We are running a QML test executable in the CI and are experiencing occasional seg faults during destruction:

Received signal 11 (SIGSEGV), code 1, for address 0x000001010000002d

We were able to reproduce the problem using the rr debugger (after about 250 tries). The error seems to be in Qt, so note that my setup used Qt 6.8.2.

The error is in ./src/qml/memory/qv4mm.cpp:313 where a pointer named v is accessed which was initialized through a null-pointer (v is initialized inline 310 by b->internalClass->vtable and b->internalClass is a null-pointer).

Setting a watchpoint on v and using rr's reverse-continue we were able to inspect all situations where v is being manipulated. All these instances did not involve any of our code. So it looks like this is a bug in the Qt Code.

We have unfortunately not been able to create a minimal reproducible example, partly as it is really difficult to get any ideas to where or why this is happening.

Stacktrace:

#0 0x000072cfddcabbe2 in ?? () from /usr/lib/libc.so.6
#1 0x000072cfddc9fe33 in ?? () from /usr/lib/libc.so.6
#2 0x000072cfddc9fe74 in ?? () from /usr/lib/libc.so.6
#3 0x000072cfddd10d6f in wait4 () from /usr/lib/libc.so.6
#4 0x000072cfe0d6c0bf in ?? () from /usr/lib/libQt6Test.so.6
#5 0x000072cfe0d6c490 in QTest::CrashHandler::FatalSignalHandler::actionHandler(int, siginfo_t*, void*) () from /usr/lib/libQt6Test.so.6
#6 <signal handler called>
#7 0x000072cfdf6e6bed in QQmlJavaScriptExpression::~QQmlJavaScriptExpression() () from /usr/lib/libQt6Qml.so.6
#8 0x000072cfdf726ba0 in ?? () from /usr/lib/libQt6Qml.so.6
#9 0x000072cfdedaed0b in QtPrivate::QPropertyBindingData::~QPropertyBindingData() () from /usr/lib/libQt6Core.so.6
#10 0x000072cfdeda177b in QObject::~QObject() () from /usr/lib/libQt6Core.so.6
#11 0x000072cfe0a05762 in ?? () from /usr/lib/libQt6Quick.so.6
#12 0x000072cfded9bc2b in QObjectPrivate::deleteChildren() () from /usr/lib/libQt6Core.so.6
#13 0x000072cfdeda1dbc in QObject::~QObject() () from /usr/lib/libQt6Core.so.6
#14 0x000072cfe0a05762 in ?? () from /usr/lib/libQt6Quick.so.6
#15 0x000072cfdfb4593b in QQmlTableInstanceModel::dispose(QObject*) () from /usr/lib/libQt6QmlModels.so.6
#16 0x000072cfe0a9ea64 in QQuickTableViewPrivate::~QQuickTableViewPrivate() () from /usr/lib/libQt6Quick.so.6
#17 0x000072cfe0a9ec55 in QQuickTableViewPrivate::~QQuickTableViewPrivate() () from /usr/lib/libQt6Quick.so.6
#18 0x000072cfe0a04b9a in ?? () from /usr/lib/libQt6Quick.so.6
#19 0x000072cfded9bc2b in QObjectPrivate::deleteChildren() () from /usr/lib/libQt6Core.so.6
#20 0x000072cfdeda1dbc in QObject::~QObject() () from /usr/lib/libQt6Core.so.6
#21 0x000072cfe0a05762 in ?? () from /usr/lib/libQt6Quick.so.6
#22 0x000072cfded9bc2b in QObjectPrivate::deleteChildren() () from /usr/lib/libQt6Core.so.6
#23 0x000072cfdeda1dbc in QObject::~QObject() () from /usr/lib/libQt6Core.so.6
#24 0x000072cfdd9732df in ?? () from /usr/lib/libQt6QuickTemplates2.so.6
#25 0x000072cfded9bc2b in QObjectPrivate::deleteChildren() () from /usr/lib/libQt6Core.so.6
#26 0x000072cfdeda1dbc in QObject::~QObject() () from /usr/lib/libQt6Core.so.6
#27 0x000072cfdd9732df in ?? () from /usr/lib/libQt6QuickTemplates2.so.6
#28 0x000072cfded9bc2b in QObjectPrivate::deleteChildren() () from /usr/lib/libQt6Core.so.6
#29 0x000072cfdeda1dbc in QObject::~QObject() () from /usr/lib/libQt6Core.so.6
#30 0x000072cfbc08be86 in ?? () from /usr/lib/qt6/qml/QtQuick/Layouts/../../../../libQt6QuickLayouts.so.6
#31 0x000072cfded9bc2b in QObjectPrivate::deleteChildren() () from /usr/lib/libQt6Core.so.6
#32 0x000072cfdeda1dbc in QObject::~QObject() () from /usr/lib/libQt6Core.so.6
#33 0x000072cfe0a05762 in ?? () from /usr/lib/libQt6Quick.so.6
#34 0x000072cfded9bc2b in QObjectPrivate::deleteChildren() () from /usr/lib/libQt6Core.so.6
#35 0x000072cfdeda1dbc in QObject::~QObject() () from /usr/lib/libQt6Core.so.6
#36 0x000072cfe0a05762 in ?? () from /usr/lib/libQt6Quick.so.6
#37 0x000072cfdeda2e5e in QObject::event(QEvent*) () from /usr/lib/libQt6Core.so.6
#38 0x000072cfded55b00 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /usr/lib/libQt6Core.so.6
#39 0x000072cfded55edc in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /usr/lib/libQt6Core.so.6
#40 0x000072cfdedba359 in QTest::qWait(std::chrono::duration<long, std::ratio<1l, 1000l> >) () from /usr/lib/libQt6Core.so.6
#41 0x000072cfe13b102f in QuickTestResult::qt_metacall(QMetaObject::Call, int, void**) () from /usr/lib/libQt6QuickTest.so.6
#42 0x000072cfdf71503b in ?? () from /usr/lib/libQt6Qml.so.6
#43 0x000072cfdf5de73b in QV4::QObjectMethod::callPrecise(QQmlObjectOrGadget const&, QQmlPropertyData const&, QV4::ExecutionEngine*, QV4::CallData*, QMetaObject::Call) () from /usr/lib/libQt6Qml.so.6
#44 0x000072cfdf5e8a0d in QV4::QObjectMethod::callInternal(QV4::Value const*, QV4::Value const*, int) const () from /usr/lib/libQt6Qml.so.6
#45 0x000072cfdf60531d in QV4::Runtime::CallPropertyLookup::call(QV4::ExecutionEngine*, QV4::Value const&, unsigned int, QV4::Value*, int) () from /usr/lib/libQt6Qml.so.6
#46 0x000072cfa8037f7e in ?? ()
#47 0x0000000000000000 in ?? ()
[Inferior 1 (process 90335) detached]
=== End of stack trace ===