Skip to content

Commit

Permalink
fix: crash if hotspot is closed while loading a file
Browse files Browse the repository at this point in the history
The crash is caused because the destructor is called in one thread while
other threads still execute. This patch waits in the destructor till all
threads terminate.

Backtrace:
==91946==ERROR: AddressSanitizer: heap-use-after-free on address 0x513000001bb9 at pc 0x5555566c3173 bp 0x7fffca5fe900 sp 0x7fffca5fe8f0
READ of size 1 at 0x513000001bb9 thread T25 (GlobalQueue[06])
    #0 0x5555566c3172 in std::__atomic_base<bool>::load(std::memory_order) const /usr/include/c++/14.1.1/bits/atomic_base.h:501
    #1 0x5555566c3172 in std::atomic<bool>::operator bool() const /usr/include/c++/14.1.1/atomic:92
    #2 0x55555667846a in operator() /tmp/hotspot/src/parsers/perf/perfparser.cpp:1684
    #3 0x5555566c10bc in call /usr/include/qt/QtCore/qobjectdefs_impl.h:146
    #4 0x5555566b9353 in call<QtPrivate::List<QProcess::ProcessError>, void> /usr/include/qt/QtCore/qobjectdefs_impl.h:256
    #5 0x5555566b1239 in impl /usr/include/qt/QtCore/qobjectdefs_impl.h:443
    #6 0x7ffff46df99d  (/usr/lib/libQt5Core.so.5+0x2df99d) (BuildId: 5ae775b980e5842fcce9c0a035de95718227fa6e)
    #7 0x7ffff4630793 in QProcess::errorOccurred(QProcess::ProcessError) (/usr/lib/libQt5Core.so.5+0x230793) (BuildId: 5ae775b980e5842fcce9c0a035de95718227fa6e)
    #8 0x7ffff462c846  (/usr/lib/libQt5Core.so.5+0x22c846) (BuildId: 5ae775b980e5842fcce9c0a035de95718227fa6e)
    #9 0x7ffff4630f6c  (/usr/lib/libQt5Core.so.5+0x230f6c) (BuildId: 5ae775b980e5842fcce9c0a035de95718227fa6e)
    #10 0x7ffff46df961  (/usr/lib/libQt5Core.so.5+0x2df961) (BuildId: 5ae775b980e5842fcce9c0a035de95718227fa6e)
    #11 0x7ffff46e096d in QSocketNotifier::activated(QSocketDescriptor, QSocketNotifier::Type, QSocketNotifier::QPrivateSignal) (/usr/lib/libQt5Core.so.5+0x2e096d) (BuildId: 5ae775b980e5842fcce9c0a035de95718227fa6e)
    #12 0x7ffff46e0aa4 in QSocketNotifier::event(QEvent*) (/usr/lib/libQt5Core.so.5+0x2e0aa4) (BuildId: 5ae775b980e5842fcce9c0a035de95718227fa6e)
    #13 0x7ffff5d56330 in QApplicationPrivate::notify_helper(QObject*, QEvent*) (/usr/lib/libQt5Widgets.so.5+0x156330) (BuildId: 254b52226c3f04da1b93d83e86adb3e3cffb6f76)
    #14 0x7ffff46ab967 in QCoreApplication::notifyInternal2(QObject*, QEvent*) (/usr/lib/libQt5Core.so.5+0x2ab967) (BuildId: 5ae775b980e5842fcce9c0a035de95718227fa6e)
    #15 0x7ffff46f8f0d  (/usr/lib/libQt5Core.so.5+0x2f8f0d) (BuildId: 5ae775b980e5842fcce9c0a035de95718227fa6e)
    #16 0x7ffff2314a88  (/usr/lib/libglib-2.0.so.0+0x5ca88) (BuildId: 8880230af7e37f2edbd90b79170aead80dde617a)
    #17 0x7ffff23769b6  (/usr/lib/libglib-2.0.so.0+0xbe9b6) (BuildId: 8880230af7e37f2edbd90b79170aead80dde617a)
    #18 0x7ffff2313f94 in g_main_context_iteration (/usr/lib/libglib-2.0.so.0+0x5bf94) (BuildId: 8880230af7e37f2edbd90b79170aead80dde617a)
    #19 0x7ffff46fa27e in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (/usr/lib/libQt5Core.so.5+0x2fa27e) (BuildId: 5ae775b980e5842fcce9c0a035de95718227fa6e)
    #20 0x7ffff46a372b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (/usr/lib/libQt5Core.so.5+0x2a372b) (BuildId: 5ae775b980e5842fcce9c0a035de95718227fa6e)
    #21 0x55555667a9c9 in operator() /tmp/hotspot/src/parsers/perf/perfparser.cpp:1703
    #22 0x5555566c2f6f in run /usr/include/KF5/ThreadWeaver/threadweaver/lambda.h:30
    #23 0x7ffff7f5f5ad in ThreadWeaver::Executor::run(QSharedPointer<ThreadWeaver::JobInterface> const&, ThreadWeaver::Thread*) (/usr/lib/libKF5ThreadWeaver.so.5+0x125ad) (BuildId: 200cb669eff8ffb9ace9b7b396df6403668
5aed2)
    #24 0x7ffff7f604f5 in ThreadWeaver::Job::execute(QSharedPointer<ThreadWeaver::JobInterface> const&, ThreadWeaver::Thread*) (/usr/lib/libKF5ThreadWeaver.so.5+0x134f5) (BuildId: 200cb669eff8ffb9ace9b7b396df64036685
aed2)
    #25 0x7ffff7f63f01 in ThreadWeaver::Thread::run() (/usr/lib/libKF5ThreadWeaver.so.5+0x16f01) (BuildId: 200cb669eff8ffb9ace9b7b396df64036685aed2)
    #26 0x7ffff44f258a  (/usr/lib/libQt5Core.so.5+0xf258a) (BuildId: 5ae775b980e5842fcce9c0a035de95718227fa6e)
    #27 0x7ffff785cc79 in asan_thread_start /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_interceptors.cpp:234
    #28 0x7ffff36a6dec  (/usr/lib/libc.so.6+0x92dec) (BuildId: 32a656aa5562eece8c59a585f5eacd6cf5e2307b)
    #29 0x7ffff372a0db  (/usr/lib/libc.so.6+0x1160db) (BuildId: 32a656aa5562eece8c59a585f5eacd6cf5e2307b)

0x513000001bb9 is located 313 bytes inside of 336-byte region [0x513000001a80,0x513000001bd0)
freed by thread T0 here:
    #0 0x7ffff78fe7e2 in operator delete(void*, unsigned long) /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_new_delete.cpp:164
    #1 0x555556670dca in PerfParser::~PerfParser() /tmp/hotspot/src/parsers/perf/perfparser.cpp:1479
    #2 0x7ffff46d5264 in QObjectPrivate::deleteChildren() (/usr/lib/libQt5Core.so.5+0x2d5264) (BuildId: 5ae775b980e5842fcce9c0a035de95718227fa6e)
    #3 0x7ffff5d7abf8 in QWidget::~QWidget() (/usr/lib/libQt5Widgets.so.5+0x17abf8) (BuildId: 254b52226c3f04da1b93d83e86adb3e3cffb6f76)
    #4 0x5555567be0a6 in MainWindow::~MainWindow() /tmp/hotspot/src/mainwindow.cpp:272
    #5 0x5555567be3d7 in MainWindow::~MainWindow() /tmp/hotspot/src/mainwindow.cpp:272
    #6 0x7ffff46d1a7b in QObject::event(QEvent*) (/usr/lib/libQt5Core.so.5+0x2d1a7b) (BuildId: 5ae775b980e5842fcce9c0a035de95718227fa6e)
    #7 0x7ffff6a9803d in KXmlGuiWindow::event(QEvent*) (/usr/lib/libKF5XmlGui.so.5+0x8b03d) (BuildId: 47e6c6148b6e322993e79bc55d54257f5f570e1c)

previously allocated by thread T0 here:
    #0 0x7ffff78fd682 in operator new(unsigned long) /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_new_delete.cpp:95
    #1 0x5555567affca in MainWindow::MainWindow(QWidget*) /tmp/hotspot/src/mainwindow.cpp:93
    #2 0x5555566539da in main /tmp/hotspot/src/main.cpp:220
    #3 0x7ffff3639c87  (/usr/lib/libc.so.6+0x25c87) (BuildId: 32a656aa5562eece8c59a585f5eacd6cf5e2307b)
    #4 0x7ffff3639d4b in __libc_start_main (/usr/lib/libc.so.6+0x25d4b) (BuildId: 32a656aa5562eece8c59a585f5eacd6cf5e2307b)
    #5 0x5555565d5054 in _start (/tmp/hotspot/build-dev-asan/bin/hotspot+0x1081054) (BuildId: a68032c20b67d2759bc6ace66427a8e3b02fa3e6)

Thread T25 (GlobalQueue[06]) created by T21 (GlobalQueue[02]) here:
    #0 0x7ffff78f38fb in pthread_create /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_interceptors.cpp:245
    #1 0x7ffff44ee379 in QThread::start(QThread::Priority) (/usr/lib/libQt5Core.so.5+0xee379) (BuildId: 5ae775b980e5842fcce9c0a035de95718227fa6e)
    #2 0x7ffff7f6749c in ThreadWeaver::Weaver::adjustInventory(int) (/usr/lib/libKF5ThreadWeaver.so.5+0x1a49c) (BuildId: 200cb669eff8ffb9ace9b7b396df64036685aed2)

Thread T21 (GlobalQueue[02]) created by T0 here:
    #0 0x7ffff78f38fb in pthread_create /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_interceptors.cpp:245
    #1 0x7ffff44ee379 in QThread::start(QThread::Priority) (/usr/lib/libQt5Core.so.5+0xee379) (BuildId: 5ae775b980e5842fcce9c0a035de95718227fa6e)
    #2 0x7ffff7f6749c in ThreadWeaver::Weaver::adjustInventory(int) (/usr/lib/libKF5ThreadWeaver.so.5+0x1a49c) (BuildId: 200cb669eff8ffb9ace9b7b396df64036685aed2)

fixes: #654
  • Loading branch information
lievenhey authored and milianw committed Jun 17, 2024
1 parent d5d9cd4 commit 221d60e
Showing 1 changed file with 8 additions and 1 deletion.
9 changes: 8 additions & 1 deletion src/parsers/perf/perfparser.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -1476,7 +1476,14 @@ PerfParser::PerfParser(QObject* parent)
connect(this, &PerfParser::parsingFinished, this, parsingStopped);
}

PerfParser::~PerfParser() = default;
PerfParser::~PerfParser()
{
using namespace ThreadWeaver;
auto queue = Queue::instance();
if (!queue->isEmpty()) {
queue->shutDown();
}
}

bool PerfParser::initParserArgs(const QString& path)
{
Expand Down

0 comments on commit 221d60e

Please sign in to comment.