Version: (using Devel) OS: Linux Installed from: Compiled sources Konqueror crashes when selecting text in a frame, for example on the site http://www.metrolyrics.com/sikidim-hepsi-senin-mi-lyrics-tarkan.html , by selecting the lyrics. Happens with both Debian supplied and with locally compiled KDE. The log indicates something related to function KHTMLView::doAutoScroll. How to reproduce: 1.Go to http://www.metrolyrics.com/sikidim-hepsi-senin-mi-lyrics-tarkan.html 2.Find the lyrics area. Click to start selection and drag the cursor down such that the frame scrolls. If doesn't crash when you reach the bottom, drag the cursor to scroll upwards. Crash log from locally compiled KDE4 (Version 4.2.85 (KDE 4.2.85 (KDE 4.3 Beta1))): Application: Konqueror (konqueror), signal: Segmentation fault [Current thread is 0 (LWP 7307)] Thread 3 (Thread 0x7fc9aae79950 (LWP 8995)): #0 0x00007fc9bfdffe8d in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0 #1 0x00007fc9c007a177 in QWaitCondition::wait (this=0x22408c8, mutex=0x22408c0, time=30000) at /home/kde4/kdesvn/qt-copy/src/corelib/thread/qwaitcondition_unix.cpp:85 #2 0x00007fc9c0071319 in QThreadPoolThread::run (this=0x2221d10) at /home/kde4/kdesvn/qt-copy/src/corelib/concurrent/qthreadpool.cpp:140 #3 0x00007fc9c0079409 in QThreadPrivate::start (arg=0x2221d10) at /home/kde4/kdesvn/qt-copy/src/corelib/thread/qthread_unix.cpp:189 #4 0x00007fc9bfdfbfaa in start_thread () from /lib/libpthread.so.0 #5 0x00007fc9bd6e229d in clone () from /lib/libc.so.6 #6 0x0000000000000000 in ?? () Thread 2 (Thread 0x7fc9aa270950 (LWP 9319)): #0 0x00007fc9bfdffe8d in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0 #1 0x00007fc9c007a177 in QWaitCondition::wait (this=0x22408c8, mutex=0x22408c0, time=30000) at /home/kde4/kdesvn/qt-copy/src/corelib/thread/qwaitcondition_unix.cpp:85 #2 0x00007fc9c0071319 in QThreadPoolThread::run (this=0x238a4b0) at /home/kde4/kdesvn/qt-copy/src/corelib/concurrent/qthreadpool.cpp:140 #3 0x00007fc9c0079409 in QThreadPrivate::start (arg=0x238a4b0) at /home/kde4/kdesvn/qt-copy/src/corelib/thread/qthread_unix.cpp:189 #4 0x00007fc9bfdfbfaa in start_thread () from /lib/libpthread.so.0 #5 0x00007fc9bd6e229d in clone () from /lib/libc.so.6 #6 0x0000000000000000 in ?? () Thread 1 (Thread 0x7fc9c29fa760 (LWP 7307)): [KCrash Handler] #5 QAbstractScrollArea::viewport (this=0x0) at /home/kde4/kdesvn/qt-copy/src/gui/widgets/qabstractscrollarea.cpp:537 #6 0x00007fc9adbeb541 in KHTMLView::doAutoScroll (this=0x28ecba0) at /home/kde4/kdesvn/kdelibs/khtml/khtmlview.cpp:2014 #7 0x00007fc9adc1a09d in KHTMLPart::qt_metacall (this=0x28ea170, _c=QMetaObject::InvokeMetaMethod, _id=<value optimized out>, _a=0x7fffcab43990) at /home/kde4/kdesvn/build/kdelibs/khtml/khtml_part.moc:326 #8 0x00007fc9c01605ad in QMetaObject::activate (sender=0x28e7d50, from_signal_index=<value optimized out>, to_signal_index=4, argv=0x0) at /home/kde4/kdesvn/qt-copy/src/corelib/kernel/qobject.cpp:3108 #9 0x00007fc9c015cc23 in QObject::event (this=0x28e7d50, e=0x7fffcab43800) at /home/kde4/kdesvn/qt-copy/src/corelib/kernel/qobject.cpp:1073 #10 0x00007fc9bf48434d in QApplicationPrivate::notify_helper (this=0x1c57620, receiver=0x28e7d50, e=0x7fffcab44060) at /home/kde4/kdesvn/qt-copy/src/gui/kernel/qapplication.cpp:4057 #11 0x00007fc9bf48cd9a in QApplication::notify (this=0x7fffcab44580, receiver=0x28e7d50, e=0x7fffcab44060) at /home/kde4/kdesvn/qt-copy/src/gui/kernel/qapplication.cpp:4022 #12 0x00007fc9c0f3666e in KApplication::notify (this=0x7fffcab44580, receiver=0x28e7d50, event=0x7fffcab44060) at /home/kde4/kdesvn/kdelibs/kdeui/kernel/kapplication.cpp:307 #13 0x00007fc9c014e04c in QCoreApplication::notifyInternal (this=0x7fffcab44580, receiver=0x28e7d50, event=0x7fffcab44060) at /home/kde4/kdesvn/qt-copy/src/corelib/kernel/qcoreapplication.cpp:606 #14 0x00007fc9c0176d66 in QTimerInfoList::activateTimers (this=0x1c5b2a0) at ../../include/QtCore/../../../../qt-copy/src/corelib/kernel/qcoreapplication.h:213 #15 0x00007fc9c01737fd in timerSourceDispatch (source=<value optimized out>) at /home/kde4/kdesvn/qt-copy/src/corelib/kernel/qeventdispatcher_glib.cpp:164 #16 0x00007fc9bc330f7a in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #17 0x00007fc9bc334640 in ?? () from /usr/lib/libglib-2.0.so.0 #18 0x00007fc9bc3347dc in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0 #19 0x00007fc9c017375f in QEventDispatcherGlib::processEvents (this=0x1c3a780, flags=<value optimized out>) at /home/kde4/kdesvn/qt-copy/src/corelib/kernel/qeventdispatcher_glib.cpp:324 #20 0x00007fc9bf50aeff in QGuiEventDispatcherGlib::processEvents (this=0x0, flags=<value optimized out>) at /home/kde4/kdesvn/qt-copy/src/gui/kernel/qguieventdispatcher_glib.cpp:202 #21 0x00007fc9c014c9f2 in QEventLoop::processEvents (this=<value optimized out>, flags={i = -894156080}) at /home/kde4/kdesvn/qt-copy/src/corelib/kernel/qeventloop.cpp:149 #22 0x00007fc9c014cb85 in QEventLoop::exec (this=0x7fffcab44310, flags={i = -894156000}) at /home/kde4/kdesvn/qt-copy/src/corelib/kernel/qeventloop.cpp:196 #23 0x00007fc9c014ec4c in QCoreApplication::exec () at /home/kde4/kdesvn/qt-copy/src/corelib/kernel/qcoreapplication.cpp:888 #24 0x00007fc9c26e4552 in kdemain (argc=<value optimized out>, argv=<value optimized out>) at /home/kde4/kdesvn/kdebase/apps/konqueror/src/konqmain.cpp:257 #25 0x00007fc9bd6325a6 in __libc_start_main () from /lib/libc.so.6 #26 0x00000000004007d9 in _start () at ../sysdeps/x86_64/elf/start.S:113
I repeated the steps provided, but konqueror didn't crash in any try. My setup: Konqueror Version 4.2.92 (KDE 4.2.92 (KDE 4.3 >= 20090617)) Using KDE 4.2.92 (KDE 4.2.92 (KDE 4.3 >= 20090617)) - svn r984201 qt-copy r978427
I was able to reproduce it again in the first try, but not on subsequent tries. Indeed, following the steps does not guarantee crash, but it can still happen.
Maybe it is the same as bug 197417?
Here using: Qt: 4.5.2 (KDE-Qt git commit 5b7a2eb42acfdea07c6075556cb43e2c95852145 Date: Tue Jul 28 14:10:47 2009 -0300) KDE: 4.3.64 (KDE 4.3.64 (KDE 4.4 >= 20090812)) kdelibs svn rev. 1013119 / kdebase svn rev. 1013119 on ArchLinux i686 - Kernel 2.6.30.4 I can reproduce the bug using the testcase site from bug 204909. -- Steps: - Open Konqueror and load thetrainline.com - Click the input control showing the current date near "Out", in the navigation bar at the left. A calendar should appear - Select a date (day number) from the previous month (ex. "30") Konqueror crashes -- Backtrace: Application: Konqueror (konqueror), signal: Segmentation fault [KCrash Handler] #6 0xb69257aa in QAbstractScrollArea::d_func (this=0x0) at widgets/qabstractscrollarea.h:126 #7 0xb6ae73e5 in QAbstractScrollArea::viewport (this=0x0) at widgets/qabstractscrollarea.cpp:539 #8 0xb2a0039a in KHTMLView::doAutoScroll (this=0x9f4d8e0) at /home/kde-devel/kde/src/KDE/kdelibs/khtml/khtmlview.cpp:2020 #9 0xb2a19427 in KHTMLPart::slotAutoScroll (this=0x9f49e48) at /home/kde-devel/kde/src/KDE/kdelibs/khtml/khtml_part.cpp:6527 #10 0xb2a4e240 in KHTMLPart::qt_metacall (this=0x9bd49a8, _c=QMetaObject::InvokeMetaMethod, _id=74, _a=0xbfb59bf8) at /home/kde-devel/kde/build/KDE/kdelibs/khtml/khtml_part.moc:326 #11 0xb714b9ca in QMetaObject::activate (sender=0x9f4d044, from_signal_index=4, to_signal_index=4, argv=0x0) at kernel/qobject.cpp:3112 #12 0xb714bd42 in QMetaObject::activate (sender=0x9f4d044, m=0xb725aae4, local_signal_index=0, argv=0x0) at kernel/qobject.cpp:3186 #13 0xb719000f in QTimer::timeout (this=0x9f4d044) at .moc/debug-shared/moc_qtimer.cpp:128 #14 0xb71545de in QTimer::timerEvent (this=0x9f4d044, e=0xbfb5a174) at kernel/qtimer.cpp:261 #15 0xb7147be2 in QObject::event (this=0x9f4d044, e=0xbfb5a174) at kernel/qobject.cpp:1074 #16 0xb65b22db in QApplicationPrivate::notify_helper (this=0x9065280, receiver=0x9f4d044, e=0xbfb5a174) at kernel/qapplication.cpp:4056 #17 0xb65b073c in QApplication::notify (this=0xbfb5a564, receiver=0x9f4d044, e=0xbfb5a174) at kernel/qapplication.cpp:3603 #18 0xb779ba9a in KApplication::notify (this=0xbfb5a564, receiver=0x9f4d044, event=0xbfb5a174) at /home/kde-devel/kde/src/KDE/kdelibs/kdeui/kernel/kapplication.cpp:302 #19 0xb71321c1 in QCoreApplication::notifyInternal (this=0xbfb5a564, receiver=0x9f4d044, event=0xbfb5a174) at kernel/qcoreapplication.cpp:610 #20 0xb7135b87 in QCoreApplication::sendEvent (receiver=0x9f4d044, event=0xbfb5a174) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:213 #21 0xb7169672 in QTimerInfoList::activateTimers (this=0x9068284) at kernel/qeventdispatcher_unix.cpp:572 #22 0xb7165b17 in timerSourceDispatch (source=0x9068250) at kernel/qeventdispatcher_glib.cpp:165 #23 0xb5e5bd98 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #24 0xb5e5f3e0 in g_main_context_iterate () from /usr/lib/libglib-2.0.so.0 #25 0xb5e5f513 in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0 #26 0xb7166a5a in QEventDispatcherGlib::processEvents (this=0x9065240, flags={i = 36}) at kernel/qeventdispatcher_glib.cpp:327 #27 0xb6663f3e in QGuiEventDispatcherGlib::processEvents (this=0x9065240, flags={i = 36}) at kernel/qguieventdispatcher_glib.cpp:202 #28 0xb712f79f in QEventLoop::processEvents (this=0xbfb5a41c, flags={i = 36}) at kernel/qeventloop.cpp:149 #29 0xb712f8e4 in QEventLoop::exec (this=0xbfb5a41c, flags={i = 0}) at kernel/qeventloop.cpp:201 #30 0xb713289d in QCoreApplication::exec () at kernel/qcoreapplication.cpp:888 #31 0xb65b03f8 in QApplication::exec () at kernel/qapplication.cpp:3525 #32 0xb7f63e11 in kdemain (argc=2, argv=0xbfb5a8f4) at /home/kde-devel/kde/src/KDE/kdebase/apps/konqueror/src/konqmain.cpp:257 #33 0x0804876b in main (argc=2, argv=0xbfb5a8f4) at /home/kde-devel/kde/build/KDE/kdebase/apps/konqueror/src/konqueror_dummy.cpp:3 -- Valgrind output: bash-4.0$ valgrind konqueror thetrainline.com ==450== Memcheck, a memory error detector. ==450== Copyright (C) 2002-2008, and GNU GPL'd, by Julian Seward et al. ==450== Using LibVEX rev 1884, a library for dynamic binary translation. ==450== Copyright (C) 2004-2008, and GNU GPL'd, by OpenWorks LLP. ==450== Using valgrind-3.4.1, a dynamic binary instrumentation framework. ==450== Copyright (C) 2000-2008, and GNU GPL'd, by Julian Seward et al. ==450== For more details, rerun with: -v ==450== QPainter::begin: Widget painting can only begin as a result of a paintEvent QPainter::translate: Painter not active QPainter::setClipRect: Painter not active ==450== Conditional jump or move depends on uninitialised value(s) ==450== at 0xB6B1D09: KJS::Collector::markStackObjectsConservatively(void*, void*) (collector.cpp:465) ==450== by 0xB6B253F: KJS::Collector::markCurrentThreadConservatively() (collector.cpp:553) ==450== by 0xB6B2566: KJS::Collector::markStackObjectsConservatively() (collector.cpp:613) ==450== by 0xB6B25B3: KJS::Collector::collect() (collector.cpp:687) ==450== by 0xB6B2B0A: KJS::Collector::allocate(unsigned int) (collector.cpp:330) ==450== by 0xB6E3BDC: KJS::JSCell::operator new(unsigned int) (value.cpp:41) ==450== by 0xB6DF0F4: KJS::FunctionImp::construct(KJS::ExecState*, KJS::List const&) (function.cpp:318) ==450== by 0xB703AF3: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1213) ==450== by 0xB6E1E6A: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:144) ==450== by 0xB6E5A8C: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:69) ==450== by 0xB703989: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1192) ==450== by 0xB6E1E6A: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:144) ==450== ==450== Conditional jump or move depends on uninitialised value(s) ==450== at 0xB6B1D11: KJS::Collector::markStackObjectsConservatively(void*, void*) (collector.cpp:465) ==450== by 0xB6B253F: KJS::Collector::markCurrentThreadConservatively() (collector.cpp:553) ==450== by 0xB6B2566: KJS::Collector::markStackObjectsConservatively() (collector.cpp:613) ==450== by 0xB6B25B3: KJS::Collector::collect() (collector.cpp:687) ==450== by 0xB6B2B0A: KJS::Collector::allocate(unsigned int) (collector.cpp:330) ==450== by 0xB6E3BDC: KJS::JSCell::operator new(unsigned int) (value.cpp:41) ==450== by 0xB6DF0F4: KJS::FunctionImp::construct(KJS::ExecState*, KJS::List const&) (function.cpp:318) ==450== by 0xB703AF3: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1213) ==450== by 0xB6E1E6A: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:144) ==450== by 0xB6E5A8C: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:69) ==450== by 0xB703989: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1192) ==450== by 0xB6E1E6A: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:144) ==450== ==450== Conditional jump or move depends on uninitialised value(s) ==450== at 0xB6B1D86: KJS::Collector::markStackObjectsConservatively(void*, void*) (collector.cpp:469) ==450== by 0xB6B253F: KJS::Collector::markCurrentThreadConservatively() (collector.cpp:553) ==450== by 0xB6B2566: KJS::Collector::markStackObjectsConservatively() (collector.cpp:613) ==450== by 0xB6B25B3: KJS::Collector::collect() (collector.cpp:687) ==450== by 0xB6B2B0A: KJS::Collector::allocate(unsigned int) (collector.cpp:330) ==450== by 0xB6E3BDC: KJS::JSCell::operator new(unsigned int) (value.cpp:41) ==450== by 0xB6DF0F4: KJS::FunctionImp::construct(KJS::ExecState*, KJS::List const&) (function.cpp:318) ==450== by 0xB703AF3: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1213) ==450== by 0xB6E1E6A: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:144) ==450== by 0xB6E5A8C: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:69) ==450== by 0xB703989: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1192) ==450== by 0xB6E1E6A: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:144) ==450== ==450== Conditional jump or move depends on uninitialised value(s) ==450== at 0xB6B1D8C: KJS::Collector::markStackObjectsConservatively(void*, void*) (collector.cpp:469) ==450== by 0xB6B253F: KJS::Collector::markCurrentThreadConservatively() (collector.cpp:553) ==450== by 0xB6B2566: KJS::Collector::markStackObjectsConservatively() (collector.cpp:613) ==450== by 0xB6B25B3: KJS::Collector::collect() (collector.cpp:687) ==450== by 0xB6B2B0A: KJS::Collector::allocate(unsigned int) (collector.cpp:330) ==450== by 0xB6E3BDC: KJS::JSCell::operator new(unsigned int) (value.cpp:41) ==450== by 0xB6DF0F4: KJS::FunctionImp::construct(KJS::ExecState*, KJS::List const&) (function.cpp:318) ==450== by 0xB703AF3: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1213) ==450== by 0xB6E1E6A: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:144) ==450== by 0xB6E5A8C: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:69) ==450== by 0xB703989: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1192) ==450== by 0xB6E1E6A: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:144) ==450== ==450== Use of uninitialised value of size 4 ==450== at 0xB6B1D91: KJS::Collector::markStackObjectsConservatively(void*, void*) (collector.cpp:470) ==450== by 0xB6B253F: KJS::Collector::markCurrentThreadConservatively() (collector.cpp:553) ==450== by 0xB6B2566: KJS::Collector::markStackObjectsConservatively() (collector.cpp:613) ==450== by 0xB6B25B3: KJS::Collector::collect() (collector.cpp:687) ==450== by 0xB6B2B0A: KJS::Collector::allocate(unsigned int) (collector.cpp:330) ==450== by 0xB6E3BDC: KJS::JSCell::operator new(unsigned int) (value.cpp:41) ==450== by 0xB6DF0F4: KJS::FunctionImp::construct(KJS::ExecState*, KJS::List const&) (function.cpp:318) ==450== by 0xB703AF3: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1213) ==450== by 0xB6E1E6A: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:144) ==450== by 0xB6E5A8C: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:69) ==450== by 0xB703989: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1192) ==450== by 0xB6E1E6A: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:144) ==450== ==450== Use of uninitialised value of size 4 ==450== at 0xB6B1DA0: KJS::Collector::markStackObjectsConservatively(void*, void*) (collector.h:133) ==450== by 0xB6B253F: KJS::Collector::markCurrentThreadConservatively() (collector.cpp:553) ==450== by 0xB6B2566: KJS::Collector::markStackObjectsConservatively() (collector.cpp:613) ==450== by 0xB6B25B3: KJS::Collector::collect() (collector.cpp:687) ==450== by 0xB6B2B0A: KJS::Collector::allocate(unsigned int) (collector.cpp:330) ==450== by 0xB6E3BDC: KJS::JSCell::operator new(unsigned int) (value.cpp:41) ==450== by 0xB6DF0F4: KJS::FunctionImp::construct(KJS::ExecState*, KJS::List const&) (function.cpp:318) ==450== by 0xB703AF3: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1213) ==450== by 0xB6E1E6A: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:144) ==450== by 0xB6E5A8C: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:69) ==450== by 0xB703989: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1192) ==450== by 0xB6E1E6A: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:144) ==450== ==450== Conditional jump or move depends on uninitialised value(s) ==450== at 0xB6B1DA4: KJS::Collector::markStackObjectsConservatively(void*, void*) (collector.h:133) ==450== by 0xB6B253F: KJS::Collector::markCurrentThreadConservatively() (collector.cpp:553) ==450== by 0xB6B2566: KJS::Collector::markStackObjectsConservatively() (collector.cpp:613) ==450== by 0xB6B25B3: KJS::Collector::collect() (collector.cpp:687) ==450== by 0xB6B2B0A: KJS::Collector::allocate(unsigned int) (collector.cpp:330) ==450== by 0xB6E3BDC: KJS::JSCell::operator new(unsigned int) (value.cpp:41) ==450== by 0xB6DF0F4: KJS::FunctionImp::construct(KJS::ExecState*, KJS::List const&) (function.cpp:318) ==450== by 0xB703AF3: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1213) ==450== by 0xB6E1E6A: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:144) ==450== by 0xB6E5A8C: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:69) ==450== by 0xB703989: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1192) ==450== by 0xB6E1E6A: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:144) ==450== ==450== Use of uninitialised value of size 4 ==450== at 0xB6B1DAF: KJS::Collector::markStackObjectsConservatively(void*, void*) (collector.cpp:473) ==450== by 0xB6B253F: KJS::Collector::markCurrentThreadConservatively() (collector.cpp:553) ==450== by 0xB6B2566: KJS::Collector::markStackObjectsConservatively() (collector.cpp:613) ==450== by 0xB6B25B3: KJS::Collector::collect() (collector.cpp:687) ==450== by 0xB6B2B0A: KJS::Collector::allocate(unsigned int) (collector.cpp:330) ==450== by 0xB6E3BDC: KJS::JSCell::operator new(unsigned int) (value.cpp:41) ==450== by 0xB6D0DDB: KJS::FunctionExecState::FunctionExecState(KJS::Interpreter*, KJS::JSObject*, KJS::FunctionBodyNode*, KJS::ExecState*, KJS::FunctionImp*) (ExecState.cpp:306) ==450== by 0xB6E1D08: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:103) ==450== by 0xB6E5A8C: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:69) ==450== by 0xB703989: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1192) ==450== by 0xB6E1E6A: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:144) ==450== by 0xB6E5A8C: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:69) ==450== ==450== Invalid read of size 4 ==450== at 0x5BB4838: _XGetAtomName (in /usr/lib/libX11.so.6.2.0) ==450== by 0x5BB4B17: XGetAtomName (in /usr/lib/libX11.so.6.2.0) ==450== by 0x522769B: QX11Data::xdndMimeAtomToString(unsigned long) (qdnd_x11.cpp:431) ==450== by 0x522780B: QX11Data::xdndMimeFormatsForAtom(unsigned long) (qdnd_x11.cpp:451) ==450== by 0x522374D: QClipboardWatcher::formats_sys() const (qclipboard_x11.cpp:1188) ==450== by 0x51A7CB2: QInternalMimeData::formats() const (qdnd.cpp:559) ==450== by 0x5223876: QClipboardWatcher::hasFormat_sys(QString const&) const (qclipboard_x11.cpp:1205) ==450== by 0x51A7B98: QInternalMimeData::hasFormat(QString const&) const (qdnd.cpp:546) ==450== by 0xB197889: KHTMLPartBrowserExtension::updateEditActions() (khtml_ext.cpp:326) ==450== by 0xB197C5B: KHTMLPartBrowserExtension::editableWidgetFocused(QWidget*) (khtml_ext.cpp:110) ==450== by 0xB23DBE6: DOM::HTMLGenericFormElementImpl::defaultEventHandler(DOM::EventImpl*) (html_formimpl.cpp:1064) ==450== by 0xB24E5E1: DOM::HTMLInputElementImpl::defaultEventHandler(DOM::EventImpl*) (html_formimpl.cpp:1954) ==450== Address 0x663f4e8 is 16 bytes inside a block of size 17 alloc'd ==450== at 0x402522D: malloc (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so) ==450== by 0x5BBB567: _XUpdateAtomCache (in /usr/lib/libX11.so.6.2.0) ==450== by 0x5BBBA26: _XIntAtomHandler (in /usr/lib/libX11.so.6.2.0) ==450== by 0x5BD83B1: process_responses (in /usr/lib/libX11.so.6.2.0) ==450== by 0x5BD8AC5: _XReply (in /usr/lib/libX11.so.6.2.0) ==450== by 0x5BBB82F: XInternAtoms (in /usr/lib/libX11.so.6.2.0) ==450== by 0x520490F: qt_x11_create_intern_atoms() (qapplication_x11.cpp:739) ==450== by 0x520F453: qt_init(QApplicationPrivate*, int, _XDisplay*, unsigned long, unsigned long) (qapplication_x11.cpp:1974) ==450== by 0x518DB04: QApplicationPrivate::construct(_XDisplay*, unsigned long, unsigned long) (qapplication.cpp:749) ==450== by 0x518D60B: QApplication::QApplication(int&, char**, bool, int) (qapplication.cpp:705) ==450== by 0x47F002D: KApplication::KApplication(bool) (kapplication.cpp:337) ==450== by 0x4054BB9: KonquerorApplication::KonquerorApplication() (konqapplication.cpp:29) ==450== ==450== Invalid read of size 4 ==450== at 0x550A7AA: QAbstractScrollArea::d_func() const (qabstractscrollarea.h:126) ==450== by 0x56CC3E4: QAbstractScrollArea::viewport() const (qabstractscrollarea.cpp:539) ==450== by 0xB132399: KHTMLView::doAutoScroll() (khtmlview.cpp:2020) ==450== by 0xB14B426: KHTMLPart::slotAutoScroll() (khtml_part.cpp:6527) ==450== by 0xB18023F: KHTMLPart::qt_metacall(QMetaObject::Call, int, void**) (khtml_part.moc:326) ==450== by 0x4ED79C9: QMetaObject::activate(QObject*, int, int, void**) (qobject.cpp:3112) ==450== by 0x4ED7D41: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (qobject.cpp:3186) ==450== by 0x4F1C00E: QTimer::timeout() (moc_qtimer.cpp:128) ==450== by 0x4EE05DD: QTimer::timerEvent(QTimerEvent*) (qtimer.cpp:261) ==450== by 0x4ED3BE1: QObject::event(QEvent*) (qobject.cpp:1074) ==450== by 0x51972DA: QApplicationPrivate::notify_helper(QObject*, QEvent*) (qapplication.cpp:4056) ==450== by 0x519573B: QApplication::notify(QObject*, QEvent*) (qapplication.cpp:3603) ==450== Address 0x4 is not stack'd, malloc'd or (recently) free'd KCrash: Application 'konqueror' crashing... sock_file=/home/kde-devel/.kde4/socket-emiDell/kdeinit4__0 [1] Salida 253 konqueror thetrainline.com [2]+ Detenido valgrind konqueror thetrainline.com bash-4.0$ ==450== ==450== ERROR SUMMARY: 36422 errors from 10 contexts (suppressed: 385 from 4) ==450== malloc/free: in use at exit: 15,786,953 bytes in 285,278 blocks. ==450== malloc/free: 1,940,777 allocs, 1,655,499 frees, 359,476,334 bytes allocated. ==450== For counts of detected errors, rerun with: -v ==450== Use --track-origins=yes to see where uninitialised values come from ==450== searching for pointers to 285,278 not-freed blocks. ==450== checked 57,476,652 bytes. ==450== ==450== LEAK SUMMARY: ==450== definitely lost: 58,236 bytes in 2,443 blocks. ==450== possibly lost: 156,910 bytes in 5,274 blocks. ==450== still reachable: 15,571,807 bytes in 277,561 blocks. ==450== suppressed: 0 bytes in 0 blocks. ==450== Rerun with --leak-check=full to see details of leaked memory.
*** Bug 197417 has been marked as a duplicate of this bug. ***
*** Bug 210317 has been marked as a duplicate of this bug. ***
*** Bug 210976 has been marked as a duplicate of this bug. ***
*** Bug 214215 has been marked as a duplicate of this bug. ***
*** Bug 215929 has been marked as a duplicate of this bug. ***
*** Bug 216784 has been marked as a duplicate of this bug. ***
*** Bug 231944 has been marked as a duplicate of this bug. ***
Cannot reproduce the initial report but I'm able to reproduce the comment #4 (KDE 4.4.5 and KDE 4.5.0)
I can reproduce the bug according to the comment #4 as well. Fedora release 13 (Goddard) kdebase-4.4.5-1.fc13.x86_64 qt-4.6.3-8.fc13.x86_64 kernel-2.6.33.5-124.fc13.x86_64 #1 SMP Fri Jun 11 09:38:12 UTC 2010 x86_64 -- Backtrace-- Application: Konqueror (konqueror), signal: Segmentation fault 82 T_PSEUDO (SYSCALL_SYMBOL, SYSCALL_NAME, SYSCALL_NARGS) [Current thread is 1 (Thread 0x7f3fe54ac820 (LWP 3106))] Thread 2 (Thread 0x7f3fd5aaf710 (LWP 3119)): #0 pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:162 #1 0x00000030e4b2a056 in QTWTF::TCMalloc_PageHeap::scavengerThread (this=0x30e4e040c0) at ../3rdparty/javascriptcore/JavaScriptCore/wtf/FastMalloc.cpp:2304 #2 0x00000030e4b2a099 in QTWTF::TCMalloc_PageHeap::runScavengerThread (context=0x30e4e1218c) at ../3rdparty/javascriptcore/JavaScriptCore/wtf/FastMalloc.cpp:1438 #3 0x00000030cba07761 in start_thread (arg=0x7f3fd5aaf710) at pthread_create.c:301 #4 0x00000030caee14ed in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115 Thread 1 (Thread 0x7f3fe54ac820 (LWP 3106)): [KCrash Handler] #5 QAbstractScrollArea::viewport (this=0x0) at widgets/qabstractscrollarea.cpp:568 #6 0x0000003b767cba6d in KHTMLView::doAutoScroll (this=0x46d7e00) at /usr/src/debug/kdelibs-4.4.5/khtml/khtmlview.cpp:2035 #7 0x0000003b768107dd in KHTMLPart::qt_metacall (this=0x4440b30, _c=QMetaObject::InvokeMetaMethod, _id=74, _a=0x7fffdf6f6e30) at /usr/src/debug/kdelibs-4.4.5/x86_64-redhat-linux-gnu/khtml/khtml_part.moc:332 #8 0x00000030d6f66a36 in QMetaObject::activate (sender=0x4476c00, m=<value optimized out>, local_signal_index=<value optimized out>, argv=0x0) at kernel/qobject.cpp:3295 #9 0x00000030d6f62c4e in QObject::event (this=0x4476c00, e=0x7fffdf6f7580) at kernel/qobject.cpp:1212 #10 0x0000003b6e3ab39c in QApplicationPrivate::notify_helper (this=0x2322d30, receiver=0x4476c00, e=0x7fffdf6f7580) at kernel/qapplication.cpp:4306 #11 0x0000003b6e3b165b in QApplication::notify (this=<value optimized out>, receiver=0x4476c00, e=0x7fffdf6f7580) at kernel/qapplication.cpp:4189 #12 0x0000003b6d007016 in KApplication::notify (this=0x7fffdf6f7a30, receiver=0x4476c00, event=0x7fffdf6f7580) at /usr/src/debug/kdelibs-4.4.5/kdeui/kernel/kapplication.cpp:302 #13 0x00000030d6f53ddc in QCoreApplication::notifyInternal (this=0x7fffdf6f7a30, receiver=0x4476c00, event=0x7fffdf6f7580) at kernel/qcoreapplication.cpp:726 #14 0x00000030d6f7c6f2 in sendEvent (this=0x23269e0) at kernel/qcoreapplication.h:215 #15 QTimerInfoList::activateTimers (this=0x23269e0) at kernel/qeventdispatcher_unix.cpp:603 #16 0x00000030d6f79b74 in timerSourceDispatch (source=<value optimized out>) at kernel/qeventdispatcher_glib.cpp:184 #17 0x00000030cd23bd02 in g_main_dispatch (context=0x2325920) at gmain.c:1960 #18 IA__g_main_context_dispatch (context=0x2325920) at gmain.c:2513 #19 0x00000030cd23fae8 in g_main_context_iterate (context=0x2325920, block=1, dispatch=1, self=<value optimized out>) at gmain.c:2591 #20 0x00000030cd23fc9c in IA__g_main_context_iteration (context=0x2325920, may_block=1) at gmain.c:2654 #21 0x00000030d6f79863 in QEventDispatcherGlib::processEvents (this=0x2306c70, flags=<value optimized out>) at kernel/qeventdispatcher_glib.cpp:412 #22 0x0000003b6e44a84e in QGuiEventDispatcherGlib::processEvents (this=<value optimized out>, flags=<value optimized out>) at kernel/qguieventdispatcher_glib.cpp:204 #23 0x00000030d6f52822 in QEventLoop::processEvents (this=<value optimized out>, flags=...) at kernel/qeventloop.cpp:149 #24 0x00000030d6f52aec in QEventLoop::exec (this=0x7fffdf6f7820, flags=...) at kernel/qeventloop.cpp:201 #25 0x00000030d6f561bb in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1003 #26 0x0000003b706b34fb in kdemain () from /usr/lib64/libkdeinit4_konqueror.so #27 0x00000030cae1ec5d in __libc_start_main (main=0x400860 <_start+240>, argc=2, ubp_av=0x7fffdf6f8418, init=<value optimized out>, fini=<value optimized out>, rtld_fini=<value optimized out>, stack_end=0x7fffdf6f8408) at libc-start.c:226 #28 0x0000000000400799 in _start () -- End backtrace -- The same crash happened when I searched for a train at www.oebb.at (looks like konqueror doesn't like trains ;))
[Comment from a bug triager] From bug 234118: -- Information about the crash: I clicked on the dropdown list next to "iparág" at the bottom left part of nol.hu . From bug 250347: - What I was doing when the application crashed: Trying to choose dates for booking a train ticket. It is possible to enter the dates manually into the input fileds but using the calendar to select a date is always fatal (Note from Dario A.: you need to select the date on the second selector (the "Return" one which is empty "dd/mm/yyyy")
*** Bug 234118 has been marked as a duplicate of this bug. ***
*** Bug 250347 has been marked as a duplicate of this bug. ***
*** Bug 262584 has been marked as a duplicate of this bug. ***
*** Bug 235983 has been marked as a duplicate of this bug. ***
*** Bug 235950 has been marked as a duplicate of this bug. ***
*** Bug 268558 has been marked as a duplicate of this bug. ***
*** Bug 288014 has been marked as a duplicate of this bug. ***
Thank you for the report, Alex. As it has been a while since this was reported, can you please test and confirm if this issue is still occurring or if this bug report can be marked as resolved. I have set the bug status to "needsinfo" pending your response, please change back to "reported" or "resolved/worksforme" when you respond, thank you.
Dear Bug Submitter, This bug has been in NEEDSINFO status with no change for at least 15 days. Please provide the requested information as soon as possible and set the bug status as REPORTED. Due to regular bug tracker maintenance, if the bug is still in NEEDSINFO status with no change in 30 days the bug will be closed as RESOLVED > WORKSFORME due to lack of needed information. For more information about our bug triaging procedures please read the wiki located here: https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging If you have already provided the requested information, please mark the bug as REPORTED so that the KDE team knows that the bug is ready to be confirmed. Thank you for helping us make KDE software even better for everyone!
This bug has been in NEEDSINFO status with no change for at least 30 days. The bug is now closed as RESOLVED > WORKSFORME due to lack of needed information. For more information about our bug triaging procedures please read the wiki located here: https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging Thank you for helping us make KDE software even better for everyone!