Details
-
Bug
-
Resolution: Unresolved
-
P1: Critical
-
None
-
6.8
Description
Happened on a recent nightly HealthCheck build.
https://testresults.qt.io/coin/integration/qt/qt5/tasks/nightly1715118691
https://testresults.qt.io/coin/api/log/qt/qtdeclarative/bcd458c2686b5b0d082c2c8d06fe7026f02fd1ae/LinuxopenSUSE_15_5x86_64LinuxopenSUSE_15_5x86_64GCCqtci-linux-openSUSE-15.5-x86_64-52-57e32aSccache_UseAddressSanitizer_UseConfigure_WarningsAreErrors/84ecf2789314004ef8e0e7c702e8ba926b0f4efe/test_1713282428/log.txt.gz
Another:
https://testresults.qt.io/coin/integration/qt/qt5/tasks/1713937732
https://testresults.qt.io/coin/api/log/qt/qtdeclarative/e92622138a1d9845ce0d5155608ea0c20050516f/LinuxopenSUSE_15_5x86_64LinuxopenSUSE_15_5x86_64GCCqtci-linux-openSUSE-15.5-x86_64-52-95e78aSccache_UseAddressSanitizer_UseConfigure_WarningsAreErrors/eb760d29cc2106c3fe1a31045f768d9dff1cace1/test_1713938385/log.txt.gz
And a similar one (same testcase, different testfunction):
https://testresults.qt.io/coin/integration/qt/qtdeclarative/tasks/1713987506
https://testresults.qt.io/coin/api/log/qt/qtdeclarative/4dd339d6e7ba2bc7e4610af1dcbb09d415ca8fa5/LinuxopenSUSE_15_5x86_64LinuxopenSUSE_15_5x86_64GCCqtci-linux-openSUSE-15.5-x86_64-52-838e31Sccache_UseAddressSanitizer_UseConfigure_WarningsAreErrors/8da2507a8cb2fa83bfca94dc51c607d1dbe6f012/test_1713987604/log.txt.gz
Log from the first link
PASS : tst_QQuickGridView::removed_leftToRight_LtR_BtT(remove 1, before visible position)
PASS : tst_QQuickGridView::removed_leftToRight_LtR_BtT(remove multiple (1 row), all before visible items)
=================================================================
==29884==ERROR: AddressSanitizer: heap-use-after-free on address 0x603000047840 at pc 0x7f216505f66c bp 0x7ffe2587a970 sp 0x7ffe2587a968
READ of size 8 at 0x603000047840 thread T0
#0 0x7f216505f66b in QV4::QObjectWrapper const* QV4::Value::as<QV4::QObjectWrapper>() const /home/qt/work/qt/qtdeclarative/src/qml/jsruntime/qv4value_p.h:144
#1 0x7f216505fa37 in QV4::QObjectWrapper* QV4::Value::as<QV4::QObjectWrapper>() /home/qt/work/qt/qtdeclarative/src/qml/jsruntime/qv4value_p.h:151
#2 0x7f21652a8e55 in QV4::WeakValue::free() /home/qt/work/qt/qtdeclarative/src/qml/jsruntime/qv4persistent.cpp:404
#3 0x7f2165314c93 in QV4::WeakValue::clear() /home/qt/work/qt/qtdeclarative/src/qml/jsruntime/qv4persistent_p.h:181
#4 0x7f216566c462 in QQmlData::destroyed(QObject*) /home/qt/work/qt/qtdeclarative/src/qml/qml/qqmlengine.cpp:1438
#5 0x7f216566506c in QQmlData::destroyed(QAbstractDeclarativeData*, QObject*) /home/qt/work/qt/qtdeclarative/src/qml/qml/qqmlengine.cpp:270
#6 0x7f21603c7005 in QObject::~QObject() /home/qt/work/qt/qtbase/src/corelib/kernel/qobject.cpp:1044
#7 0x7f216685c3a4 in QQmlDelegateModelItem::~QQmlDelegateModelItem() /home/qt/work/qt/qtdeclarative/src/qmlmodels/qqmldelegatemodel.cpp:2426
#8 0x7f21666ac90c in QQmlDMAbstractItemModelData::~QQmlDMAbstractItemModelData() (/home/qt/work/install/lib/libQt6QmlModels.so.6+0x8190c)
#9 0x7f21666ac92b in QQmlDMAbstractItemModelData::~QQmlDMAbstractItemModelData() (/home/qt/work/install/lib/libQt6QmlModels.so.6+0x8192b)
#10 0x7f216685c4ff in QQmlDelegateModelItem::Dispose() /home/qt/work/qt/qtdeclarative/src/qmlmodels/qqmldelegatemodel.cpp:2450
#11 0x7f2166842385 in QQmlDelegateModelPrivate::destroyCacheItem(QQmlDelegateModelItem*) /home/qt/work/qt/qtdeclarative/src/qmlmodels/qqmldelegatemodel.cpp:616
#12 0x7f216684220c in QQmlDelegateModelPrivate::release(QObject*, QQmlInstanceModel::ReusableFlag) /home/qt/work/qt/qtdeclarative/src/qmlmodels/qqmldelegatemodel.cpp:604
#13 0x7f216684248e in QQmlDelegateModel::release(QObject*, QQmlInstanceModel::ReusableFlag) /home/qt/work/qt/qtdeclarative/src/qmlmodels/qqmldelegatemodel.cpp:625
#14 0x7f2167d231dc in QQuickItemViewPrivate::releaseItem(FxViewItem*, QQmlInstanceModel::ReusableFlag) /home/qt/work/qt/qtdeclarative/src/quick/items/qquickitemview.cpp:2476
#15 0x7f2167ce0efc in QQuickGridViewPrivate::removeItem(FxViewItem*) /home/qt/work/qt/qtdeclarative/src/quick/items/qquickgridview.cpp:572
#16 0x7f2167ce1542 in QQuickGridViewPrivate::removeNonVisibleItems(double, double) /home/qt/work/qt/qtdeclarative/src/quick/items/qquickgridview.cpp:590
#17 0x7f2167d1abd1 in QQuickItemViewPrivate::refill(double, double) /home/qt/work/qt/qtdeclarative/src/quick/items/qquickitemview.cpp:1807
#18 0x7f2167d1a08a in QQuickItemViewPrivate::refill() /home/qt/work/qt/qtdeclarative/src/quick/items/qquickitemview.cpp:1757
#19 0x7f2167cf1b2f in QQuickItemViewPrivate::refillOrLayout() /home/qt/work/qt/qtdeclarative/src/quick/items/qquickitemview_p_p.h:209
#20 0x7f2167cea614 in QQuickGridView::viewportMoved(QFlags<Qt::Orientation>) /home/qt/work/qt/qtdeclarative/src/quick/items/qquickgridview.cpp:2115
#21 0x7f2166fda343 in QQuickFlickablePrivate::itemGeometryChanged(QQuickItem*, QQuickGeometryChange, QRectF const&) /home/qt/work/qt/qtdeclarative/src/quick/items/qquickflickable.cpp:318
#22 0x7f2167d1222e in QQuickItemViewPrivate::itemGeometryChanged(QQuickItem*, QQuickGeometryChange, QRectF const&) /home/qt/work/qt/qtdeclarative/src/quick/items/qquickitemview.cpp:1133
#23 0x7f216704ff32 in operator() /home/qt/work/qt/qtdeclarative/src/quick/items/qquickitem.cpp:3881
#24 0x7f216709dd87 in notifyChangeListeners<QQuickItem::geometryChange(const QRectF&, const QRectF&)::<lambda(const QQuickItemPrivate::ChangeListener&)> > /home/qt/work/qt/qtdeclarative/src/quick/items/qquickitem_p.h:359
#25 0x7f21670502dd in QQuickItem::geometryChange(QRectF const&, QRectF const&) /home/qt/work/qt/qtdeclarative/src/quick/items/qquickitem.cpp:3879
#26 0x7f21670692d6 in QQuickItem::setY(double) /home/qt/work/qt/qtdeclarative/src/quick/items/qquickitem.cpp:7218
#27 0x7f2166feb520 in QQuickFlickablePrivate::setViewportY(double) /home/qt/work/qt/qtdeclarative/src/quick/items/qquickflickable.cpp:1949
#28 0x7f2167005e45 in QQuickTimeLineValueProxy<QQuickFlickablePrivate>::setValue(double) /home/qt/work/qt/qtdeclarative/src/quick/util/qquicktimeline_p_p.h:146
#29 0x7f2166fdd90e in QQuickFlickable::setContentY(double) /home/qt/work/qt/qtdeclarative/src/quick/items/qquickflickable.cpp:835
#30 0x7f2167d15662 in QQuickItemView::setContentY(double) /home/qt/work/qt/qtdeclarative/src/quick/items/qquickitemview.cpp:1425
#31 0x562d02977e0c in tst_QQuickGridView::setContentPos(QQuickGridView*, double) (/home/qt/work/qt/qtdeclarative_standalone_tests/tests/auto/quick/qquickgridview/tst_qquickgridview+0x237e0c)
#32 0x562d027c6a29 in tst_QQuickGridView::removed_defaultLayout(QQuickGridView::Flow, Qt::LayoutDirection, QQuickItemView::VerticalLayoutDirection) /home/qt/work/qt/qtdeclarative/tests/auto/quick/qquickgridview/tst_qquickgridview.cpp:952
#33 0x562d02947f8a in tst_QQuickGridView::removed_leftToRight_LtR_BtT() /home/qt/work/qt/qtdeclarative/tests/auto/quick/qquickgridview/tst_qquickgridview.cpp:6290
#34 0x562d02962e6e in tst_QQuickGridView::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/qt/work/qt/qtdeclarative_standalone_tests/tests/auto/quick/qquickgridview/tst_qquickgridview_autogen/include/tst_qquickgridview.moc:978
#35 0x7f21602db043 in QMetaMethodInvoker::invokeImpl(QMetaMethod, void*, Qt::ConnectionType, long long, void const* const*, char const* const*, QtPrivate::QMetaTypeInterface const* const*) /home/qt/work/qt/qtbase/src/corelib/kernel/qmetaobject.cpp:2754
#36 0x7f21602d8df5 in QMetaMethod::invokeImpl(QMetaMethod, void*, Qt::ConnectionType, long long, void const* const*, char const* const*, QtPrivate::QMetaTypeInterface const* const*) /home/qt/work/qt/qtbase/src/corelib/kernel/qmetaobject.cpp:2593
#37 0x7f216895b466 in std::enable_if<!std::disjunction<>::value, bool>::type QMetaMethod::invoke<void>(QObject*, Qt::ConnectionType, QTemplatedMetaMethodReturnArgument<void>) const /home/qt/work/qt/qtbase/src/corelib/kernel/qmetaobject.h:148
#38 0x7f2168955475 in std::enable_if<!std::disjunction<>::value, bool>::type QMetaMethod::invoke<>(QObject*, Qt::ConnectionType) const /home/qt/work/qt/qtbase/src/corelib/kernel/qmetaobject.h:160
#39 0x7f216892b27a in invokeTestMethodIfValid /home/qt/work/qt/qtbase/src/testlib/qtestcase.cpp:736
#40 0x7f2168930a7c in QTest::TestMethods::invokeTestOnData(int) const /home/qt/work/qt/qtbase/src/testlib/qtestcase.cpp:1374
#41 0x7f21689329bd in QTest::TestMethods::invokeTest(int, QLatin1String, std::optional<QTest::WatchDog>&) const /home/qt/work/qt/qtbase/src/testlib/qtestcase.cpp:1676
#42 0x7f2168935c31 in QTest::TestMethods::invokeTests(QObject*) const /home/qt/work/qt/qtbase/src/testlib/qtestcase.cpp:2013
#43 0x7f216893889f in QTest::qRun() /home/qt/work/qt/qtbase/src/testlib/qtestcase.cpp:2654
#44 0x7f216893759d in QTest::qExec(QObject*, int, char**) /home/qt/work/qt/qtbase/src/testlib/qtestcase.cpp:2532
#45 0x562d02961ad6 in main /home/qt/work/qt/qtdeclarative/tests/auto/quick/qquickgridview/tst_qquickgridview.cpp:6878
#46 0x7f215f7c724c in __libc_start_main (/lib64/libc.so.6+0x3524c)
#47 0x562d027801d9 in _start ../sysdeps/x86_64/start.S:120
0x603000047844 is located 0 bytes to the right of 20-byte region [0x603000047830,0x603000047844)
freed by thread T0 here:
#0 0x7f2168d09a97 in free (/usr/lib64/libasan.so.5+0x109a97)
#1 0x7f2164cfac72 in QArrayDataPointer<char16_t>::~QArrayDataPointer() /home/qt/work/install/include/QtCore/qarraydatapointer.h:110
#2 0x7f21653dd5ea in QV4::Heap::StringOrSymbol::destroy() /home/qt/work/qt/qtdeclarative/src/qml/jsruntime/qv4string.cpp:102
#3 0x7f21653e109f in QV4::StringOrSymbol::virtualDestroy(QV4::Heap::Base*) /home/qt/work/qt/qtdeclarative/src/qml/jsruntime/qv4string_p.h:141
#4 0x7f21654b824d in QV4::Chunk::sweep(QV4::ExecutionEngine*) /home/qt/work/qt/qtdeclarative/src/qml/memory/qv4mm.cpp:308
#5 0x7f21654ba12b in operator() /home/qt/work/qt/qtdeclarative/src/qml/memory/qv4mm.cpp:565
#6 0x7f21654c6bfc in __partition<__gnu_cxx::__normal_iterator<QV4::Chunk**, std::vector<QV4::Chunk*> >, QV4::BlockAllocator::sweep()::<lambda(QV4::Chunk*)> > /usr/include/c++/9/bits/stl_algo.h:1521
#7 0x7f21654c5ef4 in partition<__gnu_cxx::__normal_iterator<QV4::Chunk**, std::vector<QV4::Chunk*> >, QV4::BlockAllocator::sweep()::<lambda(QV4::Chunk*)> > /usr/include/c++/9/bits/stl_algo.h:4684
#8 0x7f21654ba5b0 in QV4::BlockAllocator::sweep() /home/qt/work/qt/qtdeclarative/src/qml/memory/qv4mm.cpp:566
#9 0x7f21654bda27 in doSweep /home/qt/work/qt/qtdeclarative/src/qml/memory/qv4mm.cpp:873
#10 0x7f21654c59d3 in QV4::GCStateMachine::transition() /home/qt/work/qt/qtdeclarative/src/qml/memory/qv4mm.cpp:1481
#11 0x7f21654cc6da in QV4::GCStateMachine::step() /home/qt/work/qt/qtdeclarative/src/qml/memory/qv4mm_p.h:79
#12 0x7f21654bfb6c in QV4::MemoryManager::onEventLoop() /home/qt/work/qt/qtdeclarative/src/qml/memory/qv4mm.cpp:1098
#13 0x7f21654c56ca in operator() /home/qt/work/qt/qtdeclarative/src/qml/memory/qv4mm.cpp:1489
#14 0x7f21654cb363 in operator() /home/qt/work/install/include/QtCore/qobjectdefs_impl.h:142
#15 0x7f21654cb90c in call_internal<void, QtPrivate::FunctorCall<QtPrivate::IndexesList<II ...>, QtPrivate::List<Tail ...>, R, Function>::call(Function&, void**) [with int ...II = {}; SignalArgs = {}; R = void; Function = QV4::GCStateMachine::transition()::<lambda()>]::<lambda()> > /home/qt/work/install/include/QtCore/qobjectdefs_impl.h:72
#16 0x7f21654cb481 in call /home/qt/work/install/include/QtCore/qobjectdefs_impl.h:141
#17 0x7f21654cabe0 in call<QtPrivate::List<>, void> /home/qt/work/install/include/QtCore/qobjectdefs_impl.h:363
#18 0x7f21654ca3fd in impl /home/qt/work/install/include/QtCore/qobjectdefs_impl.h:573
#19 0x7f2160297dd3 in QtPrivate::QSlotObjectBase::call(QObject*, void**) /home/qt/work/qt/qtbase/src/corelib/kernel/qobjectdefs_impl.h:487
#20 0x7f21603c5ec1 in QMetaCallEvent::placeMetaCall(QObject*) /home/qt/work/qt/qtbase/src/corelib/kernel/qobject.cpp:620
#21 0x7f21603c8b7f in QObject::event(QEvent*) /home/qt/work/qt/qtbase/src/corelib/kernel/qobject.cpp:1419
#22 0x7f2165669740 in QQmlEngine::event(QEvent*) /home/qt/work/qt/qtdeclarative/src/qml/qml/qqmlengine.cpp:1170
#23 0x7f2160286605 in QCoreApplicationPrivate::notify_helper(QObject*, QEvent*) /home/qt/work/qt/qtbase/src/corelib/kernel/qcoreapplication.cpp:1315
#24 0x7f2160285d48 in doNotify /home/qt/work/qt/qtbase/src/corelib/kernel/qcoreapplication.cpp:1242
#25 0x7f2160285bf3 in QCoreApplication::notify(QObject*, QEvent*) /home/qt/work/qt/qtbase/src/corelib/kernel/qcoreapplication.cpp:1225
#26 0x7f216251217e in QGuiApplication::notify(QObject*, QEvent*) /home/qt/work/qt/qtbase/src/gui/kernel/qguiapplication.cpp:1994
#27 0x7f21602859e5 in QCoreApplication::notifyInternal2(QObject*, QEvent*) /home/qt/work/qt/qtbase/src/corelib/kernel/qcoreapplication.cpp:1141
#28 0x7f21602875dc in QCoreApplication::sendEvent(QObject*, QEvent*) /home/qt/work/qt/qtbase/src/corelib/kernel/qcoreapplication.cpp:1585
#29 0x7f216028aef7 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) /home/qt/work/qt/qtbase/src/corelib/kernel/qcoreapplication.cpp:1940
#30 0x7f216028894f in QCoreApplication::sendPostedEvents(QObject*, int) /home/qt/work/qt/qtbase/src/corelib/kernel/qcoreapplication.cpp:1774
#31 0x7f2160d145ea in postEventSourceDispatch /home/qt/work/qt/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:245
#32 0x7f215f1df82a in g_main_context_dispatch (/usr/lib64/libglib-2.0.so.0+0x5582a)
previously allocated by thread T0 here:
#0 0x7f2168d09e48 in __interceptor_malloc (/usr/lib64/libasan.so.5+0x109e48)
#1 0x7f21606f7019 in allocateData /home/qt/work/qt/qtbase/src/corelib/tools/qarraydata.cpp:139
#2 0x7f21606f72da in allocateHelper /home/qt/work/qt/qtbase/src/corelib/tools/qarraydata.cpp:181
#3 0x7f21606f7704 in QArrayData::allocate2(QArrayData**, long long, QArrayData::AllocationOption) /home/qt/work/qt/qtbase/src/corelib/tools/qarraydata.cpp:220
#4 0x7f216064d670 in QTypedArrayData<char16_t>::allocate(long long, QArrayData::AllocationOption) (/home/qt/work/install/lib/libQt6Core.so.6+0x8eb670)
#5 0x7f216064766d in QArrayDataPointer<char16_t>::QArrayDataPointer(long long, long long, QArrayData::AllocationOption) /home/qt/work/qt/qtbase/src/corelib/tools/qarraydatapointer.h:58
#6 0x7f216060cbc3 in QString::fromLatin1(QByteArrayView) /home/qt/work/qt/qtbase/src/corelib/text/qstring.cpp:5879
#7 0x7f2160078fc5 in QString::fromLatin1(char const*, long long) /home/qt/work/qt/qtbase/src/corelib/text/qstring.h:655
#8 0x7f216007936f in QString::QString(QLatin1String) /home/qt/work/qt/qtbase/src/corelib/text/qstring.h:1225
#9 0x7f21605e3414 in qdtoa(double, int*, int*) /home/qt/work/qt/qtbase/src/corelib/text/qlocale_tools.cpp:589
#10 0x7f216539f7b5 in QV4::RuntimeHelpers::numberToString(QString*, double, int) /home/qt/work/qt/qtdeclarative/src/qml/jsruntime/qv4runtime.cpp:215
#11 0x7f21653a2ef7 in QV4::RuntimeHelpers::stringFromNumber(QV4::ExecutionEngine*, double) /home/qt/work/qt/qtdeclarative/src/qml/jsruntime/qv4runtime.cpp:451
#12 0x7f21653a461c in QV4::RuntimeHelpers::convertToString(QV4::ExecutionEngine*, QV4::Value, QV4::TypeHint) /home/qt/work/qt/qtdeclarative/src/qml/jsruntime/qv4runtime.cpp:589
#13 0x7f21653a4782 in convert_to_string_add /home/qt/work/qt/qtdeclarative/src/qml/jsruntime/qv4runtime.cpp:597
#14 0x7f21653a4a8d in QV4::RuntimeHelpers::addHelper(QV4::ExecutionEngine*, QV4::Value const&, QV4::Value const&) /home/qt/work/qt/qtdeclarative/src/qml/jsruntime/qv4runtime.cpp:610
#15 0x7f21653b7917 in QV4::Runtime::Add::call(QV4::ExecutionEngine*, QV4::Value const&, QV4::Value const&) /home/qt/work/qt/qtdeclarative/src/qml/jsruntime/qv4runtime.cpp:2053
#16 0x7f215c65d101 (/memfd:JITCode:QtQml (deleted)+0x101)
#17 0x7f216545833e in QV4::Moth::VME::exec(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*) /home/qt/work/qt/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:484
#18 0x7f21651e354e in doCall /home/qt/work/qt/qtdeclarative/src/qml/jsruntime/qv4function.cpp:54
#19 0x7f21651e38ec in QV4::Function::call(QV4::Value const*, QV4::Value const*, int, QV4::ExecutionContext*) /home/qt/work/qt/qtdeclarative/src/qml/jsruntime/qv4function.cpp:79
#20 0x7f216573af88 in QQmlJavaScriptExpression::evaluate(QV4::CallData*, bool*) /home/qt/work/qt/qtdeclarative/src/qml/qml/qqmljavascriptexpression.cpp:238
#21 0x7f216558301f in QQmlBinding::evaluate(bool*) /home/qt/work/qt/qtdeclarative/src/qml/qml/qqmlbinding.cpp:188
#22 0x7f216558902d in QQmlBinding::doUpdate(QQmlJavaScriptExpression::DeleteWatcher const&, QFlags<QQmlPropertyData::WriteFlag>, QV4::Scope&) /home/qt/work/qt/qtdeclarative/src/qml/qml/qqmlbinding.cpp:701
#23 0x7f2165582cb7 in QQmlBinding::update(QFlags<QQmlPropertyData::WriteFlag>) /home/qt/work/qt/qtdeclarative/src/qml/qml/qqmlbinding.cpp:164
#24 0x7f2165587609 in QQmlBinding::expressionChanged() /home/qt/work/qt/qtdeclarative/src/qml/qml/qqmlbinding.cpp:605
#25 0x7f216573e433 in QPropertyChangeTrigger::trigger(QPropertyObserver*, QUntypedPropertyData*) /home/qt/work/qt/qtdeclarative/src/qml/qml/qqmljavascriptexpression.cpp:527
#26 0x7f21670a8eee in QPropertyObserverPointer::notify(QUntypedPropertyData*) /home/qt/work/install/include/QtCore/6.8.0/QtCore/private/qproperty_p.h:917
#27 0x7f21670b8aa9 in QObjectCompatProperty<QQuickItemPrivate, double, &QQuickItemPrivate::_qt_property_y_offset, &QQuickItemPrivate::setY, &QQuickItemPrivate::yChanged, (decltype(nullptr))0>::notify() (/home/qt/work/install/lib/libQt6Quick.so.6+0x691aa9)
#28 0x7f216705035b in QQuickItem::geometryChange(QRectF const&, QRectF const&) /home/qt/work/qt/qtdeclarative/src/quick/items/qquickitem.cpp:3889
#29 0x7f21670696a1 in QQuickItem::setPosition(QPointF const&) /home/qt/work/qt/qtdeclarative/src/quick/items/qquickitem.cpp:7254
#30 0x7f2167d41687 in QQuickItemViewFxItem::moveTo(QPointF const&, bool) /home/qt/work/qt/qtdeclarative/src/quick/items/qquickitemviewfxitem.cpp:64
#31 0x7f2167cf29f9 in FxGridItemSG::setPosition(double, double, bool) (/home/qt/work/install/lib/libQt6Quick.so.6+0x12cb9f9)
#32 0x7f2167ce010c in QQuickGridViewPrivate::addVisibleItems(double, double, double, double, bool) /home/qt/work/qt/qtdeclarative/src/quick/items/qquickgridview.cpp:510
#33 0x7f2167d1a8d9 in QQuickItemViewPrivate::refill(double, double) /home/qt/work/qt/qtdeclarative/src/quick/items/qquickitemview.cpp:1791
#34 0x7f2167d1a08a in QQuickItemViewPrivate::refill() /home/qt/work/qt/qtdeclarative/src/quick/items/qquickitemview.cpp:1757
#35 0x7f2167d15da1 in QQuickItemView::componentComplete() /home/qt/work/qt/qtdeclarative/src/quick/items/qquickitemview.cpp:1476
#36 0x7f216580f638 in QQmlObjectCreator::finalize(QQmlInstantiationInterrupt&) /home/qt/work/qt/qtdeclarative/src/qml/qml/qqmlobjectcreator.cpp:1579
#37 0x7f2165600df3 in QQmlComponentPrivate::complete(QQmlEnginePrivate*, QQmlComponentPrivate::ConstructionState*) /home/qt/work/qt/qtdeclarative/src/qml/qml/qqmlcomponent.cpp:1170
#38 0x7f2165601afd in QQmlComponentPrivate::completeCreate() /home/qt/work/qt/qtdeclarative/src/qml/qml/qqmlcomponent.cpp:1275
#39 0x7f216560167b in QQmlComponent::completeCreate() /home/qt/work/qt/qtdeclarative/src/qml/qml/qqmlcomponent.cpp:1253
#40 0x7f21655feac5 in QQmlComponentPrivate::createWithProperties(QObject*, QMap<QString, QVariant> const&, QQmlContext*, QQmlComponentPrivate::CreateBehavior) /home/qt/work/qt/qtdeclarative/src/qml/qml/qqmlcomponent.cpp:958
#41 0x7f21655fe77b in QQmlComponent::create(QQmlContext*) /home/qt/work/qt/qtdeclarative/src/qml/qml/qqmlcomponent.cpp:909
#42 0x7f2167369697 in QQuickView::continueExecute() /home/qt/work/qt/qtdeclarative/src/quick/items/qquickview.cpp:514
#43 0x7f2167365eef in QQuickViewPrivate::execute() /home/qt/work/qt/qtdeclarative/src/quick/items/qquickview.cpp:75
#44 0x7f2167366cbf in QQuickView::setSource(QUrl const&) /home/qt/work/qt/qtdeclarative/src/quick/items/qquickview.cpp:238
#45 0x562d027c602f in tst_QQuickGridView::removed_defaultLayout(QQuickGridView::Flow, Qt::LayoutDirection, QQuickItemView::VerticalLayoutDirection) /home/qt/work/qt/qtdeclarative/tests/auto/quick/qquickgridview/tst_qquickgridview.cpp:938
#46 0x562d02947f8a in tst_QQuickGridView::removed_leftToRight_LtR_BtT() /home/qt/work/qt/qtdeclarative/tests/auto/quick/qquickgridview/tst_qquickgridview.cpp:6290
#47 0x562d02962e6e in tst_QQuickGridView::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/qt/work/qt/qtdeclarative_standalone_tests/tests/auto/quick/qquickgridview/tst_qquickgridview_autogen/include/tst_qquickgridview.moc:978
#48 0x7f21602db043 in QMetaMethodInvoker::invokeImpl(QMetaMethod, void*, Qt::ConnectionType, long long, void const* const*, char const* const*, QtPrivate::QMetaTypeInterface const* const*) /home/qt/work/qt/qtbase/src/corelib/kernel/qmetaobject.cpp:2754
#49 0x7f21602d8df5 in QMetaMethod::invokeImpl(QMetaMethod, void*, Qt::ConnectionType, long long, void const* const*, char const* const*, QtPrivate::QMetaTypeInterface const* const*) /home/qt/work/qt/qtbase/src/corelib/kernel/qmetaobject.cpp:2593
#50 0x7f216895b466 in std::enable_if<!std::disjunction<>::value, bool>::type QMetaMethod::invoke<void>(QObject*, Qt::ConnectionType, QTemplatedMetaMethodReturnArgument<void>) const /home/qt/work/qt/qtbase/src/corelib/kernel/qmetaobject.h:148
#51 0x7f2168955475 in std::enable_if<!std::disjunction<>::value, bool>::type QMetaMethod::invoke<>(QObject*, Qt::ConnectionType) const /home/qt/work/qt/qtbase/src/corelib/kernel/qmetaobject.h:160
#52 0x7f216892b27a in invokeTestMethodIfValid /home/qt/work/qt/qtbase/src/testlib/qtestcase.cpp:736
#53 0x7f2168930a7c in QTest::TestMethods::invokeTestOnData(int) const /home/qt/work/qt/qtbase/src/testlib/qtestcase.cpp:1374
#54 0x7f21689329bd in QTest::TestMethods::invokeTest(int, QLatin1String, std::optional<QTest::WatchDog>&) const /home/qt/work/qt/qtbase/src/testlib/qtestcase.cpp:1676
#55 0x7f2168935c31 in QTest::TestMethods::invokeTests(QObject*) const /home/qt/work/qt/qtbase/src/testlib/qtestcase.cpp:2013
#56 0x7f216893889f in QTest::qRun() /home/qt/work/qt/qtbase/src/testlib/qtestcase.cpp:2654
#57 0x7f216893759d in QTest::qExec(QObject*, int, char**) /home/qt/work/qt/qtbase/src/testlib/qtestcase.cpp:2532
#58 0x562d02961ad6 in main /home/qt/work/qt/qtdeclarative/tests/auto/quick/qquickgridview/tst_qquickgridview.cpp:6878
#59 0x7f215f7c724c in __libc_start_main (/lib64/libc.so.6+0x3524c)
SUMMARY: AddressSanitizer: heap-use-after-free /home/qt/work/qt/qtdeclarative/src/qml/jsruntime/qv4value_p.h:144 in QV4::QObjectWrapper const* QV4::Value::as<QV4::QObjectWrapper>() const
Shadow bytes around the buggy address:
0x0c0680000eb0: fa fa fd fd fd fd fa fa 00 00 00 00 fa fa fd fd
0x0c0680000ec0: fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0680000ed0: fd fd fd fd fa fa fa fa fa fa fa fa 00 00 00 06
0x0c0680000ee0: fa fa fd fd fd fd fa fa fd fd fd fd fa fa fd fd
0x0c0680000ef0: fd fd fa fa fd fd fd fa fa fa fd fd fd fd fa fa
=>0x0c0680000f00: 00 00 00 fa fa fa fd fd[fd]fa fa fa fd fd fd fa
0x0c0680000f10: fa fa fa fa fa fa fa fa fd fd fd fd fa fa fa fa
0x0c0680000f20: fa fa fa fa fd fd fd fd fa fa fd fd fd fd fa fa
0x0c0680000f30: fa fa fa fa fa fa fd fd fd fd fa fa fa fa fa fa
0x0c0680000f40: fa fa fa fa fa fa fa fa fd fd fd fd fa fa 00 00
0x0c0680000f50: 00 04 fa fa fd fd fd fd fa fa 00 00 01 fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==29884==ABORTING
sanitizer-testrunner.py INFO: Test exit code was: 1