Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-69328

QML applications crashes in QV4 code

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P1: Critical
    • Resolution: Fixed
    • Affects Version/s: 5.11.0, 5.11.1
    • Fix Version/s: 5.11.2
    • Labels:
      None
    • Environment:
      armhf rootfs, Ubuntu 16.04, Qt 5.11.1
    • Platform/s:
      Linux/Wayland, Linux/Other display system

      Description

       

      After upgrading to Qt 5.11 from 5.10, kwin_wayland on Plasma Mobile started to crash with SIGBUS, following is backtrace,

      Thread 1 (Thread 0xf2888000 (LWP 10052)):
      #0  0xf5e933f4 in QV4::JIT::ByteCodeHandler::decode (this=this@entry=0xfffeb728, code=0xec3b0a29 "\a", len=<optimized out>) at jit/qv4jit.cpp:80
      #1  0xf5e946d0 in QV4::JIT::BaselineJIT::generate (this=0xfffeb728) at jit/qv4jit.cpp:101
      #2  0xf5e81412 in QV4::Moth::VME::exec (fo=0x2a50f0, thisObject=0xea8635b8, argv=0xea863590, argc=0) at jsruntime/qv4vme_moth.cpp:564
      #3  0xf5e8b0ae in QV4::FunctionObject::call (argc=0, argv=0xea863510, thisObject=<optimized out>, this=<optimized out>) at jsruntime/qv4functionobject_p.h:163
      #4  QV4::Runtime::method_callName (engine=0x2a50f0, nameIndex=338, argv=0xea863510, argc=0) at jsruntime/qv4runtime.cpp:1030
      #5  0xf5e81f68 in QV4::Moth::VME::exec (fo=0x2a50f0, thisObject=0x0, argv=0xea863510, argc=-331677954) at jsruntime/qv4vme_moth.cpp:827
      #6  0xf5f04f68 in QV4::Moth::VME::exec (context=<optimized out>, argc=<optimized out>, argv=0xea863510, thisObject=0xea863500, v4Function=0x2d89f8) at ../../include/QtQml/5.11.1/QtQml/private/../../../../../src/qml/jsruntime/qv4vme_moth_p.h:72
      #7  QV4::Function::call (context=<optimized out>, argc=<optimized out>, argv=0xea863510, thisObject=0xea863500, this=0x2d89f8) at ../../include/QtQml/5.11.1/QtQml/private/../../../../../src/qml/jsruntime/qv4function_p.h:72
      #8  QQmlJavaScriptExpression::evaluate (this=this@entry=0x2fbe58, callData=callData@entry=0xea8634e8, isUndefined=isUndefined@entry=0x0) at qml/qqmljavascriptexpression.cpp:217
      #9  0xf5eb879e in QQmlBoundSignalExpression::evaluate (this=this@entry=0x2fbe58, a=a@entry=0x0) at qml/qqmlboundsignal.cpp:237
      #10 0xf5eb9876 in QQmlBoundSignal_callback (e=0x2fc6e8, a=0x0) at qml/qqmlboundsignal.cpp:370
      #11 0xf5ee9d8c in QQmlNotifier::emitNotify (endpoint=<optimized out>, a=a@entry=0x0) at qml/qqmlnotifier.cpp:106
      #12 0xf5ea4214 in QQmlData::signalEmitted (object=0x2dc4d8, index=34, a=0x0) at qml/qqmlengine.cpp:861
      #13 0xf6d52d06 in QMetaObject::activate (sender=0x2dc4d8, signalOffset=<optimized out>, local_signal_index=<optimized out>, argv=argv@entry=0x0) at kernel/qobject.cpp:3649
      #14 0xf5ea0032 in QQmlVMEMetaObject::activate (this=this@entry=0x2dc610, object=<optimized out>, index=<optimized out>, args=args@entry=0x0) at qml/qqmlvmemetaobject.cpp:1246
      #15 0xf5ea1a56 in QQmlVMEMetaObject::writeVarProperty (this=0x2dc610, id=4, value=...) at qml/qqmlvmemetaobject.cpp:1063
      #16 0xf5ea1b28 in QQmlVMEMetaObject::setVMEProperty (this=<optimized out>, index=<optimized out>, v=...) at qml/qqmlvmemetaobject.cpp:1166
      #17 0xf5e77ca2 in QV4::QObjectWrapper::setProperty (engine=engine@entry=0x2a50f0, object=object@entry=0x2dc4d8, property=0xec3667d8, value=...) at jsruntime/qv4qobjectwrapper.cpp:540
      #18 0xf5e7861e in QV4::QObjectWrapper::setQmlProperty (engine=engine@entry=0x2a50f0, qmlContext=qmlContext@entry=0x2dc1f0, object=object@entry=0x2dc4d8, name=name@entry=0xea8634c0, revisionMode=revisionMode@entry=QV4::QObjectWrapper::CheckRevision, value=...) at jsruntime/qv4qobjectwrapper.cpp:429
      #19 0xf5e36a82 in QV4::QQmlContextWrapper::put (m=0xea8634c8, name=0xea8634c0, value=...) at jsruntime/qv4qmlcontext.cpp:273
      #20 0xf5e09fb4 in QV4::Object::put (v=..., name=0xea8634c0, this=<optimized out>) at jsruntime/qv4object_p.h:370
      #21 QV4::ExecutionContext::setProperty (this=<optimized out>, name=0xea8634c0, value=...) at jsruntime/qv4context.cpp:252
      #22 0xf5e88e84 in QV4::Runtime::method_storeNameSloppy (engine=0x2a50f0, nameIndex=<optimized out>, value=...) at jsruntime/qv4runtime.cpp:704
      #23 0xf5e817a2 in QV4::Moth::VME::exec (fo=0x2a50f0, thisObject=0x0, argv=0xea8633d8, argc=-331671655) at jsruntime/qv4vme_moth.cpp:686
      #24 0xf5e8b0ae in QV4::FunctionObject::call (argc=0, argv=0xea863358, thisObject=<optimized out>, this=<optimized out>) at jsruntime/qv4functionobject_p.h:163
      #25 QV4::Runtime::method_callName (engine=0x2a50f0, nameIndex=342, argv=0xea863358, argc=0) at jsruntime/qv4runtime.cpp:1030
      #26 0xf5e81f68 in QV4::Moth::VME::exec (fo=0x2a50f0, thisObject=0x0, argv=0xea863358, argc=-331677370) at jsruntime/qv4vme_moth.cpp:827
      #27 0xf5f04f68 in QV4::Moth::VME::exec (context=<optimized out>, argc=<optimized out>, argv=0xea863358, thisObject=0xea863348, v4Function=0x2d8ab8) at ../../include/QtQml/5.11.1/QtQml/private/../../../../../src/qml/jsruntime/qv4vme_moth_p.h:72
      #28 QV4::Function::call (context=<optimized out>, argc=<optimized out>, argv=0xea863358, thisObject=0xea863348, this=0x2d8ab8) at ../../include/QtQml/5.11.1/QtQml/private/../../../../../src/q  /jsruntime/qv4function_p.h:72
      #29 QQmlJavaScriptExpression::evaluate (this=this@entry=0x2fcb58, callData=callData@entry=0xea863330, isUndefined=isUndefined@entry=0x0) at qml/qqmljavascriptexpression.cpp:217
      #30 0xf5eb879e in QQmlBoundSignalExpression::evaluate (this=this@entry=0x2fcb58, a=a@entry=0x0) at qml/qqmlboundsignal.cpp:237
      #31 0xf5eb9876 in QQmlBoundSignal_callback (e=0x2fb9e8, a=0x0) at qml/qqmlboundsignal.cpp:370
      #32 0xf5ee9d8c in QQmlNotifier::emitNotify (endpoint=<optimized out>, a=a@entry=0x0) at qml/qqmlnotifier.cpp:106
      #33 0xf5ea4214 in QQmlData::signalEmitted (object=0x2dc4d8, index=44, a=0x0) at qml/qqmlengine.cpp:861
      #34 0xf6d52d06 in QMetaObject::activate (sender=0x2dc4d8, signalOffset=<optimized out>, local_signal_index=<optimized out>, argv=argv@entry=0x0) at kernel/qobject.cpp:3649
      #35 0xf5ea0032 in QQmlVMEMetaObject::activate (this=this@entry=0x2dc610, object=<optimized out>, index=<optimized out>, args=args@entry=0x0) at qml/qqmlvmemetaobject.cpp:1246
      #36 0xf5ea1280 in QQmlVMEMetaObject::metaCall (this=0x2dc610, o=<optimized out>, c=<optimized out>, _id=<optimized out>, a=0xfffee774) at qml/qqmlvmemetaobject.cpp:839
      #37 0xf6d39cee in QMetaObject::metacall (object=0x2dc4d8, cl=cl@entry=QMetaObject::WriteProperty, idx=<optimized out>, argv=<optimized out>) at kernel/qmetaobject.cpp:299
      #38 0xf5f0baaa in QQmlPropertyData::writeProperty (flags=..., value=0xfffee750, target=<optimized out>, this=<optimized out>) at ../../include/QtQml/5.11.1/QtQml/private/../../../../../src/qml/qml/qqmlpropertycache_p.h:350
      #39 GenericBinding<10>::doStore<QString> (flags=..., pd=<optimized out>, value=..., this=0x2dcb70) at qml/qqmlbinding.cpp:334
      #40 GenericBinding<10>::write (this=0x2dcb70, result=..., isUndefined=<optimized out>, flags=...) at qml/qqmlbinding.cpp:315
      #41 0xf5f0bf84 in QQmlNonbindingBinding::doUpdate (this=0x2dcb70, watcher=..., flags=..., scope=...) at qml/qqmlbinding.cpp:249
      #42 0xf5f0961a in QQmlBinding::update (this=0x2dcb70, flags=...) at qml/qqmlbinding.cpp:185
      #43 0xf5f1274c in QQmlObjectCreator::finalize (this=0x2677c8, interrupt=...) at qml/qqmlobjectcreator.cpp:1346
      #44 0xf5eb1cc6 in QQmlComponentPrivate::complete (enginePriv=0x2a2490, state=0x2cc658) at qml/qqmlcomponent.cpp:924
      #45 0xf5eb1d7c in QQmlComponentPrivate::completeCreate (this=0x2cc5f8) at qml/qqmlcomponent.cpp:959
      #46 0xf5eb1c14 in QQmlComponent::create (this=0x2cc0b0, context=0x2c9908) at qml/qqmlcomponent.cpp:779
      #47 0xf61c092a in QQuickView::continueExecute (this=this@entry=0x288150) at items/qquickview.cpp:481
      #48 0xf61c0c14 in QQuickViewPrivate::execute (this=0x295690) at items/qquickview.cpp:107
      #49 0xf61c0d22 in QQuickView::setSource (this=this@entry=0x288150, url=...) at items/qquickview.cpp:246
      #50 0xf77179bc in KWin::VirtualKeyboard::init (this=0x7fa08) at /workspace/build/virtualkeyboard.cpp:75
      

      We were also able to reproduce similar crasher with Kirigami gallery application, which points crashes when evaluating following line (verified by printing expressionIdentifier while in QQmlJavaScriptExpression::evaluate).

      implicitWidth: Math.max(background ? background.implicitWidth : 0, contentWidth + leftPadding + rightPadding)

      Backtrace for it is,

      #0 0xf73a93f4 in QV4::JIT::ByteCodeHandler::decode (this=this@entry=0xfffebb88, code=0xf240494b "\v\005\n\005", len=<optimized out>) at jit/qv4jit.cpp:80
      #1  0xf73aa6d0 in QV4::JIT::BaselineJIT::generate (this=0xfffebb88) at jit/qv4jit.cpp:101
      #2  0xf7397412 in QV4::Moth::VME::exec (fo=0x511b8, thisObject=0xf1ec1388, argv=0xf1ec1360, argc=0) at jsruntime/qv4vme_moth.cpp:564
      #3  0xf741af68 in QV4::Moth::VME::exec (context=<optimized out>, argc=<optimized out>, argv=0xf1ec1360, thisObject=0xf1ec1350, v4Function=0xabf80)
          at ../../include/QtQml/5.11.1/QtQml/private/../../../../../src/qml/jsruntime/qv4vme_moth_p.h:72
      #4  QV4::Function::call (context=<optimized out>, argc=<optimized out>, argv=0xf1ec1360, thisObject=0xf1ec1350, this=0xabf80)
          at ../../include/QtQml/5.11.1/QtQml/private/../../../../../src/qml/jsruntime/qv4function_p.h:72
      #5  QQmlJavaScriptExpression::evaluate (this=this@entry=0xaec98, callData=callData@entry=0xf1ec1338, isUndefined=isUndefined@entry=0xfffebc83) at qml/qqmljavascriptexpression.cpp:217
      #6  0xf741e6e0 in QQmlBinding::evaluate (this=this@entry=0xaec98, isUndefined=isUndefined@entry=0xfffebc83) at qml/qqmlbinding.cpp:209
      #7  0xf7421f46 in QQmlNonbindingBinding::doUpdate (this=0xaec98, watcher=..., flags=..., scope=...) at qml/qqmlbinding.cpp:245
      #8  0xf741f61a in QQmlBinding::update (this=0xaec98, flags=..., flags@entry=...) at qml/qqmlbinding.cpp:185
      #9  0xf741fbb4 in QQmlBinding::refresh (this=<optimized out>) at qml/qqmlbinding.cpp:532
      #10 0xf73ffd8c in QQmlNotifier::emitNotify (endpoint=<optimized out>, a=a@entry=0x0) at qml/qqmlnotifier.cpp:106
      #11 0xf73ba214 in QQmlData::signalEmitted (object=0xaca48, index=14, a=0x0) at qml/qqmlengine.cpp:861
      #12 0xf68f9d06 in QMetaObject::activate (sender=0xaca48, signalOffset=<optimized out>, local_signal_index=<optimized out>, argv=0x0) at kernel/qobject.cpp:3649
      

      This backtrace looks similar to QTBUG-66773 but this one is for armhf platform and not x86

        Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

            • Assignee:
              shausman Simon Hausmann
              Reporter:
              bshah Bhushan Shah
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Gerrit Reviews

                There are no open Gerrit changes