Bug 1424754

Summary: Libreoffice Draw crashes with Signal 11
Product: [Fedora] Fedora Reporter: Devrim Gündüz <devrim>
Component: libreofficeAssignee: Caolan McNamara <caolanm>
Status: CLOSED WORKSFORME QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: 25CC: caolanm, devrim, dtardon, erack, kw-bugzilla, mstahl, sbergman
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-11-06 10:15:30 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
empty spreadsheet that crashes Calc none

Description Devrim Gündüz 2017-02-19 07:38:17 UTC 
Description of problem:

Almost in half of the time, LibreOffice Draw is crashing with signal 11.

Version-Release number of selected component (if applicable):

5.2.5.1-6.fc25

How reproducible:


Steps to Reproduce:
1. Run Impress
2. Work on a file
3. When I click a selected area in Draw, I get signal 11. Stack is below.

Actual results:

Fatal exception: Signal 11
Stack:
/usr/lib64/libreoffice/program/libuno_sal.so.3(+0x39250)[0x7f2f9c517250]
/usr/lib64/libreoffice/program/libuno_sal.so.3(+0x393c1)[0x7f2f9c5173c1]
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-1.b14.fc25.x86_64/jre/lib/amd64/server/libjvm.so(+0x8cfdad)[0x7f2f2b725dad]
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-1.b14.fc25.x86_64/jre/lib/amd64/server/libjvm.so(JVM_handle_linux_signal+0x1b9)[0x7f2f2b72a339]
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-1.b14.fc25.x86_64/jre/lib/amd64/server/libjvm.so(+0x8c8188)[0x7f2f2b71e188]
/lib64/libc.so.6(+0x35990)[0x7f2f9beb1990]
/usr/lib64/libreoffice/program/libsvllo.so(_ZN14SfxBroadcaster9BroadcastERK7SfxHint+0x4)[0x7f2f97df5764]
/usr/lib64/libreoffice/program/libsvxcorelo.so(+0x50bab5)[0x7f2f97840ab5]
/usr/lib64/libreoffice/program/libeditenglo.so(_ZN8Outliner27ImplBlockInsertionCallbacksEb+0xfb)[0x7f2f992fc6cb]
/usr/lib64/libreoffice/program/libsvxcorelo.so(_ZN10SdrTextObj11EndTextEditER11SdrOutliner+0x31)[0x7f2f976fd541]
/usr/lib64/libreoffice/program/libsvxcorelo.so(_ZN17SdrObjCustomShape11EndTextEditER11SdrOutliner+0x9)[0x7f2f97699989]
/usr/lib64/libreoffice/program/libsvxcorelo.so(_ZN14SdrObjEditView14SdrEndTextEditEb+0x2d7)[0x7f2f976568a7]
/usr/lib64/libreoffice/program/../program/libsdlo.so(+0x50ffb5)[0x7f2f49427fb5]
/usr/lib64/libreoffice/program/../program/libsdlo.so(+0x3519e1)[0x7f2f492699e1]
/usr/lib64/libreoffice/program/../program/libsdlo.so(+0x52dd52)[0x7f2f49445d52]
/usr/lib64/libreoffice/program/../program/libsdlo.so(+0x4d61de)[0x7f2f493ee1de]
/usr/lib64/libreoffice/program/libvcllo.so(+0x2060f3)[0x7f2f9596c0f3]
/usr/lib64/libreoffice/program/libvcllo.so(+0x207a06)[0x7f2f9596da06]
/usr/lib64/libreoffice/program/libvclplug_gtk3lo.so(+0x6f409)[0x7f2f7a437409]
/usr/lib64/libreoffice/program/libvclplug_gtk3lo.so(+0x70697)[0x7f2f7a438697]
/lib64/libgtk-3.so.0(+0x22bd7c)[0x7f2f79ce5d7c]
/lib64/libgobject-2.0.so.0(g_closure_invoke+0x145)[0x7f2f9a8ea3e5]
/lib64/libgobject-2.0.so.0(+0x21432)[0x7f2f9a8fc432]
/lib64/libgobject-2.0.so.0(g_signal_emit_valist+0x8ef)[0x7f2f9a904b8f]
/lib64/libgobject-2.0.so.0(g_signal_emit+0x8f)[0x7f2f9a90543f]
/lib64/libgtk-3.so.0(+0x37912c)[0x7f2f79e3312c]
/lib64/libgtk-3.so.0(+0x228e4e)[0x7f2f79ce2e4e]
/lib64/libgtk-3.so.0(gtk_main_do_event+0x79e)[0x7f2f79ce4ebe]
/lib64/libgdk-3.so.0(+0x355c5)[0x7f2f797fb5c5]
/lib64/libgdk-3.so.0(+0x66522)[0x7f2f7982c522]
/lib64/libglib-2.0.so.0(g_main_context_dispatch+0x162)[0x7f2f9a611e52]
/lib64/libglib-2.0.so.0(+0x4a1d0)[0x7f2f9a6121d0]
/lib64/libglib-2.0.so.0(g_main_context_iteration+0x2c)[0x7f2f9a61227c]
/usr/lib64/libreoffice/program/libvclplug_gtk3lo.so(+0x3fa53)[0x7f2f7a407a53]
/usr/lib64/libreoffice/program/libvcllo.so(_ZN11Application5YieldEv+0x51)[0x7f2f95b5ba91]
/usr/lib64/libreoffice/program/libvcllo.so(_ZN11Application7ExecuteEv+0x45)[0x7f2f95b5e015]
/usr/lib64/libreoffice/program/libsofficeapp.so(+0x2375c)[0x7f2f9c26575c]
/usr/lib64/libreoffice/program/libvcllo.so(+0x3fb8a6)[0x7f2f95b618a6]
/usr/lib64/libreoffice/program/libvcllo.so(_Z6SVMainv+0x22)[0x7f2f95b619a2]
/usr/lib64/libreoffice/program/libsofficeapp.so(soffice_main+0x8a)[0x7f2f9c28f29a]
/usr/lib64/libreoffice/program/soffice.bin(+0x7cb)[0x55c3e08c87cb]
/lib64/libc.so.6(__libc_start_main+0xf1)[0x7f2f9be9c401]
/usr/lib64/libreoffice/program/soffice.bin(+0x80a)[0x55c3e08c880a]


Expected results:

Impress should not crash.

Additional info:
Comment 1 Devrim Gündüz 2017-02-19 07:43:26 UTC 
It crashed again, with an additional message below:

(soffice:18498): GLib-GObject-WARNING **: gsignal.c:3492: signal name 'selection_changed' is invalid for instance '0x564d7f62bed0' of type 'OOoAtkObjCompTxt'


This happens when I want to change the contents of the text box -- Impress crashes as soon as I click the text box.
Comment 2 David Tardon 2017-02-20 09:25:59 UTC 
Can't reproduce this. Does it happen always, or only with a specific document? (Btw, "Work on a file" is rather generic. What sort of work? Steps?)
Comment 3 Caolan McNamara 2017-02-20 09:37:53 UTC 
I can see the a11y warnings with accessibility enabled, but no crash. I've added a fix for the warnings to 5.2.6.1-2
Comment 4 Devrim Gündüz 2017-02-20 09:43:31 UTC 
Hi David,

(In reply to David Tardon from comment #2)
> Can't reproduce this. Does it happen always, or only with a specific
> document? (Btw, "Work on a file" is rather generic. What sort of work?
> Steps?)

It happens with a specific document "type" (the invoice template for my customers), and with different docs (different invoices). I can pass it to you offlist if you want.

It happens when I want to edit a content of a text box.

Regards, Devrim
Comment 5 David Tardon 2017-02-23 09:41:17 UTC 
All right, could you send the doc to me by e-mail?
Comment 6 Devrim Gündüz 2017-02-23 09:59:12 UTC 
Sent.
Comment 7 David Tardon 2017-02-26 17:03:06 UTC 
I'm still not getting any crash. Is there any specific set of steps to reproduce this? You might also try to install (or enable) abrt and use it to report the crash. It would create a more detailed stack trace...
Comment 8 kw-bugzilla 2017-03-09 14:05:01 UTC 
Hello

I think I've hit the same bug but not in Draw but in Writer and Calc.

Steps to reproduce for Writer:
1. Run libreoffice from command line: libreoffice
2. Try to create new document from template ( menu: File->New->Templates take any template).
3. Program crashes (stack trace attached below).

Steps to reproduce for Calc:
1. Run libreoffice from command line: libreoffice
2. Try open empty spreadsheet (can attach).

Crash for me I always reproducible. I use KDE desktop.

Stack from Write crash:

Fatal exception: Signal 11
Stack:
/usr/lib64/libreoffice/program/libuno_sal.so.3(+0x39250)[0x7f017633e250]
/usr/lib64/libreoffice/program/libuno_sal.so.3(+0x393c1)[0x7f017633e3c1]
/lib64/libc.so.6(+0x35990)[0x7f0175cd8990]
/usr/lib64/libreoffice/program/libvcllo.so(_ZNK12OutputDevice12LogicToPixelERK4SizeRK7MapMode+0x68)[0x7f016f842bf8]
/usr/lib64/libreoffice/program/../program/libuuilo.so(+0x14c51)[0x7f013a0b4c51]
/usr/lib64/libreoffice/program/../program/libuuilo.so(+0x2c5e9)[0x7f013a0cc5e9]
/usr/lib64/libreoffice/program/../program/libuuilo.so(+0x1f162)[0x7f013a0bf162]
/usr/lib64/libreoffice/program/../program/libuuilo.so(+0x1f63d)[0x7f013a0bf63d]
/usr/lib64/libreoffice/program/../program/libuuilo.so(+0x33d74)[0x7f013a0d3d74]
/usr/lib64/libreoffice/program/../program/libfilterconfiglo.so(+0x3c745)[0x7f01399af745]
/usr/lib64/libreoffice/program/../program/libfilterconfiglo.so(+0x3ea4b)[0x7f01399b1a4b]
/usr/lib64/libreoffice/program/../program/libfwklo.so(+0x10b164)[0x7f014ac36164]
/usr/lib64/libreoffice/program/../program/libfwklo.so(+0x10fc0a)[0x7f014ac3ac0a]
/usr/lib64/libreoffice/program/../program/libfwklo.so(+0x10ff06)[0x7f014ac3af06]
/usr/lib64/libreoffice/program/../program/libfwklo.so(+0x12ec5b)[0x7f014ac59c5b]
/usr/lib64/libreoffice/program/libsfxlo.so(_ZN21SfxTemplateManagerDlg15OpenTemplateHdlEP17ThumbnailViewItem+0x5a7)[0x7f017221b947]
/usr/lib64/libreoffice/program/libsfxlo.so(_ZN21SfxTemplateManagerDlg10OkClickHdlEP6Button+0x9)[0x7f017221c359]
/usr/lib64/libreoffice/program/libvcllo.so(_ZN7Control32ImplCallEventListenersAndHandlerEmSt8functionIFvvEE+0x30)[0x7f016f7a9a20]
/usr/lib64/libreoffice/program/libvcllo.so(_ZN6Button5ClickEv+0x42)[0x7f016f795c32]
/usr/lib64/libreoffice/program/libvcllo.so(_ZN3vcl6Window11EndTrackingE18TrackingEventFlags+0x1bc)[0x7f016f77b23c]
/usr/lib64/libreoffice/program/libvcllo.so(+0x205ee6)[0x7f016f791ee6]
/usr/lib64/libreoffice/program/libvcllo.so(+0x207dd6)[0x7f016f793dd6]
/usr/lib64/libreoffice/program/libvclplug_gtk3lo.so(+0x6f409)[0x7f0155af8409]
/usr/lib64/libreoffice/program/libvclplug_gtk3lo.so(+0x70697)[0x7f0155af9697]
/lib64/libgtk-3.so.0(+0x22bd7c)[0x7f01553a6d7c]
/lib64/libgobject-2.0.so.0(g_closure_invoke+0x145)[0x7f01747113e5]
/lib64/libgobject-2.0.so.0(+0x21432)[0x7f0174723432]
/lib64/libgobject-2.0.so.0(g_signal_emit_valist+0x8ef)[0x7f017472bb8f]
/lib64/libgobject-2.0.so.0(g_signal_emit+0x8f)[0x7f017472c43f]
/lib64/libgtk-3.so.0(+0x37912c)[0x7f01554f412c]
/lib64/libgtk-3.so.0(+0x228e4e)[0x7f01553a3e4e]
/lib64/libgtk-3.so.0(gtk_main_do_event+0x79e)[0x7f01553a5ebe]
/lib64/libgdk-3.so.0(+0x355c5)[0x7f0154ebc5c5]
/lib64/libgdk-3.so.0(+0x66522)[0x7f0154eed522]
/lib64/libglib-2.0.so.0(g_main_context_dispatch+0x162)[0x7f0174438e52]
/lib64/libglib-2.0.so.0(+0x4a1d0)[0x7f01744391d0]
/lib64/libglib-2.0.so.0(g_main_context_iteration+0x2c)[0x7f017443927c]
/usr/lib64/libreoffice/program/libvclplug_gtk3lo.so(+0x3fa53)[0x7f0155ac8a53]
/usr/lib64/libreoffice/program/libvcllo.so(_ZN11Application5YieldEv+0x51)[0x7f016f9826c1]
/usr/lib64/libreoffice/program/libvcllo.so(_ZN6Dialog7ExecuteEv+0xb5)[0x7f016f7017e5]
/usr/lib64/libreoffice/program/libsfxlo.so(+0x12d737)[0x7f0171fc4737]
/usr/lib64/libreoffice/program/libsfxlo.so(+0x1c030c)[0x7f017205730c]
/usr/lib64/libreoffice/program/libsfxlo.so(+0x1c4bb6)[0x7f017205bbb6]
/usr/lib64/libreoffice/program/libsfxlo.so(+0x3a4933)[0x7f017223b933]
/usr/lib64/libreoffice/program/libvcllo.so(+0x20735f)[0x7f016f79335f]
/usr/lib64/libreoffice/program/libvcllo.so(_ZN17SalGenericDisplay21DispatchInternalEventEv+0x6c)[0x7f016fa1f9cc]
/usr/lib64/libreoffice/program/libvclplug_gtk3lo.so(+0x4045d)[0x7f0155ac945d]
/usr/lib64/libreoffice/program/libvclplug_gtk3lo.so(+0x404d1)[0x7f0155ac94d1]
/lib64/libglib-2.0.so.0(+0x468e7)[0x7f01744358e7]
/lib64/libglib-2.0.so.0(g_main_context_dispatch+0x162)[0x7f0174438e52]
/lib64/libglib-2.0.so.0(+0x4a1d0)[0x7f01744391d0]
/lib64/libglib-2.0.so.0(g_main_context_iteration+0x2c)[0x7f017443927c]
/usr/lib64/libreoffice/program/libvclplug_gtk3lo.so(+0x3fa53)[0x7f0155ac8a53]
/usr/lib64/libreoffice/program/libvcllo.so(_ZN11Application5YieldEv+0x51)[0x7f016f9826c1]
/usr/lib64/libreoffice/program/libvcllo.so(_ZN11Application7ExecuteEv+0x45)[0x7f016f984c45]
/usr/lib64/libreoffice/program/libsofficeapp.so(+0x2375c)[0x7f017608c75c]
/usr/lib64/libreoffice/program/libvcllo.so(+0x3fc4d6)[0x7f016f9884d6]
/usr/lib64/libreoffice/program/libvcllo.so(_Z6SVMainv+0x22)[0x7f016f9885d2]
/usr/lib64/libreoffice/program/libsofficeapp.so(soffice_main+0x8a)[0x7f01760b629a]
/usr/lib64/libreoffice/program/soffice.bin(+0x7cb)[0x55b87f12f7cb]
/lib64/libc.so.6(__libc_start_main+0xf1)[0x7f0175cc3401]
/usr/lib64/libreoffice/program/soffice.bin(+0x80a)[0x55b87f12f80a]

Stack from Calc crash:

(soffice:1671): Gtk-CRITICAL **: gtk_container_foreach: assertion 'GTK_IS_CONTAINER (container)' failed


Fatal exception: Signal 11
Stack:
/usr/lib64/libreoffice/program/libuno_sal.so.3(+0x39250)[0x7f8dc11a3250]
/usr/lib64/libreoffice/program/libuno_sal.so.3(+0x393c1)[0x7f8dc11a33c1]
/lib64/libc.so.6(+0x35990)[0x7f8dc0b3d990]
/usr/lib64/libreoffice/program/libvcllo.so(_ZNK12OutputDevice12LogicToPixelERK4SizeRK7MapMode+0x68)[0x7f8dba6a7bf8]
/usr/lib64/libreoffice/program/../program/libuuilo.so(+0x14c51)[0x7f8d88f2cc51]
/usr/lib64/libreoffice/program/../program/libuuilo.so(+0x2c5e9)[0x7f8d88f445e9]
/usr/lib64/libreoffice/program/../program/libuuilo.so(+0x1f162)[0x7f8d88f37162]
/usr/lib64/libreoffice/program/../program/libuuilo.so(+0x1f63d)[0x7f8d88f3763d]
/usr/lib64/libreoffice/program/../program/libuuilo.so(+0x33d74)[0x7f8d88f4bd74]
/usr/lib64/libreoffice/program/libfwelo.so(_ZN9framework27PreventDuplicateInteraction6handleERKN3com3sun4star3uno9ReferenceINS3_4task19XInteractionRequestEEE+0xf5)[0x7f8db6ae1e75]
/usr/lib64/libreoffice/program/../program/libfilterconfiglo.so(+0x3c745)[0x7f8d88827745]
/usr/lib64/libreoffice/program/../program/libfilterconfiglo.so(+0x3ea4b)[0x7f8d88829a4b]
/usr/lib64/libreoffice/program/../program/libfwklo.so(+0x10b164)[0x7f8d99abb164]
/usr/lib64/libreoffice/program/../program/libfwklo.so(+0x10fc0a)[0x7f8d99abfc0a]
/usr/lib64/libreoffice/program/../program/libfwklo.so(+0xa0d4b)[0x7f8d99a50d4b]
/usr/lib64/libreoffice/program/../program/libfwklo.so(+0xa1b58)[0x7f8d99a51b58]
/usr/lib64/libreoffice/program/libcomphelper.so(_ZN10comphelper19SynchronousDispatch8dispatchERKN3com3sun4star3uno9ReferenceINS4_10XInterfaceEEERKN3rtl8OUStringESD_iRKNS4_8SequenceINS3_5beans13PropertyValueEEE+0x3d0)[0x7f8dbea82dd0]
/usr/lib64/libreoffice/program/libsfxlo.so(+0x131112)[0x7f8dbce2d112]
/usr/lib64/libreoffice/program/libsfxlo.so(+0x1c030c)[0x7f8dbcebc30c]
/usr/lib64/libreoffice/program/libsfxlo.so(_ZN13SfxDispatcher7ExecuteEt11SfxCallModeRK10SfxItemSet+0xf7)[0x7f8dbcec35c7]
/usr/lib64/libreoffice/program/libsfxlo.so(+0x133709)[0x7f8dbce2f709]
/usr/lib64/libreoffice/program/libsfxlo.so(+0x1c030c)[0x7f8dbcebc30c]
/usr/lib64/libreoffice/program/libsfxlo.so(+0x1c4bb6)[0x7f8dbcec0bb6]
/usr/lib64/libreoffice/program/libsfxlo.so(+0x3a4933)[0x7f8dbd0a0933]
/usr/lib64/libreoffice/program/libvcllo.so(+0x20735f)[0x7f8dba5f835f]
/usr/lib64/libreoffice/program/libvcllo.so(_ZN17SalGenericDisplay21DispatchInternalEventEv+0x6c)[0x7f8dba8849cc]
/usr/lib64/libreoffice/program/libvclplug_gtk3lo.so(+0x4045d)[0x7f8da092e45d]
/usr/lib64/libreoffice/program/libvclplug_gtk3lo.so(+0x404d1)[0x7f8da092e4d1]
/lib64/libglib-2.0.so.0(+0x468e7)[0x7f8dbf29a8e7]
/lib64/libglib-2.0.so.0(g_main_context_dispatch+0x162)[0x7f8dbf29de52]
/lib64/libglib-2.0.so.0(+0x4a1d0)[0x7f8dbf29e1d0]
/lib64/libglib-2.0.so.0(g_main_context_iteration+0x2c)[0x7f8dbf29e27c]
/usr/lib64/libreoffice/program/libvclplug_gtk3lo.so(+0x3fa53)[0x7f8da092da53]
/usr/lib64/libreoffice/program/libvcllo.so(_ZN11Application5YieldEv+0x51)[0x7f8dba7e76c1]
/usr/lib64/libreoffice/program/libvcllo.so(_ZN11Application7ExecuteEv+0x45)[0x7f8dba7e9c45]
/usr/lib64/libreoffice/program/libsofficeapp.so(+0x2375c)[0x7f8dc0ef175c]
/usr/lib64/libreoffice/program/libvcllo.so(+0x3fc4d6)[0x7f8dba7ed4d6]
/usr/lib64/libreoffice/program/libvcllo.so(_Z6SVMainv+0x22)[0x7f8dba7ed5d2]
/usr/lib64/libreoffice/program/libsofficeapp.so(soffice_main+0x8a)[0x7f8dc0f1b29a]
/usr/lib64/libreoffice/program/soffice.bin(+0x7cb)[0x558d548467cb]
/lib64/libc.so.6(__libc_start_main+0xf1)[0x7f8dc0b28401]
/usr/lib64/libreoffice/program/soffice.bin(+0x80a)[0x558d5484680a]
Comment 9 kw-bugzilla 2017-03-09 14:06:40 UTC 
Created attachment 1261581 [details]
empty spreadsheet that crashes Calc
Comment 10 Caolan McNamara 2017-03-09 14:58:00 UTC 
I don't think that comment #8 is the same as comment #1. Both of comment #8 have _ZNK12OutputDevice12LogicToPixelERK4SizeRK7MapMode, i.e. OutputDevice::LogicToPixel(Size const&, MapMode const&) in them, while those of comment #1 don't. Can you file a new bug for your problem (which looks suspicious in the sense that just starting calc is a pretty basic thing to do)
Comment 11 kw-bugzilla 2017-03-10 08:34:46 UTC 
I filled bug report (1431023).
Thank you for your help.