kioclient5 crashes on exit due to ~QDBusConnectionManager
David Faure
faure at kde.org
Mon May 12 07:18:11 UTC 2014
On Sunday 11 May 2014 07:10:52 Thiago Macieira wrote:
> My guess is a bad order of global destruction. If your sources are
> equivalent to mine, qcoreapplication.cpp:1012 is the Q_Q line. That would
> mean that, somehow, QCoreApplicationPrivate::q_ptr is bad. We know
> QCoreApplication itself isn't bad (it's on the stack in main() and frames 2
> to 4 accessed it, without valgrind warnings).
>
> Also, qapplication.cpp:2944 (2924 or 2954 for me) calls d->notify_helper,
> which ends up in QApplicationPrivate, so we know the virtual table is still
> intact.
>
> So I can't explain the data I have. The virtual table is intact, so we know
> QApplicationPrivate isn't destroyed, so the Q_Q line shouldn't crash.
>
> I'm guessing qcoreapplication.cpp:1012 is not the Q_Q line for you.
Right, it's this line:
if (obj->eventFilter(receiver, event))
The problem is one of the event filters. But for reasons I don't understand, valgrind doesn't tell me it's an already deleted object.
.
==7861== Invalid read of size 8
==7861== at 0x8211E19: QCoreApplicationPrivate::sendThroughApplicationEventFilters(QObject*, QEvent*) (qcoreapplication.cpp:1012)
==7861== by 0x6EA807F: QApplicationPrivate::notify_helper(QObject*, QEvent*) (qapplication.cpp:3466)
==7861== by 0x6EA5961: QApplication::notify(QObject*, QEvent*) (qapplication.cpp:2944)
==7861== by 0x8211C1D: QCoreApplication::notifyInternal(QObject*, QEvent*) (qcoreapplication.cpp:935)
==7861== by 0x8215906: QCoreApplication::sendEvent(QObject*, QEvent*) (in /d/qt/5/kde/qtbase/lib/libQt5Core.so.5.3.0)
==7861== by 0x824EEFC: QObjectPrivate::setParent_helper(QObject*) (qobject.cpp:1961)
==7861== by 0x824D4B8: QObject::~QObject() (qobject.cpp:1033)
==7861== by 0x825E940: QSocketNotifier::~QSocketNotifier() (qsocketnotifier.cpp:200)
==7861== by 0x825E96F: QSocketNotifier::~QSocketNotifier() (qsocketnotifier.cpp:203)
==7861== by 0x4E50DA0: qDBusRemoveWatch (qdbusintegrator.cpp:306)
==7861== by 0x15058232: _dbus_watch_list_remove_watch (dbus-watch.c:419)
==7861== by 0x1505699D: free_watches (dbus-transport-socket.c:81)
==7861== by 0x15056A18: socket_disconnect (dbus-transport-socket.c:987)
==7861== by 0x15055EA6: _dbus_transport_disconnect (dbus-transport.c:509)
==7861== by 0x15041D81: _dbus_connection_close_possibly_shared_and_unlock (dbus-connection.c:2829)
==7861== by 0x4E4F233: q_dbus_connection_close(DBusConnection*) (qdbus_symbols_p.h:113)
==7861== by 0x4E54839: QDBusConnectionPrivate::closeConnection() (qdbusintegrator.cpp:1094)
==7861== by 0x4E4695F: QDBusConnectionManager::~QDBusConnectionManager() (qdbusconnection.cpp:108)
==7861== by 0x4E4670B: (anonymous namespace)::Q_QGS__q_manager::innerFunction()::Holder::~Holder() (qdbusconnection.cpp:67)
==7861== by 0x8F543D8: __run_exit_handlers (exit.c:82)
==7861== by 0x8F54424: exit (exit.c:104)
==7861== by 0x80004DC: QCommandLineParser::process(QStringList const&) (qcommandlineparser.cpp:495)
==7861== by 0x800079B: QCommandLineParser::process(QCoreApplication const&) (qcommandlineparser.cpp:516)
==7861== by 0x40879F: main (kioclient.cpp:163)
==7861== Address 0x1c940360 is not stack'd, malloc'd or (recently) free'd
==7861==
Let's try a breakpoint in installEventFilter:
* KActionConflictDetector in kxmlgui (0x685db0)
* AppEventFilter in oxygenstyle (0x6a06b0)
and then it crashes in obj->eventFilter with obj == 0x6a06b0.
Indeed, if I delete the oxygen.so plugin then doesn't crash, so it's related to oxygen.
I see this in the output from gdb:
warning: Temporarily disabling breakpoints for unloaded shared library "/d/kde/inst/kde_frameworks/lib64/plugins/styles/oxygen.so"
Does Qt really unload plugins? That would be the problem, right?
We have an alive object in an unloaded plugin, and we're trying to call a method on it.
I thought we never unloaded plugins....
--
David Faure, faure at kde.org, http://www.davidfaure.fr
Working on KDE Frameworks 5
More information about the Kde-frameworks-devel
mailing list