Created attachment 197862 [details] Crash dump file LibreOfficeDev 25.2 With writer open, clicking on the sidebar hamburger menu and choosing from the list displays the menu for that item. Clicking the hamburger menu again crashes Writer. When shoosing to file a crash report the response is "HTTP response code said error"
LibrreOfficeDev 25.2 clicking hamburger menu on sidebard casuses crash after 2nd choice
Created attachment 197866 [details] Windbg stack trace Confirmed. STR: Open LO Open Writer With SB tab bar showing, use "Hamburger" button to open deck selector Select Styles deck, shifts to Styles deck Click on "Hamburger" button Crash Version: 25.2.0.0.alpha1+ (X86_64) / LibreOffice Community Build ID: 03a701516ea94b786ba6e1b35bf6dad22cceced5 CPU threads: 8; OS: Windows 11 X86_64 (10.0 build 22631); UI render: Skia/Vulkan; VCL: win Locale: en-US (en_US); UI: en-US Calc: threaded
Exception on launch of the pop-up menu for the SB deck selector. Windbg Stack trace 00 00000001`00d8d200 00007ff8`191b6480 KERNELBASE!RaiseException+0x6c 01 00000001`00d8d2e0 00007fff`be8a0804 VCRUNTIME140!_CxxThrowException(void * pExceptionObject = 0x00000001`00d8d360, struct _s__ThrowInfo * pThrowInfo = <Value unavailable error>)+0x90 [D:\a\_work\1\s\src\vctools\crt\vcruntime\src\eh\throw.cpp @ 75] 02 00000001`00d8d340 00007fff`c20f33ea mergedlo!avmedia_Manager_DirectX_get_implementation+0xfda4 03 00000001`00d8d380 00007fff`c0f8eb22 mergedlo!getSvtAccessibilityComponentFactory+0x56ea 04 00000001`00d8d3c0 00007fff`c0f8e8ef mergedlo!VCLXAccessibleComponent::ProcessWindowChildEvent+0x132 05 00000001`00d8d470 00007fff`c14b68c0 mergedlo!VCLXAccessibleComponent::WindowChildEventListener+0xaf 06 00000001`00d8d4b0 00007fff`c1559550 mergedlo!vcl::Window::CallEventListeners+0x420 07 00000001`00d8d5a0 00007fff`c15595a7 mergedlo!vcl::Window::ImplSetReallyVisible+0x90 08 00000001`00d8d5d0 00007fff`c155d46c mergedlo!vcl::Window::ImplSetReallyVisible+0xe7 09 00000001`00d8d600 00007fff`c155d4d5 mergedlo!vcl::Window::Show+0xb4c 0a 00000001`00d8d750 00007fff`c14bd2a1 mergedlo!vcl::Window::Show+0xbb5 0b 00000001`00d8d8a0 00007fff`c14e45f7 mergedlo!FloatingWindow::StartPopupMode+0x411 0c 00000001`00d8d940 00007fff`c14e4b43 mergedlo!PopupMenu::Run+0x77 0d 00000001`00d8d980 00007fff`c15fcf68 mergedlo!PopupMenu::ImplExecute+0xb3 0e 00000001`00d8da20 00007fff`c15fd908 mergedlo!Button::GetCommand+0x3e8 0f 00000001`00d8dae0 00007fff`c156a284 mergedlo!Button::GetCommand+0xd88
I can't reproduce it in Version: 25.2.0.0.alpha1+ (X86_64) / LibreOffice Community Build ID: fe7fe79feef8561d1cbd731d1bd53357eef902be CPU threads: 8; OS: Linux 6.1; UI render: default; VCL: x11 Locale: es-ES (es_ES.UTF-8); UI: en-US Calc: threaded
@V Stuart, could you please record a screencast to make sure I'm following the correct steps ?
Version: 25.2.0.0.alpha1 (X86_64) / LibreOffice Community Build ID: e3a80ef423457e6634be97665732b2181c944d4c CPU threads: 8; OS: Windows 11 X86_64 (10.0 build 22631); UI render: Skia/Vulkan; VCL: win Locale: en-US (en_US); UI: en-US Calc: threaded Occurs in the 25.2.0alpha1, so better symbols for the stack trace: (15c8.344c): C++ EH exception - code e06d7363 (first chance) (15c8.344c): C++ EH exception - code e06d7363 (!!! second chance !!!) KERNELBASE!RaiseException+0x6c: 00007ff8`394efa4c 0f1f440000 nop dword ptr [rax+rax] 0:000> ~* kp . 0 Id: 15c8.344c Suspend: 1 Teb: 000000dd`ee92f000 Unfrozen "VCL Main" # Child-SP RetAddr Call Site 00 000000dd`ef38df50 00007ff8`191b6480 KERNELBASE!RaiseException+0x6c 01 000000dd`ef38e030 00007fff`beef01b4 VCRUNTIME140!_CxxThrowException(void * pExceptionObject = 0x000000dd`ef38e0b0, struct _s__ThrowInfo * pThrowInfo = <Value unavailable error>)+0x90 [D:\a\_work\1\s\src\vctools\crt\vcruntime\src\eh\throw.cpp @ 75] 02 000000dd`ef38e090 00007fff`c251317a mergedlo!avmedia_Manager_DirectX_get_implementation+0xfda4 03 000000dd`ef38e0d0 00007fff`c14b18e2 mergedlo!getSvtAccessibilityComponentFactory+0x564a 04 000000dd`ef38e110 00007fff`c14b16b0 mergedlo!VCLXAccessibleComponent::ProcessWindowChildEvent+0x132 05 000000dd`ef38e1c0 00007fff`c19af800 mergedlo!VCLXAccessibleComponent::WindowChildEventListener+0x70 06 000000dd`ef38e1f0 00007fff`c1a4d900 mergedlo!vcl::Window::CallEventListeners+0x420 07 000000dd`ef38e2e0 00007fff`c1a4d957 mergedlo!vcl::Window::ImplSetReallyVisible+0x90 08 000000dd`ef38e310 00007fff`c1a51497 mergedlo!vcl::Window::ImplSetReallyVisible+0xe7 09 000000dd`ef38e340 00007fff`c1a514f4 mergedlo!vcl::Window::Show+0x7c7 0a 000000dd`ef38e410 00007fff`c19b6011 mergedlo!vcl::Window::Show+0x824 0b 000000dd`ef38e4e0 00007fff`c19dbf47 mergedlo!FloatingWindow::StartPopupMode+0x411 0c 000000dd`ef38e580 00007fff`c19dc493 mergedlo!PopupMenu::Run+0x77 0d 000000dd`ef38e5c0 00007fff`c1aeec58 mergedlo!PopupMenu::ImplExecute+0xb3 0e 000000dd`ef38e660 00007fff`c1aef626 mergedlo!Button::GetCommand+0x3e8 0f 000000dd`ef38e720 00007fff`c1a5dbc7 mergedlo!Button::GetCommand+0xdb6 10 000000dd`ef38e760 00007fff`c1a6305a mergedlo!ImplCallPreNotify+0x1cb7 11 000000dd`ef38e990 00007fff`c1a63e61 mergedlo!vcl::Window::ImplAsyncFocusHdl+0xeda 12 000000dd`ef38e9e0 00007fff`c20932cc mergedlo!vcl::Window::ImplAsyncFocusHdl+0x1ce1 13 000000dd`ef38ec00 00007fff`bc985915 mergedlo!SalFrame::CallCallback+0x1c 14 000000dd`ef38ec30 00007fff`bc98c0c0 vclplug_winlo!ImplHandleMouseMsg(struct HWND__ * hWnd = 0x00000000`0011077e, unsigned int nMsg = 0x201, unsigned int64 wParam = 1, int64 lParam = 0n7341435)+0x245 [C:\cygwin64\home\buildslave\source\libo-core\vcl\win\window\salframe.cxx @ 3335] 15 000000dd`ef38ed20 00007fff`bc98c69d vclplug_winlo!SalFrameWndProc(struct HWND__ * hWnd = 0x00000000`0011077e, unsigned int nMsg = 0x201, unsigned int64 wParam = 1, int64 lParam = 0n7341435, bool * rDef = 0x000000dd`ef38ee90)+0x1010 [C:\cygwin64\home\buildslave\source\libo-core\vcl\win\window\salframe.cxx @ 5987] 16 000000dd`ef38ee60 00007ff8`39b383f1 vclplug_winlo!SalFrameWndProcW(struct HWND__ * hWnd = 0x00000000`0011077e, unsigned int nMsg = 0x201, unsigned int64 wParam = 1, int64 lParam = 0n7341435)+0x4d [C:\cygwin64\home\buildslave\source\libo-core\vcl\win\window\salframe.cxx @ 6342] 17 000000dd`ef38eef0 00007ff8`39b37c3b USER32!UserCallWinProcCheckWow+0x2d1 18 000000dd`ef38f050 00007fff`fd501eb4 USER32!CallWindowProcW+0x8b 19 000000dd`ef38f0a0 00007ff8`39b383f1 OpenGL32!wglWndProc+0x294 1a 000000dd`ef38f110 00007ff8`39b37eb1 USER32!UserCallWinProcCheckWow+0x2d1 1b 000000dd`ef38f270 00007fff`bc9115d6 USER32!DispatchMessageWorker+0x1f1 1c 000000dd`ef38f2f0 00007fff`bc9118f6 vclplug_winlo!ImplSalDispatchMessage(struct tagMSG * pMsg = 0x000000dd`ef38f370 {msg=0x201 wp=0x1 lp=0x70057b})+0x46 [C:\cygwin64\home\buildslave\source\libo-core\vcl\win\app\salinst.cxx @ 476] 1d 000000dd`ef38f340 00007fff`bc911a0d vclplug_winlo!ImplSalYield(bool bWait = true, bool bHandleAllCurrentEvents = false)+0x146 [C:\cygwin64\home\buildslave\source\libo-core\vcl\win\app\salinst.cxx @ 552] 1e 000000dd`ef38f3c0 00007fff`c1e7c28b vclplug_winlo!WinSalInstance::DoYield(bool bWait = true, bool bHandleAllCurrentEvents = false)+0xad [C:\cygwin64\home\buildslave\source\libo-core\vcl\win\app\salinst.cxx @ 581] 1f 000000dd`ef38f3f0 00007fff`c1e7c1a5 mergedlo!Application::Execute+0x15b 20 000000dd`ef38f420 00007fff`c0a02e1c mergedlo!Application::Execute+0x75 21 000000dd`ef38f450 00007fff`c1e8cf85 mergedlo!cppu::WeakImplHelper<com::sun::star::container::XChild,com::sun::star::document::XDocumentPropertiesSupplier,com::sun::star::document::XCmisDocument,com::sun::star::rdf::XDocumentMetadataAccess,com::sun::star::document::XDocumentRecovery2,com::sun::star::document::XUndoManagerSupplier,com::sun::star::document::XShapeEventBroadcaster,com::sun::star::document::XDocumentEventBroadcaster,com::sun::star::lang::XEventListener,com::sun::star::document::XEventsSupplier,com::sun::star::document::XEmbeddedScripts,com::sun::star::document::XScriptInvocationContext,com::sun::star::frame::XModel3,com::sun::star::util::XModifiable2,com::sun::star::view::XPrintable,com::sun::star::view::XPrintJobBroadcaster,com::sun::star::frame::XStorable2,com::sun::star::frame::XLoadable,com::sun::star::script::XStarBasicAccess,com::sun::star::document::XViewDataSupplier,com::sun::star::util::XCloseable,com::sun::star::datatransfer::XTransferable,com::sun::star::document::XDocumentSubStorageSupplier,com::sun::star::document::XStorageBasedDocument,com::sun::star::script::provider::XScriptProviderSupplier,com::sun::star::ui::XUIConfigurationManagerSupplier,com::sun::star::embed::XVisualObject,com::sun::star::lang::XUnoTunnel,com::sun::star::frame::XModule,com::sun::star::frame::XTitle,com::sun::star::frame::XTitleChangeBroadcaster,com::sun::star::frame::XUntitledNumbers>::acquire+0x900c 22 000000dd`ef38f9e0 00007fff`c0a26e36 mergedlo!ImplSVMain+0x65 23 000000dd`ef38fa10 00007ff6`0275101b mergedlo!soffice_main+0x2d6 24 (Inline Function) --------`-------- soffice!sal_main(void)+0x6 [C:\cygwin64\home\buildslave\source\libo-core\desktop\source\app\main.c @ 51] 25 000000dd`ef38fb20 00007ff6`027512d4 soffice!main(int argc = <Value unavailable error>, char ** argv = <Value unavailable error>)+0x1b [C:\cygwin64\home\buildslave\source\libo-core\desktop\source\app\main.c @ 49] 26 (Inline Function) --------`-------- soffice!invoke_main(void)+0x22 [D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl @ 78] 27 000000dd`ef38fb50 00007ff8`3ab4259d soffice!__scrt_common_main_seh(void)+0x10c [D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl @ 288] 28 000000dd`ef38fb90 00007ff8`3be4af38 KERNEL32!BaseThreadInitThunk+0x1d 29 000000dd`ef38fbc0 00000000`00000000 ntdll!RtlUserThreadStart+0x28
Created attachment 197869 [details] screen capture of STR (In reply to Xisco Faulí from comment #5) > @V Stuart, could you please record a screencast to make sure I'm following > the correct steps ? attached
not present in 24.8.3
https://gerrit.libreoffice.org/c/core/+/175405 might be the issue?
(In reply to V Stuart Foote from comment #9) > https://gerrit.libreoffice.org/c/core/+/175405 might be the issue? That should be unrelated and not change anything in behavior, was only (meant to be) some code simplification. I couldn't reproduce initially, but I can if I switch on the NVDA screen reader before running LO. And with SAL_ACCESSIBILITY_ENABLED=0, it no longer happens even if NVDA is running. (In reply to V Stuart Foote from comment #8) > not present in 24.8.3 With NVDA running, it crashes with 24.8.3 just the same in my setup. This could be a pre-existing issue that now gets triggered also in setups where it didn't before, namely with some tool active that requests information via the accessibility API but doesn't set the SPI_GETSCREENREADER parameter, in which case this would be related to commit bfbaeb8192447265bdd78d1be4990947d135eb6e Author: Michael Weghorn <m.weghorn@posteo.de> Date: Fri Oct 18 17:01:43 2024 +0100 tdf#160982 wina11y: Drop extra screen reader check to enable a11y bridge Version: 24.8.3.2 (X86_64) / LibreOffice Community Build ID: 48a6bac9e7e268aeb4c3483fcf825c94556d9f92 CPU threads: 12; OS: Windows 10 X86_64 (10.0 build 19045); UI render: Skia/Raster; VCL: win Locale: en-GB (en_GB); UI: en-GB Calc: threaded Version: 25.2.0.0.alpha1+ (X86_64) / LibreOffice Community Build ID: 3c9a4e222ab3a0d4cb1014deaa5138e8f5a35b73 CPU threads: 12; OS: Windows 10 X86_64 (10.0 build 19045); UI render: default; VCL: win Locale: en-GB (en_GB); UI: en-US Calc: threaded
It looks like the underlying issue is the same as for the older tdf#157001. I've started working on this, plan to come up with a fix probably sometime in the coming days.
Michael Weghorn committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/6708246e20ce522e673f539369cd38687d2dd16d tdf#164093 tdf#157001 a11y: Improve menu window disposal It will be available in 25.8.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Michael Weghorn committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/b608604d0bbecdc24a17175374581b4e2d720658 tdf#164093 tdf#157001 wina11y: Use vcl::Window's actual XAccessible It will be available in 25.8.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Just got a chance to check 24.8.3 build on Win10 with NVDA running. And confirm the same crash and windbg ST with 24.8 builds. Off-topic but weird that on the Win11 instance get the same ST but I didn't have NVDA running, so something else in Win11 WDM DE triggering the AT in use with the VCLXAccessibleComponent calls.
Fixed for master now, backports for 25.2 pending in Gerrit (change series up to https://gerrit.libreoffice.org/c/core/+/177954 ).
(In reply to V Stuart Foote from comment #14) > Just got a chance to check 24.8.3 build on Win10 with NVDA running. And > confirm the same crash and windbg ST with 24.8 builds. Thanks for checking. > Off-topic but weird that on the Win11 instance get the same ST but I didn't > have NVDA running, so something else in Win11 WDM DE triggering the AT in > use with the VCLXAccessibleComponent calls. Mike Kaganski also mentioned that a11y is active for him somehow, don't know whether that's on Win 10 or 11.
Michael Weghorn committed a patch related to this issue. It has been pushed to "libreoffice-25-2": https://git.libreoffice.org/core/commit/f6f9a751445af8d6db7b5f497f3838fbb7efeb53 tdf#164093 tdf#157001 a11y: Improve menu window disposal It will be available in 25.2.0.0.beta2. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Michael Weghorn committed a patch related to this issue. It has been pushed to "libreoffice-25-2": https://git.libreoffice.org/core/commit/3667de208b5f6475519bade6dfdfaea4e239a2ba tdf#164093 tdf#157001 wina11y: Use vcl::Window's actual XAccessible It will be available in 25.2.0.0.beta2. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.