, _t1=123, _t2=@0xbff492d4) at /home/tmacieir/obj/kde4/KDE/kdelibs/kio/slaveinterface.moc:153
#77 0xb7a41da0 in KIO::SlaveInterface::dispatch (this=0x8c09740, _cmd=102, rawdata=@0xbff49390) at /home/tmacieir/src/kde4/KDE/kdelibs/kio/kio/slaveinterface.cpp:208
#78 0xb7a417c1 in KIO::SlaveInterface::dispatch (this=0x8c09740) at /home/tmacieir/src/kde4/KDE/kdelibs/kio/kio/slaveinterface.cpp:91
#79 0xb7a376d1 in KIO::Slave::gotInput (this=0x8c09740) at /home/tmacieir/src/kde4/KDE/kdelibs/kio/kio/slave.cpp:322
#80 0xb7a386ad in KIO::Slave::qt_metacall (this=0x8c09740, _c=QMetaObject::InvokeMetaMethod, _id=2, _a=0xbff49484) at /home/tmacieir/obj/kde4/KDE/kdelibs/kio/slave.moc:76
#81 0xb70a0298 in QMetaObject::activate (sender=0x8c05d10, from_signal_index=4, to_signal_index=4, argv=0x0) at /home/thiago/src/troll/qt-4.5/src/corelib/kernel/qobject.cpp:3111
#82 0xb70a189f in QMetaObject::activate (sender=0x8c05d10, m=0xb7b8c624, local_signal_index=0, argv=0x0) at /home/thiago/src/troll/qt-4.5/src/corelib/kernel/qobject.cpp:3185
#83 0xb79594c6 in KIO::Connection::readyRead (this=0x8c05d10) at /home/tmacieir/obj/kde4/KDE/kdelibs/kio/connection.moc:86
#84 0xb7955fba in KIO::ConnectionPrivate::dequeue (this=0x8c05ac0) at /home/tmacieir/src/kde4/KDE/kdelibs/kio/kio/connection.cpp:82
#85 0xb7959453 in KIO::Connection::qt_metacall (this=0x8c05d10, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0x8f7f6f8) at /home/tmacieir/obj/kde4/KDE/kdelibs/kio/connection.moc:73
#86 0xb7098472 in QMetaCallEvent::placeMetaCall (this=0x89f6cb8, object=0x8c05d10) at /home/thiago/src/troll/qt-4.5/src/corelib/kernel/qobject.cpp:489
#87 0xb709d7b5 in QObject::event (this=0x8c05d10, e=0x89f6cb8) at /home/thiago/src/troll/qt-4.5/src/corelib/kernel/qobject.cpp:1109
#88 0xb650d8c3 in QApplicationPrivate::notify_helper (this=0x866c028, receiver=0x8c05d10, e=0x89f6cb8) at /home/thiago/src/troll/qt-4.5/src/gui/kernel/qapplication.cpp:4058
#89 0xb650dc77 in QApplication::notify (this=0xbff49f3c, receiver=0x8c05d10, e=0x89f6cb8) at /home/thiago/src/troll/qt-4.5/src/gui/kernel/qapplication.cpp:3605
#90 0xb762de0f in KApplication::notify (this=0xbff49f3c, receiver=0x8c05d10, event=0x89f6cb8) at /home/tmacieir/src/kde4/KDE/kdelibs/kdeui/kernel/kapplication.cpp:307
#91 0xb7085aba in QCoreApplication::notifyInternal (this=0xbff49f3c, receiver=0x8c05d10, event=0x89f6cb8) at /home/thiago/src/troll/qt-4.5/src/corelib/kernel/qcoreapplication.cpp:610
#92 0xb708a4e5 in QCoreApplication::sendEvent (receiver=0x8c05d10, event=0x89f6cb8) at ../../include/QtCore/../../../../../src/troll/qt-4.5/src/corelib/kernel/qcoreapplication.h:213
#93 0xb7086044 in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x8653500) at /home/thiago/src/troll/qt-4.5/src/corelib/kernel/qcoreapplication.cpp:1247
#94 0xb70862d9 in QCoreApplication::sendPostedEvents (receiver=0x0, event_type=0) at /home/thiago/src/troll/qt-4.5/src/corelib/kernel/qcoreapplication.cpp:1140
#95 0xb70be976 in QCoreApplication::sendPostedEvents () at ../../include/QtCore/../../../../../src/troll/qt-4.5/src/corelib/kernel/qcoreapplication.h:218
#96 0xb70bdb5b in postEventSourceDispatch (s=0x866db88) at /home/thiago/src/troll/qt-4.5/src/corelib/kernel/qeventdispatcher_glib.cpp:210
#97 0xb5efecea in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#98 0xb5f02354 in ?? () from /usr/lib/libglib-2.0.so.0
#99 0xb5f024df in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#100 0xb70bcc92 in QEventDispatcherGlib::processEvents (this=0x866c008, flags={i = -1074488072}) at /home/thiago/src/troll/qt-4.5/src/corelib/kernel/qeventdispatcher_glib.cpp:327
#101 0xb65d8d98 in QGuiEventDispatcherGlib::processEvents (this=0x866c008, flags={i = -1074488024}) at /home/thiago/src/troll/qt-4.5/src/gui/kernel/qguieventdispatcher_glib.cpp:202
#102 0xb70820ac in QEventLoop::processEvents (this=0xbff49dc8, flags={i = -1074487948}) at /home/thiago/src/troll/qt-4.5/src/corelib/kernel/qeventloop.cpp:149
#103 0xb708231e in QEventLoop::exec (this=0xbff49dc8, flags={i = -1074487856}) at /home/thiago/src/troll/qt-4.5/src/corelib/kernel/qeventloop.cpp:201
#104 0xb708640f in QCoreApplication::exec () at /home/thiago/src/troll/qt-4.5/src/corelib/kernel/qcoreapplication.cpp:888
#105 0xb650d5dc in QApplication::exec () at /home/thiago/src/troll/qt-4.5/src/gui/kernel/qapplication.cpp:3527
#106 0xb7fea3d3 in kdemain (argc=4, argv=0xbff4a2c4) at /home/tmacieir/src/kde4/KDE/kdebase/apps/konqueror/src/konqmain.cpp:257
#107 0x080485a2 in main (argc=) at /home/tmacieir/obj/kde4/KDE/kdebase/apps/konqueror/src/konqueror_dummy.cpp:3
Comment 1 Thiago Macieira 2009-05-12 00:22:20 UTC 
More info: this backtrace relates to r965162, but it can be reproduced with current trunk (r966801).
Comment 2 Dario Andres 2009-05-12 00:28:02 UTC 
The backtrace looks very similar to the one in bug 191027 and related to the one in bug 192105.

Here using:
Qt: 4.5.1 (qt-copy  960517)
KDE: 4.2.71 (KDE 4.2.71 (KDE 4.3 >= 20090428))
kdelibs svn rev. 963904 / kdebase svn rev. 963904
on ArchLinux i686 - Kernel 2.6.29.1

So it may be a regression or there is something else related to this

Thanks
Comment 3 Maksim Orlovich 2009-05-17 16:46:22 UTC 
Arena less VG trace --- I am feeling like I've made the exact same one before, though:
==19417== Invalid read of size 1
==19417==    at 0xBE7EB50: khtml::InlineFlowBox::removeFromLine(khtml::InlineBox*) (render_line.cpp:223)
==19417==    by 0xBE7EC27: khtml::InlineBox::remove() (render_line.cpp:76)
==19417==    by 0xBE3640F: khtml::RenderText::detach() (render_text.cpp:722)
==19417==    by 0xBD57B5B: DOM::NodeImpl::detach() (dom_nodeimpl.cpp:971)
==19417==    by 0xBD57BC4: DOM::NodeBaseImpl::detach() (dom_nodeimpl.cpp:1832)
==19417==    by 0xBD66F71: DOM::ElementImpl::detach() (dom_elementimpl.cpp:862)
==19417==    by 0xBD66BD2: DOM::ElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (dom_elementimpl.cpp:936)
==19417==    by 0xBDB0018: DOM::HTMLElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (html_elementimpl.cpp:270)
==19417==    by 0xBD66CD6: DOM::ElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (dom_elementimpl.cpp:967)
==19417==    by 0xBDB0018: DOM::HTMLElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (html_elementimpl.cpp:270)
==19417==    by 0xBD66CD6: DOM::ElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (dom_elementimpl.cpp:967)
==19417==    by 0xBDB0018: DOM::HTMLElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (html_elementimpl.cpp:270)
==19417==    by 0xBD66CD6: DOM::ElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (dom_elementimpl.cpp:967)
==19417==    by 0xBDB0018: DOM::HTMLElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (html_elementimpl.cpp:270)
==19417==    by 0xBD66CD6: DOM::ElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (dom_elementimpl.cpp:967)
==19417==    by 0xBDB0018: DOM::HTMLElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (html_elementimpl.cpp:270)
==19417==    by 0xBD66CD6: DOM::ElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (dom_elementimpl.cpp:967)
==19417==    by 0xBDB0018: DOM::HTMLElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (html_elementimpl.cpp:270)
==19417==    by 0xBD66CD6: DOM::ElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (dom_elementimpl.cpp:967)
==19417==    by 0xBDB0018: DOM::HTMLElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (html_elementimpl.cpp:270)
==19417==    by 0xBD66CD6: DOM::ElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (dom_elementimpl.cpp:967)
==19417==    by 0xBDB0018: DOM::HTMLElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (html_elementimpl.cpp:270)
==19417==    by 0xBD66CD6: DOM::ElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (dom_elementimpl.cpp:967)
==19417==    by 0xBDB0018: DOM::HTMLElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (html_elementimpl.cpp:270)
==19417==    by 0xBD66CD6: DOM::ElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (dom_elementimpl.cpp:967)
==19417==    by 0xBDB0018: DOM::HTMLElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (html_elementimpl.cpp:270)
==19417==    by 0xBD66CD6: DOM::ElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (dom_elementimpl.cpp:967)
==19417==    by 0xBDB0018: DOM::HTMLElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (html_elementimpl.cpp:270)
==19417==    by 0xBD66CD6: DOM::ElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (dom_elementimpl.cpp:967)
==19417==    by 0xBDB0018: DOM::HTMLElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (html_elementimpl.cpp:270)
==19417==    by 0xBD66CD6: DOM::ElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (dom_elementimpl.cpp:967)
==19417==    by 0xBDB0018: DOM::HTMLElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (html_elementimpl.cpp:270)
==19417==    by 0xBD45419: DOM::DocumentImpl::recalcStyle(DOM::NodeImpl::StyleChange) (dom_docimpl.cpp:1448)
==19417==    by 0xBD3ECA8: DOM::DocumentImpl::updateRendering() (dom_docimpl.cpp:1477)
==19417==    by 0xBD45005: DOM::DocumentImpl::updateDocumentsRendering() (dom_docimpl.cpp:1490)
==19417==    by 0xBF542EB: KJS::Window::afterScriptExecution() (kjs_window.cpp:1292)
==19417==    by 0xBF7F5AA: KJS::JSEventListener::handleEvent(DOM::Event&) (kjs_events.cpp:119)
==19417==    by 0xBD5BADB: DOM::NodeImpl::handleLocalEvents(DOM::EventImpl*, bool) (dom_nodeimpl.cpp:714)
==19417==    by 0xBD5D366: DOM::NodeImpl::dispatchGenericEvent(DOM::EventImpl*, int&) (dom_nodeimpl.cpp:499)
==19417==    by 0xBD5D6B6: DOM::NodeImpl::dispatchWindowEvent(int, bool, bool) (dom_nodeimpl.cpp:564)
==19417==    by 0xBCF1674: KHTMLPart::slotFinishedParsing() (khtml_part.cpp:2200)
==19417==    by 0xBCFBBB6: KHTMLPart::qt_metacall(QMetaObject::Call, int, void**) (khtml_part.moc:267)
==19417==    by 0x4FA3C41: QMetaObject::activate(QObject*, int, int, void**) (qobject.cpp:3019)
==19417==    by 0x4FA4221: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (qobject.cpp:3092)
==19417==    by 0xBD3F6A6: DOM::DocumentImpl::finishedParsing() (dom_docimpl.moc:77)
==19417==    by 0xBD3F704: DOM::DocumentImpl::qt_metacall(QMetaObject::Call, int, void**) (dom_docimpl.moc:67)
==19417==    by 0xBDB3299: DOM::HTMLDocumentImpl::qt_metacall(QMetaObject::Call, int, void**) (html_documentimpl.moc:62)
==19417==    by 0x4FA3C41: QMetaObject::activate(QObject*, int, int, void**) (qobject.cpp:3019)
==19417==    by 0x4FA4221: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (qobject.cpp:3092)
==19417==    by 0xBD79426: khtml::Tokenizer::finishedParsing() (xml_tokenizer.moc:75)
==19417==  Address 0x6cc3630 is 32 bytes inside a block of size 68 free'd
==19417==    at 0x4024B4A: free (vg_replace_malloc.c:323)
==19417==    by 0xBE38E35: khtml::RenderArena::free(unsigned, void*) (render_arena.cpp:122)
==19417==    by 0xBE7EF86: khtml::InlineBox::detach(khtml::RenderArena*, bool) (render_line.cpp:92)
==19417==    by 0xBE31F0C: khtml::RenderFlow::deleteInlineBoxes(khtml::RenderArena*) (render_flow.cpp:185)
==19417==    by 0xBE31E8A: khtml::RenderFlow::detach() (render_flow.cpp:360)
==19417==    by 0xBE02E3A: khtml::RenderBlock::removeChild(khtml::RenderObject*) (render_block.cpp:675)
==19417==    by 0xBE21B7B: khtml::RenderObject::remove() (render_object.h:847)
==19417==    by 0xBE179D5: khtml::RenderObject::detach() (render_object.cpp:2365)
==19417==    by 0xBE2F5CA: khtml::RenderBox::detach() (render_box.cpp:224)
==19417==    by 0xBE31E92: khtml::RenderFlow::detach() (render_flow.cpp:362)
==19417==    by 0xBD57B5B: DOM::NodeImpl::detach() (dom_nodeimpl.cpp:971)
==19417==    by 0xBD57BDA: DOM::NodeBaseImpl::detach() (dom_nodeimpl.cpp:1834)
==19417==    by 0xBD66F71: DOM::ElementImpl::detach() (dom_elementimpl.cpp:862)
==19417==    by 0xBD57BC4: DOM::NodeBaseImpl::detach() (dom_nodeimpl.cpp:1832)
==19417==    by 0xBD66F71: DOM::ElementImpl::detach() (dom_elementimpl.cpp:862)
==19417==    by 0xBD66BD2: DOM::ElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (dom_elementimpl.cpp:936)
==19417==    by 0xBDB0018: DOM::HTMLElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (html_elementimpl.cpp:270)
==19417==    by 0xBD66CD6: DOM::ElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (dom_elementimpl.cpp:967)
==19417==    by 0xBDB0018: DOM::HTMLElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (html_elementimpl.cpp:270)
==19417==    by 0xBD66CD6: DOM::ElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (dom_elementimpl.cpp:967)
==19417==    by 0xBDB0018: DOM::HTMLElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (html_elementimpl.cpp:270)
==19417==    by 0xBD66CD6: DOM::ElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (dom_elementimpl.cpp:967)
==19417==    by 0xBDB0018: DOM::HTMLElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (html_elementimpl.cpp:270)
==19417==    by 0xBD66CD6: DOM::ElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (dom_elementimpl.cpp:967)
==19417==    by 0xBDB0018: DOM::HTMLElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (html_elementimpl.cpp:270)
==19417==    by 0xBD66CD6: DOM::ElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (dom_elementimpl.cpp:967)
==19417==    by 0xBDB0018: DOM::HTMLElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (html_elementimpl.cpp:270)
==19417==    by 0xBD66CD6: DOM::ElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (dom_elementimpl.cpp:967)
==19417==    by 0xBDB0018: DOM::HTMLElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (html_elementimpl.cpp:270)
==19417==    by 0xBD66CD6: DOM::ElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (dom_elementimpl.cpp:967)
==19417==    by 0xBDB0018: DOM::HTMLElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (html_elementimpl.cpp:270)
==19417==    by 0xBD66CD6: DOM::ElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (dom_elementimpl.cpp:967)
==19417==    by 0xBDB0018: DOM::HTMLElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (html_elementimpl.cpp:270)
==19417==    by 0xBD66CD6: DOM::ElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (dom_elementimpl.cpp:967)
==19417==    by 0xBDB0018: DOM::HTMLElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (html_elementimpl.cpp:270)
==19417==    by 0xBD66CD6: DOM::ElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (dom_elementimpl.cpp:967)
==19417==    by 0xBDB0018: DOM::HTMLElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (html_elementimpl.cpp:270)
==19417==    by 0xBD66CD6: DOM::ElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (dom_elementimpl.cpp:967)
==19417==    by 0xBDB0018: DOM::HTMLElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (html_elementimpl.cpp:270)
==19417==    by 0xBD66CD6: DOM::ElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (dom_elementimpl.cpp:967)
==19417==    by 0xBDB0018: DOM::HTMLElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (html_elementimpl.cpp:270)
==19417==    by 0xBD45419: DOM::DocumentImpl::recalcStyle(DOM::NodeImpl::StyleChange) (dom_docimpl.cpp:1448)
==19417==    by 0xBD3ECA8: DOM::DocumentImpl::updateRendering() (dom_docimpl.cpp:1477)
==19417==    by 0xBD45005: DOM::DocumentImpl::updateDocumentsRendering() (dom_docimpl.cpp:1490)
==19417==    by 0xBF542EB: KJS::Window::afterScriptExecution() (kjs_window.cpp:1292)
==19417==    by 0xBF7F5AA: KJS::JSEventListener::handleEvent(DOM::Event&) (kjs_events.cpp:119)
==19417==    by 0xBD5BADB: DOM::NodeImpl::handleLocalEvents(DOM::EventImpl*, bool) (dom_nodeimpl.cpp:714)
==19417==    by 0xBD5D366: DOM::NodeImpl::dispatchGenericEvent(DOM::EventImpl*, int&) (dom_nodeimpl.cpp:499)
==19417==    by 0xBD5D6B6: DOM::NodeImpl::dispatchWindowEvent(int, bool, bool) (dom_nodeimpl.cpp:564)
==19417==    by 0xBCF1674: KHTMLPart::slotFinishedParsing() (khtml_part.cpp:2200)
Comment 4 Dario Andres 2009-05-17 16:51:02 UTC 
There is a similar one on https://bugs.kde.org/show_bug.cgi?id=191027#c6
Comment 5 Maksim Orlovich 2009-05-17 17:42:37 UTC 
Got this almost reduced... Hopefully testcase coming up soon.
Comment 6 Maksim Orlovich 2009-05-17 19:21:10 UTC 
OK, reading version of the testcase... This needs to be run in VG to trigger the crash; and I am not sure why it wants the two external scripts... But this should be short enough for mental analysis:

main.html:
=================
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">

<html>
<head>
  <style>
    .container-inline div,.container-inline label{display:inline;}
    .form-item label {display:block;font-weight:bold;}
    .compact-form-wrapper{position:relative;}
  </style>
  <script type="text/javascript" src="work.js"></script>
</head>

<body>
  <form>
      <div id="search" class="container-inline">
        <div class="form-item">
          <label for="edit-search-theme-form-1">Search this site:</label> <input type="text">
        </div><input type="submit">
      </div>
  </form><script type="text/javascript" src="semicolon.js">
</script>
</body>
</html>

work.js:
===============
/* The fragment below is reconstructed from code originally tagged as:
    $Id: compact_forms.js,v 1.1 2007/07/29 17:20:58 tomsun Exp $
    Compact Forms jQuery plugin
*/
document.onload = compactForm;

function compactForm(stars, colons) {
    var label = document.getElementsByTagName("label")[0];
    label.parentNode.className += " compact-form-wrapper";
}

semicolon.js:
=================
;
Comment 7 Maksim Orlovich 2009-05-17 19:23:08 UTC 
Created attachment 33773 [details]
The testcase

All tar'd up.
Comment 8 Viacheslav Tokarev 2009-05-22 19:04:08 UTC 
SVN commit 971542 by vtokarev:

Invalidate and delete line box subtree of the flow when taking out
inline flow objectf rom the rendering tree. We may insert it somewhere afterwards
but still would need to recalculate inline boxes for it.
In theory, we should now better support rendering tree modifications
which was triggered lately by better continuation merge.

Thanks to Maks and Germain for the assistance!

BUG:192380
BUG:190350
BUG:191027
BUG:192105

 M  +31 -0     render_container.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=971542
Comment 9 Germain Garand 2009-06-03 00:07:49 UTC 
*** Bug 195018 has been marked as a duplicate of this bug. ***
Comment 10 Viacheslav Tokarev 2009-06-20 15:44:24 UTC 
*** Bug 182524 has been marked as a duplicate of this bug. ***
Comment 11 Viacheslav Tokarev 2009-06-20 15:50:33 UTC 
*** Bug 170764 has been marked as a duplicate of this bug. ***