Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-72527

tests/auto/controls/tst_controls crash/fail on Linux and Windows 7

    XMLWordPrintable

Details

    • Linux/X11, Windows
    • c401ae278b4bb91c70c6d7df974a241d7c68855b (qt/qtdeclarative/5.12)

    Description

      https://codereview.qt-project.org/#/c/248105/ Merge remote-tracking branch 'origin/5.11' into 5.12 +

      https://codereview.qt-project.org/#/c/248106/ Update submodules on '5.12' in qt5

      https://testresults.qt.io/coin/integration/qt/qt5/tasks/1546877088

      https://testresults.qt.io/coin/api/results/qt/qtquickcontrols2/eac29be705c1ebb3e8eb941bd172af0a98fdc599/LinuxUbuntu_18_04x86_64LinuxUbuntu_18_04x86_64GCCqtci-linux-Ubuntu-18.04-x86_64-49a89eDeveloperBuild_OutOfSourceBuild_QtLibInfix_QtNamespace_BuildExamples_Documentation/a191f353eda4f8900eb50bd26a6a112c79b4da42/test_1546882873/log.txt.gz

      agent:2018/12/13 06:46:38 build.go:193: PASS   : tst_controls::Imagine::ToolTip::test_warning()
agent:2018/12/13 06:46:38 build.go:193: PASS   : tst_controls::Imagine::ToolTip::cleanupTestCase()
agent:2018/12/13 06:46:38 build.go:193: Makefile:332: recipe for target 'check' failed
agent:2018/12/13 06:46:38 build.go:193: make: *** [check] Segmentation fault
agent:2018/12/13 06:46:38 build.go:237: Process finished with error: exit status 2
agent:2018/12/13 06:46:38 build.go:196: Error reading from stdout/err: exit status 2

      PASS   : tst_controls::Imagine::ToolTip::cleanupTestCase()
=================================================================
==7117==ERROR: AddressSanitizer: heap-use-after-free on address 0x6100002de848 at pc 0x7f5dd62f9113 bp 0x7ffd6a601a10 sp 0x7ffd6a601a00
READ of size 8 at 0x6100002de848 thread T0
    #0 0x7f5dd62f9112 in QtQml::qmlEngine(QObject const*) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlengine.cpp:1649
    #1 0x7f5ddc0e3cd7 in findAttachedParent /home/mitch/dev/qt5.12/qtquickcontrols2/src/quickcontrols2/qquickattachedobject.cpp:97
    #2 0x7f5ddc0e5ebc in QQuickAttachedObjectPrivate::itemParentChanged(QQuickItem*, QQuickItem*) /home/mitch/dev/qt5.12/qtquickcontrols2/src/quickcontrols2/qquickattachedobject.cpp:213
    #3 0x7f5dd71bbd9b in QQuickItemPrivate::itemChange(QQuickItem::ItemChange, QQuickItem::ItemChangeData const&) /home/mitch/dev/qt5.12/qtdeclarative/src/quick/items/qquickitem.cpp:6286
    #4 0x7f5dd71cf7c9 in QQuickItem::setParentItem(QQuickItem*) /home/mitch/dev/qt5.12/qtdeclarative/src/quick/items/qquickitem.cpp:2806
    #5 0x7f5dd71d2cc7 in QQuickItem::~QQuickItem() /home/mitch/dev/qt5.12/qtdeclarative/src/quick/items/qquickitem.cpp:2396
    #6 0x7f5dd54aa161 in QQuickControl::~QQuickControl() /home/mitch/dev/qt5.12/qtquickcontrols2/src/quicktemplates2/qquickcontrol.cpp:922
    #7 0x7f5dd5513e92 in QQuickPane::~QQuickPane() /home/mitch/dev/qt5.12/qtquickcontrols2/src/quicktemplates2/qquickpane.cpp:234
    #8 0x7f5dd550c9f5 in QQuickPage::~QQuickPage() /home/mitch/dev/qt5.12/qtquickcontrols2/src/quicktemplates2/qquickpage.cpp:218
    #9 0x7f5dd55d9592 in QQuickPopupItem::~QQuickPopupItem() .moc/../../../../../qt5.12/qtquickcontrols2/src/quicktemplates2/qquickpopupitem_p_p.h:57
    #10 0x7f5dd55d95b7 in QQuickPopupItem::~QQuickPopupItem() .moc/../../../../../qt5.12/qtquickcontrols2/src/quicktemplates2/qquickpopupitem_p_p.h:57
    #11 0x7f5dd551e184 in QQuickPopup::~QQuickPopup() /home/mitch/dev/qt5.12/qtquickcontrols2/src/quicktemplates2/qquickpopup.cpp:815
    #12 0x7f5dbd4e90e8 in QQuickToolTip::~QQuickToolTip() /home/mitch/dev/qt5.12-debug/qtbase/include/QtQuickTemplates2/5.12.0/QtQuickTemplates2/private/../../../../../../../qt5.12/qtquickcontrols2/src/quicktemplates2/qquicktooltip_p.h:59
    #13 0x7f5dbd4e90e8 in QQmlPrivate::QQmlElement<QQuickToolTip>::~QQmlElement() /home/mitch/dev/qt5.12-debug/qtbase/include/QtQml/../../../../qt5.12/qtdeclarative/src/qml/qml/qqmlprivate.h:103
    #14 0x7f5dbd4e90e8 in QQmlPrivate::QQmlElement<QQuickToolTip>::~QQmlElement() /home/mitch/dev/qt5.12-debug/qtbase/include/QtQml/../../../../qt5.12/qtdeclarative/src/qml/qml/qqmlprivate.h:103
    #15 0x7f5dd9645474 in QObjectPrivate::deleteChildren() /home/mitch/dev/qt5.12/qtbase/src/corelib/kernel/qobject.cpp:2006
    #16 0x7f5dd964a033 in QObject::~QObject() /home/mitch/dev/qt5.12/qtbase/src/corelib/kernel/qobject.cpp:1032
    #17 0x7f5dd5bb05f3 in QJSEngine::~QJSEngine() /home/mitch/dev/qt5.12/qtdeclarative/src/qml/jsapi/qjsengine.cpp:375
    #18 0x7f5dd630a97e in QQmlEngine::~QQmlEngine() /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlengine.cpp:1072
    #19 0x7f5ddc02b3fe in quick_test_main_with_setup(int, char**, char const*, char const*, QObject*) /home/mitch/dev/qt5.12/qtdeclarative/src/qmltest/quicktest.cpp:494
    #20 0x7f5ddc02c8f4 in quick_test_main(int, char**, char const*, char const*) /home/mitch/dev/qt5.12/qtdeclarative/src/qmltest/quicktest.cpp:334
    #21 0x55c54616d49a in main /home/mitch/dev/qt5.12/qtquickcontrols2/tests/auto/controls/imagine/tst_imagine.cpp:46
    #22 0x7f5dd846cb96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
    #23 0x55c54616d1f9 in _start (/home/mitch/dev/qt5.12-debug/qtquickcontrols2/tests/auto/controls/imagine/tst_imagine+0x11f9)

0x6100002de848 is located 8 bytes inside of 184-byte region [0x6100002de840,0x6100002de8f8)
freed by thread T0 here:
    #0 0x7f5ddb05c9d8 in operator delete(void*, unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xe19d8)
    #1 0x7f5dd6372cc1 in QQmlContextData::destroy() /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlcontext.cpp:674
    #2 0x7f5dd62f9b27 in QQmlContextDataRef::clear() /home/mitch/dev/qt5.12-debug/qtbase/include/QtQml/5.12.0/QtQml/private/../../../../../../../qt5.12/qtdeclarative/src/qml/qml/qqmlcontext_p.h:342
    #3 0x7f5dd62f9b27 in QQmlContextDataRef::setContextData(QQmlContextData*) /home/mitch/dev/qt5.12-debug/qtbase/include/QtQml/5.12.0/QtQml/private/../../../../../../../qt5.12/qtdeclarative/src/qml/qml/qqmlcontext_p.h:326
    #4 0x7f5dd62f9b27 in QQmlContextDataRef::operator=(QQmlContextData*) /home/mitch/dev/qt5.12-debug/qtbase/include/QtQml/5.12.0/QtQml/private/../../../../../../../qt5.12/qtdeclarative/src/qml/qml/qqmlcontext_p.h:349
    #5 0x7f5dd62f9b27 in QQmlPrivate::qdeclarativeelement_destructor(QObject*) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlengine.cpp:754
    #6 0x7f5dbd4e909c in QQmlPrivate::QQmlElement<QQuickToolTip>::~QQmlElement() /home/mitch/dev/qt5.12-debug/qtbase/include/QtQml/../../../../qt5.12/qtdeclarative/src/qml/qml/qqmlprivate.h:102
    #7 0x7f5dbd4e909c in QQmlPrivate::QQmlElement<QQuickToolTip>::~QQmlElement() /home/mitch/dev/qt5.12-debug/qtbase/include/QtQml/../../../../qt5.12/qtdeclarative/src/qml/qml/qqmlprivate.h:103
    #8 0x7f5dd9645474 in QObjectPrivate::deleteChildren() /home/mitch/dev/qt5.12/qtbase/src/corelib/kernel/qobject.cpp:2006
    #9 0x7f5dd964a033 in QObject::~QObject() /home/mitch/dev/qt5.12/qtbase/src/corelib/kernel/qobject.cpp:1032
    #10 0x7f5dd5bb05f3 in QJSEngine::~QJSEngine() /home/mitch/dev/qt5.12/qtdeclarative/src/qml/jsapi/qjsengine.cpp:375
    #11 0x7f5dd630a97e in QQmlEngine::~QQmlEngine() /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlengine.cpp:1072
    #12 0x7f5ddc02b3fe in quick_test_main_with_setup(int, char**, char const*, char const*, QObject*) /home/mitch/dev/qt5.12/qtdeclarative/src/qmltest/quicktest.cpp:494
    #13 0x7f5ddc02c8f4 in quick_test_main(int, char**, char const*, char const*) /home/mitch/dev/qt5.12/qtdeclarative/src/qmltest/quicktest.cpp:334
    #14 0x55c54616d49a in main /home/mitch/dev/qt5.12/qtquickcontrols2/tests/auto/controls/imagine/tst_imagine.cpp:46
    #15 0x7f5dd846cb96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)

previously allocated by thread T0 here:
    #0 0x7f5ddb05b458 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xe0458)
    #1 0x7f5dd65943ba in QQmlObjectCreator::create(int, QObject*, QQmlInstantiationInterrupt*) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlobjectcreator.cpp:173
    #2 0x7f5dd6584973 in QQmlObjectCreator::createInstance(int, QObject*, bool) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlobjectcreator.cpp:1202
    #3 0x7f5dd6594a00 in QQmlObjectCreator::create(int, QObject*, QQmlInstantiationInterrupt*) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlobjectcreator.cpp:203
    #4 0x7f5dd635bc6a in QQmlComponentPrivate::beginCreate(QQmlContextData*) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlcomponent.cpp:871
    #5 0x7f5dd635c8d3 in QQmlComponent::beginCreate(QQmlContext*) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlcomponent.cpp:823
    #6 0x7f5dd6351fc9 in QQmlComponent::create(QQmlContext*) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlcomponent.cpp:783
    #7 0x7f5dd55a9cbb in QQuickToolTipAttachedPrivate::instance(bool) const /home/mitch/dev/qt5.12/qtquickcontrols2/src/quicktemplates2/qquicktooltip.cpp:378
    #8 0x7f5dd55aa428 in QQuickToolTipAttached::toolTip() const /home/mitch/dev/qt5.12/qtquickcontrols2/src/quicktemplates2/qquicktooltip.cpp:515
    #9 0x7f5dd55ff39f in QQuickToolTipAttached::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) .moc/moc_qquicktooltip_p.cpp:397
    #10 0x7f5dd5ef4368 in QQmlPropertyData::readPropertyWithArgs(QObject*, void**) const /home/mitch/dev/qt5.12-debug/qtbase/include/QtQml/5.12.0/QtQml/private/../../../../../../../qt5.12/qtdeclarative/src/qml/qml/qqmlpropertycache_p.h:334
    #11 0x7f5dd5ed6ff9 in QQmlPropertyData::readProperty(QObject*, void*) const /home/mitch/dev/qt5.12-debug/qtbase/include/QtQml/5.12.0/QtQml/private/../../../../../../../qt5.12/qtdeclarative/src/qml/qml/qqmlpropertycache_p.h:328
    #12 0x7f5dd5ed6ff9 in loadProperty /home/mitch/dev/qt5.12/qtdeclarative/src/qml/jsruntime/qv4qobjectwrapper.cpp:134
    #13 0x7f5dd5ee4d88 in QV4::QObjectWrapper::getProperty(QV4::ExecutionEngine*, QObject*, QQmlPropertyData*, bool) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/jsruntime/qv4qobjectwrapper.cpp:268
    #14 0x7f5dd5eead86 in QV4::QObjectWrapper::getQmlProperty(QV4::ExecutionEngine*, QQmlContextData*, QObject*, QV4::String*, QV4::QObjectWrapper::RevisionMode, bool*) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/jsruntime/qv4qobjectwrapper.cpp:388
    #15 0x7f5dd656f90f in QV4::QQmlTypeWrapper::virtualGet(QV4::Managed const*, QV4::PropertyKey, QV4::Value const*, bool*) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmltypewrapper.cpp:265
    #16 0x7f5dd5e29148 in QV4::Object::get(QV4::StringOrSymbol*, bool*, QV4::Value const*) const /home/mitch/dev/qt5.12/qtdeclarative/src/qml/jsruntime/qv4object_p.h:308
    #17 0x7f5dd623e34b in QV4::Runtime::method_loadProperty(QV4::ExecutionEngine*, QV4::Value const&, int) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/jsruntime/qv4runtime.cpp:974
    #18 0x7f5dd5f6e126 in QV4::Moth::VME::interpret(QV4::CppStackFrame*, QV4::ExecutionEngine*, char const*) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:590
    #19 0x7f5dd5f8f9c8 in QV4::Moth::VME::exec(QV4::CppStackFrame*, QV4::ExecutionEngine*) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/jsruntime/qv4vme_moth.cpp:441
    #20 0x7f5dd5ca8ab3 in QV4::Function::call(QV4::Value const*, QV4::Value const*, int, QV4::ExecutionContext const*) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/jsruntime/qv4function.cpp:68
    #21 0x7f5dd6513871 in QQmlJavaScriptExpression::evaluate(QV4::CallData*, bool*) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmljavascriptexpression.cpp:216
    #22 0x7f5dd6528f69 in QQmlBinding::evaluate(bool*) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlbinding.cpp:209
    #23 0x7f5dd65401b1 in QQmlNonbindingBinding::doUpdate(QQmlJavaScriptExpression::DeleteWatcher const&, QFlags<QQmlPropertyData::WriteFlag>, QV4::Scope&) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlbinding.cpp:245
    #24 0x7f5dd6533673 in QQmlBinding::update(QFlags<QQmlPropertyData::WriteFlag>) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlbinding.cpp:185
    #25 0x7f5dd6536682 in QQmlBinding::setEnabled(bool, QFlags<QQmlPropertyData::WriteFlag>) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlbinding.cpp:550
    #26 0x7f5dd657efe6 in QQmlObjectCreator::finalize(QQmlInstantiationInterrupt&) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlobjectcreator.cpp:1347
    #27 0x7f5dd63526d7 in QQmlComponentPrivate::complete(QQmlEnginePrivate*, QQmlComponentPrivate::ConstructionState*) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlcomponent.cpp:923
    #28 0x7f5dd6352ac8 in QQmlComponentPrivate::completeCreate() /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlcomponent.cpp:959
    #29 0x7f5dd6352c1c in QQmlComponent::completeCreate() /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlcomponent.cpp:951
    #30 0x7f5dd6352007 in QQmlComponent::create(QQmlContext*) /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlcomponent.cpp:785

SUMMARY: AddressSanitizer: heap-use-after-free /home/mitch/dev/qt5.12/qtdeclarative/src/qml/qml/qqmlengine.cpp:1649 in QtQml::qmlEngine(QObject const*)
Shadow bytes around the buggy address:
  0x0c2080053cb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c2080053cc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c2080053cd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c2080053ce0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x0c2080053cf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa
=>0x0c2080053d00: fa fa fa fa fa fa fa fa fd[fd]fd fd fd fd fd fd
  0x0c2080053d10: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa
  0x0c2080053d20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c2080053d30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c2080053d40: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
  0x0c2080053d50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==7117==ABORTING

      Attachments

        For Gerrit Dashboard: QTBUG-72527
        # Subject Branch Project Status CR V
        248151,2 QML: When destroying a context, clear any pointers to it 5.12 qt/qtdeclarative Status: MERGED +2 0

        Activity

          People

            ulherman Ulf Hermann
            liaqi Liang Qi
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes