Bug 101528 - Crashes on 3D chart modification
Summary: Crashes on 3D chart modification
Status: RESOLVED INSUFFICIENTDATA
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: Calc (show other bugs)
Version:
(earliest affected)
5.2.0.4 release
Hardware: x86-64 (AMD64) Linux (All)
: high critical
Assignee: Not Assigned
URL:
Whiteboard:
Keywords: bibisectRequest, wantBacktrace
Depends on:
Blocks: Chart
  Show dependency treegraph
 
Reported: 2016-08-14 22:01 UTC by steve
Modified: 2017-05-31 10:47 UTC (History)
4 users (show)

See Also:
Crash report or crash signature:


Attachments
Spreadsheet whose graph's manipulation causes Calc to crash (220.61 KB, application/vnd.oasis.opendocument.spreadsheet)
2016-08-15 06:19 UTC, steve
Details

Note You need to log in before you can comment on or make changes to this bug.
Description steve 2016-08-14 22:01:16 UTC
Chart freezes when 3D bar chart modifications of several different types are made.  On running soffice calc from commandline the following general error is reported from the shell:

*** Error in `/usr/lib/libreoffice/program/soffice.bin': double free or corruption (fasttop): 0x0000000005004380 ***
*** Error in `/usr/lib/libreoffice/program/soffice.bin': double free or corruption (fasttop): 0x0000000003d4a800 ***

The calc file may freeze once opened without any further action on my part except possibly for scrolling.  The problem occurred when editing the 3D bar chart's x or y axes, including label angle.

In a couple of instances, the window disappeared and the recovery window appeared immediately offering to restore the files.

Version is 5.2.0.4.
Comment 1 Jean-Baptiste Faure 2016-08-15 05:24:15 UTC
Please, attach a test file.

Best regards. JBF
Comment 2 steve 2016-08-15 06:19:56 UTC
Created attachment 126835 [details]
Spreadsheet whose graph's manipulation causes Calc to crash
Comment 3 steve 2016-08-15 06:22:41 UTC
Thanks, Dr. Faure.  I've attached a file demonstrating the problem on my system.  In addition, I found the following more extensive shell error report when manipulating the graph in this most recent instance.

*** Error in `/usr/lib/libreoffice/program/soffice.bin': double free or corruption (fasttop): 0x000000000378ab20 ***
*** Error in `/usr/lib/libreoffice/program/soffice.bin': double free or corruption (fasttop): 0x000000000378ab20 ***


Fatal exception: Signal 6
Stack:
/usr/lib/libreoffice/program/libuno_sal.so.3(+0x385bd)[0x7fb8fddac5bd]
/usr/lib/libreoffice/program/libuno_sal.so.3(+0x386f1)[0x7fb8fddac6f1]
/lib/x86_64-linux-gnu/libc.so.6(+0x36cb0)[0x7fb8fd9e5cb0]
/lib/x86_64-linux-gnu/libc.so.6(gsignal+0x37)[0x7fb8fd9e5c37]
/lib/x86_64-linux-gnu/libc.so.6(abort+0x148)[0x7fb8fd9e9028]
/lib/x86_64-linux-gnu/libc.so.6(+0x732a4)[0x7fb8fda222a4]
/lib/x86_64-linux-gnu/libc.so.6(+0x7f55e)[0x7fb8fda2e55e]
/usr/lib/libreoffice/program/libmergedlo.so(_ZN12drawinglayer9attribute19MaterialAttribute3DD1Ev+0x1e)[0x7fb8feed276e]
/usr/lib/libreoffice/program/libmergedlo.so(_ZN12drawinglayer11primitive3d30PolyPolygonMaterialPrimitive3DD0Ev+0x3c)[0x7fb8fef35a9c]
/usr/lib/libreoffice/program/libmergedlo.so(+0xf9397e)[0x7fb8fef5c97e]
/usr/lib/libreoffice/program/libmergedlo.so(_ZN12drawinglayer11processor3d15BaseProcessor3D7processERKNS_11primitive3d20Primitive3DContainerE+0xa7)[0x7fb8fef597c7]
/usr/lib/libreoffice/program/libmergedlo.so(+0xf920ff)[0x7fb8fef5b0ff]
/usr/lib/libreoffice/program/libmergedlo.so(+0xf93893)[0x7fb8fef5c893]
/usr/lib/libreoffice/program/libmergedlo.so(_ZN12drawinglayer11processor3d15BaseProcessor3D7processERKNS_11primitive3d20Primitive3DContainerE+0xa7)[0x7fb8fef597c7]
/usr/lib/libreoffice/program/libmergedlo.so(+0xf920ff)[0x7fb8fef5b0ff]
/usr/lib/libreoffice/program/libmergedlo.so(+0xf93893)[0x7fb8fef5c893]
/usr/lib/libreoffice/program/libmergedlo.so(_ZN12drawinglayer11processor3d15BaseProcessor3D7processERKNS_11primitive3d20Primitive3DContainerE+0xa7)[0x7fb8fef597c7]
/usr/lib/libreoffice/program/libmergedlo.so(+0xf920ff)[0x7fb8fef5b0ff]
/usr/lib/libreoffice/program/libmergedlo.so(+0xf93893)[0x7fb8fef5c893]
/usr/lib/libreoffice/program/libmergedlo.so(_ZN12drawinglayer11processor3d15BaseProcessor3D7processERKNS_11primitive3d20Primitive3DContainerE+0xa7)[0x7fb8fef597c7]
/usr/lib/libreoffice/program/libmergedlo.so(+0xf920ff)[0x7fb8fef5b0ff]
/usr/lib/libreoffice/program/libmergedlo.so(+0xf93893)[0x7fb8fef5c893]
/usr/lib/libreoffice/program/libmergedlo.so(_ZN12drawinglayer11processor3d15BaseProcessor3D7processERKNS_11primitive3d20Primitive3DContainerE+0xa7)[0x7fb8fef597c7]
/usr/lib/libreoffice/program/libmergedlo.so(+0xf920ff)[0x7fb8fef5b0ff]
/usr/lib/libreoffice/program/libmergedlo.so(+0xf93893)[0x7fb8fef5c893]
/usr/lib/libreoffice/program/libmergedlo.so(_ZN12drawinglayer11processor3d15BaseProcessor3D7processERKNS_11primitive3d20Primitive3DContainerE+0xa7)[0x7fb8fef597c7]
/usr/lib/libreoffice/program/libmergedlo.so(+0xf4a741)[0x7fb8fef13741]
/usr/lib/libreoffice/program/libmergedlo.so(+0xcdd2fd)[0x7fb8feca62fd]
/usr/lib/libreoffice/program/libuno_salhelpergcc3.so.3(_ZN9salhelper6Thread3runEv+0x16)[0x7fb8f761ac96]
/usr/lib/libreoffice/program/libuno_salhelpergcc3.so.3(+0x3e5a)[0x7fb8f761ae5a]
/usr/lib/libreoffice/program/libuno_sal.so.3(+0x3b157)[0x7fb8fddaf157]
/lib/x86_64-linux-gnu/libpthread.so.0(+0x8184)[0x7fb8fcd2a184]
/lib/x86_64-linux-gnu/libc.so.6(clone+0x6d)[0x7fb8fdaa937d]
Aborted (core dumped)
Comment 4 Jean-Baptiste Faure 2016-08-21 17:12:26 UTC
Thank you for the test file. No crash for me with LO 5.2.0 under Ubuntu 16.04 x86-64 (GTK3 plugin) (version from PPA LibreOffice).

Other versions tested without crash:

Version: 5.2.2.0.0+
Build ID: bd6861f0726b396af2e1332d30d02164f63c9b44
Threads CPU : 4; Version de l'OS :Linux 4.4; UI Render : par défaut; 
Ubuntu_16.04_x86-64
Locale : fr-FR (fr_FR.UTF-8); Calc: single

Version: 5.3.0.0.alpha0+
Build ID: 4b313d803279900f86992eb0aced91fb593e4355
CPU Threads: 4; OS Version: Linux 4.4; UI Render: default; 
Ubuntu_16.04_x86-64
Locale: fr-FR (fr_FR.UTF-8); Calc: group

Best regards. JBF
Comment 5 Buovjaga 2016-09-20 19:45:39 UTC
I managed to make it crash in 5.2.0. The sidebar was acting strange and disappearing, so I actually did not manage to do any changes to the chart, only clicked around and then it crashed suddenly.

With 5.3, if I double-click to edit the chart, the area is simply blank.

Arch Linux 64-bit, KDE Plasma 5
Version: 5.2.0.4
Build ID: 5.2.0-1
CPU Threads: 8; OS Version: Linux 4.6; UI Render: default; 
Locale: fi-FI (fi_FI.UTF-8)
Comment 6 Michael Meeks 2016-10-11 09:22:51 UTC
ooh - clearly a memory corruption from the error message. So - what we really need is a valgrind trace of this of a build compiled with debugging symbols. Is it possible to get that ?

Thanks !
Comment 7 Xisco Faulí 2016-10-11 09:44:48 UTC
I can't reproduce it in

Version: 5.3.0.0.alpha0+
Build ID: ae94c223e2e21e42fc7feca72402b910e5eab5c7
CPU Threads: 4; OS Version: Linux 4.2; UI Render: default; 
Locale: ca-ES (ca_ES.UTF-8); Calc: group
Comment 8 Buovjaga 2016-10-11 13:03:29 UTC
Now I could not reproduce it either. I tried various manipulations in the chart, changing color, label position, font etc.

Steve: can you test with 5.2.2?

Arch Linux 64-bit, KDE Plasma 5
Version: 5.2.2.2.0+
Build ID: 5.2.2-1
CPU Threads: 8; OS Version: Linux 4.7; UI Render: default; 
Locale: fi-FI (fi_FI.UTF-8); Calc: group

Arch Linux 64-bit, KDE Plasma 5
Version: 5.3.0.0.alpha0+
Build ID: 65f2d6b1cc40b4b90f8987e8ea14d24b5f38f950
CPU Threads: 8; OS Version: Linux 4.7; UI Render: default; 
Locale: fi-FI (fi_FI.UTF-8); Calc: group
Built on October 10th 2016
Comment 9 steve 2016-10-11 18:08:33 UTC
I'm new to the whole bug investigation thing, being an end-user. Are you requesting that I test it in 5.2.2 as opposed to my original 5.2.2.2?  I do notice that Dr. Faure tested 5.2.2.0.0+ without a crash.

Thanks for your patience, sorry to be thick.
Comment 10 steve 2016-10-11 18:10:25 UTC
Correction: I appear to have upgraded since my original test reported as 5.2.0.4. I'm *now* at 5.2.2.2, but was not then.
Comment 11 Buovjaga 2016-10-11 18:12:48 UTC
(In reply to steve from comment #10)
> Correction: I appear to have upgraded since my original test reported as
> 5.2.0.4. I'm *now* at 5.2.2.2, but was not then.

Yep, does it still freeze or crash with 5.2.2?
Comment 12 steve 2016-10-11 18:15:42 UTC
Sorry, my update answering your question was lost ("mid-air collision"); I did just test for the problem under 5.2.2.2, and the chart did not freeze when I adjusted the x and y label angles.
Comment 13 steve 2016-10-11 18:17:25 UTC
Ah, spoke too soon!  When I went back having made the corrections, and began scrolling with the mouse, the spreadsheet froze as previously.
Comment 14 Buovjaga 2016-10-11 18:21:21 UTC
(In reply to steve from comment #13)
> Ah, spoke too soon!  When I went back having made the corrections, and began
> scrolling with the mouse, the spreadsheet froze as previously.

Ok, you could install the libreoffice debug package for your distro and try getting a backtrace https://wiki.documentfoundation.org/QA/BugReport/Debug_Information#GNU.2FLinux

Note: "If its a hang, you will need to force a crash, so open another console and type `$ pkill -15 soffice.bin` or alternatively type `$ xkill` and click on the hung libreoffice window."
Comment 15 steve 2016-10-11 18:24:14 UTC
The only report now when crashing after starting from shell is "Warning: failed to read path from javaldx".
Comment 16 steve 2016-10-11 18:25:38 UTC
Okay, got your pkill instruction, executed it, started from shell, recovered the file and started scrolling.  On startup the shell reported:
Warning: failed to read path from javaldx
and on crashing the shell reported:
Warning: failed to read path from javaldx
*** Error in `/usr/lib/libreoffice/program/soffice.bin': double free or corruption (fasttop): 0x00000000041076b0 ***
*** Error in `/usr/lib/libreoffice/program/soffice.bin': double free or corruption (fasttop): 0x00000000041076b0 ***


Fatal exception: Signal 6
Stack:
/usr/lib/libreoffice/program/libuno_sal.so.3(+0x385bd)[0x7f14a0ced5bd]
/usr/lib/libreoffice/program/libuno_sal.so.3(+0x386f1)[0x7f14a0ced6f1]
/lib/x86_64-linux-gnu/libc.so.6(+0x36cb0)[0x7f14a0926cb0]
/lib/x86_64-linux-gnu/libc.so.6(gsignal+0x37)[0x7f14a0926c37]
/lib/x86_64-linux-gnu/libc.so.6(abort+0x148)[0x7f14a092a028]
/lib/x86_64-linux-gnu/libc.so.6(+0x732a4)[0x7f14a09632a4]
/lib/x86_64-linux-gnu/libc.so.6(+0x7f55e)[0x7f14a096f55e]
/usr/lib/libreoffice/program/libmergedlo.so(_ZN12drawinglayer9attribute19MaterialAttribute3DD1Ev+0x1e)[0x7f14a1e148ae]
/usr/lib/libreoffice/program/libmergedlo.so(_ZN12drawinglayer11primitive3d30PolyPolygonMaterialPrimitive3DD0Ev+0x3c)[0x7f14a1e77bdc]
/usr/lib/libreoffice/program/libmergedlo.so(+0xf94abe)[0x7f14a1e9eabe]
/usr/lib/libreoffice/program/libmergedlo.so(_ZN12drawinglayer11processor3d15BaseProcessor3D7processERKNS_11primitive3d20Primitive3DContainerE+0xa7)[0x7f14a1e9b907]
/usr/lib/libreoffice/program/libmergedlo.so(+0xf9323f)[0x7f14a1e9d23f]
/usr/lib/libreoffice/program/libmergedlo.so(+0xf949d3)[0x7f14a1e9e9d3]
/usr/lib/libreoffice/program/libmergedlo.so(_ZN12drawinglayer11processor3d15BaseProcessor3D7processERKNS_11primitive3d20Primitive3DContainerE+0xa7)[0x7f14a1e9b907]
/usr/lib/libreoffice/program/libmergedlo.so(+0xf9323f)[0x7f14a1e9d23f]
/usr/lib/libreoffice/program/libmergedlo.so(+0xf949d3)[0x7f14a1e9e9d3]
/usr/lib/libreoffice/program/libmergedlo.so(_ZN12drawinglayer11processor3d15BaseProcessor3D7processERKNS_11primitive3d20Primitive3DContainerE+0xa7)[0x7f14a1e9b907]
/usr/lib/libreoffice/program/libmergedlo.so(+0xf9323f)[0x7f14a1e9d23f]
/usr/lib/libreoffice/program/libmergedlo.so(+0xf949d3)[0x7f14a1e9e9d3]
/usr/lib/libreoffice/program/libmergedlo.so(_ZN12drawinglayer11processor3d15BaseProcessor3D7processERKNS_11primitive3d20Primitive3DContainerE+0xa7)[0x7f14a1e9b907]
/usr/lib/libreoffice/program/libmergedlo.so(+0xf9323f)[0x7f14a1e9d23f]
/usr/lib/libreoffice/program/libmergedlo.so(+0xf949d3)[0x7f14a1e9e9d3]
/usr/lib/libreoffice/program/libmergedlo.so(_ZN12drawinglayer11processor3d15BaseProcessor3D7processERKNS_11primitive3d20Primitive3DContainerE+0xa7)[0x7f14a1e9b907]
/usr/lib/libreoffice/program/libmergedlo.so(+0xf9323f)[0x7f14a1e9d23f]
/usr/lib/libreoffice/program/libmergedlo.so(+0xf949d3)[0x7f14a1e9e9d3]
/usr/lib/libreoffice/program/libmergedlo.so(_ZN12drawinglayer11processor3d15BaseProcessor3D7processERKNS_11primitive3d20Primitive3DContainerE+0xa7)[0x7f14a1e9b907]
/usr/lib/libreoffice/program/libmergedlo.so(+0xf4b881)[0x7f14a1e55881]
/usr/lib/libreoffice/program/libmergedlo.so(+0xcdd77d)[0x7f14a1be777d]
/usr/lib/libreoffice/program/libuno_salhelpergcc3.so.3(_ZN9salhelper6Thread3runEv+0x16)[0x7f149a55acd6]
/usr/lib/libreoffice/program/libuno_salhelpergcc3.so.3(+0x3eca)[0x7f149a55aeca]
/usr/lib/libreoffice/program/libuno_sal.so.3(+0x3b157)[0x7f14a0cf0157]
/lib/x86_64-linux-gnu/libpthread.so.0(+0x8184)[0x7f149fc6b184]
/lib/x86_64-linux-gnu/libc.so.6(clone+0x6d)[0x7f14a09ea37d]
Comment 17 steve 2016-10-11 18:26:56 UTC
Correction: on crashing the Warning shown in the first line did not reoccur.
Comment 18 Buovjaga 2016-10-11 18:42:25 UTC
Urgh, sorry for the confusion: I forgot the most interesting thing would be a valgrind trace: https://wiki.documentfoundation.org/QA/BugReport/Debug_Information#GNU.2FLinux:_How_to_get_a_Valgrind_log

Warning: it runs really slow, so you should plan accordingly so you won't get bored while waiting!
Comment 19 steve 2016-10-12 02:04:32 UTC
I apologize, but that's a new procedure to me, and something I'll not be able to get to for some time due to other tasks, I'm afraid. I won't lose sight of it: it'll go on my regularly-referenced action item list, but it will be a bit.  Thanks for your understanding.
Comment 20 QA Administrators 2017-05-02 11:37:27 UTC Comment hidden (obsolete)
Comment 21 QA Administrators 2017-05-31 10:47:01 UTC
Dear Bug Submitter,

Please read this message in its entirety before proceeding.

Your bug report is being closed as INSUFFICIENTDATA due to inactivity and
a lack of information which is needed in order to accurately
reproduce and confirm the problem. We encourage you to retest
your bug against the latest release. If the issue is still
present in the latest stable release, we need the following
information (please ignore any that you've already provided):

a) Provide details of your system including your operating
   system and the latest version of LibreOffice that you have
   confirmed the bug to be present

b) Provide easy to reproduce steps – the simpler the better

c) Provide any test case(s) which will help us confirm the problem

d) Provide screenshots of the problem if you think it might help

e) Read all comments and provide any requested information

Once all of this is done, please set the bug back to UNCONFIRMED
and we will attempt to reproduce the issue. Please do not:

a) respond via email 

b) update the version field in the bug or any of the other details
   on the top section of our bug tracker

Warm Regards,
QA Team

MassPing-NeedInfo-20170531