https://bugs.kde.org/show_bug.cgi?id=500044
--- Comment #3 from nyanpasu64 <nyanpas...@tuta.io> --- I was/am using a multi-monitor setup, but the crash occurred when clicking the taskbar and not while plugging/unplugging a display (I think the second display was already plugged in when I woke the computer from sleep). I suspect the top of the stack trace is some sort of use-after-free where QV4::loadProperty() is loading a corrupted property/field object, passing a freed? pointer to QV4::QObjectWrapper::wrap. The latter function tries to check if the pointer target is deleted, but QQmlData::wasDeleted(const QObject *) accesses a bad d-pointer overwritten with 0x3ff0000000000000 = (double)1.0, causing QQmlData::wasDeleted(const QObjectPrivate * = 0x3ff0...) to crash. - loadProperty: https://codebrowser.dev/qt6/qtdeclarative/src/qml/jsruntime/qv4qobjectwrapper.cpp.html#126 - QObjectWrapper::wrap: https://codebrowser.dev/qt6/qtdeclarative/src/qml/jsruntime/qv4qobjectwrapper_p.h.html#_ZN3QV414QObjectWrapper4wrapEPNS_15ExecutionEngineEP7QObject > The top of the backtrace looks similar to bug 499353 which was marked as a > duplicate of bug 477941 As far as I can tell, it's a common mode of failure (use-after-free) but triggered by a different sequence of events. There might be some sort of logic bug involved with transferring ownership between C++ and JS in your Qt Quick-C++ bindings, or a QML engine/code bug? In my experience it's effectively impossible to debug UAF crashes in mixed QML-C++ code (because it's hard to trace the sites of allocation, deallocation, and usage across language/interpreter boundaries to program logic, and Qt Quick apps have poor compatibility with valgrind/asan/rr), but perhaps other people with more insider knowledge of QV4 or KDE's bindings will have a better idea. - Annoyingly a gdb stack trace does not say *which* QML code is triggering an interpreter crash, and trying to print the object involved hangs gdb for minutes and sends my machine into OOM because of a longstanding GDB bug(?), possibly caused by LTO (https://sourceware.org/bugzilla/show_bug.cgi?id=23710)? I tried debugging gdb with a second GDB, which says the target is parsing DWARF symbols. -- You are receiving this mail because: You are watching all bug changes.
