Bug 313684

Summary: kmail crashes when forwarding email
Product: [Applications] kmail2 Reporter: Arnaud Mombrial <arnaud.mombrial>
Component: generalAssignee: kdepim bugs <kdepim-bugs>
Status: REOPENED ---    
Severity: crash CC: asala, emaster987, groot, montel
Priority: NOR    
Version: 5.19.2   
Target Milestone: ---   
Platform: Fedora RPMs   
OS: Linux   
Latest Commit: Version Fixed In:
Attachments: New crash information added by DrKonqi
Crash log made by KDE crash handler

Description Arnaud Mombrial 2013-01-22 12:45:48 UTC 
Application: kontact (4.9.5)
KDE Platform Version: 4.9.5
Qt Version: 4.8.4
Operating System: Linux 3.6.11-5.fc17.x86_64 x86_64
Distribution (Platform): Fedora RPMs

-- Information about the crash:
Select a mail 
Right click
Forward Inline

-> kmail crashes

Select a mail
enter "a" (reply all shortcut)

-> kmail crashes

% kmail -v
Qt: 4.8.4
KDE Development Platform: 4.9.5
KMail: 4.9.5

Linux nocheapad 3.6.11-5.fc17.x86_64 #1 SMP Tue Jan 8 21:40:51 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux

The crash can be reproduced every time.

-- Backtrace:
Application: Kontact (kontact), signal: Aborted
Using host libthread_db library "/lib64/libthread_db.so.1".
82	T_PSEUDO (SYSCALL_SYMBOL, SYSCALL_NAME, SYSCALL_NARGS)
[Current thread is 1 (Thread 0x7fd5ce7fe880 (LWP 1846))]

Thread 3 (Thread 0x7fd5c31ac700 (LWP 1847)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:166
#1  0x0000003f1281677d in WTF::TCMalloc_PageHeap::scavengerThread (this=0x3f13200980) at wtf/FastMalloc.cpp:2495
#2  0x0000003f12816889 in WTF::TCMalloc_PageHeap::runScavengerThread (context=<optimized out>) at wtf/FastMalloc.cpp:1618
#3  0x0000003392c07d14 in start_thread (arg=0x7fd5c31ac700) at pthread_create.c:309
#4  0x00000033924f168d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115

Thread 2 (Thread 0x7fd5c28ab700 (LWP 1848)):
#0  0x00007fff9e9ff827 in clock_gettime ()
#1  0x000000339340410d in __GI_clock_gettime (clock_id=<optimized out>, tp=<optimized out>) at ../sysdeps/unix/clock_gettime.c:116
#2  0x0000003f050d1854 in do_gettime (frac=0x7fd5c28aaa68, sec=0x7fd5c28aaa60) at tools/qelapsedtimer_unix.cpp:123
#3  qt_gettime () at tools/qelapsedtimer_unix.cpp:140
#4  0x0000003f051a68ed in QTimerInfoList::updateCurrentTime (this=this@entry=0x7fd5bc002860) at kernel/qeventdispatcher_unix.cpp:354
#5  0x0000003f051a6c33 in QTimerInfoList::timerWait (this=0x7fd5bc002860, tm=...) at kernel/qeventdispatcher_unix.cpp:461
#6  0x0000003f051a569c in timerSourcePrepareHelper (src=<optimized out>, timeout=0x7fd5c28aab5c) at kernel/qeventdispatcher_glib.cpp:136
#7  0x0000003f051a5745 in timerSourcePrepare (source=<optimized out>, timeout=<optimized out>) at kernel/qeventdispatcher_glib.cpp:169
#8  0x000000339444732f in g_main_context_prepare () from /usr/lib64/libglib-2.0.so.0
#9  0x0000003394447a1b in ?? () from /usr/lib64/libglib-2.0.so.0
#10 0x0000003394447c14 in g_main_context_iteration () from /usr/lib64/libglib-2.0.so.0
#11 0x0000003f051a5fe6 in QEventDispatcherGlib::processEvents (this=0x7fd5bc0008c0, flags=...) at kernel/qeventdispatcher_glib.cpp:426
#12 0x0000003f051766ef in QEventLoop::processEvents (this=this@entry=0x7fd5c28aad00, flags=...) at kernel/qeventloop.cpp:149
#13 0x0000003f05176978 in QEventLoop::exec (this=0x7fd5c28aad00, flags=...) at kernel/qeventloop.cpp:204
#14 0x0000003f05078940 in QThread::exec (this=<optimized out>) at thread/qthread.cpp:542
#15 0x0000003f0507b91c in QThreadPrivate::start (arg=0x1be3910) at thread/qthread_unix.cpp:338
#16 0x0000003392c07d14 in start_thread (arg=0x7fd5c28ab700) at pthread_create.c:309
#17 0x00000033924f168d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115

Thread 1 (Thread 0x7fd5ce7fe880 (LWP 1846)):
[KCrash Handler]
#6  0x0000003392435935 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#7  0x00000033924370e8 in __GI_abort () at abort.c:91
#8  0x0000003392474e8b in __libc_message (do_abort=do_abort@entry=2, fmt=fmt@entry=0x3392578928 "*** glibc detected *** %s: %s: 0x%s ***\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:198
#9  0x000000339247ae16 in malloc_printerr (action=3, str=0x3392576798 "corrupted double-linked list", ptr=<optimized out>) at malloc.c:5027
#10 0x000000339247d6e7 in _int_malloc (av=0x33927b0720, bytes=<optimized out>) at malloc.c:3811
#11 0x000000339247f4b3 in __GI___libc_malloc (bytes=40) at malloc.c:2928
#12 0x0000003f0507db7d in QByteArray::resize (this=0x7fff9e95af10, size=8) at tools/qbytearray.cpp:1415
#13 0x0000003f050be222 in toLatin1_helper (data=0x1b2604a, length=8) at tools/qstring.cpp:3642
#14 0x0000003f050c27a3 in QString::toLatin1 (this=<optimized out>) at tools/qstring.cpp:3709
#15 0x0000003f1c74a748 in CodecManager::updatePreferredCharsets (this=0x89fc470) at /usr/src/debug/kdepim-4.9.5/kmail/codecmanager.cpp:86
#16 0x0000003f1c74aa4a in CodecManagerPrivate::CodecManagerPrivate (this=0x8536d00) at /usr/src/debug/kdepim-4.9.5/kmail/codecmanager.cpp:55
#17 0x0000003f1c74aac0 in operator-> (this=<optimized out>) at /usr/src/debug/kdepim-4.9.5/kmail/codecmanager.cpp:50
#18 CodecManager::self () at /usr/src/debug/kdepim-4.9.5/kmail/codecmanager.cpp:73
#19 0x0000003f1c749fba in CodecAction::mimeCharsets (this=0x98c5b30) at /usr/src/debug/kdepim-4.9.5/kmail/codecaction.cpp:82
#20 0x0000003f1c764f1b in KMComposeWin::applyComposerSetting (this=this@entry=0x8999dc0, mComposerBase=0x9dc5f60) at /usr/src/debug/kdepim-4.9.5/kmail/kmcomposewin.cpp:2694
#21 0x0000003f1c76514f in KMComposeWin::autoSaveMessage (this=0x8999dc0, force=true) at /usr/src/debug/kdepim-4.9.5/kmail/kmcomposewin.cpp:1839
#22 0x0000003f1c6ec5b9 in KMKernel::dumpDeadLetters (this=0x736) at /usr/src/debug/kdepim-4.9.5/kmail/kmkernel.cpp:1334
#23 0x0000003f1c6ec887 in kmCrashHandler (sigId=<optimized out>) at /usr/src/debug/kdepim-4.9.5/kmail/kmkernel.cpp:1176
#24 0x0000003f07ca51e8 in KCrash::defaultCrashHandler (sig=6) at /usr/src/debug/kdelibs-4.9.5/kdeui/util/kcrash.cpp:307
#25 <signal handler called>
#26 0x0000003392435935 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#27 0x00000033924370e8 in __GI_abort () at abort.c:91
#28 0x0000003392474e8b in __libc_message (do_abort=do_abort@entry=2, fmt=fmt@entry=0x3392578928 "*** glibc detected *** %s: %s: 0x%s ***\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:198
#29 0x000000339247ae16 in malloc_printerr (action=3, str=0x3392576798 "corrupted double-linked list", ptr=<optimized out>) at malloc.c:5027
#30 0x000000339247d6e7 in _int_malloc (av=0x33927b0720, bytes=<optimized out>) at malloc.c:3811
#31 0x000000339247f4b3 in __GI___libc_malloc (bytes=32) at malloc.c:2928
#32 0x0000003398c196c6 in FcPatternObjectAddWithBinding (p=0x89fcd40, object=1, value=..., binding=FcValueBindingWeak, append=1) at fcpat.c:479
#33 0x0000003f06c07365 in getFcPattern (request=..., script=0, fp=0x8a06b10) at text/qfontdatabase_x11.cpp:1598
#34 loadFc (request=..., script=0, fp=0x8a06b10) at text/qfontdatabase_x11.cpp:1705
#35 QFontDatabase::load (d=0x8a06b10, script=0) at text/qfontdatabase_x11.cpp:1977
#36 0x0000003f06be53ce in QFontPrivate::engineForScript (this=0x8a06b10, script=0) at text/qfont.cpp:305
#37 0x0000003f06c1aa5a in QTextEngine::fontEngine (this=this@entry=0x851f970, si=..., ascent=ascent@entry=0x89fca2c, descent=descent@entry=0x89fca28, leading=leading@entry=0x89fca30) at text/qtextengine.cpp:1908
#38 0x0000003f06c1bf38 in QTextEngine::shapeTextWithHarfbuzz (this=this@entry=0x851f970, item=item@entry=0) at text/qtextengine.cpp:1195
#39 0x0000003f06c1ce92 in QTextEngine::shapeText (this=this@entry=0x851f970, item=item@entry=0) at text/qtextengine.cpp:935
#40 0x0000003f06c1d1c3 in QTextEngine::shape (this=0x851f970, item=0) at text/qtextengine.cpp:1450
#41 0x0000003f06c2c6ae in QTextLine::layout_helper (this=0x7fff9e95d440, maxGlyphs=<optimized out>) at text/qtextlayout.cpp:1752
#42 0x0000003f06c629c8 in QTextDocumentLayoutPrivate::layoutBlock (this=this@entry=0x8a639d0, bl=..., blockPosition=blockPosition@entry=2544, blockFormat=..., layoutStruct=layoutStruct@entry=0x7fff9e95dcb0, layoutFrom=512, layoutFrom@entry=619, layoutTo=layoutTo@entry=619, previousBlockFormat=previousBlockFormat@entry=0x0) at text/qtextdocumentlayout.cpp:2614
#43 0x0000003f06c6a4e8 in QTextDocumentLayoutPrivate::layoutFlow (this=0x8a639d0, it=..., layoutStruct=0x7fff9e95dcb0, layoutFrom=619, layoutTo=619, width=...) at text/qtextdocumentlayout.cpp:2402
#44 0x0000003f06c66014 in QTextDocumentLayoutPrivate::layoutCell (this=this@entry=0x8a639d0, t=t@entry=0x8a063c0, cell=..., width=..., layoutFrom=layoutFrom@entry=619, layoutTo=layoutTo@entry=619, td=td@entry=0x89de0d0, absoluteTableY=absoluteTableY@entry=..., withPageBreaks=withPageBreaks@entry=false) at text/qtextdocumentlayout.cpp:1532
#45 0x0000003f06c669c1 in QTextDocumentLayoutPrivate::layoutTable (this=this@entry=0x8a639d0, table=0x8a063c0, layoutFrom=layoutFrom@entry=619, layoutTo=layoutTo@entry=619, parentY=..., parentY@entry=...) at text/qtextdocumentlayout.cpp:1642
#46 0x0000003f06c68d5c in QTextDocumentLayoutPrivate::layoutFrame (this=this@entry=0x8a639d0, f=f@entry=0x8a063c0, layoutFrom=layoutFrom@entry=619, layoutTo=layoutTo@entry=619, frameWidth=..., frameWidth@entry=..., frameHeight=..., parentY=...) at text/qtextdocumentlayout.cpp:2107
#47 0x0000003f06c6955f in QTextDocumentLayoutPrivate::layoutFrame (this=this@entry=0x8a639d0, f=f@entry=0x8a063c0, layoutFrom=layoutFrom@entry=619, layoutTo=layoutTo@entry=619, parentY=...) at text/qtextdocumentlayout.cpp:2049
#48 0x0000003f06c6aa18 in QTextDocumentLayoutPrivate::layoutFlow (this=0x8a639d0, it=..., layoutStruct=0x7fff9e95e920, layoutFrom=619, layoutTo=619, width=...) at text/qtextdocumentlayout.cpp:2311
#49 0x0000003f06c69041 in QTextDocumentLayoutPrivate::layoutFrame (this=this@entry=0x8a639d0, f=f@entry=0x8bf1870, layoutFrom=layoutFrom@entry=619, layoutTo=layoutTo@entry=619, frameWidth=..., frameWidth@entry=..., frameHeight=..., parentY=...) at text/qtextdocumentlayout.cpp:2143
#50 0x0000003f06c6955f in QTextDocumentLayoutPrivate::layoutFrame (this=this@entry=0x8a639d0, f=f@entry=0x8bf1870, layoutFrom=layoutFrom@entry=619, layoutTo=layoutTo@entry=619, parentY=parentY@entry=...) at text/qtextdocumentlayout.cpp:2049
#51 0x0000003f06c6b8a1 in QTextDocumentLayout::doLayout (this=this@entry=0x8a639b0, from=from@entry=619, oldLength=oldLength@entry=1, length=length@entry=0) at text/qtextdocumentlayout.cpp:2939
#52 0x0000003f06c6c829 in QTextDocumentLayout::documentChanged (this=0x8a639b0, from=619, oldLength=1, length=0) at text/qtextdocumentlayout.cpp:2902
#53 0x0000003f06c4c404 in QTextDocumentPrivate::finishEdit (this=0xdbc2af0) at text/qtextdocument_p.cpp:1220
#54 0x0000003f06c72285 in removeSelectedText (this=<optimized out>) at text/qtextcursor.cpp:1662
#55 QTextCursor::removeSelectedText (this=0x7fff9e95ecc0) at text/qtextcursor.cpp:1655
#56 0x0000003f1580dce8 in KPIMTextEdit::TextEdit::loadImage (this=0x8bf1530, image=..., matchName=..., resourceName=...) at /usr/src/debug/kdepimlibs-4.9.5/kpimtextedit/textedit.cpp:434
#57 0x0000003f1b272168 in Message::ComposerViewBase::collectImages (this=this@entry=0x9dc5f60, root=<optimized out>) at /usr/src/debug/kdepim-4.9.5/messagecomposer/composerviewbase.cpp:1336
#58 0x0000003f1b2798e9 in Message::ComposerViewBase::setMessage (this=0x9dc5f60, msg=...) at /usr/src/debug/kdepim-4.9.5/messagecomposer/composerviewbase.cpp:180
#59 0x0000003f1c767bf7 in KMComposeWin::setMessage (this=this@entry=0x8999dc0, newMsg=..., lastSignState=lastSignState@entry=false, lastEncryptState=lastEncryptState@entry=false, mayAutoSign=mayAutoSign@entry=true, allowDecryption=allowDecryption@entry=false, isModified=isModified@entry=false) at /usr/src/debug/kdepim-4.9.5/kmail/kmcomposewin.cpp:1509
#60 0x0000003f1c76b134 in KMComposeWin::KMComposeWin (this=this@entry=0x8999dc0, aMsg=..., lastSignState=lastSignState@entry=false, lastEncryptState=lastEncryptState@entry=false, context=context@entry=KMail::Composer::Forward, id=id@entry=649591222, textSelection=..., customTemplate=..., __in_chrg=<optimized out>, __vtt_parm=<optimized out>) at /usr/src/debug/kdepim-4.9.5/kmail/kmcomposewin.cpp:458
#61 0x0000003f1c76c0cf in KMComposeWin::create (msg=..., lastSignState=false, lastEncryptState=false, context=KMail::Composer::Forward, identity=649591222, textSelection=..., customTemplate=...) at /usr/src/debug/kdepim-4.9.5/kmail/kmcomposewin.cpp:171
#62 0x0000003f1c70209d in KMForwardCommand::createComposer (this=this@entry=0x9985960, item=...) at /usr/src/debug/kdepim-4.9.5/kmail/kmcommands.cpp:906
#63 0x0000003f1c70761a in KMForwardCommand::execute (this=0x9985960) at /usr/src/debug/kdepim-4.9.5/kmail/kmcommands.cpp:955
#64 0x0000003f1c702aa1 in KMCommand::slotPostTransfer (this=0x9985960, result=KMCommand::OK) at /usr/src/debug/kdepim-4.9.5/kmail/kmcommands.cpp:268
#65 0x0000003f0518cdbf in QMetaObject::activate (sender=0x9985960, m=<optimized out>, local_signal_index=<optimized out>, argv=0x7fff9e95fe30) at kernel/qobject.cpp:3539
#66 0x0000003f1c7028ae in KMCommand::messagesTransfered (this=this@entry=0x9985960, _t1=_t1@entry=KMCommand::OK) at /usr/src/debug/kdepim-4.9.5/x86_64-redhat-linux-gnu/kmail/kmcommands.moc:116
#67 0x0000003f1c706d9c in KMCommand::slotJobFinished (this=0x9985960) at /usr/src/debug/kdepim-4.9.5/kmail/kmcommands.cpp:378
#68 0x0000003f0518cdbf in QMetaObject::activate (sender=0x8ae5760, m=<optimized out>, local_signal_index=<optimized out>, argv=0x7fff9e95ffe0) at kernel/qobject.cpp:3539
#69 0x0000003f06333e92 in KJob::result (this=this@entry=0x8ae5760, _t1=_t1@entry=0x8ae5760) at /usr/src/debug/kdelibs-4.9.5/x86_64-redhat-linux-gnu/kdecore/kjob.moc:207
#70 0x0000003f06333ed0 in KJob::emitResult (this=0x8ae5760) at /usr/src/debug/kdelibs-4.9.5/kdecore/jobs/kjob.cpp:318
#71 0x0000003f0518c29e in QObject::event (this=0x8ae5760, e=<optimized out>) at kernel/qobject.cpp:1194
#72 0x0000003f069ca5ac in QApplicationPrivate::notify_helper (this=this@entry=0x1a65c90, receiver=receiver@entry=0x8ae5760, e=e@entry=0x9a1ccb0) at kernel/qapplication.cpp:4562
#73 0x0000003f069cea2a in QApplication::notify (this=0x7fff9e960a80, receiver=0x8ae5760, e=0x9a1ccb0) at kernel/qapplication.cpp:4423
#74 0x0000003f07c468c6 in KApplication::notify (this=0x7fff9e960a80, receiver=0x8ae5760, event=0x9a1ccb0) at /usr/src/debug/kdelibs-4.9.5/kdeui/kernel/kapplication.cpp:311
#75 0x0000003f0517799e in QCoreApplication::notifyInternal (this=0x7fff9e960a80, receiver=receiver@entry=0x8ae5760, event=event@entry=0x9a1ccb0) at kernel/qcoreapplication.cpp:946
#76 0x0000003f0517b451 in sendEvent (event=0x9a1ccb0, receiver=0x8ae5760) at kernel/qcoreapplication.h:231
#77 QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x1a25600) at kernel/qcoreapplication.cpp:1570
#78 0x0000003f051a5e33 in sendPostedEvents () at kernel/qcoreapplication.h:236
#79 postEventSourceDispatch (s=0x1a66570) at kernel/qeventdispatcher_glib.cpp:279
#80 0x0000003394447825 in g_main_context_dispatch () from /usr/lib64/libglib-2.0.so.0
#81 0x0000003394447b58 in ?? () from /usr/lib64/libglib-2.0.so.0
#82 0x0000003394447c14 in g_main_context_iteration () from /usr/lib64/libglib-2.0.so.0
#83 0x0000003f051a5fc6 in QEventDispatcherGlib::processEvents (this=0x1a26ee0, flags=...) at kernel/qeventdispatcher_glib.cpp:424
#84 0x0000003f06a6a5ee in QGuiEventDispatcherGlib::processEvents (this=<optimized out>, flags=...) at kernel/qguieventdispatcher_glib.cpp:207
#85 0x0000003f051766ef in QEventLoop::processEvents (this=this@entry=0x7fff9e9608f0, flags=...) at kernel/qeventloop.cpp:149
#86 0x0000003f05176978 in QEventLoop::exec (this=0x7fff9e9608f0, flags=...) at kernel/qeventloop.cpp:204
#87 0x0000003f0517b768 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1218
#88 0x00000000004033f9 in main (argc=1, argv=0x7fff9e960bc8) at /usr/src/debug/kdepim-4.9.5/kontact/src/main.cpp:219

Possible duplicates by query: bug 313509, bug 313188, bug 311589, bug 309216, bug 307561.

Reported using DrKonqi
Comment 1 Laurent Montel 2013-01-25 07:16:34 UTC 
Reproductable on each email ?
or specific email ?
Comment 2 A. Sala 2013-05-15 08:48:37 UTC 
Created attachment 79895 [details]
New crash information added by DrKonqi

kmail (4.10.3) on KDE Platform 4.10.3 using Qt 4.8.4

- What I was doing when the application crashed:
Forwarding a (quite complex) HTML email.

-- Backtrace (Reduced):
#6  0x00007feb158a3037 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#7  0x00007feb158a6698 in __GI_abort () at abort.c:90
[...]
#9  0x00007feb158eca46 in malloc_printerr (ptr=0x7927ba0, str=0x7feb159f3a00 "free(): invalid next size (fast)", action=3) at malloc.c:4902
#10 _int_free (av=<optimized out>, p=0x7927b90, have_lock=0) at malloc.c:3758
#11 0x00007feb16a4e145 in free (alignment=8, x=<optimized out>) at ../../include/QtCore/../../src/corelib/tools/qvector.h:99
Comment 3 A. Sala 2013-05-15 09:04:46 UTC 
(complement to comment #2)
The crack happened on clicking the "forward" button (well, the "adjunto" one in Spanish locale, F keystroke). After log-out and log-in again, forwarding the problematic email did NOT reproduce the bug.
Comment 4 Denis Kurz 2016-09-24 18:23:28 UTC 
This bug has only been reported for versions before 4.14, which have been unsupported for at least two years now. Can anyone tell if this bug still present?

If noone confirms this bug for a Framework-based version of kmail2 (version 5.0 or later, as part of KDE Applications 15.12 or later), it gets closed in about three months.
Comment 5 Denis Kurz 2017-01-07 22:45:55 UTC 
Just as announced in my last comment, I close this bug. If you encounter it again in a recent version (at least 5.0 aka 15.08), please open a new one unless it already exists. Thank you for all your input.
Comment 6 Emanuele Spirito 2022-04-20 09:11:04 UTC 
It happened to me just today. I cannot reproduce the bug. It happened when I forwarded an email and then tried to forward another email with same object ("topic" of email, under A,CC). 

System Info:
Operating System: Fedora Linux 35
KDE Plasma Version: 5.24.3
KDE Frameworks Version: 5.91.0
Qt Version: 5.15.2
Kernel Version: 5.16.18-200.fc35.x86_64 (64-bit)
Graphics Platform: X11
Processors: 8 × Intel® Core™ i7-1065G7 CPU @ 1.30GHz
Memory: 7.5 GiB of RAM
Graphics Processor: Mesa Intel® Iris® Plus Graphics
Comment 7 Emanuele Spirito 2022-04-20 09:11:39 UTC 
Created attachment 148261 [details]
Crash log made by KDE crash handler
Comment 8 Emanuele Spirito 2022-04-20 09:13:13 UTC 
I changed the kmail version of the bug to my current version 5.19.2 (aka 21.12.2)
Comment 9 groot 2022-09-11 19:47:01 UTC 
I can reproduce this on FreeBSD (Frameworks 5.98, KMail 22.08.0) and on openSUSE Tumbleweed (similar versions, I don't have it at hand to check). It crashes if I forward a message with an attachment -- but not just any attachment. One specific message triggers the problem; it's got PDF attachments. Forwarding other messages with one PNG or multiple JPG attachments works ok.

My BT looks like this (not so detailed because KCrash stole the process from my debugger; I also haven't built with debugging symbols).

```
#7  0x000000085b613a31 in KMime::Content::addContent(KMime::Content*, bool) () at /usr/local/lib/libKF5Mime.so.5
#8  0x00000008224085b8 in TemplateParser::TemplateParserJob::createMultipartMixed(QVector<KMime::Content*> const&, KMime::Content*) const () at /usr/local/lib/libKF5TemplateParser.so.5
#9  0x0000000822407cde in TemplateParser::TemplateParserJob::addProcessedBodyToMessage(QString const&, QString const&) const () at /usr/local/lib/libKF5TemplateParser.so.5
#10 0x00000008224067bd in TemplateParser::TemplateParserJob::slotExtractInfoDone(TemplateParserExtractHtmlInfoResult const&) () at /usr/local/lib/libKF5TemplateParser.so.5
#11 0x0000000848862e92 in  () at /usr/local/lib/qt5/libQt5Core.so.5
#12 0x00000008223fdfe5 in  () at /usr/local/lib/libKF5TemplateParser.so.5
#13 0x000000082241e760 in  () at /usr/local/lib/libKF5TemplateParser.so.5
#14 0x0000000848862e92 in  () at /usr/local/lib/qt5/libQt5Core.so.5
#15 0x00000008223fd7cd in  () at /usr/local/lib/libKF5TemplateParser.so.5
```