soffice.bin crashed with SIGSEGV in uno_type_sequence_construct()

Bug #746375 reported by Define on 2011-03-31
160
This bug affects 17 people
Affects Status Importance Assigned to Milestone
libreoffice (Ubuntu)
Medium
Björn Michaelsen
Natty
Undecided
Björn Michaelsen

Bug Description

Binary package hint: libreoffice

lsb_release -rd
Description: Ubuntu Natty (development branch)
Release: 11.04

apt-cache policy libreoffice
libreoffice:
  Усталяваныя: (няма)
  Кандыдат: 1:3.3.2-1ubuntu2
  Табліца вэрсіяў:
     1:3.3.2-1ubuntu2 0
        500 http://ftp.byfly.by/ubuntu/ natty/universe i386 Packages

after closing the document appeared this error

ProblemType: Crash
DistroRelease: Ubuntu 11.04
Package: libreoffice-core 1:3.3.2-1ubuntu2
ProcVersionSignature: Ubuntu 2.6.38-7.39-generic 2.6.38
Uname: Linux 2.6.38-7-generic i686
Architecture: i386
CheckboxSubmission: 374fabc7cc5853bb56d3cfd08ed72cb4
CheckboxSystem: 0531969bcfd4f03af7405c98dc94a948
Date: Thu Mar 31 12:54:37 2011
ExecutablePath: /usr/lib/libreoffice/program/soffice.bin
InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Alpha i386 (20101202)
ProcCmdline: /usr/lib/libreoffice/program/soffice.bin -writer -splash-pipe=5
ProcEnviron:
 LANGUAGE=be_BY:ru_RU:ru:en_GB:en
 LANG=ru_RU.UTF-8
 LC_MESSAGES=be_BY.UTF-8
 SHELL=/bin/bash
SegvAnalysis:
 Segfault happened at: 0x144ea1: mov 0x8(%edx),%eax
 PC (0x00144ea1) ok
 source "0x8(%edx)" (0x00000040) not located in a known VMA region (needed readable region)!
 destination "%eax" ok
SegvReason: reading NULL VMA
Signal: 11
SourcePackage: libreoffice
StacktraceTop:
 ?? () from /usr/lib/libreoffice/program/../basis-link/program/../ure-link/lib/libuno_cppu.so.3
 uno_type_sequence_construct () from /usr/lib/libreoffice/program/../basis-link/program/../ure-link/lib/libuno_cppu.so.3
 ?? () from /usr/lib/libreoffice/program/../basis-link/program/../ure-link/lib/libuno_cppuhelpergcc3.so.3
 cppu::OInterfaceContainerHelper::removeInterface(com::sun::star::uno::Reference<com::sun::star::uno::XInterface> const&) () from /usr/lib/libreoffice/program/../basis-link/program/../ure-link/lib/libuno_cppuhelpergcc3.so.3
 ?? () from /usr/lib/libreoffice/program/../basis-link/program/../ure-link/lib/libuno_cppuhelpergcc3.so.3
Title: soffice.bin crashed with SIGSEGV in uno_type_sequence_construct()
UpgradeStatus: Upgraded to natty on 2011-03-25 (5 days ago)
UserGroups: adm admin audio cdrom dialout dip fax floppy fuse lpadmin netdev plugdev sambashare vboxusers video www-data

Define (daylidaes) wrote :

StacktraceTop:
 idefaultConstructElements () from /usr/lib/libreoffice/program/../basis-link/program/../ure-link/lib/libuno_cppu.so.3
 uno_type_sequence_construct () from /usr/lib/libreoffice/program/../basis-link/program/../ure-link/lib/libuno_cppu.so.3
 sequenceRemoveElementAt () from /usr/lib/libreoffice/program/../basis-link/program/../ure-link/lib/libuno_cppuhelpergcc3.so.3
 removeInterface () from /usr/lib/libreoffice/program/../basis-link/program/../ure-link/lib/libuno_cppuhelpergcc3.so.3
 removeReference () from /usr/lib/libreoffice/program/../basis-link/program/../ure-link/lib/libuno_cppuhelpergcc3.so.3

Changed in libreoffice (Ubuntu):
importance: Undecided → Medium
tags: removed: need-i386-retrace

Define, could you please attach the document that you closed when this problem occurred? Does this happen consistently with this document?

Changed in libreoffice (Ubuntu):
status: New → Incomplete
visibility: private → public

Looks to me as if the WeakReference at:

 http://opengrok.libreoffice.org/xref/libs-gui/vcl/unx/gtk/a11y/atkutil.cxx#69

tries to kill itself after UNO is already long gone.

For a fix it would be great to have a way to reproduce the issue. Even a sequence of actions that triggers the bug every tenth time would help.

Chris Turner (rockyrobinls29) wrote :

To reproduce this bug I open the attached spreadsheet in LibreOffice Calc, then close discarding changes. Then a box appears informing me there was an application problem "Sorry the 'bamfdaemon' closed unexpectedly".

Chris Turner (rockyrobinls29) wrote :

Forgot to mention- I need to have altered the doc and choose "discard" from the app exit options. When the following 'bamfdaemon' has closed unexpectedly error has occurred I cannot reproduce the problem.

Changed in libreoffice (Ubuntu):
status: Incomplete → Confirmed
assignee: nobody → Björn Michaelsen (bjoern-michaelsen)

@Chris Turner: bamfdeamon is not LibreOffice. Thats is a different issue.

The bamfdaemon issue should be fixed with 0.2.86-0ubuntu2.
I cannot reproduce the issue with the attached file on 1:3.3.2-1ubuntu2.

tags: added: bugpattern-needed

Is there a reproduceable scenario for this one? If so, I could cherry-pick the commit above to 3.3.2 and test if that fixes the issue.

Chris Turner (rockyrobinls29) wrote :

I have just reproduced the segfault by editing the above attached spreadsheet by adding a character anywhere, then save the document, then exit the document (separately from saving). After a delay the error occurred again.

Unreproducible in Ubuntu 11.04, LibreOffice Calc via the Terminal:

cd ~/Desktop && wget https://bugs.launchpad.net/ubuntu/+source/libreoffice/
+bug/746375/+attachment/2029111/+files/Wages%20%281%29.xls && localc -nologo 'Wages (1).xls'

in cell C3 typed:

example

Ctrl+S -> click Keep Current Format button -> Ctrl+Q notice no crash.

lsb_release -rd
Description: Ubuntu Natty (development branch)
Release: 11.04

apt-cache policy libreoffice-calc
libreoffice-calc:
  Installed: 1:3.3.2-1ubuntu3
  Candidate: 1:3.3.2-1ubuntu3
  Version table:
 *** 1:3.3.2-1ubuntu3 0
        500 http://us.archive.ubuntu.com/ubuntu/ natty/main i386 Packages 100
/var/lib/dpkg/status

As this issue is hard to reproduce on different machines, I created a upload with a tentative patch. If you have the issue showing up regularly on your machine, please try to install the 1:3.3.2-1ubuntu5~ppa1 test version of libreoffice from the ppa at:
 https://launchpad.net/~bjoern-michaelsen/+archive/libreoffice-nattytest2/
and report back, if it fixes the issue.

(The package is currently still building, status at:
https://launchpad.net/~bjoern-michaelsen/+archive/libreoffice-nattytest2/+sourcepub/1680734/+listing-archive-extra )

Changed in libreoffice (Ubuntu):
status: Confirmed → Incomplete

Setting to "incomplete". Please set back to confirmed when reporting back if the test package 1:3.3.2-1ubuntu5~ppa1 either fixes the issue or does not fix the issue.

Once confirmed that the 1:3.3.2-1ubuntu5~ppa1 release fixes this, this should be release as a SRU.

SRU details:

= RATIONALE =
This is:
- is a severe regression hitting a lot of users -- it collected 17 duplicate stacktraces in the prerelease alone.

= RESOLUTION =
This bug is caused by the WeakReference at:

 http://opengrok.libreoffice.org/xref/libs-gui/vcl/unx/gtk/a11y/atkutil.cxx#69

tries to kill itself after UNO is already long gone on shutdown.

= REPRODUCING THE BUG =
TEST CASE:
Unfortunately, none. This depends on luck (or lack of luck) during the shutdown.

= REGRESSION POTENTIAL =
Potential regressions would effect the gtk accessibility bridge. The original patch has been written by another long-term LibreOffice/OpenOffice.org contributor (Caolán McNamara <email address hidden>) and is commited on the master and libreoffice-3-4 branch upstream. It has thus been discussed by multiple seasoned LibreOffice/OpenOffice.org developers on IRC when it was commited.

= RELEVANT PACKAGES =
The bug has been addressed in source package libreoffice-1:3.3.2-1ubuntu5 as uploaded to https://launchpad.net/~libreoffice/+archive/ppa . This is a joined SRU with bug 775608 because of LibreOffice package size. Attaching one debdiff with both fixes, but as the fixes are injected using patches in the build process, both are clearly separated.

Martin Pitt (pitti) on 2011-05-04
Changed in libreoffice (Ubuntu):
status: Incomplete → In Progress

Accepted libreoffice into natty-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in libreoffice (Ubuntu Natty):
status: New → Fix Committed
tags: added: verification-needed

Please see https://bugs.launchpad.net/ubuntu/natty/+source/libreoffice/+bug/775608/comments/16 the build has already been tested by a poweruser.

@Luke Yelavich: Could you maybe have a look to confirm that the proposed libreoffice-1:3.3.2-1ubuntu5 does not introduce any gtk a11y regressions?

Changed in libreoffice (Ubuntu Natty):
assignee: nobody → Björn Michaelsen (bjoern-michaelsen)
Changed in libreoffice (Ubuntu):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libreoffice - 1:3.3.2-1ubuntu5

---------------
libreoffice (1:3.3.2-1ubuntu5) natty-proposed; urgency=high

  * hotfix for Libreoffice Calc's PRODUCT function doesn't calculate correctly (LP: #775608)
  * patch for gtk a11y crash on shutdown (LP: #746375)
 -- Bjoern Michaelsen <email address hidden> Wed, 04 May 2011 12:10:27 +0200

Changed in libreoffice (Ubuntu Natty):
status: Fix Committed → Fix Released
Martin Pitt (pitti) wrote :

Copied natty-proposed to oneiric as well.

Changed in libreoffice (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.