Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-72137

[Reg: 5.11.2->5.12.0] QML Garbage collector crashes when accessing other items from Component.onDestruction

    XMLWordPrintable

Details

    • ba6371fb2ae3ad0096ec672f61a7a989c297d8fc (qt/qtdeclarative/5.12)

    Description

      Consider:

      main.qml:

      import QtQml 2.2

QtObject {
    property int destructions: 0
    property Component itemComponent: Qt.createComponent("MyItem.qml");
    property MyItem item;
    property Timer timer: Timer {
        running: true
        repeat: true
        interval: 1
        onTriggered: {
            item = itemComponent.createObject(null, {});
            item.parent = parent;
            gc();
        }
    }
}

      MyItem.qml:

      import QtQml 2.2

QtObject {
    property var parent;
    Component.onCompleted: { console.log("created!"); }
    Component.onDestruction: {
        console.log("destroyed", parent.destructions);
        parent.destructions += 1;
    }
}

      On 5.12 this crashes after a few iterations:

      qml: created!
qml: created!
qml: destroyed 0
qml: created!
qml: destroyed 1
qml: created!
qrc:/MyItem.qml:7: TypeError: Cannot read property 'destructions' of undefined
qml: created!
<crash>

      stacktrace:

      
Thread 4 (Thread 0x7fffe75bf700 (LWP 1353)):
#0  0x00007ffff4d6067d in poll () at ../sysdeps/unix/syscall-template.S:84
No locals.
#1  0x00007ffff1f5b9f6 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
No symbol table info available.
#2  0x00007ffff1f5bb0c in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
No symbol table info available.
#3  0x00007ffff6010dcf in QEventDispatcherGlib::processEvents (this=0x7fffdc0008c0, flags=...) at kernel/qeventdispatcher_glib.cpp:422
        d = 0x7fffdc0008e0
        canWait = true
        savedFlags = {i = 0}
        result = <optimized out>
#4  0x00007ffff5fb857a in QEventLoop::exec (this=this@entry=0x7fffe75bee10, flags=..., flags@entry=...) at kernel/qeventloop.cpp:225
        d = 0x7fffdc002d90
        locker = {val = 93824995096736}
        ref = {d = 0x7fffdc002d90, locker = @0x7fffe75beda0, exceptionCaught = true}
#5  0x00007ffff5df07dc in QThread::exec (this=this@entry=0x7fffee98fd80 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at thread/qthread.cpp:534
        d = 0x55555580f830
        locker = {val = 93824995096736}
        eventLoop = {<QObject> = {_vptr.QObject = 0x7ffff64d0328 <vtable for QEventLoop+16>, static staticMetaObject = {d = {superdata = 0x0, stringdata = 0x7ffff61a8900 <qt_meta_stringdata_QObject>, data = 0x7ffff61a87e0 <qt_meta_data_QObject>, static_metacall = 0x7ffff5fed740 <QObject::qt_static_metacall(QObject*, QMetaObject::Call, int, void**)>, relatedMetaObjects = 0x0, extradata = 0x0}}, d_ptr = {d = 0x7fffdc002d90}, static staticQtMetaObject = {d = {superdata = 0x0, stringdata = 0x7ffff61ab820 <qt_meta_stringdata_Qt>, data = 0x7ffff61a8a20 <qt_meta_data_Qt>, static_metacall = 0x0, relatedMetaObjects = 0x0, extradata = 0x0}}}, static staticMetaObject = {d = {superdata = 0x7ffff64c8860 <QObject::staticMetaObject>, stringdata = 0x7ffff61a3340 <qt_meta_stringdata_QEventLoop>, data = 0x7ffff61a32e0 <qt_meta_data_QEventLoop>, static_metacall = 0x7ffff5fb82c0 <QEventLoop::qt_static_metacall(QObject*, QMetaObject::Call, int, void**)>, relatedMetaObjects = 0x0, extradata = 0x0}}}
        returnCode = <optimized out>
#6  0x00007fffee71ab45 in QDBusConnectionManager::run (this=0x7fffee98fd80 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at qdbusconnection.cpp:178
        locker = <optimized out>
#7  0x00007ffff5df1d13 in QThreadPrivate::start (arg=0x7fffee98fd80 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at thread/qthread_unix.cpp:361
        thr = 0x7fffee98fd80 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>
        data = 0x55555580f8e0
        __clframe = {__cancel_routine = 0x7ffff5df0fb0 <QThreadPrivate::finish(void*)>, __cancel_arg = 0x7fffee98fd80 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>, __do_it = 1, __cancel_type = <optimized out>}
#8  0x00007ffff58c4494 in start_thread (arg=0x7fffe75bf700) at pthread_create.c:333
        __res = <optimized out>
        pd = 0x7fffe75bf700
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140737074951936, 2294011862651632493, 0, 140737488345839, 0, 140737354125376, -2293958296322573459, -2293989474744665235}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
        pagesize_m1 = <optimized out>
        sp = <optimized out>
        freesize = <optimized out>
        __PRETTY_FUNCTION__ = "start_thread"
#9  0x00007ffff4d69acf in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97
No locals.

Thread 3 (Thread 0x7fffec814700 (LWP 1351)):
#0  0x00007ffff4d6067d in poll () at ../sysdeps/unix/syscall-template.S:84
No locals.
#1  0x00007ffff1f5b9f6 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
No symbol table info available.
#2  0x00007ffff1f5bb0c in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
No symbol table info available.
#3  0x00007ffff6010dcf in QEventDispatcherGlib::processEvents (this=0x7fffe00008c0, flags=...) at kernel/qeventdispatcher_glib.cpp:422
        d = 0x7fffe00008e0
        canWait = true
        savedFlags = {i = 0}
        result = <optimized out>
#4  0x00007ffff5fb857a in QEventLoop::exec (this=this@entry=0x7fffec813e20, flags=..., flags@entry=...) at kernel/qeventloop.cpp:225
        d = 0x7fffe0002f90
        locker = {val = 93824994844224}
        ref = {d = 0x7fffe0002f90, locker = @0x7fffec813db0, exceptionCaught = true}
#5  0x00007ffff5df07dc in QThread::exec (this=this@entry=0x5555557d1d00) at thread/qthread.cpp:534
        d = 0x5555557d1dd0
        locker = {val = 93824994844224}
        eventLoop = {<QObject> = {_vptr.QObject = 0x7ffff64d0328 <vtable for QEventLoop+16>, static staticMetaObject = {d = {superdata = 0x0, stringdata = 0x7ffff61a8900 <qt_meta_stringdata_QObject>, data = 0x7ffff61a87e0 <qt_meta_data_QObject>, static_metacall = 0x7ffff5fed740 <QObject::qt_static_metacall(QObject*, QMetaObject::Call, int, void**)>, relatedMetaObjects = 0x0, extradata = 0x0}}, d_ptr = {d = 0x7fffe0002f90}, static staticQtMetaObject = {d = {superdata = 0x0, stringdata = 0x7ffff61ab820 <qt_meta_stringdata_Qt>, data = 0x7ffff61a8a20 <qt_meta_data_Qt>, static_metacall = 0x0, relatedMetaObjects = 0x0, extradata = 0x0}}}, static staticMetaObject = {d = {superdata = 0x7ffff64c8860 <QObject::staticMetaObject>, stringdata = 0x7ffff61a3340 <qt_meta_stringdata_QEventLoop>, data = 0x7ffff61a32e0 <qt_meta_data_QEventLoop>, static_metacall = 0x7ffff5fb82c0 <QEventLoop::qt_static_metacall(QObject*, QMetaObject::Call, int, void**)>, relatedMetaObjects = 0x0, extradata = 0x0}}}
        returnCode = <optimized out>
#6  0x00007ffff6b82cf5 in QQmlThreadPrivate::run (this=0x5555557d1d00) at qml/ftw/qqmlthread.cpp:148
No locals.
#7  0x00007ffff5df1d13 in QThreadPrivate::start (arg=0x5555557d1d00) at thread/qthread_unix.cpp:361
        thr = 0x5555557d1d00
        data = 0x5555557d1e80
        __clframe = {__cancel_routine = 0x7ffff5df0fb0 <QThreadPrivate::finish(void*)>, __cancel_arg = 0x5555557d1d00, __do_it = 1, __cancel_type = <optimized out>}
#8  0x00007ffff58c4494 in start_thread (arg=0x7fffec814700) at pthread_create.c:333
        __res = <optimized out>
        pd = 0x7fffec814700
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140737161283328, 2294011862651632493, 0, 140737488346095, 0, 140737354125376, -2293969791265670291, -2293989474744665235}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
        pagesize_m1 = <optimized out>
        sp = <optimized out>
        freesize = <optimized out>
        __PRETTY_FUNCTION__ = "start_thread"
#9  0x00007ffff4d69acf in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97
No locals.

Thread 2 (Thread 0x7fffed469700 (LWP 1350)):
#0  0x00007ffff4d6067d in poll () at ../sysdeps/unix/syscall-template.S:84
No locals.
#1  0x00007ffff0530150 in ?? () from /usr/lib/x86_64-linux-gnu/libxcb.so.1
No symbol table info available.
#2  0x00007ffff0531ee9 in xcb_wait_for_event () from /usr/lib/x86_64-linux-gnu/libxcb.so.1
No symbol table info available.
#3  0x00007fffeeee9780 in QXcbEventQueue::run (this=0x555555793270) at qxcbeventqueue.cpp:225
        event = <optimized out>
        tail = 0x7fffef2538b0 <QXcbEventQueue::qXcbEventNodeFactory(xcb_generic_event_t*)::qXcbNodePool+48>
#4  0x00007ffff5df1d13 in QThreadPrivate::start (arg=0x555555793270) at thread/qthread_unix.cpp:361
        thr = 0x555555793270
        data = 0x555555793400
        __clframe = {__cancel_routine = 0x7ffff5df0fb0 <QThreadPrivate::finish(void*)>, __cancel_arg = 0x555555793270, __do_it = 1, __cancel_type = <optimized out>}
#5  0x00007ffff58c4494 in start_thread (arg=0x7fffed469700) at pthread_create.c:333
        __res = <optimized out>
        pd = 0x7fffed469700
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140737174214400, 2294011862651632493, 0, 140737488344751, 0, 140737354125376, -2293971377719215251, -2293989474744665235}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
        pagesize_m1 = <optimized out>
        sp = <optimized out>
        freesize = <optimized out>
        __PRETTY_FUNCTION__ = "start_thread"
#6  0x00007ffff4d69acf in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97
No locals.

Thread 1 (Thread 0x7ffff7fc1780 (LWP 1328)):
#0  QV4::Heap::Base::mark (markStack=0x7fffffffba40, this=0x4) at ../../include/QtQml/5.12.0/QtQml/private/../../../../../src/qml/memory/qv4heap_p.h:190
        h = 0x4
        index = 0
        bitmap = 0x100
#1  QV4::Heap::Object::markObjects (b=b@entry=0x7fffe75e2680, stack=stack@entry=0x7fffffffba40) at jsruntime/qv4object.cpp:237
        o = 0x7fffe75e2680
        nInline = <optimized out>
        v = 0x1
        end = 0x7fffe75c0180
#2  0x00007ffff69e9e01 in QV4::Heap::ErrorObject::markObjects (b=0x7fffe75e2680, stack=0x7fffffffba40) at jsruntime/qv4errorobject_p.h:70
        o = 0x7fffe75e2680
#3  0x00007ffff69429bf in QV4::MarkStack::drain (this=this@entry=0x7fffffffba40) at memory/qv4mm.cpp:907
        h = <optimized out>
#4  0x00007ffff6a9fd98 in QV4::ExecutionEngine::markObjects (this=0x5555557d2170, markStack=markStack@entry=0x7fffffffba40) at jsruntime/qv4engine.cpp:1084
No locals.
#5  0x00007ffff69430c3 in QV4::MemoryManager::collectRoots (this=this@entry=0x5555557d2660, markStack=markStack@entry=0x7fffffffba40) at memory/qv4mm.cpp:913
No locals.
#6  0x00007ffff69432f0 in QV4::MemoryManager::mark (this=this@entry=0x5555557d2660) at memory/qv4mm.cpp:961
        markStack = {top = 0x7fffe79c1188, base = 0x7fffe79c1000, limit = 0x7fffe7b41000, engine = 0x5555557d2170}
#7  0x00007ffff694506b in QV4::MemoryManager::runGC (this=0x5555557d2660) at memory/qv4mm.cpp:1098
        gcBlocker = {varRef = @0x5555557d27e8, oldValue = false}
#8  0x00007ffff6b89a37 in QV4::GlobalExtensions::method_gc (b=<optimized out>) at qml/v8/qqmlbuiltinfunctions.cpp:2081
No locals.
#9  0x00007ffff6ab2083 in QV4::FunctionObject::call (argc=0, argv=0x7fffe7bc1500, thisObject=0x7fffe7bc15a0, this=<optimized out>) at jsruntime/qv4functionobject_p.h:202
No locals.
#10 QV4::Runtime::method_callName (engine=0x5555557d2170, nameIndex=<optimized out>, argv=0x7fffe7bc1500, argc=0) at jsruntime/qv4runtime.cpp:1346
        scope = {engine = 0x5555557d2170, mark = 0x7fffe7bc15a0}
        thisObject = {ptr = 0x7fffe7bc15a0}
        name = <optimized out>
        ctx = <optimized out>
        f = <optimized out>
#11 0x00007ffff7fef1d9 in ?? ()
No symbol table info available.
#12 0x0000000000000000 in ?? ()
No symbol table info available.

      On 5.11 it also sometimes fails to access parent, but it doesn't crash.

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            ulherman Ulf Hermann
            ulherman Ulf Hermann
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes