Details
-
Bug
-
Resolution: Done
-
P1: Critical
-
5.12.0 RC2
-
ba6371fb2ae3ad0096ec672f61a7a989c297d8fc (qt/qtdeclarative/5.12)
Description
Consider:
main.qml:
import QtQml 2.2 QtObject { property int destructions: 0 property Component itemComponent: Qt.createComponent("MyItem.qml"); property MyItem item; property Timer timer: Timer { running: true repeat: true interval: 1 onTriggered: { item = itemComponent.createObject(null, {}); item.parent = parent; gc(); } } }
MyItem.qml:
import QtQml 2.2 QtObject { property var parent; Component.onCompleted: { console.log("created!"); } Component.onDestruction: { console.log("destroyed", parent.destructions); parent.destructions += 1; } }
On 5.12 this crashes after a few iterations:
qml: created!
qml: created!
qml: destroyed 0
qml: created!
qml: destroyed 1
qml: created!
qrc:/MyItem.qml:7: TypeError: Cannot read property 'destructions' of undefined
qml: created!
<crash>
stacktrace:
Thread 4 (Thread 0x7fffe75bf700 (LWP 1353)): #0 0x00007ffff4d6067d in poll () at ../sysdeps/unix/syscall-template.S:84 No locals. #1 0x00007ffff1f5b9f6 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 No symbol table info available. #2 0x00007ffff1f5bb0c in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 No symbol table info available. #3 0x00007ffff6010dcf in QEventDispatcherGlib::processEvents (this=0x7fffdc0008c0, flags=...) at kernel/qeventdispatcher_glib.cpp:422 d = 0x7fffdc0008e0 canWait = true savedFlags = {i = 0} result = <optimized out> #4 0x00007ffff5fb857a in QEventLoop::exec (this=this@entry=0x7fffe75bee10, flags=..., flags@entry=...) at kernel/qeventloop.cpp:225 d = 0x7fffdc002d90 locker = {val = 93824995096736} ref = {d = 0x7fffdc002d90, locker = @0x7fffe75beda0, exceptionCaught = true} #5 0x00007ffff5df07dc in QThread::exec (this=this@entry=0x7fffee98fd80 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at thread/qthread.cpp:534 d = 0x55555580f830 locker = {val = 93824995096736} eventLoop = {<QObject> = {_vptr.QObject = 0x7ffff64d0328 <vtable for QEventLoop+16>, static staticMetaObject = {d = {superdata = 0x0, stringdata = 0x7ffff61a8900 <qt_meta_stringdata_QObject>, data = 0x7ffff61a87e0 <qt_meta_data_QObject>, static_metacall = 0x7ffff5fed740 <QObject::qt_static_metacall(QObject*, QMetaObject::Call, int, void**)>, relatedMetaObjects = 0x0, extradata = 0x0}}, d_ptr = {d = 0x7fffdc002d90}, static staticQtMetaObject = {d = {superdata = 0x0, stringdata = 0x7ffff61ab820 <qt_meta_stringdata_Qt>, data = 0x7ffff61a8a20 <qt_meta_data_Qt>, static_metacall = 0x0, relatedMetaObjects = 0x0, extradata = 0x0}}}, static staticMetaObject = {d = {superdata = 0x7ffff64c8860 <QObject::staticMetaObject>, stringdata = 0x7ffff61a3340 <qt_meta_stringdata_QEventLoop>, data = 0x7ffff61a32e0 <qt_meta_data_QEventLoop>, static_metacall = 0x7ffff5fb82c0 <QEventLoop::qt_static_metacall(QObject*, QMetaObject::Call, int, void**)>, relatedMetaObjects = 0x0, extradata = 0x0}}} returnCode = <optimized out> #6 0x00007fffee71ab45 in QDBusConnectionManager::run (this=0x7fffee98fd80 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at qdbusconnection.cpp:178 locker = <optimized out> #7 0x00007ffff5df1d13 in QThreadPrivate::start (arg=0x7fffee98fd80 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at thread/qthread_unix.cpp:361 thr = 0x7fffee98fd80 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder> data = 0x55555580f8e0 __clframe = {__cancel_routine = 0x7ffff5df0fb0 <QThreadPrivate::finish(void*)>, __cancel_arg = 0x7fffee98fd80 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>, __do_it = 1, __cancel_type = <optimized out>} #8 0x00007ffff58c4494 in start_thread (arg=0x7fffe75bf700) at pthread_create.c:333 __res = <optimized out> pd = 0x7fffe75bf700 now = <optimized out> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140737074951936, 2294011862651632493, 0, 140737488345839, 0, 140737354125376, -2293958296322573459, -2293989474744665235}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = <optimized out> pagesize_m1 = <optimized out> sp = <optimized out> freesize = <optimized out> __PRETTY_FUNCTION__ = "start_thread" #9 0x00007ffff4d69acf in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97 No locals. Thread 3 (Thread 0x7fffec814700 (LWP 1351)): #0 0x00007ffff4d6067d in poll () at ../sysdeps/unix/syscall-template.S:84 No locals. #1 0x00007ffff1f5b9f6 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 No symbol table info available. #2 0x00007ffff1f5bb0c in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 No symbol table info available. #3 0x00007ffff6010dcf in QEventDispatcherGlib::processEvents (this=0x7fffe00008c0, flags=...) at kernel/qeventdispatcher_glib.cpp:422 d = 0x7fffe00008e0 canWait = true savedFlags = {i = 0} result = <optimized out> #4 0x00007ffff5fb857a in QEventLoop::exec (this=this@entry=0x7fffec813e20, flags=..., flags@entry=...) at kernel/qeventloop.cpp:225 d = 0x7fffe0002f90 locker = {val = 93824994844224} ref = {d = 0x7fffe0002f90, locker = @0x7fffec813db0, exceptionCaught = true} #5 0x00007ffff5df07dc in QThread::exec (this=this@entry=0x5555557d1d00) at thread/qthread.cpp:534 d = 0x5555557d1dd0 locker = {val = 93824994844224} eventLoop = {<QObject> = {_vptr.QObject = 0x7ffff64d0328 <vtable for QEventLoop+16>, static staticMetaObject = {d = {superdata = 0x0, stringdata = 0x7ffff61a8900 <qt_meta_stringdata_QObject>, data = 0x7ffff61a87e0 <qt_meta_data_QObject>, static_metacall = 0x7ffff5fed740 <QObject::qt_static_metacall(QObject*, QMetaObject::Call, int, void**)>, relatedMetaObjects = 0x0, extradata = 0x0}}, d_ptr = {d = 0x7fffe0002f90}, static staticQtMetaObject = {d = {superdata = 0x0, stringdata = 0x7ffff61ab820 <qt_meta_stringdata_Qt>, data = 0x7ffff61a8a20 <qt_meta_data_Qt>, static_metacall = 0x0, relatedMetaObjects = 0x0, extradata = 0x0}}}, static staticMetaObject = {d = {superdata = 0x7ffff64c8860 <QObject::staticMetaObject>, stringdata = 0x7ffff61a3340 <qt_meta_stringdata_QEventLoop>, data = 0x7ffff61a32e0 <qt_meta_data_QEventLoop>, static_metacall = 0x7ffff5fb82c0 <QEventLoop::qt_static_metacall(QObject*, QMetaObject::Call, int, void**)>, relatedMetaObjects = 0x0, extradata = 0x0}}} returnCode = <optimized out> #6 0x00007ffff6b82cf5 in QQmlThreadPrivate::run (this=0x5555557d1d00) at qml/ftw/qqmlthread.cpp:148 No locals. #7 0x00007ffff5df1d13 in QThreadPrivate::start (arg=0x5555557d1d00) at thread/qthread_unix.cpp:361 thr = 0x5555557d1d00 data = 0x5555557d1e80 __clframe = {__cancel_routine = 0x7ffff5df0fb0 <QThreadPrivate::finish(void*)>, __cancel_arg = 0x5555557d1d00, __do_it = 1, __cancel_type = <optimized out>} #8 0x00007ffff58c4494 in start_thread (arg=0x7fffec814700) at pthread_create.c:333 __res = <optimized out> pd = 0x7fffec814700 now = <optimized out> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140737161283328, 2294011862651632493, 0, 140737488346095, 0, 140737354125376, -2293969791265670291, -2293989474744665235}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = <optimized out> pagesize_m1 = <optimized out> sp = <optimized out> freesize = <optimized out> __PRETTY_FUNCTION__ = "start_thread" #9 0x00007ffff4d69acf in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97 No locals. Thread 2 (Thread 0x7fffed469700 (LWP 1350)): #0 0x00007ffff4d6067d in poll () at ../sysdeps/unix/syscall-template.S:84 No locals. #1 0x00007ffff0530150 in ?? () from /usr/lib/x86_64-linux-gnu/libxcb.so.1 No symbol table info available. #2 0x00007ffff0531ee9 in xcb_wait_for_event () from /usr/lib/x86_64-linux-gnu/libxcb.so.1 No symbol table info available. #3 0x00007fffeeee9780 in QXcbEventQueue::run (this=0x555555793270) at qxcbeventqueue.cpp:225 event = <optimized out> tail = 0x7fffef2538b0 <QXcbEventQueue::qXcbEventNodeFactory(xcb_generic_event_t*)::qXcbNodePool+48> #4 0x00007ffff5df1d13 in QThreadPrivate::start (arg=0x555555793270) at thread/qthread_unix.cpp:361 thr = 0x555555793270 data = 0x555555793400 __clframe = {__cancel_routine = 0x7ffff5df0fb0 <QThreadPrivate::finish(void*)>, __cancel_arg = 0x555555793270, __do_it = 1, __cancel_type = <optimized out>} #5 0x00007ffff58c4494 in start_thread (arg=0x7fffed469700) at pthread_create.c:333 __res = <optimized out> pd = 0x7fffed469700 now = <optimized out> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140737174214400, 2294011862651632493, 0, 140737488344751, 0, 140737354125376, -2293971377719215251, -2293989474744665235}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = <optimized out> pagesize_m1 = <optimized out> sp = <optimized out> freesize = <optimized out> __PRETTY_FUNCTION__ = "start_thread" #6 0x00007ffff4d69acf in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97 No locals. Thread 1 (Thread 0x7ffff7fc1780 (LWP 1328)): #0 QV4::Heap::Base::mark (markStack=0x7fffffffba40, this=0x4) at ../../include/QtQml/5.12.0/QtQml/private/../../../../../src/qml/memory/qv4heap_p.h:190 h = 0x4 index = 0 bitmap = 0x100 #1 QV4::Heap::Object::markObjects (b=b@entry=0x7fffe75e2680, stack=stack@entry=0x7fffffffba40) at jsruntime/qv4object.cpp:237 o = 0x7fffe75e2680 nInline = <optimized out> v = 0x1 end = 0x7fffe75c0180 #2 0x00007ffff69e9e01 in QV4::Heap::ErrorObject::markObjects (b=0x7fffe75e2680, stack=0x7fffffffba40) at jsruntime/qv4errorobject_p.h:70 o = 0x7fffe75e2680 #3 0x00007ffff69429bf in QV4::MarkStack::drain (this=this@entry=0x7fffffffba40) at memory/qv4mm.cpp:907 h = <optimized out> #4 0x00007ffff6a9fd98 in QV4::ExecutionEngine::markObjects (this=0x5555557d2170, markStack=markStack@entry=0x7fffffffba40) at jsruntime/qv4engine.cpp:1084 No locals. #5 0x00007ffff69430c3 in QV4::MemoryManager::collectRoots (this=this@entry=0x5555557d2660, markStack=markStack@entry=0x7fffffffba40) at memory/qv4mm.cpp:913 No locals. #6 0x00007ffff69432f0 in QV4::MemoryManager::mark (this=this@entry=0x5555557d2660) at memory/qv4mm.cpp:961 markStack = {top = 0x7fffe79c1188, base = 0x7fffe79c1000, limit = 0x7fffe7b41000, engine = 0x5555557d2170} #7 0x00007ffff694506b in QV4::MemoryManager::runGC (this=0x5555557d2660) at memory/qv4mm.cpp:1098 gcBlocker = {varRef = @0x5555557d27e8, oldValue = false} #8 0x00007ffff6b89a37 in QV4::GlobalExtensions::method_gc (b=<optimized out>) at qml/v8/qqmlbuiltinfunctions.cpp:2081 No locals. #9 0x00007ffff6ab2083 in QV4::FunctionObject::call (argc=0, argv=0x7fffe7bc1500, thisObject=0x7fffe7bc15a0, this=<optimized out>) at jsruntime/qv4functionobject_p.h:202 No locals. #10 QV4::Runtime::method_callName (engine=0x5555557d2170, nameIndex=<optimized out>, argv=0x7fffe7bc1500, argc=0) at jsruntime/qv4runtime.cpp:1346 scope = {engine = 0x5555557d2170, mark = 0x7fffe7bc15a0} thisObject = {ptr = 0x7fffe7bc15a0} name = <optimized out> ctx = <optimized out> f = <optimized out> #11 0x00007ffff7fef1d9 in ?? () No symbol table info available. #12 0x0000000000000000 in ?? () No symbol table info available.
On 5.11 it also sometimes fails to access parent, but it doesn't crash.
Attachments
| For Gerrit Dashboard: QTBUG-72137 | ||||||
|---|---|---|---|---|---|---|
| # | Subject | Branch | Project | Status | CR | V |
| 250008,4 | MemoryManager: Only clear weak values once | 5.12 | qt/qtdeclarative | Status: MERGED | +2 | 0 |