Bug 264526

Summary: Konqueror crashes when using Facebook chat [KJS::JSValue::type, KJS::cloneInternal, KJS::encapsulateMessageEventData]
Product: [Applications] konqueror Reporter: Charles Opondo <charlesopondo>
Component: khtml ecmaAssignee: Konqueror Developers <konq-bugs>
Status: RESOLVED FIXED    
Severity: crash CC: ag+services, aiacovitti, andreas.hencke, andresbajotierra, b.buschinski, bryandiazg, bugs, christopher.j.bayliss, christopherheiny, crissi.be, damijan.bec, davidsboogs, donald, dudleyd, fischer, flunsidelacal, frederic.coiffier, gabrimonfa, gatoso, georgevp, hobbyblobby, ice00, independent.scientist, j.mairboeck, j4y.m4c4, jjm, jlp, joshua, julian.g, kavol, kde, kde, krege, kushagra1276, kushagra1276, m.wege, maarten, mail, matthew, minieri.paolo, mzanetti, nagorny.denis, nano, nick, olischuk, pasha-pivo, peter.blaiklock, petr.nadeiko, rasasi78, rossi.f, ruben.mueller, sharovse, shydoow, stormrunner79, svenbartscher, thomas, tibesignerie1, uriasrandy, zenomorph.ebe
Priority: NOR    
Version: 4.10.1   
Target Milestone: ---   
Platform: Ubuntu   
OS: Linux   
Latest Commit: Version Fixed In: 4.11.3
Sentry Crash Report:
Attachments: New crash information added by DrKonqi
New crash information added by DrKonqi
New crash information added by DrKonqi
New crash information added by DrKonqi
New crash information added by DrKonqi
New crash information added by DrKonqi
New crash information added by DrKonqi
New crash information added by DrKonqi
New crash information added by DrKonqi
New crash information added by DrKonqi
New crash information added by DrKonqi
New crash information added by DrKonqi
New crash information added by DrKonqi
New crash information added by DrKonqi

Description Charles Opondo 2011-01-27 21:00:12 UTC
Application: konqueror (4.6.00 (4.6.0))
KDE Platform Version: 4.6.00 (4.6.0)
Qt Version: 4.7.0
Operating System: Linux 2.6.35-25-generic i686
Distribution: Ubuntu 10.10

-- Information about the crash:
- What I was doing when the application crashed: chatting on Facebook. The crash seems to be triggered by a message coming in

The crash can be reproduced some of the time.

-- Backtrace:
Application: Konqueror (konqueror), signal: Segmentation fault
[Current thread is 1 (Thread 0xb7893930 (LWP 3765))]

Thread 2 (Thread 0xaf5b9b70 (LWP 3849)):
#0  0x01e5ccd1 in g_main_context_prepare () from /lib/libglib-2.0.so.0
#1  0x01e5d279 in ?? () from /lib/libglib-2.0.so.0
#2  0x01e5d848 in g_main_context_iteration () from /lib/libglib-2.0.so.0
#3  0x0415759f in QEventDispatcherGlib::processEvents (this=0x985fb60, flags=...) at kernel/qeventdispatcher_glib.cpp:417
#4  0x04127609 in QEventLoop::processEvents (this=0xaf5b9290, flags=) at kernel/qeventloop.cpp:149
#5  0x04127a8a in QEventLoop::exec (this=0xaf5b9290, flags=...) at kernel/qeventloop.cpp:201
#6  0x04023b7e in QThread::exec (this=0x9c85ae8) at thread/qthread.cpp:490
#7  0x0410635b in QInotifyFileSystemWatcherEngine::run (this=0x9c85ae8) at io/qfilesystemwatcher_inotify.cpp:248
#8  0x04026df9 in QThreadPrivate::start (arg=0x9c85ae8) at thread/qthread_unix.cpp:266
#9  0x0098ccc9 in start_thread () from /lib/libpthread.so.0
#10 0x00f1b69e in clone () from /lib/libc.so.6

Thread 1 (Thread 0xb7893930 (LWP 3765)):
[KCrash Handler]
#7  0x02525a8c in type (exec=0x8f21410, ctx=0x8f21400, in=0xb1236e20, path=...) at ../../kjs/value.h:452
#8  KJS::cloneInternal (exec=0x8f21410, ctx=0x8f21400, in=0xb1236e20, path=...) at ../../khtml/ecma/kjs_data.cpp:37
#9  0x02525f24 in KJS::encapsulateMessageEventData (exec=0x8f21410, ctx=0x8f21400, data=0xb1236e20) at ../../khtml/ecma/kjs_data.cpp:117
#10 0x02526126 in KJS::DelayedPostMessage::execute (this=0x8980330, w=0xb2530040) at ../../khtml/ecma/kjs_data.cpp:169
#11 0x024c8bbb in KJS::Window::afterScriptExecution (this=0xb2530040) at ../../khtml/ecma/kjs_window.cpp:1327
#12 0x024ca4ff in KJS::WindowQObject::timerEvent (this=0x8f21360) at ../../khtml/ecma/kjs_window.cpp:2481
#13 0x0413b504 in QObject::event (this=0x8f21360, e=0xb1236e20) at kernel/qobject.cpp:1183
#14 0x05890fdc in QApplicationPrivate::notify_helper (this=0x875a518, receiver=0x8f21360, e=0xbfa2b5f0) at kernel/qapplication.cpp:4396
#15 0x0589704e in QApplication::notify (this=0xbfa2ba74, receiver=0x8f21360, e=0xbfa2b5f0) at kernel/qapplication.cpp:3798
#16 0x011b1f7a in KApplication::notify (this=0xbfa2ba74, receiver=0x8f21360, event=0xbfa2b5f0) at ../../kdeui/kernel/kapplication.cpp:311
#17 0x04128b3b in QCoreApplication::notifyInternal (this=0xbfa2ba74, receiver=0x8f21360, event=0xbfa2b5f0) at kernel/qcoreapplication.cpp:732
#18 0x0415aad6 in sendEvent (this=0x875d2a4) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:215
#19 QTimerInfoList::activateTimers (this=0x875d2a4) at kernel/qeventdispatcher_unix.cpp:602
#20 0x041578a7 in timerSourceDispatch (source=0x875d700) at kernel/qeventdispatcher_glib.cpp:184
#21 idleTimerSourceDispatch (source=0x875d700) at kernel/qeventdispatcher_glib.cpp:231
#22 0x01e59855 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#23 0x01e5d668 in ?? () from /lib/libglib-2.0.so.0
#24 0x01e5d848 in g_main_context_iteration () from /lib/libglib-2.0.so.0
#25 0x04157565 in QEventDispatcherGlib::processEvents (this=0x8741b58, flags=...) at kernel/qeventdispatcher_glib.cpp:415
#26 0x05952be5 in QGuiEventDispatcherGlib::processEvents (this=0x8741b58, flags=...) at kernel/qguieventdispatcher_glib.cpp:204
#27 0x04127609 in QEventLoop::processEvents (this=0xbfa2b8b4, flags=) at kernel/qeventloop.cpp:149
#28 0x04127a8a in QEventLoop::exec (this=0xbfa2b8b4, flags=...) at kernel/qeventloop.cpp:201
#29 0x0412c00f in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1009
#30 0x0588fe07 in QApplication::exec () at kernel/qapplication.cpp:3672
#31 0x0094be42 in kdemain (argc=2, argv=0xbfa2bd54) at ../../../../apps/konqueror/src/konqmain.cpp:234
#32 0x080485ab in main (argc=2, argv=0xbfa2bd54) at konqueror_dummy.cpp:3

Possible duplicates by query: bug 262791, bug 262703, bug 261403.

Reported using DrKonqi
Comment 1 kushagra1276 2011-01-28 19:46:24 UTC
Created attachment 56585 [details]
New crash information added by DrKonqi

konqueror (4.6.00 (4.6.0)) on KDE Platform 4.6.00 (4.6.0) using Qt 4.7.0

- What I was doing when the application crashed:
I was using Facebook chat when Konqueror crashed

-- Backtrace (Reduced):
#7  0x05828a8c in type (exec=0x9e71ec8, ctx=0x9e71eb8, in=0xaea40be0, path=...) at ../../kjs/value.h:452
#8  KJS::cloneInternal (exec=0x9e71ec8, ctx=0x9e71eb8, in=0xaea40be0, path=...) at ../../khtml/ecma/kjs_data.cpp:37
#9  0x05828f24 in KJS::encapsulateMessageEventData (exec=0x9e71ec8, ctx=0x9e71eb8, data=0xaea40be0) at ../../khtml/ecma/kjs_data.cpp:117
#10 0x05829126 in KJS::DelayedPostMessage::execute (this=0xbd64060, w=0xb5040000) at ../../khtml/ecma/kjs_data.cpp:169
#11 0x057cbbbb in KJS::Window::afterScriptExecution (this=0xb5040000) at ../../khtml/ecma/kjs_window.cpp:1327
Comment 2 Dario Andres 2011-02-19 23:59:14 UTC
[Comment from a bug triager]
From bug 266255:
- What I was doing when the application crashed:
Sometimes, when I get a new message on facebook chat, Konqueror crashes. This
behaviour has occurred at least twice
Comment 3 Dario Andres 2011-02-19 23:59:19 UTC
*** Bug 266340 has been marked as a duplicate of this bug. ***
Comment 4 Dario Andres 2011-02-19 23:59:23 UTC
*** Bug 266255 has been marked as a duplicate of this bug. ***
Comment 5 Felix Lemke 2011-03-06 11:51:40 UTC
Created attachment 57716 [details]
New crash information added by DrKonqi

konqueror (4.6.00 (4.6.0)) on KDE Platform 4.6.00 (4.6.0) using Qt 4.7.2

- What I was doing when the application crashed:

I clicked around gta.wikia.com. Konqueror crashs on different pages, sometime at the start page, sometimes later.

-- Backtrace (Reduced):
#6  0x00007f7d6c60e81a in type (exec=<value optimized out>, ctx=0xf204f0, in=0x7f7d6781e6c0, path=...) at /usr/src/debug/kdelibs-4.6.0/kjs/value.h:452
#7  KJS::cloneInternal (exec=<value optimized out>, ctx=0xf204f0, in=0x7f7d6781e6c0, path=...) at /usr/src/debug/kdelibs-4.6.0/khtml/ecma/kjs_data.cpp:37
#8  0x00007f7d6c60ebd0 in KJS::encapsulateMessageEventData (exec=0xf20510, ctx=<value optimized out>, data=<value optimized out>) at /usr/src/debug/kdelibs-4.6.0/khtml/ecma/kjs_data.cpp:117
#9  0x00007f7d6c60ede6 in KJS::DelayedPostMessage::execute (this=0x34379f0, w=<value optimized out>) at /usr/src/debug/kdelibs-4.6.0/khtml/ecma/kjs_data.cpp:169
#10 0x00007f7d6c5c3a13 in KJS::Window::afterScriptExecution (this=0x7f7d6caf0000) at /usr/src/debug/kdelibs-4.6.0/khtml/ecma/kjs_window.cpp:1327
Comment 6 Kushagra 2011-03-23 10:39:33 UTC
Created attachment 58283 [details]
New crash information added by DrKonqi

konqueror (4.6.00 (4.6.0) "release 6") on KDE Platform 4.6.00 (4.6.0) "release 6" using Qt 4.7.1

- What I was doing when the application crashed:Just chatting on facebook makes konqueror crash with webkit.with khtml it does not crash that regularly

-- Backtrace (Reduced):
#6  0xafb1d680 in type (exec=0x8421818, ctx=0x8421808, in=0xaaca4660, path=...) at /usr/src/debug/kdelibs-4.6.0/kjs/value.h:452
#7  KJS::cloneInternal (exec=0x8421818, ctx=0x8421808, in=0xaaca4660, path=...) at /usr/src/debug/kdelibs-4.6.0/khtml/ecma/kjs_data.cpp:37
#8  0xafb1dacd in KJS::encapsulateMessageEventData (exec=0x8421818, ctx=0x8421808, data=0xaaca4660) at /usr/src/debug/kdelibs-4.6.0/khtml/ecma/kjs_data.cpp:117
#9  0xafb1dcc4 in KJS::DelayedPostMessage::execute (this=0xaa52bb8, w=0x0) at /usr/src/debug/kdelibs-4.6.0/khtml/ecma/kjs_data.cpp:169
#10 0xafacbdfc in KJS::Window::afterScriptExecution (this=0xad760000) at /usr/src/debug/kdelibs-4.6.0/khtml/ecma/kjs_window.cpp:1327
Comment 7 Petr Nadeiko 2011-04-01 13:59:40 UTC
Created attachment 58496 [details]
New crash information added by DrKonqi

konqueror (4.6.00 (4.6.0) "release 6") on KDE Platform 4.6.00 (4.6.0) "release 6" using Qt 4.7.1

i just surfing on the zizi.ru. my system is busy, all memory is used. na 90% CPU.

-- Backtrace (Reduced):
#6  0x00007fd772e7e48a in type (exec=0xbbaeb0, ctx=0xbbae90, in=0x7fd76dce5340, path=...) at /usr/src/debug/kdelibs-4.6.0/kjs/value.h:452
#7  KJS::cloneInternal (exec=0xbbaeb0, ctx=0xbbae90, in=0x7fd76dce5340, path=...) at /usr/src/debug/kdelibs-4.6.0/khtml/ecma/kjs_data.cpp:37
#8  0x00007fd772e7e840 in KJS::encapsulateMessageEventData (exec=0xbbaeb0, ctx=<value optimized out>, data=<value optimized out>) at /usr/src/debug/kdelibs-4.6.0/khtml/ecma/kjs_data.cpp:117
#9  0x00007fd772e7ea56 in KJS::DelayedPostMessage::execute (this=0x2e3a800, w=<value optimized out>) at /usr/src/debug/kdelibs-4.6.0/khtml/ecma/kjs_data.cpp:169
#10 0x00007fd772e33553 in KJS::Window::afterScriptExecution (this=0x7fd7737d0000) at /usr/src/debug/kdelibs-4.6.0/khtml/ecma/kjs_window.cpp:1327
Comment 8 Tommi Tervo 2011-04-10 09:52:38 UTC
*** Bug 270555 has been marked as a duplicate of this bug. ***
Comment 9 Tommi Tervo 2011-04-13 20:17:25 UTC
*** Bug 270847 has been marked as a duplicate of this bug. ***
Comment 10 Christopher Roy Bratusek 2011-05-01 11:47:19 UTC
Created attachment 59481 [details]
New crash information added by DrKonqi

konqueror (4.6.2 (4.6.2)) on KDE Platform 4.6.2 (4.6.2) using Qt 4.7.2

- What I was doing when the application crashed:

I was simply surfing on FB while it happened, it does pretty un-conditional (from users point of view).

-- Backtrace (Reduced):
#6  0x00007f20f2a0d02a in type (exec=0x2005810, ctx=0x20057f0, in=0x7f20eaec3400, path=...) at ../../kjs/value.h:452
#7  KJS::cloneInternal (exec=0x2005810, ctx=0x20057f0, in=0x7f20eaec3400, path=...) at ../../khtml/ecma/kjs_data.cpp:37
#8  0x00007f20f2a0d4c3 in KJS::encapsulateMessageEventData (exec=0x2005810, ctx=<value optimized out>, data=<value optimized out>) at ../../khtml/ecma/kjs_data.cpp:117
#9  0x00007f20f2a0d6b5 in KJS::DelayedPostMessage::execute (this=0x4584700, w=<value optimized out>) at ../../khtml/ecma/kjs_data.cpp:169
#10 0x00007f20f29c2a0b in KJS::Window::afterScriptExecution (this=0x7f20f8e20180) at ../../khtml/ecma/kjs_window.cpp:1327
Comment 11 Joachim Mairböck 2011-05-29 10:00:36 UTC
Created attachment 60429 [details]
New crash information added by DrKonqi

konqueror (4.6.3 (4.6.3)) on KDE Platform 4.6.3 (4.6.3) using Qt 4.7.3

- What I was doing when the application crashed:
It not only affects facebook. I was typing a comment on a site that uses Disqus for comments (http://www.eatyourkimchi.com/).

-- Backtrace (Reduced):
#7  0xaedc76b0 in type (exec=0x9ae3030, ctx=0x9ae3020, in=0xa8164c40, path=...) at /usr/src/debug/kdelibs-4.6.3/kjs/value.h:452
#8  KJS::cloneInternal (exec=0x9ae3030, ctx=0x9ae3020, in=0xa8164c40, path=...) at /usr/src/debug/kdelibs-4.6.3/khtml/ecma/kjs_data.cpp:37
#9  0xaedc7afd in KJS::encapsulateMessageEventData (exec=0x9ae3030, ctx=0x9ae3020, data=0xa8164c40) at /usr/src/debug/kdelibs-4.6.3/khtml/ecma/kjs_data.cpp:117
#10 0xaedc7cf4 in KJS::DelayedPostMessage::execute (this=0xb011580, w=0x0) at /usr/src/debug/kdelibs-4.6.3/khtml/ecma/kjs_data.cpp:169
#11 0xaed75e2c in KJS::Window::afterScriptExecution (this=0xac9c0080) at /usr/src/debug/kdelibs-4.6.3/khtml/ecma/kjs_window.cpp:1327
Comment 12 Matthew Dawson 2011-07-14 23:18:59 UTC
Created attachment 61884 [details]
New crash information added by DrKonqi

konqueror (4.6.3 (4.6.3)) on KDE Platform 4.6.3 (4.6.3) using Qt 4.7.3

- What I was doing when the application crashed:

When browsing the android market place, konqueror will sometimes crash.  No particular page or action will cause it, but it happens pretty regularly.

-- Backtrace (Reduced):
#6  0x00007f1301292833 in type (exec=<value optimized out>, ctx=0x2db1770, in=0x7f12f90322c0, path=...) at /usr/src/debug/kde-base/kdelibs-4.6.3-r3/kdelibs-4.6.3/kjs/value.h:452
#7  KJS::cloneInternal (exec=<value optimized out>, ctx=0x2db1770, in=0x7f12f90322c0, path=...) at /usr/src/debug/kde-base/kdelibs-4.6.3-r3/kdelibs-4.6.3/khtml/ecma/kjs_data.cpp:37
#8  0x00007f1301292cc3 in KJS::encapsulateMessageEventData (exec=0x2db1790, ctx=<value optimized out>, data=<value optimized out>) at /usr/src/debug/kde-base/kdelibs-4.6.3-r3/kdelibs-4.6.3/khtml/ecma/kjs_data.cpp:117
#9  0x00007f1301292e7c in KJS::DelayedPostMessage::execute (this=0x6331100, w=<value optimized out>) at /usr/src/debug/kde-base/kdelibs-4.6.3-r3/kdelibs-4.6.3/khtml/ecma/kjs_data.cpp:169
#10 0x00007f1301247cfb in KJS::Window::afterScriptExecution (this=0x7f1318840180) at /usr/src/debug/kde-base/kdelibs-4.6.3-r3/kdelibs-4.6.3/khtml/ecma/kjs_window.cpp:1327
Comment 13 Thomas Fischer 2011-07-15 10:34:53 UTC
I can confirm this bug on Gentoo Linux KDE 4.6.4, Qt 4.7.3, and kernel 2.6.37-gentoo-r4.
Multiple tabs were open, I cannot trace which one caused the crash.
My backtrace looks like this:

Thread 1 (Thread 0xb5908710 (LWP 3546)):
[KCrash Handler]
#7  0xace0adda in KJS::JSValue::type (this=0xa7fe0260) at /var/tmp/portage/kde-base/kdelibs-4.6.4-r2/work/kdelibs-4.6.4/kjs/value.h:452
#8  0xace8fb38 in KJS::cloneInternal (exec=0x9e22820, ctx=0x9e22810, in=0xa7fe0260, path=...) at /var/tmp/portage/kde-base/kdelibs-4.6.4-r2/work/kdelibs-4.6.4/khtml/ecma/kjs_data.cpp:37
#9  0xace8fdd2 in KJS::encapsulateMessageEventData (exec=0x9e22820, ctx=0x9e22810, data=0xa7fe0260) at /var/tmp/portage/kde-base/kdelibs-4.6.4-r2/work/kdelibs-4.6.4/khtml/ecma/kjs_data.cpp:117
#10 0xace8ff85 in KJS::DelayedPostMessage::execute (this=0xcbde360, w=0xad430180) at /var/tmp/portage/kde-base/kdelibs-4.6.4-r2/work/kdelibs-4.6.4/khtml/ecma/kjs_data.cpp:169
#11 0xace439f3 in KJS::Window::afterScriptExecution (this=0xad430180) at /var/tmp/portage/kde-base/kdelibs-4.6.4-r2/work/kdelibs-4.6.4/khtml/ecma/kjs_window.cpp:1327
#12 0xace43b4c in KJS::WindowQObject::timerEvent (this=0xa2c07f8) at /var/tmp/portage/kde-base/kdelibs-4.6.4-r2/work/kdelibs-4.6.4/khtml/ecma/kjs_window.cpp:2481
#13 0xb6e4188c in QObject::event (this=0xa2c07f8, e=0xa7fe0260) at kernel/qobject.cpp:1181
#14 0xb62e637f in QApplicationPrivate::notify_helper (this=0x9afc560, receiver=0xa2c07f8, e=0xbfa5adfc) at kernel/qapplication.cpp:4462
#15 0xb62ee292 in QApplication::notify (this=0xbfa5b1f8, receiver=0xa2c07f8, e=0xbfa5adfc) at kernel/qapplication.cpp:3862
#16 0xb74e3885 in KApplication::notify (this=0xbfa5b1f8, receiver=0xa2c07f8, event=0xbfa5adfc) at /var/tmp/portage/kde-base/kdelibs-4.6.4-r2/work/kdelibs-4.6.4/kdeui/kernel/kapplication.cpp:311
#17 0xb6e2eb25 in QCoreApplication::notifyInternal (this=0xbfa5b1f8, receiver=0xa2c07f8, event=0xbfa5adfc) at kernel/qcoreapplication.cpp:731
#18 0xb6e62164 in sendEvent (this=0x9afee8c) at kernel/qcoreapplication.h:215
#19 QTimerInfoList::activateTimers (this=0x9afee8c) at kernel/qeventdispatcher_unix.cpp:604
#20 0xb6e5ee89 in timerSourceDispatch (source=0x9afeec0) at kernel/qeventdispatcher_glib.cpp:184
#21 idleTimerSourceDispatch (source=0x9afeec0) at kernel/qeventdispatcher_glib.cpp:231
#22 0xb5aaab60 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#23 0xb5aaec48 in ?? () from /usr/lib/libglib-2.0.so.0
#24 0xb5aaedfd in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#25 0xb6e5eba6 in QEventDispatcherGlib::processEvents (this=0x9ac3990, flags=...) at kernel/qeventdispatcher_glib.cpp:422
#26 0xb63ab30c in QGuiEventDispatcherGlib::processEvents (this=0x9ac3990, flags=...) at kernel/qguieventdispatcher_glib.cpp:204
#27 0xb6e2d5ff in QEventLoop::processEvents (this=0xbfa5b0c4, flags=) at kernel/qeventloop.cpp:149
#28 0xb6e2da25 in QEventLoop::exec (this=0xbfa5b0c4, flags=...) at kernel/qeventloop.cpp:201
#29 0xb6e30432 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1008
#30 0xb62e4b06 in QApplication::exec () at kernel/qapplication.cpp:3736
#31 0xb029138b in kdemain (argc=2, argv=0x9acb9d8) at /var/tmp/portage/kde-base/konqueror-4.6.4/work/konqueror-4.6.4/konqueror/src/konqmain.cpp:219
#32 0x0804e872 in launch (argc=<value optimized out>, _name=<value optimized out>, args=<value optimized out>, cwd=0x9acba3b "/home/fischer", envc=56, envs=0x9acba4d "MANPATH=/etc/java-config-2/current-system-vm/man:/usr/local/share/man:/usr/share/man:/usr/share/binutils-data/i686-pc-linux-gnu/2.20.1/man:/usr/share/gcc-data/i486-pc-linux-gnu/4.1.2/man:/usr/share/gc"..., reset_env=true, tty=0x0, avoid_loops=false, startup_id_str=0x9acc4e4 "0") at /var/tmp/portage/kde-base/kdelibs-4.6.4-r2/work/kdelibs-4.6.4/kinit/kinit.cpp:734
#33 0x0804f323 in handle_launcher_request (sock=<value optimized out>, who=<value optimized out>) at /var/tmp/portage/kde-base/kdelibs-4.6.4-r2/work/kdelibs-4.6.4/kinit/kinit.cpp:1226
#34 0x0805001a in handle_requests (waitForPid=<value optimized out>) at /var/tmp/portage/kde-base/kdelibs-4.6.4-r2/work/kdelibs-4.6.4/kinit/kinit.cpp:1410
#35 0x080505ea in main (argc=2, argv=0xbfa5b9a4, envp=0xbfa5b9b0) at /var/tmp/portage/kde-base/kdelibs-4.6.4-r2/work/kdelibs-4.6.4/kinit/kinit.cpp:1907
Comment 14 Tommi Tervo 2011-07-24 12:24:57 UTC
*** Bug 271960 has been marked as a duplicate of this bug. ***
Comment 15 Tommi Tervo 2011-07-24 13:13:56 UTC
First invalid read error message is propably different bug but second invalid read looks like a hit.

==30114== Invalid read of size 2
==30114==    at 0x5016600: QChar::isSpace() const (qchar.cpp:545)
==30114==    by 0xBD69C33: DOM::Selection::validate(DOM::Selection::ETextGranularity) (dom_selection.cpp:643)
==30114==    by 0xBD67C2A: DOM::Selection::expandUsingGranularity(DOM::Selection::ETextGranularity) (dom_selection.cpp:305)
==30114==    by 0xBCB74A4: KHTMLPart::handleMousePressEventDoubleClick(khtml::MouseDoubleClickEvent*) (khtml_part.cpp:6185)
==30114==    by 0xBCB808C: KHTMLPart::khtmlMouseDoubleClickEvent(khtml::MouseDoubleClickEvent*) (khtml_part.cpp:6317)
==30114==    by 0xBCB6F20: KHTMLPart::customEvent(QEvent*) (khtml_part.cpp:6064)
==30114==    by 0x50E1E1B: QObject::event(QEvent*) (qobject.cpp:1248)
==30114==    by 0x53DE683: QApplicationPrivate::notify_helper(QObject*, QEvent*) (qapplication.cpp:4462)
==30114==    by 0x53E7426: QApplication::notify(QObject*, QEvent*) (qapplication.cpp:3862)
==30114==  Address 0xfb50062 is 0 bytes after a block of size 10 alloc'd
==30114==    at 0x4028679: operator new[](unsigned int) (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==30114==    by 0xBFB4C6F: DOM::DOMString::DOMString(QChar const*, unsigned int) (dom_string.cpp:32)
==30114==    by 0xBF0ABE4: KJS::UString::domString() const (kjs_binding.cpp:214)
==30114==    by 0xBF120C6: DOMDocumentProtoFunc::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (kjs_dom.cpp:1089)
==30114==    by 0xBF50B90: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.h:626)
==30114==    by 0xC4A1B6B: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1223)
==30114==    by 0xC475A61: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:172)
==30114==    by 0xBF50B90: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.h:626)
==30114==    by 0xC4A1B6B: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1223)
==30114==    by 0xC475A61: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:172)
==30114==    by 0xBF50B90: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.h:626)
==30114==    by 0xC4A1B6B: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1223)
==30114==    by 0xC475A61: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:172)
==30114==    by 0xBF50B90: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.h:626)
==30114==    by 0xC4A1B6B: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1223)
==30114==    by 0xC475A61: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:172)
==30114==    by 0xBF50B90: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.h:626)
==30114==    by 0xC4A1B6B: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1223)
==30114==    by 0xC475A61: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:172)
==30114==    by 0xBF50B90: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.h:626)
==30114==    by 0xC4A1B6B: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1223)
==30114==    by 0xC475A61: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:172)
==30114==    by 0xBF50B90: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.h:626)
==30114==    by 0xC4A1B6B: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1223)
==30114==    by 0xC475A61: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:172)
==30114==    by 0xBF50B90: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.h:626)
==30114==    by 0xC45D600: KJS::FunctionProtoFunc::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function_object.cpp:123)
==30114==    by 0xBF50B90: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.h:626)
==30114==    by 0xC4A1B6B: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1223)
==30114==    by 0xC475A61: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:172)
==30114==    by 0xBF50B90: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.h:626)
==30114==    by 0xC4A1B6B: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1223)
==30114==    by 0xC475A61: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:172)
==30114==    by 0xBF50B90: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.h:626)
==30114==    by 0xC45D600: KJS::FunctionProtoFunc::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function_object.cpp:123)
==30114==    by 0xBF50B90: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.h:626)
==30114==    by 0xC4A1B6B: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1223)
==30114==    by 0xC475A61: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:172)
==30114==    by 0xBF50B90: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.h:626)
==30114==    by 0xC45D600: KJS::FunctionProtoFunc::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function_object.cpp:123)
==30114==    by 0xBF50B90: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.h:626)
==30114==    by 0xC4A1B6B: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1223)
==30114==    by 0xC475A61: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:172)
==30114==    by 0xBF50B90: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.h:626)
==30114==    by 0xC4A1B6B: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1223)
==30114==    by 0xC475A61: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:172)
==30114==    by 0xBF50B90: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.h:626)
==30114==    by 0xBF4D0B3: KJS::ScheduledAction::execute(KJS::Window*) (kjs_window.cpp:2283)
==30114==    by 0xBF4DD76: KJS::WindowQObject::timerEvent(QTimerEvent*) (kjs_window.cpp:2458)
==30114==    by 0x50E1C03: QObject::event(QEvent*) (qobject.cpp:1181)



==30114== Invalid read of size 4
==30114==    at 0xBF0BBC4: KJS::JSValue::type() const (value.h:452)
==30114==    by 0xBF95B67: KJS::cloneInternal(KJS::ExecState*, KJS::Interpreter*, KJS::JSValue*, QSet<KJS::JSObject*>&) (kjs_data.cpp:37)
==30114==    by 0xBF95EA1: KJS::encapsulateMessageEventData(KJS::ExecState*, KJS::Interpreter*, KJS::JSValue*) (kjs_data.cpp:117)
==30114==    by 0xBF962F2: KJS::DelayedPostMessage::execute(KJS::Window*) (kjs_data.cpp:169)
==30114==    by 0xBF46252: KJS::Window::afterScriptExecution() (kjs_window.cpp:1327)
==30114==    by 0xBF4DEC6: KJS::WindowQObject::timerEvent(QTimerEvent*) (kjs_window.cpp:2481)
==30114==    by 0x50E1C03: QObject::event(QEvent*) (qobject.cpp:1181)
==30114==    by 0x53DE683: QApplicationPrivate::notify_helper(QObject*, QEvent*) (qapplication.cpp:4462)
==30114==    by 0x53E7426: QApplication::notify(QObject*, QEvent*) (qapplication.cpp:3862)
==30114==  Address 0x8 is not stack'd, malloc'd or (recently) free'd
Comment 16 Tommi Tervo 2011-07-26 08:12:36 UTC
*** Bug 278507 has been marked as a duplicate of this bug. ***
Comment 17 Frédéric COIFFIER 2011-08-11 19:32:41 UTC
Created attachment 62761 [details]
New crash information added by DrKonqi

konqueror (4.7.00 (4.7.0)) on KDE Platform 4.7.00 (4.7.0) using Qt 4.7.3

- What I was doing when the application crashed:

Crash when opening http://www.slate.fr/story/9843/le-voyage-dans-le-temps-pour-les-nuls but cannot be reproduced.

-- Backtrace (Reduced):
#6  0x00007fee02858806 in type (this=<optimized out>) at /var/tmp/portage/kde-base/kdelibs-4.7.0-r1/work/kdelibs-4.7.0/kjs/value.h:452
#7  KJS::cloneInternal (exec=0x15a4a00, ctx=0x15a49e0, in=0x7fedfd437a80, path=...) at /var/tmp/portage/kde-base/kdelibs-4.7.0-r1/work/kdelibs-4.7.0/khtml/ecma/kjs_data.cpp:37
#8  0x00007fee02858c43 in KJS::encapsulateMessageEventData (exec=0x7fedfd437a80, ctx=0x15a49e0, data=0x7fedfd437a80) at /var/tmp/portage/kde-base/kdelibs-4.7.0-r1/work/kdelibs-4.7.0/khtml/ecma/kjs_data.cpp:117
#9  0x00007fee02858e54 in KJS::DelayedPostMessage::execute (this=0x3cb2ad0, w=<optimized out>) at /var/tmp/portage/kde-base/kdelibs-4.7.0-r1/work/kdelibs-4.7.0/khtml/ecma/kjs_data.cpp:169
#10 0x00007fee028023d3 in KJS::Window::afterScriptExecution (this=0x7fedfff90000) at /var/tmp/portage/kde-base/kdelibs-4.7.0-r1/work/kdelibs-4.7.0/khtml/ecma/kjs_window.cpp:1327
Comment 18 Christophe Marin 2011-10-02 09:04:27 UTC
*** Bug 282575 has been marked as a duplicate of this bug. ***
Comment 19 Christophe Marin 2011-10-02 09:04:44 UTC
*** Bug 281325 has been marked as a duplicate of this bug. ***
Comment 20 RussianNeuroMancer 2011-12-29 09:23:46 UTC
Created attachment 67216 [details]
New crash information added by DrKonqi

kontact (4.7.4) on KDE Platform 4.7.4 (4.7.4) using Qt 4.7.4

- What I was doing when the application crashed:

Konqueror was in the background when crash occured.

-- Backtrace (Reduced):
#6  0x00007f48ac27d2ca in type (this=0x7f48a2dee2c0) at ../../kjs/value.h:452
#7  KJS::cloneInternal (exec=0x7a78640, ctx=0x7a78620, in=0x7f48a2dee2c0, path=...) at ../../khtml/ecma/kjs_data.cpp:37
#8  0x00007f48ac27d763 in KJS::encapsulateMessageEventData (exec=0x7a78640, ctx=<optimized out>, data=<optimized out>) at ../../khtml/ecma/kjs_data.cpp:117
#9  0x00007f48ac27d955 in KJS::DelayedPostMessage::execute (this=0x43beb40, w=<optimized out>) at ../../khtml/ecma/kjs_data.cpp:169
#10 0x00007f48ac232c8b in KJS::Window::afterScriptExecution (this=0x7f48a5f10280) at ../../khtml/ecma/kjs_window.cpp:1327
Comment 21 Tommi Tervo 2012-01-19 09:17:45 UTC
*** Bug 291864 has been marked as a duplicate of this bug. ***
Comment 22 Christophe Marin 2012-01-26 14:47:59 UTC
*** Bug 292308 has been marked as a duplicate of this bug. ***
Comment 23 Myriam Schweingruber 2012-06-18 21:20:32 UTC
*** Bug 261403 has been marked as a duplicate of this bug. ***
Comment 24 Myriam Schweingruber 2012-06-18 21:21:22 UTC
*** Bug 244154 has been marked as a duplicate of this bug. ***
Comment 25 Myriam Schweingruber 2012-06-18 21:21:55 UTC
*** Bug 270652 has been marked as a duplicate of this bug. ***
Comment 26 Myriam Schweingruber 2012-06-18 21:23:10 UTC
*** Bug 290555 has been marked as a duplicate of this bug. ***
Comment 27 Myriam Schweingruber 2012-06-18 21:24:07 UTC
*** Bug 262703 has been marked as a duplicate of this bug. ***
Comment 28 Myriam Schweingruber 2012-06-18 21:24:43 UTC
*** Bug 299672 has been marked as a duplicate of this bug. ***
Comment 29 Jekyll Wu 2012-09-20 09:16:18 UTC
*** Bug 307096 has been marked as a duplicate of this bug. ***
Comment 30 Jekyll Wu 2012-10-02 10:48:25 UTC
*** Bug 307712 has been marked as a duplicate of this bug. ***
Comment 31 Jekyll Wu 2013-01-06 14:58:16 UTC
*** Bug 312751 has been marked as a duplicate of this bug. ***
Comment 32 RussianNeuroMancer 2013-01-06 15:29:22 UTC
Still reproducible in KDE 4.10 RC2.
Comment 33 Jekyll Wu 2013-01-24 02:58:24 UTC
*** Bug 313800 has been marked as a duplicate of this bug. ***
Comment 34 Andrea Iacovitti 2013-03-18 14:43:42 UTC
*** Bug 316940 has been marked as a duplicate of this bug. ***
Comment 35 Jekyll Wu 2013-04-03 12:33:20 UTC
*** Bug 317609 has been marked as a duplicate of this bug. ***
Comment 36 Jekyll Wu 2013-04-03 12:34:01 UTC
*** Bug 317776 has been marked as a duplicate of this bug. ***
Comment 37 Tommi Tervo 2013-04-06 09:41:20 UTC
*** Bug 317912 has been marked as a duplicate of this bug. ***
Comment 38 Jekyll Wu 2013-04-07 16:04:02 UTC
*** Bug 316476 has been marked as a duplicate of this bug. ***
Comment 39 Jekyll Wu 2013-04-07 16:04:35 UTC
*** Bug 317981 has been marked as a duplicate of this bug. ***
Comment 40 Andrea Iacovitti 2013-04-08 15:30:06 UTC
*** Bug 318037 has been marked as a duplicate of this bug. ***
Comment 41 Jekyll Wu 2013-04-10 07:12:19 UTC
*** Bug 318117 has been marked as a duplicate of this bug. ***
Comment 42 Rolf Eike Beer 2013-04-17 06:10:12 UTC
Created attachment 78978 [details]
New crash information added by DrKonqi

konqueror (4.10.2 "release 553") on KDE Platform 4.10.2 "release 556" using Qt 4.8.4

The crash happened on session login. The webpages restored in the browser window seem to haven been loaded normally.

While the ending frames of this backtrace are the same as in the other crashes this was not triggered by a timer event as it looks like.

-- Backtrace (Reduced):
#6  0x00007f4503980713 in type (this=0x7f44fb2e57c0) at /usr/src/debug/kdelibs-4.10.2/kjs/value.h:452
#7  KJS::cloneInternal (exec=exec@entry=0x36b6840, ctx=ctx@entry=0x36b6820, in=in@entry=0x7f44fb2e57c0, path=...) at /usr/src/debug/kdelibs-4.10.2/khtml/ecma/kjs_data.cpp:37
#8  0x00007f4503980a73 in KJS::encapsulateMessageEventData (exec=0x36b6840, ctx=ctx@entry=0x36b6820, data=data@entry=0x7f44fb2e57c0) at /usr/src/debug/kdelibs-4.10.2/khtml/ecma/kjs_data.cpp:117
#9  0x00007f4503980c78 in KJS::DelayedPostMessage::execute (this=0x2a74040, w=<optimized out>) at /usr/src/debug/kdelibs-4.10.2/khtml/ecma/kjs_data.cpp:169
#10 0x00007f4503936c0b in KJS::Window::afterScriptExecution (this=0x7f4503e70280) at /usr/src/debug/kdelibs-4.10.2/khtml/ecma/kjs_window.cpp:1337
Comment 43 Andrea Iacovitti 2013-04-29 08:30:34 UTC
Created attachment 79536 [details]
New crash information added by DrKonqi

konqueror (4.10.2) on KDE Platform 4.10.2 using Qt 4.8.2

- What I was doing when the application crashed:

I was not surfing facebook. Probably the crash occured while opening link from google results page in a new tab.

-- Backtrace (Reduced):
#7  0xb1e84930 in type (this=0xb08ef500) at ../../kjs/value.h:452
#8  KJS::cloneInternal (exec=exec@entry=0xaa0e030, ctx=ctx@entry=0xaa0e020, in=in@entry=0xb08ef500, path=...) at ../../khtml/ecma/kjs_data.cpp:37
#9  0xb1e84d2d in KJS::encapsulateMessageEventData (exec=0xaa0e030, ctx=0xaa0e020, data=0xb08ef500) at ../../khtml/ecma/kjs_data.cpp:117
#10 0xb1e84f1b in KJS::DelayedPostMessage::execute (this=0xa788858, w=0x0) at ../../khtml/ecma/kjs_data.cpp:169
#11 0xb1e31804 in KJS::Window::afterScriptExecution (this=0xae573520) at ../../khtml/ecma/kjs_window.cpp:1549
Comment 44 m.wege 2013-06-04 07:21:14 UTC
Crash still happens with 4.10.3
Rückverfolgung des Absturzes:

Application: Akregator (akregator), signal: Segmentation fault
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[Current thread is 1 (Thread 0x7f2fbe8177c0 (LWP 2377))]

Thread 2 (Thread 0x7f2f7d327700 (LWP 2548)):
#0  0x00007f2fbb3d43cd in poll () at ../sysdeps/unix/syscall-template.S:81
#1  0x00007f2fb5d521dc in g_main_context_poll (n_fds=1, fds=0x7f2f74002660, timeout=-1, context=0x7f2f74000bb0, priority=<optimized out>) at /build/buildd/glib2.0-2.36.0/./glib/gmain.c:3995
#2  g_main_context_iterate (context=context@entry=0x7f2f74000bb0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at /build/buildd/glib2.0-2.36.0/./glib/gmain.c:3696
#3  0x00007f2fb5d52304 in g_main_context_iteration (context=0x7f2f74000bb0, may_block=1) at /build/buildd/glib2.0-2.36.0/./glib/gmain.c:3762
#4  0x00007f2fbbfea036 in QEventDispatcherGlib::processEvents (this=0x7f2f740024f0, flags=...) at kernel/qeventdispatcher_glib.cpp:426
#5  0x00007f2fbbfba38f in QEventLoop::processEvents (this=this@entry=0x7f2f7d326d90, flags=...) at kernel/qeventloop.cpp:149
#6  0x00007f2fbbfba618 in QEventLoop::exec (this=this@entry=0x7f2f7d326d90, flags=...) at kernel/qeventloop.cpp:204
#7  0x00007f2fbbebc410 in QThread::exec (this=this@entry=0x233a9920) at thread/qthread.cpp:542
#8  0x00007f2fbbf9bedf in QInotifyFileSystemWatcherEngine::run (this=0x233a9920) at io/qfilesystemwatcher_inotify.cpp:256
#9  0x00007f2fbbebebec in QThreadPrivate::start (arg=0x233a9920) at thread/qthread_unix.cpp:338
#10 0x00007f2fb6224f8e in start_thread (arg=0x7f2f7d327700) at pthread_create.c:311
#11 0x00007f2fbb3e0e1d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113

Thread 1 (Thread 0x7f2fbe8177c0 (LWP 2377)):
[KCrash Handler]
#6  0x00007f2fb8697373 in type (this=0x7f2f91d0ddc0) at ../../kjs/value.h:452
#7  KJS::cloneInternal (exec=exec@entry=0x3ea6f5c0, ctx=ctx@entry=0x3ea6f5a0, in=in@entry=0x7f2f91d0ddc0, path=...) at ../../khtml/ecma/kjs_data.cpp:37
#8  0x00007f2fb86976d3 in KJS::encapsulateMessageEventData (exec=0x3ea6f5c0, ctx=ctx@entry=0x3ea6f5a0, data=data@entry=0x7f2f91d0ddc0) at ../../khtml/ecma/kjs_data.cpp:117
#9  0x00007f2fb8697948 in KJS::DelayedPostMessage::execute (this=0x19b2d230, w=<optimized out>) at ../../khtml/ecma/kjs_data.cpp:169
#10 0x00007f2fb864605b in KJS::Window::afterScriptExecution (this=this@entry=0x7f2f99783e80) at ../../khtml/ecma/kjs_window.cpp:1337
#11 0x00007f2fb865b03d in KJSProxy::evaluate (this=this@entry=0x3e3cb480, filename=..., baseLine=baseLine@entry=1, str=..., n=..., completion=completion@entry=0x7fff7cd371f0) at ../../khtml/ecma/kjs_proxy.cpp:138
#12 0x00007f2fb84165d9 in KHTMLPart::executeScript (this=this@entry=0x3e4e3d80, n=..., script=...) at ../../khtml/khtml_part.cpp:1336
#13 0x00007f2fb86961d2 in KJS::KHTMLPartScriptable::evaluateScript (this=<optimized out>, caller=<optimized out>, contextObjectId=<optimized out>, code=..., lang=<optimized out>) at ../../khtml/ecma/kjs_scriptable.cpp:891
#14 0x00007f2fbe44e8c0 in KParts::ScriptableLiveConnectExtension::liveConnectEvent (this=0x3ea63c90, event=..., args=...) at ../../kparts/scriptableextension.cpp:427
#15 0x00007f2fbbfd00ef in QMetaObject::activate (sender=sender@entry=0x28d204c0, m=m@entry=0x7f2f931ae560 <PluginLiveConnectExtension::staticMetaObject>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7fff7cd37530) at kernel/qobject.cpp:3539
#16 0x00007f2f92f9e249 in PluginLiveConnectExtension::partEvent (this=this@entry=0x28d204c0, _t1=_t1@entry=0, _t2=..., _t3=...) at ./plugin_part.moc:321
#17 0x00007f2f92f9f8e9 in PluginLiveConnectExtension::evalJavaScript (this=0x28d204c0, script=...) at ../../nsplugins/plugin_part.cpp:137
#18 0x00007f2f92f9fa6c in PluginPart::evalJavaScript (this=0x1178fca0, id=3, script=...) at ../../nsplugins/plugin_part.cpp:375
#19 0x00007f2f92fa7bab in CallBackAdaptor::qt_metacall (this=0x3d5547a0, _c=QMetaObject::InvokeMetaMethod, _id=<optimized out>, _a=0x7fff7cd37860) at callbackadaptor.moc:121
#20 0x00007f2fbbbec063 in QDBusConnectionPrivate::deliverCall (this=this@entry=0x1a1c5b0, object=object@entry=0x3d5547a0, msg=..., metaTypes=..., slotIdx=4) at qdbusintegrator.cpp:951
#21 0x00007f2fbbbec886 in QDBusConnectionPrivate::activateCall (this=this@entry=0x1a1c5b0, object=0x3d5547a0, flags=flags@entry=273, msg=...) at qdbusintegrator.cpp:856
#22 0x00007f2fbbbed2cf in QDBusConnectionPrivate::activateObject (this=0x1a1c5b0, node=..., msg=..., pathStartPos=<optimized out>) at qdbusintegrator.cpp:1427
#23 0x00007f2fbbbed3ab in QDBusActivateObjectEvent::placeMetaCall (this=0x20469b40) at qdbusintegrator.cpp:1541
#24 0x00007f2fbbfd55be in QObject::event (this=0x1178fca0, e=<optimized out>) at kernel/qobject.cpp:1194
#25 0x00007f2fbc9a48ec in QApplicationPrivate::notify_helper (this=this@entry=0x1a38a50, receiver=receiver@entry=0x1178fca0, e=e@entry=0x20469b40) at kernel/qapplication.cpp:4567
#26 0x00007f2fbc9a725b in QApplication::notify (this=this@entry=0x7fff7cd385a0, receiver=receiver@entry=0x1178fca0, e=e@entry=0x20469b40) at kernel/qapplication.cpp:4428
#27 0x00007f2fbd6b1af6 in KApplication::notify (this=0x7fff7cd385a0, receiver=0x1178fca0, event=0x20469b40) at ../../kdeui/kernel/kapplication.cpp:311
#28 0x00007f2fbbfbb63e in QCoreApplication::notifyInternal (this=0x7fff7cd385a0, receiver=receiver@entry=0x1178fca0, event=event@entry=0x20469b40) at kernel/qcoreapplication.cpp:946
#29 0x00007f2fbbfbf171 in sendEvent (event=0x20469b40, receiver=0x1178fca0) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:231
#30 QCoreApplicationPrivate::sendPostedEvents (receiver=receiver@entry=0x0, event_type=event_type@entry=0, data=0x19f3220) at kernel/qcoreapplication.cpp:1570
#31 0x00007f2fbbfbf4a3 in QCoreApplication::sendPostedEvents (receiver=receiver@entry=0x0, event_type=event_type@entry=0) at kernel/qcoreapplication.cpp:1463
#32 0x00007f2fbbfe9e83 in sendPostedEvents () at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:236
#33 postEventSourceDispatch (s=s@entry=0x1a36740) at kernel/qeventdispatcher_glib.cpp:279
#34 0x00007f2fb5d51f05 in g_main_dispatch (context=0x1a38f30) at /build/buildd/glib2.0-2.36.0/./glib/gmain.c:3054
#35 g_main_context_dispatch (context=context@entry=0x1a38f30) at /build/buildd/glib2.0-2.36.0/./glib/gmain.c:3630
#36 0x00007f2fb5d52248 in g_main_context_iterate (context=context@entry=0x1a38f30, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at /build/buildd/glib2.0-2.36.0/./glib/gmain.c:3701
#37 0x00007f2fb5d52304 in g_main_context_iteration (context=0x1a38f30, may_block=1) at /build/buildd/glib2.0-2.36.0/./glib/gmain.c:3762
#38 0x00007f2fbbfea016 in QEventDispatcherGlib::processEvents (this=0x19f4ab0, flags=...) at kernel/qeventdispatcher_glib.cpp:424
#39 0x00007f2fbca4a1ae in QGuiEventDispatcherGlib::processEvents (this=<optimized out>, flags=...) at kernel/qguieventdispatcher_glib.cpp:204
#40 0x00007f2fbbfba38f in QEventLoop::processEvents (this=this@entry=0x7fff7cd383c0, flags=...) at kernel/qeventloop.cpp:149
#41 0x00007f2fbbfba618 in QEventLoop::exec (this=this@entry=0x7fff7cd383c0, flags=...) at kernel/qeventloop.cpp:204
#42 0x00007f2fbbfbfcf6 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1218
#43 0x0000000000407ca3 in ?? ()
#44 0x00007f2fbb308ea5 in __libc_start_main (main=0x407800, argc=5, ubp_av=0x7fff7cd386c8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fff7cd386b8) at libc-start.c:260
#45 0x0000000000407f8d in _start ()
Comment 45 Raúl 2013-06-19 21:52:38 UTC
Bump also on 4.10.4
Comment 46 Rolf Eike Beer 2013-06-22 08:11:22 UTC
Hit it again. Another site with hopefully easier to debug JS code: https://lkml.org/lkml/... I just opened a link to a random post there and got the crash.
Comment 47 Jure Repinc 2013-06-28 09:22:06 UTC
I got this crash in trunk (which is to become 4.11) when opening http://www.wired.com/wiredscience/2013/06/voyager-unexpected-region/
Comment 48 Jekyll Wu 2013-06-29 11:55:02 UTC
*** Bug 321757 has been marked as a duplicate of this bug. ***
Comment 49 Thomas Tanghus 2013-07-12 12:44:40 UTC
Is it possible to get a statement from a developer/maintainer, on whether this has a chance of getting fixed?
This issue combined with https://bugs.kde.org/show_bug.cgi?id=294707 renders Akregator practically useless.
If the timeframe for a possible solution is too far in the future, I might instead try to compile qtwebkit 2.3.
Comment 50 Jekyll Wu 2013-08-16 09:32:57 UTC
*** Bug 323585 has been marked as a duplicate of this bug. ***
Comment 51 Andrea Iacovitti 2013-09-06 11:03:52 UTC
*** Bug 324571 has been marked as a duplicate of this bug. ***
Comment 52 Jekyll Wu 2013-09-09 12:55:25 UTC
*** Bug 324696 has been marked as a duplicate of this bug. ***
Comment 53 Densetsu no Ero-sennin 2013-09-10 03:22:23 UTC
Created attachment 82249 [details]
New crash information added by DrKonqi

konqueror (4.10.5) on KDE Platform 4.10.5 using Qt 4.8.5

Konqueror often (but not always) crashes on opennet.ru.

Example URL: http://www.opennet.ru/opennews/art.shtml?num=37866

-- Backtrace (Reduced):
#7  0xb1e47344 in type (this=0xb0b4c360) at ../../kjs/value.h:452
#8  KJS::cloneInternal (exec=exec@entry=0xb7a4058, ctx=ctx@entry=0xb7a4048, in=in@entry=0xb0b4c360, path=...) at ../../khtml/ecma/kjs_data.cpp:37
#9  0xb1e47781 in KJS::encapsulateMessageEventData (exec=0xb7a4058, ctx=0xb7a4048, data=0xb0b4c360) at ../../khtml/ecma/kjs_data.cpp:117
#10 0xb1e4796d in KJS::DelayedPostMessage::execute (this=0xdb93460, w=0xb06e0000) at ../../khtml/ecma/kjs_data.cpp:169
#11 0xb1def2fc in KJS::Window::afterScriptExecution (this=0xb06e0000) at ../../khtml/ecma/kjs_window.cpp:1337
Comment 54 Andrea Iacovitti 2013-09-11 06:49:53 UTC
*** Bug 324773 has been marked as a duplicate of this bug. ***
Comment 55 Andrea Iacovitti 2013-09-27 12:15:44 UTC
*** Bug 325355 has been marked as a duplicate of this bug. ***
Comment 56 Rolf Eike Beer 2013-10-01 18:14:47 UTC
Created attachment 82593 [details]
New crash information added by DrKonqi

konqueror (4.11.1) on KDE Platform 4.11.1 using Qt 4.8.5

I got this crash when opening the KDE 4.11.2 from the announcement page.

-- Backtrace (Reduced):
#6  0x00007fd9eb25fd03 in type (this=0x7fd9e808e540) at /usr/src/debug/kdelibs-4.11.1/kjs/value.h:452
#7  KJS::cloneInternal (exec=exec@entry=0x2606e60, ctx=ctx@entry=0x2606e40, in=in@entry=0x7fd9e808e540, path=...) at /usr/src/debug/kdelibs-4.11.1/khtml/ecma/kjs_data.cpp:37
#8  0x00007fd9eb260073 in KJS::encapsulateMessageEventData (exec=0x2606e60, ctx=ctx@entry=0x2606e40, data=data@entry=0x7fd9e808e540) at /usr/src/debug/kdelibs-4.11.1/khtml/ecma/kjs_data.cpp:117
#9  0x00007fd9eb260278 in KJS::DelayedPostMessage::execute (this=0x2c19c00, w=<optimized out>) at /usr/src/debug/kdelibs-4.11.1/khtml/ecma/kjs_data.cpp:169
#10 0x00007fd9eb213e2b in KJS::Window::afterScriptExecution (this=0x7fd9f06d0000) at /usr/src/debug/kdelibs-4.11.1/khtml/ecma/kjs_window.cpp:1549
Comment 57 Bernd Buschinski 2013-10-02 18:41:21 UTC
Git commit 8dabd6ac70d8f7b3690d0e7cdbe9cc66ba337251 by Bernd Buschinski.
Committed on 28/09/2013 at 21:02.
Pushed by buschinski into branch 'KDE/4.11'.

khtml/ecma: Protect the value in DelayedPostMessage, the "gc" might clean it before we use it

I hope this fixes Bug 264526, but the lack of a 100% reproduceable testcase makes it difficult to confirm.

M  +1    -1    khtml/ecma/kjs_data.h

http://commits.kde.org/kdelibs/8dabd6ac70d8f7b3690d0e7cdbe9cc66ba337251
Comment 58 Tommi Tervo 2013-10-03 16:05:40 UTC
*** Bug 325578 has been marked as a duplicate of this bug. ***
Comment 59 kavol 2013-10-04 14:19:29 UTC
Created attachment 82656 [details]
New crash information added by DrKonqi

konqueror (4.11.1) on KDE Platform 4.11.1 using Qt 4.8.5

well, this seems reproducible for me - I just got three crashes in three tries ...

it happens when opening this link: 
http://www.czc.cz/fractal-define-xl-usb-3-0-titanium-grey/102829/produkt
from an email displayed in Trojitá

-- Backtrace (Reduced):
#5  0x000000325f6bde43 in type (this=0x7f87b3af83c0) at /usr/src/debug/kdelibs-4.11.1/kjs/value.h:452
#6  KJS::cloneInternal (exec=exec@entry=0x12a5db0, ctx=ctx@entry=0x12a5d90, in=in@entry=0x7f87b3af83c0, path=...) at /usr/src/debug/kdelibs-4.11.1/khtml/ecma/kjs_data.cpp:37
#7  0x000000325f6be24b in KJS::encapsulateMessageEventData (exec=0x12a5db0, ctx=ctx@entry=0x12a5d90, data=data@entry=0x7f87b3af83c0) at /usr/src/debug/kdelibs-4.11.1/khtml/ecma/kjs_data.cpp:117
#8  0x000000325f6be435 in KJS::DelayedPostMessage::execute (this=0x6318b60, w=<optimized out>) at /usr/src/debug/kdelibs-4.11.1/khtml/ecma/kjs_data.cpp:169
#9  0x000000325f6691cb in KJS::Window::afterScriptExecution (this=0x7f87b3e00000) at /usr/src/debug/kdelibs-4.11.1/khtml/ecma/kjs_window.cpp:1549
Comment 60 Densetsu no Ero-sennin 2013-10-06 16:16:49 UTC
> http://commits.kde.org/kdelibs/8dabd6ac70d8f7b3690d0e7cdbe9cc66ba337251

The patch works for me. Konqueror on my machine used to crash reproducibly when opening http://www.opennet.ru/opennews/art.shtml?num=37866. I've repeatedly tried opening that page with both patched and unpatched libkhtml, and the unpatched version still crashes every time, while with the patched one the crashing stopped.
Comment 61 Joshua J. Kugler 2013-10-06 20:17:24 UTC
Just as a data point, the page http://www.opennet.ru/opennews/art.shtml?num=37866 does not crash Konqueror in KDE 4.11.2

I don't know if the referenced patch has been merged into 4.11.2 or not.
Comment 62 Andrea Iacovitti 2013-10-06 21:21:37 UTC
(In reply to comment #61)
> I don't know if the referenced patch has been merged into 4.11.2 or not.
No, unless the distribution you are using did.
Comment 63 Joshua J. Kugler 2013-10-06 23:40:57 UTC
(In reply to comment #62)
> (In reply to comment #61)
> > I don't know if the referenced patch has been merged into 4.11.2 or not.
> No, unless the distribution you are using did.

These are the packages from https://launchpad.net/~kubuntu-ppa/+archive/backports 

As far as I know, they are pretty much stock code + Kubuntu additions. I don't think they cherry pick upstream patches.
Comment 64 Jekyll Wu 2013-10-08 14:44:02 UTC
*** Bug 325767 has been marked as a duplicate of this bug. ***
Comment 65 Andrea Iacovitti 2013-10-11 06:28:35 UTC
*** Bug 325870 has been marked as a duplicate of this bug. ***
Comment 66 Andrea Iacovitti 2013-10-15 18:40:54 UTC
*** Bug 325910 has been marked as a duplicate of this bug. ***
Comment 67 Jekyll Wu 2013-10-25 02:35:17 UTC
*** Bug 326588 has been marked as a duplicate of this bug. ***
Comment 68 Jekyll Wu 2013-11-02 16:27:51 UTC
*** Bug 327039 has been marked as a duplicate of this bug. ***
Comment 69 Jekyll Wu 2013-11-06 10:25:39 UTC
*** Bug 325910 has been marked as a duplicate of this bug. ***
Comment 70 Jekyll Wu 2013-11-10 11:23:09 UTC
*** Bug 327371 has been marked as a duplicate of this bug. ***
Comment 71 Jekyll Wu 2013-11-10 11:25:01 UTC
*** Bug 327372 has been marked as a duplicate of this bug. ***
Comment 72 Andrea Iacovitti 2013-11-12 22:47:15 UTC
*** Bug 327517 has been marked as a duplicate of this bug. ***
Comment 73 Christoph Feck 2013-11-17 16:12:15 UTC
*** Bug 325910 has been marked as a duplicate of this bug. ***
Comment 74 Tommi Tervo 2014-02-03 22:00:42 UTC
*** Bug 330717 has been marked as a duplicate of this bug. ***
Comment 75 Andrea Iacovitti 2014-05-13 05:22:46 UTC
*** Bug 334682 has been marked as a duplicate of this bug. ***
Comment 76 Andrea Iacovitti 2014-06-26 14:44:10 UTC
*** Bug 336760 has been marked as a duplicate of this bug. ***
Comment 77 Christophe Marin 2015-03-01 18:43:32 UTC
*** Bug 328266 has been marked as a duplicate of this bug. ***