Bug 454797

Summary: Plasmashell: Segfault in QV4::StaticValue::isUndefined()
Product: [Plasma] plasmashell Reporter: scripptor
Component: generic-crashAssignee: Plasma Bugs List <plasma-bugs-null>
Status: RESOLVED UPSTREAM    
Severity: crash CC: nate
Priority: NOR    
Version First Reported In: 5.24.5   
Target Milestone: 1.0   
Platform: openSUSE   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:
Attachments: The crashlog generated by Dr.Konqi.

Description scripptor 2022-06-03 14:44:44 UTC 
Created attachment 149429 [details]
The crashlog generated by Dr.Konqi.

SUMMARY
Plasmashell crashed after a segfault in QV4::StaticValue::isUndefined().
Until now the issue didn't occur again.

STEPS TO REPRODUCE
Unknown.

OBSERVED RESULT
Plasmashell crashed and was noticed by Dr.Konqi

EXPECTED RESULT
No crash.

SOFTWARE/OS VERSIONS
Qt Version: 5.15.2
Frameworks Version: 5.94.0
Operating System: Linux 5.17.9-1-default x86_64
Windowing System: Wayland
Distribution: "openSUSE Tumbleweed"
DrKonqi: 5.24.5 [KCrashBackend] 

ADDITIONAL INFORMATION
Crashlog attached.
Comment 1 Nate Graham 2022-06-03 18:29:32 UTC 
It's deep in Qt:

[KCrash Handler]
#4  QV4::StaticValue::isUndefined() const (this=0x200104) at ../../include/QtQml/5.15.2/QtQml/private/../../../../../../src/qml/common/qv4staticvalue_p.h:318
#5  QV4::MemoryManager::sweep(bool, void (*)(char const*)) (this=this@entry=0x55d09478e270, lastSweep=lastSweep@entry=false, classCountPtr=classCountPtr@entry=0x0) at /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde43-2.2.x86_64/src/qml/memory/qv4mm.cpp:974
#6  0x00007fa77ff924bc in QV4::MemoryManager::runGC() (this=0x55d09478e270) at /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde43-2.2.x86_64/src/qml/memory/qv4mm.cpp:1054
#7  0x00007fa77ff947a0 in QV4::MemoryManager::allocate(QV4::BlockAllocator*, unsigned long) (size=96, allocator=0x55d09478e280, this=0x55d09478e270) at ../../include/QtQml/5.15.2/QtQml/private/../../../../../../src/qml/memory/qv4mm_p.h:328
#8  QV4::MemoryManager::allocData(unsigned long) (this=0x55d09478e270, size=96) at /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde43-2.2.x86_64/src/qml/memory/qv4mm.cpp:806
#9  0x00007fa77ff948af in QV4::MemoryManager::allocObjectWithMemberData(QV4::VTable const*, unsigned int) (this=this@entry=0x55d09478e270, vtable=vtable@entry=0x7fa78035aee0 <QV4::QQmlValueTypeReference::static_vtbl>, nMembers=<optimized out>) at /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde43-2.2.x86_64/src/qml/memory/qv4mm.cpp:818
#10 0x00007fa7801d47ef in QV4::MemoryManager::allocateObject<QV4::QQmlValueTypeReference>(QV4::Heap::InternalClass*) (ic=0x7fa72585ec80, this=0x55d09478e270) at /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde43-2.2.x86_64/src/qml/qml/qqmlvaluetypewrapper.cpp:85
#11 QV4::MemoryManager::allocateObject<QV4::QQmlValueTypeReference>(QV4::InternalClass*) (ic=0x7fa7481ba588, this=0x55d09478e270) at ../../include/QtQml/5.15.2/QtQml/private/../../../../../../src/qml/memory/qv4mm_p.h:201
#12 QV4::MemoryManager::allocateObject<QV4::QQmlValueTypeReference>() (this=0x55d09478e270) at ../../include/QtQml/5.15.2/QtQml/private/../../../../../../src/qml/memory/qv4mm_p.h:211
#13 QV4::MemoryManager::allocate<QV4::QQmlValueTypeReference>() (this=0x55d09478e270) at ../../include/QtQml/5.15.2/QtQml/private/../../../../../../src/qml/memory/qv4mm_p.h:244
#14 QV4::QQmlValueTypeWrapper::create(QV4::ExecutionEngine*, QObject*, int, QMetaObject const*, int) (engine=engine@entry=0x55d0945468a0, object=object@entry=0x55d09548cf40, property=43, metaObject=0x7fa780965c00 <QQuickColorValueType::staticMetaObject>, typeId=67) at /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde43-2.2.x86_64/src/qml/qml/qqmlvaluetypewrapper.cpp:191
#15 0x00007fa78008676e in loadProperty(QV4::ExecutionEngine*, QObject*, QQmlPropertyData const&) (v4=0x55d0945468a0, object=0x55d09548cf40, property=...) at /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde43-2.2.x86_64/src/qml/jsruntime/qv4qobjectwrapper.cpp:186
#16 0x00007fa780087258 in QV4::QObjectWrapper::getQmlProperty(QV4::ExecutionEngine*, QQmlContextData*, QObject*, QV4::String*, QV4::QObjectWrapper::RevisionMode, bool*, QQmlPropertyData**) (engine=engine@entry=0x55d0945468a0, qmlContext=qmlContext@entry=0x55d099d5a5d0, object=0x55d09548cf40, name=0x7fa7481ba578, revisionMode=revisionMode@entry=QV4::QObjectWrapper::IgnoreRevision, hasProperty=hasProperty@entry=0x0, property=0x0) at /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde43-2.2.x86_64/src/qml/jsruntime/qv4qobjectwrapper.cpp:388
#17 0x00007fa7801d9d92 in QV4::QQmlTypeWrapper::virtualGet(QV4::Managed const*, QV4::PropertyKey, QV4::Value const*, bool*) (m=0x7fa7481ba568, id=..., receiver=0x7fa7481ba568, hasProperty=0x0) at /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde43-2.2.x86_64/src/qml/qml/qqmltypewrapper.cpp:268
#18 0x00007fa78001530d in QV4::Object::get(QV4::StringOrSymbol*, bool*, QV4::Value const*) const (receiver=0x7fa7481ba568, hasProperty=0x0, name=0x7fa7481ba570, this=0x7fa7481ba568) at ../../include/QtQml/5.15.2/QtQml/private/../../../../../../src/qml/jsruntime/qv4string_p.h:167
#19 QV4::Lookup::getterFallback(QV4::Lookup*, QV4::ExecutionEngine*, QV4::Value const&) (l=<optimized out>, engine=0x55d0945468a0, object=<optimized out>) at /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde43-2.2.x86_64/src/qml/jsruntime/qv4lookup.cpp:201
#20 0x00007fa7140fbf05 in  ()
#21 0x0000000000000000 in  ()
[Inferior 1 (process 2450) detached]


Not sure if there's anything we can do here.
Comment 2 scripptor 2022-06-04 13:57:19 UTC 
(In reply to Nate Graham from comment #1)
> It's deep in Qt:
> 
> [KCrash Handler]
> #4  QV4::StaticValue::isUndefined() const (this=0x200104) at
> ../../include/QtQml/5.15.2/QtQml/private/../../../../../../src/qml/common/
> qv4staticvalue_p.h:318
> #5  QV4::MemoryManager::sweep(bool, void (*)(char const*))
> (this=this@entry=0x55d09478e270, lastSweep=lastSweep@entry=false,
> classCountPtr=classCountPtr@entry=0x0) at
> /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde43-2.2.x86_64/src/qml/memory/
> qv4mm.cpp:974
> #6  0x00007fa77ff924bc in QV4::MemoryManager::runGC() (this=0x55d09478e270)
> at
> /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde43-2.2.x86_64/src/qml/memory/
> qv4mm.cpp:1054
> #7  0x00007fa77ff947a0 in QV4::MemoryManager::allocate(QV4::BlockAllocator*,
> unsigned long) (size=96, allocator=0x55d09478e280, this=0x55d09478e270) at
> ../../include/QtQml/5.15.2/QtQml/private/../../../../../../src/qml/memory/
> qv4mm_p.h:328
> #8  QV4::MemoryManager::allocData(unsigned long) (this=0x55d09478e270,
> size=96) at
> /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde43-2.2.x86_64/src/qml/memory/
> qv4mm.cpp:806
> #9  0x00007fa77ff948af in
> QV4::MemoryManager::allocObjectWithMemberData(QV4::VTable const*, unsigned
> int) (this=this@entry=0x55d09478e270, vtable=vtable@entry=0x7fa78035aee0
> <QV4::QQmlValueTypeReference::static_vtbl>, nMembers=<optimized out>) at
> /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde43-2.2.x86_64/src/qml/memory/
> qv4mm.cpp:818
> #10 0x00007fa7801d47ef in
> QV4::MemoryManager::allocateObject<QV4::QQmlValueTypeReference>(QV4::Heap::
> InternalClass*) (ic=0x7fa72585ec80, this=0x55d09478e270) at
> /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde43-2.2.x86_64/src/qml/qml/
> qqmlvaluetypewrapper.cpp:85
> #11
> QV4::MemoryManager::allocateObject<QV4::QQmlValueTypeReference>(QV4::
> InternalClass*) (ic=0x7fa7481ba588, this=0x55d09478e270) at
> ../../include/QtQml/5.15.2/QtQml/private/../../../../../../src/qml/memory/
> qv4mm_p.h:201
> #12 QV4::MemoryManager::allocateObject<QV4::QQmlValueTypeReference>()
> (this=0x55d09478e270) at
> ../../include/QtQml/5.15.2/QtQml/private/../../../../../../src/qml/memory/
> qv4mm_p.h:211
> #13 QV4::MemoryManager::allocate<QV4::QQmlValueTypeReference>()
> (this=0x55d09478e270) at
> ../../include/QtQml/5.15.2/QtQml/private/../../../../../../src/qml/memory/
> qv4mm_p.h:244
> #14 QV4::QQmlValueTypeWrapper::create(QV4::ExecutionEngine*, QObject*, int,
> QMetaObject const*, int) (engine=engine@entry=0x55d0945468a0,
> object=object@entry=0x55d09548cf40, property=43, metaObject=0x7fa780965c00
> <QQuickColorValueType::staticMetaObject>, typeId=67) at
> /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde43-2.2.x86_64/src/qml/qml/
> qqmlvaluetypewrapper.cpp:191
> #15 0x00007fa78008676e in loadProperty(QV4::ExecutionEngine*, QObject*,
> QQmlPropertyData const&) (v4=0x55d0945468a0, object=0x55d09548cf40,
> property=...) at
> /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde43-2.2.x86_64/src/qml/
> jsruntime/qv4qobjectwrapper.cpp:186
> #16 0x00007fa780087258 in
> QV4::QObjectWrapper::getQmlProperty(QV4::ExecutionEngine*, QQmlContextData*,
> QObject*, QV4::String*, QV4::QObjectWrapper::RevisionMode, bool*,
> QQmlPropertyData**) (engine=engine@entry=0x55d0945468a0,
> qmlContext=qmlContext@entry=0x55d099d5a5d0, object=0x55d09548cf40,
> name=0x7fa7481ba578,
> revisionMode=revisionMode@entry=QV4::QObjectWrapper::IgnoreRevision,
> hasProperty=hasProperty@entry=0x0, property=0x0) at
> /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde43-2.2.x86_64/src/qml/
> jsruntime/qv4qobjectwrapper.cpp:388
> #17 0x00007fa7801d9d92 in QV4::QQmlTypeWrapper::virtualGet(QV4::Managed
> const*, QV4::PropertyKey, QV4::Value const*, bool*) (m=0x7fa7481ba568,
> id=..., receiver=0x7fa7481ba568, hasProperty=0x0) at
> /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde43-2.2.x86_64/src/qml/qml/
> qqmltypewrapper.cpp:268
> #18 0x00007fa78001530d in QV4::Object::get(QV4::StringOrSymbol*, bool*,
> QV4::Value const*) const (receiver=0x7fa7481ba568, hasProperty=0x0,
> name=0x7fa7481ba570, this=0x7fa7481ba568) at
> ../../include/QtQml/5.15.2/QtQml/private/../../../../../../src/qml/jsruntime/
> qv4string_p.h:167
> #19 QV4::Lookup::getterFallback(QV4::Lookup*, QV4::ExecutionEngine*,
> QV4::Value const&) (l=<optimized out>, engine=0x55d0945468a0,
> object=<optimized out>) at
> /usr/src/debug/libqt5-qtdeclarative-5.15.2+kde43-2.2.x86_64/src/qml/
> jsruntime/qv4lookup.cpp:201
> #20 0x00007fa7140fbf05 in  ()
> #21 0x0000000000000000 in  ()
> [Inferior 1 (process 2450) detached]
> 
> 
> Not sure if there's anything we can do here.

You are probably right.
I opened a bug report in the Qt bug tracker.
See: https://bugreports.qt.io/browse/QTBUG-104021

RESOLVED for now.