https://bugs.documentfoundation.org/show_bug.cgi?id=113755 http://crashreport.libreoffice.org/stats/crash_details/a7d8fd19-0512-4292-b3a0-140dcff204c8 GDIHandles 128 Language en-SG BuildID 2524958677847fb3bb44820e40380acbe820f960 OpenGLDriver 22.20.16.4691 ProductName LibreOffice ShutDown true OpenGLVendor 0x8086 UseOpenGL false OpenGLDevice 0x1916 Crash|EXCEPTION_ACCESS_VIOLATION_READ|0x14|0 + ie. a NULL ptr de-reference ... sal_Bool SAL_CALL Desktop::terminate() ... framework/source/services/desktop.cxx: CrashReporter::AddKeyValue("ShutDown", OUString::boolean(true)); Frame Module Signature Source 0 mergedlo.dll SfxSlotPool::GetSlotPool(SfxViewFrame *) sfx2/source/control/msgpool.cxx:282 SfxSlotPool& SfxSlotPool::GetSlotPool( SfxViewFrame *pFrame ) { SfxModule *pMod = SfxModule::GetActiveModule( pFrame ); if ( pMod && pMod->GetSlotPool() ) return *pMod->GetSlotPool(); else return *SfxGetpApp()->Get_Impl()->pSlotPool; } include/sfx2/app.hxx:inline SfxApplication* SfxGetpApp() include/sfx2/app.hxx-{ include/sfx2/app.hxx- return SfxApplication::Get(); include/sfx2/app.hxx-} SfxApplication* SfxApplication::Get() { return g_pSfxApplication; } // null'd by this guy: SfxApplication::SfxApplication() : pImpl( new SfxAppData_Impl ) sfx2/source/appl/app.cxx: g_pSfxApplication = new SfxApplication; => apparently never deleted - so ... shoudl be live forever & leaked. *** Check wrt. valgrind etc. ? *** std::unique_ptr pImpl; SAL_DLLPRIVATE SfxAppData_Impl* Get_Impl() const { return pImpl.get(); } + pImpl appears never to be reset or cleared either. class SVL_DLLPUBLIC SfxBroadcaster { struct Impl; std::unique_ptr mpImpl; 0x00 class SFX2_DLLPUBLIC SfxShell: public SfxBroadcaster { friend class SfxObjectItem; std::unique_ptr< SfxShell_Impl > pImpl; 0x04 SfxItemPool* pPool; 0x08 ::svl::IUndoManager* pUndoMgr; 0x10 class SFX2_DLLPUBLIC SfxApplication: public SfxShell { std::unique_ptr pImpl; 0x14 ? ... [ huh? ] ... + could that be 0x14 offset on a 32bit build ? SfxSlotPool* pSlotPool; + this guy is NULL [!] ... (deep into the struct - is not 0x14 offset) sfx2/inc/msgpoolhxx: class SFX2_DLLPUBLIC SfxSlotPool ... + re-referencing a NULL ptr though (?) this * ... * Surely we have a NULL SfxApplication (somehow) + how can that happen !? ... =) + some headless / scripting case or ? ... *** + check the lifecycle of that beastie. *** 1 mergedlo.dll TransformItems(unsigned short,SfxItemSet const &,com::sun::star::uno::Sequence &,SfxSlot const *) sfx2/source/appl/appuno.cxx:914 if ( !pSlot ) pSlot = SFX_SLOTPOOL().GetSlot( nSlotId ); if ( !pSlot) return; 2 mergedlo.dll SfxBaseModel::getArgs() sfx2/source/doc/sfxbasemodel.cxx:954 TransformItems( SID_OPENDOC, *(m_pData->m_pObjectShell->GetMedium()->GetItemSet()), seqArgsNew ); TransformParameters( SID_OPENDOC, m_pData->m_seqArguments, aSet ); TransformItems( SID_OPENDOC, aSet, seqArgsOld ); 3 swlo.dll SwXTextDocument::getArgs() sw/source/uibase/uno/unotxdoc.cxx:594 4 ucptdoc1lo.dll tdoc_ucp::OfficeDocumentsManager::isDocumentPreview(com::sun::star::uno::Reference const &) ucb/source/ucp/tdoc/tdoc_docmgr.cxx:572 5 ucptdoc1lo.dll tdoc_ucp::OfficeDocumentsManager::isOfficeDocument(com::sun::star::uno::Reference const &) ucb/source/ucp/tdoc/tdoc_docmgr.cxx:681 6 ucptdoc1lo.dll tdoc_ucp::OfficeDocumentsManager::documentEventOccured(com::sun::star::document::DocumentEvent const &) ucb/source/ucp/tdoc/tdoc_docmgr.cxx:241 7 ucptdoc1lo.dll tdoc_ucp::OfficeDocumentsManager::OfficeDocumentsCloseListener::notifyClosing(com::sun::star::lang::EventObject const &) ucb/source/ucp/tdoc/tdoc_docmgr.cxx:68 * Do we really need this listening ? after desktop::terminate ? 8 mergedlo.dll SfxBaseModel::close(unsigned char) sfx2/source/doc/sfxbasemodel.cxx:1355 9 swlo.dll SwXTextDocument::close(unsigned char) sw/source/uibase/uno/unotxdoc.cxx:617 void SwXTextDocument::close( sal_Bool bDeliverOwnership ) { SolarMutexGuard aGuard; if(IsValid() && m_pHiddenViewFrame) lcl_DisposeView( m_pHiddenViewFrame, pDocShell); SfxBaseModel::close(bDeliverOwnership); } 10 mergedlo.dll SfxObjectShell::CloseInternal() sfx2/source/doc/objxtor.cxx:408 11 mergedlo.dll SfxObjectShell::Close() sfx2/source/doc/objxtor.cxx:389 12 swlo.dll SwTransferable::~SwTransferable() sw/source/uibase/dochdl/swdtflvr.cxx:256 SwDocShell* pDocSh = static_cast(pObj); pDocSh->DoClose(); 13 swlo.dll SwTransferable::`vector deleting destructor'(unsigned int) 14 cppuhelper3MSC.dll cppu::OWeakObject::release() cppuhelper/source/weak.cxx:232 15 sysdtrans.dll `anonymous namespace'::AsyncDereference::notify dtrans/source/win32/dtobj/XTDataObject.cxx:99 CXTDataObject::~CXTDataObject() { css::awt::AsyncCallback::create(m_XComponentContext)->addCallback( new AsyncDereference(m_XTransferable), css::uno::Any()); } /** We need to destroy XTransferable in the main thread to avoid dead lock when locking in the clipboard thread. So we transfer the ownership of the XTransferable reference to this object and release it when the callback is executed in main thread. */ class AsyncDereference : public cppu::WeakImplHelper { Reference maTransferable; ... 16 mergedlo.dll `anonymous namespace'::AsyncCallback::Notify_Impl toolkit/source/awt/asynccallback.cxx:106 toolkit/source/awt/asynccallback.cxx // private asynchronous link to call reference to the callback object IMPL_STATIC_LINK( AsyncCallback, Notify_Impl, void*, p, void ) { CallbackData* pCallbackData = static_cast(p); try { // Asynchronous execution // Check pointer and reference before! if ( pCallbackData && pCallbackData->xCallback.is() ) pCallbackData->xCallback->notify( pCallbackData->aData ); } } * Added by: // css::awt::XRequestCallback: void SAL_CALL AsyncCallback::addCallback(const css::uno::Reference< css::awt::XCallback > & xCallback, const css::uno::Any & aData) { if ( Application::IsInMain() ) { // NOTE: We don't need SolarMutexGuard here as Application::PostUserEvent is thread-safe CallbackData* pCallbackData = new CallbackData( xCallback, aData ); Application::PostUserEvent( LINK( this, AsyncCallback, Notify_Impl ), pCallbackData ); } } 17 mergedlo.dll ImplHandleUserEvent vcl/source/window/winproc.cxx:1949 18 mergedlo.dll ImplWindowFrameProc(vcl::Window *,SalEvent,void const *) vcl/source/window/winproc.cxx:2499 19 mergedlo.dll SalFrameWndProc(HWND__ *,unsigned int,unsigned int,long,int &) vcl/win/window/salframe.cxx:5766 20 mergedlo.dll SalFrameWndProcW(HWND__ *,unsigned int,unsigned int,long) vcl/win/window/salframe.cxx:5892 sfx2/source/doc/sfxbasemodel.cxx sfx2/source/inc/docundomanager.hxx:class SfxModelGuard SolarMutexResettableGuard m_aGuard; + is the solar mutex ... --- Transient Documents foo --- scripting/java/com/sun/star/script/framework/provider/ScriptProvider.java: "com.sun.star.frame.TransientDocumentsDocu scripting/source/inc/util/MiscUtils.hxx- xDocFac.set(xMCF->createInstanceWithContext( scripting/source/inc/util/MiscUtils.hxx: "com.sun.star.frame.TransientDocumentsDocumentContentFactory", scripting/source/inc/util/MiscUtils.hxx- xContext ), scripting/source/inc/util/MiscUtils.hxx- css::uno::UNO_QUERY ); Reference GetDMA() ... sfx2/source/doc/sfxbasemodel.cxx- const Reference xTDDCF( sfx2/source/doc/sfxbasemodel.cxx- xMsf->createInstanceWithContext( sfx2/source/doc/sfxbasemodel.cxx: "com.sun.star.frame.TransientDocumentsDocumentContentFactory", sfx2/source/doc/sfxbasemodel.cxx- xContext), sfx2/source/doc/sfxbasemodel.cxx- UNO_QUERY_THROW); * Documents with RDF meta-data create this thing ... (gdb) bt #0 0x00007ffff19fdc92 in SfxApplication::~SfxApplication() (this=0x192b7b0) at /data/opt/libreoffice/master/sfx2/source/appl/app.cxx:213 #1 0x00007ffff19fe039 in SfxApplication::~SfxApplication() (this=0x192b7b0) at /data/opt/libreoffice/master/sfx2/source/appl/app.cxx:212 #2 0x00007ffff1a1da3a in SfxTerminateListener_Impl::notifyTermination(com::sun::star::lang::EventObject const&) (this=0x192ff30, aEvent=...) at /data/opt/libreoffice/master/sfx2/source/appl/appinit.cxx:121 delete pApp; Application::Quit(); #3 0x00007fffbba9654c in framework::Desktop::terminate() (this=0x1919110) at /data/opt/libreoffice/master/framework/source/services/desktop.cxx:359 // The clipboard listener needs to be the first. It can create copies of the // existing document which needs basically all the available infrastructure. { SolarMutexResettableGuard aGuard; impl_sendTerminateToClipboard(); aGuard.clear(); impl_sendNotifyTerminationEvent(); aGuard.reset(); Scheduler::ProcessEventsToIdle(); } ... then calls us ... { // in 5.4 SolarMutexGuard aGuard; Scheduler::ProcessEventsToIdle(); } * Problem is - this is a user event and -not- an idle event =) #4 0x00007fffbb97b75a in framework::CloseDispatcher::implts_terminateApplication() (this=0x2bb13b0) at /data/opt/libreoffice/master/framework/source/dispatch/closedispatcher.cxx:548 #5 0x00007fffbb97a8f2 in framework::CloseDispatcher::impl_asyncCallback(LinkParamNone*) (this=0x2bb13b0) at /data/opt/libreoffice/master/framework/source/dispatch/closedispatcher.cxx:402 #6 0x00007fffbb979068 in framework::CloseDispatcher::LinkStubimpl_asyncCallback(void*, LinkParamNone*) (instance=0x2bb13b0, data=0x0) at /data/opt/libreoffice/master/framework/source/dispatch/closedispatcher.cxx:247 #7 0x00007fffec21cc88 in Link::Call(LinkParamNone*) const (this=0x33a3038, data=0x0) at /data/opt/libreoffice/master/include/tools/link.hxx:84 #8 0x00007fffec669e18 in vcl::EventPoster::DoEvent_Impl(void*) (this=0x33a3030) at /data/opt/libreoffice/master/vcl/source/helper/evntpost.cxx:52 #9 0x00007fffec669dd8 in vcl::EventPoster::LinkStubDoEvent_Impl(void*, void*) (instance=0x33a3030, data=0x0) at /data/opt/libreoffice/master/vcl/source/helper/evntpost.cxx:48 #10 0x00007fffec184a68 in Link::Call(void*) const (this=0x27611e8, data=0x0) at /data/opt/libreoffice/master/include/tools/link.hxx:84 #11 0x00007fffec181cfc in ImplHandleUserEvent(ImplSVEvent*) (pSVEvent=0x27611e0) at /data/opt/libreoffice/master/vcl/source/window/winproc.cxx:1924 #12 0x00007fffec17f2cc in ImplWindowFrameProc(vcl::Window*, SalEvent, void const*) (_pWindow=0x1936400, nEvent=SalEvent::UserEvent, pEvent=0x27611e0) at /data/opt/libreoffice/master/vcl/source/window/winproc.cxx:2474 #13 0x00007fffec86af75 in SalFrame::CallCallback(SalEvent, void const*) const (this=0x1936b20, nEvent=SalEvent::UserEvent, pEvent=0x27611e0) at /data/opt/libreoffice/master/vcl/inc/salframe.hxx:275 #14 0x00007fffec87d62f in SalGenericDisplay::ProcessEvent(SalUserEventList::SalUserEvent) (this=0x14e3630, aEvent=...) at /data/opt/libreoffice/master/vcl/unx/generic/app/gendisp.cxx:67 #15 0x00007fffec6798b5 in SalUserEventList::DispatchUserEvents(bool) (this=0x14e3630, bHandleAllCurrentEvents=false) at /data/opt/libreoffice/master/vcl/source/app/salusereventlist.cxx:109 #16 0x00007fffec87d585 in SalGenericDisplay::DispatchInternalEvent(bool) (this=0x14e3630, bHandleAllCurrentEvent=false) at /data/opt/libreoffice/master/vcl/unx/generic/app/gendisp.cxx:52 #17 0x00007fffda68db33 in call_userEventFn(void*) (data=0x6bc890) at /data/opt/libreoffice/master/vcl/unx/gtk3/gtk3gtkdata.cxx:784 #18 0x00007ffff5b3f015 in g_main_dispatch (context=0x148e510) at gmain.c:3154 void Scheduler::ProcessEventsToIdle() { int nSanity = 1000; while(Scheduler::ProcessTaskScheduling( true ) || ImplYield(false, false, 0)) + does this do the UserEvents? ... + almost certainly -> there is no yielding ... inline bool ImplYield(bool i_bWait, bool i_bAllEvents, sal_uLong const nReleased) false, false pSVData->mpDefInst->DoYield( i_bWait && !pSVData->maAppData.mbAppQuit, i_bAllEvents, nReleased); vcl/win/app/salinst.cxx SalYieldResult WinSalInstance::DoYield(bool bWait, bool bHandleAllCurrentEvents, sal_uLong const nReleased) + nReleased == 0 -> ok -> eDidWork = ImplSalYield( bWait, bHandleAllCurrentEvents ); SalYieldResult ImplSalYield( bool bWait, bool bHandleAllCurrentEvents ) { MSG aMsg; bool bWasMsg = false, bOneEvent = false; int nMaxEvents = bHandleAllCurrentEvents ? 100 : 1; do { if ( PeekMessageW( &aMsg, nullptr, 0, 0, PM_REMOVE ) ) { TranslateMessage( &aMsg ); ImplSalDispatchMessage( &aMsg ); bOneEvent = bWasMsg = true; } else bOneEvent = false; } while( --nMaxEvents && bOneEvent ); + should return EVENT for our PostUserMesage [!] + hmm. + so that stuff -should -be processed. ** Query: + do we get an external "createDataObjectFromTransferable" after we've cleaned up ? and create a new CXTDataObject ? + capturing clipboard-at-exit stuff ?