When trying to reproduce bug 62688 with current master, I found the following crash. Steps to reproduce: 1/ open a new empty Impress document 2/ ctrl+alt+C to create a comment 3/ type something in the comment field 4/ select the text of the comment (use the mouse because ctrl+A does not work in comments, it is the bug 62688) 5/ right click on the selected text ==> the comment field close ==> crash when you choose an entry in the context menu Found in Version: 5.2.0.0.alpha1+ Build ID: 2fb31f248fe86c52c1070cbc8b18b24872a4bedc built at home under Ubuntu 16.04 x86-64 No crash in LO 5.1.4.0.0+, so regression. Best regards. JBF
On pc Debian x86-64 with master sources updated today, I could reproduce the crash but only when selecting an entry at second time. warn:legacy.osl:10082:1:vcl/source/window/window.cxx:325: Window ( N2sd16AnnotationWindowE()) with live SystemWindows destroyed: 18MenuFloatingWindow() Window ( N2sd16AnnotationWindowE()) with live SystemWindows destroyed: 18MenuFloatingWindow()
Armin: thought you might be interested in this one.
Created attachment 124935 [details] gdb on the core file Give or take some fat-fingering along the way, I did ... (1) Type text in the comment. (2) Drag mouse through all that text. (3) Right-click, Copy. (4) Type "<enter>-----<enter>". (5) Right-click. The error messages in the terminal are (whitespace added) ... warn:legacy.osl:22373:1:vcl/source/window/window.cxx:325: Window ( N2sd16AnnotationWindowE()) with live SystemWindows destroyed: 18MenuFloatingWindow() Window ( N2sd16AnnotationWindowE()) with live SystemWindows destroyed: 18MenuFloatingWindow() Note the following points in the attached terminal output ... line gdb command ---- ---------------------------------- 34 info threads 41 backtrace 121 thread apply all backtrace full These observations are from master commit 11bf964, pulled 2016-05-09 05:35 UTC, configured ... CC=ccache /usr/bin/gcc CXX=ccache /usr/bin/g++ --enable-option-checking=fatal --enable-dbgutil --enable-debug --enable-crashdump --without-system-postgresql --without-myspell-dicts --with-extra-buildid --without-doxygen --with-external-tar=/home/terry/lo_hacking/git/src built and running on debian-stretch. I am adding keyword haveBacktrace.
Created attachment 124936 [details] bibisect result, daily Linux dbgutil repository Working in the daily Linux dbgutil bibisect repository, I see an error different from what I described in comment 3. And now, the crash happens on the first right-click > Copy. The error messages are (whitespace added) ... soffice.bin: /home/vmiklos/git/libreoffice/master/vcl/unx/gtk3/../gtk/gtkinst.cxx:303: void GtkYieldMutex::ThreadsLeave(): Assertion `mnCount != 0' failed. Application Error Fatal exception: Signal 6 This looks more like what Jean-Baptiste reported. I do not know whether my comment 3 is useful in this report, or whether I should create a new bug report. Anyway, the bug was introduced somewhere in the 49 commits a6f876d..0ab6332 ... what commit date s-h --------- ------- ---------- ------- last good cafe073 2016-02-11 a6f876d first bad 3ced19f 2016-02-12 0ab6332
Created attachment 124938 [details] bibisect result Win 5.2 bibisect repository Working in the win-32 5.2 bibisect repository, I see that the bad commit is (whitespace added) ... author Michael Meeks <michael.meeks@collabora.com> 2016-02-09 17:15:29 (GMT) committer Tomaž Vajngerl <quikee@gmail.com> 2016-02-09 18:30:50 (GMT) commit 7672637cb33bcae199d3f0b0b3dcc568375d4976 (patch) tree 12620c6287e243a8c86339e73c5706fe669d0a9f parent a6ce77b508cdcda0a65fa3802daf7a6ef757af43 (diff) vcl: opengl - clear the user buffer after greyscale conversion. This contradicts the results from Linux dbgutil bibisect that I reported in comment 4: this "first bad" is earlier than the previously reported "last good". Am I getting a different crash? Sigh.
Hi Terrence; the cause is pretty clear: #16 0x00007f51db2023cf in SalAbort(rtl::OUString const&, bool) (rErrorText="Window ( N2sd16AnnotationWindowE()) with live SystemWindows destroyed: 18MenuFloatingWindow()", bDumpCore=true) at /home/terry/lo_hacking/git/libo6/vcl/unx/generic/plugadapt/salplug.cxx:293 #17 0x00007f51db1169ff in Application::Abort(rtl::OUString const&) (rErrorText="Window ( N2sd16AnnotationWindowE()) with live SystemWindows destroyed: 18MenuFloatingWindow()") at /home/terry/lo_hacking/git/libo6/vcl/source/app/svapp.cxx:320 Luckily its only a leak in non dbgutil mode - so shouldn't cause a widespread crash for real users when deployed -> lowering the priority. It is a VclPtr, lifecycle issue I guess. Also the debug output above (I hope) identifies the problem - which is that the sd::AnnotationWindow has a live MenuFloatingWindow associated with it when it is disposed - and it should have disposed that itself first; which is curious. Armin did some work in this area recently - but ...
Hmm - it looks like there is a floating MenuFloatingWindow that is not disposed in the correct order; to find where that is created I guess it'd be good to put a break-point into: vcl/source/window/menufloatingwindow.cxx:MenuFloatingWindow::MenuFloatingWindow And get a stack-trace of where that is created, to ensure that we get the ordering right for its destruction too.
Created attachment 124960 [details] typescript with backtrace from MenuFloatingWindow c'tor This is from master commit 65b327b, pulled around 2016-05-10 03:20 UTC, configured ... CC=ccache /usr/bin/gcc CXX=ccache /usr/bin/g++ --enable-option-checking=fatal --enable-dbgutil --enable-debug --enable-crashdump --without-system-postgresql --without-myspell-dicts --with-extra-buildid --without-doxygen --with-external-tar=/home/terry/lo_hacking/git/src built and running on debian-stretch.
FYI: May be related/similar to Bug 99388. When there are more cases it is a hint that somewhere somehow the order/mechanism of closing *has* changed
This isn't VclPtr this is "focus in floats"
Caolán McNamara committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=26333736f103342344b9b0fa20a3a04d426fac4f Resolves: tdf#99712 Crash in impress annotation context menu It will be available in 5.2.0. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
(In reply to Commit Notification from comment #11) > Caolán McNamara committed a patch related to this issue. > It has been pushed to "master": > [...] > Affected users are encouraged to test the fix and report feedback. Thank you very much for the quick fix. Verified fixed in Version: 5.2.0.0.alpha1+ Build ID: c5ab14e2bca0cc4fabd25b27f078a1c38fda4fa7 CPU Threads: 4; OS Version: Linux 4.4; UI Render: default; Ubuntu_16.04_x86-64 Locale: fr-FR (fr_FR.UTF-8) Best regards. JBF
Hey Cao0lan, thanks for sorting this out and making it more general - is probably better ;-)