Bug 150190 - Calc crashes by holding down Page Down or scrolling rapidly with Skia Vulkan enabled
Summary: Calc crashes by holding down Page Down or scrolling rapidly with Skia Vulkan ...
Status: RESOLVED DUPLICATE of bug 149527
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: Calc (show other bugs)
Version:
(earliest affected)
7.3.4.2 release
Hardware: All Windows (All)
: medium major
Assignee: Not Assigned
URL:
Whiteboard:
Keywords: haveBacktrace
Depends on:
Blocks: Skia Crash
  Show dependency treegraph
 
Reported: 2022-07-29 03:37 UTC by Matt K
Modified: 2023-01-23 20:17 UTC (History)
9 users (show)

See Also:
Crash report or crash signature:

Attachments
WinDbg stack trace (~* kp) from freeze of LO 7.3.4.2 scrolling empty sheet w/ Skia Vulkan rendering (25.87 KB, text/plain)
2022-07-30 15:40 UTC, V Stuart Foote 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Matt K 2022-07-29 03:37:41 UTC 
Description:
On the latest master, Calc crashes around row ~43000 when holding down Page Down on a blank open document.

Steps to Reproduce:
1. Open Calc
2. Click in workbook and hold Page Down key
3. Observe crash around row ~43000

Actual Results:
Crash

Expected Results:
Error message or still able to scroll


Reproducible: Always


User Profile Reset: No



Additional Info:
Version: 7.5.0.0.alpha0+ (x64) / LibreOffice Community
Build ID: 6eb6ea534081b54f4f3a8e1bcf9cf00deb50dc21
CPU threads: 12; OS: Windows 10.0 Build 22000; UI render: Skia/Vulkan; VCL: win
Locale: en-US (en_US); UI: en-US
Calc: CL
Comment 1 Xisco Faulí 2022-07-29 10:00:00 UTC 
I can't reproduce it in

Version: 7.5.0.0.alpha0+ / LibreOffice Community
Build ID: fe2d59a0730e60c0196baa46af12440afd343878
CPU threads: 8; OS: Linux 5.10; UI render: default; VCL: x11
Locale: es-ES (es_ES.UTF-8); UI: en-US
Calc: threaded
Comment 2 Timur 2022-07-29 13:05:16 UTC 
No repro in Version: 7.5.0.0.alpha0+ (x64) / LibreOffice Community
Build ID: d2dfc0c4286057f5d8dda178817de3503c3a7d29
CPU threads: 8; OS: Win 6.1 Service Pack 1 Build 7601; UI render: Skia/Raster; VCL: win
Locale: bs-BA (bs_BA); UI: en-US
Calc: CL

I understand empty new Calc is sufficient, please attach sample if not. 

You need to do basic testing:
Test with LO user profle reset, better rename. 
Test without Skia, then without HW acc.
Comment 3 Matt K 2022-07-30 01:48:23 UTC 
(In reply to Timur from comment #2)
> You need to do basic testing:
> Test with LO user profle reset, better rename. 
> Test without Skia, then without HW acc.

I got rid of user profile and it still repro'd.

Then I turned off Skia and it doesn't repro anymore.  It only repros in Skia/Vulkan, not in Skia/Raster.  My understanding is that Skia/Vulkan uses graphics drivers -- my graphics driver is NVIDIA GeForce GTX 1080 Ti and it is version 27.21.14.6589.  I was also able to repro a few times around lines ~22881 and ~24991 -- it happens every time I try.

I would post a callstack of the crash but I can't seem to build the "sc" directory with debug symbols.
Comment 4 Matt K 2022-07-30 03:41:34 UTC 
Here is the callstack of the crash:

 	ucrtbase.dll!00007ff92c0bdd7e	Unknown

	vcllo.dll!SkiaSalGraphicsImpl::postDraw at core\vcl\skia\gdiimpl.cxx(456)

 	vcllo.dll!SkiaSalGraphicsImpl::copyArea Line 1157	C++
 	vcllo.dll!vcl::Window::ImplScroll Line 1760	C++
 	vcllo.dll!vcl::Window::Scroll Line 2954	C++
 	sclo.dll!ScTabView::ScrollY Line 1303	C++
 	sclo.dll!ScTabView::AlignToCursor Line 1159	C++
 	sclo.dll!ScTabView::MoveCursorAbs Line 1222	C++
 	sclo.dll!ScTabView::MoveCursorRel Line 1327	C++
 	sclo.dll!ScTabView::MoveCursorPage Line 1335	C++
 	sclo.dll!ScCellShell::ExecuteCursor Line 229	C++
 	sfxlo.dll!SfxDispatcher::Call_Impl Line 257	C++
 	sfxlo.dll!SfxDispatcher::Execute_ Line 753	C++
 	sfxlo.dll!SfxBindings::Execute_Impl Line 1064	C++
 	sfxlo.dll!SfxDispatchController_Impl::dispatch Line 701	C++
 	sfxlo.dll!SfxOfficeDispatch::dispatch Line 262	C++
 	svtlo.dll!00007ff8db999757	Unknown
 	[Inline Frame] vcllo.dll!Link<void *,void>::Call Line 111	C++
 	[Inline Frame] vcllo.dll!ImplHandleUserEvent Line 2229	C++
 	vcllo.dll!ImplWindowFrameProc Line 2799	C++
 	vcllo.dll!SalFrame::CallCallback Line 306	C++
 	[Inline Frame] vclplug_winlo.dll!ImplHandleUserEvent Line 4159	C++
 	vclplug_winlo.dll!SalFrameWndProc Line 5810	C++
 	vclplug_winlo.dll!SalFrameWndProcW Line 5918	C++
 	user32.dll!00007ff92e1b1c4c	Unknown
 	user32.dll!00007ff92e1b0ea6	Unknown
 	[Inline Frame] vclplug_winlo.dll!ImplSalDispatchMessage Line 475	C++
 	vclplug_winlo.dll!ImplSalYield Line 506	C++
 	vclplug_winlo.dll!WinSalInstance::DoYield Line 581	C++
 	vcllo.dll!ImplYield Line 477	C++
 	vcllo.dll!Application::Execute Line 451	C++
 	sofficeapp.dll!00007ff9182b883a	Unknown
 	vcllo.dll!ImplSVMain Line 202	C++

and here is the code of the crash/abort at core\vcl\skia\gdiimpl.cxx(456):

        // Unrecoverable problem.
        if (context->abandoned())
        {
            SAL_WARN("vcl.skia", "GPU context has been abandoned, aborting.");
            abort();
        }
Comment 5 V Stuart Foote 2022-07-30 15:18:04 UTC 
(In reply to Matt K from comment #4)

Thanks for the stack trace that will help. But please post your skia.log for your GPU as well, in the LO cache folder (AppData, or LO $ORIGIN as configured).

Otherwise able to confirm current master *AND* 7.3.4 release, with Skia/Vulkan rendering, holding the PgDn button on an empty calc sheet the UI freezes on reaching somewhere in range 24,300 - 25,600 row. LO does not recover and crashes.

No freeze/crash with Skia/Raster only rendering and PgDn another 30,000 rows.

=-testing-=

Version: 7.3.4.2 (x64) / LibreOffice Community
Build ID: 728fec16bd5f605073805c3c9e7c4212a0120dc5
CPU threads: 8; OS: Windows 10.0 Build 19044; UI render: Skia/Vulkan; VCL: win
Locale: en-US (en_US); UI: en-US
Calc: threaded

Version: 7.5.0.0.alpha0+ (x64) / LibreOffice Community
Build ID: 4827d5cb1508f6bca9489e31b877cfff36393c50
CPU threads: 8; OS: Windows 10.0 Build 19044; UI render: Skia/Vulkan; VCL: win
Locale: en-US (en_US); UI: en-US
Calc: threaded

Skia.log
RenderMethod: vulkan
Vendor: 0x8086
Device: 0x8a52
API: 1.2.195
Driver: 0.404.1069
DeviceType: integrated
DeviceName: Intel(R) Iris(R) Plus Graphics
Denylisted: no
Comment 6 V Stuart Foote 2022-07-30 15:40:15 UTC 
Created attachment 181502 [details]
WinDbg stack trace (~* kp) from freeze of LO 7.3.4.2 scrolling empty sheet w/ Skia Vulkan rendering

WinDbg ~* kp with symbols, this !Analyze result

EXCEPTION_RECORD:  (.exr -1)
ExceptionAddress: 00007ff8a764286e (ucrtbase!abort+0x000000000000004e)
   ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
  ExceptionFlags: 00000001
NumberParameters: 1
   Parameter[0]: 0000000000000007
Subcode: 0x7 FAST_FAIL_FATAL_APP_EXIT 

FAULTING_THREAD:  00003d38

PROCESS_NAME:  soffice.bin

ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

EXCEPTION_CODE_STR:  c0000409

EXCEPTION_PARAMETER1:  0000000000000007
Comment 7 Matt K 2022-07-30 16:18:36 UTC 
Here is my skia.log:
RenderMethod: vulkan
Vendor: 0x10de
Device: 0x1b06
API: 1.2.168
Driver: 465.356.0
DeviceType: discrete
DeviceName: NVIDIA GeForce GTX 1080 Ti
Denylisted: no
Comment 8 Timur 2022-08-10 15:00:02 UTC 
*** Bug 150294 has been marked as a duplicate of this bug. ***
Comment 9 Stéphane Guillou (stragu) 2023-01-17 09:30:46 UTC 
*** Bug 152355 has been marked as a duplicate of this bug. ***
Comment 10 Stéphane Guillou (stragu) 2023-01-17 10:25:23 UTC 
Consolidating on earlier bug 149527. Will mention the important comments there, and include the backtrace.

*** This bug has been marked as a duplicate of bug 149527 ***