Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-101177

QTimer random segmentation fault (SIGSEGV)

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P1: Critical
    • 6.2.10, 6.2.6
    • 6.2.2, 6.3.0 Beta2
    • Core: Other
    • None
    • Ubuntu 20.04
    • Linux/Other display system
    • 4824469f90 (qt/tqtc-qtbase/6.2)

    Description

      There is a random crash on QTimer events on Unix multithreaded server. I haven't yet discovered the root cause. I compiled debug version and took the following stacktrace:

      Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007fad228e6061 in QBindingStorage::registerDependency (data=0x7face8733a50, this=0x7face8733a10) at /root/qt5/qtbase/src/corelib/kernel/qbindingstorage.h:87
87      /root/qt5/qtbase/src/corelib/kernel/qbindingstorage.h: No such file or directory.
[Current thread is 1 (Thread 0x7fad1b611700 (LWP 46730))]

(gdb) bt
#0  0x00007fad228e6061 in QBindingStorage::registerDependency (data=0x7face8733a50, this=0x7face8733a10) at /root/qt5/qtbase/src/corelib/kernel/qbindingstorage.h:87
#1  QObjectBindableProperty<QTimerPrivate, bool, &QTimerPrivate::_qt_property_single_offset, (decltype(nullptr))0>::value() const (this=0x7face8733a50)
    at /root/qt5/qtbase/include/QtCore/../../src/corelib/kernel/qproperty.h:991
#2  QObjectBindableProperty<QTimerPrivate, bool, &QTimerPrivate::_qt_property_single_offset, (decltype(nullptr))0>::operator bool() const (this=0x7face8733a50)
    at /root/qt5/qtbase/include/QtCore/../../src/corelib/kernel/qproperty.h:1014
#3  QTimer::timerEvent (this=0x7face870d080, e=<optimized out>) at /root/qt5/qtbase/src/corelib/kernel/qtimer.cpp:295
#4  0x00007fad228c0376 in QObject::event (this=0x7face870d080, e=0x7fad1b610b70) at /root/qt5/qtbase/src/corelib/kernel/qobject.cpp:1332
#5  0x00007fad228569f0 in QCoreApplicationPrivate::notify_helper (receiver=receiver@entry=0x7face870d080, event=event@entry=0x7fad1b610b70)
    at /root/qt5/qtbase/src/corelib/kernel/qcoreapplication.cpp:1234
#6  0x00007fad2285845d in doNotify (receiver=0x7face870d080, event=0x7fad1b610b70) at /root/qt5/qtbase/src/corelib/kernel/qcoreapplication.cpp:1156
#7  0x00007fad228584c8 in QCoreApplication::notify (this=<optimized out>, receiver=<optimized out>, event=<optimized out>)
    at /root/qt5/qtbase/src/corelib/kernel/qcoreapplication.cpp:1146
#8  0x00007fad2285858b in QCoreApplication::notifyInternal2 (receiver=0x7face870d080, event=0x7fad1b610b70)
    at /root/qt5/qtbase/src/corelib/kernel/qcoreapplication.cpp:1067
#9  0x00007fad2285860b in QCoreApplication::sendEvent (receiver=<optimized out>, event=<optimized out>) at /root/qt5/qtbase/src/corelib/kernel/qcoreapplication.cpp:1483
#10 0x00007fad22a4a7f7 in QTimerInfoList::activateTimers (this=this@entry=0x7fad10000c58) at /root/qt5/qtbase/src/corelib/kernel/qtimerinfo_unix.cpp:639
#11 0x00007fad22a4305e in QEventDispatcherUNIXPrivate::activateTimers (this=this@entry=0x7fad10000b80)
    at /root/qt5/qtbase/src/corelib/kernel/qeventdispatcher_unix.cpp:249
#12 0x00007fad22a4625a in QEventDispatcherUNIX::processEvents (this=<optimized out>, flags=...) at /root/qt5/qtbase/src/corelib/kernel/qeventdispatcher_unix.cpp:516
#13 0x00007fad2286833f in QEventLoop::processEvents (this=this@entry=0x7fad1b610d60, flags=..., flags@entry=...) at /usr/include/c++/9/bits/atomic_base.h:734
#14 0x00007fad22868ee2 in QEventLoop::exec (this=this@entry=0x7fad1b610d60, flags=flags@entry=...) at /root/qt5/qtbase/src/corelib/global/qflags.h:111
#15 0x00007fad229b58bf in QThread::exec (this=<optimized out>) at /root/qt5/qtbase/src/corelib/global/qflags.h:110
#16 0x00007fad229b59a9 in QThread::run (this=<optimized out>) at /root/qt5/qtbase/src/corelib/thread/qthread.cpp:622
#17 0x00007fad22a4d442 in QThreadPrivate::<lambda()>::operator() (__closure=0x7fad1b610e10) at /root/qt5/qtbase/src/corelib/thread/qthread_unix.cpp:356
#18 (anonymous namespace)::terminate_on_exception<QThreadPrivate::start(void*)::<lambda()> >(QThreadPrivate::<lambda()> &&) (t=...)
    at /root/qt5/qtbase/src/corelib/thread/qthread_unix.cpp:292
#19 0x00007fad22a4d52b in QThreadPrivate::start (arg=<optimized out>) at /root/qt5/qtbase/src/corelib/thread/qthread_unix.cpp:315
#20 0x00007fad21a68609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#21 0x00007fad22448293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

      On the line qbindingstorage.h:87

      if (!bindingStatus->currentlyEvaluatingBinding)

      ...looks if the bindingStatus pointer is dirty, but it is not nullptr:

      (gdb) print bindingStatus
$2 = (QBindingStatus *) 0x7fac89ff36d0

      To be honest, I'm out of ideas....

       

      Second version of the crash:

      Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007f0a285800b3 in QObjectCompatProperty<QTimerPrivate, int, &QTimerPrivate::_qt_property_inter_offset, &QTimerPrivate::setInterval, (decltype(nullptr))0, (decltype(nullptr))0>::value() const (this=0x7f09d82c777c)
    at /root/qt5/qtbase/src/corelib/kernel/qobject_p.h:682
#1  QObjectCompatProperty<QTimerPrivate, int, &QTimerPrivate::_qt_property_inter_offset, &QTimerPrivate::setInterval, (decltype(nullptr))0, (decltype(nullptr))0>::operator int() const (this=0x7f09d82c777c)
    at /root/qt5/qtbase/include/QtCore/6.3.0/QtCore/private/../../../../../src/corelib/kernel/qproperty_p.h:542
#2  QTimer::start (this=0x7f09d814b270) at /root/qt5/qtbase/src/corelib/kernel/qtimer.cpp:242
#3  0x000055cfc793288c in ServerNetwork::<lambda(int)>::operator()(int) const (__closure=0x7f09d8009640, nwkId=405) at /home/gitlab-runner/builds/-YKsw-rj/0/gridens/smartgrid-server/Server/so/servernetwork.cpp:120
#4  0x000055cfc794dd0e in QtPrivate::FunctorCall<QtPrivate::IndexesList<0>, QtPrivate::List<int>, void, ServerNetwork::ServerNetwork(QObject*)::<lambda(int)> >::call(ServerNetwork::<lambda(int)> &, void **) (f=...,
    arg=0x7f09ad2ba5e8) at /opt/qt/include/QtCore/qobjectdefs_impl.h:163
#5  0x000055cfc794c22b in QtPrivate::Functor<ServerNetwork::ServerNetwork(QObject*)::<lambda(int)>, 1>::call<QtPrivate::List<int>, void>(ServerNetwork::<lambda(int)> &, void *, void **) (f=..., arg=0x7f09ad2ba5e8)
    at /opt/qt/include/QtCore/qobjectdefs_impl.h:277
#6  0x000055cfc794a204 in QtPrivate::QFunctorSlotObject<ServerNetwork::ServerNetwork(QObject*)::<lambda(int)>, 1, QtPrivate::List<int>, void>::impl(int, QtPrivate::QSlotObjectBase *, QObject *, void **, bool *) (which=1,
    this_=0x7f09d8009630, r=0x7f09d82d8410, a=0x7f09ad2ba5e8, ret=0x0) at /opt/qt/include/QtCore/qobjectdefs_impl.h:444
#7  0x00007f0a2855428d in QtPrivate::QSlotObjectBase::call (a=<optimized out>, r=0x7f09d82d8410, this=<optimized out>) at /root/qt5/qtbase/src/corelib/kernel/qobjectdefs_impl.h:399
#8  QMetaCallEvent::placeMetaCall (this=0x7f09ad2ba5a0, object=0x7f09d82d8410) at /root/qt5/qtbase/src/corelib/kernel/qobject.cpp:623
#9  0x00007f0a2855a45c in QObject::event (this=<optimized out>, e=0x7f09ad2ba5a0) at /root/qt5/qtbase/src/corelib/kernel/qobject.cpp:1355
#10 0x00007f0a284f09f0 in QCoreApplicationPrivate::notify_helper (receiver=receiver@entry=0x7f09d82d8410, event=event@entry=0x7f09ad2ba5a0) at /root/qt5/qtbase/src/corelib/kernel/qcoreapplication.cpp:1234
#11 0x00007f0a284f245d in doNotify (receiver=0x7f09d82d8410, event=0x7f09ad2ba5a0) at /root/qt5/qtbase/src/corelib/kernel/qcoreapplication.cpp:1156
#12 0x00007f0a284f24c8 in QCoreApplication::notify (this=<optimized out>, receiver=<optimized out>, event=<optimized out>) at /root/qt5/qtbase/src/corelib/kernel/qcoreapplication.cpp:1146
#13 0x00007f0a284f258b in QCoreApplication::notifyInternal2 (receiver=receiver@entry=0x7f09d82d8410, event=event@entry=0x7f09ad2ba5a0) at /root/qt5/qtbase/src/corelib/kernel/qcoreapplication.cpp:1067
#14 0x00007f0a284f260b in QCoreApplication::sendEvent (receiver=receiver@entry=0x7f09d82d8410, event=event@entry=0x7f09ad2ba5a0) at /root/qt5/qtbase/src/corelib/kernel/qcoreapplication.cpp:1483
#15 0x00007f0a284f5cf1 in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x7f09d82ceee0) at /root/qt5/qtbase/src/corelib/kernel/qcoreapplication.cpp:1847
#16 0x00007f0a286def49 in QEventDispatcherUNIX::processEvents (this=0x7f09a0021010, flags=...) at /root/qt5/qtbase/src/corelib/kernel/qeventdispatcher_unix.cpp:468
#17 0x00007f0a2850233f in QEventLoop::processEvents (this=this@entry=0x7f099b7fdd60, flags=..., flags@entry=...) at /usr/include/c++/9/bits/atomic_base.h:734
#18 0x00007f0a28502ee2 in QEventLoop::exec (this=this@entry=0x7f099b7fdd60, flags=flags@entry=...) at /root/qt5/qtbase/src/corelib/global/qflags.h:111
#19 0x00007f0a2864f8bf in QThread::exec (this=<optimized out>) at /root/qt5/qtbase/src/corelib/global/qflags.h:110
#20 0x00007f0a2864f9a9 in QThread::run (this=<optimized out>) at /root/qt5/qtbase/src/corelib/thread/qthread.cpp:622
#21 0x00007f0a286e7442 in QThreadPrivate::<lambda()>::operator() (__closure=0x7f099b7fde10) at /root/qt5/qtbase/src/corelib/thread/qthread_unix.cpp:356
#22 (anonymous namespace)::terminate_on_exception<QThreadPrivate::start(void*)::<lambda()> >(QThreadPrivate::<lambda()> &&) (t=...) at /root/qt5/qtbase/src/corelib/thread/qthread_unix.cpp:292
#23 0x00007f0a286e752b in QThreadPrivate::start (arg=<optimized out>) at /root/qt5/qtbase/src/corelib/thread/qthread_unix.cpp:315
#24 0x00007f0a27702609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#25 0x00007f0a280e2293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

      QBindingStorage seems to be the most popular class everywhere.

       

      I'm trying to find a way to reproduce it...

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-102403 QObject::objectName() leads to heap-use-after-free in tst_qquickanimations::cleanupWhenRenderThreadStops()

          • P2: Important - Urgent, should be fixed, but will not stop the release.
          • Closed
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              fabiankosmale Fabian Kosmale
              kiibimees Lauri Laanmets
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews