Description: Today's master build from a freshly cloned repo on OSX 10.12.5 Any attempt to launch a new document from the StartCenter causes an immediate abort of LibreOffice with a segfault. Tried to get a trace in lldb, but lldb is just left hanging with no interaction possible seemingly other than to kill the lldb instance. Apple's trace report gives more information than I can get from lldb. Steps to Reproduce: 1. Start LODev master 2. Click on any of the new document icons in the StartCnter (Writer, Calc, Impress, etc) 3. Crash Actual Results: Crash on attempting to open new document Expected Results: Should not crash, new document should open and allow editing Reproducible: Always User Profile Reset: No Additional Info: User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:54.0) Gecko/20100101 Firefox/54.0
Created attachment 134295 [details] backtrace provided by Apple CTDrawFontGlyph seems to be implicated in this one
Created attachment 134296 [details] lldb full backtrace Finally managed to get a lldb bt, but it waits a looong time...
The same occurs when loading any document into a running soffice process from the Finder - as soon as the document loads, soffice segfaults.
Re-tried again with a build started yesterday evening (26/06/17 ca. 19h00 CET), enclosing backtrace as behaviour is repeatable.
Created attachment 134307 [details] 2016/06/27 full lldb backtrace
Crash rendering text - any chance of a bisection Alex ? =) thanks for reporting.
I'm looking into this now. From my crashlog: Process: soffice [8001] Path: /Users/USER/*/LibreOfficeDev.app/Contents/MacOS/soffice Identifier: soffice Version: 5.5.0 (5.5.0) Code Type: X86-64 (Native) Parent Process: ??? [1] Responsible: soffice [8001] User ID: 501 Date/Time: 2017-07-09 00:38:18.552 +1000 OS Version: Mac OS X 10.12.5 (16F73) Report Version: 12 Anonymous UUID: BB09AFB2-E88C-5172-2EDF-81E37C76C603 Time Awake Since Boot: 74000 seconds System Integrity Protection: disabled Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000018 Exception Note: EXC_CORPSE_NOTIFY Termination Signal: Segmentation fault: 11 Termination Reason: Namespace SIGNAL, Code 0xb Terminating Process: exc handler [0] VM Regions Near 0x18: --> __TEXT 000000010f9a2000-000000010f9a3000 [ 4K] r-x/rwx SM=COW /Users/USER/*/LibreOfficeDev.app/Contents/MacOS/soffice Application Specific Information: objc_msgSend() selector name: objectForKey: Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 libobjc.A.dylib 0x00007fffd902005d objc_msgSend + 29 1 libvcllo.dylib 0x0000000117d576ff AquaSalGraphics::DrawTextLayout(CommonSalLayout const&) + 159 (salgdi.cxx:410) 2 libvcllo.dylib 0x0000000117b298f1 CommonSalLayout::DrawText(SalGraphics&) const + 33 (CommonSalLayout.cxx:400) 3 libvcllo.dylib 0x00000001177bdea8 OutputDevice::ImplDrawTextDirect(SalLayout&, bool) + 632 (text.cxx:310) 4 libvcllo.dylib 0x00000001177bee7e OutputDevice::ImplDrawText(SalLayout&) + 334 (text.cxx:459) 5 libvcllo.dylib 0x00000001177c28fe OutputDevice::DrawText(Point const&, rtl::OUString const&, int, int, std::__1::vector<tools::Rectangle, std::__1::allocator<tools::Rectangle> >*, rtl::OUString*, SalLayout**) + 4430 (text.cxx:917) 6 libvcllo.dylib 0x0000000117573d85 StatusBar::ImplDrawItem(OutputDevice&, bool, unsigned short) + 1157 (status.cxx:391) 7 libvcllo.dylib 0x0000000117576055 StatusBar::Paint(OutputDevice&, tools::Rectangle const&) + 501 (status.cxx:733) 8 libvcllo.dylib 0x000000011737eb1f PaintHelper::DoPaint(vcl::Region const*) + 4415 (paint.cxx:303) 9 libvcllo.dylib 0x0000000117381b44 vcl::Window::ImplCallPaint(vcl::Region const*, ImplPaintFlags) + 1780 (paint.cxx:606) 10 libvcllo.dylib 0x00000001173842b2 vcl::Window::Update() + 1778 (paint.cxx:1305) 11 libvcllo.dylib 0x000000011757ac50 StatusBar::SetItemText(unsigned short, rtl::OUString const&) + 1056 (status.cxx:1196) 12 libswlo.dylib 0x000000016ac6a893 SwWordCountStatusBarControl::StateChanged(unsigned short, SfxItemState, SfxPoolItem const*) + 115 (wordcountctrl.cxx:35) 13 libsfxlo.dylib 0x0000000111c2323e SfxStatusBarControl::statusChanged(com::sun::star::frame::FeatureStateEvent const&) + 3102 (stbitem.cxx:284) 14 libsfxlo.dylib 0x0000000111c2330c non-virtual thunk to SfxStatusBarControl::statusChanged(com::sun::star::frame::FeatureStateEvent const&) + 44 (stbitem.cxx:187) 15 libsfxlo.dylib 0x00000001118184dc SfxDispatchController_Impl::sendStatusChanged(rtl::OUString const&, com::sun::star::frame::FeatureStateEvent const&) + 172 (unoctitm.cxx:884) 16 libsfxlo.dylib 0x000000011181904a SfxDispatchController_Impl::StateChanged(unsigned short, SfxItemState, SfxPoolItem const*, SfxSlotServer*) + 2218 (unoctitm.cxx:975) 17 libsfxlo.dylib 0x00000001117cb305 SfxStateCache::SetState_Impl(SfxItemState, SfxPoolItem const*, bool) + 869 (statcach.cxx:439) 18 libsfxlo.dylib 0x00000001117caf92 SfxStateCache::SetState(SfxItemState, SfxPoolItem const*, bool) + 50 (statcach.cxx:345) 19 libsfxlo.dylib 0x00000001117431fd SfxBindings::UpdateControllers_Impl(SfxFoundCache_Impl const&, SfxPoolItem const*, SfxItemState) + 397 (bindings.cxx:1281) 20 libsfxlo.dylib 0x0000000111742189 SfxBindings::Update_Impl(SfxStateCache&) + 825 (bindings.cxx:332) 21 libsfxlo.dylib 0x0000000111745dc7 SfxBindings::NextJob_Impl(Timer*) + 1287 (bindings.cxx:1343) 22 libsfxlo.dylib 0x000000011174daad SfxBindings::NextJob(Timer*) + 29 (bindings.cxx:1288) 23 libsfxlo.dylib 0x000000011173ea48 SfxBindings::LinkStubNextJob(void*, Timer*) + 40 (bindings.cxx:1285) 24 libvcllo.dylib 0x0000000117bd1488 Link<Timer*, void>::Call(Timer*) const + 56 (link.hxx:84) 25 libvcllo.dylib 0x0000000117bd1447 Timer::Invoke() + 39 (timer.cxx:90) 26 libvcllo.dylib 0x0000000117b8b4bf ImplSchedulerData::Invoke() + 175 (scheduler.cxx:47) 27 libvcllo.dylib 0x0000000117b8be04 Scheduler::ProcessTaskScheduling(bool) + 1780 (scheduler.cxx:160) 28 libvcllo.dylib 0x0000000117b8b6fd Scheduler::CallbackTaskScheduling(bool) + 29 (scheduler.cxx:123) 29 libvcllo.dylib 0x0000000117d6a59a SalTimer::CallCallback(bool) + 58 (saltimer.hxx:56) 30 libvcllo.dylib 0x0000000117eb07ba -[TimerCallbackCaller timerElapsed:] + 122 (salnstimer.mm:39) 31 com.apple.Foundation 0x00007fffc5c2ceaf __NSFireTimer + 83 32 com.apple.CoreFoundation 0x00007fffc41a2c54 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20 33 com.apple.CoreFoundation 0x00007fffc41a28df __CFRunLoopDoTimer + 1071 34 com.apple.CoreFoundation 0x00007fffc41a243a __CFRunLoopDoTimers + 298 35 com.apple.CoreFoundation 0x00007fffc4199b81 __CFRunLoopRun + 2065 36 com.apple.CoreFoundation 0x00007fffc4199114 CFRunLoopRunSpecific + 420 37 com.apple.HIToolbox 0x00007fffc36faebc RunCurrentEventLoopInMode + 240 38 com.apple.HIToolbox 0x00007fffc36facf1 ReceiveNextEventCommon + 432 39 com.apple.HIToolbox 0x00007fffc36fab26 _BlockUntilNextEventMatchingListInModeWithFilter + 71 40 com.apple.AppKit 0x00007fffc1c93a54 _DPSNextEvent + 1120 41 com.apple.AppKit 0x00007fffc240f7ee -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 2796 42 libvcllo.dylib 0x0000000117d698ee AquaSalInstance::DoYield(bool, bool, unsigned long) + 1486 (salinst.cxx:647) 43 libvcllo.dylib 0x0000000117bbe160 ImplYield(bool, bool, unsigned long) + 1776 (svapp.cxx:493) 44 libvcllo.dylib 0x0000000117bbda28 Application::Yield() + 24 (svapp.cxx:559) 45 libvcllo.dylib 0x0000000117bbd99e Application::Execute() + 478 (svapp.cxx:457) 46 libsofficeapp.dylib 0x000000010fae2649 desktop::Desktop::DoExecute() + 9 (app.cxx:1362) 47 libsofficeapp.dylib 0x000000010fae573e desktop::Desktop::Main() + 12526 (app.cxx:1698) 48 libvcllo.dylib 0x0000000117bcd316 ImplSVMain() + 214 (svmain.cxx:192) 49 libvcllo.dylib 0x0000000117d68bb9 AquaSalInstance::handleAppDefinedEvent(NSEvent*) + 249 (salinst.cxx:467) 50 libvcllo.dylib 0x0000000117eb0990 -[VCL_NSApplication sendEvent:] + 80 (vclnsapp.mm:95) 51 com.apple.AppKit 0x00007fffc1c88427 -[NSApplication run] + 1002 52 com.apple.AppKit 0x00007fffc1c52e0e NSApplicationMain + 1237 53 libvcllo.dylib 0x0000000117d6702a ImplSVMainHook(int*) + 522 (salinst.cxx:214) 54 libvcllo.dylib 0x0000000117bcf19c SVMain() + 44 (svmain.cxx:227) 55 libsofficeapp.dylib 0x000000010fb5caa2 soffice_main + 546 (sofficemain.cxx:166) 56 org.libreoffice.script 0x000000010f9a2f5d sal_main + 13 (main.c:48) 57 org.libreoffice.script 0x000000010f9a2f37 main + 39 (main.c:47) 58 libdyld.dylib 0x00007fffd9913235 start + 1 Thread 1: 0 libsystem_kernel.dylib 0x00007fffd9a41bf2 __psynch_cvwait + 10 1 libsystem_pthread.dylib 0x00007fffd9b2d7fa _pthread_cond_wait + 712 2 libuno_sal.dylib.3 0x000000010f9c1dce rtl_cache_wsupdate_wait(unsigned int) + 110 (alloc_cache.cxx:1335) 3 libuno_sal.dylib.3 0x000000010f9c1ca7 rtl_cache_wsupdate_all(void*) + 87 (alloc_cache.cxx:1487) 4 libsystem_pthread.dylib 0x00007fffd9b2c93b _pthread_body + 180 5 libsystem_pthread.dylib 0x00007fffd9b2c887 _pthread_start + 286 6 libsystem_pthread.dylib 0x00007fffd9b2c08d thread_start + 13 Thread 2: 0 libsystem_kernel.dylib 0x00007fffd9a4244e __workq_kernreturn + 10 1 libsystem_pthread.dylib 0x00007fffd9b2c48e _pthread_wqthread + 1023 2 libsystem_pthread.dylib 0x00007fffd9b2c07d start_wqthread + 13 Thread 3: 0 libsystem_kernel.dylib 0x00007fffd9a4244e __workq_kernreturn + 10 1 libsystem_pthread.dylib 0x00007fffd9b2c621 _pthread_wqthread + 1426 2 libsystem_pthread.dylib 0x00007fffd9b2c07d start_wqthread + 13 Thread 4: 0 libsystem_pthread.dylib 0x00007fffd9b2c070 start_wqthread + 0 1 ??? 0x000000010fe16000 0 + 4561395712 Thread 5: 0 libsystem_pthread.dylib 0x00007fffd9b2c070 start_wqthread + 0 1 ??? 0x0000000000000710 0 + 1808 Thread 6:: com.apple.NSEventThread 0 libsystem_kernel.dylib 0x00007fffd9a3a34a mach_msg_trap + 10 1 libsystem_kernel.dylib 0x00007fffd9a39797 mach_msg + 55 2 com.apple.CoreFoundation 0x00007fffc419a434 __CFRunLoopServiceMachPort + 212 3 com.apple.CoreFoundation 0x00007fffc41998c1 __CFRunLoopRun + 1361 4 com.apple.CoreFoundation 0x00007fffc4199114 CFRunLoopRunSpecific + 420 5 com.apple.AppKit 0x00007fffc1de0f02 _NSEventThread + 205 6 libsystem_pthread.dylib 0x00007fffd9b2c93b _pthread_body + 180 7 libsystem_pthread.dylib 0x00007fffd9b2c887 _pthread_start + 286 8 libsystem_pthread.dylib 0x00007fffd9b2c08d thread_start + 13 Thread 7: 0 libsystem_kernel.dylib 0x00007fffd9a410c2 __accept + 10 1 libuno_sal.dylib.3 0x000000010fa286d0 osl_acceptPipe + 224 (pipe.cxx:426) 2 libsofficeapp.dylib 0x000000010fb525b2 osl::Pipe::accept(osl::StreamPipe&) + 50 (pipe.hxx:151) 3 libsofficeapp.dylib 0x000000010fb50650 desktop::PipeIpcThread::execute() + 160 (officeipcthread.cxx:1192) 4 libuno_salhelpergcc3.dylib.3 0x00000001110af073 salhelper::Thread::run() + 51 (thread.cxx:40) 5 libuno_salhelpergcc3.dylib.3 0x00000001110af139 non-virtual thunk to salhelper::Thread::run() + 25 (thread.cxx:37) 6 libuno_salhelpergcc3.dylib.3 0x00000001110b1a9e threadFunc + 30 (thread.hxx:186) 7 libuno_sal.dylib.3 0x000000010fa47d57 osl_thread_start_Impl(void*) + 295 (thread.cxx:248) 8 libsystem_pthread.dylib 0x00007fffd9b2c93b _pthread_body + 180 9 libsystem_pthread.dylib 0x00007fffd9b2c887 _pthread_start + 286 10 libsystem_pthread.dylib 0x00007fffd9b2c08d thread_start + 13 Thread 8: 0 libsystem_kernel.dylib 0x00007fffd9a41bf2 __psynch_cvwait + 10 1 libsystem_pthread.dylib 0x00007fffd9b2d7fa _pthread_cond_wait + 712 2 libuno_sal.dylib.3 0x000000010fa078fd osl_waitCondition + 3085 (conditn.cxx:199) 3 libupdchklo.dylib 0x0000000171e22fe0 osl::Condition::wait(TimeValue const*) + 32 (conditn.hxx:112) 4 libupdchklo.dylib 0x0000000171e438a6 (anonymous namespace)::InitUpdateCheckJobThread::run() + 118 (updatecheckjob.cxx:124) 5 libupdchklo.dylib 0x0000000171e22f3e threadFunc + 30 (thread.hxx:186) 6 libuno_sal.dylib.3 0x000000010fa47d57 osl_thread_start_Impl(void*) + 295 (thread.cxx:248) 7 libsystem_pthread.dylib 0x00007fffd9b2c93b _pthread_body + 180 8 libsystem_pthread.dylib 0x00007fffd9b2c887 _pthread_start + 286 9 libsystem_pthread.dylib 0x00007fffd9b2c08d thread_start + 13 Thread 9: 0 libsystem_kernel.dylib 0x00007fffd9a41bf2 __psynch_cvwait + 10 1 libsystem_pthread.dylib 0x00007fffd9b2d7fa _pthread_cond_wait + 712 2 libuno_sal.dylib.3 0x000000010fa078fd osl_waitCondition + 3085 (conditn.cxx:199) 3 libconfigmgrlo.dylib 0x0000000123c47b80 osl::Condition::wait(TimeValue const*) + 32 (conditn.hxx:112) 4 libconfigmgrlo.dylib 0x0000000123c3a29d osl::Condition::wait(TimeValue const&) + 29 (conditn.hxx:116) 5 libconfigmgrlo.dylib 0x0000000123c39b57 configmgr::Components::WriteThread::execute() + 71 (components.cxx:183) 6 libuno_salhelpergcc3.dylib.3 0x00000001110af073 salhelper::Thread::run() + 51 (thread.cxx:40) 7 libuno_salhelpergcc3.dylib.3 0x00000001110af139 non-virtual thunk to salhelper::Thread::run() + 25 (thread.cxx:37) 8 libuno_salhelpergcc3.dylib.3 0x00000001110b1a9e threadFunc + 30 (thread.hxx:186) 9 libuno_sal.dylib.3 0x000000010fa47d57 osl_thread_start_Impl(void*) + 295 (thread.cxx:248) 10 libsystem_pthread.dylib 0x00007fffd9b2c93b _pthread_body + 180 11 libsystem_pthread.dylib 0x00007fffd9b2c887 _pthread_start + 286 12 libsystem_pthread.dylib 0x00007fffd9b2c08d thread_start + 13 Thread 0 crashed with X86 Thread State (64-bit): rax: 0xd000000000000000 rbx: 0x00007fae7fd50ec0 rcx: 0x00007fffdf1b6310 rdx: 0x00007fffdf3bd230 rdi: 0x00007fae7d1dd550 rsi: 0x00007fffc28b2009 rbp: 0x00007fff50256180 rsp: 0x00007fff502557d8 r8: 0x000000010fa65f70 r9: 0x0000000000564cfc r10: 0x0000000000000000 r11: 0x00007fffc28b2009 r12: 0x00007fffd9020040 r13: 0x00007fffc28b21fa r14: 0x00007fae7fd56cf0 r15: 0x00000001180a7534 rip: 0x00007fffd902005d rfl: 0x0000000000010246 cr2: 0x0000000000000018 Logical CPU: 0 Error Code: 0x00000004 Trap Number: 14
I think this has been caused by: commit f0821f9a347c7752a3c741c3451a2f1630173720 Author: Tamas Bunth <tamas.bunth@collabora.co.uk> Date: Thu Jun 8 19:56:28 2017 +0200 Cache text layout of statusbar items Extend lifecycle of SalLayout created by the output device. A layout is stored for each status bar item and used as a cache. The layout may be updated through output device method parameters. This way it's no longer necessary to calculate the layout again and again when painting the status bar item multiple times, provided that its text does not change. Change-Id: I6494c2d6b676e8f4fdda2cde6165ff0755fd4fa2 Reviewed-on: https://gerrit.libreoffice.org/38578 Reviewed-by: Tamás Bunth <btomi96@gmail.com> Tested-by: Tamás Bunth <btomi96@gmail.com> I reverted this and no more crashing. Given this is a decent stab at solving a painting solution I don't think reverting is the solution. Unfortunately, I don't know quite how to solve this one.
Hi Alex, Chris Could you please confirm that the bug is still present in master? I wonder if it contained this commit: commit 3b05c3b4b4b6c3891b4b7e88d91889cf327a34a8 Author: Tamas Bunth <tamas.bunth@collabora.co.uk> Date: Sun Jun 11 00:24:36 2017 +0200 Refactor create layout cache in status bar Create SalLayout in StatusBar instead of getting cache through output parameter. Pass cache as a constant to the output device afterwards. Results in a more readable code, with more evident memory management. Change-Id: I4f949ea8f390b31379f661d611a183ceb3d91c25 Reviewed-on: https://gerrit.libreoffice.org/38651 Tested-by: Jenkins <ci@libreoffice.org> Reviewed-by: Tamás Bunth <btomi96@gmail.com>
(In reply to Chris Sherlock from comment #7) > Thread 0 Crashed:: Dispatch queue: com.apple.main-thread > 0 libobjc.A.dylib 0x00007fffd902005d objc_msgSend + 29 > 1 libvcllo.dylib 0x0000000117d576ff > AquaSalGraphics::DrawTextLayout(CommonSalLayout const&) + 159 > (salgdi.cxx:410) > 2 libvcllo.dylib 0x0000000117b298f1 > CommonSalLayout::DrawText(SalGraphics&) const + 33 (CommonSalLayout.cxx:400) > 3 libvcllo.dylib 0x00000001177bdea8 > OutputDevice::ImplDrawTextDirect(SalLayout&, bool) + 632 (text.cxx:310) > 4 libvcllo.dylib 0x00000001177bee7e > OutputDevice::ImplDrawText(SalLayout&) + 334 (text.cxx:459) > 5 libvcllo.dylib 0x00000001177c28fe > OutputDevice::DrawText(Point const&, rtl::OUString const&, int, int, > std::__1::vector<tools::Rectangle, std::__1::allocator<tools::Rectangle> >*, > rtl::OUString*, SalLayout**) + 4430 (text.cxx:917) Since the signature of DrawText should be SalLayout*, not SalLayout** now.
set needinfo - any chance of some more data / testing Alex ? =) Thanks !
(In reply to Michael Meeks from comment #11) > set needinfo - any chance of some more data / testing Alex ? =) > Thanks ! Am waiting for my build to complete, will report back if successful
Still crashes immediately with Version: 6.0.0.0.alpha0+ Build ID: d7ac239793905564d2754edc52611930b6ba2cdc Threads CPU : 4; OS : Mac OS X 10.12.5; UI Render : par défaut; Locale : fr-FR (fr_FR.UTF-8); Calc: group this my master debug-enabled build after make clean, fresh pull, and make - fresh pull was made Monday.
(In reply to Alex Thurgood from comment #13) > Still crashes immediately with > > Version: 6.0.0.0.alpha0+ > Build ID: d7ac239793905564d2754edc52611930b6ba2cdc > Threads CPU : 4; OS : Mac OS X 10.12.5; UI Render : par défaut; > Locale : fr-FR (fr_FR.UTF-8); Calc: group > > this my master debug-enabled build after make clean, fresh pull, and make - > fresh pull was made Monday. "Immediately" meaning as soon as I attempt to open a new document or load an existing document. The irony of the situation is that I can launch the Base wizard (New Database document) which appears to create a new ODB file, but which then subsequently crashes.
The wizards all seem to run until a document needs to be displayed, then the office crashes.
Created attachment 134739 [details] 2017/07/19 full bt Enclosing bt output from lldb session
Unfortunately, still crashing with Version: 6.0.0.0.alpha0+ Build ID: 68d7faae7d748b6adcf8ba71a5b7ec9d80031c1b CPU threads: 4; OS: Mac OS X 10.12.6; UI render: default; Locale: fr-FR (fr_FR.UTF-8); Calc: group
Tamas Bunth committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=cc2506d54df6c4ec2b0c828705afa92f53dae14f tdf#108793 do not use cache for virtual device It will be available in 6.0.0. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
*** Bug 109333 has been marked as a duplicate of this bug. ***
With master sources updated today (including Tamas' patch), I don't reproduce this. Thank you Tamas!
(In reply to Commit Notification from comment #18) > > Affected users are encouraged to test the fix and report feedback. Confirming resolved fixed verified with above commit - thanks Tamas !