Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-117058

ERROR: AddressSanitizer: heap-use-after-free in tst_callback

XMLWordPrintable

    • 2669a3936 (dev), f757725c5 (6.6), 871bdca85 (6.5), a3f8e76d9 (6.5.3)

      A week ago I run a test build with ASAN enabled. One test generated an ASAN error, see full log here.

      ********* Start testing of tst_callback *********
Config: Using QtTest library 6.7.0, Qt 6.7.0 (x86_64-little_endian-lp64 shared (dynamic) debug build; by GCC 9.3.1 20200406 [revision 6db837a5288ee3ca5ec504fbd5a765817e556ac2]), opensuse-leap 15.5
PASS   : tst_callback::dynamic vs character::initTestCase()
PASS   : tst_callback::dynamic vs character::cleanupTestCase()
PASS   : tst_callback::kinematic vs dynamic::initTestCase()
PASS   : tst_callback::kinematic vs dynamic::cleanupTestCase()
PASS   : tst_callback::dynamic vs static::initTestCase()
PASS   : tst_callback::dynamic vs static::cleanupTestCase()
PASS   : tst_callback::dynamic vs dynamic::initTestCase()
PASS   : tst_callback::dynamic vs dynamic::cleanupTestCase()
PASS   : tst_callback::dynamic vs kinematic::initTestCase()
PASS   : tst_callback::dynamic vs kinematic::cleanupTestCase()
PASS   : tst_callback::character controller vs static (onShapeHit)::initTestCase()
PASS   : tst_callback::character controller vs static (onShapeHit)::cleanupTestCase()
PASS   : tst_callback::character vs kinematic (onShapeHit)::initTestCase()
PASS   : tst_callback::character vs kinematic (onShapeHit)::cleanupTestCase()
PASS   : tst_callback::character vs dynamic (onShapeHit)::initTestCase()
PASS   : tst_callback::character vs dynamic (onShapeHit)::cleanupTestCase()
PASS   : tst_callback::character vs character (onShapeHit no callback)::initTestCase()
PASS   : tst_callback::character vs character (onShapeHit no callback)::cleanupTestCase()
PASS   : tst_callback::character vs character (no callback)::initTestCase()
PASS   : tst_callback::character vs character (no callback)::cleanupTestCase()
PASS   : tst_callback::character vs kinematic (no callback)::initTestCase()
PASS   : tst_callback::character vs kinematic (no callback)::cleanupTestCase()
PASS   : tst_callback::kinematic vs static (no callback)::initTestCase()
PASS   : tst_callback::kinematic vs static (no callback)::cleanupTestCase()
PASS   : tst_callback::kinematic vs character (no callback)::initTestCase()
PASS   : tst_callback::kinematic vs character (no callback)::cleanupTestCase()
PASS   : tst_callback::kinematic vs kinematic (no callback)::initTestCase()
PASS   : tst_callback::kinematic vs kinematic (no callback)::cleanupTestCase()
PASS   : tst_callback::character controller vs static (no callback)::initTestCase()
PASS   : tst_callback::character controller vs static (no callback)::cleanupTestCase()
PASS   : tst_callback::character vs dynamic (no callback)::initTestCase()
PASS   : tst_callback::character vs dynamic (no callback)::cleanupTestCase()
=================================================================

      ==1994==ERROR: AddressSanitizer: heap-use-after-free on address 0x60600007fd90 at pc 0x7fb3d0f75f61 bp 0x7fff0a3dffc0 sp 0x7fff0a3dffb8

      WRITE of size 1 at 0x60600007fd90 thread T0

          #0 0x7fb3d0f75f60 in QPhysicsWorld::deregisterNode(QAbstractPhysicsNode*) (/home/qt/work/install/qml/QtQuick3D/Physics/../../../lib/libQt6Quick3DPhysics.so.6+0x297f60)
    #1 0x7fb3d0f22504 in QAbstractPhysicsNode::~QAbstractPhysicsNode() (/home/qt/work/install/qml/QtQuick3D/Physics/../../../lib/libQt6Quick3DPhysics.so.6+0x244504)
    #2 0x7fb3d0ef7ce8  (/home/qt/work/install/qml/QtQuick3D/Physics/../../../lib/libQt6Quick3DPhysics.so.6+0x219ce8)
    #3 0x7fb3d0ef7dad  (/home/qt/work/install/qml/QtQuick3D/Physics/../../../lib/libQt6Quick3DPhysics.so.6+0x219dad)
    #4 0x7fb3d0fc60ca  (/home/qt/work/install/qml/QtQuick3D/Physics/../../../lib/libQt6Quick3DPhysics.so.6+0x2e80ca)
    #5 0x7fb3d0fc60ef  (/home/qt/work/install/qml/QtQuick3D/Physics/../../../lib/libQt6Quick3DPhysics.so.6+0x2e80ef)
    #6 0x7fb3e6229dd1 in QObjectPrivate::deleteChildren() (/home/qt/work/install/lib/libQt6Core.so.6+0x5b7dd1)
    #7 0x7fb3e622591e in QObject::~QObject() (/home/qt/work/install/lib/libQt6Core.so.6+0x5b391e)
    #8 0x7fb3e3c2c823 in QQuickItem::~QQuickItem() (/home/qt/work/install/lib/libQt6Quick.so.6+0x657823)
    #9 0x7fb3d53eca5c in QQuick3DViewport::~QQuick3DViewport() (/home/qt/work/install/qml/QtQuick3D/../../lib/libQt6Quick3D.so.6+0x42ca5c)
    #10 0x7fb3d546cd80  (/home/qt/work/install/qml/QtQuick3D/../../lib/libQt6Quick3D.so.6+0x4acd80)
    #11 0x7fb3d546cda5  (/home/qt/work/install/qml/QtQuick3D/../../lib/libQt6Quick3D.so.6+0x4acda5)
    #12 0x7fb3e6229dd1 in QObjectPrivate::deleteChildren() (/home/qt/work/install/lib/libQt6Core.so.6+0x5b7dd1)
    #13 0x7fb3e622591e in QObject::~QObject() (/home/qt/work/install/lib/libQt6Core.so.6+0x5b391e)
    #14 0x7fb3e3c2c823 in QQuickItem::~QQuickItem() (/home/qt/work/install/lib/libQt6Quick.so.6+0x657823)
    #15 0x7fb3e466d70a  (/home/qt/work/install/lib/libQt6Quick.so.6+0x109870a)
    #16 0x7fb3e466d72f  (/home/qt/work/install/lib/libQt6Quick.so.6+0x109872f)
    #17 0x7fb3e3f1465e in QQuickView::~QQuickView() (/home/qt/work/install/lib/libQt6Quick.so.6+0x93f65e)
    #18 0x7fb3e93f1290 in quick_test_main_with_setup(int, char**, char const*, char const*, QObject*) (/home/qt/work/install/lib/libQt6QuickTest.so.6+0x3c290)
    #19 0x7fb3e93eb8cd in quick_test_main(int, char**, char const*, char const*) (/home/qt/work/install/lib/libQt6QuickTest.so.6+0x368cd)
    #20 0x558d1c839317 in main /home/qt/work/qt/qtquick3dphysics/tests/auto/callback/tst_callback.cpp:19
    #21 0x7fb3e52fe24c in __libc_start_main (/lib64/libc.so.6+0x3524c)
    #22 0x558d1c8390c9 in _start ../sysdeps/x86_64/start.S:120

      0x60600007fd90 is located 48 bytes inside of 64-byte region [0x60600007fd60,0x60600007fda0)

      freed by thread T0 here:

          #0 0x7fb3e95e2e45 in operator delete(void*, unsigned long) (/usr/lib64/libasan.so.5+0x10ce45)
    #1 0x7fb3d0f1833c  (/home/qt/work/install/qml/QtQuick3D/Physics/../../../lib/libQt6Quick3DPhysics.so.6+0x23a33c)
    #2 0x7fb3d0f769e1 in QPhysicsWorld::~QPhysicsWorld() (/home/qt/work/install/qml/QtQuick3D/Physics/../../../lib/libQt6Quick3DPhysics.so.6+0x2989e1)
    #3 0x7fb3d0fc630a  (/home/qt/work/install/qml/QtQuick3D/Physics/../../../lib/libQt6Quick3DPhysics.so.6+0x2e830a)
    #4 0x7fb3d0fc632f  (/home/qt/work/install/qml/QtQuick3D/Physics/../../../lib/libQt6Quick3DPhysics.so.6+0x2e832f)
    #5 0x7fb3e6229dd1 in QObjectPrivate::deleteChildren() (/home/qt/work/install/lib/libQt6Core.so.6+0x5b7dd1)
    #6 0x7fb3e622591e in QObject::~QObject() (/home/qt/work/install/lib/libQt6Core.so.6+0x5b391e)
    #7 0x7fb3e3c2c823 in QQuickItem::~QQuickItem() (/home/qt/work/install/lib/libQt6Quick.so.6+0x657823)
    #8 0x7fb3d53eca5c in QQuick3DViewport::~QQuick3DViewport() (/home/qt/work/install/qml/QtQuick3D/../../lib/libQt6Quick3D.so.6+0x42ca5c)
    #9 0x7fb3d546cd80  (/home/qt/work/install/qml/QtQuick3D/../../lib/libQt6Quick3D.so.6+0x4acd80)
    #10 0x7fb3d546cda5  (/home/qt/work/install/qml/QtQuick3D/../../lib/libQt6Quick3D.so.6+0x4acda5)
    #11 0x7fb3e6229dd1 in QObjectPrivate::deleteChildren() (/home/qt/work/install/lib/libQt6Core.so.6+0x5b7dd1)
    #12 0x7fb3e622591e in QObject::~QObject() (/home/qt/work/install/lib/libQt6Core.so.6+0x5b391e)
    #13 0x7fb3e3c2c823 in QQuickItem::~QQuickItem() (/home/qt/work/install/lib/libQt6Quick.so.6+0x657823)
    #14 0x7fb3e466d70a  (/home/qt/work/install/lib/libQt6Quick.so.6+0x109870a)
    #15 0x7fb3e466d72f  (/home/qt/work/install/lib/libQt6Quick.so.6+0x109872f)
    #16 0x7fb3e3f1465e in QQuickView::~QQuickView() (/home/qt/work/install/lib/libQt6Quick.so.6+0x93f65e)
    #17 0x7fb3e93f1290 in quick_test_main_with_setup(int, char**, char const*, char const*, QObject*) (/home/qt/work/install/lib/libQt6QuickTest.so.6+0x3c290)
    #18 0x7fb3e93eb8cd in quick_test_main(int, char**, char const*, char const*) (/home/qt/work/install/lib/libQt6QuickTest.so.6+0x368cd)
    #19 0x558d1c839317 in main /home/qt/work/qt/qtquick3dphysics/tests/auto/callback/tst_callback.cpp:19
    #20 0x7fb3e52fe24c in __libc_start_main (/lib64/libc.so.6+0x3524c)

      previously allocated by thread T0 here:

          #0 0x7fb3e95e19bf in operator new(unsigned long) (/usr/lib64/libasan.so.5+0x10b9bf)
    #1 0x7fb3d0fafe1a in QStaticRigidBody::createPhysXBackend() (/home/qt/work/install/qml/QtQuick3D/Physics/../../../lib/libQt6Quick3DPhysics.so.6+0x2d1e1a)
    #2 0x7fb3d0f7ddd4 in QPhysicsWorld::frameFinished(float) (/home/qt/work/install/qml/QtQuick3D/Physics/../../../lib/libQt6Quick3DPhysics.so.6+0x29fdd4)
    #3 0x7fb3d0fa7a43  (/home/qt/work/install/qml/QtQuick3D/Physics/../../../lib/libQt6Quick3DPhysics.so.6+0x2c9a43)
    #4 0x7fb3d0fa2321  (/home/qt/work/install/qml/QtQuick3D/Physics/../../../lib/libQt6Quick3DPhysics.so.6+0x2c4321)
    #5 0x7fb3d0f9ae95  (/home/qt/work/install/qml/QtQuick3D/Physics/../../../lib/libQt6Quick3DPhysics.so.6+0x2bce95)
    #6 0x7fb3e610b78f  (/home/qt/work/install/lib/libQt6Core.so.6+0x49978f)
    #7 0x7fb3e6224069 in QMetaCallEvent::placeMetaCall(QObject*) (/home/qt/work/install/lib/libQt6Core.so.6+0x5b2069)
    #8 0x7fb3e6226950 in QObject::event(QEvent*) (/home/qt/work/install/lib/libQt6Core.so.6+0x5b4950)
    #9 0x7fb3e60fe1fb in QCoreApplicationPrivate::notify_helper(QObject*, QEvent*) (/home/qt/work/install/lib/libQt6Core.so.6+0x48c1fb)
    #10 0x7fb3e60fd9e0  (/home/qt/work/install/lib/libQt6Core.so.6+0x48b9e0)
    #11 0x7fb3e60fd8a7 in QCoreApplication::notify(QObject*, QEvent*) (/home/qt/work/install/lib/libQt6Core.so.6+0x48b8a7)
    #12 0x7fb3e151219e in QGuiApplication::notify(QObject*, QEvent*) (/home/qt/work/install/lib/libQt6Gui.so.6+0x68019e)
    #13 0x7fb3e60fd6b9 in QCoreApplication::notifyInternal2(QObject*, QEvent*) (/home/qt/work/install/lib/libQt6Core.so.6+0x48b6b9)
    #14 0x7fb3e60fee48 in QCoreApplication::sendEvent(QObject*, QEvent*) (/home/qt/work/install/lib/libQt6Core.so.6+0x48ce48)
    #15 0x7fb3e6101567 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (/home/qt/work/install/lib/libQt6Core.so.6+0x48f567)
    #16 0x7fb3e610002d in QCoreApplication::sendPostedEvents(QObject*, int) (/home/qt/work/install/lib/libQt6Core.so.6+0x48e02d)
    #17 0x7fb3e6aa3fd0  (/home/qt/work/install/lib/libQt6Core.so.6+0xe31fd0)
    #18 0x7fb3df91082a in g_main_context_dispatch (/usr/lib64/libglib-2.0.so.0+0x5582a)

      SUMMARY: AddressSanitizer: heap-use-after-free (/home/qt/work/install/qml/QtQuick3D/Physics/../../../lib/libQt6Quick3DPhysics.so.6+0x297f60) in QPhysicsWorld::deregisterNode(QAbstractPhysicsNode*)

      Shadow bytes around the buggy address:

        0x0c0c80007f60: fa fa fa fa 00 00 00 00 00 00 00 00 fa fa fa fa
  0x0c0c80007f70: 00 00 00 00 00 00 00 00 fa fa fa fa 00 00 00 00
  0x0c0c80007f80: 00 00 00 00 fa fa fa fa 00 00 00 00 00 00 00 00
  0x0c0c80007f90: fa fa fa fa 00 00 00 00 00 00 00 00 fa fa fa fa
  0x0c0c80007fa0: 00 00 00 00 00 00 00 00 fa fa fa fa fd fd fd fd
=>0x0c0c80007fb0: fd fd[fd]fd fa fa fa fa fd fd fd fd fd fd fd fd
  0x0c0c80007fc0: fa fa fa fa fd fd fd fd fd fd fd fd fa fa fa fa
  0x0c0c80007fd0: fd fd fd fd fd fd fd fa fa fa fa fa fd fd fd fd
  0x0c0c80007fe0: fd fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0c80007ff0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0c80008000: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==1994==ABORTING
sanitizer-testrunner.py     INFO: Test exit code was: 1
sanitizer-testrunner.py    ERROR: ASAN issues detected

        For Gerrit Dashboard: QTBUG-117058
        # Subject Branch Project Status CR V
        504204,5 Properly detach frontend/backend physics objects dev qt/qtquick3dphysics Status: MERGED +2 0
        505183,2 Properly detach frontend/backend physics objects 6.6 qt/qtquick3dphysics Status: MERGED +2 0
        505265,2 Properly detach frontend/backend physics objects 6.5 qt/qtquick3dphysics Status: MERGED +2 0
        505368,2 Properly detach frontend/backend physics objects 6.5.3 qt/qtquick3dphysics Status: MERGED +2 0

            jokarlss Jonas Karlsson
            jimis Dimitrios Apostolou
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved:

                There are no open Gerrit changes