-
Bug
-
Resolution: Unresolved
-
P1: Critical
-
None
-
6.9.2
-
None
-
Linux/Wayland
Users on KDE Plasma 6.4.4 are experiencing random crashes due to a null dereference in QQuickStackElement::initialize.
(gdb) f 7
#7 QQuickStackElement::initialize (this=this@entry=0x6283e859d020, requiredProperties=requiredProperties@entry=0x0)
at /usr/src/debug/qt6-declarative/qtdeclarative/src/quicktemplates/qquickstackelement.cpp:210
210 QV4::ExecutionEngine *v4 = QQmlEnginePrivate::getV4Engine(engine);
(gdb) l - 195 void QQuickStackElement::initialize(RequiredProperties *requiredProperties) 196 { 197 if (!item || init) 198 return; 199 200 QQuickItemPrivate *p = QQuickItemPrivate::get(item); 201 if (!(widthValid = p->widthValid())) 202 item->setWidth(view->width()); 203 if (!(heightValid = p->heightValid())) 204 item->setHeight(view->height()); (gdb) l + 205 item->setParentItem(view); 206 207 if (!properties.isUndefined()) { 208 QQmlEngine *engine = qmlEngine(view); 209 Q_ASSERT(engine); 210 QV4::ExecutionEngine *v4 = QQmlEnginePrivate::getV4Engine(engine); 211 Q_ASSERT(v4); 212 QV4::Scope scope(v4); 213 QV4::ScopedValue ipv(scope, properties.value()); 214 QV4::Scoped<QV4::QmlContext> qmlContext(scope, qmlCallingContext.value()); (gdb) l + 215 QV4::ScopedValue qmlObject(scope, QV4::QObjectWrapper::wrap(v4, item)); 216 QQmlComponentPrivate::setInitialProperties( 217 v4, qmlContext, qmlObject, ipv, requiredProperties, item, 218 component ? QQmlComponentPrivate::get(component)->state.creator() : nullptr); 219 properties.clear(); 220 } 221 222 if (requiredProperties && !requiredProperties->empty()) { 223 QString error; 224 for (const auto &property: *requiredProperties) {
(gdb) p view $47 = (QQuickStackView *) 0x6283e87b14b0 (gdb) p engine $46 = (QQmlEngine *) 0x0
(gdb) disassemble/s $pc-64, $pc+64 Dump of assembler code from 0x7d56e33393b8 to 0x7d56e3339438: /usr/src/debug/qt6-declarative/qtdeclarative/src/quicktemplates/qquickstackelement.cpp: 203 if (!(heightValid = p->heightValid())) 0x00007d56e33393b8 <_ZN18QQuickStackElement10initializeEP18RequiredProperties+104>: imul $0x24748b49,(%rcx),%eax 204 item->setHeight(view->height()); 205 item->setParentItem(view); 0x00007d56e33393be <_ZN18QQuickStackElement10initializeEP18RequiredProperties+110>: js 0x7d56e3339409 <_ZN18QQuickStackElement10initializeEP18RequiredProperties+185> 0x00007d56e33393c0 <_ZN18QQuickStackElement10initializeEP18RequiredProperties+112>: mov 0x40(%rsp),%edi 0x00007d56e33393c4 <_ZN18QQuickStackElement10initializeEP18RequiredProperties+116>: call *0x132bbe(%rip) # 0x7d56e346bf88 /usr/src/debug/qt6-declarative/qtdeclarative/src/qml/jsruntime/qv4persistent_p.h: 113 bool isUndefined() const { return !val || val->isUndefined(); } 0x00007d56e33393ca <_ZN18QQuickStackElement10initializeEP18RequiredProperties+122>: mov 0x98(%r12),%rax 0x00007d56e33393d2 <_ZN18QQuickStackElement10initializeEP18RequiredProperties+130>: test %rax,%rax 0x00007d56e33393d5 <_ZN18QQuickStackElement10initializeEP18RequiredProperties+133>: je 0x7d56e3339507 <_ZN18QQuickStackElement10initializeEP18RequiredProperties+439> /usr/src/debug/qt6-declarative/qtdeclarative/src/qml/common/qv4staticvalue_p.h: 287 inline bool isUndefined() const { return _val == 0; } 0x00007d56e33393db <_ZN18QQuickStackElement10initializeEP18RequiredProperties+139>: cmpq $0x0,(%rax) 0x00007d56e33393df <_ZN18QQuickStackElement10initializeEP18RequiredProperties+143>: je 0x7d56e3339507 <_ZN18QQuickStackElement10initializeEP18RequiredProperties+439> /usr/src/debug/qt6-declarative/qtdeclarative/src/quicktemplates/qquickstackelement.cpp: 208 QQmlEngine *engine = qmlEngine(view); 0x00007d56e33393e5 <_ZN18QQuickStackElement10initializeEP18RequiredProperties+149>: mov 0x78(%r12),%rdi 0x00007d56e33393ea <_ZN18QQuickStackElement10initializeEP18RequiredProperties+154>: call *0x132900(%rip) # 0x7d56e346bcf0 /usr/src/debug/qt6-declarative/qtdeclarative/src/qml/jsapi/qjsengine.h: 320 QV4::ExecutionEngine *handle() const { return m_v4Engine; } 0x00007d56e33393f0 <_ZN18QQuickStackElement10initializeEP18RequiredProperties+160>: mov 0x98(%r12),%rdx => 0x00007d56e33393f8 <_ZN18QQuickStackElement10initializeEP18RequiredProperties+168>: mov 0x10(%rax),%r13 /usr/src/debug/qt6-declarative/qtdeclarative/src/qml/jsruntime/qv4scopedvalue_p.h: 66 explicit Scope(ExecutionEngine *e) 0x00007d56e33393fc <_ZN18QQuickStackElement10initializeEP18RequiredProperties+172>: xor %eax,%eax 67 : engine(e) 68 , mark(engine->jsStackTop) 0x00007d56e33393fe <_ZN18QQuickStackElement10initializeEP18RequiredProperties+174>: mov 0x8(%r13),%r15 /usr/src/debug/qt6-declarative/qtdeclarative/src/qml/jsruntime/qv4persistent_p.h: 90 return (val ? val->asReturnedValue() : Encode::undefined()); 0x00007d56e3339402 <_ZN18QQuickStackElement10initializeEP18RequiredProperties+178>: test %rdx,%rdx 0x00007d56e3339405 <_ZN18QQuickStackElement10initializeEP18RequiredProperties+181>: je 0x7d56e333940a <_ZN18QQuickStackElement10initializeEP18RequiredProperties+186> /usr/src/debug/qt6-declarative/qtdeclarative/src/qml/common/qv4staticvalue_p.h: 452 constexpr ReturnedValue asReturnedValue() const { return _val; } 0x00007d56e3339407 <_ZN18QQuickStackElement10initializeEP18RequiredProperties+183>: mov (%rdx),%rax 130 QV4_NEARLY_ALWAYS_INLINE constexpr void setRawValue(quint64 raw) { _val = raw; } 0x00007d56e333940a <_ZN18QQuickStackElement10initializeEP18RequiredProperties+186>: mov %rax,(%r15) /usr/src/debug/qt6-declarative/qtdeclarative/src/qml/jsruntime/qv4persistent_p.h: 90 return (val ? val->asReturnedValue() : Encode::undefined()); 0x00007d56e333940d <_ZN18QQuickStackElement10initializeEP18RequiredProperties+189>: mov 0xa0(%r12),%rax /usr/src/debug/qt6-declarative/qtdeclarative/src/qml/jsruntime/qv4engine_p.h: 167 jsStackTop = ptr + nValues; 0x00007d56e3339415 <_ZN18QQuickStackElement10initializeEP18RequiredProperties+197>: lea 0x10(%r15),%rdx /usr/src/debug/qt6-declarative/qtdeclarative/src/qml/jsruntime/qv4persistent_p.h: 90 return (val ? val->asReturnedValue() : Encode::undefined()); 0x00007d56e3339419 <_ZN18QQuickStackElement10initializeEP18RequiredProperties+201>: test %rax,%rax 0x00007d56e333941c <_ZN18QQuickStackElement10initializeEP18RequiredProperties+204>: je 0x7d56e3339c0f <_ZN18QQuickStackElement10initializeEP18RequiredProperties+2239> /usr/src/debug/qt6-declarative/qtdeclarative/src/qml/common/qv4staticvalue_p.h: 452 constexpr ReturnedValue asReturnedValue() const { return _val; } 0x00007d56e3339422 <_ZN18QQuickStackElement10initializeEP18RequiredProperties+210>: mov (%rax),%rax /usr/src/debug/qt6-declarative/qtdeclarative/src/qml/jsruntime/qv4engine_p.h: 167 jsStackTop = ptr + nValues; 0x00007d56e3339425 <_ZN18QQuickStackElement10initializeEP18RequiredProperties+213>: mov %rdx,0x8(%r13) /usr/src/debug/qt6-declarative/qtdeclarative/src/qml/common/qv4staticvalue_p.h: 315 inline bool isManagedOrUndefined() const { return (_val & ManagedMask) == 0; } 0x00007d56e3339429 <_ZN18QQuickStackElement10initializeEP18RequiredProperties+217>: movabs $0x7ff1000000000000,%rdx 0x00007d56e3339433 <_ZN18QQuickStackElement10initializeEP18RequiredProperties+227>: test %rdx,%rax 0x00007d56e3339436 <_ZN18QQuickStackElement10initializeEP18RequiredProperties+230>: jne 0x7d56e333945d <_ZN18QQuickStackElement10initializeEP18RequiredProperties+269> End of assembler dump.
We are doing MOV 0x10(%rax), %r13 with %rax = 0x0.
I'm not sure why qmlEngine(view) returned null, as I'm working from coredumps.
All reported crashes have in common that Qt Version 6.9.2 is used.
All reported crashes occur due to a QQuickImage usage.
See the original KDE Plasma bug report(s) here:
https://bugs.kde.org/show_bug.cgi?id=509192
I am attaching the full kcrash backtrace. Please let me know what further information to provide.
This is my first Qt report.