Loading...

Details

Type: Bug
Resolution: Unresolved
Priority: P2: Important
Fix Version/s: None
Affects Version/s: 5.15.0
Component/s: Network
Labels:
None

Platform/s:

Linux/X11

Description

While switching between networks on a linux laptop, a Qt application crashed with the following backtraces, which show that a secondary thread is deleting a QNetworkManagerConnectionActive object while the main thread is using it.

Main thread: (0x74006100740053 is an invalid pointer)

#0  0x00007f2b89d627a0 in QMap<QString, QVariant>::contains(QString const&) const (this=0x74006100740063, akey="Default") at ../../../../include/QtCore/../../../../qtbase/src/corelib/tools/qmap.h:703
#1  0x00007f2b89d5fcdd in QNetworkManagerConnectionActive::defaultRoute() const (this=0x74006100740053) at qtbase/src/plugins/bearer/networkmanager/qnetworkmanagerservice.cpp:971
#2  0x00007f2b89d6d451 in QNetworkManagerEngine::defaultConfiguration() (this=0x55abae92a8f0) at qtbase/src/plugins/bearer/networkmanager/qnetworkmanagerengine.cpp:826
#3  0x00007f2ba596d88b in QNetworkConfigurationManagerPrivate::defaultConfiguration() const (this=0x55abae8e0c10) at qtbase/src/network/bearer/qnetworkconfigmanager_p.cpp:105
#4  0x00007f2ba596bc5d in QNetworkConfigurationManager::defaultConfiguration() const (this=0x55abae1fa910) at qtbase/src/network/bearer/qnetworkconfigmanager.cpp:279
#5  0x00007f2ba58c2127 in QNetworkAccessManager::configuration() const (this=0x55abaea43010) at qtbase/src/network/access/qnetworkaccessmanager.cpp:1054
#6  0x00007f2ba58c5d4a in QNetworkAccessManagerPrivate::_q_networkSessionStateChanged(QNetworkSession::State) (this=0x55abae1fa860, state=QNetworkSession::Disconnected) at qtbase/src/network/access/qnetworkaccessmanager.cpp:2112
#7  0x00007f2ba58c69b3 in QNetworkAccessManager::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (_o=0x55abaea43010, _c=QMetaObject::InvokeMetaMethod, _id=12, _a=0x55abafc0d648) at .moc/moc_qnetworkaccessmanager.cpp:188
#8  0x00007f2ba529479d in QMetaCallEvent::placeMetaCall(QObject*) (this=0x55abafc0d600, object=0x55abaea43010) at qtbase/src/corelib/kernel/qobject.cpp:617
#9  0x00007f2ba5295585 in QObject::event(QEvent*) (this=0x55abaea43010, e=0x55abafc0d600) at qtbase/src/corelib/kernel/qobject.cpp:1314
#10 0x00007f2ba6b3533b in QApplicationPrivate::notify_helper(QObject*, QEvent*) (this=0x55abae096690, receiver=0x55abaea43010, e=0x55abafc0d600) at qtbase/src/widgets/kernel/qapplication.cpp:3682
#11 0x00007f2ba6b327be in QApplication::notify(QObject*, QEvent*) (this=0x7ffda57ed400, receiver=0x55abaea43010, e=0x55abafc0d600) at qtbase/src/widgets/kernel/qapplication.cpp:3022
[main event loop]

Secondary thread:

[...]
#9  0x00007f2ba7a371ee in QDBusConnection::disconnect(QString const&, QString const&, QString const&, QString const&, QObject*, char const*) (this=0x7f2b8abe6db0, service="org.freedesktop.NetworkManager", path="/org/freedesktop/NetworkManager/ActiveConnection/114", interface="org.freedesktop.NetworkManager.Connection.Active", name="PropertiesChanged", receiver=0x7f2b7c004f80, slot=0x7f2b89d80c78 "1propertiesSwap(QMap<QString,QVariant>)") at qtbase/src/dbus/qdbusconnection.cpp:820
#10 0x00007f2b89d5f811 in QNetworkManagerConnectionActive::~QNetworkManagerConnectionActive() (this=0x7f2b7c004f80, __in_chrg=<optimized out>) at qtbase/src/plugins/bearer/networkmanager/qnetworkmanagerservice.cpp:924                                                                                                  
#11 0x00007f2b89d5f890 in QNetworkManagerConnectionActive::~QNetworkManagerConnectionActive() (this=0x7f2b7c004f80, __in_chrg=<optimized out>) at qtbase/src/plugins/bearer/networkmanager/qnetworkmanagerservice.cpp:929                                                                                                  
#12 0x00007f2b89d69f49 in QNetworkManagerEngine::interfacePropertiesChanged(QMap<QString, QVariant> const&) (this=0x55abae92a8f0, properties=QMap<QString, QVariant> (size = 2) = {...}) at qtbase/src/plugins/bearer/networkmanager/qnetworkmanagerengine.cpp:299                                                         
#13 0x00007f2b89d7dff3 in QNetworkManagerEngine::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (_o=0x55abae92a8f0, _c=QMetaObject::InvokeMetaMethod, _id=0, _a=0x7f2b8abe7190) at .moc/moc_qnetworkmanagerengine.cpp:144                                                                                                
#14 0x00007f2ba52a27af in doActivate<false>(QObject*, int, void**) (sender=0x7f2b7c0029d0, signal_index=5, argv=0x7f2b8abe7190) at qtbase/src/corelib/kernel/qobject.cpp:3898                                                                                                                                              
#15 0x00007f2ba529c271 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (sender=0x7f2b7c0029d0, m=0x7f2b89f96e00 <QNetworkManagerInterface::staticMetaObject>, local_signal_index=2, argv=0x7f2b8abe7190) at qtbase/src/corelib/kernel/qobject.cpp:3946                                                 
#16 0x00007f2b89d7bc87 in QNetworkManagerInterface::propertiesChanged(QMap<QString, QVariant>) (this=0x7f2b7c0029d0, _t1=QMap<QString, QVariant> (size = 2) = {...}) at.moc/moc_qnetworkmanagerservice.cpp:251
#17 0x00007f2b89d5a27a in QNetworkManagerInterface::propertiesSwap(QMap<QString, QVariant>) (this=0x7f2b7c0029d0, map=QMap<QString, QVariant> (size = 2) = {...}) at qtbase/src/plugins/bearer/networkmanager/qnetworkmanagerservice.cpp:244
#18 0x00007f2b89d7b6a1 in QNetworkManagerInterface::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (_o=0x7f2b7c0029d0, _c=QMetaObject::InvokeMetaMethod, _id=7, _a=0x7f2b8abe73b0) at .moc/moc_qnetworkmanagerservice.cpp:111
#19 0x00007f2b89d7bb62 in QNetworkManagerInterface::qt_metacall(QMetaObject::Call, int, void**) (this=0x7f2b7c0029d0, _c=QMetaObject::InvokeMetaMethod, _id=7, _a=0x7f2b8abe73b0) at .moc/moc_qnetworkmanagerservice.cpp:223
#20 0x00007f2ba7a44a6a in QDBusConnectionPrivate::deliverCall(QObject*, int, QDBusMessage const&, QVector<int> const&, int) (this=0x7f2b84002400, object=0x7f2b7c0029d0, msg=..., metaTypes=QVector<int> (size = 2) = {...}, slotIdx=13) at qtbase/src/dbus/qdbusintegrator.cpp:1001
#21 0x00007f2ba7a4faee in QDBusCallDeliveryEvent::placeMetaCall(QObject*) (this=0x7f2b840e8810, object=0x7f2b7c0029d0) at qtbase/src/dbus/qdbusintegrator_p.h:114
#22 0x00007f2ba5295585 in QObject::event(QEvent*) (this=0x7f2b7c0029d0, e=0x7f2b840e8810) at qtbase/src/corelib/kernel/qobject.cpp:1314
#23 0x00007f2ba5252422 in QCoreApplicationPrivate::notify_helper(QObject*, QEvent*) (receiver=0x7f2b7c0029d0, event=0x7f2b840e8810) at qtbase/src/corelib/kernel/qcoreapplication.cpp:1224
#24 0x00007f2ba5252067 in doNotify(QObject*, QEvent*) (receiver=0x7f2b7c0029d0, event=0x7f2b840e8810) at qtbase/src/corelib/kernel/qcoreapplication.cpp:1153
#25 0x00007f2ba5251ee1 in QCoreApplication::notifyInternal2(QObject*, QEvent*) (receiver=0x7f2b7c0029d0, event=0x7f2b840e8810) at qtbase/src/corelib/kernel/qcoreapplication.cpp:1062
#26 0x00007f2ba52528a8 in QCoreApplication::sendEvent(QObject*, QEvent*) (receiver=0x7f2b7c0029d0, event=0x7f2b840e8810) at qtbase/src/corelib/kernel/qcoreapplication.cpp:1458
#27 0x00007f2ba52535c2 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (receiver=0x0, event_type=0, data=0x55abae28ada0) at qtbase/src/corelib/kernel/qcoreapplication.cpp:1817
#28 0x00007f2ba5252f50 in QCoreApplication::sendPostedEvents(QObject*, int) (receiver=0x0, event_type=0) at qtbase/src/corelib/kernel/qcoreapplication.cpp:1676
#29 0x00007f2ba52e12ef in postEventSourceDispatch(GSource*, GSourceFunc, gpointer) (s=0x7f2b7c004780) at qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:277
#30 0x00007f2ba1b37e87 in g_main_context_dispatch () at /usr/lib64/libglib-2.0.so.0
#31 0x00007f2ba1b38230 in  () at /usr/lib64/libglib-2.0.so.0
#32 0x00007f2ba1b382bc in g_main_context_iteration () at /usr/lib64/libglib-2.0.so.0
#33 0x00007f2ba52e1a24 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x7f2b7c000b10, flags=...) at qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:423
#34 0x00007f2ba524e9b5 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x7f2b8abe7bd0, flags=...) at qtbase/src/corelib/kernel/qeventloop.cpp:139
#35 0x00007f2ba524ecc4 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x7f2b8abe7bd0, flags=...) at qtbase/src/corelib/kernel/qeventloop.cpp:232
#36 0x00007f2ba4fe6779 in QThread::exec() (this=0x55abae305ec0) at qtbase/src/corelib/thread/qthread.cpp:540
#37 0x00007f2ba4fe690e in QThread::run() (this=0x55abae305ec0) at qtbase/src/corelib/thread/qthread.cpp:607
#38 0x00007f2ba4fe9462 in QThreadPrivate::start(void*) (arg=0x55abae305ec0) at qtbase/src/corelib/thread/qthread_unix.cpp:329
#39 0x00007f2ba33fa569 in start_thread () at /lib64/libpthread.so.0
#40 0x00007f2ba42fe9ef in clone () at /lib64/libc.so.6

In other words, thread 2 is doing
298│ while (!priorActiveConnections.isEmpty())
299├───────────────> delete activeConnectionsList.take(priorActiveConnections.takeFirst());
with the QNetworkManagerEngine mutex locked at the top of that method (QNetworkManagerEngine::interfacePropertiesChanged)

while thread 1 is doing
825│ for (QNetworkManagerConnectionActive *activeConnection : qAsConst(activeConnectionsList)) {
with the QNetworkConfigurationManagerPrivate mutex locked by QNetworkConfigurationManagerPrivate::defaultConfiguration()

But it's not the same mutex...
interfacePropertiesChanged uses ptr->mutex in some places, but not around lines 298-299.

(all line numbers in qnetworkmanagerengine.cpp)

Attachments

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Crash in QNetworkManagerEngine::defaultConfiguration due to data race

Details

Description

Attachments

Gerrit Reviews

Activity

People

Dates

Gerrit Reviews