Bug 240684

Summary: akregator crashes when opening a new tab from http://www.phoronix.com/rss.php
Product: [Applications] konqueror Reporter: Manolis Maroudas <kapamaroo>
Component: khtmlAssignee: Konqueror Developers <konq-bugs>
Status: RESOLVED WORKSFORME    
Severity: crash CC: justin.zobel, moltonel
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Debian unstable   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: konqueror test pages

Description Manolis Maroudas 2010-06-04 06:33:36 UTC 
Application: akregator (1.6.3)
KDE Platform Version: 4.4.4 (KDE 4.4.4)
Qt Version: 4.6.2
Operating System: Linux 2.6.34-0.slh.3-sidux-686 i686
Distribution (Platform): Debian unstable

-- Information about the crash:
When I open a new tab inside akregator from http://www.phoronix.com/rss.php after a while akregator crashes
this happens after the KDE 4.4.4 upgrade (did not happen with KDE 4.4.3).

The crash can be reproduced every time.

 -- Backtrace:
Application: Akregator (akregator), signal: Segmentation fault
[Current thread is 1 (Thread 0xb3c0d710 (LWP 25563))]

Thread 2 (Thread 0xaf6ffb70 (LWP 25931)):
#0  0xb7825424 in __kernel_vsyscall ()
#1  0xb4a44242 in pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/i386/i686/../i486/pthread_cond_timedwait.S:179
#2  0xb60f3154 in __pthread_cond_timedwait (cond=0x9898338, mutex=0x9898320, abstime=0xaf6ff2a0) at forward.c:152
#3  0xb6dfd7ef in QWaitConditionPrivate::wait (this=0x9898284, mutex=0x9898280, time=30000) at thread/qwaitcondition_unix.cpp:85
#4  QWaitCondition::wait (this=0x9898284, mutex=0x9898280, time=30000) at thread/qwaitcondition_unix.cpp:159
#5  0xb6df1b7b in QThreadPoolThread::run (this=0x9897808) at concurrent/qthreadpool.cpp:140
#6  0xb6dfc93e in QThreadPrivate::start (arg=0x9897808) at thread/qthread_unix.cpp:248
#7  0xb4a3f955 in start_thread (arg=0xaf6ffb70) at pthread_create.c:300
#8  0xb60e614e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130

Thread 1 (Thread 0xb3c0d710 (LWP 25563)):
[KCrash Handler]
#6  0xb1c1e572 in KHTMLPart::requestObject (this=0x9f82c20, frame=0xa198ab8, url=..., serviceType=..., params=...) at ../../khtml/khtml_part.cpp:4174
#7  0xb1d0f4e2 in DOM::HTMLObjectBaseElementImpl::computeContent (this=0xa198ab8) at ../../khtml/html/html_objectimpl.cpp:533
#8  0xb1d09d74 in DOM::HTMLPartContainerElementImpl::computeContentIfNeeded (this=0x690061) at ../../khtml/html/html_objectimpl.cpp:90
#9  0xb1c8cc4c in DOM::NodeBaseImpl::appendChild (this=0x9f49128, newChild=0xa198ac0, exceptioncode=@0xbfd9dd40) at ../../khtml/xml/dom_nodeimpl.cpp:1735
#10 0xb1e41f03 in DOMNodeProtoFunc::callAsFunction (this=0xaf861820, exec=0xbfd9e124, thisObj=0xaf8191a0, args=...) at ../../khtml/ecma/kjs_dom.cpp:642
#11 0xb1a8c85d in KJS::JSObject::call (this=0xb615e301, exec=0xbfd9e124, thisObj=0xaf8191a0, args=...) at ../../kjs/object.cpp:70
#12 0xb1aaa852 in KJS::Machine::runBlock (exec=0xbfd9e124, codeBlock=..., parentExec=0xbfd9e594) at codes.def:1192
#13 0xb1a88c2b in KJS::FunctionImp::callAsFunction (this=0xaed0bb60, exec=0xbfd9e594, thisObj=0xaf870000, args=...) at ../../kjs/function.cpp:144
#14 0xb1a8c85d in KJS::JSObject::call (this=0xb615e301, exec=0xbfd9e594, thisObj=0xaf870000, args=...) at ../../kjs/object.cpp:70
#15 0xb1aaa852 in KJS::Machine::runBlock (exec=0xbfd9e594, codeBlock=..., parentExec=0xbfd9ea04) at codes.def:1192
#16 0xb1a88c2b in KJS::FunctionImp::callAsFunction (this=0xaed0bba0, exec=0xbfd9ea04, thisObj=0xaed0b460, args=...) at ../../kjs/function.cpp:144
#17 0xb1a8c85d in KJS::JSObject::call (this=0xb615e301, exec=0xbfd9ea04, thisObj=0xaed0b460, args=...) at ../../kjs/object.cpp:70
#18 0xb1aaa852 in KJS::Machine::runBlock (exec=0xbfd9ea04, codeBlock=..., parentExec=0xa2905d8) at codes.def:1192
#19 0xb1a88c2b in KJS::FunctionImp::callAsFunction (this=0xaed0be00, exec=0xa2905d8, thisObj=0xaf860c20, args=...) at ../../kjs/function.cpp:144
#20 0xb1a8c85d in KJS::JSObject::call (this=0xb615e301, exec=0xa2905d8, thisObj=0xaf860c20, args=...) at ../../kjs/object.cpp:70
#21 0xb1ea7db7 in KJS::JSEventListener::handleEvent (this=0xaacf1d8, evt=...) at ../../khtml/ecma/kjs_events.cpp:106
#22 0xb1c8b9e7 in DOM::NodeImpl::handleLocalEvents (this=0xa17bbfc, evt=0xa77cb68, useCapture=false) at ../../khtml/xml/dom_nodeimpl.cpp:718
#23 0xb1c8be7d in DOM::NodeImpl::dispatchGenericEvent (this=0xa17bbfc, evt=0xa77cb68) at ../../khtml/xml/dom_nodeimpl.cpp:501
#24 0xb1c8d82a in DOM::NodeImpl::dispatchWindowEvent (this=0xa17bbfc, _id=36, canBubbleArg=<value optimized out>, cancelableArg=<value optimized out>) at ../../khtml/xml/dom_nodeimpl.cpp:566
#25 0xb1c0f696 in KHTMLPart::slotFinishedParsing (this=0x9f82c20) at ../../khtml/khtml_part.cpp:2218
#26 0xb1c38303 in KHTMLPart::qt_metacall (this=0x9f82c20, _c=QMetaObject::InvokeMetaMethod, _id=22, _a=0xbfd9ed9c) at ./khtml_part.moc:280
#27 0xb6f03b2a in QMetaObject::metacall (object=0x9f82c20, cl=3054887681, idx=36, argv=0xbfd9ed9c) at kernel/qmetaobject.cpp:237
#28 0xb6f120f5 in QMetaObject::activate (sender=0xa17bbf0, m=0xb2120948, local_signal_index=0, argv=0x0) at kernel/qobject.cpp:3293
#29 0xb1c71547 in DOM::DocumentImpl::finishedParsing (this=0xa17bbf0) at ./dom_docimpl.moc:85
#30 0xb1c715a1 in DOM::DocumentImpl::qt_metacall (this=0xa17bbf0, _c=QMetaObject::InvokeMetaMethod, _id=4, _a=0xbfd9eedc) at ./dom_docimpl.moc:74
#31 0xb1ce89a7 in DOM::HTMLDocumentImpl::qt_metacall (this=0xa17bbf0, _c=QMetaObject::InvokeMetaMethod, _id=4, _a=0xbfd9eedc) at ./html_documentimpl.moc:69
#32 0xb6f03b2a in QMetaObject::metacall (object=0xa17bbf0, cl=3054887681, idx=4, argv=0xbfd9eedc) at kernel/qmetaobject.cpp:237
#33 0xb6f120f5 in QMetaObject::activate (sender=0xa0b6530, m=0xb2122468, local_signal_index=0, argv=0x0) at kernel/qobject.cpp:3293
#34 0xb1caa0d7 in khtml::Tokenizer::finishedParsing (this=0xa0b6530) at ./xml_tokenizer.moc:83
#35 0xb1ccce29 in khtml::HTMLTokenizer::end (this=0xa0b6530) at ../../khtml/html/htmltokenizer.cpp:1946
#36 0xb1cd72fc in khtml::HTMLTokenizer::write (this=0xa0b6530, str=..., appendData=false) at ../../khtml/html/htmltokenizer.cpp:1905
#37 0xb1cd1b7b in khtml::HTMLTokenizer::notifyFinished (this=0xa0b6530) at ../../khtml/html/htmltokenizer.cpp:2135
#38 0xb1e03195 in khtml::CachedScript::checkNotify (this=0xabb3748) at ../../khtml/misc/loader.cpp:390
#39 0xb1e033bc in khtml::CachedScript::data (this=0xabb3748, buffer=..., eof=true) at ../../khtml/misc/loader.cpp:382
#40 0xb1e00dc5 in khtml::Loader::slotFinished (this=0x96d6ae0, job=0xaa8f428) at ../../khtml/misc/loader.cpp:1468
#41 0xb1e01137 in khtml::Loader::qt_metacall (this=0x96d6ae0, _c=QMetaObject::InvokeMetaMethod, _id=7, _a=0xbfd9f348) at ./loader.moc:143
#42 0xb6f03b2a in QMetaObject::metacall (object=0x96d6ae0, cl=3054887681, idx=7, argv=0xbfd9f348) at kernel/qmetaobject.cpp:237
#43 0xb6f120f5 in QMetaObject::activate (sender=0xaa8f428, m=0xb7266ee8, local_signal_index=3, argv=0xbfd9f348) at kernel/qobject.cpp:3293
#44 0xb70f9e03 in KJob::result (this=0xaa8f428, _t1=0xaa8f428) at ./kjob.moc:194
#45 0xb70fa168 in KJob::emitResult (this=0xaa8f428) at ../../kdecore/jobs/kjob.cpp:312
#46 0xb5e60cf0 in KIO::SimpleJob::slotFinished (this=0xaa8f428) at ../../kio/kio/job.cpp:517
#47 0xb5e61220 in KIO::TransferJob::slotFinished (this=0xaa8f428) at ../../kio/kio/job.cpp:1097
#48 0xb5e5eb53 in KIO::TransferJob::qt_metacall (this=0xaa8f428, _c=QMetaObject::InvokeMetaMethod, _id=47, _a=0xbfd9f5dc) at ./jobclasses.moc:367
#49 0xb6f03b2a in QMetaObject::metacall (object=0xaa8f428, cl=3054887681, idx=47, argv=0xbfd9f5dc) at kernel/qmetaobject.cpp:237
#50 0xb6f120f5 in QMetaObject::activate (sender=0x98cef28, m=0xb600fde4, local_signal_index=4, argv=0x0) at kernel/qobject.cpp:3293
#51 0xb5f2c447 in KIO::SlaveInterface::finished (this=0x98cef28) at ./slaveinterface.moc:171
#52 0xb5f2f76d in KIO::SlaveInterface::dispatch (this=0x98cef28, _cmd=104, rawdata=...) at ../../kio/kio/slaveinterface.cpp:175
#53 0xb5f2c903 in KIO::SlaveInterface::dispatch (this=0x98cef28) at ../../kio/kio/slaveinterface.cpp:91
#54 0xb5f1fdd8 in KIO::Slave::gotInput (this=0x98cef28) at ../../kio/kio/slave.cpp:324
#55 0xb5f1ffe3 in KIO::Slave::qt_metacall (this=0x98cef28, _c=QMetaObject::InvokeMetaMethod, _id=30, _a=0xbfd9f8ec) at ./slave.moc:82
#56 0xb6f03b2a in QMetaObject::metacall (object=0x98cef28, cl=3054887681, idx=30, argv=0xbfd9f8ec) at kernel/qmetaobject.cpp:237
#57 0xb6f120f5 in QMetaObject::activate (sender=0x9989478, m=0xb600c6c0, local_signal_index=0, argv=0x0) at kernel/qobject.cpp:3293
#58 0xb5e28ca7 in KIO::Connection::readyRead (this=0x9989478) at ./connection.moc:92
#59 0xb5e2b04e in KIO::ConnectionPrivate::dequeue (this=0x99180e0) at ../../kio/kio/connection.cpp:82
#60 0xb5e2b17e in KIO::Connection::qt_metacall (this=0x9989478, _c=QMetaObject::InvokeMetaMethod, _id=5, _a=0xa9d1880) at ./connection.moc:79
#61 0xb6f03b2a in QMetaObject::metacall (object=0x9989478, cl=3054887681, idx=5, argv=0xa9d1880) at kernel/qmetaobject.cpp:237
#62 0xb6f0e056 in QMetaCallEvent::placeMetaCall (this=0xab49328, object=0x9989478) at kernel/qobject.cpp:561
#63 0xb6f0f11e in QObject::event (this=0x9989478, e=0xab49328) at kernel/qobject.cpp:1248
#64 0xb63cbbec in QApplicationPrivate::notify_helper (this=0x941d128, receiver=0x9989478, e=0xab49328) at kernel/qapplication.cpp:4300
#65 0xb63d275e in QApplication::notify (this=0xbfda0be4, receiver=0x9989478, e=0xab49328) at kernel/qapplication.cpp:3704
#66 0xb744db4a in KApplication::notify (this=0xbfda0be4, receiver=0x9989478, event=0xab49328) at ../../kdeui/kernel/kapplication.cpp:302
#67 0xb6efe92b in QCoreApplication::notifyInternal (this=0xbfda0be4, receiver=0x9989478, event=0xab49328) at kernel/qcoreapplication.cpp:704
#68 0xb6f01303 in QCoreApplication::sendEvent (receiver=0x0, event_type=0, data=0x93fde10) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:215
#69 QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x93fde10) at kernel/qcoreapplication.cpp:1345
#70 0xb6f0146d in QCoreApplication::sendPostedEvents (receiver=0x0, event_type=0) at kernel/qcoreapplication.cpp:1238
#71 0xb6f2a83f in QCoreApplication::sendPostedEvents (s=0x9428510) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:220
#72 postEventSourceDispatch (s=0x9428510) at kernel/qeventdispatcher_glib.cpp:276
#73 0xb49992f5 in g_main_dispatch (context=0x9428490) at /build/buildd-glib2.0_2.24.1-1-i386-84Pp4V/glib2.0-2.24.1/glib/gmain.c:1960
#74 IA__g_main_context_dispatch (context=0x9428490) at /build/buildd-glib2.0_2.24.1-1-i386-84Pp4V/glib2.0-2.24.1/glib/gmain.c:2513
#75 0xb499cfd8 in g_main_context_iterate (context=0x9428490, block=<value optimized out>, dispatch=1, self=0x941be18) at /build/buildd-glib2.0_2.24.1-1-i386-84Pp4V/glib2.0-2.24.1/glib/gmain.c:2591
#76 0xb499d1b8 in IA__g_main_context_iteration (context=0x9428490, may_block=1) at /build/buildd-glib2.0_2.24.1-1-i386-84Pp4V/glib2.0-2.24.1/glib/gmain.c:2654
#77 0xb6f2a335 in QEventDispatcherGlib::processEvents (this=0x93fd8d8, flags=...) at kernel/qeventdispatcher_glib.cpp:412
#78 0xb648a255 in QGuiEventDispatcherGlib::processEvents (this=0x93fd8d8, flags=...) at kernel/qguieventdispatcher_glib.cpp:204
#79 0xb6efcf49 in QEventLoop::processEvents (this=0xbfda01a0, flags=) at kernel/qeventloop.cpp:149
#80 0xb6efd39a in QEventLoop::exec (this=0xbfda01a0, flags=...) at kernel/qeventloop.cpp:201
#81 0xb6906df3 in QDialog::exec (this=0xa937980) at dialogs/qdialog.cpp:546
#82 0xb22a0a1d in ?? () from /usr/lib/kde4/akregatorpart.so
#83 0xb224bf4e in Akregator::Feed::accept(Akregator::TreeNodeVisitor*) () from /usr/lib/kde4/akregatorpart.so
#84 0xb22549b8 in Akregator::TreeNodeVisitor::visit(Akregator::TreeNode*) () from /usr/lib/kde4/akregatorpart.so
#85 0xb22a08e0 in ?? () from /usr/lib/kde4/akregatorpart.so
#86 0xb22a0964 in ?? () from /usr/lib/kde4/akregatorpart.so
#87 0xb6f03b2a in QMetaObject::metacall (object=0x99a7798, cl=3054887681, idx=7, argv=0xbfda036c) at kernel/qmetaobject.cpp:237
#88 0xb6f120f5 in QMetaObject::activate (sender=0xaa902e8, m=0xb70102e8, local_signal_index=0, argv=0x0) at kernel/qobject.cpp:3293
#89 0xb6f19d57 in QSingleShotTimer::timeout (this=0xaa902e8) at .moc/release-shared/qtimer.moc:82
#90 0xb6f19e6c in QSingleShotTimer::timerEvent (this=0xaa902e8) at kernel/qtimer.cpp:308
#91 0xb6f0ef74 in QObject::event (this=0xaa902e8, e=0xbfd9d968) at kernel/qobject.cpp:1212
#92 0xb63cbbec in QApplicationPrivate::notify_helper (this=0x941d128, receiver=0xaa902e8, e=0xbfda08a0) at kernel/qapplication.cpp:4300
#93 0xb63d275e in QApplication::notify (this=0xbfda0be4, receiver=0xaa902e8, e=0xbfda08a0) at kernel/qapplication.cpp:3704
#94 0xb744db4a in KApplication::notify (this=0xbfda0be4, receiver=0xaa902e8, event=0xbfda08a0) at ../../kdeui/kernel/kapplication.cpp:302
#95 0xb6efe92b in QCoreApplication::notifyInternal (this=0xbfda0be4, receiver=0xaa902e8, event=0xbfda08a0) at kernel/qcoreapplication.cpp:704
#96 0xb6f2d986 in QCoreApplication::sendEvent (this=0x9428b8c) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:215
#97 QTimerInfoList::activateTimers (this=0x9428b8c) at kernel/qeventdispatcher_unix.cpp:603
#98 0xb6f2a644 in timerSourceDispatch (source=0x9428b58) at kernel/qeventdispatcher_glib.cpp:184
#99 0xb49992f5 in g_main_dispatch (context=0x9428490) at /build/buildd-glib2.0_2.24.1-1-i386-84Pp4V/glib2.0-2.24.1/glib/gmain.c:1960
#100 IA__g_main_context_dispatch (context=0x9428490) at /build/buildd-glib2.0_2.24.1-1-i386-84Pp4V/glib2.0-2.24.1/glib/gmain.c:2513
#101 0xb499cfd8 in g_main_context_iterate (context=0x9428490, block=<value optimized out>, dispatch=1, self=0x941be18) at /build/buildd-glib2.0_2.24.1-1-i386-84Pp4V/glib2.0-2.24.1/glib/gmain.c:2591
#102 0xb499d1b8 in IA__g_main_context_iteration (context=0x9428490, may_block=1) at /build/buildd-glib2.0_2.24.1-1-i386-84Pp4V/glib2.0-2.24.1/glib/gmain.c:2654
#103 0xb6f2a335 in QEventDispatcherGlib::processEvents (this=0x93fd8d8, flags=...) at kernel/qeventdispatcher_glib.cpp:412
#104 0xb648a255 in QGuiEventDispatcherGlib::processEvents (this=0x93fd8d8, flags=...) at kernel/qguieventdispatcher_glib.cpp:204
#105 0xb6efcf49 in QEventLoop::processEvents (this=0xbfda0b64, flags=) at kernel/qeventloop.cpp:149
#106 0xb6efd39a in QEventLoop::exec (this=0xbfda0b64, flags=...) at kernel/qeventloop.cpp:201
#107 0xb6f0152f in QCoreApplication::exec () at kernel/qcoreapplication.cpp:981
#108 0xb63cbc87 in QApplication::exec () at kernel/qapplication.cpp:3579
#109 0x0804fa61 in _start ()

Possible duplicates by query: bug 235179, bug 224640, bug 219788, bug 217517, bug 201105.

Reported using DrKonqi
Comment 1 Maksim Orlovich 2010-06-05 23:39:17 UTC 
Thanks for the report. Does it requires any particular article? Also, what's the magnitude of 'after a while'?
Comment 2 Manolis Maroudas 2010-06-06 00:57:58 UTC 
The article i first noticed the crash is http://www.phoronix.com/vr.php?view=14976 also some random articles i tried had the same result.

Today there was no crash with the same article or any other article i tried, but the home page http://www.phoronix.com/scan.php?page=home crashed both akregator and konqueror. The crash now happens to me only with the home page (maybe it occurs with some other pages too).

Here is the backtrace of konqueror:

Application: Konqueror (konqueror), signal: Segmentation fault
[Current thread is 1 (Thread 0xb5541710 (LWP 21722))]

Thread 3 (Thread 0xb031fb70 (LWP 21724)):
#0  0xb78a6424 in __kernel_vsyscall ()
#1  0xb5975242 in pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/i386/i686/../i486/pthread_cond_timedwait.S:179
#2  0xb773f154 in __pthread_cond_timedwait (cond=0x8968af8, mutex=0x8968ae0, abstime=0xb031f2a0) at forward.c:152
#3  0xb697e7ef in QWaitConditionPrivate::wait (this=0x8968a44, mutex=0x8968a40, time=30000) at thread/qwaitcondition_unix.cpp:85
#4  QWaitCondition::wait (this=0x8968a44, mutex=0x8968a40, time=30000) at thread/qwaitcondition_unix.cpp:159
#5  0xb6972b7b in QThreadPoolThread::run (this=0x8968b90) at concurrent/qthreadpool.cpp:140
#6  0xb697d93e in QThreadPrivate::start (arg=0x8968b90) at thread/qthread_unix.cpp:248
#7  0xb5970955 in start_thread (arg=0xb031fb70) at pthread_create.c:300
#8  0xb773214e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130

Thread 2 (Thread 0xaf793b70 (LWP 21726)):
#0  0xb78a6424 in __kernel_vsyscall ()
#1  0xb5975242 in pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/i386/i686/../i486/pthread_cond_timedwait.S:179
#2  0xb773f154 in __pthread_cond_timedwait (cond=0x8968af8, mutex=0x8968ae0, abstime=0xaf7932a0) at forward.c:152
#3  0xb697e7ef in QWaitConditionPrivate::wait (this=0x8968a44, mutex=0x8968a40, time=30000) at thread/qwaitcondition_unix.cpp:85
#4  QWaitCondition::wait (this=0x8968a44, mutex=0x8968a40, time=30000) at thread/qwaitcondition_unix.cpp:159
#5  0xb6972b7b in QThreadPoolThread::run (this=0x8c5a3a0) at concurrent/qthreadpool.cpp:140
#6  0xb697d93e in QThreadPrivate::start (arg=0x8c5a3a0) at thread/qthread_unix.cpp:248
#7  0xb5970955 in start_thread (arg=0xaf793b70) at pthread_create.c:300
#8  0xb773214e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130

Thread 1 (Thread 0xb5541710 (LWP 21722)):
[KCrash Handler]
#6  0xb3150572 in KHTMLPart::requestObject (this=0x8912b70, frame=0x8ffcb70, url=..., serviceType=..., params=...) at ../../khtml/khtml_part.cpp:4174
#7  0xb32414e2 in DOM::HTMLObjectBaseElementImpl::computeContent (this=0x8ffcb70) at ../../khtml/html/html_objectimpl.cpp:533
#8  0xb323bd74 in DOM::HTMLPartContainerElementImpl::computeContentIfNeeded (this=0x1) at ../../khtml/html/html_objectimpl.cpp:90
#9  0xb31bec4c in DOM::NodeBaseImpl::appendChild (this=0x8953b48, newChild=0x8ffcb78, exceptioncode=@0xbfc07a90) at ../../khtml/xml/dom_nodeimpl.cpp:1735
#10 0xb3373f03 in DOMNodeProtoFunc::callAsFunction (this=0xb0321820, exec=0xbfc07e74, thisObj=0xaf9f8660, args=...) at ../../khtml/ecma/kjs_dom.cpp:642
#11 0xb2fbe85d in KJS::JSObject::call (this=0xb77aa301, exec=0xbfc07e74, thisObj=0xaf9f8660, args=...) at ../../kjs/object.cpp:70
#12 0xb2fdc852 in KJS::Machine::runBlock (exec=0xbfc07e74, codeBlock=..., parentExec=0xbfc082e4) at codes.def:1192
#13 0xb2fbac2b in KJS::FunctionImp::callAsFunction (this=0xb0323c80, exec=0xbfc082e4, thisObj=0xb1860000, args=...) at ../../kjs/function.cpp:144
#14 0xb2fbe85d in KJS::JSObject::call (this=0xb77aa301, exec=0xbfc082e4, thisObj=0xb1860000, args=...) at ../../kjs/object.cpp:70
#15 0xb2fdc852 in KJS::Machine::runBlock (exec=0xbfc082e4, codeBlock=..., parentExec=0xbfc08754) at codes.def:1192
#16 0xb2fbac2b in KJS::FunctionImp::callAsFunction (this=0xb0323cc0, exec=0xbfc08754, thisObj=0xb03236a0, args=...) at ../../kjs/function.cpp:144
#17 0xb2fbe85d in KJS::JSObject::call (this=0xb77aa301, exec=0xbfc08754, thisObj=0xb03236a0, args=...) at ../../kjs/object.cpp:70
#18 0xb2fdc852 in KJS::Machine::runBlock (exec=0xbfc08754, codeBlock=..., parentExec=0x89536e0) at codes.def:1192
#19 0xb2fbac2b in KJS::FunctionImp::callAsFunction (this=0xb0323d80, exec=0x89536e0, thisObj=0xb0320c20, args=...) at ../../kjs/function.cpp:144
#20 0xb2fbe85d in KJS::JSObject::call (this=0xb77aa301, exec=0x89536e0, thisObj=0xb0320c20, args=...) at ../../kjs/object.cpp:70
#21 0xb33d9db7 in KJS::JSEventListener::handleEvent (this=0x935bf10, evt=...) at ../../khtml/ecma/kjs_events.cpp:106
#22 0xb31bd9e7 in DOM::NodeImpl::handleLocalEvents (this=0x8a2cefc, evt=0x905adc8, useCapture=false) at ../../khtml/xml/dom_nodeimpl.cpp:718
#23 0xb31bde7d in DOM::NodeImpl::dispatchGenericEvent (this=0x8a2cefc, evt=0x905adc8) at ../../khtml/xml/dom_nodeimpl.cpp:501
#24 0xb31bf82a in DOM::NodeImpl::dispatchWindowEvent (this=0x8a2cefc, _id=36, canBubbleArg=<value optimized out>, cancelableArg=<value optimized out>) at ../../khtml/xml/dom_nodeimpl.cpp:566
#25 0xb3141696 in KHTMLPart::slotFinishedParsing (this=0x8912b70) at ../../khtml/khtml_part.cpp:2218
#26 0xb316a303 in KHTMLPart::qt_metacall (this=0x8912b70, _c=QMetaObject::InvokeMetaMethod, _id=22, _a=0xbfc08aec) at ./khtml_part.moc:280
#27 0xb6a84b2a in QMetaObject::metacall (object=0x8912b70, cl=3078267649, idx=36, argv=0xbfc08aec) at kernel/qmetaobject.cpp:237
#28 0xb6a930f5 in QMetaObject::activate (sender=0x8a2cef0, m=0xb3652948, local_signal_index=0, argv=0x0) at kernel/qobject.cpp:3293
#29 0xb31a3547 in DOM::DocumentImpl::finishedParsing (this=0x8a2cef0) at ./dom_docimpl.moc:85
#30 0xb31a35a1 in DOM::DocumentImpl::qt_metacall (this=0x8a2cef0, _c=QMetaObject::InvokeMetaMethod, _id=4, _a=0xbfc08c2c) at ./dom_docimpl.moc:74
#31 0xb321a9a7 in DOM::HTMLDocumentImpl::qt_metacall (this=0x8a2cef0, _c=QMetaObject::InvokeMetaMethod, _id=4, _a=0xbfc08c2c) at ./html_documentimpl.moc:69
#32 0xb6a84b2a in QMetaObject::metacall (object=0x8a2cef0, cl=3078267649, idx=4, argv=0xbfc08c2c) at kernel/qmetaobject.cpp:237
#33 0xb6a930f5 in QMetaObject::activate (sender=0x8a0e140, m=0xb3654468, local_signal_index=0, argv=0x0) at kernel/qobject.cpp:3293
#34 0xb31dc0d7 in khtml::Tokenizer::finishedParsing (this=0x8a0e140) at ./xml_tokenizer.moc:83
#35 0xb31fee29 in khtml::HTMLTokenizer::end (this=0x8a0e140) at ../../khtml/html/htmltokenizer.cpp:1946
#36 0xb32092fc in khtml::HTMLTokenizer::write (this=0x8a0e140, str=..., appendData=false) at ../../khtml/html/htmltokenizer.cpp:1905
#37 0xb3203b7b in khtml::HTMLTokenizer::notifyFinished (this=0x8a0e140) at ../../khtml/html/htmltokenizer.cpp:2135
#38 0xb3335195 in khtml::CachedScript::checkNotify (this=0x94400a8) at ../../khtml/misc/loader.cpp:390
#39 0xb33353bc in khtml::CachedScript::data (this=0x94400a8, buffer=..., eof=true) at ../../khtml/misc/loader.cpp:382
#40 0xb3332dc5 in khtml::Loader::slotFinished (this=0x889d760, job=0x9326320) at ../../khtml/misc/loader.cpp:1468
#41 0xb3333137 in khtml::Loader::qt_metacall (this=0x889d760, _c=QMetaObject::InvokeMetaMethod, _id=7, _a=0xbfc09098) at ./loader.moc:143
#42 0xb6a84b2a in QMetaObject::metacall (object=0x889d760, cl=3078267649, idx=7, argv=0xbfc09098) at kernel/qmetaobject.cpp:237
#43 0xb6a930f5 in QMetaObject::activate (sender=0x9326320, m=0xb6de6ee8, local_signal_index=3, argv=0xbfc09098) at kernel/qobject.cpp:3293
#44 0xb6c79e03 in KJob::result (this=0x9326320, _t1=0x9326320) at ./kjob.moc:194
#45 0xb6c7a168 in KJob::emitResult (this=0x9326320) at ../../kdecore/jobs/kjob.cpp:312
#46 0xb72b3cf0 in KIO::SimpleJob::slotFinished (this=0x9326320) at ../../kio/kio/job.cpp:517
#47 0xb72b4220 in KIO::TransferJob::slotFinished (this=0x9326320) at ../../kio/kio/job.cpp:1097
#48 0xb72b1b53 in KIO::TransferJob::qt_metacall (this=0x9326320, _c=QMetaObject::InvokeMetaMethod, _id=47, _a=0xbfc0932c) at ./jobclasses.moc:367
#49 0xb6a84b2a in QMetaObject::metacall (object=0x9326320, cl=3078267649, idx=47, argv=0xbfc0932c) at kernel/qmetaobject.cpp:237
#50 0xb6a930f5 in QMetaObject::activate (sender=0x8948528, m=0xb7462de4, local_signal_index=4, argv=0x0) at kernel/qobject.cpp:3293
#51 0xb737f447 in KIO::SlaveInterface::finished (this=0x8948528) at ./slaveinterface.moc:171
#52 0xb738276d in KIO::SlaveInterface::dispatch (this=0x8948528, _cmd=104, rawdata=...) at ../../kio/kio/slaveinterface.cpp:175
#53 0xb737f903 in KIO::SlaveInterface::dispatch (this=0x8948528) at ../../kio/kio/slaveinterface.cpp:91
#54 0xb7372dd8 in KIO::Slave::gotInput (this=0x8948528) at ../../kio/kio/slave.cpp:324
#55 0xb7372fe3 in KIO::Slave::qt_metacall (this=0x8948528, _c=QMetaObject::InvokeMetaMethod, _id=30, _a=0xbfc0963c) at ./slave.moc:82
#56 0xb6a84b2a in QMetaObject::metacall (object=0x8948528, cl=3078267649, idx=30, argv=0xbfc0963c) at kernel/qmetaobject.cpp:237
#57 0xb6a930f5 in QMetaObject::activate (sender=0x8a69810, m=0xb745f6c0, local_signal_index=0, argv=0x0) at kernel/qobject.cpp:3293
#58 0xb727bca7 in KIO::Connection::readyRead (this=0x8a69810) at ./connection.moc:92
#59 0xb727e04e in KIO::ConnectionPrivate::dequeue (this=0x8a289d0) at ../../kio/kio/connection.cpp:82
#60 0xb727e17e in KIO::Connection::qt_metacall (this=0x8a69810, _c=QMetaObject::InvokeMetaMethod, _id=5, _a=0x9317350) at ./connection.moc:79
#61 0xb6a84b2a in QMetaObject::metacall (object=0x8a69810, cl=3078267649, idx=5, argv=0x9317350) at kernel/qmetaobject.cpp:237
#62 0xb6a8f056 in QMetaCallEvent::placeMetaCall (this=0x9036230, object=0x8a69810) at kernel/qobject.cpp:561
#63 0xb6a9011e in QObject::event (this=0x8a69810, e=0x9036230) at kernel/qobject.cpp:1248
#64 0xb5f4cbec in QApplicationPrivate::notify_helper (this=0x85527e8, receiver=0x8a69810, e=0x9036230) at kernel/qapplication.cpp:4300
#65 0xb5f5375e in QApplication::notify (this=0xbfc0a0a0, receiver=0x8a69810, e=0x9036230) at kernel/qapplication.cpp:3704
#66 0xb6fcdb4a in KApplication::notify (this=0xbfc0a0a0, receiver=0x8a69810, event=0x9036230) at ../../kdeui/kernel/kapplication.cpp:302
#67 0xb6a7f92b in QCoreApplication::notifyInternal (this=0xbfc0a0a0, receiver=0x8a69810, event=0x9036230) at kernel/qcoreapplication.cpp:704
#68 0xb6a82303 in QCoreApplication::sendEvent (receiver=0x0, event_type=0, data=0x853af78) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:215
#69 QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x853af78) at kernel/qcoreapplication.cpp:1345
#70 0xb6a8246d in QCoreApplication::sendPostedEvents (receiver=0x0, event_type=0) at kernel/qcoreapplication.cpp:1238
#71 0xb6aab83f in QCoreApplication::sendPostedEvents (s=0x8554b10) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:220
#72 postEventSourceDispatch (s=0x8554b10) at kernel/qeventdispatcher_glib.cpp:276
#73 0xb58ce2f5 in g_main_dispatch (context=0x8554a90) at /build/buildd-glib2.0_2.24.1-1-i386-84Pp4V/glib2.0-2.24.1/glib/gmain.c:1960
#74 IA__g_main_context_dispatch (context=0x8554a90) at /build/buildd-glib2.0_2.24.1-1-i386-84Pp4V/glib2.0-2.24.1/glib/gmain.c:2513
#75 0xb58d1fd8 in g_main_context_iterate (context=0x8554a90, block=<value optimized out>, dispatch=1, self=0x8552a58) at /build/buildd-glib2.0_2.24.1-1-i386-84Pp4V/glib2.0-2.24.1/glib/gmain.c:2591
#76 0xb58d21b8 in IA__g_main_context_iteration (context=0x8554a90, may_block=1) at /build/buildd-glib2.0_2.24.1-1-i386-84Pp4V/glib2.0-2.24.1/glib/gmain.c:2654
#77 0xb6aab335 in QEventDispatcherGlib::processEvents (this=0x853ac38, flags=...) at kernel/qeventdispatcher_glib.cpp:412
#78 0xb600b255 in QGuiEventDispatcherGlib::processEvents (this=0x853ac38, flags=...) at kernel/qguieventdispatcher_glib.cpp:204
#79 0xb6a7df49 in QEventLoop::processEvents (this=0xbfc09ef4, flags=) at kernel/qeventloop.cpp:149
#80 0xb6a7e39a in QEventLoop::exec (this=0xbfc09ef4, flags=...) at kernel/qeventloop.cpp:201
#81 0xb6a8252f in QCoreApplication::exec () at kernel/qcoreapplication.cpp:981
#82 0xb5f4cc87 in QApplication::exec () at kernel/qapplication.cpp:3579
#83 0xb788b98f in kdemain (argc=2, argv=0xbfc0a3b4) at ../../../../apps/konqueror/src/konqmain.cpp:257
#84 0x080485fb in main (argc=2, argv=0xbfc0a3b4) at konqueror_dummy.cpp:3
Comment 3 Maksim Orlovich 2010-06-06 16:49:48 UTC 
Thanks, but no crash on it for me either -- but it could be due to the local changes I have, or may be I am getting different ads or something. If it's reproducible to you, any chance you could run:

valgrind --num-callers=50 konqueror urlHere &> log

and attach the log here?

Thanks.
Comment 4 Manolis Maroudas 2010-06-06 21:36:20 UTC 
I think that the most possible reason is the ads, because the "bad" pages are random and changing. Also sometimes a page loads correctly but after a couple of "Refresh Page" clicks, it crashes the program.

I saved a page from phoronix and I tried to find the part of the code which is responsible for the crash, by removing some lines every time. It seems to me that the problem comes from a javascript file named "KonaLibInline.js" but i cannot say for sure. 

At the end of every source there are the following lines:

<!-- Kontera ContentLink  -->
<script type="text/javascript">
var dc_UnitID = 14;
var dc_PublisherID = 5158;
var dc_AdLinkColor = '#234865';
var dc_adprod='ADL';
var dc_ChannelID = '42';
var dc_isBoldActive='no';
</script>
<script type="text/javascript" src="http://kona.kontera.com/javascript/lib/KonaLibInline.js"></script>
<!-- Kontera ContentLink  -->


So I created three different pages

test_page_with_konalibinline.php.html
test_page_without_Konalibinline.php.html
only_Konalibinline.php.html

to see how the behavior of konqueror is affected. The only_Konalibinline.php.html crashes almost immediately, the test_page_with_konalibinline.php.html crashes either with the first load or after I refresh the page 5-6 times, and the test_page_without_Konalibinline.php.html doesn't crash at all.


I run the konqueror inside valgrind with command valgrind --num-callers=50 --log-file=log konqueror 'test_url_here'. although it didn't crash, the log file has quite a lot information (about 2mb).

I also forgot to mention that I don't have the konqueror-nsplugins package installed to load flash but this shouldn't be a reason for the crash

I attach all the files i mention
Comment 5 Manolis Maroudas 2010-06-06 21:39:24 UTC 
Created attachment 47752 [details]
konqueror test pages

contains the files

KonaLibInline.js
only_Konalibinline.php.html
phxcms.css
test_page_with_konalibinline.php.html
test_page_without_Konalibinline.php.html
Comment 6 Manolis Maroudas 2010-06-06 21:52:36 UTC 
konqueror log by valgrind

http://ifile.it/q2xi98s/valgrind_konqueror_log

couldn't attach it because of the size (~2mb)
Comment 7 Maksim Orlovich 2010-06-06 22:24:46 UTC 
You're awesome. Using your testcase, and turning off the plugins, I got this:

==31584== Invalid read of size 4
==31584==    at 0xB26F437: KHTMLPart::requestObject(DOM::HTMLPartContainerElementImpl*, QString const&, QString const&, QStringList const&) (khtml_part.cpp:4130)
==31584==    by 0xB37C658: DOM::HTMLObjectBaseElementImpl::computeContent() (html_objectimpl.cpp:533)
==31584==    by 0xB377ABA: DOM::HTMLPartContainerElementImpl::computeContentIfNeeded() (html_objectimpl.cpp:90)
==31584==    by 0xB377D9C: DOM::HTMLPartContainerElementImpl::close() (html_objectimpl.cpp:81)
==31584==    by 0xB2F7F6C: DOM::NodeBaseImpl::appendChild(DOM::NodeImpl*, int&) (dom_nodeimpl.cpp:1863)
==31584==    by 0xB4D5D46: DOMNodeProtoFunc::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (kjs_dom.cpp:646)
==31584==    by 0xBD7CF30: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (object.h:616)
==31584==    by 0xBD5944A: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:172)
==31584==    by 0xBD7CF30: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (object.h:616)
==31584==    by 0xBD5944A: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:172)
==31584==    by 0xBD7CF30: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (object.h:616)
==31584==    by 0xBD5944A: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:172)
==31584==    by 0xB512F05: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.h:616)
==31584==    by 0xB5363D9: KJS::JSEventListener::handleEvent(DOM::Event&) (kjs_events.cpp:106)
==31584==    by 0xB2F7126: DOM::NodeImpl::handleLocalEvents(DOM::EventImpl*, bool) (dom_nodeimpl.cpp:719)
==31584==    by 0xB2F898C: DOM::NodeImpl::dispatchGenericEvent(DOM::EventImpl*, int&) (dom_nodeimpl.cpp:502)
==31584==    by 0xB2F8CA7: DOM::NodeImpl::dispatchWindowEvent(int, bool, bool) (dom_nodeimpl.cpp:567)
==31584==    by 0xB26F92B: KHTMLPart::slotFinishedParsing() (khtml_part.cpp:2137)
==31584==    by 0xB2792A3: KHTMLPart::qt_metacall(QMetaObject::Call, int, void**) (khtml_part.moc:280)
==31584==    by 0x5324BCB: QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) (qmetaobject.cpp:237)
==31584==    by 0x5335E1F: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (qobject.cpp:3290)
==31584==    by 0xB2DA586: DOM::DocumentImpl::finishedParsing() (dom_docimpl.moc:85)
==31584==    by 0xB2DA5E0: DOM::DocumentImpl::qt_metacall(QMetaObject::Call, int, void**) (dom_docimpl.moc:74)
==31584==    by 0xB354F89: DOM::HTMLDocumentImpl::qt_metacall(QMetaObject::Call, int, void**) (html_documentimpl.moc:69)
==31584==    by 0x5324BCB: QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) (qmetaobject.cpp:237)
==31584==    by 0x5335E1F: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (qobject.cpp:3290)
==31584==    by 0xB315EA6: khtml::Tokenizer::finishedParsing() (xml_tokenizer.moc:83)
==31584==    by 0xB33B0D8: khtml::HTMLTokenizer::end() (htmltokenizer.cpp:1931)
==31584==    by 0xB34124B: khtml::HTMLTokenizer::write(khtml::TokenizerString const&, bool) (htmltokenizer.cpp:1893)
==31584==    by 0xB33DFAD: khtml::HTMLTokenizer::notifyFinished(khtml::CachedObject*) (htmltokenizer.cpp:2136)
==31584==    by 0xB48621F: khtml::CachedScript::checkNotify() (loader.cpp:398)
==31584==    by 0xB48CA63: khtml::CachedScript::data(QBuffer&, bool) (loader.cpp:390)
==31584==    by 0xB488E45: khtml::Loader::slotFinished(KJob*) (loader.cpp:1245)
==31584==    by 0xB489126: khtml::Loader::qt_metacall(QMetaObject::Call, int, void**) (loader.moc:141)
==31584==    by 0x5324BCB: QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) (qmetaobject.cpp:237)
==31584==    by 0x5335E1F: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (qobject.cpp:3290)
==31584==    by 0x4FFE0E2: KJob::result(KJob*) (kjob.moc:194)
==31584==    by 0x4FFE547: KJob::emitResult() (kjob.cpp:312)
==31584==    by 0x449D4AE: KIO::SimpleJob::slotFinished() (job.cpp:522)
==31584==    by 0x449DD72: KIO::TransferJob::slotFinished() (job.cpp:1111)
==31584==    by 0x44A4782: KIO::TransferJob::qt_metacall(QMetaObject::Call, int, void**) (jobclasses.moc:367)
==31584==    by 0x5324BCB: QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) (qmetaobject.cpp:237)
==31584==    by 0x5335E1F: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (qobject.cpp:3290)
==31584==    by 0x454BD46: KIO::SlaveInterface::finished() (slaveinterface.moc:171)
==31584==    by 0x454DA31: KIO::SlaveInterface::dispatch(int, QByteArray const&) (slaveinterface.cpp:175)
==31584==    by 0x454E5E9: KIO::SlaveInterface::dispatch() (slaveinterface.cpp:91)
==31584==    by 0x4541463: KIO::Slave::gotInput() (slave.cpp:344)
==31584==    by 0x454299A: KIO::Slave::qt_metacall(QMetaObject::Call, int, void**) (slave.moc:82)
==31584==    by 0x5324BCB: QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) (qmetaobject.cpp:237)
==31584==    by 0x5335E1F: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (qobject.cpp:3290)
==31584==  Address 0x6b5b564 is 28 bytes inside a block of size 32 free'd
==31584==    at 0x4023E72: realloc (vg_replace_malloc.c:476)
==31584==    by 0x5214AA3: qRealloc(void*, unsigned int) (qmalloc.cpp:65)
==31584==    by 0x523A49D: QListData::realloc(int) (qlist.cpp:158)
==31584==    by 0x523A81B: QListData::append() (qlist.cpp:179)
==31584==    by 0x523A95F: QListData::insert(int) (qlist.cpp:241)
==31584==    by 0xB28C7C5: QList<khtml::ChildFrame*>::insert(QList<khtml::ChildFrame*>::iterator, khtml::ChildFrame* const&) (qlist.h:424)
==31584==    by 0xB26F354: KHTMLPart::requestObject(DOM::HTMLPartContainerElementImpl*, QString const&, QString const&, QStringList const&) (khtml_part.cpp:4123)
==31584==    by 0xB37C658: DOM::HTMLObjectBaseElementImpl::computeContent() (html_objectimpl.cpp:533)
==31584==    by 0xB377ABA: DOM::HTMLPartContainerElementImpl::computeContentIfNeeded() (html_objectimpl.cpp:90)
==31584==    by 0xB377D9C: DOM::HTMLPartContainerElementImpl::close() (html_objectimpl.cpp:81)
==31584==    by 0xB2F841C: DOM::NodeBaseImpl::replaceChild(DOM::NodeImpl*, DOM::NodeImpl*, int&) (dom_nodeimpl.cpp:1716)
==31584==    by 0xB4D5F24: DOMNodeProtoFunc::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (kjs_dom.cpp:656)
==31584==    by 0xBD7CF30: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (object.h:616)
==31584==    by 0xBD5944A: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:172)
==31584==    by 0xBD7CF30: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (object.h:616)
==31584==    by 0xBD5944A: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:172)
==31584==    by 0xBD7CF30: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (object.h:616)
==31584==    by 0xBD5944A: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:172)
==31584==    by 0xBD7CF30: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (object.h:616)
==31584==    by 0xBD5944A: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:172)
==31584==    by 0xBD7CF30: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (object.h:616)
==31584==    by 0xBD5944A: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:172)
==31584==    by 0xBD3EBFB: KJS::FunctionProtoFunc::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.h:616)
==31584==    by 0xBD7CF30: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (object.h:616)
==31584==    by 0xBD5944A: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:172)
==31584==    by 0xB512F05: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.h:616)
==31584==    by 0xB5363D9: KJS::JSEventListener::handleEvent(DOM::Event&) (kjs_events.cpp:106)
==31584==    by 0xB2DCE6F: DOM::DocumentImpl::defaultEventHandler(DOM::EventImpl*) (dom_docimpl.cpp:2771)
==31584==    by 0xB2F8CC5: DOM::NodeImpl::dispatchWindowEvent(int, bool, bool) (dom_nodeimpl.cpp:569)
==31584==    by 0xB3558B2: DOM::HTMLDocumentImpl::close() (html_documentimpl.cpp:249)
==31584==    by 0xB26C1AA: KHTMLPart::checkEmitLoadEvent() (khtml_part.cpp:2420)
==31584==    by 0xB26C47F: KHTMLPart::checkCompleted() (khtml_part.cpp:2340)
==31584==    by 0xB26CA57: KHTMLPart::childLoadFailure(khtml::ChildFrame*) (khtml_part.cpp:4216)
==31584==    by 0xB26D1D9: KHTMLPart::processObjectRequest(khtml::ChildFrame*, KUrl const&, QString const&) (khtml_part.cpp:4304)
==31584==    by 0xB26EFAC: KHTMLPart::requestObject(khtml::ChildFrame*, KUrl const&, KParts::OpenUrlArguments const&, KParts::BrowserArguments const&) (khtml_part.cpp:4206)
==31584==    by 0xB26F425: KHTMLPart::requestObject(DOM::HTMLPartContainerElementImpl*, QString const&, QString const&, QStringList const&) (khtml_part.cpp:4130)
==31584==    by 0xB37C658: DOM::HTMLObjectBaseElementImpl::computeContent() (html_objectimpl.cpp:533)
==31584==    by 0xB377ABA: DOM::HTMLPartContainerElementImpl::computeContentIfNeeded() (html_objectimpl.cpp:90)
==31584==    by 0xB377D9C: DOM::HTMLPartContainerElementImpl::close() (html_objectimpl.cpp:81)
==31584==    by 0xB2F7F6C: DOM::NodeBaseImpl::appendChild(DOM::NodeImpl*, int&) (dom_nodeimpl.cpp:1863)
==31584==    by 0xB4D5D46: DOMNodeProtoFunc::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (kjs_dom.cpp:646)
==31584==    by 0xBD7CF30: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (object.h:616)
==31584==    by 0xBD5944A: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:172)
==31584==    by 0xBD7CF30: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (object.h:616)
==31584==    by 0xBD5944A: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:172)
==31584==    by 0xBD7CF30: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (object.h:616)
==31584==    by 0xBD5944A: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:172)
==31584==    by 0xB512F05: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.h:616)
==31584==    by 0xB5363D9: KJS::JSEventListener::handleEvent(DOM::Event&) (kjs_events.cpp:106)
==31584==    by 0xB2F7126: DOM::NodeImpl::handleLocalEvents(DOM::EventImpl*, bool) (dom_nodeimpl.cpp:719)

This explains the reason for the crash, and why turning off the plugins matters.

Without anything to handle flash, we immediately notice that its loading failed, so there is nothing left to load for the initial document-> that emits the load event in the middle of setting up the frame data structure. 

The JavaScript code handling the load event tries to load some other plugin, which alters the frame list... Meanwhile, the outermost load is hanging on to an iterator for it, which has been invalidated. Boom.

I think the fix is to do the emission asynchronously, as the handler could potentially destroy the frame, too.

(And as for your valgrind log... I think some optimizations in common string operations mean a lot of them show up as warnings for you, not sure why).
Comment 8 Justin Zobel 2020-12-09 02:06:42 UTC 
Thank you for the crash report, Manolis.

As it has been a while since this was reported, can you please test and confirm if this issue is still occurring or if this bug report can be marked as resolved.

I have set the bug status to "needsinfo" pending your response, please change back to "reported" or "resolved/worksforme" when you respond, thank you.
Comment 9 Bug Janitor Service 2020-12-24 04:34:30 UTC 
Dear Bug Submitter,

This bug has been in NEEDSINFO status with no change for at least
15 days. Please provide the requested information as soon as
possible and set the bug status as REPORTED. Due to regular bug
tracker maintenance, if the bug is still in NEEDSINFO status with
no change in 30 days the bug will be closed as RESOLVED > WORKSFORME
due to lack of needed information.

For more information about our bug triaging procedures please read the
wiki located here:
https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

If you have already provided the requested information, please
mark the bug as REPORTED so that the KDE team knows that the bug is
ready to be confirmed.

Thank you for helping us make KDE software even better for everyone!
Comment 10 Bug Janitor Service 2021-01-08 04:34:00 UTC 
This bug has been in NEEDSINFO status with no change for at least
30 days. The bug is now closed as RESOLVED > WORKSFORME
due to lack of needed information.

For more information about our bug triaging procedures please read the
wiki located here:
https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

Thank you for helping us make KDE software even better for everyone!