-
Bug
-
Resolution: Fixed
-
P1: Critical
-
6.4.0, 6.4.1, 6.4.2
-
None
-
All
-
a7c4507b1 (dev), a00de49e4 (tqtc/lts-6.2), 48875ac43 (6.6), ec29b7f67 (6.5)
I can see crashes in our application error reporting, which can be catched in rare cases via valgrind, and look like this:
==346904== Invalid read of size 8 ==346904== at 0x7BF1D04: operator() (qquickitem.cpp:2337) ==346904== by 0x7BF1D04: notifyChangeListeners<QQuickItem::~QQuickItem()::<lambda(const QQuickItemPrivate::ChangeListener&)> > (qquickitem_p.h:350) ==346904== by 0x7BF1D04: QQuickItem::~QQuickItem() (qquickitem.cpp:2336) ==346904== by 0x7DDEE54: ~QQmlElement (qqmlprivate.h:99) ==346904== by 0x7DDEE54: QQmlPrivate::QQmlElement<QQuickRepeater>::~QQmlElement() (qqmlprivate.h:99) ==346904== by 0xA55F039: QObjectPrivate::deleteChildren() (qobject.cpp:2161) ==346904== by 0xA5636C4: QObject::~QObject() (qobject.cpp:1099) ==346904== by 0x7DDF6ED: ~QQuickRectangle (qquickrectangle_p.h:128) ==346904== by 0x7DDF6ED: ~QQmlElement (qqmlprivate.h:99) ==346904== by 0x7DDF6ED: QQmlPrivate::QQmlElement<QQuickRectangle>::~QQmlElement() (qqmlprivate.h:99) ==346904== by 0xA5571FF: QObject::event(QEvent*) (qobject.cpp:1365) ==346904== by 0x8BE6101: QApplicationPrivate::notify_helper(QObject*, QEvent*) (qapplication.cpp:3313) ==346904== by 0xA507399: QCoreApplication::notifyInternal2(QObject*, QEvent*) (qcoreapplication.cpp:1026) ==346904== by 0xA50DEFC: QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (qcoreapplication.cpp:1804) ==346904== by 0xA7AF2D2: postEventSourceDispatch(_GSource*, int (*)(void*), void*) (qeventdispatcher_glib.cpp:243) ==346904== by 0xB6EDFAE: UnknownInlinedFun (gmain.c:3417) ==346904== by 0xB6EDFAE: g_main_context_dispatch (gmain.c:4135) ==346904== by 0xB7432C7: g_main_context_iterate.constprop.0 (gmain.c:4211) ==346904== Address 0x1eb76528 is 120 bytes inside a block of size 568 free'd ==346904== at 0x77718DD: operator delete(void*, unsigned long) (vg_replace_malloc.c:935) ==346904== by 0xAF6A3F4: ~QQmlElement (qqmlprivate.h:99) ==346904== by 0xAF6A3F4: QQmlPrivate::QQmlElement<QQuickMenu>::~QQmlElement() (qqmlprivate.h:99) ==346904== by 0xA55F039: QObjectPrivate::deleteChildren() (qobject.cpp:2161) ==346904== by 0xA5636C4: QObject::~QObject() (qobject.cpp:1099) ==346904== by 0x7DDF6ED: ~QQuickRectangle (qquickrectangle_p.h:128) ==346904== by 0x7DDF6ED: ~QQmlElement (qqmlprivate.h:99) ==346904== by 0x7DDF6ED: QQmlPrivate::QQmlElement<QQuickRectangle>::~QQmlElement() (qqmlprivate.h:99) ==346904== by 0xA5571FF: QObject::event(QEvent*) (qobject.cpp:1365) ==346904== by 0x8BE6101: QApplicationPrivate::notify_helper(QObject*, QEvent*) (qapplication.cpp:3313) ==346904== by 0xA507399: QCoreApplication::notifyInternal2(QObject*, QEvent*) (qcoreapplication.cpp:1026) ==346904== by 0xA50DEFC: QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (qcoreapplication.cpp:1804) ==346904== by 0xA7AF2D2: postEventSourceDispatch(_GSource*, int (*)(void*), void*) (qeventdispatcher_glib.cpp:243) ==346904== by 0xB6EDFAE: UnknownInlinedFun (gmain.c:3417) ==346904== by 0xB6EDFAE: g_main_context_dispatch (gmain.c:4135) ==346904== by 0xB7432C7: g_main_context_iterate.constprop.0 (gmain.c:4211) ==346904== Block was alloc'd at ==346904== at 0x776EFF5: operator new(unsigned long) (vg_replace_malloc.c:422) ==346904== by 0xAEF4DB8: QQuickMenu::QQuickMenu(QObject*) (qquickmenu.cpp:698) ==346904== by 0xAF68EAA: QQmlElement (qqmlprivate.h:94) ==346904== by 0xAF68EAA: void QQmlPrivate::createInto<QQuickMenu>(void*, void*) (qqmlprivate.h:157) ==346904== by 0x84FF579: create (qqmltype.cpp:479) ==346904== by 0x84FF579: QQmlType::create(void**, unsigned long) const (qqmltype.cpp:471) ==346904== by 0x84B45BF: QQmlObjectCreator::createInstance(int, QObject*, bool) (qqmlobjectcreator.cpp:1186) ==346904== by 0x84B514A: QQmlObjectCreator::create(int, QObject*, QQmlInstantiationInterrupt*, int) (qqmlobjectcreator.cpp:184) ==346904== by 0x84B4229: QQmlObjectCreator::createInstance(int, QObject*, bool) (qqmlobjectcreator.cpp:1232) ==346904== by 0x84B6365: QQmlObjectCreator::setPropertyBinding(QQmlPropertyData const*, QV4::CompiledData::Binding const*) (qqmlobjectcreator.cpp:780) ==346904== by 0x84B7F2D: QQmlObjectCreator::setupBindings(QFlags<QQmlObjectCreator::BindingMode>) (qqmlobjectcreator.cpp:721) ==346904== by 0x84B216A: QQmlObjectCreator::populateInstance(int, QObject*, QObject*, QQmlPropertyData const*, QV4::CompiledData::Binding const*) (qqmlo bjectcreator.cpp:1646) ==346904== by 0x84B3F2C: QQmlObjectCreator::createInstance(int, QObject*, bool) (qqmlobjectcreator.cpp:1332) ==346904== by 0x84B514A: QQmlObjectCreator::create(int, QObject*, QQmlInstantiationInterrupt*, int) (qqmlobjectcreator.cpp:184)
I can't provide any special example code that leads to the crash all the time.
Fact is that if I comment all MenuItem / Menu instances in the application, it does not crash anymore.
The linked patch fixes the issue for us.