152092 – Impress freezes and crashes on Wayland when I try to move slides

Bug 152092 - Impress freezes and crashes on Wayland when I try to move slides

Summary: Impress freezes and crashes on Wayland when I try to move slides

Status:	NEW

Alias:	None

Product:	LibreOffice
Classification:	Unclassified
Component:	Impress (show other bugs)
Version: (earliest affected)	6.3.0.4 release
Hardware:	x86-64 (AMD64) Linux (All)

Importance:	medium critical
Assignee:	Not Assigned

URL:
Whiteboard:
Keywords:	bibisected, bisected, haveBacktrace, regression

Depends on:
Blocks:	Wayland Slide-Page-Pane Crash
	Show dependency tree / graph

Reported:	2022-11-17 18:44 UTC by Francisco
Modified:	2024-05-02 10:30 UTC (History)
CC List:	7 users (show)

See Also:	138806 124211 120774
Crash report or crash signature:	["libwayland-client.so.0"]

Attachments
gdb backtrace with LO 7.6 alpha1+ (61.01 KB, text/x-log) 2023-05-22 13:17 UTC, Stéphane Guillou (stragu)	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Francisco 2022-11-17 18:44:53 UTC

Description:
Many times I've suffered Libreoffice Impress freezing when I try to move one or more slides up or down (change the order, put it at the end, etc). It simply freezes and no matter how much I wait I finally have to end forcing the exit. I've been having this bug for a while (I would say one year at least).

Steps to Reproduce:
1.Make several slides
2.Try to move them (one slide or several) by holding them and trying to put them in a different order.
3.If they are succesfully move, try few more times and it will freeze.

Actual Results:
Most of the times Libreoffice Impress freezes after trying to move the slides and then I'm forced to quit loosing my not-saved work

Expected Results:
Let me move the slides normally.


Reproducible: Sometimes


User Profile Reset: Yes

Additional Info:
I've tryied in safe mode and the bug still appears.

Comment 1 Roman Kuznetsov 2022-11-17 18:50:47 UTC

Please write here info from your LibreOffice's Help->About dialog (there is the Copy button there)

Comment 2 Francisco 2022-11-17 19:02:50 UTC

Thanks Roman, here it is:

Version: 7.3.6.2 / LibreOffice Community
Build ID: 30(Build:2)
CPU threads: 4; OS: Linux 5.15; UI render: default; VCL: gtk3
Locale: es-CL (es_CL.UTF-8); UI: es-ES
Ubuntu package version: 1:7.3.6-0ubuntu0.22.04.2
Calc: threaded

Comment 3 QA Administrators 2022-11-18 03:36:53 UTC Comment hidden (obsolete)

[Automated Action] NeedInfo-To-Unconfirmed

Comment 4 Stéphane Guillou (stragu) 2022-11-21 07:52:02 UTC Comment hidden (obsolete)

I haven't been able to reproduce with:

Version: 7.3.6.2 / LibreOffice Community
Build ID: c28ca90fd6e1a19e189fc16c05f8f8924961e12e
CPU threads: 8; OS: Linux 5.15; UI render: default; VCL: gtk3
Locale: de-DE (en_AU.UTF-8); UI: en-US
Calc: threaded

Or:

Version: 7.5.0.0.alpha0+ (X86_64) / LibreOffice Community
Build ID: deb7bc82de19ea8e20c767fdf21f9ba4feb5e9f0
CPU threads: 8; OS: Linux 5.15; UI render: default; VCL: gtk3
Locale: en-AU (en_AU.UTF-8); UI: en-US
Calc: threaded

Could you please try:

- Updating to 7.3.7: https://www.libreoffice.org/download/download-libreoffice/
- If that doesn't help, you can try a more recent version, like 7.4 (version 7.3 shoudn't see any more releases)

Does this happen with any document in particular? In that case, it would be helpful to share a file as an attachment, to help us test.

Thank you!

Comment 5 QA Administrators 2023-05-21 03:15:56 UTC Comment hidden (obsolete)

Dear Francisco,

This bug has been in NEEDINFO status with no change for at least
6 months. Please provide the requested information as soon as
possible and mark the bug as UNCONFIRMED. Due to regular bug
tracker maintenance, if the bug is still in NEEDINFO status with
no change in 30 days the QA team will close the bug as INSUFFICIENTDATA
due to lack of needed information.

For more information about our NEEDINFO policy please read the
wiki located here:
https://wiki.documentfoundation.org/QA/Bugzilla/Fields/Status/NEEDINFO

If you have already provided the requested information, please
mark the bug as UNCONFIRMED so that the QA team knows that the
bug is ready to be confirmed.
 
Thank you for helping us make LibreOffice even better for everyone!

Warm Regards,
QA Team

MassPing-NeedInfo-Ping

Comment 6 Francisco 2023-05-22 08:34:24 UTC

Hello Stéphane, thank you for your reply.

I've just reproduce the same bug with this LibreOffice version:

Version: 7.5.2.2 (X86_64) / LibreOffice Community
Build ID: 50(Build:2)
CPU threads: 4; OS: Linux 6.2; UI render: default; VCL: gtk3
Locale: es-CL (es_CL.UTF-8); UI: es-ES
Ubuntu package version: 4:7.5.2-0ubuntu1
Calc: threaded

I've made a new LibreOffice Impress document with pre-made slides from the templates and the error happens again when I try to change slides order draging them.

Thanks for your help!

Comment 7 Francisco 2023-05-22 08:35:19 UTC Comment hidden (noise)

I've just added a new reply.

Comment 8 Stéphane Guillou (stragu) 2023-05-22 13:14:55 UTC

I've reproduced a crash after repeatedly dragging and dropping slides in the slide pane, on Ubuntu 20.04 with GNOME 3.36.8 + Wayland with:

Version: 7.5.3.2 (X86_64) / LibreOffice Community
Build ID: 9f56dff12ba03b9acd7730a5a481eea045e468f3
CPU threads: 8; OS: Linux 5.15; UI render: default; VCL: gtk3
Locale: en-AU (en_AU.UTF-8); UI: en-US
Calc: threaded

Also with kf5 (cairo + wayland) VCL, but not reproduced in a MetaWindowXwayland with e.g. kf5 (cairo + xcb).

Also in recent master build:

Version: 7.6.0.0.alpha1+ (X86_64) / LibreOffice Community
Build ID: f4c24da1e7f11664e0d2f688d2531f068e4a3bc0
CPU threads: 8; OS: Linux 5.15; UI render: default; VCL: gtk3
Locale: en-AU (en_AU.UTF-8); UI: en-US
Calc: threaded

And in 6.3.6.2 but not in 6.2.0.3.

Bibisected with linux-64-6.3 repo to first bad commit 3037c899cf3b1e5230a33221b598ab446231cebd which points to core commit:

commit d81a11220d76eeecac80b27b25a4576b6e78210b
author	Tomaž Vajngerl <tomaz.vajngerl@collabora.co.uk>	Fri Feb 08 21:49:19 2019 +0100
committer	Tomaž Vajngerl <quikee@gmail.com>	Mon Mar 04 22:42:18 2019 +0100
Simplify code to add a draw command (subclass)
Reviewed-on: https://gerrit.libreoffice.org/68698

Quikee, can you please have a look?

----

Crash reports:
- 7.5: https://crashreport.libreoffice.org/stats/crash_details/69ed99cc-30b8-4358-bdd7-ebe417d507a7
- 7.0: https://crashreport.libreoffice.org/stats/crash_details/f1d5ae18-ad0f-44be-b4bd-a686a51f4e35

SegvAnalysis from Apport:

Segfault happened at: 0x7f345de1a464 <wl_proxy_get_user_data+4>:	mov    0x30(%rdi),%rax
PC (0x7f345de1a464) ok
source "0x30(%rdi)" (0x00000030) not located in a known VMA region (needed readable region)!
destination "%rax" ok

Note that the crash should _not_ be confused with the following error that used to happen around that time, when creating a multi-selection of slides by dragging in the margin of the slide pane:

LibreOfficeDev 6.3 - Fatal Error: vector::reserve
Fatal exception: Signal 6
Stack:
/home/stragu/LO-bibisect/linux-64-6.3/instdir/program/libuno_sal.so.3(+0x14584)[0x7fe9a2a8d584]
[...]

Comment 9 Stéphane Guillou (stragu) 2023-05-22 13:17:48 UTC

Created attachment 187436 [details]
gdb backtrace with LO 7.6 alpha1+

Comment 10 Stéphane Guillou (stragu) 2023-12-11 17:18:00 UTC

Still repro in:

Version: 24.2.0.0.alpha1+ (X86_64) / LibreOffice Community
Build ID: 0ddd9f7e055a0c1ecb120de3e40c3fdb8373e9dc
CPU threads: 8; OS: Linux 5.15; UI render: default; VCL: gtk3
Locale: en-AU (en_AU.UTF-8); UI: en-US
Calc: threaded

Comment 11 Tomaz Vajngerl 2024-05-01 13:16:00 UTC

I really don't see how the code that this was bibisected to has anything to do with this... this code is not even run in a desktop LibreOffice currently. 

What happens if you just revert the commit?

Comment 12 Stéphane Guillou (stragu) 2024-05-02 08:41:11 UTC

(In reply to Tomaz Vajngerl from comment #11)
> I really don't see how the code that this was bibisected to has anything to
> do with this... this code is not even run in a desktop LibreOffice
> currently. 
I remember the crash being hard to reproduce and needing many repeats of the drag-and-drop, but thinking I had tested thoroughly enough.
I just went back to that commit, managed to crash it, then to HEAD~1 and also managed to crash it. Apologies for the wrong bibisect, Quikee!

Reproduced:
- in 7.6.6: https://crashreport.libreoffice.org/stats/crash_details/a0287f06-3599-4ce8-b5fc-b9146d7a6671
- in 24.2.2: https://crashreport.libreoffice.org/stats/crash_details/d682be20-d395-41f2-9ea4-f8ed7056b522
- and in a current daily build:

Version: 24.8.0.0.alpha0+ (X86_64) / LibreOffice Community
Build ID: ce454f382d0d005dd3de021c7820be3ffa0bb582
CPU threads: 8; OS: Linux 6.5; UI render: default; VCL: gtk3
Locale: en-AU (en_AU.UTF-8); UI: en-US
Calc: CL threaded

With this warning at every successful drag and drop:
warn:sd:322641:322641:sd/source/core/drawdoc2.cxx:255: Page object must not be a handout.

The best I can do for steps is:
1. Open Impress
2. Double-click twice in slide sorter to have 3 slides
3. Select first slide
4. Drag-and-drop it on top of third slide
5. Repeat step 4 a few times

If you don't see the "in-between slide hints" pop up, you're likely to see LO hang and then crash.

I attempted another bibisect in the same repo and got to [ba74b13ea9209c716f91d34cffbeac2dcdd719ca] which is:

commit 8643f6d64d387ebdb75b79db941d8ea1f8fa2f66
author	Katarina Behrens 	Thu Feb 28 14:43:14 2019 +0100
committer	Katarina Behrens 	Mon Mar 04 14:40:44 2019 +0100
tdf#120774: remove 7-year-old workaround of now non-existent bug
Fix of tdf#41996 is a workaround of kde4-specific condition and
has been since disabled on OS X (as tdf#51023). kde5 comes with
a new implementation of DnD and slide sorter in Impress now
exhibits exactly the same symptoms as on OS X in tdf#51023
Since kde4 is unsupported and remaining platforms (gtk[23], Win)
never had issues with DnD in slide sorter, kill the workaround
with fire (= disable it globally)
Reviewed-on: https://gerrit.libreoffice.org/68674

...which makes more sense!

In the console:

Fatal exception: Signal 6
Stack:
/home/stragu/lobibi/linux-64-6.3/instdir/program/libuno_sal.so.3(+0x14584)[0x7de8b7814584]
/home/stragu/lobibi/linux-64-6.3/instdir/program/libuno_sal.so.3(+0x3c386)[0x7de8b783c386]
/lib/x86_64-linux-gnu/libc.so.6(+0x42520)[0x7de8b7042520]
/lib/x86_64-linux-gnu/libc.so.6(pthread_kill+0x12c)[0x7de8b70969fc]
/lib/x86_64-linux-gnu/libc.so.6(raise+0x16)[0x7de8b7042476]
/lib/x86_64-linux-gnu/libc.so.6(abort+0xd3)[0x7de8b70287f3]
/home/stragu/lobibi/linux-64-6.3/instdir/program/libvcllo.so(+0x6d79e2)[0x7de8af0d79e2]
/home/stragu/lobibi/linux-64-6.3/instdir/program/libvcllo.so(_ZN11Application5AbortERKN3rtl8OUStringE+0xa2)[0x7de8af046882]
/home/stragu/lobibi/linux-64-6.3/instdir/program/libsofficeapp.so(+0x25490)[0x7de8b7425490]
/home/stragu/lobibi/linux-64-6.3/instdir/program/libvcllo.so(+0x64d3a4)[0x7de8af04d3a4]
/home/stragu/lobibi/linux-64-6.3/instdir/program/libuno_sal.so.3(+0x172a2)[0x7de8b78172a2]
/home/stragu/lobibi/linux-64-6.3/instdir/program/libuno_sal.so.3(+0x3c24f)[0x7de8b783c24f]
/lib/x86_64-linux-gnu/libc.so.6(+0x42520)[0x7de8b7042520]
/lib/x86_64-linux-gnu/libwayland-client.so.0(wl_proxy_get_user_data+0x4)[0x7de8b2551e24]
/lib/x86_64-linux-gnu/libgdk-3.so.0(+0x924d5)[0x7de8b038b4d5]
/lib/x86_64-linux-gnu/libffi.so.8(+0x7e2e)[0x7de8b6074e2e]
/lib/x86_64-linux-gnu/libffi.so.8(+0x4493)[0x7de8b6071493]
/lib/x86_64-linux-gnu/libwayland-client.so.0(+0x6ad0)[0x7de8b2551ad0]
/lib/x86_64-linux-gnu/libwayland-client.so.0(+0x7243)[0x7de8b2552243]
/lib/x86_64-linux-gnu/libwayland-client.so.0(wl_display_dispatch_queue_pending+0x7c)[0x7de8b255243c]
/lib/x86_64-linux-gnu/libgdk-3.so.0(+0x9b548)[0x7de8b0394548]
/lib/x86_64-linux-gnu/libgdk-3.so.0(gdk_display_get_event+0x89)[0x7de8b032fa99]
/lib/x86_64-linux-gnu/libgdk-3.so.0(+0xa0996)[0x7de8b0399996]
/lib/x86_64-linux-gnu/libglib-2.0.so.0(g_main_context_dispatch+0x26b)[0x7de8b6b1bd3b]
/lib/x86_64-linux-gnu/libglib-2.0.so.0(+0xab258)[0x7de8b6b71258]
/lib/x86_64-linux-gnu/libglib-2.0.so.0(g_main_context_iteration+0x33)[0x7de8b6b193e3]
/home/stragu/lobibi/linux-64-6.3/instdir/program/libvclplug_gtk3lo.so(+0xac154)[0x7de8a04ac154]
/home/stragu/lobibi/linux-64-6.3/instdir/program/libvcllo.so(+0x646332)[0x7de8af046332]
/home/stragu/lobibi/linux-64-6.3/instdir/program/libvcllo.so(_ZN11Application7ExecuteEv+0x45)[0x7de8af048255]
/home/stragu/lobibi/linux-64-6.3/instdir/program/libsofficeapp.so(+0x2b82c)[0x7de8b742b82c]
/home/stragu/lobibi/linux-64-6.3/instdir/program/libvcllo.so(_Z10ImplSVMainv+0x62)[0x7de8af04ef22]
/home/stragu/lobibi/linux-64-6.3/instdir/program/libsofficeapp.so(soffice_main+0x115)[0x7de8b7456c55]
/home/stragu/lobibi/linux-64-6.3/instdir/program/soffice.bin[0x40066b]
/lib/x86_64-linux-gnu/libc.so.6(+0x29d90)[0x7de8b7029d90]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0x80)[0x7de8b7029e40]
/home/stragu/lobibi/linux-64-6.3/instdir/program/soffice.bin[0x40069f]

Bubli is less active now.
Copying Julien and Noel in, given that the only Impress report that mentions Vector::Reserve is bug 124211, also manipulating slides in the Sorter.

Comment 13 Tomaz Vajngerl 2024-05-02 09:19:40 UTC

(In reply to Stéphane Guillou (stragu) from comment #12)
> I remember the crash being hard to reproduce and needing many repeats of the
> drag-and-drop, but thinking I had tested thoroughly enough.
> I just went back to that commit, managed to crash it, then to HEAD~1 and
> also managed to crash it. Apologies for the wrong bibisect, Quikee!

Yeah, no problem - I should've checked this sooner.

Comment 14 Julien Nabet 2024-05-02 10:30:27 UTC

On pc Debian x86-64 with master sources updated today, I could reproduce this.

The pb is bt doesn't show much:
#0  0x00007fee2e4f3894 in wl_proxy_get_user_data () at /lib/x86_64-linux-gnu/libwayland-client.so.0
#1  0x00007fee2f56928b in  () at /lib/x86_64-linux-gnu/libgdk-3.so.0
#2  0x00007fee425833fe in  () at /lib/x86_64-linux-gnu/libffi.so.8
#3  0x00007fee4258270d in  () at /lib/x86_64-linux-gnu/libffi.so.8
#4  0x00007fee42582ee3 in ffi_call () at /lib/x86_64-linux-gnu/libffi.so.8
#5  0x00007fee2e4f5921 in  () at /lib/x86_64-linux-gnu/libwayland-client.so.0
#6  0x00007fee2e4f1c09 in  () at /lib/x86_64-linux-gnu/libwayland-client.so.0
#7  0x00007fee2e4f35ac in wl_display_dispatch_queue_pending () at /lib/x86_64-linux-gnu/libwayland-client.so.0
#8  0x00007fee2f56f868 in  () at /lib/x86_64-linux-gnu/libgdk-3.so.0
#9  0x00007fee2f5373c4 in gdk_display_get_event () at /lib/x86_64-linux-gnu/libgdk-3.so.0
#10 0x00007fee2f56f576 in  () at /lib/x86_64-linux-gnu/libgdk-3.so.0
#11 0x00007fee35b111f4 in  () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#12 0x00007fee35b14317 in  () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#13 0x00007fee35b14930 in g_main_context_iteration () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#14 0x00007fee2f291a8f in GtkSalData::Yield(bool, bool) (this=0x55dbac8a87c0, bWait=true, bHandleAllCurrentEvents=false) at /home/julien/lo/libreoffice/vcl/unx/gtk3/gtkdata.cxx:405
#15 0x00007fee2f296f03 in GtkInstance::DoYield(bool, bool) (this=0x55dbac8a8670, bWait=true, bHandleAllCurrentEvents=false) at /home/julien/lo/libreoffice/vcl/unx/gtk3/gtkinst.cxx:435
#16 0x00007fee3a5c0f5c in ImplYield(bool, bool) (i_bWait=true, i_bAllEvents=false) at /home/julien/lo/libreoffice/vcl/source/app/svapp.cxx:378

trying catch throw, there are too much exceptions thrown
eg:
#0  0x00007fee430b2191 in __cxa_throw () at /lib/x86_64-linux-gnu/libstdc++.so.6
#1  0x00007fee2e38bc21 in gcc3::raiseException(_uno_Any*, _uno_Mapping*) (pUnoExc=0x7ffe335d6cb8, pUno2Cpp=0x55dbaecd8398) at /home/julien/lo/libreoffice/bridges/source/cpp_uno/gcc3_linux_x86-64/except.cxx:190
#2  0x00007fee2e38886b in cpp2uno_call(bridges::cpp_uno::shared::CppInterfaceProxy*, _typelib_TypeDescription const*, _typelib_TypeDescriptionReference*, int, _typelib_MethodParameter*, void**, void**, void**, unsigned long*)
    (pThis=0x55dbb6314610, pMemberTypeDescr=0x55dbaec82340, pReturnTypeRef=0x55dbac8abeb0, nParams=1, pParams=0x55dbaec823f0, gpreg=0x7ffe335d73c0, fpreg=0x7ffe335d73e0, ovrflw=0x7ffe335d7430, pRegisterReturn=0x7ffe335d7390) at /home/julien/lo/libreoffice/bridges/source/cpp_uno/gcc3_linux_x86-64/cpp2uno.cxx:207
#3  0x00007fee2e387f0a in cpp_vtable_call(sal_Int32, sal_Int32, void**, void**, void**, sal_uInt64*)
    (nFunctionIndex=3, nVtableOffset=0, gpreg=0x7ffe335d73b0, fpreg=0x7ffe335d73e0, ovrflw=0x7ffe335d7430, pRegisterReturn=0x7ffe335d7390)
    at /home/julien/lo/libreoffice/bridges/source/cpp_uno/gcc3_linux_x86-64/cpp2uno.cxx:388
#4  0x00007fee2e3abfd6 in privateSnippetExecutor () at /home/julien/lo/libreoffice/instdir/program/libgcc3_uno.so
#5  0x00007fee4172ff6e in cppu::throwException(com::sun::star::uno::Any const&) (exc=uno::Any("com.sun.star.ucb.InteractiveAugmentedIOException": ...))
    at /home/julien/lo/libreoffice/cppuhelper/source/exc_thrower.cxx:250
#6  0x00007fee419805ca in ucbhelper::cancelCommandExecution(com::sun::star::ucb::IOErrorCode, com::sun::star::uno::Sequence<com::sun::star::uno::Any> const&, com::sun::star::uno::Reference<com::sun::star::ucb::XCommandEnvironment> const&, rtl::OUString const&, com::sun::star::uno::Reference<com::sun::star::ucb::XCommandProcessor> const&)
    (eError=com::sun::star::ucb::IOErrorCode::IOErrorCode_NOT_EXISTING, rArgs=uno::Sequence of length 2 = {...}, xEnv=empty uno::Reference, rMessage="an error occurred during opening a directory", xContext=uno::Reference to (fileaccess::BaseContent *) 0x55dbb63143a8) at /home/julien/lo/libreoffice/ucbhelper/source/provider/cancelcommandexecution.cxx:85

#0  0x00007fee430b2191 in __cxa_throw () at /lib/x86_64-linux-gnu/libstdc++.so.6
#1  0x00007fee3e01c2cf in com::sun::star::uno::BaseReference::iquery_throw(com::sun::star::uno::XInterface*, com::sun::star::uno::Type const&) (pInterface=0x0, rType=invalid uno::Type)
    at include/com/sun/star/uno/Reference.hxx:83
#2  0x00007fee3e049b99 in com::sun::star::uno::Reference<com::sun::star::beans::XPropertySet>::iquery_throw(com::sun::star::uno::XInterface*) (pInterface=0x0) at include/com/sun/star/uno/Reference.hxx:92
#3  0x00007fee3e04255c in com::sun::star::uno::Reference<com::sun::star::beans::XPropertySet>::Reference(com::sun::star::uno::BaseReference const&, com::sun::star::uno::UnoReference_QueryThrow)
    (this=0x7ffe335d7be0, rRef=...) at include/com/sun/star/uno/Reference.hxx:198
#4  0x00007fee3e034a96 in accessibility::AccessibleShape::UpdateNameAndDescription() (this=0x55dbb399f970) at /home/julien/lo/libreoffice/svx/source/accessibility/AccessibleShape.cxx:1043
#5  0x00007fee3e0348dc in accessibility::AccessibleShape::AccessibleShape(accessibility::AccessibleShapeInfo const&, accessibility::AccessibleShapeTreeInfo const&)
    (this=0x55dbb399f970, rShapeInfo=..., rShapeTreeInfo=...) at /home/julien/lo/libreoffice/svx/source/accessibility/AccessibleShape.cxx:106
#6  0x00007fedff380be3 in accessibility::AccessiblePageShape::AccessiblePageShape(com::sun::star::uno::Reference<com::sun::star::drawing::XDrawPage>, com::sun::star::uno::Reference<com::sun::star::accessibility::XAccessible> const&, accessibility::AccessibleShapeTreeInfo const&) (this=0x55dbb399f970, xPage=Python Exception <class 'gdb.error'>: value has been optimized out
, rxParent=uno::Reference to (accessibility::AccessibleDrawDocumentView *) 0x55dbb33f59d0, rShapeTreeInfo=...)
    at /home/julien/lo/libreoffice/sd/source/ui/accessibility/AccessiblePageShape.cxx:45

I tried with gen rendering but the drag&drop seems disabled.