Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-134749

Various ASAN crashes in QJSEngine

    XMLWordPrintable

Details

    • Linux/X11

    Description

      We observe various non-deterministic crashes in QJSEngine in CI. To narrow down the issues we built Qt with clang / clang++ and

      -release -force-debug-info -sanitize address

      The crashes occur in integration tests that evaluate JavaScript directly in QJSEngine (there is no QML involved). The JavaScript code makes heavy use of built-in library functions (Array built-ins) and arrow-functions and is entirely procedural and synchronous .

      Unfortunately we could not yet factor out a minimal example to trigger any of the crashes.

      The crashes are typically triggered in case the CPU is saturated.

      We also built Qt 6.7.3 with the same configuration and none of the issues could be observed.

      This might be related to https://bugreports.qt.io/browse/QTBUG-134687

      As described in the mentioned issue, the crashes do not occur with

      export QV4_GC_TIMELIMIT=0

      (Edit: with the ASAN build.)

      We could not meaningfully test with 

      export QV4_GC_TIMELIMIT=0 
export QV4_MM_AGGRESSIVE_GC=1

      Since most tests hit (already generous) timeouts.

      Below is a collection of crashes we observed:

      AddressSanitizer:DEADLYSIGNAL
=================================================================
==29108==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc 0x7f513555611e bp 0x7ffcf790f710 sp 0x7ffcf790f680 T0)  
==29108==The signal is caused by a READ memory access.                                                                                                        
==29108==Hint: address points to the zero page.                                                
    #0 0x7f513555611e in QV4::MarkStack::drain() /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/memory/qv4mm.cpp:1080:27
    #1 0x7f513555611e in QV4::(anonymous namespace)::markDrain(QV4::GCStateMachine*, std::variant<std::monostate, QV4::GCIteratorStorage>&) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/memory/qv4mm.cpp:781:32
    #2 0x7f5135563345 in QV4::executeWithLoggingIfEnabled(QV4::GCStateMachine*, QV4::GCStateMachine::GCStateInfo&) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/memory/qv4mm.cpp:1529:16
    #3 0x7f51355622de in QV4::GCStateMachine::transition() /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/memory/qv4mm.cpp:1558:21
    #4 0x7f513555940d in QV4::GCStateMachine::step() /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/memory/qv4mm_p.h:89:9
    #5 0x7f513555940d in QV4::MemoryManager::tryForceGCCompletion() /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/memory/qv4mm.cpp:1265:25
    #6 0x7f51352ca158 in QV4::MemoryManager::allocate(QV4::BlockAllocator*, unsigned long) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/memory/qv4mm_p.h:398:56
    #7 0x7f5135557025 in QV4::MemoryManager::allocString(unsigned long) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/memory/qv4mm.cpp:1000:19
    #8 0x7f513528dad1 in QV4::String::Data* QV4::MemoryManager::allocWithStringData<QV4::String, QString const&>(unsigned long, QString const&) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/memory/qv4mm_p.h:286:88
    #9 0x7f513528dad1 in QV4::ExecutionEngine::newString(QString const&) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4engine.cpp:942:27
    #10 0x7f5135355dd2 in QV4::JsonObject::method_stringify(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4jsonobject.cpp:953:33
    #11 0x7f5135317cd6 in QV4::DynamicFunctionObject::virtualCall(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4functionobject.cpp:191:16
    #12 0x7f513553f866 in QV4::FunctionObject::call(QV4::Value const*, QV4::Value const*, int) const /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4functionobject_p.h:187:20
    #13 0x7f513553f866 in QV4::Moth::VME::interpret(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*, char const*) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:798:52
    #14 0x7f5135535faf in QV4::Moth::VME::exec(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:487:18
    #15 0x7f513531fee0 in qfoDoCall(QV4::JavaScriptFunctionObject const*, QV4::Value const*, QV4::Value const*, int) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4functionobject.cpp:527:18
    #16 0x7f513531cc10 in QV4::ArrowFunction::virtualCall(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4functionobject.cpp:558:12
    #17 0x7f513553e2c0 in QV4::FunctionObject::call(QV4::Value const*, QV4::Value const*, int) const /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4functionobject_p.h:187:20
    #18 0x7f513553e2c0 in QV4::Moth::VME::interpret(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*, char const*) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:761:57
    #19 0x7f5135535faf in QV4::Moth::VME::exec(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:487:18
    #20 0x7f513531fee0 in qfoDoCall(QV4::JavaScriptFunctionObject const*, QV4::Value const*, QV4::Value const*, int) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4functionobject.cpp:527:18
    #21 0x7f513531cc10 in QV4::ArrowFunction::virtualCall(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4functionobject.cpp:558:12
    #22 0x7f5135210bda in QV4::FunctionObject::call(QV4::Value const*, QV4::Value const*, int) const /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4functionobject_p.h:187:20
    #23 0x7f5135210bda in QV4::FunctionObject::call(QV4::JSCallData const&) const /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4jscall_p.h:105:12
    #24 0x7f5135210bda in QJSValue::call(QList<QJSValue> const&) const /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsapi/qjsvalue.cpp:725:34

      AddressSanitizer:DEADLYSIGNAL
=================================================================
==3762==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7fa510de8be4 bp 0x7ffd9eea2870 sp 0x7ffd9eea2780 T0)   
==3762==The signal is caused by a READ memory access.                                                                                                         
==3762==Hint: address points to the zero page. 
    #0 0x7fa510de8be4 in QV4::MarkStack::push(QV4::Heap::Base*) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/memory/qv4mmdefs_p.h:237:16
    #1 0x7fa510de8be4 in QV4::Heap::Base::mark(QV4::MarkStack*) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/memory/qv4heap_p.h:149:20  
    #2 0x7fa510de8be4 in QV4::ExecutableCompilationUnit::markObjects(QV4::MarkStack*) const /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4executablecompilationunit.cpp:275:36                                                                                                      
    #3 0x7fa510de7593 in QV4::GCCriticalSection<QV4::ExecutableCompilationUnit>::~GCCriticalSection() /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/memory/qv4mm_p.h:475:35                                                                                                                      
    #4 0x7fa510de7593 in QV4::ExecutableCompilationUnit::populate() /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4executablecompilationunit.cpp:206:1                                                                                                                               
    #5 0x7fa510dea79a in QV4::ExecutableCompilationUnit::instantiate() /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4executablecompilationunit.cpp:341:9                                   
    #6 0x7fa510deab08 in QV4::ExecutableCompilationUnit::instantiate() /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4executablecompilationunit.cpp:356:34                                              
    #7 0x7fa510deab08 in QV4::ExecutableCompilationUnit::instantiate() /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4executablecompilationunit.cpp:356:34                  
    #8 0x7fa510deab08 in QV4::ExecutableCompilationUnit::instantiate() /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4executablecompilationunit.cpp:356:34                        
    #9 0x7fa510cedd2d in QJSEngine::importModule(QString const&) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsapi/qjsengine.cpp:590:61

      AddressSanitizer:DEADLYSIGNAL
=================================================================
==25719==ERROR: AddressSanitizer: stack-overflow on address 0x7fff38cdeff8 (pc 0x7fc83d80976c bp 0x7fff38cdf010 sp 0x7fff38cdf000 T0)
    #0 0x7fc83d80976c in QV4::StaticValue::isManagedOrUndefined() const /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4value.cpp:123         
    #1 0x7fc83d80976c in QV4::StaticValue::isManaged() const /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/common/qv4staticvalue_p.h:320:16
    #2 0x7fc83d80976c in QV4::Value::toQStringNoThrow() const /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4value.cpp:124:9
    #3 0x7fc83d809f24 in QV4::Value::toQStringNoThrow() const /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4value.cpp       
    #4 0x7fc83d809f24 in QV4::Value::toQStringNoThrow() const /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4value.cpp
    #5 0x7fc83d809f24 in QV4::Value::toQStringNoThrow() const /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4value.cpp
    #6 0x7fc83d809f24 in QV4::Value::toQStringNoThrow() const /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4value.cpp
    #7 0x7fc83d809f24 in QV4::Value::toQStringNoThrow() const /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4value.cpp
    #8 0x7fc83d809f24 in QV4::Value::toQStringNoThrow() const /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4value.cpp
    #9 0x7fc83d809f24 in QV4::Value::toQStringNoThrow() const /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4value.cpp

      AddressSanitizer:DEADLYSIGNAL
=================================================================
==26205==ERROR: AddressSanitizer: stack-overflow on address 0x7fff4698cfe8 (pc 0x7f487a608b1e bp 0x7fff4698d030 sp 0x7fff4698cfe0 T0)
    #0 0x7f487a608b1e in QV4::StaticValue::setRawValue(unsigned long long) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/common/qv4staticvalue_p.h:130:77
    #1 0x7f487a608b1e in QV4::ScopedValue::ScopedValue(QV4::Scope const&) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4scopedvalue_p.h:154:14                                                                                                                                            
    #2 0x7f487a608b1e in QV4::Value::toQStringNoThrow() const /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4value.cpp:132:21
    #3 0x7f487a608f24 in QV4::Value::toQStringNoThrow() const /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4value.cpp
    #4 0x7f487a608f24 in QV4::Value::toQStringNoThrow() const /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4value.cpp
    #5 0x7f487a608f24 in QV4::Value::toQStringNoThrow() const /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4value.cpp
    #6 0x7f487a608f24 in QV4::Value::toQStringNoThrow() const /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4value.cpp
    #7 0x7f487a608f24 in QV4::Value::toQStringNoThrow() const /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4value.cpp
    #8 0x7f487a608f24 in QV4::Value::toQStringNoThrow() const /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4value.cpp
    #9 0x7f487a608f24 in QV4::Value::toQStringNoThrow() const /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4value.cpp

      AddressSanitizer:DEADLYSIGNAL
=================================================================
==28566==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000090 (pc 0x7effd27cb604 bp 0x7ffd5ae92770 sp 0x7ffd5ae926e0 T0)  
==28566==The signal is caused by a READ memory access.                                                                                                        
==28566==Hint: address points to the zero page.
    #0 0x7effd27cb604 in QV4::ExecutionContext::newCallContext(QV4::JSTypesStackFrame*) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4context.cpp:73                                                                                                                                       
    #1 0x7effd29eb1f1 in QV4::Runtime::PushCallContext::call(QV4::JSTypesStackFrame*) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4runtime.cpp:1757:31                                                                                                                             
    #2 0x7effd2aba317 in QV4::Moth::VME::interpret(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*, char const*) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:920:9                                                                                                    
    #3 0x7effd2ab3faf in QV4::Moth::VME::exec(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:487:18                                                                                                                     
    #4 0x7effd289dee0 in qfoDoCall(QV4::JavaScriptFunctionObject const*, QV4::Value const*, QV4::Value const*, int) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4functionobject.cpp:527:18
    #5 0x7effd289ac10 in QV4::ArrowFunction::virtualCall(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4functionobject.cpp:558:12
    #6 0x7effd2abc2c0 in QV4::FunctionObject::call(QV4::Value const*, QV4::Value const*, int) const /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4functionobject_p.h:187:20
    #7 0x7effd2abc2c0 in QV4::Moth::VME::interpret(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*, char const*) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:761:57
    #8 0x7effd2ab3faf in QV4::Moth::VME::exec(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:487:18
    #9 0x7effd289dee0 in qfoDoCall(QV4::JavaScriptFunctionObject const*, QV4::Value const*, QV4::Value const*, int) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4functionobject.cpp:527:18
    #10 0x7effd289ac10 in QV4::ArrowFunction::virtualCall(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4functionobject.cpp:558:12
    #11 0x7effd27c143e in QV4::FunctionObject::call(QV4::Value const*, QV4::Value const*, int) const /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4functionobject_p.h:187:20
    #12 0x7effd27c143e in QV4::ArrayPrototype::method_map(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4arrayobject.cpp:1328:28
    #13 0x7effd2895cd6 in QV4::DynamicFunctionObject::virtualCall(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4functionobject.cpp:191:16
    #14 0x7effd2abd866 in QV4::FunctionObject::call(QV4::Value const*, QV4::Value const*, int) const /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4functionobject_p.h:187:20
    #15 0x7effd2abd866 in QV4::Moth::VME::interpret(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*, char const*) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:798:52
    #16 0x7effd2ab3faf in QV4::Moth::VME::exec(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:487:18
    #17 0x7effd289dee0 in qfoDoCall(QV4::JavaScriptFunctionObject const*, QV4::Value const*, QV4::Value const*, int) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4functionobject.cpp:527:18
    #18 0x7effd289ac10 in QV4::ArrowFunction::virtualCall(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4functionobject.cpp:558:12
    #19 0x7effd278ebda in QV4::FunctionObject::call(QV4::Value const*, QV4::Value const*, int) const /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4functionobject_p.h:187:20
    #20 0x7effd278ebda in QV4::FunctionObject::call(QV4::JSCallData const&) const /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4jscall_p.h:105:12
    #21 0x7effd278ebda in QJSValue::call(QList<QJSValue> const&) const /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsapi/qjsvalue.cpp:725:34

      AddressSanitizer:DEADLYSIGNAL
=================================================================
==25816==ERROR: AddressSanitizer: SEGV on unknown address 0x0006bfff8003 (pc 0x7fc0b4fb11d9 bp 0x7ffc6bec0d10 sp 0x7ffc6bec0aa0 T0)  
==25816==The signal is caused by a READ memory access.                                                                                                        
/usr/bin/llvm-symbolizer-18: error: '/memfd:JITCode:QtQml (deleted)': No such file or directory
    #0 0x7fc0b4fb11d9 in QV4::Heap::Pointer<QV4::Heap::InternalClass*, 0ul>::get() const /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/memory/qv4heap_p.h:45:48                                                                                                                                         
    #1 0x7fc0b4fb11d9 in QV4::Heap::Pointer<QV4::Heap::InternalClass*, 0ul>::operator->() const /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/memory/qv4heap_p.h:36:35                                                                                                                           
    #2 0x7fc0b4fb11d9 in QV4::Value::isFunctionObject() const /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4value_p.h:316:28
    #3 0x7fc0b4fb11d9 in QV4::Moth::VME::interpret(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*, char const*) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:756:13
    #4 0x7fc0b4fa8faf in QV4::Moth::VME::exec(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:487:18
    #5 0x7fc0b4d92ee0 in qfoDoCall(QV4::JavaScriptFunctionObject const*, QV4::Value const*, QV4::Value const*, int) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4functionobject.cpp:527:18
    #6 0x7fc0b4d8fc10 in QV4::ArrowFunction::virtualCall(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4functionobject.cpp:558:12
    #7 0x7fc0b4fb12c0 in QV4::FunctionObject::call(QV4::Value const*, QV4::Value const*, int) const /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4functionobject_p.h:187:20
    #8 0x7fc0b4fb12c0 in QV4::Moth::VME::interpret(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*, char const*) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:761:57
    #9 0x7fc0b4fa8faf in QV4::Moth::VME::exec(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:487:18
    #10 0x7fc0b4d92ee0 in qfoDoCall(QV4::JavaScriptFunctionObject const*, QV4::Value const*, QV4::Value const*, int) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4functionobject.cpp:527:18
    #11 0x7fc0b4d8fc10 in QV4::ArrowFunction::virtualCall(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4functionobject.cpp:558:12
    #12 0x7fc0b4fb12c0 in QV4::FunctionObject::call(QV4::Value const*, QV4::Value const*, int) const /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4functionobject_p.h:187:20
    #13 0x7fc0b4fb12c0 in QV4::Moth::VME::interpret(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*, char const*) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:761:57
    #14 0x7fc0b4fa8faf in QV4::Moth::VME::exec(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:487:18
    #15 0x7fc0b4d92ee0 in qfoDoCall(QV4::JavaScriptFunctionObject const*, QV4::Value const*, QV4::Value const*, int) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4functionobject.cpp:527:18
    #16 0x7fc0b4d8fc10 in QV4::ArrowFunction::virtualCall(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4functionobject.cpp:558:12
    #17 0x7fc0b4eddb1d in QV4::FunctionObject::call(QV4::Value const*, QV4::Value const*, int) const /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4functionobject_p.h:187:20
    #18 0x7fc0b4eddb1d in QV4::Runtime::CallValue::call(QV4::ExecutionEngine*, QV4::Value const&, QV4::Value*, int) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4runtime.cpp:1579:76
    #19 0x7fc0b0775c90  (/memfd:JITCode:QtQml (deleted)+0xc90)

      AddressSanitizer:DEADLYSIGNAL
=================================================================
==25754==ERROR: AddressSanitizer: SEGV on unknown address 0x0000000000a0 (pc 0x7f021898b221 bp 0x7ffdd317e6b0 sp 0x7ffdd317e440 T0)  
==25754==The signal is caused by a READ memory access.                                                                                                        
==25754==Hint: address points to the zero page.                                                
/usr/bin/llvm-symbolizer-18: error: '/memfd:JITCode:QtQml (deleted)': No such file or directory
    #0 0x7f021898b221 in QV4::Value::isFunctionObject() const /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4value_p.h:317:12
    #1 0x7f021898b221 in QV4::Moth::VME::interpret(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*, char const*) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:756:13                                                                                                   
    #2 0x7f0218982faf in QV4::Moth::VME::exec(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:487:18
    #3 0x7f021876cee0 in qfoDoCall(QV4::JavaScriptFunctionObject const*, QV4::Value const*, QV4::Value const*, int) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4functionobject.cpp:527:18
    #4 0x7f0218769c10 in QV4::ArrowFunction::virtualCall(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4functionobject.cpp:558:12
    #5 0x7f021898b2c0 in QV4::FunctionObject::call(QV4::Value const*, QV4::Value const*, int) const /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4functionobject_p.h:187:20
    #6 0x7f021898b2c0 in QV4::Moth::VME::interpret(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*, char const*) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:761:57
    #7 0x7f0218982faf in QV4::Moth::VME::exec(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:487:18
    #8 0x7f021876cee0 in qfoDoCall(QV4::JavaScriptFunctionObject const*, QV4::Value const*, QV4::Value const*, int) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4functionobject.cpp:527:18
    #9 0x7f0218769c10 in QV4::ArrowFunction::virtualCall(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4functionobject.cpp:558:12
    #10 0x7f021898b2c0 in QV4::FunctionObject::call(QV4::Value const*, QV4::Value const*, int) const /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4functionobject_p.h:187:20
    #11 0x7f021898b2c0 in QV4::Moth::VME::interpret(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*, char const*) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:761:57
    #12 0x7f0218982faf in QV4::Moth::VME::exec(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:487:18
    #13 0x7f021876cee0 in qfoDoCall(QV4::JavaScriptFunctionObject const*, QV4::Value const*, QV4::Value const*, int) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4functionobject.cpp:527:18
    #14 0x7f0218769c10 in QV4::ArrowFunction::virtualCall(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4functionobject.cpp:558:12
    #15 0x7f02188b7b1d in QV4::FunctionObject::call(QV4::Value const*, QV4::Value const*, int) const /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4functionobject_p.h:187:20
    #16 0x7f02188b7b1d in QV4::Runtime::CallValue::call(QV4::ExecutionEngine*, QV4::Value const&, QV4::Value*, int) /tmp/qt-everywhere-src-6.8.2/qtdeclarative/src/qml/jsruntime/qv4runtime.cpp:1579:76
    #17 0x7f0214157c90  (/memfd:JITCode:QtQml (deleted)+0xc90)

      AddressSanitizer:DEADLYSIGNAL
=================================================================
==25908==ERROR: AddressSanitizer: SEGV on unknown address 0x002b00000002 (pc 0x002b00000002 bp 0x7ffda6bbbed0 sp 0x7ffda6bbbc58 T0)
==25908==The signal is caused by a READ memory access.                                                                               
==25908==Hint: PC is at a non-executable region. Maybe a wild jump?                                                                                           
AddressSanitizer:DEADLYSIGNAL                                                                  
AddressSanitizer: nested bug in the same thread, aborting.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-134687 Crash in GC MarkStack drain step

          • P1: Critical - Urgent and Important, will STOP the release if matched with set FixVersion field. This includes regressions from the last version that are not edge cases; Data loss; Build issues; All but the most unlikely crashes/lockups/hanging; Serious usability issues and embarrassing bugs & Bugs critical to a deliverable. This is the highest possible priority for requirements.
          • Reported
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              diseraluca Luca Di Sera
              hannesscheer Johannes Scheer
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:

                Gerrit Reviews

                  There are no open Gerrit changes