Details
-
Bug
-
Resolution: Fixed
-
P1: Critical
-
6.8.0
-
-
25
-
4fabde349 (dev), 334a3922c (6.8), 65093a84c (dev), dce6ef8fa (6.8)
-
Foundation Sprint 117, Foundation Sprint 118
Description
Attached example points to use after free in here:
==405873==ERROR: AddressSanitizer: heap-use-after-free on address 0x606000033390 at pc 0x74c0c0e944b5 bp 0x74c0b91fed40 sp 0x74c0b91fe4e8 READ of size 15 at 0x606000033390 thread T1 (QThread) #0 0x74c0c0e944b4 in MemcmpInterceptorCommon(void*, int (*)(void const*, void const*, unsigned long), void const*, void const*, unsigned long) ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:861 #1 0x74c0c0e94bc6 in __interceptor_memcmp ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:892 #2 0x74c0c0e94bc6 in __interceptor_memcmp ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:887 #3 0x74c0c09821de in comparesEqual(QByteArrayView const&, QByteArrayView const&) /home/qt/work/qt/qtbase/src/corelib/text/qbytearrayview.h:356 #4 0x74c0c09821de in operator==(QByteArrayView const&, QByteArrayView const&) /home/qt/work/qt/qtbase/src/corelib/text/qbytearrayview.h:364 #5 0x74c0c09821de in comparesEqual(QByteArray const&, QByteArrayView const&) /home/qt/work/qt/qtbase/src/corelib/text/qbytearray.h:516 #6 0x74c0c09821de in operator==(QByteArray const&, QByteArray const&) /home/qt/work/qt/qtbase/src/corelib/text/qbytearray.h:523 #7 0x74c0c09821de in bool qHashEquals<QByteArray>(QByteArray const&, QByteArray const&) /home/qt/work/qt/qtbase/src/corelib/tools/qhashfunctions.h:281 #8 0x74c0c09821de in QHashPrivate::Data<QHashPrivate::Node<QByteArray, QTzTimeZone> >::Bucket QHashPrivate::Data<QHashPrivate::Node<QByteArray, QTzTimeZone> >::findBucket<QByteArray>(QByteArray const&) const /home/qt/work/qt/qtbase/src/corelib/tools/qhash.h:696 #9 0x74c0c0981397 in QHashPrivate::Node<QByteArray, QTzTimeZone>* QHashPrivate::Data<QHashPrivate::Node<QByteArray, QTzTimeZone> >::findNode<QByteArray>(QByteArray const&) const /home/qt/work/qt/qtbase/src/corelib/tools/qhash.h:705 #10 0x74c0c0981397 in QHash<QByteArray, QTzTimeZone>::contains(QByteArray const&) const /home/qt/work/qt/qtbase/src/corelib/tools/qhash.h:1015 #11 0x74c0c0981397 in QTzTimeZonePrivate::isTimeZoneIdAvailable(QByteArray const&) const /home/qt/work/qt/qtbase/src/corelib/time/qtimezoneprivate_tz.cpp:1241 #12 0x74c0c0981397 in QTzTimeZonePrivate::QTzTimeZonePrivate(QByteArray const&) /home/qt/work/qt/qtbase/src/corelib/time/qtimezoneprivate_tz.cpp:993 #13 0x74c0c08a2e17 in newBackendTimeZone /home/qt/work/qt/qtbase/src/corelib/time/qtimezone.cpp:49 #14 0x74c0c08a2e17 in QTimeZone::QTimeZone(QByteArray const&) /home/qt/work/qt/qtbase/src/corelib/time/qtimezone.cpp:464 #15 0x74c0c08a3099 in QTimeZone::systemTimeZone() /home/qt/work/qt/qtbase/src/corelib/time/qtimezone.cpp:1422 #16 0x74c0c08a5482 in QTimeZone::displayName(QDateTime const&, QTimeZone::NameType, QLocale const&) const /home/qt/work/qt/qtbase/src/corelib/time/qtimezone.cpp:946 #17 0x74c0c0855d49 in operator() /home/qt/work/qt/qtbase/src/corelib/text/qlocale.cpp:3692 #18 0x74c0c0855d49 in QCalendarBackend::dateTimeToString(QStringView, QDateTime const&, QDate, QTime, QLocale const&) const /home/qt/work/qt/qtbase/src/corelib/text/qlocale.cpp:3724 #19 0x74c0c088f346 in QCalendar::dateTimeToString(QStringView, QDateTime const&, QDate, QTime, QLocale const&) const /home/qt/work/qt/qtbase/src/corelib/time/qcalendar.cpp:1668 #20 0x74c0c084b638 in QLocale::toString(QDateTime const&, QStringView, QCalendar) const /home/qt/work/qt/qtbase/src/corelib/text/qlocale.cpp:2256 #21 0x74c0c0898ea1 in QDateTime::toString(QString const&) const /home/qt/work/qt/qtbase/src/corelib/time/qdatetime.cpp:4741 #22 0x74c0c06fe620 in formatLogMessage /home/qt/work/qt/qtbase/src/corelib/global/qlogging.cpp:1677 #23 0x74c0c06ff23e in qDefaultMessageHandler /home/qt/work/qt/qtbase/src/corelib/global/qlogging.cpp:2032 #24 0x74c0c06fa50a in qt_message_print /home/qt/work/qt/qtbase/src/corelib/global/qlogging.cpp:2082 #25 0x74c0c06ff81e in qt_message_output(QtMsgType, QMessageLogContext const&, QString const&) /home/qt/work/qt/qtbase/src/corelib/global/qlogging.cpp:2125 #26 0x74c0c0710f3d in QDebug::~QDebug() /home/qt/work/qt/qtbase/src/corelib/io/qdebug.cpp:162 #27 0x74c0c07d1d7b in QObject::deleteLater() /home/qt/work/qt/qtbase/src/corelib/kernel/qobject.cpp:2490 #28 0x6432e74aa33d in QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, void (QObject::*)()>::call(void (QObject::*)(), QObject*, void**)::{lambda()#1}::operator()() const /home/user/Qt/6.8.0/gcc_64/include/QtCore/qobjectdefs_impl.h:152 #29 0x6432e74aa844 in void QtPrivate::FunctorCallBase::call_internal<void, QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, void (QObject::*)()>::call(void (QObject::*)(), QObject*, void**)::{lambda()#1}>(void**, QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, void (QObject::*)()>::call(void (QObject::*)(), QObject*, void**)::{lambda()#1}&&) /home/user/Qt/6.8.0/gcc_64/include/QtCore/qobjectdefs_impl.h:65 #30 0x6432e74aa50f in QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, void (QObject::*)()>::call(void (QObject::*)(), QObject*, void**) /home/user/Qt/6.8.0/gcc_64/include/QtCore/qobjectdefs_impl.h:151 #31 0x6432e74a9fe9 in void QtPrivate::FunctionPointer<void (QObject::*)()>::call<QtPrivate::List<>, void>(void (QObject::*)(), QObject*, void**) /home/user/Qt/6.8.0/gcc_64/include/QtCore/qobjectdefs_impl.h:199 #32 0x6432e74a9d01 in QtPrivate::QCallableObject<void (QObject::*)(), QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) /home/user/Qt/6.8.0/gcc_64/include/QtCore/qobjectdefs_impl.h:570 #33 0x74c0c07de217 in QtPrivate::QSlotObjectBase::call(QObject*, void**) /home/qt/work/qt/qtbase/src/corelib/kernel/qobjectdefs_impl.h:486 #34 0x74c0c07de217 in void doActivate<false>(QObject*, int, void**) /home/qt/work/qt/qtbase/src/corelib/kernel/qobject.cpp:4120 #35 0x74c0c088b700 in QThread::finished(QThread::QPrivateSignal) /home/qt/work/qt/qtbase_build/src/corelib/Core_autogen/include/moc_qthread.cpp:201 #36 0x74c0c0929320 in terminate_on_exception<QThreadPrivate::finish(void*)::<lambda()> > /home/qt/work/qt/qtbase/src/corelib/thread/qthread_unix.cpp:361 #37 0x74c0c0929666 in QThreadPrivate::finish(void*) /home/qt/work/qt/qtbase/src/corelib/thread/qthread_unix.cpp:344 #38 0x74c0c0929666 in operator() /home/qt/work/qt/qtbase/src/corelib/thread/qthread_unix.cpp:293 #39 0x74c0c0929666 in ~QScopeGuard /home/qt/work/qt/qtbase/src/corelib/tools/qscopeguard.h:41 #40 0x74c0c0929666 in ~QScopeGuard /home/qt/work/qt/qtbase/src/corelib/tools/qscopeguard.h:38 #41 0x74c0bfe45d9e in __GI___call_tls_dtors stdlib/cxa_thread_atexit_impl.c:159 #42 0x74c0bfe94944 in start_thread nptl/pthread_create.c:450 #43 0x74c0bff2684f (/lib/x86_64-linux-gnu/libc.so.6+0x12684f) 0x606000033390 is located 16 bytes inside of 63-byte region [0x606000033380,0x6060000333bf) freed by thread T1 (QThread) here: ==405873==AddressSanitizer CHECK failed: ../../../../src/libsanitizer/asan/asan_descriptions.cpp:177 "((res.trace)) != (0)" (0x0, 0x0) #0 0x74c0c0ebd9a8 in AsanCheckFailed ../../../../src/libsanitizer/asan/asan_rtl.cpp:74 #1 0x74c0c0ede32e in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) ../../../../src/libsanitizer/sanitizer_common/sanitizer_termination.cpp:78 #2 0x74c0c0e2d33c in GetStackTraceFromId ../../../../src/libsanitizer/asan/asan_descriptions.cpp:177 #3 0x74c0c0e2ef9a in __asan::HeapAddressDescription::Print() const ../../../../src/libsanitizer/asan/asan_descriptions.cpp:425 #4 0x74c0c0e326d3 in __asan::AddressDescription::Print(char const*) const ../../../../src/libsanitizer/asan/asan_descriptions.h:234 #5 0x74c0c0e326d3 in __asan::ErrorGeneric::Print() ../../../../src/libsanitizer/asan/asan_errors.cpp:591 #6 0x74c0c0ebd787 in __asan::ScopedInErrorReport::~ScopedInErrorReport() ../../../../src/libsanitizer/asan/asan_report.cpp:141 #7 0x74c0c0ebd014 in __asan::ReportGenericError(unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned long, unsigned int, bool) ../../../../src/libsanitizer/asan/asan_report.cpp:478 #8 0x74c0c0e944d7 in MemcmpInterceptorCommon(void*, int (*)(void const*, void const*, unsigned long), void const*, void const*, unsigned long) ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:861 #9 0x74c0c0e94bc6 in __interceptor_memcmp ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:892 #10 0x74c0c0e94bc6 in __interceptor_memcmp ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:887 #11 0x74c0c09821de in comparesEqual(QByteArrayView const&, QByteArrayView const&) /home/qt/work/qt/qtbase/src/corelib/text/qbytearrayview.h:356 #12 0x74c0c09821de in operator==(QByteArrayView const&, QByteArrayView const&) /home/qt/work/qt/qtbase/src/corelib/text/qbytearrayview.h:364 #13 0x74c0c09821de in comparesEqual(QByteArray const&, QByteArrayView const&) /home/qt/work/qt/qtbase/src/corelib/text/qbytearray.h:516 #14 0x74c0c09821de in operator==(QByteArray const&, QByteArray const&) /home/qt/work/qt/qtbase/src/corelib/text/qbytearray.h:523 #15 0x74c0c09821de in bool qHashEquals<QByteArray>(QByteArray const&, QByteArray const&) /home/qt/work/qt/qtbase/src/corelib/tools/qhashfunctions.h:281 #16 0x74c0c09821de in QHashPrivate::Data<QHashPrivate::Node<QByteArray, QTzTimeZone> >::Bucket QHashPrivate::Data<QHashPrivate::Node<QByteArray, QTzTimeZone> >::findBucket<QByteArray>(QByteArray const&) const /home/qt/work/qt/qtbase/src/corelib/tools/qhash.h:696 #17 0x74c0c0981397 in QHashPrivate::Node<QByteArray, QTzTimeZone>* QHashPrivate::Data<QHashPrivate::Node<QByteArray, QTzTimeZone> >::findNode<QByteArray>(QByteArray const&) const /home/qt/work/qt/qtbase/src/corelib/tools/qhash.h:705 #18 0x74c0c0981397 in QHash<QByteArray, QTzTimeZone>::contains(QByteArray const&) const /home/qt/work/qt/qtbase/src/corelib/tools/qhash.h:1015 #19 0x74c0c0981397 in QTzTimeZonePrivate::isTimeZoneIdAvailable(QByteArray const&) const /home/qt/work/qt/qtbase/src/corelib/time/qtimezoneprivate_tz.cpp:1241 #20 0x74c0c0981397 in QTzTimeZonePrivate::QTzTimeZonePrivate(QByteArray const&) /home/qt/work/qt/qtbase/src/corelib/time/qtimezoneprivate_tz.cpp:993 #21 0x74c0c08a2e17 in newBackendTimeZone /home/qt/work/qt/qtbase/src/corelib/time/qtimezone.cpp:49 #22 0x74c0c08a2e17 in QTimeZone::QTimeZone(QByteArray const&) /home/qt/work/qt/qtbase/src/corelib/time/qtimezone.cpp:464 #23 0x74c0c08a3099 in QTimeZone::systemTimeZone() /home/qt/work/qt/qtbase/src/corelib/time/qtimezone.cpp:1422 #24 0x74c0c08a5482 in QTimeZone::displayName(QDateTime const&, QTimeZone::NameType, QLocale const&) const /home/qt/work/qt/qtbase/src/corelib/time/qtimezone.cpp:946 #25 0x74c0c0855d49 in operator() /home/qt/work/qt/qtbase/src/corelib/text/qlocale.cpp:3692 #26 0x74c0c0855d49 in QCalendarBackend::dateTimeToString(QStringView, QDateTime const&, QDate, QTime, QLocale const&) const /home/qt/work/qt/qtbase/src/corelib/text/qlocale.cpp:3724 #27 0x74c0c088f346 in QCalendar::dateTimeToString(QStringView, QDateTime const&, QDate, QTime, QLocale const&) const /home/qt/work/qt/qtbase/src/corelib/time/qcalendar.cpp:1668 #28 0x74c0c084b638 in QLocale::toString(QDateTime const&, QStringView, QCalendar) const /home/qt/work/qt/qtbase/src/corelib/text/qlocale.cpp:2256 #29 0x74c0c0898ea1 in QDateTime::toString(QString const&) const /home/qt/work/qt/qtbase/src/corelib/time/qdatetime.cpp:4741 #30 0x74c0c06fe620 in formatLogMessage /home/qt/work/qt/qtbase/src/corelib/global/qlogging.cpp:1677 #31 0x74c0c06ff23e in qDefaultMessageHandler /home/qt/work/qt/qtbase/src/corelib/global/qlogging.cpp:2032 #32 0x74c0c06fa50a in qt_message_print /home/qt/work/qt/qtbase/src/corelib/global/qlogging.cpp:2082 #33 0x74c0c06ff81e in qt_message_output(QtMsgType, QMessageLogContext const&, QString const&) /home/qt/work/qt/qtbase/src/corelib/global/qlogging.cpp:2125 #34 0x74c0c0710f3d in QDebug::~QDebug() /home/qt/work/qt/qtbase/src/corelib/io/qdebug.cpp:162 #35 0x74c0c07d1d7b in QObject::deleteLater() /home/qt/work/qt/qtbase/src/corelib/kernel/qobject.cpp:2490 #36 0x6432e74aa33d in QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, void (QObject::*)()>::call(void (QObject::*)(), QObject*, void**)::{lambda()#1}::operator()() const /home/user/Qt/6.8.0/gcc_64/include/QtCore/qobjectdefs_impl.h:152 #37 0x6432e74aa844 in void QtPrivate::FunctorCallBase::call_internal<void, QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, void (QObject::*)()>::call(void (QObject::*)(), QObject*, void**)::{lambda()#1}>(void**, QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, void (QObject::*)()>::call(void (QObject::*)(), QObject*, void**)::{lambda()#1}&&) /home/user/Qt/6.8.0/gcc_64/include/QtCore/qobjectdefs_impl.h:65 #38 0x6432e74aa50f in QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, void (QObject::*)()>::call(void (QObject::*)(), QObject*, void**) /home/user/Qt/6.8.0/gcc_64/include/QtCore/qobjectdefs_impl.h:151 #39 0x6432e74a9fe9 in void QtPrivate::FunctionPointer<void (QObject::*)()>::call<QtPrivate::List<>, void>(void (QObject::*)(), QObject*, void**) /home/user/Qt/6.8.0/gcc_64/include/QtCore/qobjectdefs_impl.h:199 #40 0x6432e74a9d01 in QtPrivate::QCallableObject<void (QObject::*)(), QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) /home/user/Qt/6.8.0/gcc_64/include/QtCore/qobjectdefs_impl.h:570 #41 0x74c0c07de217 in QtPrivate::QSlotObjectBase::call(QObject*, void**) /home/qt/work/qt/qtbase/src/corelib/kernel/qobjectdefs_impl.h:486 #42 0x74c0c07de217 in void doActivate<false>(QObject*, int, void**) /home/qt/work/qt/qtbase/src/corelib/kernel/qobject.cpp:4120 #43 0x74c0c088b700 in QThread::finished(QThread::QPrivateSignal) /home/qt/work/qt/qtbase_build/src/corelib/Core_autogen/include/moc_qthread.cpp:201 #44 0x74c0c0929320 in terminate_on_exception<QThreadPrivate::finish(void*)::<lambda()> > /home/qt/work/qt/qtbase/src/corelib/thread/qthread_unix.cpp:361 #45 0x74c0c0929666 in QThreadPrivate::finish(void*) /home/qt/work/qt/qtbase/src/corelib/thread/qthread_unix.cpp:344 #46 0x74c0c0929666 in operator() /home/qt/work/qt/qtbase/src/corelib/thread/qthread_unix.cpp:293 #47 0x74c0c0929666 in ~QScopeGuard /home/qt/work/qt/qtbase/src/corelib/tools/qscopeguard.h:41 #48 0x74c0c0929666 in ~QScopeGuard /home/qt/work/qt/qtbase/src/corelib/tools/qscopeguard.h:38 #49 0x74c0bfe45d9e in __GI___call_tls_dtors stdlib/cxa_thread_atexit_impl.c:159 #50 0x74c0bfe94944 in start_thread nptl/pthread_create.c:450 #51 0x74c0bff2684f (/lib/x86_64-linux-gnu/libc.so.6+0x12684f)
Attachments
Issue Links
- relates to
-
QTBUG-129846 Quit in GUI application on linux in qt 6.8.0 does not quit and process runs indefinitely
- Closed
- resulted from
-
QTBUG-120124 Improvements to deferred deletions / deleteLater()
- Open
-
QTBUG-117996 [REG 6.2 -> 6.5] QBasicTimer::stop: Failed. Possibly trying to stop from a different thread
- Closed
For Gerrit Dashboard: QTBUG-129927 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
613130,12 | QThread/Unix: revert to pthread destruction instead of thread_local | dev | qt/qtbase | Status: NEW | +2 | +1 |