SIGBUS in unref at GSmartPointer.h:351
Submitted by Igor Gnatenko
Link to original bug (#722796)
Description
Crash in thread 6.
Program received signal SIGBUS, Bus error.
[Switching to Thread 0x7fffe2656700 (LWP 24494)]
0x00007fffe80de50c in unref (this=0x7fffe26558e0) at GSmartPointer.h:351
351 if (! atomicDecrement(&count))
(gdb) thread apply all bt full
Thread 6 (Thread 0x7fffe2656700 (LWP 24494)):
#0 0x00007fffe80de50c in unref (this=0x7fffe26558e0) at GSmartPointer.h:351
No locals.
#1 DJVU::GPBase::assign (this=this@entry=0x7fffe8422920 <minivar_t::vars>, sptr=...) at GSmartPointer.cpp:132
lockb = <optimized out>
nptr = 0x7fffc80ba2b0
locka = 0x7fffe841c7d0 <DJVU::locks+144>
old = 0x7fffe26558e0
#2 0x00007fffe8179871 in operator= (sptr=..., this=0x7fffe8422920 <minivar_t::vars>) at GSmartPointer.h:466
No locals.
#3 DJVU::DjVmNav::getBookMark (this=0x7fffc8035e90, gpBookMark=..., iPos=<optimized out>) at DjVmNav.cpp:245
pos = {<DJVU::GCont> = {<No data fields>}, ptr = 0x7fffc80ba380, cont = 0x7fffc8035f08}
#4 0x00007fffe81b5aab in outline_sub (nav=..., pos=@0x7fffe2655b8c: 572, count=4) at ddjvuapi.cpp:3493
entry = {<DJVU::GPBase> = {ptr = 0x7fffc80ba1a0}, <No data fields>}
p = {data = 0xc15220, next = 0x7fffffffd810, pprev = 0x7fffe26559b8}
q = {data = 0xc15230, next = 0x7fffe2655990, pprev = 0x7fffe26559d8}
s = {data = 0xbfdc71, next = 0x7fffe26559b0, pprev = 0x7fffe8422920 <minivar_t::vars>}
#5 0x00007fffe81b5abe in outline_sub (nav=..., pos=@0x7fffe2655b8c: 572, count=2) at ddjvuapi.cpp:3494
entry = {<DJVU::GPBase> = {ptr = 0x7fffc80b9ea0}, <No data fields>}
p = {data = 0xc15420, next = 0x7fffffffd8c0, pprev = 0x7fffe2655a68}
q = {data = 0xc15430, next = 0x7fffe2655a40, pprev = 0x7fffe2655a88}
s = {data = 0xbfddc1, next = 0x7fffe2655a60, pprev = 0x7fffffffd7d8}
#6 0x00007fffe81b5abe in outline_sub (nav=..., pos=@0x7fffe2655b8c: 572, count=596) at ddjvuapi.cpp:3494
entry = {<DJVU::GPBase> = {ptr = 0x7fffc80b88e0}, <No data fields>}
p = {data = 0xc160b0, next = 0x7fffe2655ba0, pprev = 0x7fffe2655b18}
q = {data = 0xc160c0, next = 0x7fffe2655af0, pprev = 0x7fffe2655b38}
s = {data = 0xbfe641, next = 0x7fffe2655b10, pprev = 0x7fffffffd938}
#7 0x00007fffe81bc702 in ddjvu_document_get_outline (document=0x7fffc4007e10) at ddjvuapi.cpp:3521
nav = {<DJVU::GPBase> = {ptr = 0x7fffc8035e90}, <No data fields>}
result = {data = 0x0, next = 0x7fffc4007f48, pprev = 0x7fffe2655af8}
pos = 572
status = <optimized out>
doc = 0x7fffc4008bf0
__func__ = "ddjvu_document_get_outline"
#8 0x00007fffe8442f08 in djvu_links_get_links_model (document_links=<optimized out>) at djvu-links.c:462
djvu_document = 0x9a7f30
model = 0x0
outline = <optimized out>
#9 0x00000031ac21b75a in ev_job_links_run (job=0x7ff680) at ev-jobs.c:388
job_links = 0x7ff680
#10 0x00000031ac21d58a in ev_job_thread (job=0x7ff680) at ev-job-scheduler.c:184
result = <optimized out>
---Type <return> to continue, or q <return> to quit---
#11 ev_job_thread_proxy (data=<optimized out>) at ev-job-scheduler.c:217
job = 0xc9fb00
#12 0x000000319a26f705 in g_thread_proxy (data=0xac7f70) at gthread.c:798
thread = 0xac7f70
#13 0x0000003197e08173 in start_thread (arg=0x7fffe2656700) at pthread_create.c:309
__res = <optimized out>
pd = 0x7fffe2656700
now = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140736991684352, 753201470930488151, 1, 3, 140736991684352, 140737488345552, -753178152362243241, 725298885150837591},
mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <optimized out>
pagesize_m1 = <optimized out>
sp = <optimized out>
freesize = <optimized out>
__PRETTY_FUNCTION__ = "start_thread"
#14 0x00000031976fc37d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
No locals.
Thread 5 (Thread 0x7fffe8ed3700 (LWP 24493)):
#0 0x00000031976f1fad in poll () at ../sysdeps/unix/syscall-template.S:81
No locals.
#1 0x000000319a249b04 in g_main_context_poll (priority=2147483647, n_fds=1, fds=0x7fffcc0010c0, timeout=-1, context=0xac75e0) at gmain.c:4008
poll_func = 0x319a258a00 <g_poll>
#2 g_main_context_iterate (context=context@entry=0xac75e0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3709
max_priority = 2147483647
timeout = -1
some_ready = <optimized out>
nfds = 1
allocated_nfds = 1
fds = 0x7fffcc0010c0
#3 0x000000319a249c2c in g_main_context_iteration (context=0xac75e0, may_block=1) at gmain.c:3775
retval = <optimized out>
#4 0x00007fffe8ee229d in dconf_gdbus_worker_thread () from /usr/lib64/gio/modules/libdconfsettings.so
No symbol table info available.
#5 0x000000319a26f705 in g_thread_proxy (data=0xac20f0) at gthread.c:798
thread = 0xac20f0
#6 0x0000003197e08173 in start_thread (arg=0x7fffe8ed3700) at pthread_create.c:309
__res = <optimized out>
pd = 0x7fffe8ed3700
now = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140737101248256, 753201470930488151, 1, 3, 140737101248256, 140737488343008, -753163931188655273, 725298885150837591},
mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <optimized out>
---Type <return> to continue, or q <return> to quit---
pagesize_m1 = <optimized out>
sp = <optimized out>
freesize = <optimized out>
__PRETTY_FUNCTION__ = "start_thread"
#7 0x00000031976fc37d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
No locals.
Thread 4 (Thread 0x7fffeb379700 (LWP 24492)):
#0 0x00000031976f1fad in poll () at ../sysdeps/unix/syscall-template.S:81
No locals.
#1 0x000000319a249b04 in g_main_context_poll (priority=2147483647, n_fds=2, fds=0x7fffdc0008c0, timeout=4465, context=0x75d8f0) at gmain.c:4008
poll_func = 0x319a258a00 <g_poll>
#2 g_main_context_iterate (context=context@entry=0x75d8f0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3709
max_priority = 2147483647
timeout = 4465
some_ready = <optimized out>
nfds = 2
allocated_nfds = 2
fds = 0x7fffdc0008c0
#3 0x000000319a249c2c in g_main_context_iteration (context=0x75d8f0, may_block=may_block@entry=1) at gmain.c:3775
retval = <optimized out>
#4 0x000000319a249c69 in glib_worker_main (data=<optimized out>) at gmain.c:5505
No locals.
#5 0x000000319a26f705 in g_thread_proxy (data=0x7ff720) at gthread.c:798
thread = 0x7ff720
#6 0x0000003197e08173 in start_thread (arg=0x7fffeb379700) at pthread_create.c:309
__res = <optimized out>
pd = 0x7fffeb379700
now = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140737139676928, 753201470930488151, 1, 3, 140737139676928, 140737488343552, -753157972995273897, 725298885150837591},
mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <optimized out>
pagesize_m1 = <optimized out>
sp = <optimized out>
freesize = <optimized out>
__PRETTY_FUNCTION__ = "start_thread"
#7 0x00000031976fc37d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
No locals.
Thread 3 (Thread 0x7fffebb7a700 (LWP 24487)):
#0 pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:238
No locals.
#1 0x000000319a28bd95 in g_cond_wait_until (cond=cond@entry=0x7d3d38, mutex=mutex@entry=0x7d3d30, end_time=end_time@entry=20420091670) at gthread-posix.c:870
---Type <return> to continue, or q <return> to quit---
ts = {tv_sec = 20420, tv_nsec = 91670000}
status = <optimized out>
#2 0x000000319a21f1e1 in g_async_queue_pop_intern_unlocked (queue=0x7d3d30, wait=wait@entry=1, end_time=20420091670) at gasyncqueue.c:424
retval = <optimized out>
__FUNCTION__ = "g_async_queue_pop_intern_unlocked"
#3 0x000000319a21f7d8 in g_async_queue_timeout_pop_unlocked (queue=<optimized out>, timeout=timeout@entry=500000) at gasyncqueue.c:572
end_time = <optimized out>
#4 0x000000319a270062 in g_thread_pool_wait_for_new_task (pool=0x7d3cd0) at gthreadpool.c:264
task = <optimized out>
#5 g_thread_pool_thread_proxy (data=<optimized out>) at gthreadpool.c:298
task = 0x827030
pool = 0x7d3cd0
#6 0x000000319a26f705 in g_thread_proxy (data=0x84c6d0) at gthread.c:798
thread = 0x84c6d0
#7 0x0000003197e08173 in start_thread (arg=0x7fffebb7a700) at pthread_create.c:309
__res = <optimized out>
pd = 0x7fffebb7a700
now = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140737148069632, 753201470930488151, 1, 3, 140737148069632, 140737488344752, -753156872946775209, 725298885150837591},
mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <optimized out>
pagesize_m1 = <optimized out>
sp = <optimized out>
freesize = <optimized out>
__PRETTY_FUNCTION__ = "start_thread"
#8 0x00000031976fc37d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
No locals.
Thread 2 (Thread 0x7ffff0d89700 (LWP 24486)):
#0 0x00000031976f1fad in poll () at ../sysdeps/unix/syscall-template.S:81
No locals.
#1 0x000000319a249b04 in g_main_context_poll (priority=2147483647, n_fds=3, fds=0x7fffec0010e0, timeout=-1, context=0x6ef010) at gmain.c:4008
poll_func = 0x319a258a00 <g_poll>
#2 g_main_context_iterate (context=0x6ef010, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3709
max_priority = 2147483647
timeout = -1
some_ready = <optimized out>
nfds = 3
allocated_nfds = 3
fds = 0x7fffec0010e0
#3 0x000000319a249e4a in g_main_loop_run (loop=0x6eefa0) at gmain.c:3908
__FUNCTION__ = "g_main_loop_run"
#4 0x000000319b2e1d76 in gdbus_shared_thread_func (user_data=0x6eefe0) at gdbusprivate.c:275
---Type <return> to continue, or q <return> to quit---
data = 0x6eefe0
#5 0x000000319a26f705 in g_thread_proxy (data=0x69d8a0) at gthread.c:798
thread = 0x69d8a0
#6 0x0000003197e08173 in start_thread (arg=0x7ffff0d89700) at pthread_create.c:309
__res = <optimized out>
pd = 0x7ffff0d89700
now = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140737234114304, 753201470930488151, 1, 3, 140737234114304, 140737488342512, -753217080335201449, 725298885150837591},
mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <optimized out>
pagesize_m1 = <optimized out>
sp = <optimized out>
freesize = <optimized out>
__PRETTY_FUNCTION__ = "start_thread"
#7 0x00000031976fc37d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
No locals.
Thread 1 (Thread 0x7ffff76f2a00 (LWP 24481)):
#0 0x00007fffe80cebc8 in DJVU::GListBase::nth (this=this@entry=0x7fffc8035f08, n=176) at GContainer.cpp:589
p = 0x7fffc80302d0
#1 0x00007fffe8179848 in nth (n=<optimized out>, this=<optimized out>) at GContainer.h:932
No locals.
#2 DJVU::DjVmNav::getBookMark (this=0x7fffc8035e90, gpBookMark=..., iPos=<optimized out>) at DjVmNav.cpp:243
pos = {<DJVU::GCont> = {<No data fields>}, ptr = 0x7fffc80a72f0, cont = 0xcd0ab0}
#3 0x00007fffe81b5aab in outline_sub (nav=..., pos=@0x7fffffffd91c: 276, count=1) at ddjvuapi.cpp:3493
entry = {<DJVU::GPBase> = {ptr = 0x7fffc80a7290}, <No data fields>}
p = {data = 0xc14fb0, next = 0x7fffe2655a80, pprev = 0x7fffffffd7f8}
q = {data = 0xc14fc0, next = 0x7fffffffd7d0, pprev = 0x7fffffffd818}
s = {data = 0xbfdad1, next = 0x7fffffffd7f0, pprev = 0x7fffe2655998}
#4 0x00007fffe81b5abe in outline_sub (nav=..., pos=@0x7fffffffd91c: 276, count=611) at ddjvuapi.cpp:3494
entry = {<DJVU::GPBase> = {ptr = 0x7fffc80a5d90}, <No data fields>}
p = {data = 0xc154b0, next = 0x7fffffffd930, pprev = 0x7fffffffd8a8}
q = {data = 0xc154c0, next = 0x7fffffffd880, pprev = 0x7fffffffd8c8}
s = {data = 0xbfde31, next = 0x7fffffffd8a0, pprev = 0x7fffe2655a48}
#5 0x00007fffe81bc702 in ddjvu_document_get_outline (document=0x7fffc4007e10) at ddjvuapi.cpp:3521
nav = {<DJVU::GPBase> = {ptr = 0x7fffc8035e90}, <No data fields>}
result = {data = 0x0, next = 0x7fffe2655b30, pprev = 0x7fffffffd888}
pos = 276
status = <optimized out>
doc = 0x7fffc4008bf0
__func__ = "ddjvu_document_get_outline"
#6 0x00007fffe8442628 in djvu_links_has_document_links (document_links=<optimized out>) at djvu-links.c:373
djvu_document = 0x9a7f30
---Type <return> to continue, or q <return> to quit---
outline = <optimized out>
#7 0x000000000043f853 in ev_sidebar_links_support_document (sidebar_page=<optimized out>, document=0x9a7f30) at ev-sidebar-links.c:719
No locals.
#8 0x000000000042fbe5 in ev_window_sidebar_set_current_page (page_id=0xb00270 "links", window=0x75aea0) at ev-window.c:997
links = 0xa52580
layers = 0xa8b260
bookmarks = 0xa529d0
document = 0x9a7f30
sidebar = 0xa52410
thumbs = 0xa40f60
attachments = 0xa8b110
annots = 0xa526f0
#9 setup_sidebar_from_metadata (window=0x75aea0) at ev-window.c:1116
page_id = 0xb00270 "links"
sidebar_size = 132
#10 setup_document_from_metadata (window=window@entry=0x75aea0) at ev-window.c:1216
page = <optimized out>
n_pages = <optimized out>
width = -1433317792
height = 49
width_ratio = 0
height_ratio = 5.3469918556529735e-317
#11 0x0000000000434fec in ev_window_load_job_cb (job=0xac7f20, data=<optimized out>) at ev-window.c:1669
ev_window = 0x75aea0
document = 0x9a7f30
job_load = 0xac7f20
text = <optimized out>
display_name = <optimized out>
__FUNCTION__ = "ev_window_load_job_cb"
#12 0x000000319aa10277 in _g_closure_invoke_va (closure=closure@entry=0xafcd70, return_value=return_value@entry=0x0, instance=instance@entry=0xac7f20,
args=args@entry=0x7fffffffdc50, n_params=0, param_types=0x0) at gclosure.c:840
marshal = 0x319aa11e30 <g_cclosure_marshal_VOID__VOIDv>
marshal_data = 0x0
in_marshal = 0
real_closure = 0xafcd50
__FUNCTION__ = "_g_closure_invoke_va"
#13 0x000000319aa2a2b7 in g_signal_emit_valist (instance=0xac7f20, signal_id=<optimized out>, detail=0, var_args=var_args@entry=0x7fffffffdc50) at gsignal.c:3220
return_accu = 0x0
accu = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0,
v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
accumulator = 0x0
emission = {next = 0x0, instance = 0xac7f20, ihint = {signal_id = 363, detail = 0, run_type = G_SIGNAL_RUN_FIRST}, state = EMISSION_RUN, chain_type = 11500224}
signal_id = 363
---Type <return> to continue, or q <return> to quit---
instance_type = 11500224
emission_return = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {
v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
rtype = 4
static_scope = 0
fastpath_handler = <optimized out>
closure = 0xafcd70
run_type = <optimized out>
l = <optimized out>
fastpath = <optimized out>
instance_and_params = <optimized out>
signal_return_type = <optimized out>
param_values = <optimized out>
node = 0xb87b10
i = <optimized out>
n_params = <optimized out>
__FUNCTION__ = "g_signal_emit_valist"
#14 0x000000319aa2af1f in g_signal_emit (instance=<optimized out>, signal_id=<optimized out>, detail=detail@entry=0) at gsignal.c:3368
var_args = {{gp_offset = 24, fp_offset = 48, overflow_arg_area = 0x7fffffffdd30, reg_save_area = 0x7fffffffdc70}}
#15 0x00000031ac219be3 in emit_finished (job=<optimized out>) at ev-jobs.c:180
job = <optimized out>
#16 0x000000319a24982a in g_main_dispatch (context=0x6aa7c0) at gmain.c:3068
dispatch = 0x319a246510 <g_idle_dispatch>
prev_source = 0x0
was_in_call = 0
user_data = 0xac7f20
callback = 0x31ac219bc0 <emit_finished>
cb_funcs = 0x319a52b8e0 <g_source_callback_funcs>
cb_data = 0x7fffc4008fd0
need_destroy = <optimized out>
source = 0x7fffc4009b50
current = 0x6d9da0
i = 0
#17 g_main_context_dispatch (context=context@entry=0x6aa7c0) at gmain.c:3643
No locals.
#18 0x000000319a249b78 in g_main_context_iterate (context=context@entry=0x6aa7c0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3714
max_priority = 2147483647
timeout = 15620
some_ready = 1
nfds = <optimized out>
allocated_nfds = 3
fds = 0x853ce0
#19 0x000000319a249c2c in g_main_context_iteration (context=0x6aa7c0, context@entry=0x0, may_block=may_block@entry=1) at gmain.c:3775
---Type <return> to continue, or q <return> to quit---
retval = <optimized out>
#20 0x000000319b2aa344 in g_application_run (application=0x6e81a0, argc=argc@entry=0, argv=argv@entry=0x0) at gapplication.c:1685
arguments = 0x853ce0
status = 0
i = <optimized out>
__FUNCTION__ = "g_application_run"
#21 0x000000000041ccd7 in main (argc=1, argv=0x7fffffffe028) at main.c:332
application = 0x6e81a0
context = <optimized out>
error = 0x0
status = <optimized out>
Version: 3.11.x