154205 – Crash on reload of file (segfault in libswlo.so)

Bug 154205 - Crash on reload of file (segfault in libswlo.so)

Summary: Crash on reload of file (segfault in libswlo.so)

Status:	VERIFIED FIXED

Alias:	None

Product:	LibreOffice
Classification:	Unclassified
Component:	Writer (show other bugs)
Version: (earliest affected)	7.3.7.2 release
Hardware:	x86-64 (AMD64) All

Importance:	medium critical
Assignee:	Caolán McNamara

URL:
Whiteboard:	target:7.6.0 target:7.5.3
Keywords:	bibisectNotNeeded, regression

Depends on:
Blocks:	Crash
	Show dependency tree / graph

Reported:	2023-03-15 12:44 UTC by Stéphane Guillou (stragu)
Modified:	2024-01-04 18:43 UTC (History)
CC List:	4 users (show)

See Also:	159025
Crash report or crash signature:	["SwViewShellImp::DisposeAccessible(SwFrame const, SdrObject const, bool, bool)","SwTableNode::DelFrames(SwRootFrame const*)","SwViewShell::GetLayout() const"]

Attachments
test document (202.44 KB, application/vnd.oasis.opendocument.text) 2023-03-15 12:44 UTC, Stéphane Guillou (stragu)	Details
report from running under clang-asan (42.41 KB, text/plain) 2023-03-15 12:59 UTC, Noel Grandin	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stéphane Guillou (stragu) 2023-03-15 12:44:59 UTC

Created attachment 185977 [details]
test document

Steps:
1. Open attachment
2. File > Reload (it sometimes takes a few goes)

Result: crash

Attachment is based on attachment 185602 [details] from bug 153818, in which I was testing successive table deletes and file reloads

Reproduced on:

Version: 7.6.0.0.alpha0+ (X86_64) / LibreOffice Community
Build ID: 97a38dbfa998967c45efaf3303fedfa1a709a2bb
CPU threads: 8; OS: Linux 5.15; UI render: default; VCL: gtk3
Locale: en-AU (en_AU.UTF-8); UI: en-US
Calc: threaded

Version: 7.5.1.2 (X86_64) / LibreOffice Community
Build ID: fcbaee479e84c6cd81291587d2ee68cba099e129
CPU threads: 8; OS: Linux 5.15; UI render: default; VCL: gtk3
Locale: en-AU (en_AU.UTF-8); UI: en-US
Calc: threaded

and since 7.3.7.2.

Also on Windows 10:

Version: 7.6.0.0.alpha0+ (X86_64) / LibreOffice Community
Build ID: d887b6a6fa2a572f48498839c5a68791c3196634
CPU threads: 4; OS: Windows 10.0 Build 19045; UI render: default; VCL: win
Locale: en-GB (en_GB); UI: en-GB
Calc: threaded

Was not able to reproduce on 7.2.7.2

Every bibisect attempted in the linux-64-7.3 repo gives me a different commit, probably related to how inconsistent it is.

Crash reports:
- 7.3: https://crashreport.libreoffice.org/stats/crash_details/4c100f53-8f41-4829-a5c7-dddd09f4cf28
- 7.4: https://crashreport.libreoffice.org/stats/crash_details/c6508f68-a799-4690-b6fc-eb4a8e99c6b1
- 7.5: https://crashreport.libreoffice.org/stats/crash_details/6a8e2711-c839-4efd-937b-b7e56b218fd5

Comment 1 Noel Grandin 2023-03-15 12:59:25 UTC

Created attachment 185980 [details]
report from running under clang-asan

Looks like a stale pointer

Comment 2 Caolán McNamara 2023-03-15 20:07:59 UTC

https://gerrit.libreoffice.org/c/core/+/148939 and https://gerrit.libreoffice.org/c/core/+/148940 might help

Comment 3 Commit Notification 2023-03-16 13:08:27 UTC

Caolán McNamara committed a patch related to this issue.
It has been pushed to "master":

https://git.libreoffice.org/core/commit/12233f437e6299e6dcea3ee1490a80da2bef2372

Related: tdf#154205 avoid use of destroyed ViewShell

It will be available in 7.6.0.

The patch should be included in the daily builds available at
https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
https://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.

Comment 4 Commit Notification 2023-03-16 13:08:30 UTC

Caolán McNamara committed a patch related to this issue.
It has been pushed to "master":

https://git.libreoffice.org/core/commit/67d353ff50712a036d04b1c0ffab68f2a21b5008

Related: tdf#154205 skip Invalidating content a11y relations when closing doc

It will be available in 7.6.0.

The patch should be included in the daily builds available at
https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
https://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.

Comment 5 Caolán McNamara 2023-03-16 13:10:07 UTC

how about with those applied, does that solve it?

Comment 6 Julien Nabet 2023-03-17 13:51:47 UTC

On pc Debian x86-64 with master sources updated today + gtk3 rendering, after 4-5 reloads, I don't reproduce the crash.
Now I hadn't tested before Caolán's patches so it's just for the record.

Comment 7 Stéphane Guillou (stragu) 2023-03-17 14:41:55 UTC

Tank you all, I just tested with a build including Caolán's patch and 20 successive reloads didn't crash it.

Caolán, please go ahead and mark as fixed :)

Too dangerous to cherry-pick to 7.5 in your opinion? Looking at the three associated crash signatures, it's a grand total of 15 crash reports, and I suspect a good chunk of them is me...

Comment 8 QA Administrators 2023-03-18 03:28:14 UTC Comment hidden (obsolete)

[Automated Action] NeedInfo-To-Unconfirmed

Comment 9 Stéphane Guillou (stragu) 2023-03-18 08:37:31 UTC

(Setting back to new after needinfo -> unconfirmed. Caolán can set to Fixed.)

Comment 10 Caolán McNamara 2023-03-24 09:33:05 UTC

done in trunk, I've done backports to 7-5 in gerrit

Comment 11 Commit Notification 2023-03-26 01:29:43 UTC

Caolán McNamara committed a patch related to this issue.
It has been pushed to "libreoffice-7-5":

https://git.libreoffice.org/core/commit/788e36d514260413633e03fc7c47cb390e867176

Related: tdf#154205 skip Invalidating content a11y relations when closing doc

It will be available in 7.5.3.

The patch should be included in the daily builds available at
https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
https://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.

Comment 12 Commit Notification 2023-03-26 01:30:45 UTC

Caolán McNamara committed a patch related to this issue.
It has been pushed to "libreoffice-7-5":

https://git.libreoffice.org/core/commit/bb2d1555703e6f894fa158eeef4fae4bf7ac6915

Related: tdf#154205 avoid use of destroyed ViewShell

It will be available in 7.5.3.

The patch should be included in the daily builds available at
https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
https://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.