Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-105090

tst_QQuickMenu AddressSanitizer: heap-use-after-free in QQmlData::signalHasEndpoint(int)

    XMLWordPrintable

Details

    • Linux/X11
    • 691956654 (dev), 541e0f866 (6.6), 5d45b5944 (tqtc/lts-5.15), aaa1b060f (tqtc/lts-6.2), 86f8bb43b (6.5)

    Description

      This is being reported occasionally since a long time ago in the nightly ASAN enabled testruns of qtdeclarative. The issue happens only under X11 when all modules are configured with -sanitize address (IIRC mitch_curtis did not manage to reproduce on MacOS).

      Trying to paste the test log here in a readable way

      QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-sanitizer-runs'
********* Start testing of tst_QQuickMenu *********
Config: Using QtTest library 6.5.0, Qt 6.5.0 (x86_64-little_endian-lp64 shared (dynamic) debug build; by Ubuntu Clang 13.0.1), ubuntu 20.04
PASS   : tst_QQuickMenu::Basic::initTestCase()
PASS   : tst_QQuickMenu::Basic::defaults()
PASS   : tst_QQuickMenu::Basic::count()
PASS   : tst_QQuickMenu::Basic::mouse()
PASS   : tst_QQuickMenu::Basic::pressAndHold()
PASS   : tst_QQuickMenu::Basic::contextMenuKeyboard()
PASS   : tst_QQuickMenu::Basic::disabledMenuItemKeyNavigation()
PASS   : tst_QQuickMenu::Basic::mnemonics()
PASS   : tst_QQuickMenu::Basic::menuButton()
PASS   : tst_QQuickMenu::Basic::addItem()
PASS   : tst_QQuickMenu::Basic::menuSeparator()
PASS   : tst_QQuickMenu::Basic::repeater()
PASS   : tst_QQuickMenu::Basic::order()
PASS   : tst_QQuickMenu::Basic::popup()
PASS   : tst_QQuickMenu::Basic::actions()
PASS   : tst_QQuickMenu::Basic::actionShortcuts()
PASS   : tst_QQuickMenu::Basic::removeTakeItem()
PASS   : tst_QQuickMenu::Basic::subMenuMouse(cascading)
PASS   : tst_QQuickMenu::Basic::subMenuMouse(non-cascading)
PASS   : tst_QQuickMenu::Basic::subMenuDisabledMouse(cascading)
PASS   : tst_QQuickMenu::Basic::subMenuDisabledMouse(non-cascading)
PASS   : tst_QQuickMenu::Basic::subMenuKeyboard(cascading)
PASS   : tst_QQuickMenu::Basic::subMenuKeyboard(cascading,mirrored)
PASS   : tst_QQuickMenu::Basic::subMenuKeyboard(non-cascading)
PASS   : tst_QQuickMenu::Basic::subMenuKeyboard(non-cascading,mirrored)
PASS   : tst_QQuickMenu::Basic::subMenuDisabledKeyboard(cascading)
PASS   : tst_QQuickMenu::Basic::subMenuDisabledKeyboard(cascading,mirrored)
PASS   : tst_QQuickMenu::Basic::subMenuDisabledKeyboard(non-cascading)
PASS   : tst_QQuickMenu::Basic::subMenuDisabledKeyboard(non-cascading,mirrored)
PASS   : tst_QQuickMenu::Basic::subMenuPosition(cascading)
PASS   : tst_QQuickMenu::Basic::subMenuPosition(cascading,flip)
PASS   : tst_QQuickMenu::Basic::subMenuPosition(cascading,overlap)
PASS   : tst_QQuickMenu::Basic::subMenuPosition(cascading,flip,overlap)
PASS   : tst_QQuickMenu::Basic::subMenuPosition(cascading,mirrored)
PASS   : tst_QQuickMenu::Basic::subMenuPosition(cascading,mirrored,flip)
PASS   : tst_QQuickMenu::Basic::subMenuPosition(cascading,mirrored,overlap)
PASS   : tst_QQuickMenu::Basic::subMenuPosition(cascading,mirrored,flip,overlap)
PASS   : tst_QQuickMenu::Basic::subMenuPosition(non-cascading)
PASS   : tst_QQuickMenu::Basic::addRemoveSubMenus()
PASS   : tst_QQuickMenu::Basic::scrollable(Window)
PASS   : tst_QQuickMenu::Basic::scrollable(ApplicationWindow)
PASS   : tst_QQuickMenu::Basic::scrollable(WithPadding)
PASS   : tst_QQuickMenu::Basic::disableWhenTriggered(Action)
PASS   : tst_QQuickMenu::Basic::disableWhenTriggered(MenuItem with Action)
PASS   : tst_QQuickMenu::Basic::disableWhenTriggered(MenuItem with Action declared outside menu)
PASS   : tst_QQuickMenu::Basic::disableWhenTriggered(MenuItem with no Action)
PASS   : tst_QQuickMenu::Basic::disableWhenTriggered(Sub-Action)
PASS   : tst_QQuickMenu::Basic::disableWhenTriggered(Sub-MenuItem with Action declared inside)
PASS   : tst_QQuickMenu::Basic::disableWhenTriggered(Sub-MenuItem with Action declared outside menu)
PASS   : tst_QQuickMenu::Basic::disableWhenTriggered(Sub-MenuItem with no Action)
PASS   : tst_QQuickMenu::Basic::menuItemWidth(non-mirrored)
PASS   : tst_QQuickMenu::Basic::menuItemWidth(mirrored)
PASS   : tst_QQuickMenu::Basic::menuItemWidthAfterMenuWidthChanged(non-mirrored)
PASS   : tst_QQuickMenu::Basic::menuItemWidthAfterMenuWidthChanged(mirrored)
PASS   : tst_QQuickMenu::Basic::menuItemWidthAfterImplicitWidthChanged(non-mirrored)
PASS   : tst_QQuickMenu::Basic::menuItemWidthAfterImplicitWidthChanged(mirrored)
PASS   : tst_QQuickMenu::Basic::menuItemWidthAfterRetranslate()
PASS   : tst_QQuickMenu::Basic::giveMenuItemFocusOnButtonPress()
PASS   : tst_QQuickMenu::Basic::customMenuCullItems()
PASS   : tst_QQuickMenu::Basic::customMenuUseRepeaterAsTheContentItem()
PASS   : tst_QQuickMenu::Basic::cleanupTestCase()
PASS   : tst_QQuickMenu::Fusion::initTestCase()
PASS   : tst_QQuickMenu::Fusion::defaults()
PASS   : tst_QQuickMenu::Fusion::count()
PASS   : tst_QQuickMenu::Fusion::mouse()
PASS   : tst_QQuickMenu::Fusion::pressAndHold()
PASS   : tst_QQuickMenu::Fusion::contextMenuKeyboard()
PASS   : tst_QQuickMenu::Fusion::disabledMenuItemKeyNavigation()
PASS   : tst_QQuickMenu::Fusion::mnemonics()
PASS   : tst_QQuickMenu::Fusion::menuButton()
PASS   : tst_QQuickMenu::Fusion::addItem()
PASS   : tst_QQuickMenu::Fusion::menuSeparator()
PASS   : tst_QQuickMenu::Fusion::repeater()
PASS   : tst_QQuickMenu::Fusion::order()
PASS   : tst_QQuickMenu::Fusion::popup()
PASS   : tst_QQuickMenu::Fusion::actions()
PASS   : tst_QQuickMenu::Fusion::actionShortcuts()
PASS   : tst_QQuickMenu::Fusion::removeTakeItem()
PASS   : tst_QQuickMenu::Fusion::subMenuMouse(cascading)
PASS   : tst_QQuickMenu::Fusion::subMenuMouse(non-cascading)
PASS   : tst_QQuickMenu::Fusion::subMenuDisabledMouse(cascading)
PASS   : tst_QQuickMenu::Fusion::subMenuDisabledMouse(non-cascading)
PASS   : tst_QQuickMenu::Fusion::subMenuKeyboard(cascading)
PASS   : tst_QQuickMenu::Fusion::subMenuKeyboard(cascading,mirrored)
PASS   : tst_QQuickMenu::Fusion::subMenuKeyboard(non-cascading)
PASS   : tst_QQuickMenu::Fusion::subMenuKeyboard(non-cascading,mirrored)
PASS   : tst_QQuickMenu::Fusion::subMenuDisabledKeyboard(cascading)
PASS   : tst_QQuickMenu::Fusion::subMenuDisabledKeyboard(cascading,mirrored)
PASS   : tst_QQuickMenu::Fusion::subMenuDisabledKeyboard(non-cascading)
PASS   : tst_QQuickMenu::Fusion::subMenuDisabledKeyboard(non-cascading,mirrored)
PASS   : tst_QQuickMenu::Fusion::subMenuPosition(cascading)
PASS   : tst_QQuickMenu::Fusion::subMenuPosition(cascading,flip)
PASS   : tst_QQuickMenu::Fusion::subMenuPosition(cascading,overlap)
PASS   : tst_QQuickMenu::Fusion::subMenuPosition(cascading,flip,overlap)
PASS   : tst_QQuickMenu::Fusion::subMenuPosition(cascading,mirrored)
PASS   : tst_QQuickMenu::Fusion::subMenuPosition(cascading,mirrored,flip)
PASS   : tst_QQuickMenu::Fusion::subMenuPosition(cascading,mirrored,overlap)
PASS   : tst_QQuickMenu::Fusion::subMenuPosition(cascading,mirrored,flip,overlap)
PASS   : tst_QQuickMenu::Fusion::subMenuPosition(non-cascading)
PASS   : tst_QQuickMenu::Fusion::addRemoveSubMenus()
PASS   : tst_QQuickMenu::Fusion::scrollable(Window)
PASS   : tst_QQuickMenu::Fusion::scrollable(ApplicationWindow)
PASS   : tst_QQuickMenu::Fusion::scrollable(WithPadding)
PASS   : tst_QQuickMenu::Fusion::disableWhenTriggered(Action)
PASS   : tst_QQuickMenu::Fusion::disableWhenTriggered(MenuItem with Action)
PASS   : tst_QQuickMenu::Fusion::disableWhenTriggered(MenuItem with Action declared outside menu)
PASS   : tst_QQuickMenu::Fusion::disableWhenTriggered(MenuItem with no Action)
PASS   : tst_QQuickMenu::Fusion::disableWhenTriggered(Sub-Action)
PASS   : tst_QQuickMenu::Fusion::disableWhenTriggered(Sub-MenuItem with Action declared inside)
PASS   : tst_QQuickMenu::Fusion::disableWhenTriggered(Sub-MenuItem with Action declared outside menu)
PASS   : tst_QQuickMenu::Fusion::disableWhenTriggered(Sub-MenuItem with no Action)
PASS   : tst_QQuickMenu::Fusion::menuItemWidth(non-mirrored)
PASS   : tst_QQuickMenu::Fusion::menuItemWidth(mirrored)
PASS   : tst_QQuickMenu::Fusion::menuItemWidthAfterMenuWidthChanged(non-mirrored)
PASS   : tst_QQuickMenu::Fusion::menuItemWidthAfterMenuWidthChanged(mirrored)
PASS   : tst_QQuickMenu::Fusion::menuItemWidthAfterImplicitWidthChanged(non-mirrored)
PASS   : tst_QQuickMenu::Fusion::menuItemWidthAfterImplicitWidthChanged(mirrored)
PASS   : tst_QQuickMenu::Fusion::menuItemWidthAfterRetranslate()
PASS   : tst_QQuickMenu::Fusion::giveMenuItemFocusOnButtonPress()
PASS   : tst_QQuickMenu::Fusion::customMenuCullItems()
PASS   : tst_QQuickMenu::Fusion::customMenuUseRepeaterAsTheContentItem()
PASS   : tst_QQuickMenu::Fusion::cleanupTestCase()
PASS   : tst_QQuickMenu::Imagine::initTestCase()
PASS   : tst_QQuickMenu::Imagine::defaults()
PASS   : tst_QQuickMenu::Imagine::count()
PASS   : tst_QQuickMenu::Imagine::mouse()
PASS   : tst_QQuickMenu::Imagine::pressAndHold()
PASS   : tst_QQuickMenu::Imagine::contextMenuKeyboard()
PASS   : tst_QQuickMenu::Imagine::disabledMenuItemKeyNavigation()
PASS   : tst_QQuickMenu::Imagine::mnemonics()
PASS   : tst_QQuickMenu::Imagine::menuButton()
PASS   : tst_QQuickMenu::Imagine::addItem()
PASS   : tst_QQuickMenu::Imagine::menuSeparator()
PASS   : tst_QQuickMenu::Imagine::repeater()
PASS   : tst_QQuickMenu::Imagine::order()
PASS   : tst_QQuickMenu::Imagine::popup()
PASS   : tst_QQuickMenu::Imagine::actions()
PASS   : tst_QQuickMenu::Imagine::actionShortcuts()
PASS   : tst_QQuickMenu::Imagine::removeTakeItem()
PASS   : tst_QQuickMenu::Imagine::subMenuMouse(cascading)
PASS   : tst_QQuickMenu::Imagine::subMenuMouse(non-cascading)
PASS   : tst_QQuickMenu::Imagine::subMenuDisabledMouse(cascading)
PASS   : tst_QQuickMenu::Imagine::subMenuDisabledMouse(non-cascading)
PASS   : tst_QQuickMenu::Imagine::subMenuKeyboard(cascading)
PASS   : tst_QQuickMenu::Imagine::subMenuKeyboard(cascading,mirrored)
PASS   : tst_QQuickMenu::Imagine::subMenuKeyboard(non-cascading)
PASS   : tst_QQuickMenu::Imagine::subMenuKeyboard(non-cascading,mirrored)
PASS   : tst_QQuickMenu::Imagine::subMenuDisabledKeyboard(cascading)
PASS   : tst_QQuickMenu::Imagine::subMenuDisabledKeyboard(cascading,mirrored)
PASS   : tst_QQuickMenu::Imagine::subMenuDisabledKeyboard(non-cascading)
PASS   : tst_QQuickMenu::Imagine::subMenuDisabledKeyboard(non-cascading,mirrored)
PASS   : tst_QQuickMenu::Imagine::subMenuPosition(cascading)
PASS   : tst_QQuickMenu::Imagine::subMenuPosition(cascading,flip)
PASS   : tst_QQuickMenu::Imagine::subMenuPosition(cascading,overlap)
PASS   : tst_QQuickMenu::Imagine::subMenuPosition(cascading,flip,overlap)
PASS   : tst_QQuickMenu::Imagine::subMenuPosition(cascading,mirrored)
PASS   : tst_QQuickMenu::Imagine::subMenuPosition(cascading,mirrored,flip)
PASS   : tst_QQuickMenu::Imagine::subMenuPosition(cascading,mirrored,overlap)
PASS   : tst_QQuickMenu::Imagine::subMenuPosition(cascading,mirrored,flip,overlap)
PASS   : tst_QQuickMenu::Imagine::subMenuPosition(non-cascading)
PASS   : tst_QQuickMenu::Imagine::addRemoveSubMenus()
PASS   : tst_QQuickMenu::Imagine::scrollable(Window)
PASS   : tst_QQuickMenu::Imagine::scrollable(ApplicationWindow)
PASS   : tst_QQuickMenu::Imagine::scrollable(WithPadding)
PASS   : tst_QQuickMenu::Imagine::disableWhenTriggered(Action)
PASS   : tst_QQuickMenu::Imagine::disableWhenTriggered(MenuItem with Action)
PASS   : tst_QQuickMenu::Imagine::disableWhenTriggered(MenuItem with Action declared outside menu)
PASS   : tst_QQuickMenu::Imagine::disableWhenTriggered(MenuItem with no Action)
PASS   : tst_QQuickMenu::Imagine::disableWhenTriggered(Sub-Action)
PASS   : tst_QQuickMenu::Imagine::disableWhenTriggered(Sub-MenuItem with Action declared inside)
PASS   : tst_QQuickMenu::Imagine::disableWhenTriggered(Sub-MenuItem with Action declared outside menu)
PASS   : tst_QQuickMenu::Imagine::disableWhenTriggered(Sub-MenuItem with no Action)
PASS   : tst_QQuickMenu::Imagine::menuItemWidth(non-mirrored)
PASS   : tst_QQuickMenu::Imagine::menuItemWidth(mirrored)
PASS   : tst_QQuickMenu::Imagine::menuItemWidthAfterMenuWidthChanged(non-mirrored)
PASS   : tst_QQuickMenu::Imagine::menuItemWidthAfterMenuWidthChanged(mirrored)
PASS   : tst_QQuickMenu::Imagine::menuItemWidthAfterImplicitWidthChanged(non-mirrored)
PASS   : tst_QQuickMenu::Imagine::menuItemWidthAfterImplicitWidthChanged(mirrored)
PASS   : tst_QQuickMenu::Imagine::menuItemWidthAfterRetranslate()
PASS   : tst_QQuickMenu::Imagine::giveMenuItemFocusOnButtonPress()
PASS   : tst_QQuickMenu::Imagine::customMenuCullItems()
PASS   : tst_QQuickMenu::Imagine::customMenuUseRepeaterAsTheContentItem()
PASS   : tst_QQuickMenu::Imagine::cleanupTestCase()
PASS   : tst_QQuickMenu::Material::initTestCase()
PASS   : tst_QQuickMenu::Material::defaults()
PASS   : tst_QQuickMenu::Material::count()
=================================================================

      ==695599==ERROR: AddressSanitizer: heap-use-after-free on address 0x6030000d7d10 at pc 0x7f07878fd9f7 bp 0x7f077e6337d0 sp 0x7f077e6337c8

      inline bool QQmlData::signalHasEndpoint(int index) const
{
    return notifyList && (notifyList->connectionMask & (1ULL << quint64(index % 64)));        // ERROR: heap-use-after-free on connectionMask
} 
      READ of size 8 at 0x6030000d7d10 thread T391 (QSGRenderThread)
    #0 0x7f07878fd9f6 in QQmlData::signalHasEndpoint(int) const /home/sanitizer-runs/sanitizer_runs/build/qtdeclarative-asan/include/QtQml/6.5.0/QtQml/private/../../../../../../../../../cc-runs/src/qt/qt5/qtdeclarative/src/qml/qml/qqmldata_p.h:342:39
    #1 0x7f07878ee716 in QQmlData::isSignalConnected(QAbstractDeclarativeData*, QObject const*, int) /home/cc-runs/src/qt/qt5/qtdeclarative/src/qml/qml/qqmlengine.cpp:357:19
    #2 0x7f0785a4fede in QObjectPrivate::isDeclarativeSignalConnected(unsigned int) const /home/sanitizer-runs/sanitizer_runs/build/qtbase-asan/include/QtCore/6.5.0/QtCore/private/../../../../../../../../../cc-runs/src/qt/qt5/qtbase/src/corelib/kernel/qobject_p.h:229:16
    #3 0x7f0785a4fede in void doActivate<false>(QObject*, int, void**) /home/cc-runs/src/qt/qt5/qtbase/src/corelib/kernel/qobject.cpp:3861:13
    #4 0x7f0785a3feec in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) /home/cc-runs/src/qt/qt5/qtbase/src/corelib/kernel/qobject.cpp:4032:9
    #5 0x7f078ac85d41 in QQuickWindow::frameSwapped() /home/sanitizer-runs/sanitizer_runs/build/qtdeclarative-asan/src/quick/Quick_autogen/include/moc_qquickwindow.cpp:743:5
    #6 0x7f078ad32e8c in QQuickWindowPrivate::fireFrameSwapped() /home/sanitizer-runs/sanitizer_runs/build/qtdeclarative-asan/include/QtQuick/6.5.0/QtQuick/private/../../../../../../../../../cc-runs/src/qt/qt5/qtdeclarative/src/quick/items/qquickwindow_p.h:179:48
    #7 0x7f078b6485f8 in QSGRenderThread::syncAndRender() /home/cc-runs/src/qt/qt5/qtdeclarative/src/quick/scenegraph/qsgthreadedrenderloop.cpp:749:12
    #8 0x7f078b64b679 in QSGRenderThread::run() /home/cc-runs/src/qt/qt5/qtdeclarative/src/quick/scenegraph/qsgthreadedrenderloop.cpp:934:13
    #9 0x7f0785dc4788 in QThreadPrivate::start(void*)::$_0::operator()() const /home/cc-runs/src/qt/qt5/qtbase/src/corelib/thread/qthread_unix.cpp:322:14
    #10 0x7f0785dc4788 in void (anonymous namespace)::terminate_on_exception<QThreadPrivate::start(void*)::$_0>(QThreadPrivate::start(void*)::$_0&&) /home/cc-runs/src/qt/qt5/qtbase/src/corelib/thread/qthread_unix.cpp:258:9
    #11 0x7f0785dc4788 in QThreadPrivate::start(void*) /home/cc-runs/src/qt/qt5/qtbase/src/corelib/thread/qthread_unix.cpp:281:5
    #12 0x7f07852d3608 in start_thread /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_create.c:477:8
    #13 0x7f07851cd132 in __clone /build/glibc-SzIz7B/glibc-2.31/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95

      0x6030000d7d10 is located 0 bytes inside of 32-byte region [0x6030000d7d10,0x6030000d7d30)

      freed by thread T0 here:
    #0 0x4a2c02 in __interceptor_free (/home/sanitizer-runs/sanitizer_runs/build/qtdeclarative-asan/tests/auto/quickcontrols2/qquickmenu/tst_qquickmenu+0x4a2c02)
    #1 0x7f07878eec0f in QQmlData::disconnectNotifiers() /home/cc-runs/src/qt/qt5/qtdeclarative/src/qml/qml/qqmlengine.cpp:1210:9
    #2 0x7f07878ee8e2 in QQmlData::setQueuedForDeletion(QObject*) /home/cc-runs/src/qt/qt5/qtdeclarative/src/qml/qml/qqmlengine.cpp:403:20
    #3 0x7f07878ebda3 in QQmlData::markAsDeleted(QObject*) /home/cc-runs/src/qt/qt5/qtdeclarative/src/qml/qml/qqmlengine.cpp:376:5
    #4 0x7f07878ebc4e in QQmlPrivate::qdeclarativeelement_destructor(QObject*) /home/cc-runs/src/qt/qt5/qtdeclarative/src/qml/qml/qqmlengine.cpp:241:9
    #5 0x7f078c4e39d2 in QQmlPrivate::QQmlElement<QQuickApplicationWindow>::~QQmlElement() /home/sanitizer-runs/sanitizer_runs/build/qtdeclarative-asan/include/QtQml/../../../../../../cc-runs/src/qt/qt5/qtdeclarative/src/qml/qml/qqmlprivate.h:98:13
    #6 0x7f078c4e3a08 in QQmlPrivate::QQmlElement<QQuickApplicationWindow>::~QQmlElement() /home/sanitizer-runs/sanitizer_runs/build/qtdeclarative-asan/include/QtQml/../../../../../../cc-runs/src/qt/qt5/qtdeclarative/src/qml/qml/qqmlprivate.h:97:33
    #7 0x56f212 in QScopedPointerDeleter<QObject>::cleanup(QObject*) /home/sanitizer-runs/sanitizer_runs/install_dir/asan/include/QtCore/qscopedpointer.h:24:9
    #8 0x56f191 in QScopedPointer<QObject, QScopedPointerDeleter<QObject> >::~QScopedPointer() /home/sanitizer-runs/sanitizer_runs/install_dir/asan/include/QtCore/qscopedpointer.h:80:9
    #9 0x56f139 in QQuickVisualTestUtils::QQuickApplicationHelper::~QQuickApplicationHelper() /home/sanitizer-runs/sanitizer_runs/build/qtdeclarative-asan/include/QtQuickTestUtils/6.5.0/QtQuickTestUtils/private/../../../../../../../../../cc-runs/src/qt/qt5/qtdeclarative/src/quicktestutils/quick/visualtestutils_p.h:151:11
    #10 0x562534 in QQuickControlsTestUtils::QQuickControlsApplicationHelper::~QQuickControlsApplicationHelper() /home/sanitizer-runs/sanitizer_runs/build/qtdeclarative-asan/include/QtQuickControlsTestUtils/6.5.0/QtQuickControlsTestUtils/private/../../../../../../../../../cc-runs/src/qt/qt5/qtdeclarative/src/quickcontrolstestutils/controlstestutils_p.h:28:11
    #11 0x4e04f9 in tst_QQuickMenu::mouse() /home/cc-runs/src/qt/qt5/qtdeclarative/tests/auto/quickcontrols2/qquickmenu/tst_qquickmenu.cpp:252:1
    #12 0x55c45d in tst_QQuickMenu::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/sanitizer-runs/sanitizer_runs/build/qtdeclarative-asan/tests/auto/quickcontrols2/qquickmenu/tst_qquickmenu_autogen/include/tst_qquickmenu.moc:375:21
    #13 0x7f078597b9ee in QMetaMethod::invoke(QObject*, Qt::ConnectionType, QGenericReturnArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument) const /home/cc-runs/src/qt/qt5/qtbase/src/corelib/kernel/qmetaobject.cpp:2357:13
    #14 0x7f078657de77 in QMetaMethod::invoke(QObject*, Qt::ConnectionType, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument) const /home/sanitizer-runs/sanitizer_runs/build/qtbase-asan/include/QtCore/../../../../../../cc-runs/src/qt/qt5/qtbase/src/corelib/kernel/qmetaobject.h:90:16
    #15 0x7f078657de77 in QTest::TestMethods::invokeTestOnData(int) const /home/cc-runs/src/qt/qt5/qtbase/src/testlib/qtestcase.cpp:1129:45
    #16 0x7f078657fe51 in QTest::TestMethods::invokeTest(int, QLatin1String, QTest::WatchDog*) const /home/cc-runs/src/qt/qt5/qtbase/src/testlib/qtestcase.cpp:1400:17
    #17 0x7f0786583825 in QTest::TestMethods::invokeTests(QObject*) const /home/cc-runs/src/qt/qt5/qtbase/src/testlib/qtestcase.cpp:1726:33
    #18 0x7f07865860f2 in QTest::qRun() /home/cc-runs/src/qt/qt5/qtbase/src/testlib/qtestcase.cpp:2338:14
    #19 0x55c094 in runTests(QObject*, int, char**) /home/sanitizer-runs/sanitizer_runs/build/qtdeclarative-asan/include/QtQuickControlsTestUtils/6.5.0/QtQuickControlsTestUtils/private/../../../../../../../../../cc-runs/src/qt/qt5/qtdeclarative/src/quickcontrolstestutils/qtest_quickcontrols_p.h:51:16
    #20 0x55b9d5 in main /home/cc-runs/src/qt/qt5/qtdeclarative/tests/auto/quickcontrols2/qquickmenu/tst_qquickmenu.cpp:2069:1
    #21 0x7f07850d2082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16

      previously allocated by thread T0 here:

          #0 0x4a2e6d in malloc (/home/sanitizer-runs/sanitizer_runs/build/qtdeclarative-asan/tests/auto/quickcontrols2/qquickmenu/tst_qquickmenu+0x4a2e6d)
    #1 0x7f07878f446f in QQmlData::addNotify(int, QQmlNotifierEndpoint*) /home/cc-runs/src/qt/qt5/qtdeclarative/src/qml/qml/qqmlengine.cpp:1170:36
    #2 0x7f0787b2c2d6 in QQmlNotifierEndpoint::connect(QObject*, int, QQmlEngine*, bool) /home/cc-runs/src/qt/qt5/qtdeclarative/src/qml/qml/qqmlnotifier.cpp:106:12
    #3 0x7f0787a43645 in QQmlPropertyCapture::captureNonBindableProperty(QObject*, int, int, bool) /home/cc-runs/src/qt/qt5/qtdeclarative/src/qml/qml/qqmljavascriptexpression.cpp:417:16
    #4 0x7f0787a4236b in QQmlPropertyCapture::captureProperty(QObject*, int, int, bool) /home/cc-runs/src/qt/qt5/qtdeclarative/src/qml/qml/qqmljavascriptexpression.cpp:331:5
    #5 0x7f07874f06fe in QV4::QObjectWrapper::getProperty(QV4::ExecutionEngine*, QObject*, QQmlPropertyData const*) /home/cc-runs/src/qt/qt5/qtdeclarative/src/qml/jsruntime/qv4qobjectwrapper.cpp:252:34
    #6 0x7f07874621c6 in unsigned long long QV4::QObjectWrapper::lookupGetterImpl<QV4::Lookup::getterQObject(QV4::Lookup*, QV4::ExecutionEngine*, QV4::Value const&)::$_0>(QV4::Lookup*, QV4::ExecutionEngine*, QV4::Value const&, bool, QV4::Lookup::getterQObject(QV4::Lookup*, QV4::ExecutionEngine*, QV4::Value const&)::$_0) /home/cc-runs/src/qt/qt5/qtdeclarative/src/qml/jsruntime/qv4qobjectwrapper_p.h:237:12
    #7 0x7f0787461c9a in QV4::Lookup::getterQObject(QV4::Lookup*, QV4::ExecutionEngine*, QV4::Value const&) /home/cc-runs/src/qt/qt5/qtdeclarative/src/qml/jsruntime/qv4lookup.cpp:378:12
    #8 0x7f078750076f in QV4::QObjectWrapper::virtualResolveLookupGetter(QV4::Object const*, QV4::ExecutionEngine*, QV4::Lookup*) /home/cc-runs/src/qt/qt5/qtdeclarative/src/qml/jsruntime/qv4qobjectwrapper.cpp:926:12
    #9 0x7f0787464809 in QV4::Object::resolveLookupGetter(QV4::ExecutionEngine*, QV4::Lookup*) const /home/sanitizer-runs/sanitizer_runs/build/qtdeclarative-asan/include/QtQml/6.5.0/QtQml/private/../../../../../../../../../cc-runs/src/qt/qt5/qtdeclarative/src/qml/jsruntime/qv4object_p.h:343:14
    #10 0x7f078745d654 in QV4::Lookup::resolveGetter(QV4::ExecutionEngine*, QV4::Object const*) /home/cc-runs/src/qt/qt5/qtdeclarative/src/qml/jsruntime/qv4lookup.cpp:36:20
    #11 0x7f078745fa0c in QV4::Lookup::getterGeneric(QV4::Lookup*, QV4::ExecutionEngine*, QV4::Value const&) /home/cc-runs/src/qt/qt5/qtdeclarative/src/qml/jsruntime/qv4lookup.cpp:107:19
    #12 0x7f07876a9a75 in QV4::Moth::VME::interpret(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*, char const*) /home/cc-runs/src/qt/qt5/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:729:15
    #13 0x7f07876a05f9 in QV4::Moth::VME::exec(QV4::JSTypesStackFrame*, QV4::ExecutionEngine*) /home/cc-runs/src/qt/qt5/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:542:18
    #14 0x7f07873eaaf1 in QV4::Function::call(QV4::Value const*, QV4::Value const*, int, QV4::ExecutionContext*) /home/cc-runs/src/qt/qt5/qtdeclarative/src/qml/jsruntime/qv4function.cpp:62:28
    #15 0x7f0787a4179a in QQmlJavaScriptExpression::evaluate(QV4::CallData*, bool*) /home/cc-runs/src/qt/qt5/qtdeclarative/src/qml/qml/qqmljavascriptexpression.cpp:238:48
    #16 0x7f07877f927b in QQmlBinding::evaluate(bool*) /home/cc-runs/src/qt/qt5/qtdeclarative/src/qml/qml/qqmlbinding.cpp:187:38
    #17 0x7f07878133a8 in QQmlNonbindingBinding::doUpdate(QQmlJavaScriptExpression::DeleteWatcher const&, QFlags<QQmlPropertyData::WriteFlag>, QV4::Scope&) /home/cc-runs/src/qt/qt5/qtdeclarative/src/qml/qml/qqmlbinding.cpp:247:44
    #18 0x7f07877f8f48 in QQmlBinding::update(QFlags<QQmlPropertyData::WriteFlag>) /home/cc-runs/src/qt/qt5/qtdeclarative/src/qml/qml/qqmlbinding.cpp:163:5
    #19 0x7f07877fe0e2 in QQmlBinding::expressionChanged() /home/cc-runs/src/qt/qt5/qtdeclarative/src/qml/qml/qqmlbinding.cpp:620:5
    #20 0x7f0787a45099 in QQmlJavaScriptExpressionGuard_callback(QQmlNotifierEndpoint*, void**) /home/cc-runs/src/qt/qt5/qtdeclarative/src/qml/qml/qqmljavascriptexpression.cpp:548:17
    #21 0x7f0787b2b80e in QQmlNotifier::emitNotify(QQmlNotifierEndpoint*, void**) /home/cc-runs/src/qt/qt5/qtdeclarative/src/qml/qml/qqmlnotifier.cpp:70:13
    #22 0x7f07878ee54e in QQmlData::signalEmitted(QAbstractDeclarativeData*, QObject*, int, void**) /home/cc-runs/src/qt/qt5/qtdeclarative/src/qml/qml/qqmlengine.cpp:344:17
    #23 0x7f0785a4ff15 in void doActivate<false>(QObject*, int, void**) /home/cc-runs/src/qt/qt5/qtbase/src/corelib/kernel/qobject.cpp:3864:9
    #24 0x7f0785a3feec in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) /home/cc-runs/src/qt/qt5/qtbase/src/corelib/kernel/qobject.cpp:4032:9
    #25 0x7f078acbc634 in QQuickWindowAttached::windowChanged() /home/sanitizer-runs/sanitizer_runs/build/qtdeclarative-asan/src/quick/Quick_autogen/include/moc_qquickwindowattached_p.cpp:378:5
    #26 0x7f078acbb977 in QQuickWindowAttached::windowChange(QQuickWindow*) /home/cc-runs/src/qt/qt5/qtdeclarative/src/quick/items/qquickwindowattached.cpp:67:14
    #27 0x7f078acc0d45 in QtPrivate::FunctorCall<QtPrivate::IndexesList<0>, QtPrivate::List<QQuickWindow*>, void, void (QQuickWindowAttached::*)(QQuickWindow*)>::call(void (QQuickWindowAttached::*)(QQuickWindow*), QQuickWindowAttached*, void**) /home/sanitizer-runs/sanitizer_runs/install_dir/asan/include/QtCore/qobjectdefs_impl.h:135:13
    #28 0x7f078acc0a54 in void QtPrivate::FunctionPointer<void (QQuickWindowAttached::*)(QQuickWindow*)>::call<QtPrivate::List<QQuickWindow*>, void>(void (QQuickWindowAttached::*)(QQuickWindow*), QQuickWindowAttached*, void**) /home/sanitizer-runs/sanitizer_runs/install_dir/asan/include/QtCore/qobjectdefs_impl.h:172:13
    #29 0x7f078acc0691 in QtPrivate::QSlotObject<void (QQuickWindowAttached::*)(QQuickWindow*), QtPrivate::List<QQuickWindow*>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) /home/sanitizer-runs/sanitizer_runs/install_dir/asan/include/QtCore/qobjectdefs_impl.h:383:17

      Thread T391 (QSGRenderThread) created by T0 here:

          #0 0x48d52c in pthread_create (/home/sanitizer-runs/sanitizer_runs/build/qtdeclarative-asan/tests/auto/quickcontrols2/qquickmenu/tst_qquickmenu+0x48d52c)
    #1 0x7f0785dc600f in QThread::start(QThread::Priority) /home/cc-runs/src/qt/qt5/qtbase/src/corelib/thread/qthread_unix.cpp:708:16
    #2 0x7f078b652054 in QSGThreadedRenderLoop::handleExposure(QQuickWindow*) /home/cc-runs/src/qt/qt5/qtdeclarative/src/quick/scenegraph/qsgthreadedrenderloop.cpp:1279:20
    #3 0x7f078b6504c4 in QSGThreadedRenderLoop::exposureChanged(QQuickWindow*) /home/cc-runs/src/qt/qt5/qtdeclarative/src/quick/scenegraph/qsgthreadedrenderloop.cpp:1204:13
    #4 0x7f078ac6a8f0 in QQuickWindow::exposeEvent(QExposeEvent*) /home/cc-runs/src/qt/qt5/qtdeclarative/src/quick/items/qquickwindow.cpp:179:27
    #5 0x7f078900d100 in QWindow::event(QEvent*) /home/cc-runs/src/qt/qt5/qtbase/src/gui/kernel/qwindow.cpp
    #6 0x7f078ac786ae in QQuickWindow::event(QEvent*) /home/cc-runs/src/qt/qt5/qtdeclarative/src/quick/items/qquickwindow.cpp:1560:25
    #7 0x7f0785948261 in QCoreApplicationPrivate::notify_helper(QObject*, QEvent*) /home/cc-runs/src/qt/qt5/qtbase/src/corelib/kernel/qcoreapplication.cpp:1193:26
    #8 0x7f0785948261 in doNotify(QObject*, QEvent*) /home/cc-runs/src/qt/qt5/qtbase/src/corelib/kernel/qcoreapplication.cpp:1122:47
    #9 0x7f0785948261 in QCoreApplication::notify(QObject*, QEvent*) /home/cc-runs/src/qt/qt5/qtbase/src/corelib/kernel/qcoreapplication.cpp:1105:12
    #10 0x7f0788eef9a5 in QGuiApplication::notify(QObject*, QEvent*) /home/cc-runs/src/qt/qt5/qtbase/src/gui/kernel/qguiapplication.cpp:1928:30
    #11 0x7f0785947bf1 in QCoreApplication::notifyInternal2(QObject*, QEvent*) /home/cc-runs/src/qt/qt5/qtbase/src/corelib/kernel/qcoreapplication.cpp:1026:18
    #12 0x7f078594a17b in QCoreApplication::sendSpontaneousEvent(QObject*, QEvent*) /home/cc-runs/src/qt/qt5/qtbase/src/corelib/kernel/qcoreapplication.cpp:1456:12
    #13 0x7f0788efede7 in QGuiApplicationPrivate::processExposeEvent(QWindowSystemInterfacePrivate::ExposeEvent*) /home/cc-runs/src/qt/qt5/qtbase/src/gui/kernel/qguiapplication.cpp:3185:5
    #14 0x7f0788ef0be4 in QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) /home/cc-runs/src/qt/qt5/qtbase/src/gui/kernel/qguiapplication.cpp:2067:9
    #15 0x7f07890263cb in QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>) /home/cc-runs/src/qt/qt5/qtbase/src/gui/kernel/qwindowsysteminterface.cpp:1103:13
    #16 0x7f077fd3e618 in xcbSourceDispatch(_GSource*, int (*)(void*), void*) /home/cc-runs/src/qt/qt5/qtbase/src/plugins/platforms/xcb/qxcbeventdispatcher.cpp:57:5
    #17 0x7f0784cb217c in g_main_context_dispatch (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x5217c)

      SUMMARY: AddressSanitizer: heap-use-after-free /home/sanitizer-runs/sanitizer_runs/build/qtdeclarative-asan/include/QtQml/6.5.0/QtQml/private/../../../../../../../../../cc-runs/src/qt/qt5/qtdeclarative/src/qml/qml/qqmldata_p.h:342:39 in QQmlData::signalHasEndpoint(int) const

      Shadow bytes around the buggy address:
  0x0c0680012f50: fd fd fa fa 00 00 00 fa fa fa 00 00 00 fa fa fa
  0x0c0680012f60: 00 00 00 fa fa fa 00 00 00 fa fa fa 00 00 00 fa
  0x0c0680012f70: fa fa 00 00 00 fa fa fa 00 00 00 fa fa fa 00 00
  0x0c0680012f80: 00 fa fa fa fd fd fd fa fa fa 00 00 00 06 fa fa
  0x0c0680012f90: fd fd fd fd fa fa fd fd fd fa fa fa fd fd fd fd
=>0x0c0680012fa0: fa fa[fd]fd fd fd fa fa fd fd fd fd fa fa fd fd
  0x0c0680012fb0: fd fd fa fa 00 00 00 fa fa fa 00 00 00 fa fa fa
  0x0c0680012fc0: 00 00 00 06 fa fa 00 00 00 fa fa fa 00 00 00 fa
  0x0c0680012fd0: fa fa 00 00 00 fa fa fa 00 00 00 fa fa fa 00 00
  0x0c0680012fe0: 00 fa fa fa 00 00 00 fa fa fa 00 00 00 fa fa fa
  0x0c0680012ff0: 00 00 00 fa fa fa fd fd fd fd fa fa 00 00 00 06
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==695599==ABORTING

      Attachments

        Issue Links

          resulted in

          Task - A task that needs to be done. QTQAINFRA-5755 Add an address sanitizer build to blocking CI for qtdeclarative

          • P2: Important - Urgent, should be fixed, but will not stop the release.
          • Closed
          For Gerrit Dashboard: QTBUG-105090
          # Subject Branch Project Status CR V
          495173,4 QML: Make notify list thread safe dev qt/qtdeclarative Status: MERGED +2 0
          495673,4 QML: Make notify list thread safe 6.5 qt/qtdeclarative Status: MERGED +2 0
          495674,3 QML: Make notify list thread safe 6.6 qt/qtdeclarative Status: MERGED +2 0
          495745,4 QML: Make notify list thread safe tqtc/lts-5.15 qt/tqtc-qtdeclarative Status: MERGED +2 0
          495746,4 QML: Make notify list thread safe tqtc/lts-6.2 qt/tqtc-qtdeclarative Status: MERGED +2 0

          Activity

            People

              ulherman Ulf Hermann
              jimis Dimitrios Apostolou
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes