Details
-
Bug
-
Resolution: Done
-
P0: Blocker
-
None
-
5.11, 5.12
-
None
-
Linux/X11,
macOS,
Windows
Description
Commit cf0b965aaab0ea7e777c1f8e8d35de3a73d7d08e – https://codereview.qt-project.org/#/c/234325/ results in the extras auto-test in qtquickcontrols to crash. Here's the ASAN trace:
********* Start testing of extras *********
Config: Using QtTest library 5.12.0, Qt 5.12.0 (x86_64-little_endian-lp64 shared (dynamic) debug build; by GCC 7.3.0)
PASS : extras::Tests_CircularGauge::initTestCase()
PASS : extras::Tests_CircularGauge::test_instance()
PASS : extras::Tests_CircularGauge::test_tickmarksVisible()
PASS : extras::Tests_CircularGauge::cleanupTestCase()
PASS : extras::Tests_CircularTickmarkLabel::initTestCase()
PASS : extras::Tests_CircularTickmarkLabel::test_angleRange()
PASS : extras::Tests_CircularTickmarkLabel::test_invalidValues()
PASS : extras::Tests_CircularTickmarkLabel::test_labelText()
PASS : extras::Tests_CircularTickmarkLabel::test_tickmarksAndLabels()
PASS : extras::Tests_CircularTickmarkLabel::cleanupTestCase()
PASS : extras::Tests_Common::initTestCase()
PASS : extras::Tests_Common::test_resize(CircularGauge)
PASS : extras::Tests_Common::test_resize(DelayButton)
PASS : extras::Tests_Common::test_resize(Dial)
PASS : extras::Tests_Common::test_resize(Gauge)
PASS : extras::Tests_Common::test_resize(StatusIndicator)
PASS : extras::Tests_Common::test_resize(ToggleButton)
PASS : extras::Tests_Common::test_resize(Tumbler)
PASS : extras::Tests_Common::test_resize(PieMenu)
PASS : extras::Tests_Common::cleanupTestCase()
PASS : extras::Tests_DelayButton::initTestCase()
PASS : extras::Tests_DelayButton::test_activation(delayed)
=================================================================
==6176==ERROR: AddressSanitizer: heap-use-after-free on address 0x603000995e6c at pc 0x7f74fbe48296 bp 0x7ffe134a90c0 sp 0x7ffe134a90b0
READ of size 4 at 0x603000995e6c thread T0
#0 0x7f74fbe48295 in QListData::size() const /home/simon/dev/qt-dev/asan/qtbase/include/QtCore/../../src/corelib/tools/qlist.h:113
#1 0x7f74fbe48295 in QList<QQuickRevertAction>::count() const /home/simon/dev/qt-dev/asan/qtbase/include/QtCore/../../src/corelib/tools/qlist.h:345
#2 0x7f74fbe48295 in QQuickStatePrivate::complete() util/qquickstate.cpp:297
#3 0x7f74fbe58821 in QQuickTransitionManager::complete() util/qquicktransitionmanager.cpp:102
#4 0x7f74fbe81e35 in ParallelAnimationWrapper::updateState(QAbstractAnimationJob::State, QAbstractAnimationJob::State) util/qquicktransition.cpp:201
#5 0x7f74fb6a831e in QAbstractAnimationJob::setState(QAbstractAnimationJob::State) animations/qabstractanimationjob.cpp:361
#6 0x7f74fb6aa82e in QAbstractAnimationJob::stop() animations/qabstractanimationjob.cpp:531
#7 0x7f74fbe7fdc1 in QQuickTransitionInstance::stop() util/qquicktransition.cpp:228
#8 0x7f74fbe7fe6d in QQuickTransitionInstance::~QQuickTransitionInstance() util/qquicktransition.cpp:214
#9 0x7f74fbe80114 in QQuickTransitionInstance::~QQuickTransitionInstance() util/qquicktransition.cpp:217
#10 0x7f74fbe580d4 in QQuickTransitionManager::~QQuickTransitionManager() util/qquicktransitionmanager.cpp:81
#11 0x7f74fbe57b39 in QQuickStatePrivate::~QQuickStatePrivate() util/qquickstate_p_p.h:200
#12 0x7f74fbe57b39 in QQuickStatePrivate::~QQuickStatePrivate() util/qquickstate_p_p.h:200
#13 0x7f74ff93adca in QScopedPointerDeleter<QObjectData>::cleanup(QObjectData*) ../../include/QtCore/../../src/corelib/tools/qscopedpointer.h:60
#14 0x7f74ff93adca in QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData> >::~QScopedPointer() ../../include/QtCore/../../src/corelib/tools/qscopedpointer.h:107
#15 0x7f74ff93adca in QObject::~QObject() kernel/qobject.cpp:884
#16 0x7f74fbe43c08 in QQuickState::~QQuickState() util/qquickstate.cpp:160
#17 0x7f74fbdca68e in QQmlPrivate::QQmlElement<QQuickState>::~QQmlElement() /home/simon/dev/qt-dev/asan/qtbase/include/QtQml/../../../qtdeclarative/src/qml/qml/qqmlprivate.h:103
#18 0x7f74fbdca68e in QQmlPrivate::QQmlElement<QQuickState>::~QQmlElement() /home/simon/dev/qt-dev/asan/qtbase/include/QtQml/../../../qtdeclarative/src/qml/qml/qqmlprivate.h:103
#19 0x7f74ff9362e2 in QObjectPrivate::deleteChildren() kernel/qobject.cpp:1997
#20 0x7f74ff93aea1 in QObject::~QObject() kernel/qobject.cpp:1025
#21 0x7f74fc215065 in QQuickItem::~QQuickItem() items/qquickitem.cpp:2382
#22 0x7f74fc2a8598 in QQmlPrivate::QQmlElement<QQuickItem>::~QQmlElement() /home/simon/dev/qt-dev/asan/qtbase/include/QtQml/../../../qtdeclarative/src/qml/qml/qqmlprivate.h:103
#23 0x7f74fc2a8598 in QQmlPrivate::QQmlElement<QQuickItem>::~QQmlElement() /home/simon/dev/qt-dev/asan/qtbase/include/QtQml/../../../qtdeclarative/src/qml/qml/qqmlprivate.h:103
#24 0x7f74ff9362e2 in QObjectPrivate::deleteChildren() kernel/qobject.cpp:1997
#25 0x7f74ff93aea1 in QObject::~QObject() kernel/qobject.cpp:1025
#26 0x7f74fc215065 in QQuickItem::~QQuickItem() items/qquickitem.cpp:2382
#27 0x7f74fc47da2a in QQuickImplicitSizeItem::~QQuickImplicitSizeItem() items/qquickimplicitsizeitem_p.h:60
#28 0x7f74fc47da2a in QQuickLoader::~QQuickLoader() items/qquickloader.cpp:312
#29 0x7f74fc2a997e in QQmlPrivate::QQmlElement<QQuickLoader>::~QQmlElement() /home/simon/dev/qt-dev/asan/qtbase/include/QtQml/../../../qtdeclarative/src/qml/qml/qqmlprivate.h:103
#30 0x7f74fc2a997e in QQmlPrivate::QQmlElement<QQuickLoader>::~QQmlElement() /home/simon/dev/qt-dev/asan/qtbase/include/QtQml/../../../qtdeclarative/src/qml/qml/qqmlprivate.h:103
#31 0x7f74ff9362e2 in QObjectPrivate::deleteChildren() kernel/qobject.cpp:1997
#32 0x7f74ff93aea1 in QObject::~QObject() kernel/qobject.cpp:1025
#33 0x7f74fc215065 in QQuickItem::~QQuickItem() items/qquickitem.cpp:2382
#34 0x7f74fc2a8598 in QQmlPrivate::QQmlElement<QQuickItem>::~QQmlElement() /home/simon/dev/qt-dev/asan/qtbase/include/QtQml/../../../qtdeclarative/src/qml/qml/qqmlprivate.h:103
#35 0x7f74fc2a8598 in QQmlPrivate::QQmlElement<QQuickItem>::~QQmlElement() /home/simon/dev/qt-dev/asan/qtbase/include/QtQml/../../../qtdeclarative/src/qml/qml/qqmlprivate.h:103
#36 0x7f74ff9362e2 in QObjectPrivate::deleteChildren() kernel/qobject.cpp:1997
#37 0x7f74ff93aea1 in QObject::~QObject() kernel/qobject.cpp:1025
#38 0x7f74fc215065 in QQuickItem::~QQuickItem() items/qquickitem.cpp:2382
#39 0x7f74fc47da2a in QQuickImplicitSizeItem::~QQuickImplicitSizeItem() items/qquickimplicitsizeitem_p.h:60
#40 0x7f74fc47da2a in QQuickLoader::~QQuickLoader() items/qquickloader.cpp:312
#41 0x7f74fc2a997e in QQmlPrivate::QQmlElement<QQuickLoader>::~QQmlElement() /home/simon/dev/qt-dev/asan/qtbase/include/QtQml/../../../qtdeclarative/src/qml/qml/qqmlprivate.h:103
#42 0x7f74fc2a997e in QQmlPrivate::QQmlElement<QQuickLoader>::~QQmlElement() /home/simon/dev/qt-dev/asan/qtbase/include/QtQml/../../../qtdeclarative/src/qml/qml/qqmlprivate.h:103
#43 0x7f74ff9362e2 in QObjectPrivate::deleteChildren() kernel/qobject.cpp:1997
#44 0x7f74ff93aea1 in QObject::~QObject() kernel/qobject.cpp:1025
#45 0x7f74fc215065 in QQuickItem::~QQuickItem() items/qquickitem.cpp:2382
#46 0x7f74fc295d6e in QQuickFocusScope::~QQuickFocusScope() items/qquickfocusscope.cpp:65
#47 0x7f74fc2a6548 in QQmlPrivate::QQmlElement<QQuickFocusScope>::~QQmlElement() /home/simon/dev/qt-dev/asan/qtbase/include/QtQml/../../../qtdeclarative/src/qml/qml/qqmlprivate.h:103
#48 0x7f74fc2a6548 in QQmlPrivate::QQmlElement<QQuickFocusScope>::~QQmlElement() /home/simon/dev/qt-dev/asan/qtbase/include/QtQml/../../../qtdeclarative/src/qml/qml/qqmlprivate.h:103
#49 0x7f74ff91d570 in qDeleteInEventHandler(QObject*) kernel/qobject.cpp:4609
#50 0x7f74ff92387b in QObject::event(QEvent*) kernel/qobject.cpp:1242
#51 0x7f74fc20b08d in QQuickItem::event(QEvent*) items/qquickitem.cpp:8048
#52 0x7f74ff874c8e in QCoreApplicationPrivate::notify_helper(QObject*, QEvent*) kernel/qcoreapplication.cpp:1197
#53 0x7f74ff874edd in doNotify kernel/qcoreapplication.cpp:1138
#54 0x7f74ff8753ac in QCoreApplication::notify(QObject*, QEvent*) kernel/qcoreapplication.cpp:1124
#55 0x7f75001fef20 in QGuiApplication::notify(QObject*, QEvent*) kernel/qguiapplication.cpp:1768
#56 0x7f74ff87514c in QCoreApplication::notifyInternal2(QObject*, QEvent*) kernel/qcoreapplication.cpp:1048
#57 0x7f74ff875a5e in QCoreApplication::sendEvent(QObject*, QEvent*) kernel/qcoreapplication.cpp:1421
#58 0x7f74ff886ccf in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) kernel/qcoreapplication.cpp:1764
#59 0x7f74ff888ad2 in QCoreApplication::sendPostedEvents(QObject*, int) kernel/qcoreapplication.cpp:1618
#60 0x7f750229f480 in qWait /home/simon/dev/qt-dev/asan/qtbase/include/QtTest/../../src/testlib/qtestsystem.h:101
#61 0x7f750229f480 in QuickTestResult::wait(int) /home/simon/dev/qt-dev/asan/qtdeclarative/src/qmltest/quicktestresult.cpp:645
#62 0x7f75022abb4d in QuickTestResult::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) .moc/moc_quicktestresult_p.cpp:339
#63 0x7f75022ad30c in QuickTestResult::qt_metacall(QMetaObject::Call, int, void**) .moc/moc_quicktestresult_p.cpp:492
#64 0x7f74ff89795d in QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) kernel/qmetaobject.cpp:301
#65 0x7f74fb54645c in QQmlObjectOrGadget::metacall(QMetaObject::Call, int, void**) const qml/qqmlpropertycache.cpp:1733
#66 0x7f74fb1d8de8 in CallMethod jsruntime/qv4qobjectwrapper.cpp:1198
#67 0x7f74fb1da30c in CallPrecise jsruntime/qv4qobjectwrapper.cpp:1460
#68 0x7f74fb1e0dc0 in QV4::QObjectMethod::callInternal(QV4::Value const*, QV4::Value const*, int) const jsruntime/qv4qobjectwrapper.cpp:2002
#69 0x7f74fb1e012f in QV4::QObjectMethod::virtualCall(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int) jsruntime/qv4qobjectwrapper.cpp:1939
#70 0x7f74fb098766 in QV4::FunctionObject::call(QV4::Value const*, QV4::Value const*, int) const /home/simon/dev/qt-dev/asan/qtbase/include/QtQml/5.12.0/QtQml/private/../../../../../../qtdeclarative/src/qml/jsruntime/qv4functionobject_p.h:179
#71 0x7f74fb396d7d in QV4::Runtime::method_callProperty(QV4::ExecutionEngine*, QV4::Value*, int, QV4::Value*, int) jsruntime/qv4runtime.cpp:1216
#72 0x7f74fb223b67 in QV4::Moth::VME::interpret(QV4::CppStackFrame*, QV4::ExecutionEngine*, char const*) jsruntime/qv4vme_moth.cpp:690
#73 0x7f74fb21d926 in QV4::Moth::VME::exec(QV4::CppStackFrame*, QV4::ExecutionEngine*) jsruntime/qv4vme_moth.cpp:441
#74 0x7f74fb10a9a6 in QV4::ScriptFunction::virtualCall(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int) jsruntime/qv4functionobject.cpp:512
#75 0x7f74fb098766 in QV4::FunctionObject::call(QV4::Value const*, QV4::Value const*, int) const /home/simon/dev/qt-dev/asan/qtbase/include/QtQml/5.12.0/QtQml/private/../../../../../../qtdeclarative/src/qml/jsruntime/qv4functionobject_p.h:179
#76 0x7f74fb395f20 in QV4::Runtime::method_callName(QV4::ExecutionEngine*, int, QV4::Value*, int) jsruntime/qv4runtime.cpp:1177
#77 0x7f74fb224486 in QV4::Moth::VME::interpret(QV4::CppStackFrame*, QV4::ExecutionEngine*, char const*) jsruntime/qv4vme_moth.cpp:717
#78 0x7f74fb21d926 in QV4::Moth::VME::exec(QV4::CppStackFrame*, QV4::ExecutionEngine*) jsruntime/qv4vme_moth.cpp:441
#79 0x7f74fb10a9a6 in QV4::ScriptFunction::virtualCall(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int) jsruntime/qv4functionobject.cpp:512
#80 0x7f74fb098766 in QV4::FunctionObject::call(QV4::Value const*, QV4::Value const*, int) const /home/simon/dev/qt-dev/asan/qtbase/include/QtQml/5.12.0/QtQml/private/../../../../../../qtdeclarative/src/qml/jsruntime/qv4functionobject_p.h:179
#81 0x7f74fb395f20 in QV4::Runtime::method_callName(QV4::ExecutionEngine*, int, QV4::Value*, int) jsruntime/qv4runtime.cpp:1177
#82 0x7f74fb224486 in QV4::Moth::VME::interpret(QV4::CppStackFrame*, QV4::ExecutionEngine*, char const*) jsruntime/qv4vme_moth.cpp:717
#83 0x7f74fb21d926 in QV4::Moth::VME::exec(QV4::CppStackFrame*, QV4::ExecutionEngine*) jsruntime/qv4vme_moth.cpp:441
#84 0x7f74fb10a9a6 in QV4::ScriptFunction::virtualCall(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int) jsruntime/qv4functionobject.cpp:512
#85 0x7f74fb098766 in QV4::FunctionObject::call(QV4::Value const*, QV4::Value const*, int) const /home/simon/dev/qt-dev/asan/qtbase/include/QtQml/5.12.0/QtQml/private/../../../../../../qtdeclarative/src/qml/jsruntime/qv4functionobject_p.h:179
#86 0x7f74fb395f20 in QV4::Runtime::method_callName(QV4::ExecutionEngine*, int, QV4::Value*, int) jsruntime/qv4runtime.cpp:1177
#87 0x7f74fb224486 in QV4::Moth::VME::interpret(QV4::CppStackFrame*, QV4::ExecutionEngine*, char const*) jsruntime/qv4vme_moth.cpp:717
#88 0x7f74fb21d926 in QV4::Moth::VME::exec(QV4::CppStackFrame*, QV4::ExecutionEngine*) jsruntime/qv4vme_moth.cpp:441
#89 0x7f74fb101170 in QV4::Function::call(QV4::Value const*, QV4::Value const*, int, QV4::ExecutionContext const*) jsruntime/qv4function.cpp:68
#90 0x7f74fb5a7b00 in QQmlJavaScriptExpression::evaluate(QV4::CallData*, bool*) qml/qqmljavascriptexpression.cpp:216
#91 0x7f74fb4727f7 in QQmlBoundSignalExpression::evaluate(void**) qml/qqmlboundsignal.cpp:237
#92 0x7f74fb473651 in QQmlBoundSignal_callback(QQmlNotifierEndpoint*, void**) qml/qqmlboundsignal.cpp:370
#93 0x7f74fb55b9f9 in QQmlNotifier::emitNotify(QQmlNotifierEndpoint*, void**) qml/qqmlnotifier.cpp:106
#94 0x7f74fb402216 in QQmlData::signalEmitted(QAbstractDeclarativeData*, QObject*, int, void**) qml/qqmlengine.cpp:870
#95 0x7f74ff920c54 in QMetaObject::activate(QObject*, int, int, void**) kernel/qobject.cpp:3648
#96 0x7f74fb3f943b in QQmlVMEMetaObject::activate(QObject*, int, void**) qml/qqmlvmemetaobject.cpp:1246
#97 0x7f74fb3f590f in QQmlVMEMetaObject::metaCall(QObject*, QMetaObject::Call, int, void**) qml/qqmlvmemetaobject.cpp:839
#98 0x7f74fb3f6bd5 in QQmlVMEMetaObject::metaCall(QObject*, QMetaObject::Call, int, void**) qml/qqmlvmemetaobject.cpp:979
#99 0x7f74ff897910 in QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) kernel/qmetaobject.cpp:299
#100 0x7f74fb44bd8a in QQmlPropertyData::writeProperty(QObject*, void*, QFlags<QQmlPropertyData::WriteFlag>) const /home/simon/dev/qt-dev/asan/qtbase/include/QtQml/5.12.0/QtQml/private/../../../../../../qtdeclarative/src/qml/qml/qqmlpropertycache_p.h:350
#101 0x7f74fb5cb152 in bool GenericBinding<1>::doStore<bool>(bool, QQmlPropertyData const*, QFlags<QQmlPropertyData::WriteFlag>) const qml/qqmlbinding.cpp:334
#102 0x7f74fb5cb152 in GenericBinding<1>::write(QV4::Value const&, bool, QFlags<QQmlPropertyData::WriteFlag>) qml/qqmlbinding.cpp:296
#103 0x7f74fb5c2a90 in QQmlNonbindingBinding::doUpdate(QQmlJavaScriptExpression::DeleteWatcher const&, QFlags<QQmlPropertyData::WriteFlag>, QV4::Scope&) qml/qqmlbinding.cpp:249
#104 0x7f74fb5bd4bc in QQmlBinding::update(QFlags<QQmlPropertyData::WriteFlag>) qml/qqmlbinding.cpp:185
#105 0x7f74fb5bf9b5 in QQmlBinding::expressionChanged() qml/qqmlbinding.cpp:529
#106 0x7f74fb5aa85b in QQmlJavaScriptExpressionGuard_callback(QQmlNotifierEndpoint*, void**) qml/qqmljavascriptexpression.cpp:486
#107 0x7f74fb55b9f9 in QQmlNotifier::emitNotify(QQmlNotifierEndpoint*, void**) qml/qqmlnotifier.cpp:106
#108 0x7f74fb402216 in QQmlData::signalEmitted(QAbstractDeclarativeData*, QObject*, int, void**) qml/qqmlengine.cpp:870
#109 0x7f74ff920c54 in QMetaObject::activate(QObject*, int, int, void**) kernel/qobject.cpp:3648
#110 0x7f74fb3f943b in QQmlVMEMetaObject::activate(QObject*, int, void**) qml/qqmlvmemetaobject.cpp:1246
#111 0x7f74fb3f590f in QQmlVMEMetaObject::metaCall(QObject*, QMetaObject::Call, int, void**) qml/qqmlvmemetaobject.cpp:839
#112 0x7f74fb3f6bd5 in QQmlVMEMetaObject::metaCall(QObject*, QMetaObject::Call, int, void**) qml/qqmlvmemetaobject.cpp:979
#113 0x7f74ff897910 in QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) kernel/qmetaobject.cpp:299
#114 0x7f74fb44bd8a in QQmlPropertyData::writeProperty(QObject*, void*, QFlags<QQmlPropertyData::WriteFlag>) const /home/simon/dev/qt-dev/asan/qtbase/include/QtQml/5.12.0/QtQml/private/../../../../../../qtdeclarative/src/qml/qml/qqmlpropertycache_p.h:350
#115 0x7f74fb5cb152 in bool GenericBinding<1>::doStore<bool>(bool, QQmlPropertyData const*, QFlags<QQmlPropertyData::WriteFlag>) const qml/qqmlbinding.cpp:334
#116 0x7f74fb5cb152 in GenericBinding<1>::write(QV4::Value const&, bool, QFlags<QQmlPropertyData::WriteFlag>) qml/qqmlbinding.cpp:296
#117 0x7f74fb5c2a90 in QQmlNonbindingBinding::doUpdate(QQmlJavaScriptExpression::DeleteWatcher const&, QFlags<QQmlPropertyData::WriteFlag>, QV4::Scope&) qml/qqmlbinding.cpp:249
#118 0x7f74fb5bd4bc in QQmlBinding::update(QFlags<QQmlPropertyData::WriteFlag>) qml/qqmlbinding.cpp:185
#119 0x7f74fb5bf9b5 in QQmlBinding::expressionChanged() qml/qqmlbinding.cpp:529
#120 0x7f74fb5aa85b in QQmlJavaScriptExpressionGuard_callback(QQmlNotifierEndpoint*, void**) qml/qqmljavascriptexpression.cpp:486
#121 0x7f74fb55b9f9 in QQmlNotifier::emitNotify(QQmlNotifierEndpoint*, void**) qml/qqmlnotifier.cpp:106
#122 0x7f74fb402216 in QQmlData::signalEmitted(QAbstractDeclarativeData*, QObject*, int, void**) qml/qqmlengine.cpp:870
#123 0x7f74ff920c54 in QMetaObject::activate(QObject*, int, int, void**) kernel/qobject.cpp:3648
#124 0x7f74ff922895 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) kernel/qobject.cpp:3633
#125 0x7f750225c45d in QTestRootObject::windowShownChanged() .moc/quicktest.moc:198
#126 0x7f7502269a56 in QTestRootObject::setWindowShown(bool) /home/simon/dev/qt-dev/asan/qtdeclarative/src/qmltest/quicktest.cpp:104
#127 0x7f7502269a56 in quick_test_main_with_setup(int, char**, char const*, char const*, QObject*) /home/simon/dev/qt-dev/asan/qtdeclarative/src/qmltest/quicktest.cpp:580
#128 0x7f750226bcfa in quick_test_main(int, char**, char const*, char const*) /home/simon/dev/qt-dev/asan/qtdeclarative/src/qmltest/quicktest.cpp:334
#129 0x55e0873b8cb5 in main /home/simon/dev/qt-dev/asan/qtquickcontrols/tests/auto/extras/tst_extras.cpp:31
#130 0x7f74fecedb96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
#131 0x55e0873b8b79 in _start (/home/simon/dev/qt-dev/asan/qtquickcontrols/tests/auto/extras/tst_extras+0xb79)
0x603000995e6c is located 12 bytes inside of 32-byte region [0x603000995e60,0x603000995e80)
freed by thread T0 here:
#0 0x7f75012367b8 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde7b8)
#1 0x7f74ff335e3e in QListData::dispose(QListData::Data*) tools/qlist.cpp:163
#2 0x7f74fbe527ae in QList<QQuickRevertAction>::dealloc(QListData::Data*) (/home/simon/dev/qt-dev/asan/qtbase/lib/libQt5Quick.so.5+0x2537ae)
#3 0x7f74fbe52833 in QList<QQuickRevertAction>::~QList() (/home/simon/dev/qt-dev/asan/qtbase/lib/libQt5Quick.so.5+0x253833)
#4 0x7f74fbe57b21 in QQuickStatePrivate::~QQuickStatePrivate() util/qquickstate_p_p.h:200
#5 0x7f74fbe57b21 in QQuickStatePrivate::~QQuickStatePrivate() util/qquickstate_p_p.h:200
#6 0x7f74ff93adca in QScopedPointerDeleter<QObjectData>::cleanup(QObjectData*) ../../include/QtCore/../../src/corelib/tools/qscopedpointer.h:60
#7 0x7f74ff93adca in QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData> >::~QScopedPointer() ../../include/QtCore/../../src/corelib/tools/qscopedpointer.h:107
#8 0x7f74ff93adca in QObject::~QObject() kernel/qobject.cpp:884
#9 0x7f74fbe43c08 in QQuickState::~QQuickState() util/qquickstate.cpp:160
#10 0x7f74fbdca68e in QQmlPrivate::QQmlElement<QQuickState>::~QQmlElement() /home/simon/dev/qt-dev/asan/qtbase/include/QtQml/../../../qtdeclarative/src/qml/qml/qqmlprivate.h:103
#11 0x7f74fbdca68e in QQmlPrivate::QQmlElement<QQuickState>::~QQmlElement() /home/simon/dev/qt-dev/asan/qtbase/include/QtQml/../../../qtdeclarative/src/qml/qml/qqmlprivate.h:103
#12 0x7f74ff9362e2 in QObjectPrivate::deleteChildren() kernel/qobject.cpp:1997
#13 0x7f74ff93aea1 in QObject::~QObject() kernel/qobject.cpp:1025
#14 0x7f74fc215065 in QQuickItem::~QQuickItem() items/qquickitem.cpp:2382
#15 0x7f74fc2a8598 in QQmlPrivate::QQmlElement<QQuickItem>::~QQmlElement() /home/simon/dev/qt-dev/asan/qtbase/include/QtQml/../../../qtdeclarative/src/qml/qml/qqmlprivate.h:103
#16 0x7f74fc2a8598 in QQmlPrivate::QQmlElement<QQuickItem>::~QQmlElement() /home/simon/dev/qt-dev/asan/qtbase/include/QtQml/../../../qtdeclarative/src/qml/qml/qqmlprivate.h:103
#17 0x7f74ff9362e2 in QObjectPrivate::deleteChildren() kernel/qobject.cpp:1997
#18 0x7f74ff93aea1 in QObject::~QObject() kernel/qobject.cpp:1025
#19 0x7f74fc215065 in QQuickItem::~QQuickItem() items/qquickitem.cpp:2382
#20 0x7f74fc47da2a in QQuickImplicitSizeItem::~QQuickImplicitSizeItem() items/qquickimplicitsizeitem_p.h:60
#21 0x7f74fc47da2a in QQuickLoader::~QQuickLoader() items/qquickloader.cpp:312
#22 0x7f74fc2a997e in QQmlPrivate::QQmlElement<QQuickLoader>::~QQmlElement() /home/simon/dev/qt-dev/asan/qtbase/include/QtQml/../../../qtdeclarative/src/qml/qml/qqmlprivate.h:103
#23 0x7f74fc2a997e in QQmlPrivate::QQmlElement<QQuickLoader>::~QQmlElement() /home/simon/dev/qt-dev/asan/qtbase/include/QtQml/../../../qtdeclarative/src/qml/qml/qqmlprivate.h:103
#24 0x7f74ff9362e2 in QObjectPrivate::deleteChildren() kernel/qobject.cpp:1997
#25 0x7f74ff93aea1 in QObject::~QObject() kernel/qobject.cpp:1025
#26 0x7f74fc215065 in QQuickItem::~QQuickItem() items/qquickitem.cpp:2382
#27 0x7f74fc2a8598 in QQmlPrivate::QQmlElement<QQuickItem>::~QQmlElement() /home/simon/dev/qt-dev/asan/qtbase/include/QtQml/../../../qtdeclarative/src/qml/qml/qqmlprivate.h:103
#28 0x7f74fc2a8598 in QQmlPrivate::QQmlElement<QQuickItem>::~QQmlElement() /home/simon/dev/qt-dev/asan/qtbase/include/QtQml/../../../qtdeclarative/src/qml/qml/qqmlprivate.h:103
#29 0x7f74ff9362e2 in QObjectPrivate::deleteChildren() kernel/qobject.cpp:1997
#30 0x7f74ff93aea1 in QObject::~QObject() kernel/qobject.cpp:1025
#31 0x7f74fc215065 in QQuickItem::~QQuickItem() items/qquickitem.cpp:2382
#32 0x7f74fc47da2a in QQuickImplicitSizeItem::~QQuickImplicitSizeItem() items/qquickimplicitsizeitem_p.h:60
#33 0x7f74fc47da2a in QQuickLoader::~QQuickLoader() items/qquickloader.cpp:312
#34 0x7f74fc2a997e in QQmlPrivate::QQmlElement<QQuickLoader>::~QQmlElement() /home/simon/dev/qt-dev/asan/qtbase/include/QtQml/../../../qtdeclarative/src/qml/qml/qqmlprivate.h:103
#35 0x7f74fc2a997e in QQmlPrivate::QQmlElement<QQuickLoader>::~QQmlElement() /home/simon/dev/qt-dev/asan/qtbase/include/QtQml/../../../qtdeclarative/src/qml/qml/qqmlprivate.h:103
#36 0x7f74ff9362e2 in QObjectPrivate::deleteChildren() kernel/qobject.cpp:1997
#37 0x7f74ff93aea1 in QObject::~QObject() kernel/qobject.cpp:1025
#38 0x7f74fc215065 in QQuickItem::~QQuickItem() items/qquickitem.cpp:2382
#39 0x7f74fc295d6e in QQuickFocusScope::~QQuickFocusScope() items/qquickfocusscope.cpp:65
previously allocated by thread T0 here:
#0 0x7f7501236b50 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb50)
#1 0x7f74ff3357e7 in QListData::detach_grow(int*, int) tools/qlist.cpp:79
#2 0x7f74fbe56586 in QList<QQuickRevertAction>::detach_helper_grow(int, int) /home/simon/dev/qt-dev/asan/qtbase/include/QtCore/../../src/corelib/tools/qlist.h:758
#3 0x7f74fbe568f1 in QList<QQuickRevertAction>::append(QQuickRevertAction const&) /home/simon/dev/qt-dev/asan/qtbase/include/QtCore/../../src/corelib/tools/qlist.h:584
#4 0x7f74fbe5046d in QList<QQuickRevertAction>::operator<<(QQuickRevertAction const&) /home/simon/dev/qt-dev/asan/qtbase/include/QtCore/../../src/corelib/tools/qlist.h:388
#5 0x7f74fbe5046d in QQuickState::apply(QQuickTransition*, QQuickState*) util/qquickstate.cpp:669
#6 0x7f74fbe79df9 in QQuickStateGroupPrivate::setCurrentStateInternal(QString const&, bool) util/qquickstategroup.cpp:486
#7 0x7f74fbe7a4b9 in QQuickStateGroup::setState(QString const&) util/qquickstategroup.cpp:291
#8 0x7f74fc1d0a01 in QQuickItemPrivate::setState(QString const&) items/qquickitem.cpp:4907
#9 0x7f74fc1d0a2a in QQuickItem::setState(QString const&) items/qquickitem.cpp:4941
#10 0x7f74fc21e020 in QQuickItem::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) .moc/moc_qquickitem.cpp:945
#11 0x7f74fc21f2a7 in QQuickItem::qt_metacall(QMetaObject::Call, int, void**) .moc/moc_qquickitem.cpp:1013
#12 0x7f74ff89795d in QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) kernel/qmetaobject.cpp:301
#13 0x7f74fb1d2fab in QV4::QObjectWrapper::setProperty(QV4::ExecutionEngine*, QObject*, QQmlPropertyData*, QV4::Value const&) jsruntime/qv4qobjectwrapper.cpp:542
#14 0x7f74fb1cf82a in QV4::QObjectWrapper::setQmlProperty(QV4::ExecutionEngine*, QQmlContextData*, QObject*, QV4::String*, QV4::QObjectWrapper::RevisionMode, QV4::Value const&) jsruntime/qv4qobjectwrapper.cpp:435
#15 0x7f74fb1772ed in QV4::QQmlContextWrapper::virtualPut(QV4::Managed*, QV4::PropertyKey, QV4::Value const&, QV4::Value*) jsruntime/qv4qmlcontext.cpp:289
#16 0x7f74fb061072 in QV4::Object::put(QV4::StringOrSymbol*, QV4::Value const&, QV4::Value*) /home/simon/dev/qt-dev/asan/qtbase/include/QtQml/5.12.0/QtQml/private/../../../../../../qtdeclarative/src/qml/jsruntime/qv4object_p.h:308
#17 0x7f74fb08d08d in QV4::ExecutionContext::setProperty(QV4::String*, QV4::Value const&) jsruntime/qv4context.cpp:271
#18 0x7f74fb3909d4 in QV4::Runtime::method_storeNameSloppy(QV4::ExecutionEngine*, int, QV4::Value const&) jsruntime/qv4runtime.cpp:815
#19 0x7f74fb2211d0 in QV4::Moth::VME::interpret(QV4::CppStackFrame*, QV4::ExecutionEngine*, char const*) jsruntime/qv4vme_moth.cpp:564
#20 0x7f74fb21d926 in QV4::Moth::VME::exec(QV4::CppStackFrame*, QV4::ExecutionEngine*) jsruntime/qv4vme_moth.cpp:441
#21 0x7f74fb101170 in QV4::Function::call(QV4::Value const*, QV4::Value const*, int, QV4::ExecutionContext const*) jsruntime/qv4function.cpp:68
#22 0x7f74fb5a7b00 in QQmlJavaScriptExpression::evaluate(QV4::CallData*, bool*) qml/qqmljavascriptexpression.cpp:216
#23 0x7f74fb4727f7 in QQmlBoundSignalExpression::evaluate(void**) qml/qqmlboundsignal.cpp:237
#24 0x7f74fb473651 in QQmlBoundSignal_callback(QQmlNotifierEndpoint*, void**) qml/qqmlboundsignal.cpp:370
#25 0x7f74fb55b9f9 in QQmlNotifier::emitNotify(QQmlNotifierEndpoint*, void**) qml/qqmlnotifier.cpp:106
#26 0x7f74fb402216 in QQmlData::signalEmitted(QAbstractDeclarativeData*, QObject*, int, void**) qml/qqmlengine.cpp:870
#27 0x7f74ff920c54 in QMetaObject::activate(QObject*, int, int, void**) kernel/qobject.cpp:3648
#28 0x7f74fb3f943b in QQmlVMEMetaObject::activate(QObject*, int, void**) qml/qqmlvmemetaobject.cpp:1246
#29 0x7f74fb3f6147 in QQmlVMEMetaObject::metaCall(QObject*, QMetaObject::Call, int, void**) qml/qqmlvmemetaobject.cpp:922
#30 0x7f74ff897910 in QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) kernel/qmetaobject.cpp:299
SUMMARY: AddressSanitizer: heap-use-after-free /home/simon/dev/qt-dev/asan/qtbase/include/QtCore/../../src/corelib/tools/qlist.h:113 in QListData::size() const
Reverting the change makes the tests pass.
Affects qt5 5.11 : https://codereview.qt-project.org/#/c/233949/
and qt5 5.12: https://codereview.qt-project.org/#/c/233675/