Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-70729

heap-use-after-free when running qmlbench with Menu as delegate

    XMLWordPrintable

Details

    • d56c193eb4ceb640611d66f22e1f26aae91cd7d1 (qt/qtquickcontrols2/5.11)

    Description

      The benchmark:

      import QmlBench 1.0
      import QtQuick 2.10
      import QtQuick.Controls 2.3
      
      CreationBenchmark {
          id: root
          count: 1
          staticCount: 1
      
          Component {
              id: menuItemComponent
      
              MenuItem {
                  contentItem: Text {
                      text: parent.text
                      color: "blue"
                  }
                  background: Rectangle {
                      color: "#00ff00"
                  }
              }
          }
      
          delegate: Item {
              Menu {
                  id: menu
                  title: "Root Menu"
                  delegate: menuItemComponent
                  visible: true
      
                  Menu {
                      title: "Sub-menu 1"
                      delegate: menuItemComponent
      
                      Menu {
                          title: "Sub-sub-menu"
                          delegate: menuItemComponent
                      }
                  }
      
                  Menu {
                      title: "Sub-menu 2"
                  }
              }
          }
      }
      

      The crash info:

      11:09:46: Debugging starts
      ID:          
      OS:          Ubuntu 18.04.1 LTS
      QPA:         xcb
      GL_VENDOR:   Intel Open Source Technology Center
      GL_RENDERER: Mesa DRI Intel(R) Haswell Desktop 
      GL_VERSION:  3.0 Mesa 18.0.5
      running: 
      /home/mitch/dev/temp/quick/main.qml
          1191 frames
      =================================================================
      ==11120==ERROR: AddressSanitizer: heap-use-after-free on address 0x603000133240 at pc 0x7ffff64b112f bp 0x7fffffffb960 sp 0x7fffffffb950
      READ of size 8 at 0x603000133240 thread T0
          #0 0x7ffff64b112e in QQuickItemPrivate::itemChange(QQuickItem::ItemChange, QQuickItem::ItemChangeData const&) /home/mitch/dev/qt5.11/qtdeclarative/src/quick/items/qquickitem.cpp:6178
          #1 0x7ffff649c21a in QQuickItemPrivate::removeChild(QQuickItem*) /home/mitch/dev/qt5.11/qtdeclarative/src/quick/items/qquickitem.cpp:2991
          #2 0x7ffff649982b in QQuickItem::setParentItem(QQuickItem*) /home/mitch/dev/qt5.11/qtdeclarative/src/quick/items/qquickitem.cpp:2730
          #3 0x7ffff649589a in QQuickItem::~QQuickItem() /home/mitch/dev/qt5.11/qtdeclarative/src/quick/items/qquickitem.cpp:2388
          #4 0x7ffff65eebbc in QQmlPrivate::QQmlElement<QQuickItem>::~QQmlElement() (/home/mitch/dev/qt5.11-debug/qtbase/lib/libQt5Quick.so.5+0x759bbc)
          #5 0x7ffff65eebe1 in QQmlPrivate::QQmlElement<QQuickItem>::~QQmlElement() (/home/mitch/dev/qt5.11-debug/qtbase/lib/libQt5Quick.so.5+0x759be1)
          #6 0x7ffff672b4e3 in QQuickViewPrivate::execute() /home/mitch/dev/qt5.11/qtdeclarative/src/quick/items/qquickview.cpp:96
          #7 0x7ffff672bf09 in QQuickView::setSource(QUrl const&) /home/mitch/dev/qt5.11/qtdeclarative/src/quick/items/qquickview.cpp:242
          #8 0x55555558d427 in BenchmarkRunner::start() ../../qmlbench/src/benchmarkrunner.cpp:104
          #9 0x5555555b0809 in BenchmarkRunner::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/mitch/dev/qmlbench-qt5.11-debug/src/moc_benchmarkrunner.cpp:116
          #10 0x7ffff363a2cb in QMetaCallEvent::placeMetaCall(QObject*) /home/mitch/dev/qt5.11/qtbase/src/corelib/kernel/qobject.cpp:506
          #11 0x7ffff3649a51 in QObject::event(QEvent*) /home/mitch/dev/qt5.11/qtbase/src/corelib/kernel/qobject.cpp:1251
          #12 0x7ffff359ac78 in QCoreApplicationPrivate::notify_helper(QObject*, QEvent*) /home/mitch/dev/qt5.11/qtbase/src/corelib/kernel/qcoreapplication.cpp:1197
          #13 0x7ffff359aec7 in doNotify /home/mitch/dev/qt5.11/qtbase/src/corelib/kernel/qcoreapplication.cpp:1138
          #14 0x7ffff359b396 in QCoreApplication::notify(QObject*, QEvent*) /home/mitch/dev/qt5.11/qtbase/src/corelib/kernel/qcoreapplication.cpp:1124
          #15 0x7ffff4f90b3b in QGuiApplication::notify(QObject*, QEvent*) /home/mitch/dev/qt5.11/qtbase/src/gui/kernel/qguiapplication.cpp:1770
          #16 0x7ffff359b136 in QCoreApplication::notifyInternal2(QObject*, QEvent*) /home/mitch/dev/qt5.11/qtbase/src/corelib/kernel/qcoreapplication.cpp:1048
          #17 0x7ffff35acd0e in QCoreApplication::sendEvent(QObject*, QEvent*) ../../include/QtCore/../../../../qt5.11/qtbase/src/corelib/kernel/qcoreapplication.h:234
          #18 0x7ffff35acd0e in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) /home/mitch/dev/qt5.11/qtbase/src/corelib/kernel/qcoreapplication.cpp:1745
          #19 0x7ffff35aeb16 in QCoreApplication::sendPostedEvents(QObject*, int) /home/mitch/dev/qt5.11/qtbase/src/corelib/kernel/qcoreapplication.cpp:1599
          #20 0x7ffff36ea043 in postEventSourceDispatch /home/mitch/dev/qt5.11/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:276
          #21 0x7fffefe00286 in g_main_context_dispatch (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4c286)
          #22 0x7fffefe004bf  (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4c4bf)
          #23 0x7fffefe0054b in g_main_context_iteration (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4c54b)
          #24 0x7ffff36e85de in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) /home/mitch/dev/qt5.11/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:423
          #25 0x7fffe99f86a4 in QPAEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) /home/mitch/dev/qt5.11/qtbase/src/platformsupport/eventdispatchers/qeventdispatcher_glib.cpp:69
          #26 0x7ffff3593cdb in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) /home/mitch/dev/qt5.11/qtbase/src/corelib/kernel/qeventloop.cpp:136
          #27 0x7ffff35950f0 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) /home/mitch/dev/qt5.11/qtbase/src/corelib/kernel/qeventloop.cpp:214
          #28 0x7ffff35b35aa in QCoreApplication::exec() /home/mitch/dev/qt5.11/qtbase/src/corelib/kernel/qcoreapplication.cpp:1336
          #29 0x7ffff4f7b081 in QGuiApplication::exec() /home/mitch/dev/qt5.11/qtbase/src/gui/kernel/qguiapplication.cpp:1761
          #30 0x555555577043 in runSubProcess(QGuiApplication&) ../../qmlbench/src/main.cpp:382
          #31 0x555555577717 in main ../../qmlbench/src/main.cpp:432
          #32 0x7ffff2101b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
          #33 0x555555564da9 in _start (/home/mitch/dev/qmlbench-qt5.11-debug/src/qmlbench+0x10da9)
      
      0x603000133240 is located 0 bytes inside of 32-byte region [0x603000133240,0x603000133260)
      freed by thread T0 here:
          #0 0x7ffff6ef87b8 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde7b8)
          #1 0x7ffff307eac2 in QListData::dispose(QListData::Data*) /home/mitch/dev/qt5.11/qtbase/src/corelib/tools/qlist.cpp:163
          #2 0x7ffff355c995 in QList<QObject*>::dealloc(QListData::Data*) ../../include/QtCore/../../../../qt5.11/qtbase/src/corelib/tools/qlist.h:867
          #3 0x7ffff355ca13 in QList<QObject*>::~QList() ../../include/QtCore/../../../../qt5.11/qtbase/src/corelib/tools/qlist.h:827
          #4 0x7ffff3664767 in QList<QObject*>::operator=(QList<QObject*>&&) ../../include/QtCore/../../../../qt5.11/qtbase/src/corelib/tools/qlist.h:159
          #5 0x7ffff3664767 in QList<QObject*>::clear() ../../include/QtCore/../../../../qt5.11/qtbase/src/corelib/tools/qlist.h:874
          #6 0x7ffff365c498 in QObjectPrivate::deleteChildren() /home/mitch/dev/qt5.11/qtbase/src/corelib/kernel/qobject.cpp:1999
          #7 0x7ffff3660ebf in QObject::~QObject() /home/mitch/dev/qt5.11/qtbase/src/corelib/kernel/qobject.cpp:1025
          #8 0x7ffff64962c3 in QQuickItem::~QQuickItem() /home/mitch/dev/qt5.11/qtdeclarative/src/quick/items/qquickitem.cpp:2381
          #9 0x7fffd4845dc2 in QQuickControl::~QQuickControl() /home/mitch/dev/qt5.11-debug/qtbase/include/QtQuickTemplates2/5.11.2/QtQuickTemplates2/private/../../../../../../../qt5.11/qtquickcontrols2/src/quicktemplates2/qquickcontrol_p.h:60
          #10 0x7fffd4845dc2 in QQuickScrollIndicator::~QQuickScrollIndicator() /home/mitch/dev/qt5.11-debug/qtbase/include/QtQuickTemplates2/5.11.2/QtQuickTemplates2/private/../../../../../../../qt5.11/qtquickcontrols2/src/quicktemplates2/qquickscrollindicator_p.h:59
          #11 0x7fffd4845dc2 in QQmlPrivate::QQmlElement<QQuickScrollIndicator>::~QQmlElement() /home/mitch/dev/qt5.11-debug/qtbase/include/QtQml/../../../../qt5.11/qtdeclarative/src/qml/qml/qqmlprivate.h:103
          #12 0x7fffd4845dc2 in QQmlPrivate::QQmlElement<QQuickScrollIndicator>::~QQmlElement() /home/mitch/dev/qt5.11-debug/qtbase/include/QtQml/../../../../qt5.11/qtdeclarative/src/qml/qml/qqmlprivate.h:103
          #13 0x7ffff365c24a in QObjectPrivate::deleteChildren() /home/mitch/dev/qt5.11/qtbase/src/corelib/kernel/qobject.cpp:1997
          #14 0x7ffff3660ebf in QObject::~QObject() /home/mitch/dev/qt5.11/qtbase/src/corelib/kernel/qobject.cpp:1025
          #15 0x7fffd4c9f019 in QQuickScrollIndicatorAttached::~QQuickScrollIndicatorAttached() /home/mitch/dev/qt5.11/qtquickcontrols2/src/quicktemplates2/qquickscrollindicator.cpp:520
          #16 0x7fffd4c9f100 in QQuickScrollIndicatorAttached::~QQuickScrollIndicatorAttached() /home/mitch/dev/qt5.11/qtquickcontrols2/src/quicktemplates2/qquickscrollindicator.cpp:533
          #17 0x7ffff365c24a in QObjectPrivate::deleteChildren() /home/mitch/dev/qt5.11/qtbase/src/corelib/kernel/qobject.cpp:1997
          #18 0x7ffff3660ebf in QObject::~QObject() /home/mitch/dev/qt5.11/qtbase/src/corelib/kernel/qobject.cpp:1025
          #19 0x7ffff64962c3 in QQuickItem::~QQuickItem() /home/mitch/dev/qt5.11/qtdeclarative/src/quick/items/qquickitem.cpp:2381
          #20 0x7ffff6703f51 in QQuickFlickable::~QQuickFlickable() /home/mitch/dev/qt5.11/qtdeclarative/src/quick/items/qquickflickable.cpp:743
          #21 0x7ffff67cd491 in QQuickItemView::~QQuickItemView() /home/mitch/dev/qt5.11/qtdeclarative/src/quick/items/qquickitemview.cpp:264
          #22 0x7ffff68192d7 in QQuickListView::~QQuickListView() /home/mitch/dev/qt5.11/qtdeclarative/src/quick/items/qquicklistview.cpp:1893
          #23 0x7ffff65eeaf6 in QQmlPrivate::QQmlElement<QQuickListView>::~QQmlElement() (/home/mitch/dev/qt5.11-debug/qtbase/lib/libQt5Quick.so.5+0x759af6)
          #24 0x7ffff65eeb1b in QQmlPrivate::QQmlElement<QQuickListView>::~QQmlElement() (/home/mitch/dev/qt5.11-debug/qtbase/lib/libQt5Quick.so.5+0x759b1b)
          #25 0x7ffff365c24a in QObjectPrivate::deleteChildren() /home/mitch/dev/qt5.11/qtbase/src/corelib/kernel/qobject.cpp:1997
          #26 0x7ffff3660ebf in QObject::~QObject() /home/mitch/dev/qt5.11/qtbase/src/corelib/kernel/qobject.cpp:1025
          #27 0x7fffd4c7b88c in QQuickPopup::~QQuickPopup() /home/mitch/dev/qt5.11/qtquickcontrols2/src/quicktemplates2/qquickpopup.cpp:724
          #28 0x7fffd4848a06 in QQuickMenu::~QQuickMenu() /home/mitch/dev/qt5.11-debug/qtbase/include/QtQuickTemplates2/5.11.2/QtQuickTemplates2/private/../../../../../../../qt5.11/qtquickcontrols2/src/quicktemplates2/qquickmenu_p.h:63
          #29 0x7fffd4848a06 in QQmlPrivate::QQmlElement<QQuickMenu>::~QQmlElement() /home/mitch/dev/qt5.11-debug/qtbase/include/QtQml/../../../../qt5.11/qtdeclarative/src/qml/qml/qqmlprivate.h:103
          #30 0x7fffd4848a06 in QQmlPrivate::QQmlElement<QQuickMenu>::~QQmlElement() /home/mitch/dev/qt5.11-debug/qtbase/include/QtQml/../../../../qt5.11/qtdeclarative/src/qml/qml/qqmlprivate.h:103
          #31 0x7ffff365c24a in QObjectPrivate::deleteChildren() /home/mitch/dev/qt5.11/qtbase/src/corelib/kernel/qobject.cpp:1997
          #32 0x7ffff3660ebf in QObject::~QObject() /home/mitch/dev/qt5.11/qtbase/src/corelib/kernel/qobject.cpp:1025
          #33 0x7fffd4c7b88c in QQuickPopup::~QQuickPopup() /home/mitch/dev/qt5.11/qtquickcontrols2/src/quicktemplates2/qquickpopup.cpp:724
          #34 0x7fffd4848a06 in QQuickMenu::~QQuickMenu() /home/mitch/dev/qt5.11-debug/qtbase/include/QtQuickTemplates2/5.11.2/QtQuickTemplates2/private/../../../../../../../qt5.11/qtquickcontrols2/src/quicktemplates2/qquickmenu_p.h:63
          #35 0x7fffd4848a06 in QQmlPrivate::QQmlElement<QQuickMenu>::~QQmlElement() /home/mitch/dev/qt5.11-debug/qtbase/include/QtQml/../../../../qt5.11/qtdeclarative/src/qml/qml/qqmlprivate.h:103
          #36 0x7fffd4848a06 in QQmlPrivate::QQmlElement<QQuickMenu>::~QQmlElement() /home/mitch/dev/qt5.11-debug/qtbase/include/QtQml/../../../../qt5.11/qtdeclarative/src/qml/qml/qqmlprivate.h:103
          #37 0x7ffff365c24a in QObjectPrivate::deleteChildren() /home/mitch/dev/qt5.11/qtbase/src/corelib/kernel/qobject.cpp:1997
      
      previously allocated by thread T0 here:
          #0 0x7ffff6ef8b50 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb50)
          #1 0x7ffff307e46b in QListData::detach_grow(int*, int) /home/mitch/dev/qt5.11/qtbase/src/corelib/tools/qlist.cpp:79
          #2 0x7ffff355e02e in QList<QObject*>::detach_helper_grow(int, int) ../../include/QtCore/../../../../qt5.11/qtbase/src/corelib/tools/qlist.h:756
          #3 0x7ffff355e2f2 in QList<QObject*>::append(QObject* const&) (/home/mitch/dev/qt5.11-debug/qtbase/lib/libQt5Core.so.5+0x7492f2)
          #4 0x7ffff365ecf2 in QObjectPrivate::setParent_helper(QObject*) /home/mitch/dev/qt5.11/qtbase/src/corelib/kernel/qobject.cpp:2036
          #5 0x7ffff3660fba in QObject::setParent(QObject*) /home/mitch/dev/qt5.11/qtbase/src/corelib/kernel/qobject.cpp:1984
          #6 0x7ffff4898a4d in QQml_setParent_noEvent(QObject*, QObject*) /home/mitch/dev/qt5.11-debug/qtbase/include/QtQml/5.11.1/QtQml/private/../../../../../../../qt5.11/qtdeclarative/src/qml/qml/qqmlglobal_p.h:226
          #7 0x7ffff4898a4d in QQmlObjectCreator::createInstance(int, QObject*, bool) /home/mitch/dev/qt5.11/qtdeclarative/src/qml/qml/qqmlobjectcreator.cpp:1216
          #8 0x7ffff489c9b1 in QQmlObjectCreator::setPropertyBinding(QQmlPropertyData const*, QV4::CompiledData::Binding const*) /home/mitch/dev/qt5.11/qtdeclarative/src/qml/qml/qqmlobjectcreator.cpp:825
          #9 0x7ffff48a1d42 in QQmlObjectCreator::populateDeferredBinding(QQmlProperty const&, QQmlData::DeferredData*, QV4::CompiledData::Binding const*) /home/mitch/dev/qt5.11/qtdeclarative/src/qml/qml/qqmlobjectcreator.cpp:344
          #10 0x7fffd4c08d78 in beginDeferred /home/mitch/dev/qt5.11/qtquickcontrols2/src/quicktemplates2/qquickdeferredexecute.cpp:95
          #11 0x7fffd4c09363 in QtQuickPrivate::beginDeferred(QObject*, QString const&) /home/mitch/dev/qt5.11/qtquickcontrols2/src/quicktemplates2/qquickdeferredexecute.cpp:118
          #12 0x7fffd4bb0947 in void quickBeginDeferred<QQuickItem>(QObject*, QString const&, QQuickDeferredPointer<QQuickItem>&) /home/mitch/dev/qt5.11/qtquickcontrols2/src/quicktemplates2/qquickdeferredexecute_p_p.h:74
          #13 0x7fffd4c024d8 in QQuickControlPrivate::executeContentItem(bool) /home/mitch/dev/qt5.11/qtquickcontrols2/src/quicktemplates2/qquickcontrol.cpp:650
          #14 0x7fffd4bf93cd in QQuickControlPrivate::getContentItem() /home/mitch/dev/qt5.11/qtquickcontrols2/src/quicktemplates2/qquickcontrol.cpp:266
          #15 0x7fffd4c006d7 in QQuickControl::contentItem() const /home/mitch/dev/qt5.11/qtquickcontrols2/src/quicktemplates2/qquickcontrol.cpp:1359
          #16 0x7fffd4d15ed2 in QQuickControl::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) .moc/moc_qquickcontrol_p.cpp:459
          #17 0x7ffff44741ca in QQmlPropertyData::readPropertyWithArgs(QObject*, void**) const /home/mitch/dev/qt5.11-debug/qtbase/include/QtQml/5.11.1/QtQml/private/../../../../../../../qt5.11/qtdeclarative/src/qml/qml/qqmlpropertycache_p.h:334
          #18 0x7ffff4459438 in QQmlPropertyData::readProperty(QObject*, void*) const /home/mitch/dev/qt5.11-debug/qtbase/include/QtQml/5.11.1/QtQml/private/../../../../../../../qt5.11/qtdeclarative/src/qml/qml/qqmlpropertycache_p.h:328
          #19 0x7ffff4459438 in loadProperty /home/mitch/dev/qt5.11/qtdeclarative/src/qml/jsruntime/qv4qobjectwrapper.cpp:130
          #20 0x7ffff445b433 in QV4::QObjectWrapper::getProperty(QV4::ExecutionEngine*, QObject*, QQmlPropertyData*, bool) /home/mitch/dev/qt5.11/qtdeclarative/src/qml/jsruntime/qv4qobjectwrapper.cpp:262
          #21 0x7ffff446b46f in QV4::QObjectWrapper::getQmlProperty(QV4::ExecutionEngine*, QQmlContextData*, QObject*, QV4::String*, QV4::QObjectWrapper::RevisionMode, bool*) /home/mitch/dev/qt5.11/qtdeclarative/src/qml/jsruntime/qv4qobjectwrapper.cpp:382
          #22 0x7ffff4216789 in QV4::QQmlContextWrapper::get(QV4::Managed const*, QV4::String*, bool*) /home/mitch/dev/qt5.11/qtdeclarative/src/qml/jsruntime/qv4qmlcontext.cpp:197
          #23 0x7ffff4092607 in QV4::Object::get(QV4::String*, bool*) const /home/mitch/dev/qt5.11/qtdeclarative/src/qml/jsruntime/qv4object_p.h:364
          #24 0x7ffff4092607 in QV4::ExecutionContext::getProperty(QV4::String*) /home/mitch/dev/qt5.11/qtdeclarative/src/qml/jsruntime/qv4context.cpp:292
          #25 0x7ffff44ff219 in QV4::Runtime::method_loadName(QV4::ExecutionEngine*, int) /home/mitch/dev/qt5.11/qtdeclarative/src/qml/jsruntime/qv4runtime.cpp:745
          #26 0x7fffd464fdfe  (<unknown module>)
          #27 0x7ffff44b8d96 in QV4::Moth::VME::exec(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int) /home/mitch/dev/qt5.11/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:574
          #28 0x7ffff4829892 in QV4::Moth::VME::exec(QV4::Function*, QV4::Value const*, QV4::Value const*, int, QV4::ExecutionContext const*) /home/mitch/dev/qt5.11-debug/qtbase/include/QtQml/5.11.1/QtQml/private/../../../../../../../qt5.11/qtdeclarative/src/qml/jsruntime/qv4vme_moth_p.h:72
          #29 0x7ffff4829892 in QV4::Function::call(QV4::Value const*, QV4::Value const*, int, QV4::ExecutionContext const*) /home/mitch/dev/qt5.11-debug/qtbase/include/QtQml/5.11.1/QtQml/private/../../../../../../../qt5.11/qtdeclarative/src/qml/jsruntime/qv4function_p.h:72
          #30 0x7ffff4829892 in QQmlJavaScriptExpression::evaluate(QV4::CallData*, bool*) /home/mitch/dev/qt5.11/qtdeclarative/src/qml/qml/qqmljavascriptexpression.cpp:217
          #31 0x7ffff483f44e in QQmlBinding::evaluate(bool*) /home/mitch/dev/qt5.11/qtdeclarative/src/qml/qml/qqmlbinding.cpp:209
          #32 0x7ffff4856f71 in QQmlNonbindingBinding::doUpdate(QQmlJavaScriptExpression::DeleteWatcher const&, QFlags<QQmlPropertyData::WriteFlag>, QV4::Scope&) /home/mitch/dev/qt5.11/qtdeclarative/src/qml/qml/qqmlbinding.cpp:245
          #33 0x7ffff4849f43 in QQmlBinding::update(QFlags<QQmlPropertyData::WriteFlag>) /home/mitch/dev/qt5.11/qtdeclarative/src/qml/qml/qqmlbinding.cpp:185
          #34 0x7ffff484d310 in QQmlBinding::setEnabled(bool, QFlags<QQmlPropertyData::WriteFlag>) /home/mitch/dev/qt5.11/qtdeclarative/src/qml/qml/qqmlbinding.cpp:548
      
      SUMMARY: AddressSanitizer: heap-use-after-free
      

      Ran it like this:

      QML2_IMPORT_PATH=$QML2_IMPORT_PATH:/home/mitch/dev/qmlbench-qt5.11-release /home/mitch/dev/qmlbench-qt5.11-debug/src/qmlbench --subprocess-mode --shell frame-count /home/mitch/dev/temp/quick/main.qml
      

      The

      --subprocess-mode

      argument doesn't appear to be necessary to reproduce the crash.

      --framecount-interval 1000

      will make the test run for a second instead of 20, and still reproduces the bug.

      Attachments

        Issue Links

          For Gerrit Dashboard: QTBUG-70729
          # Subject Branch Project Status CR V

          Activity

            People

              mitch_curtis Mitch Curtis
              mitch_curtis Mitch Curtis
              Votes:
              1 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes