** Description changed: - We're encountering a critical issue in Qt 5.15.13 as shipped in Ubuntu - 24.04 (Noble). The Qt V4 JIT engine occasionally generates invalid - machine code, resulting in crashes at runtime. + [ Impact ] + We're encountering a critical issue in Qt 5.15.13 as shipped in Ubuntu 24.04 (Noble). The Qt V4 JIT engine occasionally generates invalid machine code, resulting in crashes at runtime. - This issue is tracked upstream as QTBUG-111935 [0], and was fixed in Qt + This issue is tracked upstream as + https://bugreports.qt.io/browse/QTBUG-111935, and was fixed in Qt 5.15.14. Symptoms: - * Application crashes with segmentation faults or illegal instruction errors when executing certain JavaScript in QML (GC). - * The issue appears to stem from bad register allocation or incorrect code paths during JIT compilation. + * Application crashes with segmentation faults or illegal instruction errors when executing certain JavaScript in QML (GC). + * The issue appears to stem from bad register allocation or incorrect code paths during JIT compilation. - Affected Package: - qtdeclarative-opensource-src version 5.15.13 in Ubuntu Noble + This affects users using Lomiri (and plasma) on arm64 (maybe others) + devices. It causes random crashes in normal day to day use, 100% with + QV4_MM_AGGRESSIVE_GC=1, never with QV4_FORCE_INTERPRETER=1. - Upstream Fix: + [ Test Plan ] + * Start plasmashell or lomiri with set QV4_MM_AGGRESSIVE_GC=1. - Commit that resolves the issue: + [ Where problems could occur ] + The fix touches the JIT interpreter code, so potential problems would occur there. - qt/qtdeclarative@3bd18f4 [1] or attached patch - JIT: Add missing {STORE|LOAD}_ACC() to CreateCallContext + However, we run upstream test suite during build, so it should catch any + potential regressions. - Would it be possible to Cherry-pick the above fix into the current Qt - 5.15.13 package in Noble? + [ Other Info ] + Upstream commit that resolves the issue: - I’m only able to apply a downstream patch for now, but would prefer a - shared fix in the official archive if feasible. - - Thanks for considering this! - - [0] https://bugreports.qt.io/browse/QTBUG-111935 - [1] https://github.com/qt/qtdeclarative/commit/3bd18f41cfb0f3da65eecf216e49a9bb6bda71a6 - - — Marius + https://code.qt.io/cgit/qt/qtdeclarative.git/commit/?id=3bd18f41cfb0f3da65eecf216e49a9bb6bda71a6
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtdeclarative-opensource- src in Ubuntu. https://bugs.launchpad.net/bugs/2111216 Title: Qt V4 JIT engine generates bad JIT code Status in qtdeclarative-opensource-src package in Ubuntu: Fix Released Status in qtdeclarative-opensource-src source package in Noble: Triaged Bug description: [ Impact ] We're encountering a critical issue in Qt 5.15.13 as shipped in Ubuntu 24.04 (Noble). The Qt V4 JIT engine occasionally generates invalid machine code, resulting in crashes at runtime. This issue is tracked upstream as https://bugreports.qt.io/browse/QTBUG-111935, and was fixed in Qt 5.15.14. Symptoms: * Application crashes with segmentation faults or illegal instruction errors when executing certain JavaScript in QML (GC). * The issue appears to stem from bad register allocation or incorrect code paths during JIT compilation. This affects users using Lomiri (and plasma) on arm64 (maybe others) devices. It causes random crashes in normal day to day use, 100% with QV4_MM_AGGRESSIVE_GC=1, never with QV4_FORCE_INTERPRETER=1. [ Test Plan ] * Start plasmashell or lomiri with set QV4_MM_AGGRESSIVE_GC=1. [ Where problems could occur ] The fix touches the JIT interpreter code, so potential problems would occur there. However, we run upstream test suite during build, so it should catch any potential regressions. [ Other Info ] Upstream commit that resolves the issue: https://code.qt.io/cgit/qt/qtdeclarative.git/commit/?id=3bd18f41cfb0f3da65eecf216e49a9bb6bda71a6 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qtdeclarative-opensource-src/+bug/2111216/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
