Bug 864281

Summary: [abrt] libreoffice-core- GetSwAttrSet: Process /usr/lib64/libreoffice/program/soffice.bin was killed by signal 11 (SIGSEGV)
Product: [Fedora] Fedora Reporter: nicolae <nicolae.b3>
Component: libreofficeAssignee: Caolan McNamara <caolanm>
Status: CLOSED INSUFFICIENT_DATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 17CC: caolanm, dtardon, erack, ltinkl, mstahl, sbergman
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard: abrt_hash:94ccb5b381bfad724ec6eefb4eae75d1a3686eff
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-12-19 08:26:18 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Description Flags
File: core_backtrace
File: environ
File: backtrace
File: limits
File: cgroup
File: maps
File: dso_list
File: var_log_messages
File: open_fds none

Description nicolae 2012-10-09 03:37:46 UTC
Description of problem:
do not know

Version-Release number of selected component:

Additional info:
libreport version: 2.0.14
abrt_version:   2.0.13
backtrace_rating: 4
cmdline:        /usr/lib64/libreoffice/program/soffice.bin --writer file:///home/nicolae/Documents/seral13.odt --splash-pipe=6
crash_function: GetSwAttrSet
kernel:         3.5.5-2.fc17.x86_64

truncated backtrace:
:Thread no. 1 (10 frames)
: #0 GetSwAttrSet at /usr/src/debug/libreoffice-
: #1 SwFrm::GetAttrSet at /usr/src/debug/libreoffice-
: #2 SwAccessibleFrame::IsOpaque at /usr/src/debug/libreoffice-
: #3 SwAccessibleContext::InitStates at /usr/src/debug/libreoffice-
: #4 SwAccessibleContext::SwAccessibleContext at /usr/src/debug/libreoffice-
: #5 SwAccessibleParagraph::SwAccessibleParagraph at /usr/src/debug/libreoffice-
: #6 SwAccessibleMap::GetContext at /usr/src/debug/libreoffice-
: #7 SwAccessibleMap::GetContextImpl at /usr/src/debug/libreoffice-
: #8 SwAccessibleContext::getAccessibleChild at /usr/src/debug/libreoffice-
: #9 AtkListener::updateChildList at /usr/src/debug/libreoffice-

Comment 1 nicolae 2012-10-09 03:37:53 UTC
Created attachment 623869 [details]
File: core_backtrace

Comment 2 nicolae 2012-10-09 03:37:55 UTC
Created attachment 623870 [details]
File: environ

Comment 3 nicolae 2012-10-09 03:38:02 UTC
Created attachment 623871 [details]
File: backtrace

Comment 4 nicolae 2012-10-09 03:38:06 UTC
Created attachment 623872 [details]
File: limits

Comment 5 nicolae 2012-10-09 03:38:11 UTC
Created attachment 623873 [details]
File: cgroup

Comment 6 nicolae 2012-10-09 03:38:21 UTC
Created attachment 623874 [details]
File: maps

Comment 7 nicolae 2012-10-09 03:38:25 UTC
Created attachment 623875 [details]
File: dso_list

Comment 8 nicolae 2012-10-09 03:38:28 UTC
Created attachment 623876 [details]
File: var_log_messages

Comment 9 nicolae 2012-10-09 03:38:33 UTC
Created attachment 623877 [details]
File: open_fds

Comment 10 Michael Stahl 2012-10-10 20:17:14 UTC
so evidently in Writer table cells are being merged,
with A11y support enabled.

crash in SwFrm::GetAttrSet on a paragraph likely means that the
SwFrm doesn't point to a node.(since SwTxtNode appears to always
have attrset); perhaps the SwFrm is in some unhealthy state...
but the dtor of SwTxtFrm/SwCntntFrm don't seem to clear its node.

but the weird thing is that SwAccessibleContext::getAccessibleChild
is actually called in this situation, because:

#23 0x00007f16de115cc9 in SwCellFrm::~SwCellFrm (this=0x7f16dc0703f8, __in_chrg=<optimized out>) at /usr/src/debug/libreoffice-

should have deleted all accessible objects in the cell and its children
(paragraphs) recursively:

        pRootFrm->GetCurrShell()->Imp()->DisposeAccessibleFrm( this, sal_True );

which would mean that at the time the SwTxtFrm inside the SwCellFrm
is deleted it shouldn't have an SwAccessible object to notify any more.

Comment 11 Michael Stahl 2012-10-10 20:17:41 UTC
so ... no idea what to do about this. is the problem reproducible?