Application: konqueror (4.5.85 (4.6 Beta2)) KDE Platform Version: 4.5.85 (4.6 Beta2) Qt Version: 4.7.1 Operating System: Linux 2.6.37-rc5-12-default i686 Distribution: "openSUSE 11.4 Milestone 5 of 6 (i586)" -- Information about the crash: - What I was doing when the application crashed: I´ve runned the fuzzer: http://lcamtuf.coredump.cx/cross_fuzz/ -- Backtrace: Application: Konqueror (kdeinit4), signal: Segmentation fault [Current thread is 1 (Thread 0xb584d710 (LWP 4614))] Thread 2 (Thread 0xab779b70 (LWP 4666)): #0 0xb5b6722b in clock_gettime (clock_id=1, tp=0xab779020) at ../sysdeps/unix/clock_gettime.c:100 #1 0xb6d5fac5 in do_gettime () at tools/qelapsedtimer_unix.cpp:123 #2 qt_gettime () at tools/qelapsedtimer_unix.cpp:140 #3 0xb6e326f6 in updateCurrentTime (this=0x86c2bbc, tm=...) at kernel/qeventdispatcher_unix.cpp:339 #4 QTimerInfoList::timerWait (this=0x86c2bbc, tm=...) at kernel/qeventdispatcher_unix.cpp:442 #5 0xb6e30f3b in timerSourcePrepareHelper (src=<value optimized out>, timeout=0xab77911c) at kernel/qeventdispatcher_glib.cpp:136 #6 0xb6e30fdd in timerSourcePrepare (source=0x86c2b88, timeout=<value optimized out>) at kernel/qeventdispatcher_glib.cpp:169 #7 0xb5ab6210 in g_main_context_prepare (context=0x86c0a90, priority=0xab77918c) at gmain.c:2588 #8 0xb5ab7082 in g_main_context_iterate (context=0x86c0a90, block=1, dispatch=1, self=0x86bf578) at gmain.c:2882 #9 0xb5ab776e in g_main_context_iteration (context=0x86c0a90, may_block=1) at gmain.c:2965 #10 0xb6e31787 in QEventDispatcherGlib::processEvents (this=0x86c05f8, flags=...) at kernel/qeventdispatcher_glib.cpp:424 #11 0xb6e0229d in QEventLoop::processEvents (this=0xab7792b0, flags=...) at kernel/qeventloop.cpp:149 #12 0xb6e024c9 in QEventLoop::exec (this=0xab7792b0, flags=...) at kernel/qeventloop.cpp:201 #13 0xb6d037b9 in QThread::exec (this=0x86bf4e0) at thread/qthread.cpp:490 #14 0xb6de222d in QInotifyFileSystemWatcherEngine::run (this=0x86bf4e0) at io/qfilesystemwatcher_inotify.cpp:248 #15 0xb6d063aa in QThreadPrivate::start (arg=0x86bf4e0) at thread/qthread_unix.cpp:285 #16 0xb6c8ab25 in start_thread (arg=0xab779b70) at pthread_create.c:297 #17 0xb6047c5e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130 Thread 1 (Thread 0xb584d710 (LWP 4614)): [KCrash Handler] #7 0xaf85d458 in DOM::RangeImpl::insertNode (this=0x8aac238, newNode=0x0, exceptioncode=@0xbfb173ec) at /usr/src/debug/kdelibs-4.5.85/khtml/xml/dom2_rangeimpl.cpp:747 #8 0xafa557b5 in KJS::DOMRangeProtoFunc::callAsFunction (this=0x8125494, exec=0xbfb177bc, thisObj=0x4, args=...) at /usr/src/debug/kdelibs-4.5.85/khtml/ecma/kjs_range.cpp:163 #9 0xaf617a4b in call (exec=0xbfb177bc, codeBlock=..., parentExec=0x0) at /usr/src/debug/kdelibs-4.5.85/kjs/object.h:626 #10 KJS::Machine::runBlock (exec=0xbfb177bc, codeBlock=..., parentExec=0x0) at codes.def:1204 #11 0xaf5cc05c in KJS::FunctionBodyNode::execute (this=0x88ba208, exec=0xbfb177bc) at /usr/src/debug/kdelibs-4.5.85/kjs/nodes.cpp:927 #12 0xaf5f6e9c in KJS::GlobalFuncImp::callAsFunction (this=0xab98e960, exec=0xbfb17b5c, args=...) at /usr/src/debug/kdelibs-4.5.85/kjs/function.cpp:945 #13 0xaf617a4b in call (exec=0xbfb17b5c, codeBlock=..., parentExec=0xbfb17efc) at /usr/src/debug/kdelibs-4.5.85/kjs/object.h:626 #14 KJS::Machine::runBlock (exec=0xbfb17b5c, codeBlock=..., parentExec=0xbfb17efc) at codes.def:1204 #15 0xaf5f66e6 in KJS::FunctionImp::callAsFunction (this=0xab98f6a0, exec=0xbfb17efc, thisObj=0xab990000, args=...) at /usr/src/debug/kdelibs-4.5.85/kjs/function.cpp:172 #16 0xaf617a4b in call (exec=0xbfb17efc, codeBlock=..., parentExec=0xbfb1829c) at /usr/src/debug/kdelibs-4.5.85/kjs/object.h:626 #17 KJS::Machine::runBlock (exec=0xbfb17efc, codeBlock=..., parentExec=0xbfb1829c) at codes.def:1204 #18 0xaf5f66e6 in KJS::FunctionImp::callAsFunction (this=0xab98f6a0, exec=0xbfb1829c, thisObj=0xab990000, args=...) at /usr/src/debug/kdelibs-4.5.85/kjs/function.cpp:172 #19 0xaf617a4b in call (exec=0xbfb1829c, codeBlock=..., parentExec=0xbfb1863c) at /usr/src/debug/kdelibs-4.5.85/kjs/object.h:626 #20 KJS::Machine::runBlock (exec=0xbfb1829c, codeBlock=..., parentExec=0xbfb1863c) at codes.def:1204 #21 0xaf5f66e6 in KJS::FunctionImp::callAsFunction (this=0xab98f6a0, exec=0xbfb1863c, thisObj=0xab990000, args=...) at /usr/src/debug/kdelibs-4.5.85/kjs/function.cpp:172 #22 0xaf617a4b in call (exec=0xbfb1863c, codeBlock=..., parentExec=0xbfb18a6c) at /usr/src/debug/kdelibs-4.5.85/kjs/object.h:626 #23 KJS::Machine::runBlock (exec=0xbfb1863c, codeBlock=..., parentExec=0xbfb18a6c) at codes.def:1204 #24 0xaf5f66e6 in KJS::FunctionImp::callAsFunction (this=0xab98f660, exec=0xbfb18a6c, thisObj=0xab990000, args=...) at /usr/src/debug/kdelibs-4.5.85/kjs/function.cpp:172 #25 0xaf617a4b in call (exec=0xbfb18a6c, codeBlock=..., parentExec=0x0) at /usr/src/debug/kdelibs-4.5.85/kjs/object.h:626 #26 KJS::Machine::runBlock (exec=0xbfb18a6c, codeBlock=..., parentExec=0x0) at codes.def:1204 #27 0xaf5cc05c in KJS::FunctionBodyNode::execute (this=0x860e9a8, exec=0xbfb18a6c) at /usr/src/debug/kdelibs-4.5.85/kjs/nodes.cpp:927 #28 0xaf5ff1c0 in KJS::Interpreter::evaluate (this=0x82ffd90, sourceURL=..., startingLineNumber=1, code=0x8779940, codeLength=44, thisV=0xab990000) at /usr/src/debug/kdelibs-4.5.85/kjs/interpreter.cpp:564 #29 0xaf5ff37a in KJS::Interpreter::evaluate (this=0x82ffd90, sourceURL=..., startingLineNumber=1, code=..., thisV=0xab990000) at /usr/src/debug/kdelibs-4.5.85/kjs/interpreter.cpp:504 #30 0xafa45293 in KJSProxy::evaluate (this=0x8346450, filename=..., baseLine=135419016, str=..., n=..., completion=0xbfb18c78) at /usr/src/debug/kdelibs-4.5.85/khtml/ecma/kjs_proxy.cpp:126 #31 0xaf7cbdb4 in KHTMLPart::executeScript (this=0x83961c8, n=..., script=...) at /usr/src/debug/kdelibs-4.5.85/khtml/khtml_part.cpp:1327 #32 0xafa2cea3 in KJS::ScheduledAction::execute (this=0xbfb18d10, window=0xbfb18d04) at /usr/src/debug/kdelibs-4.5.85/khtml/ecma/kjs_window.cpp:2293 #33 0xafa3be57 in KJS::WindowQObject::timerEvent (this=0x8291380) at /usr/src/debug/kdelibs-4.5.85/khtml/ecma/kjs_window.cpp:2458 #34 0xb6e183c4 in QObject::event (this=0x8291380, e=0xbfb192ac) at kernel/qobject.cpp:1175 #35 0xb630f434 in QApplicationPrivate::notify_helper (this=0x80e3280, receiver=0x8291380, e=0xbfb192ac) at kernel/qapplication.cpp:4445 #36 0xb63180d7 in QApplication::notify (this=0xbfb19720, receiver=0x8291380, e=0xbfb192ac) at kernel/qapplication.cpp:3845 #37 0xb745b351 in KApplication::notify (this=0xbfb19720, receiver=0x8291380, event=0xbfb192ac) at /usr/src/debug/kdelibs-4.5.85/kdeui/kernel/kapplication.cpp:311 #38 0xb6e02fbe in QCoreApplication::notifyInternal (this=0xbfb19720, receiver=0x8291380, event=0xbfb192ac) at kernel/qcoreapplication.cpp:732 #39 0xb6e34349 in sendEvent (this=0x80e5c84) at kernel/qcoreapplication.h:215 #40 QTimerInfoList::activateTimers (this=0x80e5c84) at kernel/qeventdispatcher_unix.cpp:618 #41 0xb6e31012 in timerSourceDispatch (source=0x80e5c50) at kernel/qeventdispatcher_glib.cpp:184 #42 0xb5ab6ca9 in g_main_dispatch (context=0x80e5498) at gmain.c:2267 #43 g_main_context_dispatch (context=0x80e5498) at gmain.c:2824 #44 0xb5ab74b0 in g_main_context_iterate (context=0x80e5498, block=1, dispatch=1, self=0x80e3418) at gmain.c:2902 #45 0xb5ab776e in g_main_context_iteration (context=0x80e5498, may_block=1) at gmain.c:2965 #46 0xb6e3173b in QEventDispatcherGlib::processEvents (this=0x80c2848, flags=...) at kernel/qeventdispatcher_glib.cpp:422 #47 0xb63c553a in QGuiEventDispatcherGlib::processEvents (this=0x80c2848, flags=...) at kernel/qguieventdispatcher_glib.cpp:204 #48 0xb6e0229d in QEventLoop::processEvents (this=0xbfb19554, flags=...) at kernel/qeventloop.cpp:149 #49 0xb6e024c9 in QEventLoop::exec (this=0xbfb19554, flags=...) at kernel/qeventloop.cpp:201 #50 0xb6e06f70 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1009 #51 0xb630d124 in QApplication::exec () at kernel/qapplication.cpp:3719 #52 0xb247924f in kdemain (argc=2, argv=0x80c6ee0) at /usr/src/debug/kdebase-4.5.85/apps/konqueror/src/konqmain.cpp:219 #53 0x0804e531 in launch (argc=2, _name=0x80a153c "/usr/bin/konqueror", args=<value optimized out>, cwd=0x0, envc=0, envs=<value optimized out>, reset_env=false, tty=0x0, avoid_loops=false, startup_id_str=0x80a1560 "linux-ym78;1294670885;231866;2633_TIME363222") at /usr/src/debug/kdelibs-4.5.85/kinit/kinit.cpp:730 #54 0x0804f04f in handle_launcher_request (sock=8, who=<value optimized out>) at /usr/src/debug/kdelibs-4.5.85/kinit/kinit.cpp:1222 #55 0x0804f6fc in handle_requests (waitForPid=<value optimized out>) at /usr/src/debug/kdelibs-4.5.85/kinit/kinit.cpp:1415 #56 0x08050579 in main (argc=6903652, argv=0x0, envp=0x0) at /usr/src/debug/kdelibs-4.5.85/kinit/kinit.cpp:1901 Reported using DrKonqi
Created attachment 55828 [details] New crash information added by DrKonqi konqueror (4.5.85 (4.6 Beta2)) on KDE Platform 4.5.85 (4.6 Beta2) using Qt 4.7.1 - What I was doing when the application crashed: Also the fuzzer: http://lcamtuf.coredump.cx/cross_fuzz/ It´s the same crash. -- Backtrace (Reduced): #7 0xaf85d458 in DOM::RangeImpl::insertNode (this=0x8a91138, newNode=0x0, exceptioncode=@0xbfb173ec) at /usr/src/debug/kdelibs-4.5.85/khtml/xml/dom2_rangeimpl.cpp:747 #8 0xafa557b5 in KJS::DOMRangeProtoFunc::callAsFunction (this=0x88fd0cc, exec=0xbfb177bc, thisObj=0x4, args=...) at /usr/src/debug/kdelibs-4.5.85/khtml/ecma/kjs_range.cpp:163 #9 0xaf617a4b in call (exec=0xbfb177bc, codeBlock=..., parentExec=0x0) at /usr/src/debug/kdelibs-4.5.85/kjs/object.h:626 #10 KJS::Machine::runBlock (exec=0xbfb177bc, codeBlock=..., parentExec=0x0) at codes.def:1204 #11 0xaf5cc05c in KJS::FunctionBodyNode::execute (this=0x891abe0, exec=0xbfb177bc) at /usr/src/debug/kdelibs-4.5.85/kjs/nodes.cpp:927
Created attachment 55829 [details] New crash information added by DrKonqi konqueror (4.5.85 (4.6 Beta2)) on KDE Platform 4.5.85 (4.6 Beta2) using Qt 4.7.1 - What I was doing when the application crashed: fuzzing: http://lcamtuf.coredump.cx/cross_fuzz/ It crashed every time because of the same. -- Backtrace (Reduced): #7 0xaf85f458 in DOM::RangeImpl::insertNode (this=0x8b90638, newNode=0x0, exceptioncode=@0xbfb173ec) at /usr/src/debug/kdelibs-4.5.85/khtml/xml/dom2_rangeimpl.cpp:747 #8 0xafa577b5 in KJS::DOMRangeProtoFunc::callAsFunction (this=0x8b70af4, exec=0xbfb177bc, thisObj=0x4, args=...) at /usr/src/debug/kdelibs-4.5.85/khtml/ecma/kjs_range.cpp:163 #9 0xaf619a4b in call (exec=0xbfb177bc, codeBlock=..., parentExec=0x0) at /usr/src/debug/kdelibs-4.5.85/kjs/object.h:626 #10 KJS::Machine::runBlock (exec=0xbfb177bc, codeBlock=..., parentExec=0x0) at codes.def:1204 #11 0xaf5ce05c in KJS::FunctionBodyNode::execute (this=0x8d25c58, exec=0xbfb177bc) at /usr/src/debug/kdelibs-4.5.85/kjs/nodes.cpp:927
*** This bug has been marked as a duplicate of bug 262040 ***