Created attachment 126146 [details] backtrace Steps: 1) Open LO 2) Click impress button in start center 3) Click cancel button in template selector dialog 4) Crash Regression as this doesnt happen in 5.2 daily. Version: 5.3.0.0.alpha0+ Build ID: 54f2a4184d1296814e64cfeab1d06ae90d002357 CPU Threads: 2; OS Version: Linux 3.19; UI Render: default; TinderBox: Linux-rpm_deb-x86_64@70-TDF, Branch:master, Time: 2016-07-08_01:43:14 Locale: en-US (en_US.UTF-8); Calc: group Version: 5.2.0.1.0+ Build ID: 2e171fa809495120a5b944ce7b1f77099dbb9a4a CPU Threads: 2; OS Version: Linux 3.19; UI Render: default; TinderBox: Linux-rpm_deb-x86_64@70-TDF, Branch:libreoffice-5-2, Time: 2016-06-30_08:31:22 Locale: en-US (en_US.UTF-8)
Same happens in UI testing. backtrace: #0 0x00002aaaab37c0c7 in raise () from /lib64/libc.so.6 #1 0x00002aaaab37d478 in abort () from /lib64/libc.so.6 #2 0x00002aaaab375146 in __assert_fail_base () from /lib64/libc.so.6 #3 0x00002aaaab3751f2 in __assert_fail () from /lib64/libc.so.6 #4 0x00002aaab38a7f82 in VclReferenceBase::acquire (this=0x19cad60) at /lo/users/moggi/libo1/include/vcl/vclreferencebase.hxx:38 #5 0x00002aaab39f31bf in rtl::Reference<Menu const>::set (this=0x7fffffff1598, pBody=0x19cad60) at /lo/users/moggi/libo1/include/rtl/ref.hxx:100 #6 0x00002aaab39ed65f in VclPtr<Menu const>::operator= (this=0x7fffffff1598, pBody=0x19cad60) at /lo/users/moggi/libo1/include/vcl/vclptr.hxx:178 #7 0x00002aaab39e33eb in Menu::ImplAddDel (this=0x19cad60, rDel=...) at /lo/users/moggi/libo1/vcl/source/window/menu.cxx:1435 #8 0x00002aaab39ed1ae in ImplMenuDelData::ImplMenuDelData (this=0x7fffffff1590, pMenu=0x19cad60) at /lo/users/moggi/libo1/vcl/source/window/menu.cxx:3191 #9 0x00002aaab39dc03a in Menu::ImplCallEventListeners (this=0x19cad60, nEvent=1, nPos=65535) at /lo/users/moggi/libo1/vcl/source/window/menu.cxx:341 #10 0x00002aaab39dbd28 in Menu::dispose (this=0x19cad60) at /lo/users/moggi/libo1/vcl/source/window/menu.cxx:145 #11 0x00002aaab39ea893 in PopupMenu::dispose (this=0x19cad60) at /lo/users/moggi/libo1/vcl/source/window/menu.cxx:2790 #12 0x00002aaab3cb677f in VclReferenceBase::disposeOnce (this=0x19cad60) at /lo/users/moggi/libo1/vcl/source/outdev/vclreferencebase.cxx:42 #13 0x00002aaab39ea7c6 in PopupMenu::~PopupMenu (this=0x19cad60) at /lo/users/moggi/libo1/vcl/source/window/menu.cxx:2783 #14 0x00002aaab39ea819 in PopupMenu::~PopupMenu (this=0x19cad60) at /lo/users/moggi/libo1/vcl/source/window/menu.cxx:2782 #15 0x00002aaaaf660c53 in VclReferenceBase::release (this=0x19cad60) at /lo/users/moggi/libo1/include/vcl/vclreferencebase.hxx:46 #16 0x00002aaaaf70730c in rtl::Reference<PopupMenu>::clear (this=0x19d2518) at /lo/users/moggi/libo1/include/rtl/ref.hxx:157 #17 0x00002aaaafb30325 in VclPtr<PopupMenu>::clear (this=0x19d2518) at /lo/users/moggi/libo1/include/vcl/vclptr.hxx:194 So it looks like a double delete.
Markus Mohrhard committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=24460da8d18bcc0df87824a1402080a97a8797ab Menu's dispose needs non-zero ref count, tdf#100829 It will be available in 5.3.0. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
*** Bug 100821 has been marked as a duplicate of this bug. ***