Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-116909

Crash in QV4::MemoryManager::allocManaged<QV4::RegExp>

    XMLWordPrintable

Details

    • Linux/Wayland

    Description

      I'm getting a weird crash on latest dev (qtbase/b24630ce028847e52dfcf23769f5d19fb1c33c03
      qtdeclarative/15c32e3952d21198a04248659aa489746634ac65) when running with Qt6 in my app (Tokodon https://invent.kde.org/network/tokodon/). The crash didn't happen with qt5 and is 100% reproducible in my app as soon as I open a thread in Tokodon.

      This seems to be because Scoped<InternalClass> ic(scope, ManagedType::defaultInternalClass(engine)); returns null for QV4::RegExp

      Backtrace:

      Application: Tokodon (tokodon), signal: Segmentation fault
      Content of s_kcrashErrorMessage: std::unique_ptr<char []> = {get() = 0x0}
      [KCrash Handler]
      #12 QV4::StaticValue::m() const (this=0x0) at /home/carl/kde6/build/qtdeclarative/include/QtQml/6.7.0/QtQml/private/../../../../../../../src/qtdeclarative/src/qml/common/qv4staticvalue_p.h:576
      #13 QV4::InternalClass::d_unchecked() const (this=0x0) at /home/carl/kde6/src/qtdeclarative/src/qml/jsruntime/qv4managed_p.h:189
      #14 QV4::InternalClass::d() const (this=0x0) at /home/carl/kde6/src/qtdeclarative/src/qml/jsruntime/qv4managed_p.h:189
      #15 QV4::MemoryManager::allocManaged<QV4::RegExp>(unsigned long, QV4::InternalClass*) (ic=0x0, size=56, this=0x7f878b3be588) at /home/carl/kde6/build/qtdeclarative/include/QtQml/6.7.0/QtQml/private/../../../../../../../src/qtdeclarative/src/qml/memory/qv4mm_p.h:135
      #16 QV4::MemoryManager::allocManaged<QV4::RegExp>(unsigned long) (size=56, this=0x7f878b3be588) at /home/carl/kde6/build/qtdeclarative/include/QtQml/6.7.0/QtQml/private/../../../../../../../src/qtdeclarative/src/qml/memory/qv4mm_p.h:143
      #17 QV4::MemoryManager::alloc<QV4::RegExp, QV4::ExecutionEngine*&, QString const&, unsigned int&>(QV4::ExecutionEngine*&, QString const&, unsigned int&) (this=0x7f878b3be588) at /home/carl/kde6/build/qtdeclarative/include/QtQml/6.7.0/QtQml/private/../../../../../../../src/qtdeclarative/src/qml/memory/qv4mm_p.h:211
      #18 QV4::RegExp::create(QV4::ExecutionEngine*, QString const&, unsigned int) (engine=0x19ec920, pattern=..., flags=0) at /home/carl/kde6/src/qtdeclarative/src/qml/jsruntime/qv4regexp.cpp:163
      #19 0x00007ffe04bca090 in  ()
      #20 0x0000000001807010 in  ()
      #21 0x00007f87e1ec0ee9 in QV4::QQmlTypeWrapper::virtualResolveLookupGetter(QV4::Object const*, QV4::ExecutionEngine*, QV4::Lookup*) (object=0x1807010, engine=0x7f878800d6c3, lookup=0x19ec920) at /home/carl/kde6/src/qtdeclarative/src/qml/qml/qqmltypewrapper.cpp:511
      #22 0x00007f87e1d308b2 in QV4::FunctionObject::call(QV4::Value const*, QV4::Value const*, int) const (argc=<optimized out>, argv=<optimized out>, thisObject=<optimized out>, this=<optimized out>) at /home/carl/kde6/build/qtdeclarative/include/QtQml/6.7.0/QtQml/private/../../../../../../../src/qtdeclarative/src/qml/jsruntime/qv4functionobject_p.h:171
      #23 QV4::Moth::VME::interpret(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*, char const*) (frame=0x7f878b3be588, frame@entry=0x7ffe04bca320, engine=0x1807010, code=0x7f878b3be530 "`F\366\212\207\177") at /home/carl/kde6/src/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:903
      #24 0x00007f87e1d362c7 in QV4::Moth::VME::exec(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*) (frame=frame@entry=0x7ffe04bca320, engine=engine@entry=0x1807010) at /home/carl/kde6/src/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:584
      #25 0x00007f87e1c8b2de in QV4::doCall(QV4::Function*, QV4::Value const*, QV4::Value const*, int, QV4::ExecutionContext*) (self=<optimized out>, thisObject=thisObject@entry=0x1f871f0, argv=<optimized out>, argc=<optimized out>, context=<optimized out>) at /home/carl/kde6/src/qtdeclarative/src/qml/jsruntime/qv4function.cpp:54
      #26 0x00007f87e1c8b728 in QV4::Function::call(QV4::Value const*, QV4::Value const*, int, QV4::ExecutionContext*) (this=this@entry=0x1f871f0, thisObject=0x1f871f0, argv=argv@entry=0x7f878b3be4f0, argc=argc@entry=0, context=context@entry=0x7f8788000598) at /home/carl/kde6/src/qtdeclarative/src/qml/jsruntime/qv4function.cpp:79
      #27 0x00007f87e1c8ba0b in operator() (argc=0, argv=0x7f878b3be4f0, thisObject=<optimized out>, __closure=<synthetic pointer>) at /home/carl/kde6/src/qtdeclarative/src/qml/jsruntime/qv4function.cpp:30
      #28 QV4::convertAndCall<QV4::Function::call(QObject*, void*, const QMetaType, int, QV4::ExecutionContext*)::<lambda(const QV4::Value*, const QV4::Value*, int)> > (call=..., argc=0, types=0x7ffe04bca570, a=0x7ffe04bca560, thisObject=0x2308390, engine=<optimized out>) at /home/carl/kde6/build/qtdeclarative/include/QtQml/6.7.0/QtQml/private/../../../../../../../src/qtdeclarative/src/qml/jsruntime/qv4jscall_p.h:185
      #29 QV4::Function::call(QObject*, void*, QMetaType const, int, QV4::ExecutionContext*) (this=0x1f871f0, thisObject=0x2308390, a=a@entry=0x7ffe04bca560, types=types@entry=0x7ffe04bca570, argc=0, context=0x7f8788000598) at /home/carl/kde6/src/qtdeclarative/src/qml/jsruntime/qv4function.cpp:27
      #30 0x00007f87e1dfd747 in QQmlJavaScriptExpression::evaluate(void*, QMetaType const, int) (this=<optimized out>, a=a@entry=0x7ffe04bca560, types=types@entry=0x7ffe04bca570, argc=argc@entry=0) at /home/carl/kde6/src/qtdeclarative/src/qml/qml/qqmljavascriptexpression_p.h:248
      #31 0x00007f87e1d84563 in QQmlBoundSignalExpression::evaluate(void**) (this=0x2300ad0, a=a@entry=0x0) at /home/carl/kde6/src/qtdeclarative/src/qml/qml/qqmlboundsignal.cpp:199
      #32 0x00007f87e1d84de8 in QQmlBoundSignal_callback(QQmlNotifierEndpoint*, void**) (e=0x22f70d0, a=0x0) at /home/carl/kde6/build/qtdeclarative/include/QtQml/6.7.0/QtQml/private/../../../../../../../src/qtdeclarative/src/qml/qml/ftw/qqmlrefcount_p.h:73
      #33 0x00007f87e1e27627 in QQmlNotifier::emitNotify(QQmlNotifierEndpoint*, void**) (endpoint=<optimized out>, a=0x0) at /home/carl/kde6/src/qtdeclarative/src/qml/qml/qqmlnotifier.cpp:70
      #34 0x00007f87deccd050 in doActivate<false>(QObject*, int, void**) (sender=0x2308390, signal_index=65, argv=0x0) at /home/carl/kde6/src/qtbase/src/corelib/kernel/qobject.cpp:3931
      #35 0x00007f87de3b4cba in QQuickAbstractButtonPrivate::handleRelease(QPointF const&, unsigned long) (this=0x25cd340, point=..., timestamp=3794374) at /home/carl/kde6/src/qtdeclarative/src/quicktemplates/qquickabstractbutton.cpp:167
      #36 0x00007f87de3cd4bc in QQuickControl::mouseReleaseEvent(QMouseEvent*) (this=<optimized out>, event=0x7ffe04bccaa0) at /home/carl/kde6/src/qtdeclarative/src/quicktemplates/qquickcontrol.cpp:2049
      #37 0x00007f87e231e468 in QQuickItem::event(QEvent*) (this=0x2308390, ev=0x7ffe04bccaa0) at /home/carl/kde6/src/qtdeclarative/src/quick/items/qquickitem.cpp:8900
      #38 0x00007f87dfcb38b1 in QApplicationPrivate::notify_helper(QObject*, QEvent*) (this=<optimized out>, receiver=0x2308390, e=0x7ffe04bccaa0) at /home/carl/kde6/src/qtbase/src/widgets/kernel/qapplication.cpp:3290
      #39 0x00007f87dec70e18 in QCoreApplication::notifyInternal2(QObject*, QEvent*) (receiver=0x2308390, event=0x7ffe04bccaa0) at /home/carl/kde6/src/qtbase/src/corelib/kernel/qcoreapplication.cpp:1125
      #40 0x00007f87dec70fd9 in QCoreApplication::sendEvent(QObject*, QEvent*) (receiver=<optimized out>, event=<optimized out>) at /home/carl/kde6/src/qtbase/src/corelib/kernel/qcoreapplication.cpp:1559
      #41 0x00007f87e249115a in QQuickDeliveryAgentPrivate::deliverMatchingPointsToItem(QQuickItem*, bool, QPointerEvent*, bool) (this=this@entry=0x1835650, item=item@entry=0x2308390, isGrabber=isGrabber@entry=true, pointerEvent=pointerEvent@entry=0x7ffe04bccaa0, handlersOnly=handlersOnly@entry=false) at /home/carl/kde6/src/qtdeclarative/src/quick/util/qquickdeliveryagent.cpp:2271
      #42 0x00007f87e249186e in QQuickDeliveryAgentPrivate::deliverUpdatedPoints(QPointerEvent*) (this=this@entry=0x1835650, event=event@entry=0x7ffe04bccaa0) at /home/carl/kde6/src/qtdeclarative/src/quick/util/qquickdeliveryagent.cpp:2070
      #43 0x00007f87e2492bab in QQuickDeliveryAgentPrivate::deliverPointerEvent(QPointerEvent*) (this=this@entry=0x1835650, event=event@entry=0x7ffe04bccaa0) at /home/carl/kde6/src/qtdeclarative/src/quick/util/qquickdeliveryagent.cpp:1910
      #44 0x00007f87e24939b7 in QQuickDeliveryAgentPrivate::handleMouseEvent(QMouseEvent*) (this=this@entry=0x1835650, event=event@entry=0x7ffe04bccaa0) at /home/carl/kde6/src/qtdeclarative/src/quick/util/qquickdeliveryagent.cpp:1670
      #45 0x00007f87e2495840 in QQuickDeliveryAgent::event(QEvent*) (this=<optimized out>, ev=0x7ffe04bccaa0) at /home/carl/kde6/src/qtdeclarative/src/quick/util/qquickdeliveryagent.cpp:724
      #46 0x00007f87e23b9ef4 in QQuickWindow::event(QEvent*) (this=<optimized out>, event=<optimized out>) at /home/carl/kde6/src/qtdeclarative/src/quick/items/qquickwindow.cpp:1504
      #47 0x00007f87dfcb38b1 in QApplicationPrivate::notify_helper(QObject*, QEvent*) (this=<optimized out>, receiver=0x1824870, e=0x7ffe04bccaa0) at /home/carl/kde6/src/qtbase/src/widgets/kernel/qapplication.cpp:3290
      #48 0x00007f87dec70e18 in QCoreApplication::notifyInternal2(QObject*, QEvent*) (receiver=0x1824870, event=0x7ffe04bccaa0) at /home/carl/kde6/src/qtbase/src/corelib/kernel/qcoreapplication.cpp:1125
      #49 0x00007f87dec70fe9 in QCoreApplication::sendSpontaneousEvent(QObject*, QEvent*) (receiver=<optimized out>, event=<optimized out>) at /home/carl/kde6/src/qtbase/src/corelib/kernel/qcoreapplication.cpp:1573
      #50 0x00007f87df42f1f3 in QGuiApplicationPrivate::processMouseEvent(QWindowSystemInterfacePrivate::MouseEvent*) (e=0x7f87b4002b80) at /home/carl/kde6/src/qtbase/src/gui/kernel/qguiapplication.cpp:2315
      #51 0x00007f87df4868ac in QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>) (flags=...) at /home/carl/kde6/src/qtbase/src/gui/kernel/qwindowsysteminterface.cpp:1109
      #52 0x00007f87df922230 in userEventSourceDispatch(GSource*, GSourceFunc, gpointer) (source=<optimized out>) at /home/carl/kde6/src/qtbase/src/gui/platform/unix/qeventdispatcher_glib.cpp:38
      #53 0x00007f87ddf5f48c in g_main_context_dispatch () at /lib64/libglib-2.0.so.0
      #54 0x00007f87ddfbd648 in g_main_context_iterate.isra () at /lib64/libglib-2.0.so.0
      #55 0x00007f87ddf5cb13 in g_main_context_iteration () at /lib64/libglib-2.0.so.0
      #56 0x00007f87def222ac in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x13c51d0, flags=...) at /home/carl/kde6/src/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:394
      #57 0x00007f87dec7c7ab in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (this=this@entry=0x7ffe04bcce90, flags=..., flags@entry=...) at /home/carl/kde6/src/qtbase/src/corelib/global/qflags.h:34
      #58 0x00007f87dec791a2 in QCoreApplication::exec() () at /home/carl/kde6/src/qtbase/src/corelib/global/qflags.h:74
      #59 0x00000000004265a2 in main(int, char**) (argc=1, argv=0x7ffe04bcd8f8) at /home/carl/kde6/src/tokodon/src/main.cpp:283
      [Inferior 1 (process 40514) detached]

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            qtqmlteam Qt Qml Team User
            carl Carl Schwan
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes