Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-38635

QML Crash in garbage collection when creating new Component

    XMLWordPrintable

Details

    • a560018d08d4212bc65c163eb608639f19b38df2 (qtdeclarative)

    Description

      Observed a crash when creating new QML Components from C++. Verified that object ownership was correct.

      Did a stack trace and discovered that in qv4qobjectwrapper.cpp markChildQObjectsRecursively() we are attempting to dereference a NULL child pointer. I know that the QML parent of these children is being destroyed via a call to destroy() in QML and was dynamically created. So when I look at the QList of children one step up in the recursive stack all the children are null.

      Will include the stack trace. It is difficult to provide example code because this is buried in a proprietary C++ class. It is also not reproducible 100% of the time, only about 80% in my case. This indicates that an element of timing may be involved so here is the timeline in my code that leads to the crash:

      1. A "Page" is being destroyed.
      2. When one of the components on the page is set to null it triggers a binding in an external component which changes its model.
      3. The model change causes the external component to re-create its delegates (which happens in C++). During the beginCreate() call (and occasionally during the completeCreate() call) garbage collection is triggered and seems to be trying to garbage collect my entire application. When I followed the recursive marking up to the top, the first QObject without a parent that is being garbage collected is the QML component in my main.qml file.

      Could be related to https://bugreports.qt-project.org/browse/QTBUG-36183

      Stack Backtrace:

      0	QScopedPointer<QObjectData,QScopedPointerDeleter<QObjectData> >::data	qscopedpointer.h	143	0x59f7277a	
1	qGetPtrHelper<QScopedPointer<QObjectData,QScopedPointerDeleter<QObjectData> > >	qglobal.h	938	0x59f69b4b	
2	QObject::d_func	qobject.h	118	0x59f6fc23	
3	QObjectPrivate::get	qobject_p.h	200	0x59f6c47b	
4	QQmlData::get	qqmldata_p.h	196	0x656adb30	
5	markChildQObjectsRecursively	qv4qobjectwrapper.cpp	958	0x658de1fd	
6	markChildQObjectsRecursively	qv4qobjectwrapper.cpp	961	0x658de225	
7	markChildQObjectsRecursively	qv4qobjectwrapper.cpp	961	0x658de225	
8	markChildQObjectsRecursively	qv4qobjectwrapper.cpp	961	0x658de225	
9	markChildQObjectsRecursively	qv4qobjectwrapper.cpp	961	0x658de225	
10	QV4::QObjectWrapper::markObjects	qv4qobjectwrapper.cpp	979	0x658de18b	
11	QV4::MemoryManager::mark	qv4mm.cpp	312	0x65868733	
12	QV4::MemoryManager::runGC	qv4mm.cpp	440	0x65868bf4	
13	QV4::MemoryManager::alloc	qv4mm.cpp	207	0x658682d3	
14	QV4::MemoryManager::allocManaged	qv4mm_p.h	102	0x657b4614	
15	QV4::Members::ensureIndex	qv4memberdata.cpp	78	0x65899fb0	
16	QV4::Object::ensureMemberIndex	qv4object.cpp	232	0x6589c1df	
17	QV4::Object::insertMember	qv4object.cpp	242	0x6589c22f	
18	QV4::SimpleScriptFunction::SimpleScriptFunction	qv4functionobject.cpp	458	0x658885bc	
19	QV4::FunctionObject::createScriptFunction	qv4functionobject.cpp	183	0x658870ee	
20	QQmlObjectCreator::setPropertyBinding	qqmlobjectcreator.cpp	823	0x659c9c51	
21	QQmlObjectCreator::setupBindings	qqmlobjectcreator.cpp	724	0x659c94b5	
22	QQmlObjectCreator::populateInstance	qqmlobjectcreator.cpp	1316	0x659cc182	
23	QQmlObjectCreator::createInstance	qqmlobjectcreator.cpp	1158	0x659cb7f9	
24	QQmlObjectCreator::setPropertyBinding	qqmlobjectcreator.cpp	765	0x659c9887	
25	QQmlObjectCreator::setupBindings	qqmlobjectcreator.cpp	724	0x659c94b5	
26	QQmlObjectCreator::populateInstance	qqmlobjectcreator.cpp	1316	0x659cc182	
27	QQmlObjectCreator::createInstance	qqmlobjectcreator.cpp	1158	0x659cb7f9	
28	QQmlObjectCreator::create	qqmlobjectcreator.cpp	219	0x659c6cc3	
29	QQmlObjectCreator::createInstance	qqmlobjectcreator.cpp	1075	0x659cb1c9	
30	QQmlObjectCreator::create	qqmlobjectcreator.cpp	219	0x659c6cc3	
31	QQmlObjectCreator::createInstance	qqmlobjectcreator.cpp	1075	0x659cb1c9	
32	QQmlObjectCreator::setPropertyBinding	qqmlobjectcreator.cpp	765	0x659c9887	
33	QQmlObjectCreator::setupBindings	qqmlobjectcreator.cpp	724	0x659c94b5	
34	QQmlObjectCreator::populateInstance	qqmlobjectcreator.cpp	1316	0x659cc182	
35	QQmlObjectCreator::createInstance	qqmlobjectcreator.cpp	1158	0x659cb7f9	
36	QQmlObjectCreator::setPropertyBinding	qqmlobjectcreator.cpp	765	0x659c9887	
37	QQmlObjectCreator::setupBindings	qqmlobjectcreator.cpp	724	0x659c94b5	
38	QQmlObjectCreator::populateInstance	qqmlobjectcreator.cpp	1316	0x659cc182	
39	QQmlObjectCreator::createInstance	qqmlobjectcreator.cpp	1158	0x659cb7f9	
40	QQmlObjectCreator::setPropertyBinding	qqmlobjectcreator.cpp	765	0x659c9887	
41	QQmlObjectCreator::setupBindings	qqmlobjectcreator.cpp	724	0x659c94b5	
42	QQmlObjectCreator::populateInstance	qqmlobjectcreator.cpp	1316	0x659cc182	
43	QQmlObjectCreator::createInstance	qqmlobjectcreator.cpp	1158	0x659cb7f9	
44	QQmlObjectCreator::create	qqmlobjectcreator.cpp	219	0x659c6cc3	
45	QQmlObjectCreator::createInstance	qqmlobjectcreator.cpp	1075	0x659cb1c9	
46	QQmlObjectCreator::create	qqmlobjectcreator.cpp	219	0x659c6cc3	
47	QQmlObjectCreator::createInstance	qqmlobjectcreator.cpp	1075	0x659cb1c9	
48	QQmlObjectCreator::create	qqmlobjectcreator.cpp	219	0x659c6cc3	
49	QQmlComponentPrivate::beginCreate	qqmlcomponent.cpp	884	0x6592d7ff	
50	QQmlComponent::beginCreate	qqmlcomponent.cpp	834	0x6592d512	
51	Hmi::Core::KeyboardAbstract::generateKeyboard	KeyboardAbstract.cpp	474	0x10062ff3	
52	Hmi::Core::KeyboardAbstract::handleKeysChanged	KeyboardAbstract.cpp	302	0x100627df	
53	Hmi::Core::KeyboardAbstract::qt_static_metacall	KeyboardAbstract.moc.1.cpp	150	0x100aaba0	
54	QMetaObject::activate	qobject.cpp	3680	0x5a29b66c	
55	QMetaObject::activate	qobject.cpp	3546	0x5a29b081	
56	Hmi::Core::KeyboardModel::keysChanged	KeyboardModel.moc.1.cpp	285	0x100ac7ea	
57	Hmi::Core::KeyboardModel::setLevel	KeyboardModel.cpp	277	0x1006bcbb	
58	Hmi::Core::KeyboardModel::qt_metacall	KeyboardModel.moc.1.cpp	260	0x100ac70c	
59	QMetaObject::metacall	qmetaobject.cpp	309	0x5a2542a0	
60	QQmlPropertyPrivate::write	qqmlproperty.cpp	1449	0x659282a2	
61	QQmlPropertyPrivate::writeValueProperty	qqmlproperty.cpp	1246	0x659274ce	
62	QQmlPropertyPrivate::writeValueProperty	qqmlproperty.cpp	1212	0x65927390	
63	QQmlPropertyPrivate::write	qqmlproperty.cpp	1709	0x65929582	
64	QQmlProperty::write	qqmlproperty.cpp	1631	0x659293e9	
65	QQmlBind::eval	qqmlbind.cpp	307	0x65a19fa4	
66	QQmlBind::setObject	qqmlbind.cpp	209	0x65a19c36	
67	QQmlBind::qt_metacall	moc_qqmlbind_p.cpp	118	0x65a5a2a5	
68	QMetaObject::metacall	qmetaobject.cpp	309	0x5a2542a0	
69	QQmlPropertyPrivate::write	qqmlproperty.cpp	1317	0x659278f3	
70	QQmlPropertyPrivate::writeValueProperty	qqmlproperty.cpp	1246	0x659274ce	
71	QQmlPropertyPrivate::writeBinding	qqmlproperty.cpp	1572	0x6592904a	
72	QQmlBinding::update	qqmlbinding.cpp	266	0x659bb660	
73	QQmlBinding::update	qqmlbinding_p.h	105	0x6578906b	
74	QQmlBinding::expressionChanged	qqmlbinding.cpp	328	0x659bba3c	
75	QQmlJavaScriptExpressionGuard_callback	qqmljavascriptexpression.cpp	371	0x659b0c3e	
76	QQmlNotifier::emitNotify	qqmlnotifier.cpp	81	0x6598b0bc	
77	QQmlData::signalEmitted	qqmlengine.cpp	721	0x6590a5cc	
78	QMetaObject::activate	qobject.cpp	3567	0x5a29b13f	
79	QMetaObject::activate	qobject.cpp	3546	0x5a29b081	
80	Hmi::Core::KeyboardAbstract::modelChanged	KeyboardAbstract.moc.1.cpp	333	0x100ab2ca	
81	Hmi::Core::KeyboardAbstract::setModel	KeyboardAbstract.cpp	224	0x10062659	
82	Hmi::Core::KeyboardAbstract::setGroupName	KeyboardAbstract.cpp	261	0x1006271a	
83	Hmi::Core::KeyboardAbstract::qt_metacall	KeyboardAbstract.moc.1.cpp	284	0x100ab116	
84	QQmlVMEMetaObject::metaCall	qqmlvmemetaobject.cpp	981	0x65903fec	
85	QAbstractDynamicMetaObject::metaCall	qobject_p.h	428	0x59f6cd90	
86	QMetaObject::metacall	qmetaobject.cpp	306	0x5a254283	
87	QQmlPropertyPrivate::writeBinding	qqmlproperty.cpp	1500	0x6592893e	
88	QQmlBinding::update	qqmlbinding.cpp	266	0x659bb660	
89	QQmlBinding::update	qqmlbinding_p.h	105	0x6578906b	
90	QQmlBinding::expressionChanged	qqmlbinding.cpp	328	0x659bba3c	
91	QQmlJavaScriptExpressionGuard_callback	qqmljavascriptexpression.cpp	371	0x659b0c3e	
92	QQmlNotifier::emitNotify	qqmlnotifier.cpp	81	0x6598b0bc	
93	QQmlNotifier::emitNotify	qqmlnotifier.cpp	76	0x6598b054	
94	QQmlNotifier::emitNotify	qqmlnotifier.cpp	76	0x6598b054	
95	QQmlNotifier::emitNotify	qqmlnotifier.cpp	76	0x6598b054	
96	QQmlNotifier::emitNotify	qqmlnotifier.cpp	76	0x6598b054	
97	QQmlNotifier::emitNotify	qqmlnotifier.cpp	76	0x6598b054	
98	QQmlNotifier::emitNotify	qqmlnotifier.cpp	76	0x6598b054	
99	QQmlNotifier::emitNotify	qqmlnotifier.cpp	76	0x6598b054	
100	QQmlNotifier::emitNotify	qqmlnotifier.cpp	76	0x6598b054	
101	QQmlNotifier::emitNotify	qqmlnotifier.cpp	76	0x6598b054	
102	QQmlNotifier::emitNotify	qqmlnotifier.cpp	76	0x6598b054	
103	QQmlNotifier::emitNotify	qqmlnotifier.cpp	76	0x6598b054	
104	QQmlNotifier::emitNotify	qqmlnotifier.cpp	76	0x6598b054	
105	QQmlNotifier::emitNotify	qqmlnotifier.cpp	76	0x6598b054	
106	QQmlNotifier::emitNotify	qqmlnotifier.cpp	76	0x6598b054	
107	QQmlNotifier::emitNotify	qqmlnotifier.cpp	76	0x6598b054	
108	QQmlNotifier::emitNotify	qqmlnotifier.cpp	76	0x6598b054	
109	QQmlNotifier::emitNotify	qqmlnotifier.cpp	76	0x6598b054	
110	QQmlNotifier::emitNotify	qqmlnotifier.cpp	76	0x6598b054	
111	QQmlNotifier::emitNotify	qqmlnotifier.cpp	76	0x6598b054	
112	QQmlNotifier::emitNotify	qqmlnotifier.cpp	76	0x6598b054	
113	QQmlNotifier::emitNotify	qqmlnotifier.cpp	76	0x6598b054	
114	QQmlNotifier::emitNotify	qqmlnotifier.cpp	76	0x6598b054	
115	QQmlData::signalEmitted	qqmlengine.cpp	721	0x6590a5cc	
116	QMetaObject::activate	qobject.cpp	3567	0x5a29b13f	
117	QQmlVMEMetaObject::activate	qqmlvmemetaobject.cpp	1333	0x6590540c	
118	QQmlVMEVariantQObjectPtr::objectDestroyed	qqmlvmemetaobject.cpp	88	0x659075ef	
119	QQmlData::destroyed	qqmlengine.cpp	1659	0x6590c079	
120	QQmlData::destroyed	qqmlengine.cpp	633	0x6590a292	
121	QObject::~QObject	qobject.cpp	916	0x5a295631	
122	QQuickItem::~QQuickItem	qquickitem.cpp	2118	0xf437805	
123	QQuickFocusScope::~QQuickFocusScope	qquickfocusscope.cpp	69	0xf468be2	
124	QQmlPrivate::QQmlElement<QQuickFocusScope>::~QQmlElement<QQuickFocusScope>	qqmlprivate.h	106	0xf4a6cef	
125	QQmlPrivate::QQmlElement<QQuickFocusScope>::`scalar deleting destructor'	Qt5Quickd		0xf4967cf	
126	QObjectPrivate::deleteChildren	qobject.cpp	1935	0x5a296f29	
127	QObject::~QObject	qobject.cpp	1030	0x5a295a05	
128	QQuickItem::~QQuickItem	qquickitem.cpp	2118	0xf437805	
129	QQmlPrivate::QQmlElement<QQuickItem>::~QQmlElement<QQuickItem>	qqmlprivate.h	106	0xf4a6f5f	
130	QQmlPrivate::QQmlElement<QQuickItem>::`scalar deleting destructor'	Qt5Quickd		0xf49694f	
131	qDeleteInEventHandler	qobject.cpp	4342	0x5a29cf07	
132	QObject::event	qobject.cpp	1232	0x5a295d20	
133	QQuickItem::event	qquickitem.cpp	7112	0xf441e0b	
134	QCoreApplicationPrivate::notify_helper	qcoreapplication.cpp	1053	0x5a248cde	
135	QCoreApplication::notify	qcoreapplication.cpp	997	0x5a248a93	
136	QGuiApplication::notify	qguiapplication.cpp	1458	0x996d6a	
137	QCoreApplication::notifyInternal	qcoreapplication.cpp	935	0x5a2489e4	
138	QCoreApplication::sendEvent	qcoreapplication.h	237	0x5a24d379	
139	QCoreApplicationPrivate::sendPostedEvents	qcoreapplication.cpp	1539	0x5a249886	
140	QCoreApplication::sendPostedEvents	qcoreapplication.cpp	1397	0x5a249542	
141	QWindowsGuiEventDispatcher::sendPostedEvents	qwindowsguieventdispatcher.cpp	88	0x5746ce91	
142	qt_internal_proc	qeventdispatcher_win.cpp	423	0x5a2e1404	
143	InternalCallWinProc	USER32		0x772162fa	
144	UserCallWinProcCheckWow	USER32		0x77216d3a	
145	DispatchMessageWorker	USER32		0x772177c4	
146	DispatchMessageW	USER32		0x7721788a	
147	QEventDispatcherWin32::processEvents	qeventdispatcher_win.cpp	757	0x5a2e255b	
148	QWindowsGuiEventDispatcher::processEvents	qwindowsguieventdispatcher.cpp	80	0x5746cdbc	
149	QEventLoop::processEvents	qeventloop.cpp	137	0x5a2455fc	
150	QEventLoop::exec	qeventloop.cpp	212	0x5a245762	
151	QCoreApplication::exec	qcoreapplication.cpp	1188	0x5a248f42	
152	QGuiApplication::exec	qguiapplication.cpp	1437	0x996cb8	
153	main	main.cpp	135	0x4bc2e0	
154	WinMain	hmi_main		0x596702	
155	__tmainCRTStartup	crtexe.c	574	0x5952a8	
156	WinMainCRTStartup	crtexe.c	399	0x59500f	
157	BaseThreadInitThunk	kernel32		0x7594336a	
158	__RtlUserThreadStart	ntdll32		0x77c89f72	
159	_RtlUserThreadStart	ntdll32		0x77c89f45

      Attachments

        Issue Links

          resulted in

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-39828 Crash in QMLIncubator

          • P1: Critical - Urgent and Important, will STOP the release if matched with set FixVersion field. This includes regressions from the last version that are not edge cases; Data loss; Build issues; Flaky tests; All but the most unlikely crashes/lockups/hanging; Serious usability issues and embarrassing bugs & Bugs critical to a deliverable. This is the highest possible priority for requirements.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-39829 Crash in QQmlRefCount::release

          • P2: Important - Urgent, should be fixed, but will not stop the release.
          • Closed
          For Gerrit Dashboard: QTBUG-38635
          # Subject Branch Project Status CR V
          87700,6 Fix crash in QObjectWrapper 5.3 qt/qtdeclarative Status: MERGED +2 0

          Activity

            People

              shausman Simon Hausmann
              leonard777 Corey Pendleton
              Votes:
              6 Vote for this issue
              Watchers:
              10 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes