Details
-
Bug
-
Resolution: Done
-
P1: Critical
-
5.11.0, 5.11.1
-
None
-
armhf rootfs, Ubuntu 16.04, Qt 5.11.1
-
Linux/Wayland,
Description
After upgrading to Qt 5.11 from 5.10, kwin_wayland on Plasma Mobile started to crash with SIGBUS, following is backtrace,
Thread 1 (Thread 0xf2888000 (LWP 10052)): #0 0xf5e933f4 in QV4::JIT::ByteCodeHandler::decode (this=this@entry=0xfffeb728, code=0xec3b0a29 "\a", len=<optimized out>) at jit/qv4jit.cpp:80 #1 0xf5e946d0 in QV4::JIT::BaselineJIT::generate (this=0xfffeb728) at jit/qv4jit.cpp:101 #2 0xf5e81412 in QV4::Moth::VME::exec (fo=0x2a50f0, thisObject=0xea8635b8, argv=0xea863590, argc=0) at jsruntime/qv4vme_moth.cpp:564 #3 0xf5e8b0ae in QV4::FunctionObject::call (argc=0, argv=0xea863510, thisObject=<optimized out>, this=<optimized out>) at jsruntime/qv4functionobject_p.h:163 #4 QV4::Runtime::method_callName (engine=0x2a50f0, nameIndex=338, argv=0xea863510, argc=0) at jsruntime/qv4runtime.cpp:1030 #5 0xf5e81f68 in QV4::Moth::VME::exec (fo=0x2a50f0, thisObject=0x0, argv=0xea863510, argc=-331677954) at jsruntime/qv4vme_moth.cpp:827 #6 0xf5f04f68 in QV4::Moth::VME::exec (context=<optimized out>, argc=<optimized out>, argv=0xea863510, thisObject=0xea863500, v4Function=0x2d89f8) at ../../include/QtQml/5.11.1/QtQml/private/../../../../../src/qml/jsruntime/qv4vme_moth_p.h:72 #7 QV4::Function::call (context=<optimized out>, argc=<optimized out>, argv=0xea863510, thisObject=0xea863500, this=0x2d89f8) at ../../include/QtQml/5.11.1/QtQml/private/../../../../../src/qml/jsruntime/qv4function_p.h:72 #8 QQmlJavaScriptExpression::evaluate (this=this@entry=0x2fbe58, callData=callData@entry=0xea8634e8, isUndefined=isUndefined@entry=0x0) at qml/qqmljavascriptexpression.cpp:217 #9 0xf5eb879e in QQmlBoundSignalExpression::evaluate (this=this@entry=0x2fbe58, a=a@entry=0x0) at qml/qqmlboundsignal.cpp:237 #10 0xf5eb9876 in QQmlBoundSignal_callback (e=0x2fc6e8, a=0x0) at qml/qqmlboundsignal.cpp:370 #11 0xf5ee9d8c in QQmlNotifier::emitNotify (endpoint=<optimized out>, a=a@entry=0x0) at qml/qqmlnotifier.cpp:106 #12 0xf5ea4214 in QQmlData::signalEmitted (object=0x2dc4d8, index=34, a=0x0) at qml/qqmlengine.cpp:861 #13 0xf6d52d06 in QMetaObject::activate (sender=0x2dc4d8, signalOffset=<optimized out>, local_signal_index=<optimized out>, argv=argv@entry=0x0) at kernel/qobject.cpp:3649 #14 0xf5ea0032 in QQmlVMEMetaObject::activate (this=this@entry=0x2dc610, object=<optimized out>, index=<optimized out>, args=args@entry=0x0) at qml/qqmlvmemetaobject.cpp:1246 #15 0xf5ea1a56 in QQmlVMEMetaObject::writeVarProperty (this=0x2dc610, id=4, value=...) at qml/qqmlvmemetaobject.cpp:1063 #16 0xf5ea1b28 in QQmlVMEMetaObject::setVMEProperty (this=<optimized out>, index=<optimized out>, v=...) at qml/qqmlvmemetaobject.cpp:1166 #17 0xf5e77ca2 in QV4::QObjectWrapper::setProperty (engine=engine@entry=0x2a50f0, object=object@entry=0x2dc4d8, property=0xec3667d8, value=...) at jsruntime/qv4qobjectwrapper.cpp:540 #18 0xf5e7861e in QV4::QObjectWrapper::setQmlProperty (engine=engine@entry=0x2a50f0, qmlContext=qmlContext@entry=0x2dc1f0, object=object@entry=0x2dc4d8, name=name@entry=0xea8634c0, revisionMode=revisionMode@entry=QV4::QObjectWrapper::CheckRevision, value=...) at jsruntime/qv4qobjectwrapper.cpp:429 #19 0xf5e36a82 in QV4::QQmlContextWrapper::put (m=0xea8634c8, name=0xea8634c0, value=...) at jsruntime/qv4qmlcontext.cpp:273 #20 0xf5e09fb4 in QV4::Object::put (v=..., name=0xea8634c0, this=<optimized out>) at jsruntime/qv4object_p.h:370 #21 QV4::ExecutionContext::setProperty (this=<optimized out>, name=0xea8634c0, value=...) at jsruntime/qv4context.cpp:252 #22 0xf5e88e84 in QV4::Runtime::method_storeNameSloppy (engine=0x2a50f0, nameIndex=<optimized out>, value=...) at jsruntime/qv4runtime.cpp:704 #23 0xf5e817a2 in QV4::Moth::VME::exec (fo=0x2a50f0, thisObject=0x0, argv=0xea8633d8, argc=-331671655) at jsruntime/qv4vme_moth.cpp:686 #24 0xf5e8b0ae in QV4::FunctionObject::call (argc=0, argv=0xea863358, thisObject=<optimized out>, this=<optimized out>) at jsruntime/qv4functionobject_p.h:163 #25 QV4::Runtime::method_callName (engine=0x2a50f0, nameIndex=342, argv=0xea863358, argc=0) at jsruntime/qv4runtime.cpp:1030 #26 0xf5e81f68 in QV4::Moth::VME::exec (fo=0x2a50f0, thisObject=0x0, argv=0xea863358, argc=-331677370) at jsruntime/qv4vme_moth.cpp:827 #27 0xf5f04f68 in QV4::Moth::VME::exec (context=<optimized out>, argc=<optimized out>, argv=0xea863358, thisObject=0xea863348, v4Function=0x2d8ab8) at ../../include/QtQml/5.11.1/QtQml/private/../../../../../src/qml/jsruntime/qv4vme_moth_p.h:72 #28 QV4::Function::call (context=<optimized out>, argc=<optimized out>, argv=0xea863358, thisObject=0xea863348, this=0x2d8ab8) at ../../include/QtQml/5.11.1/QtQml/private/../../../../../src/q /jsruntime/qv4function_p.h:72 #29 QQmlJavaScriptExpression::evaluate (this=this@entry=0x2fcb58, callData=callData@entry=0xea863330, isUndefined=isUndefined@entry=0x0) at qml/qqmljavascriptexpression.cpp:217 #30 0xf5eb879e in QQmlBoundSignalExpression::evaluate (this=this@entry=0x2fcb58, a=a@entry=0x0) at qml/qqmlboundsignal.cpp:237 #31 0xf5eb9876 in QQmlBoundSignal_callback (e=0x2fb9e8, a=0x0) at qml/qqmlboundsignal.cpp:370 #32 0xf5ee9d8c in QQmlNotifier::emitNotify (endpoint=<optimized out>, a=a@entry=0x0) at qml/qqmlnotifier.cpp:106 #33 0xf5ea4214 in QQmlData::signalEmitted (object=0x2dc4d8, index=44, a=0x0) at qml/qqmlengine.cpp:861 #34 0xf6d52d06 in QMetaObject::activate (sender=0x2dc4d8, signalOffset=<optimized out>, local_signal_index=<optimized out>, argv=argv@entry=0x0) at kernel/qobject.cpp:3649 #35 0xf5ea0032 in QQmlVMEMetaObject::activate (this=this@entry=0x2dc610, object=<optimized out>, index=<optimized out>, args=args@entry=0x0) at qml/qqmlvmemetaobject.cpp:1246 #36 0xf5ea1280 in QQmlVMEMetaObject::metaCall (this=0x2dc610, o=<optimized out>, c=<optimized out>, _id=<optimized out>, a=0xfffee774) at qml/qqmlvmemetaobject.cpp:839 #37 0xf6d39cee in QMetaObject::metacall (object=0x2dc4d8, cl=cl@entry=QMetaObject::WriteProperty, idx=<optimized out>, argv=<optimized out>) at kernel/qmetaobject.cpp:299 #38 0xf5f0baaa in QQmlPropertyData::writeProperty (flags=..., value=0xfffee750, target=<optimized out>, this=<optimized out>) at ../../include/QtQml/5.11.1/QtQml/private/../../../../../src/qml/qml/qqmlpropertycache_p.h:350 #39 GenericBinding<10>::doStore<QString> (flags=..., pd=<optimized out>, value=..., this=0x2dcb70) at qml/qqmlbinding.cpp:334 #40 GenericBinding<10>::write (this=0x2dcb70, result=..., isUndefined=<optimized out>, flags=...) at qml/qqmlbinding.cpp:315 #41 0xf5f0bf84 in QQmlNonbindingBinding::doUpdate (this=0x2dcb70, watcher=..., flags=..., scope=...) at qml/qqmlbinding.cpp:249 #42 0xf5f0961a in QQmlBinding::update (this=0x2dcb70, flags=...) at qml/qqmlbinding.cpp:185 #43 0xf5f1274c in QQmlObjectCreator::finalize (this=0x2677c8, interrupt=...) at qml/qqmlobjectcreator.cpp:1346 #44 0xf5eb1cc6 in QQmlComponentPrivate::complete (enginePriv=0x2a2490, state=0x2cc658) at qml/qqmlcomponent.cpp:924 #45 0xf5eb1d7c in QQmlComponentPrivate::completeCreate (this=0x2cc5f8) at qml/qqmlcomponent.cpp:959 #46 0xf5eb1c14 in QQmlComponent::create (this=0x2cc0b0, context=0x2c9908) at qml/qqmlcomponent.cpp:779 #47 0xf61c092a in QQuickView::continueExecute (this=this@entry=0x288150) at items/qquickview.cpp:481 #48 0xf61c0c14 in QQuickViewPrivate::execute (this=0x295690) at items/qquickview.cpp:107 #49 0xf61c0d22 in QQuickView::setSource (this=this@entry=0x288150, url=...) at items/qquickview.cpp:246 #50 0xf77179bc in KWin::VirtualKeyboard::init (this=0x7fa08) at /workspace/build/virtualkeyboard.cpp:75
We were also able to reproduce similar crasher with Kirigami gallery application, which points crashes when evaluating following line (verified by printing expressionIdentifier while in QQmlJavaScriptExpression::evaluate).
implicitWidth: Math.max(background ? background.implicitWidth : 0, contentWidth + leftPadding + rightPadding)
Backtrace for it is,
#0 0xf73a93f4 in QV4::JIT::ByteCodeHandler::decode (this=this@entry=0xfffebb88, code=0xf240494b "\v\005\n\005", len=<optimized out>) at jit/qv4jit.cpp:80 #1 0xf73aa6d0 in QV4::JIT::BaselineJIT::generate (this=0xfffebb88) at jit/qv4jit.cpp:101 #2 0xf7397412 in QV4::Moth::VME::exec (fo=0x511b8, thisObject=0xf1ec1388, argv=0xf1ec1360, argc=0) at jsruntime/qv4vme_moth.cpp:564 #3 0xf741af68 in QV4::Moth::VME::exec (context=<optimized out>, argc=<optimized out>, argv=0xf1ec1360, thisObject=0xf1ec1350, v4Function=0xabf80) at ../../include/QtQml/5.11.1/QtQml/private/../../../../../src/qml/jsruntime/qv4vme_moth_p.h:72 #4 QV4::Function::call (context=<optimized out>, argc=<optimized out>, argv=0xf1ec1360, thisObject=0xf1ec1350, this=0xabf80) at ../../include/QtQml/5.11.1/QtQml/private/../../../../../src/qml/jsruntime/qv4function_p.h:72 #5 QQmlJavaScriptExpression::evaluate (this=this@entry=0xaec98, callData=callData@entry=0xf1ec1338, isUndefined=isUndefined@entry=0xfffebc83) at qml/qqmljavascriptexpression.cpp:217 #6 0xf741e6e0 in QQmlBinding::evaluate (this=this@entry=0xaec98, isUndefined=isUndefined@entry=0xfffebc83) at qml/qqmlbinding.cpp:209 #7 0xf7421f46 in QQmlNonbindingBinding::doUpdate (this=0xaec98, watcher=..., flags=..., scope=...) at qml/qqmlbinding.cpp:245 #8 0xf741f61a in QQmlBinding::update (this=0xaec98, flags=..., flags@entry=...) at qml/qqmlbinding.cpp:185 #9 0xf741fbb4 in QQmlBinding::refresh (this=<optimized out>) at qml/qqmlbinding.cpp:532 #10 0xf73ffd8c in QQmlNotifier::emitNotify (endpoint=<optimized out>, a=a@entry=0x0) at qml/qqmlnotifier.cpp:106 #11 0xf73ba214 in QQmlData::signalEmitted (object=0xaca48, index=14, a=0x0) at qml/qqmlengine.cpp:861 #12 0xf68f9d06 in QMetaObject::activate (sender=0xaca48, signalOffset=<optimized out>, local_signal_index=<optimized out>, argv=0x0) at kernel/qobject.cpp:3649
This backtrace looks similar to QTBUG-66773