fix: crash if hotspot is closed while loading a file

lievenhey · milianw · commit 221d60e92f3c · 2024-06-17T08:24:25.000+02:00
The crash is caused because the destructor is called in one thread while other threads still execute. This patch waits in the destructor till all threads terminate. Backtrace: ==91946==ERROR: AddressSanitizer: heap-use-after-free on address 0x513000001bb9 at pc 0x5555566c3173 bp 0x7fffca5fe900 sp 0x7fffca5fe8f0 READ of size 1 at 0x513000001bb9 thread T25 (GlobalQueue[06]) #0 0x5555566c3172 in std::__atomic_base<bool>::load(std::memory_order) const /usr/include/c++/14.1.1/bits/atomic_base.h:501 #1 0x5555566c3172 in std::atomic<bool>::operator bool() const /usr/include/c++/14.1.1/atomic:92 #2 0x55555667846a in operator() /tmp/hotspot/src/parsers/perf/perfparser.cpp:1684 #3 0x5555566c10bc in call /usr/include/qt/QtCore/qobjectdefs_impl.h:146 #4 0x5555566b9353 in call<QtPrivate::List<QProcess::ProcessError>, void> /usr/include/qt/QtCore/qobjectdefs_impl.h:256 #5 0x5555566b1239 in impl /usr/include/qt/QtCore/qobjectdefs_impl.h:443 #6 0x7ffff46df99d (/usr/lib/libQt5Core.so.5+0x2df99d) (BuildId: 5ae775b980e5842fcce9c0a035de95718227fa6e) #7 0x7ffff4630793 in QProcess::errorOccurred(QProcess::ProcessError) (/usr/lib/libQt5Core.so.5+0x230793) (BuildId: 5ae775b980e5842fcce9c0a035de95718227fa6e) #8 0x7ffff462c846 (/usr/lib/libQt5Core.so.5+0x22c846) (BuildId: 5ae775b980e5842fcce9c0a035de95718227fa6e) #9 0x7ffff4630f6c (/usr/lib/libQt5Core.so.5+0x230f6c) (BuildId: 5ae775b980e5842fcce9c0a035de95718227fa6e) #10 0x7ffff46df961 (/usr/lib/libQt5Core.so.5+0x2df961) (BuildId: 5ae775b980e5842fcce9c0a035de95718227fa6e) #11 0x7ffff46e096d in QSocketNotifier::activated(QSocketDescriptor, QSocketNotifier::Type, QSocketNotifier::QPrivateSignal) (/usr/lib/libQt5Core.so.5+0x2e096d) (BuildId: 5ae775b980e5842fcce9c0a035de95718227fa6e) #12 0x7ffff46e0aa4 in QSocketNotifier::event(QEvent*) (/usr/lib/libQt5Core.so.5+0x2e0aa4) (BuildId: 5ae775b980e5842fcce9c0a035de95718227fa6e) #13 0x7ffff5d56330 in QApplicationPrivate::notify_helper(QObject*, QEvent*) (/usr/lib/libQt5Widgets.so.5+0x156330) (BuildId: 254b52226c3f04da1b93d83e86adb3e3cffb6f76) #14 0x7ffff46ab967 in QCoreApplication::notifyInternal2(QObject*, QEvent*) (/usr/lib/libQt5Core.so.5+0x2ab967) (BuildId: 5ae775b980e5842fcce9c0a035de95718227fa6e) #15 0x7ffff46f8f0d (/usr/lib/libQt5Core.so.5+0x2f8f0d) (BuildId: 5ae775b980e5842fcce9c0a035de95718227fa6e) #16 0x7ffff2314a88 (/usr/lib/libglib-2.0.so.0+0x5ca88) (BuildId: 8880230af7e37f2edbd90b79170aead80dde617a) #17 0x7ffff23769b6 (/usr/lib/libglib-2.0.so.0+0xbe9b6) (BuildId: 8880230af7e37f2edbd90b79170aead80dde617a) #18 0x7ffff2313f94 in g_main_context_iteration (/usr/lib/libglib-2.0.so.0+0x5bf94) (BuildId: 8880230af7e37f2edbd90b79170aead80dde617a) #19 0x7ffff46fa27e in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (/usr/lib/libQt5Core.so.5+0x2fa27e) (BuildId: 5ae775b980e5842fcce9c0a035de95718227fa6e) #20 0x7ffff46a372b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (/usr/lib/libQt5Core.so.5+0x2a372b) (BuildId: 5ae775b980e5842fcce9c0a035de95718227fa6e) #21 0x55555667a9c9 in operator() /tmp/hotspot/src/parsers/perf/perfparser.cpp:1703 #22 0x5555566c2f6f in run /usr/include/KF5/ThreadWeaver/threadweaver/lambda.h:30 #23 0x7ffff7f5f5ad in ThreadWeaver::Executor::run(QSharedPointer<ThreadWeaver::JobInterface> const&, ThreadWeaver::Thread*) (/usr/lib/libKF5ThreadWeaver.so.5+0x125ad) (BuildId: 200cb669eff8ffb9ace9b7b396df6403668 5aed2) #24 0x7ffff7f604f5 in ThreadWeaver::Job::execute(QSharedPointer<ThreadWeaver::JobInterface> const&, ThreadWeaver::Thread*) (/usr/lib/libKF5ThreadWeaver.so.5+0x134f5) (BuildId: 200cb669eff8ffb9ace9b7b396df64036685 aed2) #25 0x7ffff7f63f01 in ThreadWeaver::Thread::run() (/usr/lib/libKF5ThreadWeaver.so.5+0x16f01) (BuildId: 200cb669eff8ffb9ace9b7b396df64036685aed2) #26 0x7ffff44f258a (/usr/lib/libQt5Core.so.5+0xf258a) (BuildId: 5ae775b980e5842fcce9c0a035de95718227fa6e) #27 0x7ffff785cc79 in asan_thread_start /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_interceptors.cpp:234 #28 0x7ffff36a6dec (/usr/lib/libc.so.6+0x92dec) (BuildId: 32a656aa5562eece8c59a585f5eacd6cf5e2307b) #29 0x7ffff372a0db (/usr/lib/libc.so.6+0x1160db) (BuildId: 32a656aa5562eece8c59a585f5eacd6cf5e2307b) 0x513000001bb9 is located 313 bytes inside of 336-byte region [0x513000001a80,0x513000001bd0) freed by thread T0 here: #0 0x7ffff78fe7e2 in operator delete(void*, unsigned long) /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_new_delete.cpp:164 #1 0x555556670dca in PerfParser::~PerfParser() /tmp/hotspot/src/parsers/perf/perfparser.cpp:1479 #2 0x7ffff46d5264 in QObjectPrivate::deleteChildren() (/usr/lib/libQt5Core.so.5+0x2d5264) (BuildId: 5ae775b980e5842fcce9c0a035de95718227fa6e) #3 0x7ffff5d7abf8 in QWidget::~QWidget() (/usr/lib/libQt5Widgets.so.5+0x17abf8) (BuildId: 254b52226c3f04da1b93d83e86adb3e3cffb6f76) #4 0x5555567be0a6 in MainWindow::~MainWindow() /tmp/hotspot/src/mainwindow.cpp:272 #5 0x5555567be3d7 in MainWindow::~MainWindow() /tmp/hotspot/src/mainwindow.cpp:272 #6 0x7ffff46d1a7b in QObject::event(QEvent*) (/usr/lib/libQt5Core.so.5+0x2d1a7b) (BuildId: 5ae775b980e5842fcce9c0a035de95718227fa6e) #7 0x7ffff6a9803d in KXmlGuiWindow::event(QEvent*) (/usr/lib/libKF5XmlGui.so.5+0x8b03d) (BuildId: 47e6c6148b6e322993e79bc55d54257f5f570e1c) previously allocated by thread T0 here: #0 0x7ffff78fd682 in operator new(unsigned long) /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_new_delete.cpp:95 #1 0x5555567affca in MainWindow::MainWindow(QWidget*) /tmp/hotspot/src/mainwindow.cpp:93 #2 0x5555566539da in main /tmp/hotspot/src/main.cpp:220 #3 0x7ffff3639c87 (/usr/lib/libc.so.6+0x25c87) (BuildId: 32a656aa5562eece8c59a585f5eacd6cf5e2307b) #4 0x7ffff3639d4b in __libc_start_main (/usr/lib/libc.so.6+0x25d4b) (BuildId: 32a656aa5562eece8c59a585f5eacd6cf5e2307b) #5 0x5555565d5054 in _start (/tmp/hotspot/build-dev-asan/bin/hotspot+0x1081054) (BuildId: a68032c20b67d2759bc6ace66427a8e3b02fa3e6) Thread T25 (GlobalQueue[06]) created by T21 (GlobalQueue[02]) here: #0 0x7ffff78f38fb in pthread_create /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_interceptors.cpp:245 #1 0x7ffff44ee379 in QThread::start(QThread::Priority) (/usr/lib/libQt5Core.so.5+0xee379) (BuildId: 5ae775b980e5842fcce9c0a035de95718227fa6e) #2 0x7ffff7f6749c in ThreadWeaver::Weaver::adjustInventory(int) (/usr/lib/libKF5ThreadWeaver.so.5+0x1a49c) (BuildId: 200cb669eff8ffb9ace9b7b396df64036685aed2) Thread T21 (GlobalQueue[02]) created by T0 here: #0 0x7ffff78f38fb in pthread_create /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_interceptors.cpp:245 #1 0x7ffff44ee379 in QThread::start(QThread::Priority) (/usr/lib/libQt5Core.so.5+0xee379) (BuildId: 5ae775b980e5842fcce9c0a035de95718227fa6e) #2 0x7ffff7f6749c in ThreadWeaver::Weaver::adjustInventory(int) (/usr/lib/libKF5ThreadWeaver.so.5+0x1a49c) (BuildId: 200cb669eff8ffb9ace9b7b396df64036685aed2) fixes: #654
diff --git a/src/parsers/perf/perfparser.cpp b/src/parsers/perf/perfparser.cpp
@@ -1476,7 +1476,14 @@ PerfParser::PerfParser(QObject* parent)
     connect(this, &PerfParser::parsingFinished, this, parsingStopped);
 }
 
-PerfParser::~PerfParser() = default;
+PerfParser::~PerfParser()
+{
+    using namespace ThreadWeaver;
+    auto queue = Queue::instance();
+    if (!queue->isEmpty()) {
+        queue->shutDown();
+    }
+}
 
 bool PerfParser::initParserArgs(const QString& path)
 {

Original file line number	Diff line number	Diff line change
`@@ -1476,7 +1476,14 @@ PerfParser::PerfParser(QObject* parent)`
`1476`	`1476`	`connect(this, &PerfParser::parsingFinished, this, parsingStopped);`
`1477`	`1477`	`}`
`1478`	`1478`
`1479`		`-PerfParser::~PerfParser() = default;`
	`1479`	`+PerfParser::~PerfParser()`
	`1480`	`+{`
	`1481`	`+ using namespace ThreadWeaver;`
	`1482`	`+ auto queue = Queue::instance();`
	`1483`	`+ if (!queue->isEmpty()) {`
	`1484`	`+ queue->shutDown();`
	`1485`	`+ }`
	`1486`	`+}`
`1480`	`1487`
`1481`	`1488`	`bool PerfParser::initParserArgs(const QString& path)`
`1482`	`1489`	`{`