-
Bug
-
Resolution: Fixed
-
P1: Critical
-
6.8
-
None
-
Linux/X11
-
de609d84b (dev), 3b208bcfa (6.8), 6f3026b91 (6.7), 92884a1ce (tqtc/lts-6.5)
On a very recent nightly HealthCheck build we got the following ASAN error (link to full log):
PASS : tst_QGuiApplication::font()
=================================================================
==7208==ERROR: AddressSanitizer: heap-use-after-free on address 0x606000142018 at pc 0x7f65b20a96ea bp 0x7ffe362ebcd0 sp 0x7ffe362ebcc8
WRITE of size 1 at 0x606000142018 thread T0
#0 0x7f65b20a96e9 in operator() /home/qt/work/qt/qtbase/src/gui/platform/unix/qgenericunixservices.cpp:393
#1 0x7f65b20af901 in operator() /home/qt/work/qt/qtbase/src/corelib/kernel/qobjectdefs_impl.h:142
#2 0x7f65b20afb32 in call_internal<void, QtPrivate::FunctorCall<QtPrivate::IndexesList<II ...>, QtPrivate::List<Tail ...>, R, Function>::call(Function&, void**) [with int ...II = {0}; SignalArgs = {QDBusPendingCallWatcher*}; R = void; Function = QGenericUnixServices::QGenericUnixServices()::<lambda(QDBusPendingCallWatcher*)>]::<lambda()> > /home/qt/work/qt/qtbase/src/corelib/kernel/qobjectdefs_impl.h:72
#3 0x7f65b20afa1f in call /home/qt/work/qt/qtbase/src/corelib/kernel/qobjectdefs_impl.h:141
#4 0x7f65b20af45c in call<QtPrivate::List<QDBusPendingCallWatcher*>, void> /home/qt/work/qt/qtbase/src/corelib/kernel/qobjectdefs_impl.h:363
#5 0x7f65b20af239 in impl /home/qt/work/qt/qtbase/src/corelib/kernel/qobjectdefs_impl.h:573
#6 0x7f65af730f7d in QtPrivate::QSlotObjectBase::call(QObject*, void**) /home/qt/work/qt/qtbase/src/corelib/kernel/qobjectdefs_impl.h:487
#7 0x7f65af88df2f in void doActivate<false>(QObject*, int, void**) /home/qt/work/qt/qtbase/src/corelib/kernel/qobject.cpp:4111
#8 0x7f65af876898 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) /home/qt/work/qt/qtbase/src/corelib/kernel/qobject.cpp:4171
#9 0x7f65ae576ebe in QDBusPendingCallWatcher::finished(QDBusPendingCallWatcher*) /home/qt/work/qt/qtbase_build/src/dbus/DBus_autogen/include/moc_qdbuspendingcall.cpp:161
#10 0x7f65ae571c67 in operator() /home/qt/work/qt/qtbase/src/dbus/qdbuspendingcall.cpp:98
#11 0x7f65ae57736d in operator() /home/qt/work/qt/qtbase/src/corelib/kernel/qobjectdefs_impl.h:142
#12 0x7f65ae57750e in call_internal<void, QtPrivate::FunctorCall<QtPrivate::IndexesList<II ...>, QtPrivate::List<Tail ...>, R, Function>::call(Function&, void**) [with int ...II = {}; SignalArgs = {}; R = void; Function = QDBusPendingCallWatcherHelper::add(QDBusPendingCallWatcher*)::<lambda()>]::<lambda()> > /home/qt/work/qt/qtbase/src/corelib/kernel/qobjectdefs_impl.h:72
#13 0x7f65ae57748b in call /home/qt/work/qt/qtbase/src/corelib/kernel/qobjectdefs_impl.h:141
#14 0x7f65ae57732e in call<QtPrivate::List<>, void> /home/qt/work/qt/qtbase/src/corelib/kernel/qobjectdefs_impl.h:363
#15 0x7f65ae5772f3 in impl /home/qt/work/qt/qtbase/src/corelib/kernel/qobjectdefs_impl.h:573
#16 0x7f65af730f7d in QtPrivate::QSlotObjectBase::call(QObject*, void**) /home/qt/work/qt/qtbase/src/corelib/kernel/qobjectdefs_impl.h:487
#17 0x7f65af85fcbf in QMetaCallEvent::placeMetaCall(QObject*) /home/qt/work/qt/qtbase/src/corelib/kernel/qobject.cpp:620
#18 0x7f65af86297d in QObject::event(QEvent*) /home/qt/work/qt/qtbase/src/corelib/kernel/qobject.cpp:1419
#19 0x7f65af71f7af in QCoreApplicationPrivate::notify_helper(QObject*, QEvent*) /home/qt/work/qt/qtbase/src/corelib/kernel/qcoreapplication.cpp:1319
#20 0x7f65af71eef2 in doNotify /home/qt/work/qt/qtbase/src/corelib/kernel/qcoreapplication.cpp:1246
#21 0x7f65af71ed9d in QCoreApplication::notify(QObject*, QEvent*) /home/qt/work/qt/qtbase/src/corelib/kernel/qcoreapplication.cpp:1229
#22 0x7f65b1070588 in QGuiApplication::notify(QObject*, QEvent*) /home/qt/work/qt/qtbase/src/gui/kernel/qguiapplication.cpp:1994
#23 0x7f65af71eb8f in QCoreApplication::notifyInternal2(QObject*, QEvent*) /home/qt/work/qt/qtbase/src/corelib/kernel/qcoreapplication.cpp:1145
#24 0x7f65af720786 in QCoreApplication::sendEvent(QObject*, QEvent*) /home/qt/work/qt/qtbase/src/corelib/kernel/qcoreapplication.cpp:1589
#25 0x7f65af7240a1 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) /home/qt/work/qt/qtbase/src/corelib/kernel/qcoreapplication.cpp:1944
#26 0x7f65af721af9 in QCoreApplication::sendPostedEvents(QObject*, int) /home/qt/work/qt/qtbase/src/corelib/kernel/qcoreapplication.cpp:1778
#27 0x7f65b01b26ac in postEventSourceDispatch /home/qt/work/qt/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:245
#28 0x7f65ae72082a in g_main_context_dispatch (/usr/lib64/libglib-2.0.so.0+0x5582a)
#29 0x7f65ae720bcf (/usr/lib64/libglib-2.0.so.0+0x55bcf)
#30 0x7f65ae720c5b in g_main_context_iteration (/usr/lib64/libglib-2.0.so.0+0x55c5b)
#31 0x7f65b01b3c94 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) /home/qt/work/qt/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:395
#32 0x7f65a6e38a2e in QXcbGlibEventDispatcher::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) /home/qt/work/qt/qtbase/src/plugins/platforms/xcb/qxcbeventdispatcher.cpp:96
#33 0x7f65af71f913 in QCoreApplication::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) /home/qt/work/qt/qtbase/src/corelib/kernel/qcoreapplication.cpp:1382
#34 0x7f65b120f1b6 in qWaitFor<QTest::qWaitForWindowExposed(QWindow*, int)::<lambda()> > /home/qt/work/qt/qtbase/src/corelib/kernel/qtestsupport_core.h:38
#35 0x7f65b120eb52 in qWaitFor<QTest::qWaitForWindowExposed(QWindow*, int)::<lambda()> > /home/qt/work/qt/qtbase/src/corelib/kernel/qtestsupport_core.h:57
#36 0x7f65b120d0de in QTest::qWaitForWindowExposed(QWindow*, int) /home/qt/work/qt/qtbase/src/gui/kernel/qtestsupport_gui.cpp:84
#37 0x55b0be3b31f2 in tst_QGuiApplication::modalWindow() /home/qt/work/qt/qtbase/tests/auto/gui/kernel/qguiapplication/tst_qguiapplication.cpp:689
#38 0x55b0be3bb8b7 in tst_QGuiApplication::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/qt/work/qt/qtbase_standalone_tests/tests/auto/gui/kernel/qguiapplication/tst_qguiapplication_autogen/include/tst_qguiapplication.moc:241
#39 0x7f65af7740f1 in QMetaMethodInvoker::invokeImpl(QMetaMethod, void*, Qt::ConnectionType, long long, void const* const*, char const* const*, QtPrivate::QMetaTypeInterface const* const*) /home/qt/work/qt/qtbase/src/corelib/kernel/qmetaobject.cpp:2754
#40 0x7f65af771ea3 in QMetaMethod::invokeImpl(QMetaMethod, void*, Qt::ConnectionType, long long, void const* const*, char const* const*, QtPrivate::QMetaTypeInterface const* const*) /home/qt/work/qt/qtbase/src/corelib/kernel/qmetaobject.cpp:2593
#41 0x7f65b32c3792 in std::enable_if<!std::disjunction<>::value, bool>::type QMetaMethod::invoke<void>(QObject*, Qt::ConnectionType, QTemplatedMetaMethodReturnArgument<void>) const /home/qt/work/qt/qtbase/src/corelib/kernel/qmetaobject.h:148
#42 0x7f65b32be001 in std::enable_if<!std::disjunction<>::value, bool>::type QMetaMethod::invoke<>(QObject*, Qt::ConnectionType) const /home/qt/work/qt/qtbase/src/corelib/kernel/qmetaobject.h:160
#43 0x7f65b329755e in invokeTestMethodIfValid /home/qt/work/qt/qtbase/src/testlib/qtestcase.cpp:448
#44 0x7f65b329cd62 in QTest::TestMethods::invokeTestOnData(int) const /home/qt/work/qt/qtbase/src/testlib/qtestcase.cpp:1086
#45 0x7f65b329eca3 in QTest::TestMethods::invokeTest(int, QLatin1String, std::optional<QTest::WatchDog>&) const /home/qt/work/qt/qtbase/src/testlib/qtestcase.cpp:1388
#46 0x7f65b32a1f17 in QTest::TestMethods::invokeTests(QObject*) const /home/qt/work/qt/qtbase/src/testlib/qtestcase.cpp:1725
#47 0x7f65b32a36ff in QTest::qRun() /home/qt/work/qt/qtbase/src/testlib/qtestcase.cpp:1930
#48 0x7f65b32a246a in QTest::qExec(QObject*, int, char**) /home/qt/work/qt/qtbase/src/testlib/qtestcase.cpp:1808
#49 0x55b0be3c2ff3 in main /home/qt/work/qt/qtbase/tests/auto/gui/kernel/qguiapplication/tst_qguiapplication.cpp:1380
#50 0x7f65aec5c24c in __libc_start_main (/lib64/libc.so.6+0x3524c)
#51 0x55b0be36c469 in _start ../sysdeps/x86_64/start.S:120
0x606000142018 is located 56 bytes inside of 64-byte region [0x606000141fe0,0x606000142020)
freed by thread T0 here:
#0 0x7f65b350ce45 in operator delete(void*, unsigned long) (/usr/lib64/libasan.so.5+0x10ce45)
#1 0x7f65a6e58aec in QXcbUnixServices::~QXcbUnixServices() (/home/qt/work/install/plugins/platforms/../../lib/libQt6XcbQpa.so.6+0x19aaec)
#2 0x7f65a6e57512 in QScopedPointerDeleter<QPlatformServices>::cleanup(QPlatformServices*) (/home/qt/work/install/plugins/platforms/../../lib/libQt6XcbQpa.so.6+0x199512)
#3 0x7f65a6e55c43 in QScopedPointer<QPlatformServices, QScopedPointerDeleter<QPlatformServices> >::~QScopedPointer() (/home/qt/work/install/plugins/platforms/../../lib/libQt6XcbQpa.so.6+0x197c43)
#4 0x7f65a6e4df2f in QXcbIntegration::~QXcbIntegration() /home/qt/work/qt/qtbase/src/plugins/platforms/xcb/qxcbintegration.cpp:187
#5 0x7f65a6e4dfd5 in QXcbIntegration::~QXcbIntegration() /home/qt/work/qt/qtbase/src/plugins/platforms/xcb/qxcbintegration.cpp:192
#6 0x7f65b106fcc4 in QGuiApplicationPrivate::~QGuiApplicationPrivate() /home/qt/work/qt/qtbase/src/gui/kernel/qguiapplication.cpp:1784
#7 0x7f65b106fdad in QGuiApplicationPrivate::~QGuiApplicationPrivate() /home/qt/work/qt/qtbase/src/gui/kernel/qguiapplication.cpp:1791
#8 0x7f65af88f6ec in QScopedPointerDeleter<QObjectData>::cleanup(QObjectData*) /home/qt/work/qt/qtbase/src/corelib/tools/qscopedpointer.h:24
#9 0x7f65af8887d3 in QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData> >::~QScopedPointer() /home/qt/work/qt/qtbase/src/corelib/tools/qscopedpointer.h:81
#10 0x7f65af8616c8 in QObject::~QObject() /home/qt/work/qt/qtbase/src/corelib/kernel/qobject.cpp:1006
#11 0x7f65af71e55e in QCoreApplication::~QCoreApplication() /home/qt/work/qt/qtbase/src/corelib/kernel/qcoreapplication.cpp:943
#12 0x7f65b105f51e in QGuiApplication::~QGuiApplication() /home/qt/work/qt/qtbase/src/gui/kernel/qguiapplication.cpp:657
#13 0x55b0be3b1fcc in tst_QGuiApplication::font() /home/qt/work/qt/qtbase/tests/auto/gui/kernel/qguiapplication/tst_qguiapplication.cpp:592
#14 0x55b0be3bb8a6 in tst_QGuiApplication::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/qt/work/qt/qtbase_standalone_tests/tests/auto/gui/kernel/qguiapplication/tst_qguiapplication_autogen/include/tst_qguiapplication.moc:240
#15 0x7f65af7740f1 in QMetaMethodInvoker::invokeImpl(QMetaMethod, void*, Qt::ConnectionType, long long, void const* const*, char const* const*, QtPrivate::QMetaTypeInterface const* const*) /home/qt/work/qt/qtbase/src/corelib/kernel/qmetaobject.cpp:2754
#16 0x7f65af771ea3 in QMetaMethod::invokeImpl(QMetaMethod, void*, Qt::ConnectionType, long long, void const* const*, char const* const*, QtPrivate::QMetaTypeInterface const* const*) /home/qt/work/qt/qtbase/src/corelib/kernel/qmetaobject.cpp:2593
#17 0x7f65b32c3792 in std::enable_if<!std::disjunction<>::value, bool>::type QMetaMethod::invoke<void>(QObject*, Qt::ConnectionType, QTemplatedMetaMethodReturnArgument<void>) const /home/qt/work/qt/qtbase/src/corelib/kernel/qmetaobject.h:148
#18 0x7f65b32be001 in std::enable_if<!std::disjunction<>::value, bool>::type QMetaMethod::invoke<>(QObject*, Qt::ConnectionType) const /home/qt/work/qt/qtbase/src/corelib/kernel/qmetaobject.h:160
#19 0x7f65b329755e in invokeTestMethodIfValid /home/qt/work/qt/qtbase/src/testlib/qtestcase.cpp:448
#20 0x7f65b329cd62 in QTest::TestMethods::invokeTestOnData(int) const /home/qt/work/qt/qtbase/src/testlib/qtestcase.cpp:1086
#21 0x7f65b329eca3 in QTest::TestMethods::invokeTest(int, QLatin1String, std::optional<QTest::WatchDog>&) const /home/qt/work/qt/qtbase/src/testlib/qtestcase.cpp:1388
#22 0x7f65b32a1f17 in QTest::TestMethods::invokeTests(QObject*) const /home/qt/work/qt/qtbase/src/testlib/qtestcase.cpp:1725
#23 0x7f65b32a36ff in QTest::qRun() /home/qt/work/qt/qtbase/src/testlib/qtestcase.cpp:1930
#24 0x7f65b32a246a in QTest::qExec(QObject*, int, char**) /home/qt/work/qt/qtbase/src/testlib/qtestcase.cpp:1808
#25 0x55b0be3c2ff3 in main /home/qt/work/qt/qtbase/tests/auto/gui/kernel/qguiapplication/tst_qguiapplication.cpp:1380
#26 0x7f65aec5c24c in __libc_start_main (/lib64/libc.so.6+0x3524c)
previously allocated by thread T0 here:
#0 0x7f65b350b9bf in operator new(unsigned long) (/usr/lib64/libasan.so.5+0x10b9bf)
#1 0x7f65a6e4ccdd in QXcbIntegration::QXcbIntegration(QList<QString> const&, int&, char**) /home/qt/work/qt/qtbase/src/plugins/platforms/xcb/qxcbintegration.cpp:106
#2 0x7f65acdaabc6 in QXcbIntegrationPlugin::create(QString const&, QList<QString> const&, int&, char**) /home/qt/work/qt/qtbase/src/plugins/platforms/xcb/qxcbmain.cpp:22
#3 0x7f65b1169c35 in QPlatformIntegration* qLoadPlugin<QPlatformIntegration, QPlatformIntegrationPlugin, QList<QString> const&, int&, char**&>(QFactoryLoader const*, QString const&, QList<QString> const&, int&, char**&) /home/qt/work/qt/qtbase/src/corelib/plugin/qfactoryloader_p.h:100
#4 0x7f65b11696ce in QPlatformIntegrationFactory::create(QString const&, QList<QString> const&, int&, char**, QString const&) /home/qt/work/qt/qtbase/src/gui/kernel/qplatformintegrationfactory.cpp:23
#5 0x7f65b106382b in init_platform /home/qt/work/qt/qtbase/src/gui/kernel/qguiapplication.cpp:1248
#6 0x7f65b106d265 in QGuiApplicationPrivate::createPlatformIntegration() /home/qt/work/qt/qtbase/src/gui/kernel/qguiapplication.cpp:1532
#7 0x7f65b106d5a4 in QGuiApplicationPrivate::createEventDispatcher() /home/qt/work/qt/qtbase/src/gui/kernel/qguiapplication.cpp:1551
#8 0x7f65af71df9b in QCoreApplicationPrivate::init() /home/qt/work/qt/qtbase/src/corelib/kernel/qcoreapplication.cpp:913
#9 0x7f65b106da07 in QGuiApplicationPrivate::init() /home/qt/work/qt/qtbase/src/gui/kernel/qguiapplication.cpp:1579
#10 0x7f65b105ee9c in QGuiApplication::QGuiApplication(int&, char**, int) /home/qt/work/qt/qtbase/src/gui/kernel/qguiapplication.cpp:641
#11 0x55b0be3b16b4 in tst_QGuiApplication::font() /home/qt/work/qt/qtbase/tests/auto/gui/kernel/qguiapplication/tst_qguiapplication.cpp:567
#12 0x55b0be3bb8a6 in tst_QGuiApplication::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/qt/work/qt/qtbase_standalone_tests/tests/auto/gui/kernel/qguiapplication/tst_qguiapplication_autogen/include/tst_qguiapplication.moc:240
#13 0x7f65af7740f1 in QMetaMethodInvoker::invokeImpl(QMetaMethod, void*, Qt::ConnectionType, long long, void const* const*, char const* const*, QtPrivate::QMetaTypeInterface const* const*) /home/qt/work/qt/qtbase/src/corelib/kernel/qmetaobject.cpp:2754
#14 0x7f65af771ea3 in QMetaMethod::invokeImpl(QMetaMethod, void*, Qt::ConnectionType, long long, void const* const*, char const* const*, QtPrivate::QMetaTypeInterface const* const*) /home/qt/work/qt/qtbase/src/corelib/kernel/qmetaobject.cpp:2593
#15 0x7f65b32c3792 in std::enable_if<!std::disjunction<>::value, bool>::type QMetaMethod::invoke<void>(QObject*, Qt::ConnectionType, QTemplatedMetaMethodReturnArgument<void>) const /home/qt/work/qt/qtbase/src/corelib/kernel/qmetaobject.h:148
#16 0x7f65b32be001 in std::enable_if<!std::disjunction<>::value, bool>::type QMetaMethod::invoke<>(QObject*, Qt::ConnectionType) const /home/qt/work/qt/qtbase/src/corelib/kernel/qmetaobject.h:160
#17 0x7f65b329755e in invokeTestMethodIfValid /home/qt/work/qt/qtbase/src/testlib/qtestcase.cpp:448
#18 0x7f65b329cd62 in QTest::TestMethods::invokeTestOnData(int) const /home/qt/work/qt/qtbase/src/testlib/qtestcase.cpp:1086
#19 0x7f65b329eca3 in QTest::TestMethods::invokeTest(int, QLatin1String, std::optional<QTest::WatchDog>&) const /home/qt/work/qt/qtbase/src/testlib/qtestcase.cpp:1388
#20 0x7f65b32a1f17 in QTest::TestMethods::invokeTests(QObject*) const /home/qt/work/qt/qtbase/src/testlib/qtestcase.cpp:1725
#21 0x7f65b32a36ff in QTest::qRun() /home/qt/work/qt/qtbase/src/testlib/qtestcase.cpp:1930
#22 0x7f65b32a246a in QTest::qExec(QObject*, int, char**) /home/qt/work/qt/qtbase/src/testlib/qtestcase.cpp:1808
#23 0x55b0be3c2ff3 in main /home/qt/work/qt/qtbase/tests/auto/gui/kernel/qguiapplication/tst_qguiapplication.cpp:1380
#24 0x7f65aec5c24c in __libc_start_main (/lib64/libc.so.6+0x3524c)
SUMMARY: AddressSanitizer: heap-use-after-free /home/qt/work/qt/qtbase/src/gui/platform/unix/qgenericunixservices.cpp:393 in operator()
Shadow bytes around the buggy address:
0x0c0c800203b0: fa fa fa fa fd fd fd fd fd fd fd fd fa fa fa fa
0x0c0c800203c0: fd fd fd fd fd fd fd fd fa fa fa fa fd fd fd fd
0x0c0c800203d0: fd fd fd fd fa fa fa fa fd fd fd fd fd fd fd fd
0x0c0c800203e0: fa fa fa fa fd fd fd fd fd fd fd fd fa fa fa fa
0x0c0c800203f0: fd fd fd fd fd fd fd fd fa fa fa fa fd fd fd fd
=>0x0c0c80020400: fd fd fd[fd]fa fa fa fa fd fd fd fd fd fd fd fd
0x0c0c80020410: fa fa fa fa fd fd fd fd fd fd fd fd fa fa fa fa
0x0c0c80020420: fd fd fd fd fd fd fd fd fa fa fa fa fd fd fd fd
0x0c0c80020430: fd fd fd fd fa fa fa fa fd fd fd fd fd fd fd fd
0x0c0c80020440: fa fa fa fa fd fd fd fd fd fd fd fd fa fa fa fa
0x0c0c80020450: fd fd fd fd fd fd fd fa fa fa fa fa fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==7208==ABORTING
It seems like some heap memory allocated and freed in the previous test tst_QGuiApplication::font() is being accessed again during the next test, tst_QGuiApplication::modalWindow().