Created attachment 1950222 [details] Tentative (untested) fix Description of problem: Qt's V4 JIT engine generates bad JIT code that corrupts JS stack slots, causing random garbage collector crashes later on. On a vanilla KDE Plasma setup, this can cause plasmashell to sometimes or consistently crash, depending on the alignment of the stars (sometimes sessions are completely unusable). See below for a consistent repro. Version-Release number of selected component (if applicable): 5.15.8-1.fc37 How reproducible: Randomly by default, 100% with QV4_MM_AGGRESSIVE_GC=1, never with QV4_FORCE_INTERPRETER=1. Steps to Reproduce: 1. Start a KDE Plasma session 2. killall plasmashell 3. QV4_MM_AGGRESSIVE_GC=1 plasmashell Actual results: plasmashell instantly segfaults Expected results: plasmashell does not segfault Additional info: Example of the bad JIT code here: https://social.treehouse.systems/@marcan/110015722134175810 I believe the issue is a missing accumulator save/restore around a call to PushCallContext. Tentative fix patch is attached (untested). This is generic code, so I think this is actually broken on *all architectures* in principle, it's just that ARM64 got unlucky with the register clobbering and value encoding lottery and ended up with actual crashes. Upstream should probably audit the whole file to see if there are any other missed accumulator save/restores. Also identically reproducible on Arch Linux ARM.
Jan Grulich wanted this forwarded upstream, so I've done so: https://bugreports.qt.io/browse/QTBUG-111935
Neal, thanks for forwarding to upstream!
the fix should be included in 5.15.8-4. Hector, thanks a lot for the patch
FEDORA-2023-77181dc3e2 has been submitted as an update to Fedora 38. https://bodhi.fedoraproject.org/updates/FEDORA-2023-77181dc3e2
FEDORA-2023-3e87d05e2c has been submitted as an update to Fedora 37. https://bodhi.fedoraproject.org/updates/FEDORA-2023-3e87d05e2c
FEDORA-2023-3e87d05e2c has been pushed to the Fedora 37 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-3e87d05e2c` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-3e87d05e2c See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2023-77181dc3e2 has been pushed to the Fedora 38 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-77181dc3e2 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2023-77181dc3e2 has been pushed to the Fedora 38 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2023-3e87d05e2c has been pushed to the Fedora 37 stable repository. If problem still persists, please make note of it in this bug report.