crash at QThead::wait



  • I have a crash at QThread::wait. Here is the stack trace:

    FAULTING_IP: 
    Qt5Cored!isRecursive+22 [c:\users\qt\work\qt\qtbase\src\corelib\thread\qmutex.cpp @ 65]
    00007ffa`7e5b4372 0fb600          movzx   eax,byte ptr [rax]
    
    EXCEPTION_RECORD:  (.exr -1)
    ExceptionAddress: 00007ffa7e5b4372 (Qt5Cored!isRecursive+0x0000000000000022)
       ExceptionCode: c0000005 (Access violation)
      ExceptionFlags: 00000000
    NumberParameters: 2
       Parameter[0]: 0000000000000000
       Parameter[1]: ffffffffffffffff
    Attempt to read from address ffffffffffffffff
    
    DEFAULT_BUCKET_ID:  INVALID_POINTER_READ
    
    PROCESS_NAME:  CortexService.exe
    
    FOLLOWUP_IP: 
    Qt5Cored!isRecursive+22 [c:\users\qt\work\qt\qtbase\src\corelib\thread\qmutex.cpp @ 65]
    00007ffa`7e5b4372 0fb600          movzx   eax,byte ptr [rax]
    
    READ_ADDRESS:  ffffffffffffffff 
    
    ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
    
    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
    
    EXCEPTION_CODE_STR:  c0000005
    
    EXCEPTION_PARAMETER1:  0000000000000000
    
    EXCEPTION_PARAMETER2:  ffffffffffffffff
    
    WATSON_BKT_PROCSTAMP:  5cecc322
    
    WATSON_BKT_MODULE:  Qt5Cored.dll
    
    WATSON_BKT_MODSTAMP:  5c0513ac
    
    WATSON_BKT_MODOFFSET:  f4372
    
    WATSON_BKT_MODVER:  5.12.0.0
    
    MODULE_VER_PRODUCT:  Qt5
    
    BUILD_VERSION_STRING:  17134.1.amd64fre.rs4_release.180410-1804
    
    ANALYSIS_SESSION_HOST:  DESKTOP-ICB5G90
    
    ANALYSIS_SESSION_TIME:  05-29-2019 16:02:39.0827
    
    ANALYSIS_VERSION: 10.0.18869.1002 amd64fre
    
    THREAD_ATTRIBUTES: 
    BUGCHECK_STR:  APPLICATION_FAULT_INVALID_POINTER_READ
    
    PRIMARY_PROBLEM_CLASS:  APPLICATION_FAULT
    
    PROBLEM_CLASSES: 
    
        ID:     [0n313]
        Type:   [@ACCESS_VIOLATION]
        Class:  Addendum
        Scope:  BUCKET_ID
        Name:   Omit
        Data:   Omit
        PID:    [Unspecified]
        TID:    [0x29f8]
        Frame:  [0] : Qt5Cored!isRecursive
    
        ID:     [0n285]
        Type:   [INVALID_POINTER_READ]
        Class:  Primary
        Scope:  DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
                BUCKET_ID
        Name:   Add
        Data:   Omit
        PID:    [Unspecified]
        TID:    [0x29f8]
        Frame:  [0] : Qt5Cored!isRecursive
    
    LAST_CONTROL_TRANSFER:  from 00007ffa7e5b3e4b to 00007ffa7e5b4372
    
    STACK_TEXT:  
    000000ac`53ffb800 00007ffa`7e5b3e4b : dddddddd`dddddddd 000000ac`53ffb840 00000000`00000000 000002a4`cea17080 : Qt5Cored!isRecursive+0x22
    000000ac`53ffb820 00007ffa`7e5ab81c : 000002a4`cea1f520 000002a4`cea1f520 000002a4`00000000 00000000`0000041c : Qt5Cored!QMutex::lock+0x2b
    000000ac`53ffb860 00007ff7`5cc0231f : 000002a4`cea16f90 00007ff7`ffffffff 00000000`00000003 00000000`00000000 : Qt5Cored!QThread::wait+0x14c
    000000ac`53ffb8e0 00007ff7`5ca73e5e : 000000ac`53cff7c8 00007ff7`5d9f5448 000002a4`000000ad 00007ff7`5d9f53b0 : CortexService!Cortex::API::CortexConnectionManager::stop+0x18f
    000000ac`53ffb9c0 00007ff7`5ca74a25 : 000000ac`53cff618 00007ff7`00000000 00000104`00000000 00000000`00000000 : CortexService!CortexService::stop+0xce
    000000ac`53ffba80 00007ff7`5ca8ecdc : 000000ac`53cff618 00000000`00000000 00000000`00000000 00000000`00000000 : CortexService!CortexService::signalStopService+0x15
    000000ac`53ffbab0 00007ff7`5ca8e9a7 : 00007ff7`5ca74a10 000000ac`53cff618 000002a4`cea8dd80 00000000`00000000 : CortexService!QtPrivate::FunctorCall<QtPrivate::IndexesList<>,QtPrivate::List<>,void,void (__cdecl CortexService::*)(void) __ptr64>::call+0x1c
    000000ac`53ffbaf0 00007ff7`5ca8ee4e : 00007ff7`5ca74a10 000000ac`53cff618 000002a4`cea8dd80 00000000`00000000 : CortexService!QtPrivate::FunctionPointer<void (__cdecl CortexService::*)(void) __ptr64>::call<QtPrivate::List<>,void>+0x27
    000000ac`53ffbb20 00007ffa`7e995ec8 : 00000000`00000001 000002a4`ce424b90 000000ac`53cff618 000002a4`cea8dd80 : CortexService!QtPrivate::QSlotObject<void (__cdecl CortexService::*)(void) __ptr64,QtPrivate::List<>,void>::impl+0x8e
    000000ac`53ffbb70 00007ffa`7e9dd2e6 : 000002a4`ce424b90 000000ac`53cff618 000002a4`cea8dd80 000000ac`53cff618 : Qt5Cored!QtPrivate::QSlotObjectBase::call+0x38
    000000ac`53ffbbb0 00007ffa`7e9d5c3f : 000002a4`ce47e930 000000ac`53cff618 000000ac`53cff5e8 00007ffa`00000003 : Qt5Cored!QMetaCallEvent::placeMetaCall+0x36
    000000ac`53ffbbf0 00007ffa`7e97dc0e : 000000ac`53cff618 000002a4`ce47e930 000000ac`53cff620 000000ac`53ffbec8 : Qt5Cored!QObject::event+0x12f
    000000ac`53ffbe60 00007ffa`7e97f478 : 000000ac`53cff618 000002a4`ce47e930 000002a4`00000000 00007ffa`7e57ba74 : Qt5Cored!QCoreApplicationPrivate::notify_helper+0x9e
    000000ac`53ffbea0 00007ffa`7e97b1e1 : 000000ac`53cff618 000002a4`ce47e930 ffffffff`fffffffe 000000ac`53ffbf90 : Qt5Cored!doNotify+0x78
    000000ac`53ffbf00 00007ffa`7e97cc56 : 000000ac`53cff5e8 000000ac`53cff618 000002a4`ce47e930 00007ffa`7e5aa4d3 : Qt5Cored!QCoreApplication::notify+0x31
    000000ac`53ffbf30 00007ffa`7e97a992 : 000000ac`53cff618 000002a4`ce47e930 00007ffa`7f1d0c30 00007ffa`00000000 : Qt5Cored!QCoreApplication::notifyInternal2+0x116
    000000ac`53ffbfb0 00007ffa`7e97e60d : 000000ac`53cff618 000002a4`ce47e930 00007ffa`00000000 000002a4`ce2b25b0 : Qt5Cored!QCoreApplication::sendEvent+0x42
    000000ac`53ffbfe0 00007ffa`7ea3fa8a : 00000000`00000000 00007ffa`00000000 000002a4`ce2b25b0 00007ffa`7e989312 : Qt5Cored!QCoreApplicationPrivate::sendPostedEvents+0x47d
    000000ac`53ffc0f0 00007ffa`7ea3d878 : 000002a4`ce4e0ee0 00000000`00000000 000000ac`53ffc169 000000ac`53ffc1b0 : Qt5Cored!QEventDispatcherWin32::sendPostedEvents+0x2a
    000000ac`53ffc130 00007ffa`d1396d41 : 00000000`0017002e 00000000`00000401 00000000`00000000 00000000`00000000 : Qt5Cored!qt_internal_proc+0x668
    000000ac`53ffc2b0 00007ffa`d1396713 : 000002a4`ce4829a0 00007ffa`7e4d622a 00000000`0017002e 00007ffa`00000401 : user32!UserCallWinProcCheckWow+0x2c1
    000000ac`53ffc440 00007ffa`7ea3e168 : 000000ac`53ffc538 000000ac`00000000 000000ac`53ffc538 00000000`00000000 : user32!DispatchMessageWorker+0x1c3
    000000ac`53ffc4d0 00007ffa`7e976e83 : 000002a4`ce4e0ee0 00007ffa`00000024 000002a4`ce497a84 000002a4`ce497a10 : Qt5Cored!QEventDispatcherWin32::processEvents+0x558
    000000ac`53fff660 00007ffa`7e9770be : 000000ac`53fff798 000000ac`00000024 000000ac`00000020 000000ac`53fff700 : Qt5Cored!QEventLoop::processEvents+0x63
    000000ac`53fff6a0 00007ffa`7e5a741f : 000000ac`53fff798 00000000`00000000 000002a4`ce2b25e8 00007ffa`7e572673 : Qt5Cored!QEventLoop::exec+0x18e
    000000ac`53fff750 00007ffa`7e5a7353 : 000000ac`53cffac8 000000ac`53cffac8 000002a4`ce445800 000000ac`53fff7f8 : Qt5Cored!QThread::exec+0xbf
    000000ac`53fff7c0 00007ffa`7e5abc6b : 000000ac`53cffac8 000002a4`ce48e500 00000000`00000000 00000000`00000000 : Qt5Cored!QThread::run+0x13
    000000ac`53fff7f0 00007ffa`cf844034 : 000000ac`53cffac8 00000000`00000000 00000000`00000000 00000000`00000000 : Qt5Cored!QThreadPrivate::start+0x15b
    000000ac`53fff870 00007ffa`d1c13691 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0x14
    000000ac`53fff8a0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x21
    
    
    THREAD_SHA1_HASH_MOD_FUNC:  5699dc89771ce62f48e0bcfbe264dc112cabad54
    
    THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  1838f892077d904247f98c259bb8f09a59fe89b3
    
    THREAD_SHA1_HASH_MOD:  200f99b5f5d9d4abf8a087e3194d96dace7c8b2c
    
    FAULT_INSTR_CODE:  4800b60f
    
    FAULTING_SOURCE_LINE:  c:\users\qt\work\qt\qtbase\src\corelib\thread\qmutex.cpp
    
    FAULTING_SOURCE_FILE:  c:\users\qt\work\qt\qtbase\src\corelib\thread\qmutex.cpp
    
    FAULTING_SOURCE_LINE_NUMBER:  65
    
    FAULTING_SOURCE_CODE:  
        61: #ifdef QT_LINUX_FUTEX
        62:     Q_ASSERT(d->recursive);
        63:     return true;
        64: #else
    >   65:     return d->recursive;
        66: #endif
        67: }
        68: 
        69: class QRecursiveMutexPrivate : public QMutexData
        70: {
    
    
    SYMBOL_STACK_INDEX:  0
    
    SYMBOL_NAME:  Qt5Cored!isRecursive+22
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: Qt5Cored
    
    IMAGE_NAME:  Qt5Cored.dll
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  5c0513ac
    
    STACK_COMMAND:  ~9s ; .ecxr ; kb
    
    FAILURE_BUCKET_ID:  INVALID_POINTER_READ_c0000005_Qt5Cored.dll!isRecursive
    
    BUCKET_ID:  APPLICATION_FAULT_INVALID_POINTER_READ_Qt5Cored!isRecursive+22
    
    FAILURE_EXCEPTION_CODE:  c0000005
    
    FAILURE_IMAGE_NAME:  Qt5Cored.dll
    
    BUCKET_ID_IMAGE_STR:  Qt5Cored.dll
    
    FAILURE_MODULE_NAME:  Qt5Cored
    
    BUCKET_ID_MODULE_STR:  Qt5Cored
    
    FAILURE_FUNCTION_NAME:  isRecursive
    
    BUCKET_ID_FUNCTION_STR:  isRecursive
    
    BUCKET_ID_OFFSET:  22
    
    BUCKET_ID_MODTIMEDATESTAMP:  5c0513ac
    
    BUCKET_ID_MODCHECKSUM:  0
    
    BUCKET_ID_MODVER_STR:  5.12.0.0
    
    BUCKET_ID_PREFIX_STR:  APPLICATION_FAULT_INVALID_POINTER_READ_
    
    FAILURE_PROBLEM_CLASS:  APPLICATION_FAULT
    
    FAILURE_SYMBOL_NAME:  Qt5Cored.dll!isRecursive
    
    TARGET_TIME:  2019-05-29T02:21:32.000Z
    
    OSBUILD:  17134
    
    OSSERVICEPACK:  753
    
    SERVICEPACK_NUMBER: 0
    
    OS_REVISION: 0
    
    SUITE_MASK:  256
    
    PRODUCT_TYPE:  1
    
    OSPLATFORM_TYPE:  x64
    
    OSNAME:  Windows 10
    
    OSEDITION:  Windows 10 WinNt SingleUserTS
    
    OS_LOCALE:  
    
    USER_LCID:  0
    
    OSBUILD_TIMESTAMP:  unknown_date
    
    BUILDDATESTAMP_STR:  180410-1804
    
    BUILDLAB_STR:  rs4_release
    
    BUILDOSVER_STR:  10.0.17134.1.amd64fre.rs4_release.180410-1804
    
    ANALYSIS_SESSION_ELAPSED_TIME:  ef6
    
    ANALYSIS_SOURCE:  UM
    
    FAILURE_ID_HASH_STRING:  um:invalid_pointer_read_c0000005_qt5cored.dll!isrecursive
    
    FAILURE_ID_HASH:  {f1f28c3e-fce7-9e49-1a65-1afc1afc6bbb}
    
    Followup:     MachineOwner
    ---------
    

    Can anyone have any idea why it can crash on QThead::wait? Is that a Qt issue or my mistake to use QThread?
    My application source is quite large and cannot be shared, so please understand that I cannot share source code here.
    The crash happens sometimes. Even I cannot reproduce the crash on my machine.


  • Moderators

    hi @thamht4190 and welcome

    from what I can see,

    I would say you try to access your Thread instance, when its already deleted. Since it doesn't happen each time and behaves differently on different PC.

    I would say you have a race condition on hand.



  • Thanks very much. I will continue my investigation on your diagnose.



  • ExceptionAddress: 00007ffa7e5b4372 (Qt5Cored!isRecursive+0x0000000000000022)
    ExceptionCode: c0000005 (Access violation)
    /////
    Hi,
    Is there access to unauthorized memory in a loop?



  • @A.A.SEZEN Uhm, I think @J-Hilk is right: sometimes my Thread instance has been destroyed. I have fixed by using checking null before calling it, I don't see the crash anymore.


Log in to reply