Bug 96365 - SolarMutex not locked ...
Summary: SolarMutex not locked ...
Status: RESOLVED FIXED
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: Writer (show other bugs)
Version:
(earliest affected)
5.0.2.1 rc
Hardware: All All
: medium normal
Assignee: Not Assigned
URL:
Whiteboard: target:5.2.0
Keywords:
Depends on:
Blocks:
 
Reported: 2015-12-09 17:25 UTC by Michael Meeks
Modified: 2016-09-15 20:39 UTC (History)
2 users (show)

See Also:
Crash report or crash signature:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Meeks 2015-12-09 17:25:12 UTC 
Looks pretty normal ;-)

(gdb) bt
#0  0x00007ffff7464187 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1  0x00007ffff7465538 in __GI_abort () at abort.c:78
#2  0x00007ffff745d126 in __assert_fail_base (fmt=0x7ffff7592858 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x7fffefb11b10 "ImplGetSVData()->mpDefInst->CheckYieldMutex() && \"SolarMutex not locked\"", file=file@entry=0x7fffefb11ad8 "/data/opt/libreoffice/master/vcl/source/app/dbggui.cxx", line=line@entry=47, function=function@entry=0x7fffefb12180 <ImplDbgTestSolarMutex()::__PRETTY_FUNCTION__> "void ImplDbgTestSolarMutex()") at assert.c:92
#3  0x00007ffff745d1d2 in __GI___assert_fail (assertion=0x7fffefb11b10 "ImplGetSVData()->mpDefInst->CheckYieldMutex() && \"SolarMutex not locked\"", file=0x7fffefb11ad8 "/data/opt/libreoffice/master/vcl/source/app/dbggui.cxx", line=47, function=0x7fffefb12180 <ImplDbgTestSolarMutex()::__PRETTY_FUNCTION__> "void ImplDbgTestSolarMutex()") at assert.c:101
#4  0x00007fffef75a4f7 in ImplDbgTestSolarMutex() () at /data/opt/libreoffice/master/vcl/source/app/dbggui.cxx:47
#5  0x00007ffff086c8be in DbgFunc(unsigned short, void*) (nAction=3, pParam=0x0) at /data/opt/libreoffice/master/tools/source/debug/debug.cxx:74
#6  0x00007ffff2ff7601 in SfxBroadcaster::AddListener(SfxListener&) (this=0x2921520, rListener=...) at /data/opt/libreoffice/master/svl/source/notify/SfxBroadcaster.cxx:95
#7  0x00007ffff3009c99 in SfxListener::StartListening(SfxBroadcaster&, bool) (this=0x3358638, rBroadcaster=..., bPreventDups=false) at /data/opt/libreoffice/master/svl/source/notify/lstner.cxx:81
#8  0x00007fffcd6e0071 in accessibility::AccessibleEmptyEditSource::AccessibleEmptyEditSource(SdrObject&, SdrView&, vcl::Window const&) (this=0x3358630, rObj=..., rView=..., rViewWindow=...) at /data/opt/libreoffice/master/svx/source/accessibility/AccessibleEmptyEditSource.cxx:232
#9  0x00007fffcd6e8f93 in accessibility::AccessibleShape::Init() (this=0x33548e0) at /data/opt/libreoffice/master/svx/source/accessibility/AccessibleShape.cxx:175
#10 0x00007fffcd6d21e4 in accessibility::AccessibleControlShape::Init() (this=0x33548e0) at /data/opt/libreoffice/master/svx/source/accessibility/AccessibleControlShape.cxx:162
#11 0x00007fffce3b94c4 in SwAccessibleMap::ReplaceChild(accessibility::AccessibleShape*, com::sun::star::uno::Reference<com::sun::star::drawing::XShape> const&, long, accessibility::AccessibleShapeTreeInfo const&) (this=0x2b0ed50, pCurrentChild=0x0, _rxShape=empty uno::Reference) at /data/opt/libreoffice/master/sw/source/core/access/accmap.cxx:3211
#12 0x00007fffcd6d3e1d in accessibility::AccessibleControlShape::modeChanged(com::sun::star::util::ModeChangeEvent const&) (this=0x285f960, _rSource=...) at /data/opt/libreoffice/master/svx/source/accessibility/AccessibleControlShape.cxx:481
#13 0x00007ffff0e271f9 in cppu::OInterfaceContainerHelper::NotifySingleListener<com::sun::star::util::XModeChangeListener, com::sun::star::util::ModeChangeEvent>::operator()(com::sun::star::uno::Reference<com::sun::star::util::XModeChangeListener> const&) const (this=0x7fffb7461ec0, listener=uno::Reference to (accessibility::AccessibleControlShape *) 0x285fad8) at /data/opt/libreoffice/master/include/cppuhelper/interfacecontainer.h:274
#14 0x00007ffff0e25ac2 in cppu::OInterfaceContainerHelper::forEach<com::sun::star::util::XModeChangeListener, cppu::OInterfaceContainerHelper::NotifySingleListener<com::sun::star::util::XModeChangeListener, com::sun::star::util::ModeChangeEvent> >(cppu::OInterfaceContainerHelper::NotifySingleListener<com::sun::star::util::XModeChangeListener, com::sun::star::util::ModeChangeEvent> const&) (this=0x2860120, func=...) at /data/opt/libreoffice/master/include/cppuhelper/interfacecontainer.h:287
#15 0x00007ffff0e23be0 in cppu::OInterfaceContainerHelper::notifyEach<com::sun::star::util::XModeChangeListener, com::sun::star::util::ModeChangeEvent>(void (com::sun::star::util::XModeChangeListener::*)(com::sun::star::util::ModeChangeEvent const&), com::sun::star::util::ModeChangeEvent const&) (this=0x2860120, NotificationMethod=&virtual com::sun::star::util::XModeChangeListener::modeChanged(com::sun::star::util::ModeChangeEvent const&), Event=...) at /data/opt/libreoffice/master/include/cppuhelper/interfacecontainer.h:300
#16 0x00007ffff0e1f945 in UnoControl::setDesignMode(unsigned char) (this=0x285ff00, bOn=0 '\000') at /data/opt/libreoffice/master/toolkit/source/controls/unocontrol.cxx:1411
#17 0x00007fffbb4e9a86 in frm::OControl::setDesignMode(unsigned char) (this=0x2b094e0, bOn=0 '\000') at /data/opt/libreoffice/master/forms/source/component/FormComponent.cxx:319
#18 0x00007fffdad9f1ca in gcc3::callVirtualMethod(void*, unsigned int, void*, _typelib_TypeDescriptionReference*, bool, unsigned long*, unsigned int, unsigned long*, double*) (pThis=0x2b09548, nVtableIndex=13, pRegisterReturn=0x0, pReturnTypeRef=0x6eddd0, bSimpleReturn=true, pStack=0x7fffb7462140, nStack=0, pGPR=0x7fffb74621a0, pFPR=0x7fffb74621d0) at /data/opt/libreoffice/master/bridges/source/cpp_uno/gcc3_linux_x86-64/callvirtualmethod.cxx:133
#19 0x00007fffdad9e18d in cpp_call(bridges::cpp_uno::shared::UnoInterfaceProxy*, bridges::cpp_uno::shared::VtableSlot, typelib_TypeDescriptionReference*, sal_Int32, typelib_MethodParameter*, void*, void**, uno_Any**) (pThis=0x33d3ee0, aVtableSlot=..., pReturnTypeRef=0x6eddd0, nParams=1, pParams=0x3351fd0, pUnoReturn=0x0, pUnoArgs=0x2cf86c0, ppUnoExc=0x7fffb7462558) at /data/opt/libreoffice/master/bridges/source/cpp_uno/gcc3_linux_x86-64/uno2cpp.cxx:245
#20 0x00007fffdad9eb32 in bridges::cpp_uno::shared::unoInterfaceProxyDispatch(_uno_Interface*, _typelib_TypeDescription const*, void*, void**, _uno_Any**) (pUnoI=0x33d3ee0, pMemberDescr=0x3358230, pReturn=0x0, pArgs=0x2cf86c0, ppException=0x7fffb7462558) at /data/opt/libreoffice/master/bridges/source/cpp_uno/gcc3_linux_x86-64/uno2cpp.cxx:443
#21 0x00007fffd6da8ec0 in binaryurp::IncomingRequest::execute_throw(binaryurp::BinaryAny*, std::__debug::vector<binaryurp::BinaryAny, std::allocator<binaryurp::BinaryAny> >*) const (this=0x33577c0, returnValue=0x7fffb74629b0, outArguments=0x7fffb7462920) at /data/opt/libreoffice/master/binaryurp/source/incomingrequest.cxx:241
#22 0x00007fffd6da7d9d in binaryurp::IncomingRequest::execute() const (this=0x33577c0) at /data/opt/libreoffice/master/binaryurp/source/incomingrequest.cxx:73
#23 0x00007fffd6dc581b in binaryurp::(anonymous namespace)::request(void*) (pThreadSpecificData=0x33577c0) at /data/opt/libreoffice/master/binaryurp/source/reader.cxx:85
#24 0x00007ffff5710279 in cppu_threadpool::JobQueue::enter(long, bool) (this=0x3357190, nDisposeId=47588160, bReturnWhenNoJob=true) at /data/opt/libreoffice/master/cppu/source/threadpool/jobqueue.cxx:107
#25 0x00007ffff57136f0 in cppu_threadpool::ORequestThread::run() (this=0x2d62340) at /data/opt/libreoffice/master/cppu/source/threadpool/thread.cxx:172
#26 0x00007ffff5713b25 in osl::threadFunc(void*) (param=0x2d62350) at /data/opt/libreoffice/master/include/osl/thread.hxx:185
#27 0x00007ffff7b9da1a in osl_thread_start_Impl(void*) (pData=0x28c6140) at /data/opt/libreoffice/master/sal/osl/unx/thread.cxx:240
#28 0x00007ffff721a0a4 in start_thread (arg=0x7fffb7463700) at pthread_create.c:309
#29 0x00007ffff751408d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111


from a:

make gb_JunitTest_DEBUGRUN=T JunitTest_forms_unoapi_2

from git hash:
 1fd41f43eb73c373cb94d32d82c5fb7a7e243367

(a bit old but perhaps useful).
Comment 1 Björn Michaelsen 2015-12-09 18:38:58 UTC 
(In reply to Michael Meeks from comment #0)
#16 0x00007ffff0e1f945 in UnoControl::setDesignMode(unsigned char) (this=0x285ff00, bOn=0 '\000') at /data/opt/libreoffice/master/toolkit/source/controls/unocontrol.cxx:1411
> #17 0x00007fffbb4e9a86 in frm::OControl::setDesignMode(unsigned char)
> (this=0x2b094e0, bOn=0 '\000') at
> /data/opt/libreoffice/master/forms/source/component/FormComponent.cxx:319
> #18 0x00007fffdad9f1ca in gcc3::callVirtualMethod(void*, unsigned int,
> void*, _typelib_TypeDescriptionReference*, bool, unsigned long*, unsigned
> int, unsigned long*, double*) (pThis=0x2b09548, nVtableIndex=13,
> pRegisterReturn=0x0, pReturnTypeRef=0x6eddd0, bSimpleReturn=true,
> pStack=0x7fffb7462140, nStack=0, pGPR=0x7fffb74621a0, pFPR=0x7fffb74621d0)
> at
> /data/opt/libreoffice/master/bridges/source/cpp_uno/gcc3_linux_x86-64/
> callvirtualmethod.cxx:133

So this is the entry point from outside via UNO and setDesignMode() as a function that is usable from the outside world should ensure to lock the SolarMutex. OControl::setDesignMode(unsigned char) should might be able to cheat and postpone that as it itself is only using UNO calls.

I havent checked if all the further stackframes until #12 are pure UNO, but assuming so for now.

But at:
> #12 0x00007fffcd6d3e1d in
> accessibility::AccessibleControlShape::modeChanged(com::sun::star::util::ModeChangeEvent
> const&) (this=0x285f960, _rSource=...) at /data/opt/libreoffice/master
> /svx/source/accessibility/AccessibleControlShape.cxx:481

just before the ReplaceChild() call, it needs a SolarMutexGuard as "modeChanged" is a UNO function and ReplaceChild is not (and thus the former cant assume to hold the SolarMutex, while the latter should assume to hold the SolarMutex).

At least that's my take on this from a quick look.
Comment 2 Commit Notification 2016-01-02 01:23:06 UTC 
Bjoern Michaelsen committed a patch related to this issue.
It has been pushed to "master":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=c1258abe50f1508ea0f628ff963bc1914ab86b67

tdf#96365: ensure holding SolarMutex before triggering core code

It will be available in 5.2.0.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.
Comment 3 Xisco Faulí 2016-09-15 20:34:53 UTC 
Hi,
Is this bug fixed?
If so, could you please close it?
Regards
Comment 4 Michael Meeks 2016-09-15 20:39:32 UTC 
Fixed thanks to Bjoern ! =) closing.