Details
-
Bug
-
Resolution: Fixed
-
P1: Critical
-
5.15.2, 6.2.2
-
None
-
-
8a7415541 (dev), 429fc2ca2 (6.6), fbbda444c (6.5), 301709956 (tqtc/lts-6.2)
Description
Qt/QML crashes at runtime when an animation is started for the second time after caching its targets' properties, but one or more of those targets are actually destroyed by the time it restarts.
It is likely because the list<> property type does not emit any on*Changed() signal when any of its items are destroyed — either manually by invoking QtObject::destroy() method, by an Instantiator when it removes its managed objects, or in any other way. Lists start showing null values after control returns to the even loop (so that Qt finishes actually destroying an object and cleans up all references it can find), but according to the backtrace Animation does some property caching, and so it tries to access freed memory leading to Segmentation fault.
Backtrace of the project attached:
Core was generated by `/home/ratijas/projects/playground/crash-animations-instantiator/build/Desktop_Q'. Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00007f99a9d725f6 in QQmlPropertyData* qQmlPropertyCacheProperty<QStringRef const&>(QJSEngine*, QObject*, QStringRef const&, QQmlContextData*, QQmlPropertyData&) () from /opt/Qt/5.15.2/gcc_64/lib/libQt5Qml.so.5 [Current thread is 1 (Thread 0x7f99a57d5c40 (LWP 37261))] (gdb) bt #0 0x00007f99a9d725f6 in QQmlPropertyData* qQmlPropertyCacheProperty<QStringRef const&>(QJSEngine*, QObject*, QStringRef const&, QQmlContextData*, QQmlPropertyData&) () from /opt/Qt/5.15.2/gcc_64/lib/libQt5Qml.so.5 #1 0x00007f99a9d31695 in QQmlPropertyPrivate::initProperty(QObject*, QString const&) () from /opt/Qt/5.15.2/gcc_64/lib/libQt5Qml.so.5 #2 0x00007f99a9d326e0 in QQmlProperty::QQmlProperty(QObject*, QString const&, QQmlContext*) () from /opt/Qt/5.15.2/gcc_64/lib/libQt5Qml.so.5 #3 0x00007f99aa4dd0eb in QQuickAbstractAnimationPrivate::createProperty(QObject*, QString const&, QObject*, QString*) () from /opt/Qt/5.15.2/gcc_64/lib/libQt5Quick.so.5 #4 0x00007f99aa4e2f0c in QQuickPropertyAnimation::createTransitionActions(QList<QQuickStateAction>&, QList<QQmlProperty>&, QObject*) () from /opt/Qt/5.15.2/gcc_64/lib/libQt5Quick.so.5 #5 0x00007f99aa4e4084 in QQuickPropertyAnimation::transition(QList<QQuickStateAction>&, QList<QQmlProperty>&, QQuickAbstractAnimation::TransitionDirection, QObject*) () from /opt/Qt/5.15.2/gcc_64/lib/libQt5Quick.so.5 #6 0x00007f99aa4dd766 in QQuickSequentialAnimation::transition(QList<QQuickStateAction>&, QList<QQmlProperty>&, QQuickAbstractAnimation::TransitionDirection, QObject*) () from /opt/Qt/5.15.2/gcc_64/lib/libQt5Quick.so.5 #7 0x00007f99aa4e035f in QQuickAbstractAnimationPrivate::commence() () from /opt/Qt/5.15.2/gcc_64/lib/libQt5Quick.so.5 #8 0x00007f99aa4e05cc in QQuickAbstractAnimation::setRunning(bool) () from /opt/Qt/5.15.2/gcc_64/lib/libQt5Quick.so.5 #9 0x00007f99aa4e4c50 in QQuickAbstractAnimation::qt_metacall(QMetaObject::Call, int, void**) () from /opt/Qt/5.15.2/gcc_64/lib/libQt5Quick.so.5 #10 0x00007f99aa4e5235 in QQuickAnimationGroup::qt_metacall(QMetaObject::Call, int, void**) () from /opt/Qt/5.15.2/gcc_64/lib/libQt5Quick.so.5 #11 0x00007f99a9d77349 in QQmlObjectOrGadget::metacall(QMetaObject::Call, int, void**) const () from /opt/Qt/5.15.2/gcc_64/lib/libQt5Qml.so.5 #12 0x00007f99a9c5f75b in CallMethod(QQmlObjectOrGadget const&, int, int, int, int*, QV4::ExecutionEngine*, QV4::CallData*, QMetaObject::Call) [clone .constprop.335] () from /opt/Qt/5.15.2/gcc_64/lib/libQt5Qml.so.5 #13 0x00007f99a9c5ff7c in CallPrecise(QQmlObjectOrGadget const&, QQmlPropertyData const&, QV4::ExecutionEngine*, QV4::CallData*, QMetaObject::Call) [clone .constprop.332] () from /opt/Qt/5.15.2/gcc_64/lib/libQt5Qml.so.5 #14 0x00007f99a9c60e13 in QV4::QObjectMethod::callInternal(QV4::Value const*, QV4::Value const*, int) const () from /opt/Qt/5.15.2/gcc_64/lib/libQt5Qml.so.5 #15 0x00007f99a9c7e863 in QV4::Moth::VME::interpret(QV4::CppStackFrame*, QV4::ExecutionEngine*, char const*) () from /opt/Qt/5.15.2/gcc_64/lib/libQt5Qml.so.5 #16 0x00007f99a9c81722 in QV4::Moth::VME::exec(QV4::CppStackFrame*, QV4::ExecutionEngine*) () from /opt/Qt/5.15.2/gcc_64/lib/libQt5Qml.so.5 #17 0x00007f99a9c161e5 in QV4::Function::call(QV4::Value const*, QV4::Value const*, int, QV4::ExecutionContext const*) () from /opt/Qt/5.15.2/gcc_64/lib/libQt5Qml.so.5 #18 0x00007f99a9d9743a in QQmlJavaScriptExpression::evaluate(QV4::CallData*, bool*) () from /opt/Qt/5.15.2/gcc_64/lib/libQt5Qml.so.5 #19 0x00007f99a9d42d4c in QQmlBoundSignalExpression::evaluate(void**) () from /opt/Qt/5.15.2/gcc_64/lib/libQt5Qml.so.5 #20 0x00007f99a9d44613 in QQmlBoundSignal_callback(QQmlNotifierEndpoint*, void**) () from /opt/Qt/5.15.2/gcc_64/lib/libQt5Qml.so.5 #21 0x00007f99a9d76e18 in QQmlNotifier::emitNotify(QQmlNotifierEndpoint*, void**) () from /opt/Qt/5.15.2/gcc_64/lib/libQt5Qml.so.5 #22 0x00007f99a9d265c6 in QQmlData::signalEmitted(QAbstractDeclarativeData*, QObject*, int, void**) () from /opt/Qt/5.15.2/gcc_64/lib/libQt5Qml.so.5 #23 0x00007f99a88c2c36 in void doActivate<false>(QObject*, int, void**) () from /opt/Qt/5.15.2/gcc_64/lib/libQt5Core.so.5 #24 0x00007f99a1292571 in QQuickAbstractButtonPrivate::handleRelease(QPointF const&) () from /opt/Qt/5.15.2/gcc_64/lib/libQt5QuickTemplates2.so.5 #25 0x00007f99a12ae6f5 in QQuickControl::mouseReleaseEvent(QMouseEvent*) () from /opt/Qt/5.15.2/gcc_64/lib/libQt5QuickTemplates2.so.5 #26 0x00007f99aa607f5e in QQuickItem::event(QEvent*) () from /opt/Qt/5.15.2/gcc_64/lib/libQt5Quick.so.5 #27 0x00007f99a888a808 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /opt/Qt/5.15.2/gcc_64/lib/libQt5Core.so.5 #28 0x00007f99aa61fd67 in QQuickWindowPrivate::deliverMouseEvent(QQuickPointerMouseEvent*) () from /opt/Qt/5.15.2/gcc_64/lib/libQt5Quick.so.5 #29 0x00007f99aa620f74 in QQuickWindowPrivate::deliverPointerEvent(QQuickPointerEvent*) () from /opt/Qt/5.15.2/gcc_64/lib/libQt5Quick.so.5 #30 0x00007f99aa621f05 in QQuickWindowPrivate::handleMouseEvent(QMouseEvent*) () from /opt/Qt/5.15.2/gcc_64/lib/libQt5Quick.so.5 #31 0x00007f99a8f5d63b in QWindow::event(QEvent*) () from /opt/Qt/5.15.2/gcc_64/lib/libQt5Gui.so.5 #32 0x00007f99aa6233b9 in QQuickWindow::event(QEvent*) () from /opt/Qt/5.15.2/gcc_64/lib/libQt5Quick.so.5 #33 0x00007f99a888a808 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /opt/Qt/5.15.2/gcc_64/lib/libQt5Core.so.5 #34 0x00007f99a8f5256d in QGuiApplicationPrivate::processMouseEvent(QWindowSystemInterfacePrivate::MouseEvent*) () from /opt/Qt/5.15.2/gcc_64/lib/libQt5Gui.so.5 #35 0x00007f99a8f53955 in QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) () from /opt/Qt/5.15.2/gcc_64/lib/libQt5Gui.so.5 #36 0x00007f99a8f2f8ab in QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /opt/Qt/5.15.2/gcc_64/lib/libQt5Gui.so.5 #37 0x00007f99a4ff069a in xcbSourceDispatch(_GSource*, int (*)(void*), void*) () from /opt/Qt/5.15.2/gcc_64/lib/libQt5XcbQpa.so.5 #38 0x00007f99a5c5dfd3 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #39 0x00007f99a5cb4049 in ?? () from /usr/lib/libglib-2.0.so.0 --Type <RET> for more, q to quit, c to continue without paging--c #40 0x00007f99a5c5b545 in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0 #41 0x00007f99a88e61cc in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /opt/Qt/5.15.2/gcc_64/lib/libQt5Core.so.5 #42 0x00007f99a888921a in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /opt/Qt/5.15.2/gcc_64/lib/libQt5Core.so.5 #43 0x00007f99a88921d3 in QCoreApplication::exec() () from /opt/Qt/5.15.2/gcc_64/lib/libQt5Core.so.5 #44 0x0000562141cd75c8 in main (argc=1, argv=0x7ffdaf754998) at /home/ratijas/projects/playground/crash-animations-instantiator/main.cpp:21
Attachments
For Gerrit Dashboard: QTBUG-100392 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
466412,6 | PropertyAnimation: Handle targets being deleted | dev | qt/qtdeclarative | Status: MERGED | +2 | 0 |
484793,2 | PropertyAnimation: Handle targets being deleted | 6.6 | qt/qtdeclarative | Status: MERGED | +2 | 0 |
484794,3 | PropertyAnimation: Handle targets being deleted | 6.5 | qt/qtdeclarative | Status: MERGED | +2 | 0 |
484805,3 | PropertyAnimation: Handle targets being deleted | tqtc/lts-6.2 | qt/tqtc-qtdeclarative | Status: MERGED | +2 | 0 |