Control: reassign -1 libqt5widgets5
Control: affects -1 virtualbox-qt
Hello,
Samuel Thibault, on Sun 27 Nov 2016 18:29:07 +0100, wrote:
> > On a Debian testing with upstream repo's package:
> >
> > 1. Install qt-at-spi
> > 2. Enable accessibility in the Desktop.
> > 3. Run VirtualBox.
> > 4. Arrow keys, opening dialogs, crash the graphical interface.
> > 5. Run without Orca running.
> > 6. Arrow keys work. Run again screen reader, it crashes as soon as you
> > press an arrow key..
>
> More precisely, I had to enter File->Preferences a couple of times to
> get the segfault.
Here is the corresponding backtrace. This is running version
5.7.1~20161021-dfsg-6 of qtbase.
The segfault is on the callq assembly instruction:
0x00007f8317db0bf1 <+65>: callq *0x18(%r8)
(gdb) p/x ($r8+0x18)
0x20002c003e0085
(gdb) p/x *(unsigned long*)($r8+0x18)
Cannot access memory at address 0x20002c003e0085
(gdb) p index
<optimized out>
(gdb) p role
11
(gdb) up
(gdb) p/x m_index
{r = 0xd, c = 0, i = 0x556f56c43340, m = 0x556f56c2c770}
(gdb) p/x *((QTreeWidgetItem*) (m_index->i))
{_vptr.QTreeWidgetItem = 0x20002c003e006d, rtti = 0x61004d, values = {d =
0x20006f006c0065}, view = 0x6c0065006f0043,
d = 0x3c0020006f0068, par = 0x6300720061006d, children =
{<QListSpecialMethods<QTreeWidgetItem*>> = {<No data fields>}, {
p = {static shared_null = {ref = {atomic = {_q_value =
{<std::__atomic_base<int>> = {static _S_alignment = 0x4,
_M_i = 0xffffffff}, <No data fields>}}}, alloc = 0x0, begin =
0x0, end = 0x0, array = {0x0}},
d = 0x63006f006c0065}, d = 0x63006f006c0065}}, itemFlags = {i =
0x65006f}}
that looks a very bogus object to me indeed. From the backtrace, it
looks like it was obtained in AtSpiAdaptor::handleMessage by calling
AtSpiAdaptor::interfaceFromPath, i.e. using
QAccessible::accessibleInterface, i.e. using
QAccessibleCache::interfaceForId, i.e. using the
QAccessibleCache::idToInterface hashtable.
It should be noted that virtualbox uses threads. It could be that there
is a race in qaccessiblecache.cpp between a thread that is trying to
remove a widget, and a thread which is trying to access it as requested
by the screen reader. Is that handled somehow in the accessibility layer
of Qt5?
Samuel
(gdb) bt
#0 0x00007f8317db0bf1 in QTreeModel::data (this=<optimized out>, index=...,
role=11) at itemviews/qtreewidget.cpp:371
#1 0x00007f8317d2e235 in QAccessibleTableCell::text (this=0x556f56c6e370,
t=<optimized out>)
at accessible/itemviews.cpp:1078
#2 0x00007f8314b05bcb in AtSpiAdaptor::accessibleInterface
(this=this@entry=0x556f56913c50, interface=interface@entry=
0x556f56c6e370, function=..., message=..., connection=...) at
linuxaccessibility/atspiadaptor.cpp:1414
#3 0x00007f8314b06919 in AtSpiAdaptor::accessibleInterface
(this=0x556f56913c50, interface=0x556f56c6e370, function=...,
message=..., connection=...) at linuxaccessibility/atspiadaptor.cpp:1368
#4 0x00007f8314b0ad2c in AtSpiAdaptor::handleMessage (this=0x556f56913c50,
message=..., connection=...)
at linuxaccessibility/atspiadaptor.cpp:1282
#5 0x00007f831c07be88 in QDBusConnectionPrivate::activateObject
(this=0x7f82f800fc20, node=..., msg=..., pathStartPos=27)
at qdbusintegrator.cpp:1449
#6 0x00007f831c07e8ee in QDBusActivateObjectEvent::placeMetaCall
(this=0x7f82f80139c0) at qdbusintegrator.cpp:1608
#7 0x00007f831cba1b39 in QObject::event (this=0x556f56913c50, e=<optimized
out>) at kernel/qobject.cpp:1263
#8 0x00007f8317af6b2c in QApplicationPrivate::notify_helper (this=<optimized
out>, receiver=0x556f56913c50,
e=0x7f82f80139c0) at kernel/qapplication.cpp:3799
#9 0x00007f8317afe2e1 in QApplication::notify (this=0x7ffedd52b320,
receiver=0x556f56913c50, e=0x7f82f80139c0)
at kernel/qapplication.cpp:3556
#10 0x00007f831cb75090 in QCoreApplication::notifyInternal2
(receiver=0x556f56913c50, event=event@entry=0x7f82f80139c0)
at kernel/qcoreapplication.cpp:988
#11 0x00007f831cb7781d in QCoreApplication::sendEvent (event=0x7f82f80139c0,
receiver=<optimized out>)
at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:231
#12 QCoreApplicationPrivate::sendPostedEvents (receiver=receiver@entry=0x0,
event_type=event_type@entry=0,
data=0x556f564f0640) at kernel/qcoreapplication.cpp:1649
#13 0x00007f831cb77c88 in QCoreApplication::sendPostedEvents
(receiver=receiver@entry=0x0, event_type=event_type@entry=0)
at kernel/qcoreapplication.cpp:1503
#14 0x00007f831cbc92d3 in postEventSourceDispatch (s=0x556f565b1ef0) at
kernel/qeventdispatcher_glib.cpp:276
#15 0x00007f83157bc7f7 in g_main_context_dispatch () from
/lib/x86_64-linux-gnu/libglib-2.0.so.0
#16 0x00007f83157bca60 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#17 0x00007f83157bcb0c in g_main_context_iteration () from
/lib/x86_64-linux-gnu/libglib-2.0.so.0
#18 0x00007f831cbc96df in QEventDispatcherGlib::processEvents
(this=0x556f565b1e20, flags=...)
at kernel/qeventdispatcher_glib.cpp:423
#19 0x00007f831cb7307a in QEventLoop::exec (this=this@entry=0x7ffedd52a6e0,
flags=..., flags@entry=...)
at kernel/qeventloop.cpp:212
#20 0x00007f831e0102c7 in QIMainDialog::exec (this=this@entry=0x7ffedd52a750,
fApplicationModal=fApplicationModal@entry=true)
at
/build/virtualbox-suc2Rj/virtualbox-5.1.8-dfsg/src/VBox/Frontends/VirtualBox/src/extensions/QIMainDialog.cpp:86
#21 0x00007f831e14e14b in UISettingsDialog::execute
(this=this@entry=0x7ffedd52a750)
at
/build/virtualbox-suc2Rj/virtualbox-5.1.8-dfsg/src/VBox/Frontends/VirtualBox/src/settings/UISettingsDialog.cpp:171
#22 0x00007f831e108b76 in UISelectorWindow::sltOpenPreferencesDialog
(this=0x556f56915fe0)
at
/build/virtualbox-suc2Rj/virtualbox-5.1.8-dfsg/src/VBox/Frontends/VirtualBox/src/selector/UISelectorWindow.cpp:483
#23 0x00007f831e34dcd5 in UISelectorWindow::qt_static_metacall
(_o=0x556f56915fe0, _c=<optimized out>, _id=<optimized out>,
_a=<optimized out>) at
/build/virtualbox-suc2Rj/virtualbox-5.1.8-dfsg/out/obj/VirtualBox/qtmoc/UISelectorWindow.cpp:246
#24 0x00007f831cba0c89 in QMetaObject::activate
(sender=sender@entry=0x556f569d8c00, signalOffset=<optimized out>,
local_signal_index=local_signal_index@entry=1,
argv=argv@entry=0x7ffedd52a9f0) at kernel/qobject.cpp:3740
#25 0x00007f831cba15a7 in QMetaObject::activate
(sender=sender@entry=0x556f569d8c00,
m=m@entry=0x7f8317fcff60 <QAction::staticMetaObject>,
local_signal_index=local_signal_index@entry=1,
argv=argv@entry=0x7ffedd52a9f0) at kernel/qobject.cpp:3602
#26 0x00007f8317af0162 in QAction::triggered (this=this@entry=0x556f569d8c00,
_t1=<optimized out>)
at .moc/moc_qaction.cpp:369
#27 0x00007f8317af2b50 in QAction::activate (this=0x556f569d8c00,
event=<optimized out>) at kernel/qaction.cpp:1170
#28 0x00007f8317c61eaa in QMenuPrivate::activateCausedStack
(this=this@entry=0x556f56983480, causedStack=...,
action=action@entry=0x556f569d8c00,
action_e=action_e@entry=QAction::Trigger, self=self@entry=true)
at widgets/qmenu.cpp:1140
#29 0x00007f8317c6950c in QMenuPrivate::activateAction (this=0x556f56983480,
action=0x556f569d8c00,
action_e=QAction::Trigger, self=<optimized out>) at widgets/qmenu.cpp:1217
#30 0x00007f8317c6bfd3 in QMenu::keyPressEvent (this=<optimized out>,
e=<optimized out>) at widgets/qmenu.cpp:3145
#31 0x00007f8317b3e8d7 in QWidget::event (this=this@entry=0x556f56917320,
event=event@entry=0x556f56b7f0f0)
at kernel/qwidget.cpp:8815
#32 0x00007f8317c6c833 in QMenu::event (this=this@entry=0x556f56917320,
e=e@entry=0x556f56b7f0f0) at widgets/qmenu.cpp:2799
#33 0x00007f831e02df60 in UIMenu::event (this=0x556f56917320,
pEvent=0x556f56b7f0f0)
at
/build/virtualbox-suc2Rj/virtualbox-5.1.8-dfsg/src/VBox/Frontends/VirtualBox/src/globals/UIActionPool.cpp:96
#34 0x00007f8317af6b2c in QApplicationPrivate::notify_helper (this=<optimized
out>, receiver=0x556f56917320,
e=0x556f56b7f0f0) at kernel/qapplication.cpp:3799
#35 0x00007f8317affcb6 in QApplication::notify (this=<optimized out>,
receiver=0x556f56917320, e=0x556f56b7f0f0)
at kernel/qapplication.cpp:3181
#36 0x00007f831cb75090 in QCoreApplication::notifyInternal2
(receiver=0x556f56917320, event=event@entry=0x556f56b7f0f0)
at kernel/qcoreapplication.cpp:988
#37 0x00007f831cb7781d in QCoreApplication::sendEvent (event=0x556f56b7f0f0,
receiver=<optimized out>)
at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:231
#38 QCoreApplicationPrivate::sendPostedEvents (receiver=receiver@entry=0x0,
event_type=event_type@entry=0,
data=0x556f564f0640) at kernel/qcoreapplication.cpp:1649
#39 0x00007f831cb77c88 in QCoreApplication::sendPostedEvents
(receiver=receiver@entry=0x0, event_type=event_type@entry=0)
at kernel/qcoreapplication.cpp:1503
#40 0x00007f831cbc92d3 in postEventSourceDispatch (s=0x556f565b1ef0) at
kernel/qeventdispatcher_glib.cpp:276
#41 0x00007f83157bc7f7 in g_main_context_dispatch () from
/lib/x86_64-linux-gnu/libglib-2.0.so.0
#42 0x00007f83157bca60 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#43 0x00007f83157bcb0c in g_main_context_iteration () from
/lib/x86_64-linux-gnu/libglib-2.0.so.0
#44 0x00007f831cbc96df in QEventDispatcherGlib::processEvents
(this=0x556f565b1e20, flags=...)
at kernel/qeventdispatcher_glib.cpp:423
#45 0x00007f831cb7307a in QEventLoop::exec (this=this@entry=0x7ffedd52b200,
flags=..., flags@entry=...)
at kernel/qeventloop.cpp:212
#46 0x00007f831cb7b7ec in QCoreApplication::exec () at
kernel/qcoreapplication.cpp:1261
#47 0x00007f831c4a12dc in QGuiApplication::exec () at
kernel/qguiapplication.cpp:1633
#48 0x00007f8317af6a85 in QApplication::exec () at kernel/qapplication.cpp:2975
#49 0x00007f831dfdbddb in TrustedMain (argc=<optimized out>, argv=<optimized
out>)
at
/build/virtualbox-suc2Rj/virtualbox-5.1.8-dfsg/src/VBox/Frontends/VirtualBox/src/main.cpp:547
#50 0x00007f83274c42b1 in __libc_start_main (main=0x556f55aee520 <main(int,
char**, char**)>, argc=1, argv=0x7ffedd52b468,
init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>,
stack_end=0x7ffedd52b458)
at ../csu/libc-start.c:291
#51 0x0000556f55aee68a in _start ()
