Bug 239846

Summary: Crash on adsl.free.fr
Product: [Applications] konqueror Reporter: Christophe Marin <christophe>
Component: khtmlAssignee: Konqueror Developers <konq-bugs>
Status: RESOLVED FIXED    
Severity: crash CC: majewsky, maksim
Priority: NOR    
Version: SVN   
Target Milestone: ---   
Platform: openSUSE   
OS: Linux   
URL: http://adsl.free.fr
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Christophe Marin 2010-05-28 10:55:55 UTC 
Seems to be always reproducible with the beta1 rpms. Konqueror crashes while loading this page.


Application: Konqueror (kdeinit4), signal: Segmentation fault
[Current thread is 1 (Thread 0x7f86f58e1760 (LWP 4640))]

Thread 4 (Thread 0x7f86d8bdf710 (LWP 4699)):
#0  0x00007f86f426d38c in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
#1  0x00007f86ea7d6800 in QTWTF::TCMalloc_PageHeap::scavengerThread (this=0x7f86eaabb220) at ../3rdparty/javascriptcore/JavaScriptCore/wtf/FastMalloc.cpp:2304
#2  0x00007f86ea7d6839 in QTWTF::TCMalloc_PageHeap::runScavengerThread (context=0x7f86eaac92ec) at ../3rdparty/javascriptcore/JavaScriptCore/wtf/FastMalloc.cpp:1438
#3  0x00007f86f4268a3f in start_thread () from /lib64/libpthread.so.0
#4  0x00007f86f3076bfd in clone () from /lib64/libc.so.6
#5  0x0000000000000000 in ?? ()

Thread 3 (Thread 0x7f86d74ec710 (LWP 5127)):
#0  0x00007f86f426d6f9 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
#1  0x00007f86f44f6c92 in wait (this=<value optimized out>, mutex=0x120fd90, time=30000) at thread/qwaitcondition_unix.cpp:85
#2  QWaitCondition::wait (this=<value optimized out>, mutex=0x120fd90, time=30000) at thread/qwaitcondition_unix.cpp:159
#3  0x00007f86f44eccf0 in QThreadPoolThread::run (this=0x767800) at concurrent/qthreadpool.cpp:140
#4  0x00007f86f44f6665 in QThreadPrivate::start (arg=0x767800) at thread/qthread_unix.cpp:248
#5  0x00007f86f4268a3f in start_thread () from /lib64/libpthread.so.0
#6  0x00007f86f3076bfd in clone () from /lib64/libc.so.6
#7  0x0000000000000000 in ?? ()

Thread 2 (Thread 0x7f86d7f28710 (LWP 5130)):
#0  0x00007f86f426d6f9 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
#1  0x00007f86f44f6c92 in wait (this=<value optimized out>, mutex=0x15def90, time=30000) at thread/qwaitcondition_unix.cpp:85
#2  QWaitCondition::wait (this=<value optimized out>, mutex=0x15def90, time=30000) at thread/qwaitcondition_unix.cpp:159
#3  0x00007f86f44eccf0 in QThreadPoolThread::run (this=0x15df560) at concurrent/qthreadpool.cpp:140
#4  0x00007f86f44f6665 in QThreadPrivate::start (arg=0x15df560) at thread/qthread_unix.cpp:248
#5  0x00007f86f4268a3f in start_thread () from /lib64/libpthread.so.0
#6  0x00007f86f3076bfd in clone () from /lib64/libc.so.6
#7  0x0000000000000000 in ?? ()

Thread 1 (Thread 0x7f86f58e1760 (LWP 4640)):
[KCrash Handler]
#6  khtml::CSSStyleSelector::addDependency (this=0x1affc50, dependencyType=0, dependency=0x1c0cb40) at /usr/src/debug/kdelibs-4.4.80/khtml/css/cssstyleselector.cpp:1333
#7  0x00007f86dd806ba2 in khtml::CSSStyleSelector::checkSimpleSelector (this=0x1affc50, sel=0x1ec7480, e=0x1f47b80, isAncestor=true, isSubSelector=false)
    at /usr/src/debug/kdelibs-4.4.80/khtml/css/cssstyleselector.cpp:1476
#8  0x00007f86dd807cd4 in khtml::CSSStyleSelector::checkSelector (this=0x1affc50, sel=0x1ec7480, e=0x1f47b80, isAncestor=true, isSubSelector=<value optimized out>)
    at /usr/src/debug/kdelibs-4.4.80/khtml/css/cssstyleselector.cpp:1199
#9  0x00007f86dd819030 in khtml::CSSStyleSelector::isMatchedByAnySelector (this=0x1affc50, e=0x1f47b80, sels=...) at /usr/src/debug/kdelibs-4.4.80/khtml/css/cssstyleselector.cpp:1321
#10 0x00007f86dd7131e7 in khtml::SelectorQuery::querySelectorImp (justOne=false, root=0x11870d8, query=<value optimized out>, ec=<value optimized out>)
    at /usr/src/debug/kdelibs-4.4.80/khtml/xml/wa_selectors.cpp:79
#11 0x00007f86dd713324 in khtml::SelectorQuery::querySelectorAll (root=<value optimized out>, query=<value optimized out>, ec=<value optimized out>)
    at /usr/src/debug/kdelibs-4.4.80/khtml/xml/wa_selectors.cpp:106
#12 0x00007f86dd6d9835 in DOM::NodeImpl::querySelectorAll (this=<value optimized out>, query=..., ec=@0x7fff239a1118) at /usr/src/debug/kdelibs-4.4.80/khtml/xml/dom_nodeimpl.cpp:1430
#13 0x00007f86dd87d9c1 in DOMDocumentProtoFunc::callAsFunction (this=0x7f86d8353c40, exec=0x7fff239a1a60, thisObj=<value optimized out>, args=...)
    at /usr/src/debug/kdelibs-4.4.80/khtml/ecma/kjs_dom.cpp:1204
#14 0x00007f86dcfc3397 in call (exec=0x7fff239a1a60, codeBlock=..., parentExec=0x7fff239a2330) at /usr/src/debug/kdelibs-4.4.80/kjs/object.h:616
#15 KJS::Machine::runBlock (exec=0x7fff239a1a60, codeBlock=..., parentExec=0x7fff239a2330) at codes.def:1209
#16 0x00007f86dcfa2f01 in KJS::FunctionImp::callAsFunction (this=0x7f86d8353e80, exec=0x7fff239a2330, thisObj=<value optimized out>, args=...) at /usr/src/debug/kdelibs-4.4.80/kjs/function.cpp:172
#17 0x00007f86dcfc3397 in call (exec=0x7fff239a2330, codeBlock=..., parentExec=0x7fff239a2c00) at /usr/src/debug/kdelibs-4.4.80/kjs/object.h:616
#18 KJS::Machine::runBlock (exec=0x7fff239a2330, codeBlock=..., parentExec=0x7fff239a2c00) at codes.def:1209
#19 0x00007f86dcfa2f01 in KJS::FunctionImp::callAsFunction (this=0x7f86d8364300, exec=0x7fff239a2c00, thisObj=<value optimized out>, args=...) at /usr/src/debug/kdelibs-4.4.80/kjs/function.cpp:172
#20 0x00007f86dcfc3397 in call (exec=0x7fff239a2c00, codeBlock=..., parentExec=0x7fff239a3500) at /usr/src/debug/kdelibs-4.4.80/kjs/object.h:616
#21 KJS::Machine::runBlock (exec=0x7fff239a2c00, codeBlock=..., parentExec=0x7fff239a3500) at codes.def:1209
#22 0x00007f86dcfa2f01 in KJS::FunctionImp::callAsFunction (this=0x7f86d8364d80, exec=0x7fff239a3500, thisObj=<value optimized out>, args=...) at /usr/src/debug/kdelibs-4.4.80/kjs/function.cpp:172
#23 0x00007f86dcfa191e in call (this=0x7f86d8364d80, exec=0x7fff239a3500, args=...) at /usr/src/debug/kdelibs-4.4.80/kjs/object.h:616
#24 KJS::FunctionImp::construct (this=0x7f86d8364d80, exec=0x7fff239a3500, args=...) at /usr/src/debug/kdelibs-4.4.80/kjs/function.cpp:338
#25 0x00007f86dcfc3760 in KJS::Machine::runBlock (exec=0x7fff239a3500, codeBlock=..., parentExec=0x7fff239a3dd0) at codes.def:1230
#26 0x00007f86dcfa2f01 in KJS::FunctionImp::callAsFunction (this=0x7f86d8365040, exec=0x7fff239a3dd0, thisObj=<value optimized out>, args=...) at /usr/src/debug/kdelibs-4.4.80/kjs/function.cpp:172
#27 0x00007f86dcfc3397 in call (exec=0x7fff239a3dd0, codeBlock=..., parentExec=0x7fff239a46a0) at /usr/src/debug/kdelibs-4.4.80/kjs/object.h:616
#28 KJS::Machine::runBlock (exec=0x7fff239a3dd0, codeBlock=..., parentExec=0x7fff239a46a0) at codes.def:1209
#29 0x00007f86dcfa2f01 in KJS::FunctionImp::callAsFunction (this=0x7f86d835f540, exec=0x7fff239a46a0, thisObj=<value optimized out>, args=...) at /usr/src/debug/kdelibs-4.4.80/kjs/function.cpp:172
#30 0x00007f86dcfc3397 in call (exec=0x7fff239a46a0, codeBlock=..., parentExec=0x7fff239a5030) at /usr/src/debug/kdelibs-4.4.80/kjs/object.h:616
#31 KJS::Machine::runBlock (exec=0x7fff239a46a0, codeBlock=..., parentExec=0x7fff239a5030) at codes.def:1209
#32 0x00007f86dcfa2f01 in KJS::FunctionImp::callAsFunction (this=0x7f86d835f700, exec=0x7fff239a5030, thisObj=<value optimized out>, args=...) at /usr/src/debug/kdelibs-4.4.80/kjs/function.cpp:172
#33 0x00007f86dcf8b96a in call (this=<value optimized out>, exec=0x7fff239a5030, thisObj=0x7f86d835f700, args=...) at /usr/src/debug/kdelibs-4.4.80/kjs/object.h:616
#34 KJS::FunctionProtoFunc::callAsFunction (this=<value optimized out>, exec=0x7fff239a5030, thisObj=0x7f86d835f700, args=...) at /usr/src/debug/kdelibs-4.4.80/kjs/function_object.cpp:139
#35 0x00007f86dcfc3397 in call (exec=0x7fff239a5030, codeBlock=..., parentExec=0x7fff239a59c0) at /usr/src/debug/kdelibs-4.4.80/kjs/object.h:616
#36 KJS::Machine::runBlock (exec=0x7fff239a5030, codeBlock=..., parentExec=0x7fff239a59c0) at codes.def:1209
#37 0x00007f86dcfa2f01 in KJS::FunctionImp::callAsFunction (this=0x7f86d58c5900, exec=0x7fff239a59c0, thisObj=<value optimized out>, args=...) at /usr/src/debug/kdelibs-4.4.80/kjs/function.cpp:172
#38 0x00007f86dcf8b96a in call (this=<value optimized out>, exec=0x7fff239a59c0, thisObj=0x7f86d58c5900, args=...) at /usr/src/debug/kdelibs-4.4.80/kjs/object.h:616
#39 KJS::FunctionProtoFunc::callAsFunction (this=<value optimized out>, exec=0x7fff239a59c0, thisObj=0x7f86d58c5900, args=...) at /usr/src/debug/kdelibs-4.4.80/kjs/function_object.cpp:139
#40 0x00007f86dcfc3397 in call (exec=0x7fff239a59c0, codeBlock=..., parentExec=0x7fff239a6290) at /usr/src/debug/kdelibs-4.4.80/kjs/object.h:616
#41 KJS::Machine::runBlock (exec=0x7fff239a59c0, codeBlock=..., parentExec=0x7fff239a6290) at codes.def:1209
#42 0x00007f86dcfa2f01 in KJS::FunctionImp::callAsFunction (this=0x7f86d83634c0, exec=0x7fff239a6290, thisObj=<value optimized out>, args=...) at /usr/src/debug/kdelibs-4.4.80/kjs/function.cpp:172
#43 0x00007f86dcfc3397 in call (exec=0x7fff239a6290, codeBlock=..., parentExec=0x7fff239a6b60) at /usr/src/debug/kdelibs-4.4.80/kjs/object.h:616
#44 KJS::Machine::runBlock (exec=0x7fff239a6290, codeBlock=..., parentExec=0x7fff239a6b60) at codes.def:1209
#45 0x00007f86dcfa2f01 in KJS::FunctionImp::callAsFunction (this=0x7f86d83567c0, exec=0x7fff239a6b60, thisObj=<value optimized out>, args=...) at /usr/src/debug/kdelibs-4.4.80/kjs/function.cpp:172
#46 0x00007f86dcfc3397 in call (exec=0x7fff239a6b60, codeBlock=..., parentExec=0x19e4210) at /usr/src/debug/kdelibs-4.4.80/kjs/object.h:616
#47 KJS::Machine::runBlock (exec=0x7fff239a6b60, codeBlock=..., parentExec=0x19e4210) at codes.def:1209
#48 0x00007f86dcfa2f01 in KJS::FunctionImp::callAsFunction (this=0x7f86d835a180, exec=0x19e4210, thisObj=<value optimized out>, args=...) at /usr/src/debug/kdelibs-4.4.80/kjs/function.cpp:172
#49 0x00007f86dd8d32e9 in call (this=0x1713a70, evt=...) at /usr/src/debug/kdelibs-4.4.80/kjs/object.h:616
#50 KJS::JSEventListener::handleEvent (this=0x1713a70, evt=...) at /usr/src/debug/kdelibs-4.4.80/khtml/ecma/kjs_events.cpp:106
#51 0x00007f86dd6dd22c in DOM::NodeImpl::handleLocalEvents (this=0x11870d8, evt=0x21069f0, useCapture=false) at /usr/src/debug/kdelibs-4.4.80/khtml/xml/dom_nodeimpl.cpp:719
#52 0x00007f86dd6de058 in DOM::NodeImpl::dispatchGenericEvent (this=0x11870d8, evt=0x21069f0) at /usr/src/debug/kdelibs-4.4.80/khtml/xml/dom_nodeimpl.cpp:502
#53 0x00007f86dd6de108 in DOM::NodeImpl::dispatchWindowEvent (this=0x11870d8, _id=36, canBubbleArg=<value optimized out>, cancelableArg=false)
    at /usr/src/debug/kdelibs-4.4.80/khtml/xml/dom_nodeimpl.cpp:567
#54 0x00007f86dd65c578 in KHTMLPart::slotFinishedParsing (this=0x16adb90) at /usr/src/debug/kdelibs-4.4.80/khtml/khtml_part.cpp:2137
#55 0x00007f86dd67a6d0 in KHTMLPart::qt_metacall (this=0x16adb90, _c=QMetaObject::InvokeMetaMethod, _id=22, _a=0x7fff239a7000) at /usr/src/debug/kdelibs-4.4.80/build/khtml/khtml_part.moc:280
#56 0x00007f86f45f16cf in QMetaObject::activate (sender=0x11870c0, m=<value optimized out>, local_signal_index=<value optimized out>, argv=0x0) at kernel/qobject.cpp:3287
#57 0x00007f86dd6ca790 in DOM::DocumentImpl::qt_metacall (this=0x11870c0, _c=QMetaObject::InvokeMetaMethod, _id=<value optimized out>, _a=<value optimized out>)
    at /usr/src/debug/kdelibs-4.4.80/build/khtml/dom_docimpl.moc:74
#58 0x00007f86dd734ef8 in DOM::HTMLDocumentImpl::qt_metacall (this=<value optimized out>, _c=QMetaObject::InvokeMetaMethod, _id=<value optimized out>, _a=<value optimized out>)
    at /usr/src/debug/kdelibs-4.4.80/build/khtml/html_documentimpl.moc:69
#59 0x00007f86f45f16cf in QMetaObject::activate (sender=0x1a8bad0, m=<value optimized out>, local_signal_index=<value optimized out>, argv=0x0) at kernel/qobject.cpp:3287
#60 0x00007f86dd722733 in khtml::HTMLTokenizer::write (this=0x1a8bad0, str=<value optimized out>, appendData=<value optimized out>) at /usr/src/debug/kdelibs-4.4.80/khtml/html/htmltokenizer.cpp:1893
#61 0x00007f86dd723802 in khtml::HTMLTokenizer::notifyFinished (this=0x1a8bad0, finishedObj=<value optimized out>) at /usr/src/debug/kdelibs-4.4.80/khtml/html/htmltokenizer.cpp:2136
#62 0x00007f86dd83d3af in khtml::CachedScript::checkNotify (this=0x2000da0) at /usr/src/debug/kdelibs-4.4.80/khtml/misc/loader.cpp:397
#63 0x00007f86dd83d55c in khtml::CachedScript::data (this=0x2000da0, buffer=<value optimized out>, eof=<value optimized out>) at /usr/src/debug/kdelibs-4.4.80/khtml/misc/loader.cpp:389
#64 0x00007f86dd83da57 in khtml::Loader::slotFinished (this=0xa18a10, job=0x1cc2000) at /usr/src/debug/kdelibs-4.4.80/khtml/misc/loader.cpp:1244
#65 0x00007f86dd83dee3 in khtml::Loader::qt_metacall (this=0xa18a10, _c=QMetaObject::InvokeMetaMethod, _id=<value optimized out>, _a=0x7fff239a76b0)
    at /usr/src/debug/kdelibs-4.4.80/build/khtml/loader.moc:141
#66 0x00007f86f45f16cf in QMetaObject::activate (sender=0x1cc2000, m=<value optimized out>, local_signal_index=<value optimized out>, argv=0x7fff239a76b0) at kernel/qobject.cpp:3287
#67 0x00007f86f4a1bd72 in KJob::result (this=<value optimized out>, _t1=0x1cc2000) at /usr/src/debug/kdelibs-4.4.80/build/kdecore/kjob.moc:194
#68 0x00007f86f4a1bdb0 in KJob::emitResult (this=0x1cc2000) at /usr/src/debug/kdelibs-4.4.80/kdecore/jobs/kjob.cpp:312
#69 0x00007f86edfbfeed in KIO::SimpleJob::slotFinished (this=0x1cc2000) at /usr/src/debug/kdelibs-4.4.80/kio/kio/job.cpp:522
#70 0x00007f86edfc8bc7 in KIO::TransferJob::slotFinished (this=0x1cc2000) at /usr/src/debug/kdelibs-4.4.80/kio/kio/job.cpp:1111
#71 0x00007f86edfc7391 in KIO::TransferJob::qt_metacall (this=0x1cc2000, _c=QMetaObject::InvokeMetaMethod, _id=<value optimized out>, _a=0x7fff239a7ad0)
    at /usr/src/debug/kdelibs-4.4.80/build/kio/jobclasses.moc:367
#72 0x00007f86f45f16cf in QMetaObject::activate (sender=0x1904a20, m=<value optimized out>, local_signal_index=<value optimized out>, argv=0x0) at kernel/qobject.cpp:3287
#73 0x00007f86ee068a31 in KIO::SlaveInterface::dispatch (this=<value optimized out>, _cmd=104, rawdata=...) at /usr/src/debug/kdelibs-4.4.80/kio/kio/slaveinterface.cpp:175
#74 0x00007f86ee065c83 in KIO::SlaveInterface::dispatch (this=<value optimized out>) at /usr/src/debug/kdelibs-4.4.80/kio/kio/slaveinterface.cpp:91
#75 0x00007f86ee0597f6 in KIO::Slave::gotInput (this=0x1904a20) at /usr/src/debug/kdelibs-4.4.80/kio/kio/slave.cpp:344
#76 0x00007f86ee059e0c in KIO::Slave::qt_metacall (this=0x1904a20, _c=QMetaObject::InvokeMetaMethod, _id=<value optimized out>, _a=0x7fff239a7ee0)
    at /usr/src/debug/kdelibs-4.4.80/build/kio/slave.moc:82
#77 0x00007f86f45f16cf in QMetaObject::activate (sender=0x1b81e40, m=<value optimized out>, local_signal_index=<value optimized out>, argv=0x0) at kernel/qobject.cpp:3287
#78 0x00007f86edf91b57 in KIO::ConnectionPrivate::dequeue (this=0x191e770) at /usr/src/debug/kdelibs-4.4.80/kio/kio/connection.cpp:82
#79 0x00007f86edf91c0d in KIO::Connection::qt_metacall (this=0x1b81e40, _c=QMetaObject::InvokeMetaMethod, _id=<value optimized out>, _a=0x1cb8430)
    at /usr/src/debug/kdelibs-4.4.80/build/kio/connection.moc:79
#80 0x00007f86f45eef69 in QObject::event (this=0x1b81e40, e=0x7ed410) at kernel/qobject.cpp:1240
#81 0x00007f86f37cf094 in QApplicationPrivate::notify_helper (this=0x691770, receiver=0x1b81e40, e=0x7ed410) at kernel/qapplication.cpp:4302
#82 0x00007f86f37d317a in QApplication::notify (this=<value optimized out>, receiver=0x1b81e40, e=0x7ed410) at kernel/qapplication.cpp:4185
#83 0x00007f86f52f67c6 in KApplication::notify (this=0x7fff239a8c20, receiver=0x1b81e40, event=0x7ed410) at /usr/src/debug/kdelibs-4.4.80/kdeui/kernel/kapplication.cpp:302
#84 0x00007f86f45dd54c in QCoreApplication::notifyInternal (this=0x7fff239a8c20, receiver=0x1b81e40, event=0x7ed410) at kernel/qcoreapplication.cpp:726
#85 0x00007f86f45e0cba in sendEvent (receiver=0x0, event_type=0, data=0x614b90) at kernel/qcoreapplication.h:215
#86 QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x614b90) at kernel/qcoreapplication.cpp:1367
#87 0x00007f86f4609100 in QEventDispatcherUNIX::processEvents (this=0x616ba0, flags=...) at kernel/qeventdispatcher_unix.cpp:906
#88 0x00007f86f386f56c in QEventDispatcherX11::processEvents (this=0x616ba0, flags=...) at kernel/qeventdispatcher_x11.cpp:152
#89 0x00007f86f45dc932 in QEventLoop::processEvents (this=<value optimized out>, flags=...) at kernel/qeventloop.cpp:149
#90 0x00007f86f45dcb6c in QEventLoop::exec (this=0x7fff239a89d0, flags=...) at kernel/qeventloop.cpp:201
#91 0x00007f86f45e0f8b in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1003
#92 0x00007f86e50b8c8a in kdemain () from /usr/lib64/libkdeinit4_konqueror.so
#93 0x0000000000406ad9 in launch (argc=2, _name=0x66fc78 "/usr/bin/konqueror", args=<value optimized out>, cwd=0x0, envc=<value optimized out>, envs=<value optimized out>, reset_env=false, tty=0x0, 
    avoid_loops=false, startup_id_str=0x66fca4 "sakura;1275035249;349294;4514_TIME278543") at /usr/src/debug/kdelibs-4.4.80/kinit/kinit.cpp:722
#94 0x00000000004075f5 in handle_launcher_request (sock=<value optimized out>, sock=<value optimized out>) at /usr/src/debug/kdelibs-4.4.80/kinit/kinit.cpp:1214
#95 0x0000000000407d65 in handle_requests (waitForPid=<value optimized out>) at /usr/src/debug/kdelibs-4.4.80/kinit/kinit.cpp:1407
#96 0x0000000000408970 in main (argc=4, argv=0x7fff239aa468, envp=0x7fff239aa490) at /usr/src/debug/kdelibs-4.4.80/kinit/kinit.cpp:1855
Comment 1 Maksim Orlovich 2010-05-28 17:23:58 UTC 
Ack.

==6850== Invalid read of size 4
==6850==    at 0xD14C696: khtml::DynamicDomRestyler::restyleDependent(DOM::ElementImpl*, khtml::StructuralDependencyType) (dom_restyler.cpp:67)
==6850==    by 0xD12AFF8: DOM::ElementImpl::structureChanged() (dom_elementimpl.cpp:924)
==6850==    by 0xD121182: DOM::NodeBaseImpl::insertBefore(DOM::NodeImpl*, DOM::NodeImpl*, int&) (dom_nodeimpl.cpp:1640)
==6850==    by 0xD2FE679: DOMNodeProtoFunc::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (kjs_dom.cpp:653)
==6850==    by 0xD33B705: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.h:616)
==6850==    by 0xDC89D00: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1209)
==6850==    by 0xDC65409: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:172)
==6850==    by 0xD33B705: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.h:616)
==6850==    by 0xDC46DD3: KJS::FunctionProtoFunc::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function_object.cpp:139)
==6850==    by 0xD33B705: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.h:616)
==6850==    by 0xDC89D00: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1209)
==6850==    by 0xDC65409: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:172)
==6850==    by 0xD33B705: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.h:616)
==6850==    by 0xDC89D00: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1209)
==6850==    by 0xDC65409: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:172)
==6850==    by 0xD33B705: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.h:616)
==6850==    by 0xDC89D00: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1209)
==6850==    by 0xDC65409: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:172)
==6850==    by 0xD33B705: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.h:616)
==6850==    by 0xDC89D00: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1209)
==6850==    by 0xDC65409: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:172)
==6850==    by 0xD33B705: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.h:616)
==6850==    by 0xDC46DD3: KJS::FunctionProtoFunc::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function_object.cpp:139)
==6850==    by 0xD33B705: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.h:616)
==6850==    by 0xDC89D00: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1209)
==6850==    by 0xDC65409: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:172)
==6850==    by 0xD33B705: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.h:616)
==6850==    by 0xDC89D00: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1209)
==6850==    by 0xDC65409: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:172)
==6850==    by 0xD33B705: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.h:616)
==6850==    by 0xDC89D00: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1209)
==6850==    by 0xDC65409: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:172)
==6850==    by 0xD33B705: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.h:616)
==6850==    by 0xDC46DD3: KJS::FunctionProtoFunc::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function_object.cpp:139)
==6850==    by 0xD33B705: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.h:616)
==6850==    by 0xDC89D00: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1209)
==6850==    by 0xDC65409: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:172)
==6850==    by 0xD33B705: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.h:616)
==6850==    by 0xDC46DD3: KJS::FunctionProtoFunc::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function_object.cpp:139)
==6850==    by 0xD33B705: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.h:616)
==6850==    by 0xDC89D00: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1209)
==6850==    by 0xDC65409: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:172)
Comment 2 Maksim Orlovich 2010-05-28 17:26:24 UTC 
Erk, forgot the rest of the trace:
==6850==    by 0xD33B705: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.h:616)
==6850==    by 0xDC89D00: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1209)
==6850==    by 0xDC65409: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:172)
==6850==    by 0xD33B705: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.h:616)
==6850==    by 0xDC89D00: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1209)
==6850==    by 0xDC65409: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:172)
==6850==    by 0xD33B705: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.h:616)
==6850==    by 0xD35EBD9: KJS::JSEventListener::handleEvent(DOM::Event&) (kjs_events.cpp:106)
==6850==  Address 0xc3a1228 is 0 bytes inside a block of size 56 free'd
==6850==    at 0x40236AD: operator delete(void*) (vg_replace_malloc.c:346)
==6850==    by 0xD178DC4: DOM::HTMLDivElementImpl::~HTMLDivElementImpl() (html_blockimpl.h:37)
==6850==    by 0xD113994: khtml::TreeShared<DOM::EventTargetImpl>::removedLastRef() (shared.h:59)
==6850==    by 0xD0764EE: khtml::TreeShared<DOM::EventTargetImpl>::deref() (shared.h:65)
==6850==    by 0xD122532: WTF::SharedPtr<DOM::NodeImpl>::~SharedPtr() (SharedPtr.h:35)
==6850==    by 0xD2F6634: KJS::DOMNode::~DOMNode() (kjs_dom.cpp:142)
==6850==    by 0xD321C77: KJS::DOMElement::~DOMElement() (kjs_dom.h:175)
==6850==    by 0xD321CE7: KJS::HTMLElement::~HTMLElement() (kjs_html.h:66)
==6850==    by 0xDC27002: KJS::Collector::collect() (collector.cpp:712)
==6850==    by 0xDC277D6: KJS::Collector::allocate(unsigned int) (collector.cpp:331)
==6850==    by 0xDC6873C: KJS::JSCell::operator new(unsigned int) (value.cpp:41)
==6850==    by 0xDC5110A: KJS::StringImp::toObject(KJS::ExecState*) const (internal.cpp:99)
==6850==    by 0xD371153: KJS::JSValue::toObject(KJS::ExecState*) const (value.h:492)
==6850==    by 0xDC85A02: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:707)
==6850==    by 0xDC65409: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:172)
==6850==    by 0xD33B705: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.h:616)
==6850==    by 0xDC89D00: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1209)
==6850==    by 0xDC65409: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:172)
==6850==    by 0xD33B705: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.h:616)
==6850==    by 0xDC46DD3: KJS::FunctionProtoFunc::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function_object.cpp:139)
==6850==    by 0xD33B705: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.h:616)
==6850==    by 0xDC89D00: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1209)
==6850==    by 0xDC65409: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:172)
==6850==    by 0xD33B705: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.h:616)
==6850==    by 0xDC46DD3: KJS::FunctionProtoFunc::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function_object.cpp:139)
==6850==    by 0xD33B705: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.h:616)
==6850==    by 0xDC89D00: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1209)
==6850==    by 0xDC65409: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:172)
==6850==    by 0xD33B705: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.h:616)
==6850==    by 0xDC89D00: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1209)
==6850==    by 0xDC65409: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:172)
==6850==    by 0xD33B705: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.h:616)
==6850==    by 0xDC89D00: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1209)
==6850==    by 0xDC65409: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:172)
==6850==    by 0xD33B705: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.h:616)
==6850==    by 0xDC46DD3: KJS::FunctionProtoFunc::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function_object.cpp:139)
==6850==    by 0xD33B705: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.h:616)
==6850==    by 0xDC89D00: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1209)
==6850==    by 0xDC65409: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:172)
==6850==    by 0xD33B705: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.h:616)
==6850==    by 0xDC89D00: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1209)
==6850==    by 0xDC65409: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:172)
==6850==    by 0xD33B705: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.h:616)
==6850==    by 0xDC89D00: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1209)
==6850==    by 0xDC65409: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:172)
==6850==    by 0xD33B705: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.h:616)
==6850==    by 0xDC89D00: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1209)
==6850==    by 0xDC65409: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:172)
==6850==    by 0xD33B705: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.h:616)
==6850==    by 0xDC89D00: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1209)
Comment 3 Tommi Tervo 2010-05-28 17:26:59 UTC 
*** Bug 239878 has been marked as a duplicate of this bug. ***
Comment 4 Maksim Orlovich 2010-05-28 17:41:57 UTC 
dependencies on a non-inDocument() or displayed elements, which are not cleared
as the element isn't detached. Probably should clear the dependencies in ~
instead (there are other ways of triggering such a scenario, like
getComputedStyle).

Not sure why it'd crash in adding of dependencies for you, though.
Comment 5 Maksim Orlovich 2010-05-30 22:09:02 UTC 
SVN commit 1132486 by orlovich:

Don't create dangerous spurious dependencies on querySelector[All] -- 
they can get dangly.

BUG: 239846


 M  +7 -3      cssstyleselector.cpp  
 M  +2 -1      cssstyleselector.h  


WebSVN link: http://websvn.kde.org/?view=rev&revision=1132486