[kdevplatform] [Bug 359442] New: Crash on exit [KDevelop::BackgroundParser::~BackgroundParser, QtSharedPointer::CustomDeleter::execute]

Kevin Funk via KDE Bugzilla Mon, 15 Feb 2016 10:21:16 -0800

https://bugs.kde.org/show_bug.cgi?id=359442


            Bug ID: 359442
           Summary: Crash on exit
                    [KDevelop::BackgroundParser::~BackgroundParser,
                    QtSharedPointer::CustomDeleter<ThreadWeaver::JobInterf
                    ace, QtSharedPointer::NormalDeleter>::execute]
           Product: kdevplatform
           Version: git master
          Platform: Other
                OS: Linux
            Status: UNCONFIRMED
          Severity: crash
          Priority: NOR
         Component: language
          Assignee: kdevelop-bugs-n...@kde.org
          Reporter: kf...@kde.org

Can't really make sense out of that. If someone wants to have a look:

==12703==ERROR: AddressSanitizer: heap-use-after-free on address 0x604000e66820
at pc 0x7f737c859d65 bp 0x7ffdc5329520 sp 0x7ffdc5329518
READ of size 8 at 0x604000e66820 thread T0
    #0 0x7f737c859d64 in
QtSharedPointer::CustomDeleter<ThreadWeaver::JobInterface,
QtSharedPointer::NormalDeleter>::execute()
/usr/include/x86_64-linux-gnu/qt5/QtCore/qsharedpointer_impl.h:189:26
    #1 0x7f737c859d64 in
QtSharedPointer::ExternalRefCountWithCustomDeleter<ThreadWeaver::JobInterface,
QtSharedPointer::NormalDeleter>::deleter(QtSharedPointer::ExternalRefCountData*)
/usr/include/x86_64-linux-gnu/qt5/QtCore/qsharedpointer_impl.h:207
    #2 0x7f737bdae81d 
(/usr/lib/x86_64-linux-gnu/libKF5ThreadWeaver.so.5+0x1381d)
    #3 0x7f737fd25d38 in QMetaType::destroy(int, void*)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x29cd38)
    #4 0x7f737fd3bc78 in QMetaCallEvent::~QMetaCallEvent()
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b2c78)
    #5 0x7f737fd3bce8 in QMetaCallEvent::~QMetaCallEvent()
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b2ce8)
    #6 0x7f737fd128d6 in QCoreApplication::removePostedEvents(QObject*, int)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2898d6)
    #7 0x7f737fd3dff1 in QObjectPrivate::~QObjectPrivate()
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b4ff1)
    #8 0x7f737fd3e118 in QObjectPrivate::~QObjectPrivate()
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b5118)
    #9 0x7f737fd46707 in QObject::~QObject()
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2bd707)
    #10 0x7f737c83fb7e in KDevelop::BackgroundParser::~BackgroundParser()
/home/kfunk/devel/src/kf5/kdevplatform-stable/language/backgroundparser/backgroundparser.cpp:487:1
    #11 0x7f737c83fb7e in KDevelop::BackgroundParser::~BackgroundParser()
/home/kfunk/devel/src/kf5/kdevplatform-stable/language/backgroundparser/backgroundparser.cpp:485
    #12 0x7f737fd3ce5a in QObjectPrivate::deleteChildren()
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b3e5a)
    #13 0x7f737fd466bf in QObject::~QObject()
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2bd6bf)
    #14 0x7f738536655b in KDevelop::LanguageController::~LanguageController()
/home/kfunk/devel/src/kf5/kdevplatform-stable/shell/languagecontroller.cpp:156:1
    #15 0x7f738536655b in KDevelop::LanguageController::~LanguageController()
/home/kfunk/devel/src/kf5/kdevplatform-stable/shell/languagecontroller.cpp:154
    #16 0x7f73852b1256 in KDevelop::CorePrivate::~CorePrivate()
/home/kfunk/devel/src/kf5/kdevplatform-stable/shell/core.cpp:321:5
    #17 0x7f73852b4363 in KDevelop::Core::~Core()
/home/kfunk/devel/src/kf5/kdevplatform-stable/shell/core.cpp:395:5
    #18 0x7f73852b442d in KDevelop::Core::~Core()
/home/kfunk/devel/src/kf5/kdevplatform-stable/shell/core.cpp:391:1
    #19 0x7f737fd3f7cf in QObject::event(QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b67cf)
    #20 0x7f73806049db in QApplicationPrivate::notify_helper(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x15b9db)
    #21 0x7f7380609ea5 in QApplication::notify(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x160ea5)
    #22 0x7f737fd0fd7a in QCoreApplication::notifyInternal(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x286d7a)
    #23 0x7f737fd12175 in QCoreApplicationPrivate::sendPostedEvents(QObject*,
int, QThreadData*) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x289175)
    #24 0x7f737fd15628 in QCoreApplication::exec()
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x28c628)
    #25 0x504cc6 in main
/home/kfunk/devel/src/kf5/kdevelop-stable/app/main.cpp:674:12
    #26 0x7f737e814a3f in __libc_start_main
/build/buildd/glibc-2.21/csu/libc-start.c:289
    #27 0x43d948 in _start
(/home/kfunk/devel/install/kf5-stable/bin/kdevelop+0x43d948)

0x604000e66820 is located 16 bytes inside of 40-byte region
[0x604000e66810,0x604000e66838)
freed by thread T0 here:
    #0 0x4e43a2 in operator delete(void*)
(/home/kfunk/devel/install/kf5-stable/bin/kdevelop+0x4e43a2)
    #1 0x7f737c84538d in
KDevelop::BackgroundParserPrivate::~BackgroundParserPrivate()
/home/kfunk/devel/src/kf5/kdevplatform-stable/language/backgroundparser/backgroundparser.cpp:143:13
    #2 0x7f737c83fb66 in KDevelop::BackgroundParser::~BackgroundParser()
/home/kfunk/devel/src/kf5/kdevplatform-stable/language/backgroundparser/backgroundparser.cpp:486:5
    #3 0x7f737c83fb66 in KDevelop::BackgroundParser::~BackgroundParser()
/home/kfunk/devel/src/kf5/kdevplatform-stable/language/backgroundparser/backgroundparser.cpp:485
    #4 0x7f737fd3ce5a in QObjectPrivate::deleteChildren()
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b3e5a)

previously allocated by thread T0 here:
    #0 0x4e3de2 in operator new(unsigned long)
(/home/kfunk/devel/install/kf5-stable/bin/kdevelop+0x4e3de2)
    #1 0x7f737c856fd2 in
KDevelop::BackgroundParserPrivate::createParseJob(KDevelop::IndexedString
const&, KDevelop::TopDUContext::Features, QList<QPointer<QObject> > const&,
int)
/home/kfunk/devel/src/kf5/kdevplatform-stable/language/backgroundparser/backgroundparser.cpp:280:57
    #2 0x7f737c84afc2 in
KDevelop::BackgroundParserPrivate::parseDocumentsInternal()
/home/kfunk/devel/src/kf5/kdevplatform-stable/language/backgroundparser/backgroundparser.cpp:205:61
    #3 0x7f737c8428f3 in KDevelop::BackgroundParser::parseDocuments()
/home/kfunk/devel/src/kf5/kdevplatform-stable/language/backgroundparser/backgroundparser.cpp:596:5
    #4 0x7f737c8547cd in QtPrivate::FunctorCall<QtPrivate::IndexesList<>,
QtPrivate::List<>, void, void (KDevelop::BackgroundParser::*)()>::call(void
(KDevelop::BackgroundParser::*)(), KDevelop::BackgroundParser*, void**)
/usr/include/x86_64-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:501:13
    #5 0x7f737c8547cd in void QtPrivate::FunctionPointer<void
(KDevelop::BackgroundParser::*)()>::call<QtPrivate::List<>, void>(void
(KDevelop::BackgroundParser::*)(), KDevelop::BackgroundParser*, void**)
/usr/include/x86_64-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:520
    #6 0x7f737c8547cd in QtPrivate::QSlotObject<void
(KDevelop::BackgroundParser::*)(), QtPrivate::List<>, void>::impl(int,
QtPrivate::QSlotObjectBase*, QObject*, void**, bool*)
/usr/include/x86_64-linux-gnu/qt5/QtCore/qobject_impl.h:143
    #7 0x7f737fd3e776 in QMetaObject::activate(QObject*, int, int, void**)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b5776)
    #8 0x7f737fd4b197 in QTimer::timerEvent(QTimerEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2c2197)
    #9 0x7f73806049db in QApplicationPrivate::notify_helper(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x15b9db)

SUMMARY: AddressSanitizer: heap-use-after-free
/usr/include/x86_64-linux-gnu/qt5/QtCore/qsharedpointer_impl.h:189
QtSharedPointer::CustomDeleter<ThreadWeaver::JobInterface,
QtSharedPointer::NormalDeleter>::execute()
Shadow bytes around the buggy address:
  0x0c08801c4cb0: fa fa fa fa fa fa fa fa fa fa fd fd fd fd fd fd
  0x0c08801c4cc0: fa fa fa fa fa fa fa fa fa fa fd fd fd fd fd fd
  0x0c08801c4cd0: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
  0x0c08801c4ce0: fa fa fd fd fd fd fd fa fa fa fa fa fa fa fa fa
  0x0c08801c4cf0: fa fa fd fd fd fd fd fa fa fa 00 00 00 00 00 fa
=>0x0c08801c4d00: fa fa fd fd[fd]fd fd fa fa fa fa fa fa fa fa fa
  0x0c08801c4d10: fa fa fd fd fd fd fd fd fa fa fa fa fa fa fa fa
  0x0c08801c4d20: fa fa fd fd fd fd fd fd fa fa fa fa fa fa fa fa
  0x0c08801c4d30: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
  0x0c08801c4d40: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
  0x0c08801c4d50: fa fa fa fa fa fa fa fa fa fa fd fd fd fd fd fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==12703==ABORTING

Reproducible: Sometimes

-- 
You are receiving this mail because:
You are watching all bug changes.

[kdevplatform] [Bug 359442] New: Crash on exit [KDevelop::BackgroundParser::~BackgroundParser, QtSharedPointer::CustomDeleter::execute]

Reply via email to