1424754 – Libreoffice Draw crashes with Signal 11

Bug 1424754 - Libreoffice Draw crashes with Signal 11

Summary: Libreoffice Draw crashes with Signal 11

Keywords:
Status:	CLOSED WORKSFORME
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	libreoffice
Sub Component:
Version:	25
Hardware:	x86_64
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Caolan McNamara
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2017-02-19 07:38 UTC by Devrim Gündüz
Modified:	2018-03-07 15:07 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2017-11-06 10:15:30 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
empty spreadsheet that crashes Calc (3.65 KB, application/vnd.oasis.opendocument.spreadsheet) 2017-03-09 14:06 UTC, kw-bugzilla	no flags	Details
View All

Description Devrim Gündüz 2017-02-19 07:38:17 UTC

Description of problem:

Almost in half of the time, LibreOffice Draw is crashing with signal 11.

Version-Release number of selected component (if applicable):

5.2.5.1-6.fc25

How reproducible:


Steps to Reproduce:
1. Run Impress
2. Work on a file
3. When I click a selected area in Draw, I get signal 11. Stack is below.

Actual results:

Fatal exception: Signal 11
Stack:
/usr/lib64/libreoffice/program/libuno_sal.so.3(+0x39250)[0x7f2f9c517250]
/usr/lib64/libreoffice/program/libuno_sal.so.3(+0x393c1)[0x7f2f9c5173c1]
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-1.b14.fc25.x86_64/jre/lib/amd64/server/libjvm.so(+0x8cfdad)[0x7f2f2b725dad]
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-1.b14.fc25.x86_64/jre/lib/amd64/server/libjvm.so(JVM_handle_linux_signal+0x1b9)[0x7f2f2b72a339]
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-1.b14.fc25.x86_64/jre/lib/amd64/server/libjvm.so(+0x8c8188)[0x7f2f2b71e188]
/lib64/libc.so.6(+0x35990)[0x7f2f9beb1990]
/usr/lib64/libreoffice/program/libsvllo.so(_ZN14SfxBroadcaster9BroadcastERK7SfxHint+0x4)[0x7f2f97df5764]
/usr/lib64/libreoffice/program/libsvxcorelo.so(+0x50bab5)[0x7f2f97840ab5]
/usr/lib64/libreoffice/program/libeditenglo.so(_ZN8Outliner27ImplBlockInsertionCallbacksEb+0xfb)[0x7f2f992fc6cb]
/usr/lib64/libreoffice/program/libsvxcorelo.so(_ZN10SdrTextObj11EndTextEditER11SdrOutliner+0x31)[0x7f2f976fd541]
/usr/lib64/libreoffice/program/libsvxcorelo.so(_ZN17SdrObjCustomShape11EndTextEditER11SdrOutliner+0x9)[0x7f2f97699989]
/usr/lib64/libreoffice/program/libsvxcorelo.so(_ZN14SdrObjEditView14SdrEndTextEditEb+0x2d7)[0x7f2f976568a7]
/usr/lib64/libreoffice/program/../program/libsdlo.so(+0x50ffb5)[0x7f2f49427fb5]
/usr/lib64/libreoffice/program/../program/libsdlo.so(+0x3519e1)[0x7f2f492699e1]
/usr/lib64/libreoffice/program/../program/libsdlo.so(+0x52dd52)[0x7f2f49445d52]
/usr/lib64/libreoffice/program/../program/libsdlo.so(+0x4d61de)[0x7f2f493ee1de]
/usr/lib64/libreoffice/program/libvcllo.so(+0x2060f3)[0x7f2f9596c0f3]
/usr/lib64/libreoffice/program/libvcllo.so(+0x207a06)[0x7f2f9596da06]
/usr/lib64/libreoffice/program/libvclplug_gtk3lo.so(+0x6f409)[0x7f2f7a437409]
/usr/lib64/libreoffice/program/libvclplug_gtk3lo.so(+0x70697)[0x7f2f7a438697]
/lib64/libgtk-3.so.0(+0x22bd7c)[0x7f2f79ce5d7c]
/lib64/libgobject-2.0.so.0(g_closure_invoke+0x145)[0x7f2f9a8ea3e5]
/lib64/libgobject-2.0.so.0(+0x21432)[0x7f2f9a8fc432]
/lib64/libgobject-2.0.so.0(g_signal_emit_valist+0x8ef)[0x7f2f9a904b8f]
/lib64/libgobject-2.0.so.0(g_signal_emit+0x8f)[0x7f2f9a90543f]
/lib64/libgtk-3.so.0(+0x37912c)[0x7f2f79e3312c]
/lib64/libgtk-3.so.0(+0x228e4e)[0x7f2f79ce2e4e]
/lib64/libgtk-3.so.0(gtk_main_do_event+0x79e)[0x7f2f79ce4ebe]
/lib64/libgdk-3.so.0(+0x355c5)[0x7f2f797fb5c5]
/lib64/libgdk-3.so.0(+0x66522)[0x7f2f7982c522]
/lib64/libglib-2.0.so.0(g_main_context_dispatch+0x162)[0x7f2f9a611e52]
/lib64/libglib-2.0.so.0(+0x4a1d0)[0x7f2f9a6121d0]
/lib64/libglib-2.0.so.0(g_main_context_iteration+0x2c)[0x7f2f9a61227c]
/usr/lib64/libreoffice/program/libvclplug_gtk3lo.so(+0x3fa53)[0x7f2f7a407a53]
/usr/lib64/libreoffice/program/libvcllo.so(_ZN11Application5YieldEv+0x51)[0x7f2f95b5ba91]
/usr/lib64/libreoffice/program/libvcllo.so(_ZN11Application7ExecuteEv+0x45)[0x7f2f95b5e015]
/usr/lib64/libreoffice/program/libsofficeapp.so(+0x2375c)[0x7f2f9c26575c]
/usr/lib64/libreoffice/program/libvcllo.so(+0x3fb8a6)[0x7f2f95b618a6]
/usr/lib64/libreoffice/program/libvcllo.so(_Z6SVMainv+0x22)[0x7f2f95b619a2]
/usr/lib64/libreoffice/program/libsofficeapp.so(soffice_main+0x8a)[0x7f2f9c28f29a]
/usr/lib64/libreoffice/program/soffice.bin(+0x7cb)[0x55c3e08c87cb]
/lib64/libc.so.6(__libc_start_main+0xf1)[0x7f2f9be9c401]
/usr/lib64/libreoffice/program/soffice.bin(+0x80a)[0x55c3e08c880a]


Expected results:

Impress should not crash.

Additional info:

Comment 1 Devrim Gündüz 2017-02-19 07:43:26 UTC

It crashed again, with an additional message below:

(soffice:18498): GLib-GObject-WARNING **: gsignal.c:3492: signal name 'selection_changed' is invalid for instance '0x564d7f62bed0' of type 'OOoAtkObjCompTxt'


This happens when I want to change the contents of the text box -- Impress crashes as soon as I click the text box.

Comment 2 David Tardon 2017-02-20 09:25:59 UTC

Can't reproduce this. Does it happen always, or only with a specific document? (Btw, "Work on a file" is rather generic. What sort of work? Steps?)

Comment 3 Caolan McNamara 2017-02-20 09:37:53 UTC

I can see the a11y warnings with accessibility enabled, but no crash. I've added a fix for the warnings to 5.2.6.1-2

Comment 4 Devrim Gündüz 2017-02-20 09:43:31 UTC

Hi David,

(In reply to David Tardon from comment #2)
> Can't reproduce this. Does it happen always, or only with a specific
> document? (Btw, "Work on a file" is rather generic. What sort of work?
> Steps?)

It happens with a specific document "type" (the invoice template for my customers), and with different docs (different invoices). I can pass it to you offlist if you want.

It happens when I want to edit a content of a text box.

Regards, Devrim

Comment 5 David Tardon 2017-02-23 09:41:17 UTC

All right, could you send the doc to me by e-mail?

Comment 6 Devrim Gündüz 2017-02-23 09:59:12 UTC

Sent.

Comment 7 David Tardon 2017-02-26 17:03:06 UTC

I'm still not getting any crash. Is there any specific set of steps to reproduce this? You might also try to install (or enable) abrt and use it to report the crash. It would create a more detailed stack trace...

Comment 8 kw-bugzilla 2017-03-09 14:05:01 UTC

Hello

I think I've hit the same bug but not in Draw but in Writer and Calc.

Steps to reproduce for Writer:
1. Run libreoffice from command line: libreoffice
2. Try to create new document from template ( menu: File->New->Templates take any template).
3. Program crashes (stack trace attached below).

Steps to reproduce for Calc:
1. Run libreoffice from command line: libreoffice
2. Try open empty spreadsheet (can attach).

Crash for me I always reproducible. I use KDE desktop.

Stack from Write crash:

Fatal exception: Signal 11
Stack:
/usr/lib64/libreoffice/program/libuno_sal.so.3(+0x39250)[0x7f017633e250]
/usr/lib64/libreoffice/program/libuno_sal.so.3(+0x393c1)[0x7f017633e3c1]
/lib64/libc.so.6(+0x35990)[0x7f0175cd8990]
/usr/lib64/libreoffice/program/libvcllo.so(_ZNK12OutputDevice12LogicToPixelERK4SizeRK7MapMode+0x68)[0x7f016f842bf8]
/usr/lib64/libreoffice/program/../program/libuuilo.so(+0x14c51)[0x7f013a0b4c51]
/usr/lib64/libreoffice/program/../program/libuuilo.so(+0x2c5e9)[0x7f013a0cc5e9]
/usr/lib64/libreoffice/program/../program/libuuilo.so(+0x1f162)[0x7f013a0bf162]
/usr/lib64/libreoffice/program/../program/libuuilo.so(+0x1f63d)[0x7f013a0bf63d]
/usr/lib64/libreoffice/program/../program/libuuilo.so(+0x33d74)[0x7f013a0d3d74]
/usr/lib64/libreoffice/program/../program/libfilterconfiglo.so(+0x3c745)[0x7f01399af745]
/usr/lib64/libreoffice/program/../program/libfilterconfiglo.so(+0x3ea4b)[0x7f01399b1a4b]
/usr/lib64/libreoffice/program/../program/libfwklo.so(+0x10b164)[0x7f014ac36164]
/usr/lib64/libreoffice/program/../program/libfwklo.so(+0x10fc0a)[0x7f014ac3ac0a]
/usr/lib64/libreoffice/program/../program/libfwklo.so(+0x10ff06)[0x7f014ac3af06]
/usr/lib64/libreoffice/program/../program/libfwklo.so(+0x12ec5b)[0x7f014ac59c5b]
/usr/lib64/libreoffice/program/libsfxlo.so(_ZN21SfxTemplateManagerDlg15OpenTemplateHdlEP17ThumbnailViewItem+0x5a7)[0x7f017221b947]
/usr/lib64/libreoffice/program/libsfxlo.so(_ZN21SfxTemplateManagerDlg10OkClickHdlEP6Button+0x9)[0x7f017221c359]
/usr/lib64/libreoffice/program/libvcllo.so(_ZN7Control32ImplCallEventListenersAndHandlerEmSt8functionIFvvEE+0x30)[0x7f016f7a9a20]
/usr/lib64/libreoffice/program/libvcllo.so(_ZN6Button5ClickEv+0x42)[0x7f016f795c32]
/usr/lib64/libreoffice/program/libvcllo.so(_ZN3vcl6Window11EndTrackingE18TrackingEventFlags+0x1bc)[0x7f016f77b23c]
/usr/lib64/libreoffice/program/libvcllo.so(+0x205ee6)[0x7f016f791ee6]
/usr/lib64/libreoffice/program/libvcllo.so(+0x207dd6)[0x7f016f793dd6]
/usr/lib64/libreoffice/program/libvclplug_gtk3lo.so(+0x6f409)[0x7f0155af8409]
/usr/lib64/libreoffice/program/libvclplug_gtk3lo.so(+0x70697)[0x7f0155af9697]
/lib64/libgtk-3.so.0(+0x22bd7c)[0x7f01553a6d7c]
/lib64/libgobject-2.0.so.0(g_closure_invoke+0x145)[0x7f01747113e5]
/lib64/libgobject-2.0.so.0(+0x21432)[0x7f0174723432]
/lib64/libgobject-2.0.so.0(g_signal_emit_valist+0x8ef)[0x7f017472bb8f]
/lib64/libgobject-2.0.so.0(g_signal_emit+0x8f)[0x7f017472c43f]
/lib64/libgtk-3.so.0(+0x37912c)[0x7f01554f412c]
/lib64/libgtk-3.so.0(+0x228e4e)[0x7f01553a3e4e]
/lib64/libgtk-3.so.0(gtk_main_do_event+0x79e)[0x7f01553a5ebe]
/lib64/libgdk-3.so.0(+0x355c5)[0x7f0154ebc5c5]
/lib64/libgdk-3.so.0(+0x66522)[0x7f0154eed522]
/lib64/libglib-2.0.so.0(g_main_context_dispatch+0x162)[0x7f0174438e52]
/lib64/libglib-2.0.so.0(+0x4a1d0)[0x7f01744391d0]
/lib64/libglib-2.0.so.0(g_main_context_iteration+0x2c)[0x7f017443927c]
/usr/lib64/libreoffice/program/libvclplug_gtk3lo.so(+0x3fa53)[0x7f0155ac8a53]
/usr/lib64/libreoffice/program/libvcllo.so(_ZN11Application5YieldEv+0x51)[0x7f016f9826c1]
/usr/lib64/libreoffice/program/libvcllo.so(_ZN6Dialog7ExecuteEv+0xb5)[0x7f016f7017e5]
/usr/lib64/libreoffice/program/libsfxlo.so(+0x12d737)[0x7f0171fc4737]
/usr/lib64/libreoffice/program/libsfxlo.so(+0x1c030c)[0x7f017205730c]
/usr/lib64/libreoffice/program/libsfxlo.so(+0x1c4bb6)[0x7f017205bbb6]
/usr/lib64/libreoffice/program/libsfxlo.so(+0x3a4933)[0x7f017223b933]
/usr/lib64/libreoffice/program/libvcllo.so(+0x20735f)[0x7f016f79335f]
/usr/lib64/libreoffice/program/libvcllo.so(_ZN17SalGenericDisplay21DispatchInternalEventEv+0x6c)[0x7f016fa1f9cc]
/usr/lib64/libreoffice/program/libvclplug_gtk3lo.so(+0x4045d)[0x7f0155ac945d]
/usr/lib64/libreoffice/program/libvclplug_gtk3lo.so(+0x404d1)[0x7f0155ac94d1]
/lib64/libglib-2.0.so.0(+0x468e7)[0x7f01744358e7]
/lib64/libglib-2.0.so.0(g_main_context_dispatch+0x162)[0x7f0174438e52]
/lib64/libglib-2.0.so.0(+0x4a1d0)[0x7f01744391d0]
/lib64/libglib-2.0.so.0(g_main_context_iteration+0x2c)[0x7f017443927c]
/usr/lib64/libreoffice/program/libvclplug_gtk3lo.so(+0x3fa53)[0x7f0155ac8a53]
/usr/lib64/libreoffice/program/libvcllo.so(_ZN11Application5YieldEv+0x51)[0x7f016f9826c1]
/usr/lib64/libreoffice/program/libvcllo.so(_ZN11Application7ExecuteEv+0x45)[0x7f016f984c45]
/usr/lib64/libreoffice/program/libsofficeapp.so(+0x2375c)[0x7f017608c75c]
/usr/lib64/libreoffice/program/libvcllo.so(+0x3fc4d6)[0x7f016f9884d6]
/usr/lib64/libreoffice/program/libvcllo.so(_Z6SVMainv+0x22)[0x7f016f9885d2]
/usr/lib64/libreoffice/program/libsofficeapp.so(soffice_main+0x8a)[0x7f01760b629a]
/usr/lib64/libreoffice/program/soffice.bin(+0x7cb)[0x55b87f12f7cb]
/lib64/libc.so.6(__libc_start_main+0xf1)[0x7f0175cc3401]
/usr/lib64/libreoffice/program/soffice.bin(+0x80a)[0x55b87f12f80a]

Stack from Calc crash:

(soffice:1671): Gtk-CRITICAL **: gtk_container_foreach: assertion 'GTK_IS_CONTAINER (container)' failed


Fatal exception: Signal 11
Stack:
/usr/lib64/libreoffice/program/libuno_sal.so.3(+0x39250)[0x7f8dc11a3250]
/usr/lib64/libreoffice/program/libuno_sal.so.3(+0x393c1)[0x7f8dc11a33c1]
/lib64/libc.so.6(+0x35990)[0x7f8dc0b3d990]
/usr/lib64/libreoffice/program/libvcllo.so(_ZNK12OutputDevice12LogicToPixelERK4SizeRK7MapMode+0x68)[0x7f8dba6a7bf8]
/usr/lib64/libreoffice/program/../program/libuuilo.so(+0x14c51)[0x7f8d88f2cc51]
/usr/lib64/libreoffice/program/../program/libuuilo.so(+0x2c5e9)[0x7f8d88f445e9]
/usr/lib64/libreoffice/program/../program/libuuilo.so(+0x1f162)[0x7f8d88f37162]
/usr/lib64/libreoffice/program/../program/libuuilo.so(+0x1f63d)[0x7f8d88f3763d]
/usr/lib64/libreoffice/program/../program/libuuilo.so(+0x33d74)[0x7f8d88f4bd74]
/usr/lib64/libreoffice/program/libfwelo.so(_ZN9framework27PreventDuplicateInteraction6handleERKN3com3sun4star3uno9ReferenceINS3_4task19XInteractionRequestEEE+0xf5)[0x7f8db6ae1e75]
/usr/lib64/libreoffice/program/../program/libfilterconfiglo.so(+0x3c745)[0x7f8d88827745]
/usr/lib64/libreoffice/program/../program/libfilterconfiglo.so(+0x3ea4b)[0x7f8d88829a4b]
/usr/lib64/libreoffice/program/../program/libfwklo.so(+0x10b164)[0x7f8d99abb164]
/usr/lib64/libreoffice/program/../program/libfwklo.so(+0x10fc0a)[0x7f8d99abfc0a]
/usr/lib64/libreoffice/program/../program/libfwklo.so(+0xa0d4b)[0x7f8d99a50d4b]
/usr/lib64/libreoffice/program/../program/libfwklo.so(+0xa1b58)[0x7f8d99a51b58]
/usr/lib64/libreoffice/program/libcomphelper.so(_ZN10comphelper19SynchronousDispatch8dispatchERKN3com3sun4star3uno9ReferenceINS4_10XInterfaceEEERKN3rtl8OUStringESD_iRKNS4_8SequenceINS3_5beans13PropertyValueEEE+0x3d0)[0x7f8dbea82dd0]
/usr/lib64/libreoffice/program/libsfxlo.so(+0x131112)[0x7f8dbce2d112]
/usr/lib64/libreoffice/program/libsfxlo.so(+0x1c030c)[0x7f8dbcebc30c]
/usr/lib64/libreoffice/program/libsfxlo.so(_ZN13SfxDispatcher7ExecuteEt11SfxCallModeRK10SfxItemSet+0xf7)[0x7f8dbcec35c7]
/usr/lib64/libreoffice/program/libsfxlo.so(+0x133709)[0x7f8dbce2f709]
/usr/lib64/libreoffice/program/libsfxlo.so(+0x1c030c)[0x7f8dbcebc30c]
/usr/lib64/libreoffice/program/libsfxlo.so(+0x1c4bb6)[0x7f8dbcec0bb6]
/usr/lib64/libreoffice/program/libsfxlo.so(+0x3a4933)[0x7f8dbd0a0933]
/usr/lib64/libreoffice/program/libvcllo.so(+0x20735f)[0x7f8dba5f835f]
/usr/lib64/libreoffice/program/libvcllo.so(_ZN17SalGenericDisplay21DispatchInternalEventEv+0x6c)[0x7f8dba8849cc]
/usr/lib64/libreoffice/program/libvclplug_gtk3lo.so(+0x4045d)[0x7f8da092e45d]
/usr/lib64/libreoffice/program/libvclplug_gtk3lo.so(+0x404d1)[0x7f8da092e4d1]
/lib64/libglib-2.0.so.0(+0x468e7)[0x7f8dbf29a8e7]
/lib64/libglib-2.0.so.0(g_main_context_dispatch+0x162)[0x7f8dbf29de52]
/lib64/libglib-2.0.so.0(+0x4a1d0)[0x7f8dbf29e1d0]
/lib64/libglib-2.0.so.0(g_main_context_iteration+0x2c)[0x7f8dbf29e27c]
/usr/lib64/libreoffice/program/libvclplug_gtk3lo.so(+0x3fa53)[0x7f8da092da53]
/usr/lib64/libreoffice/program/libvcllo.so(_ZN11Application5YieldEv+0x51)[0x7f8dba7e76c1]
/usr/lib64/libreoffice/program/libvcllo.so(_ZN11Application7ExecuteEv+0x45)[0x7f8dba7e9c45]
/usr/lib64/libreoffice/program/libsofficeapp.so(+0x2375c)[0x7f8dc0ef175c]
/usr/lib64/libreoffice/program/libvcllo.so(+0x3fc4d6)[0x7f8dba7ed4d6]
/usr/lib64/libreoffice/program/libvcllo.so(_Z6SVMainv+0x22)[0x7f8dba7ed5d2]
/usr/lib64/libreoffice/program/libsofficeapp.so(soffice_main+0x8a)[0x7f8dc0f1b29a]
/usr/lib64/libreoffice/program/soffice.bin(+0x7cb)[0x558d548467cb]
/lib64/libc.so.6(__libc_start_main+0xf1)[0x7f8dc0b28401]
/usr/lib64/libreoffice/program/soffice.bin(+0x80a)[0x558d5484680a]

Comment 9 kw-bugzilla 2017-03-09 14:06:40 UTC

Created attachment 1261581 [details]
empty spreadsheet that crashes Calc

Comment 10 Caolan McNamara 2017-03-09 14:58:00 UTC

I don't think that comment #8 is the same as comment #1. Both of comment #8 have _ZNK12OutputDevice12LogicToPixelERK4SizeRK7MapMode, i.e. OutputDevice::LogicToPixel(Size const&, MapMode const&) in them, while those of comment #1 don't. Can you file a new bug for your problem (which looks suspicious in the sense that just starting calc is a pretty basic thing to do)

Comment 11 kw-bugzilla 2017-03-10 08:34:46 UTC

I filled bug report (1431023).
Thank you for your help.

Note You need to log in before you can comment on or make changes to this bug.