Loading...

Details

Type: Bug
Resolution: Out of scope
Priority: P1: Critical
Fix Version/s: None
Affects Version/s: 6.6
Component/s: Core: Containers and Algorithms
Labels:
None

Platform/s:

Linux/Wayland, Linux/X11

Description

Hi,

We have some people reporting crashing Qt apps in Fedora 40, where we have Qt compiled with GCC 14. This doesn't seem to occur on Fedora 39 with older GCC and it also seem to affect only a subset of users.

The backtrace look like:

Program received signal SIGILL, Illegal instruction.
aeshash128 (p=p@entry=0x555555605ba0 "Q", len=20, seed=<optimized out>, seed2=3795334102978778646) at /usr/src/debug/qt6-qtbase-6.6.1-5.fc40.x86_64/src/corelib/tools/qhash.cpp:774
774             return aeshash128_16to32(state.state0, state.state1(), src, srcend);                                                                                                                                            
(gdb) bt
#0  aeshash128 (p=p@entry=0x555555605ba0 "Q", len=20, seed=<optimized out>, seed2=3795334102978778646) at /usr/src/debug/qt6-qtbase-6.6.1-5.fc40.x86_64/src/corelib/tools/qhash.cpp:774
#1  0x00007ffff6f0ed0c in aeshash (seed2=<optimized out>, seed=<optimized out>, len=<optimized out>, p=0x555555605ba0 "Q") at /usr/src/debug/qt6-qtbase-6.6.1-5.fc40.x86_64/src/corelib/tools/qhash.cpp:788
#2  0x00007ffff6f0ed63 in qHash (key=..., seed=<optimized out>) at /usr/src/debug/qt6-qtbase-6.6.1-5.fc40.x86_64/src/corelib/tools/qhash.cpp:963
#3  0x00007ffff7b9121f in qHash (seed=<optimized out>, key=<optimized out>) at /usr/include/qt6/QtCore/qhashfunctions.h:155
#4  QHashPrivate::calculateHash<QString> (seed=<optimized out>, t=<optimized out>) at /usr/include/qt6/QtCore/qhash.h:57
#5  QHashPrivate::Data<QHashPrivate::Node<QString, void (*)()> >::findBucket (this=0x555555605530, key=<optimized out>) at /usr/include/qt6/QtCore/qhash.h:683
#6  0x00007ffff7b8aad5 in QHashPrivate::Data<QHashPrivate::Node<QString, void (*)()> >::findNode (key=..., this=0x555555605530) at /usr/include/qt6/QtCore/qhash.h:700
#7  QHash<QString, void (*)()>::contains (this=0x7ffff7dd9228 <QGlobalStatic<QtGlobalStatic::Holder<(anonymous namespace)::Q_QGS_metaTypeData> >::instance()::holder+168>, key=...) at /usr/include/qt6/QtCore/qhash.h:995
#8  QQmlMetaType::qmlInsertModuleRegistration (uri=..., registerFunction=registerFunction@entry=0x7ffff7c748a0 <qml_register_types_QtQml_Base()>)
    at /usr/src/debug/qt6-qtdeclarative-6.6.1-3.fc40.x86_64/src/qml/qml/qqmlmetatype.cpp:281
#9  0x00007ffff7ba7cbd in QQmlModuleRegistration::QQmlModuleRegistration
    (this=this@entry=0x7ffff7dd9658 <registration>, uri=uri@entry=0x7ffff7cecfa4 "QtQml.Base", registerFunction=registerFunction@entry=0x7ffff7c748a0 <qml_register_types_QtQml_Base()>)
    at /usr/src/debug/qt6-qtdeclarative-6.6.1-3.fc40.x86_64/src/qml/qml/qqmlmoduleregistration.cpp:18
#10 0x00007ffff78d440a in __static_initialization_and_destruction_0 () at /usr/src/debug/qt6-qtdeclarative-6.6.1-3.fc40.x86_64/redhat-linux-build/src/qml/qml_qmltyperegistrations.cpp:88
#11 _GLOBAL__sub_I_qml_qmltyperegistrations.cpp(void) () at /usr/src/debug/qt6-qtdeclarative-6.6.1-3.fc40.x86_64/redhat-linux-build/src/qml/qml_qmltyperegistrations.cpp:88
#12 0x00007ffff7fce277 in call_init (env=0x7fffffffe278, argv=0x7fffffffe268, argc=1, l=<optimized out>) at dl-init.c:74
#13 call_init (l=<optimized out>, argc=1, argv=0x7fffffffe268, env=0x7fffffffe278) at dl-init.c:26
#14 0x00007ffff7fce36d in _dl_init (main_map=0x7ffff7ffe2e0, argc=1, argv=0x7fffffffe268, env=0x7fffffffe278) at dl-init.c:121
#15 0x00007ffff7fe53d0 in _dl_start_user () at /lib64/ld-linux-x86-64.so.2
#16 0x0000000000000001 in ??? ()
#17 0x00007fffffffe51f in ??? ()
#18 0x0000000000000000 in ??? ()

Here is also output from /proc/cpuinfo from one of the users:

processor	: 0
vendor_id	: GenuineIntel
cpu family	: 6
model		: 122
model name	: Intel(R) Pentium(R) Silver N5000 CPU @ 1.10GHz
stepping	: 1
microcode	: 0x3e
cpu MHz		: 1890.327
cache size	: 4096 KB
physical id	: 0
siblings	: 4
core id		: 0
cpu cores	: 4
apicid		: 0
initial apicid	: 0
fpu		: yes
fpu_exception	: yes
cpuid level	: 24
wp		: yes
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf tsc_known_freq pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 sdbg cx16 xtpr pdcm sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave rdrand lahf_lm 3dnowprefetch cpuid_fault cat_l2 pti cdp_l2 ssbd ibrs ibpb stibp ibrs_enhanced tpr_shadow flexpriority ept vpid ept_ad fsgsbase tsc_adjust smep erms mpx rdt_a rdseed smap clflushopt intel_pt sha_ni xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts vnmi umip rdpid md_clear arch_capabilities
vmx flags	: vnmi preemption_timer posted_intr invvpid ept_x_only ept_ad ept_1gb flexpriority apicv tsc_offset vtpr mtf vapic ept vpid unrestricted_guest vapic_reg vid ple shadow_vmcs ept_mode_based_exec tsc_scaling
bugs		: cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass rfds
bogomips	: 2188.80
clflush size	: 64
cache_alignment	: 64
address sizes	: 39 bits physical, 48 bits virtual
power management:

processor	: 1
vendor_id	: GenuineIntel
cpu family	: 6
model		: 122
model name	: Intel(R) Pentium(R) Silver N5000 CPU @ 1.10GHz
stepping	: 1
microcode	: 0x3e
cpu MHz		: 1890.346
cache size	: 4096 KB
physical id	: 0
siblings	: 4
core id		: 1
cpu cores	: 4
apicid		: 2
initial apicid	: 2
fpu		: yes
fpu_exception	: yes
cpuid level	: 24
wp		: yes
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf tsc_known_freq pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 sdbg cx16 xtpr pdcm sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave rdrand lahf_lm 3dnowprefetch cpuid_fault cat_l2 pti cdp_l2 ssbd ibrs ibpb stibp ibrs_enhanced tpr_shadow flexpriority ept vpid ept_ad fsgsbase tsc_adjust smep erms mpx rdt_a rdseed smap clflushopt intel_pt sha_ni xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts vnmi umip rdpid md_clear arch_capabilities
vmx flags	: vnmi preemption_timer posted_intr invvpid ept_x_only ept_ad ept_1gb flexpriority apicv tsc_offset vtpr mtf vapic ept vpid unrestricted_guest vapic_reg vid ple shadow_vmcs ept_mode_based_exec tsc_scaling
bugs		: cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass rfds
bogomips	: 2188.80
clflush size	: 64
cache_alignment	: 64
address sizes	: 39 bits physical, 48 bits virtual
power management:

processor	: 2
vendor_id	: GenuineIntel
cpu family	: 6
model		: 122
model name	: Intel(R) Pentium(R) Silver N5000 CPU @ 1.10GHz
stepping	: 1
microcode	: 0x3e
cpu MHz		: 1890.308
cache size	: 4096 KB
physical id	: 0
siblings	: 4
core id		: 2
cpu cores	: 4
apicid		: 4
initial apicid	: 4
fpu		: yes
fpu_exception	: yes
cpuid level	: 24
wp		: yes
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf tsc_known_freq pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 sdbg cx16 xtpr pdcm sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave rdrand lahf_lm 3dnowprefetch cpuid_fault cat_l2 pti cdp_l2 ssbd ibrs ibpb stibp ibrs_enhanced tpr_shadow flexpriority ept vpid ept_ad fsgsbase tsc_adjust smep erms mpx rdt_a rdseed smap clflushopt intel_pt sha_ni xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts vnmi umip rdpid md_clear arch_capabilities
vmx flags	: vnmi preemption_timer posted_intr invvpid ept_x_only ept_ad ept_1gb flexpriority apicv tsc_offset vtpr mtf vapic ept vpid unrestricted_guest vapic_reg vid ple shadow_vmcs ept_mode_based_exec tsc_scaling
bugs		: cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass rfds
bogomips	: 2188.80
clflush size	: 64
cache_alignment	: 64
address sizes	: 39 bits physical, 48 bits virtual
power management:

processor	: 3
vendor_id	: GenuineIntel
cpu family	: 6
model		: 122
model name	: Intel(R) Pentium(R) Silver N5000 CPU @ 1.10GHz
stepping	: 1
microcode	: 0x3e
cpu MHz		: 1890.308
cache size	: 4096 KB
physical id	: 0
siblings	: 4
core id		: 3
cpu cores	: 4
apicid		: 6
initial apicid	: 6
fpu		: yes
fpu_exception	: yes
cpuid level	: 24
wp		: yes
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf tsc_known_freq pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 sdbg cx16 xtpr pdcm sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave rdrand lahf_lm 3dnowprefetch cpuid_fault cat_l2 pti cdp_l2 ssbd ibrs ibpb stibp ibrs_enhanced tpr_shadow flexpriority ept vpid ept_ad fsgsbase tsc_adjust smep erms mpx rdt_a rdseed smap clflushopt intel_pt sha_ni xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts vnmi umip rdpid md_clear arch_capabilities
vmx flags	: vnmi preemption_timer posted_intr invvpid ept_x_only ept_ad ept_1gb flexpriority apicv tsc_offset vtpr mtf vapic ept vpid unrestricted_guest vapic_reg vid ple shadow_vmcs ept_mode_based_exec tsc_scaling
bugs		: cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass rfds
bogomips	: 2188.80
clflush size	: 64
cache_alignment	: 64
address sizes	: 39 bits physical, 48 bits virtual
power management:

I don't know if this is a possible issue in GCC 14 or issue in Qt, but there have been mentions of similar crashes in non-Qt binaries.

Attachments

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

SIGILL crash in qHash with GCC 14

Details

Description

Attachments

Gerrit Reviews

Activity

People

Dates

Gerrit Reviews