Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x42085950 (LWP 17945)] 0x0000003846a10620 in FT_List_Find (list=0x7f8430e70d10, data=0x7f8430e71380) at /usr/src/debug/freetype-2.3.5/src/base/ftutil.c:250 250 if ( cur->data == data ) (gdb) info registers rax 0x4e00000000 335007449088 rbx 0x7f8431345670 140205737924208 rcx 0x0 0 rdx 0x7f8431345670 140205737924208 rsi 0x7f8430e71380 140205732860800 rdi 0x7f8430e70d10 140205732859152 rbp 0x7f8430e70ce0 0x7f8430e70ce0 rsp 0x42084998 0x42084998 r8 0x32ec930 53397808 r9 0x3dd2f660e0 265532367072 r10 0x0 0 r11 0x0 0 r12 0x7f8430e71380 140205732860800 r13 0x7f8430e70d10 140205732859152 r14 0x0 0 r15 0x42084b70 1107839856 rip 0x3846a10620 0x3846a10620 <FT_List_Find+16> eflags 0x10206 [ PF IF RF ] cs 0x33 51 ss 0x2b 43 ds 0x0 0 es 0x0 0 fs 0x63 99 gs 0x0 0 fctrl 0x37f 895 fstat 0x0 0 ftag 0xffff 65535 fiseg 0x0 0 fioff 0x0 0 foseg 0x0 0 fooff 0x0 0 fop 0x0 0 mxcsr 0x1fa0 [ PE IM DM ZM OM UM PM ] (gdb) where #0 0x0000003846a10620 in FT_List_Find (list=0x7f8430e70d10, data=0x7f8430e71380) at /usr/src/debug/freetype-2.3.5/src/base/ftutil.c:250 #1 0x0000003846a10ef4 in FT_Done_Face (face=<value optimized out>) at /usr/src/debug/freetype-2.3.5/src/base/ftobjs.c:1964 #2 0x000000316a00c4ac in _cairo_user_data_array_fini ( array=<value optimized out>) at cairo-array.c:378 #3 0x000000316a00faeb in cairo_font_face_destroy ( font_face=<value optimized out>) at cairo-font-face.c:144 #4 0x000000316a050e85 in _cairo_ft_unscaled_font_destroy ( abstract_font=<value optimized out>) at cairo-ft-font.c:493 #5 0x000000316a00f952 in _cairo_unscaled_font_destroy ( unscaled_font=<value optimized out>) at cairo-font-face.c:531 #6 0x000000316a01c2a9 in _cairo_scaled_font_fini ( scaled_font=<value optimized out>) at cairo-scaled-font.c:587 #7 0x000000316a01c387 in cairo_scaled_font_destroy ( scaled_font=<value optimized out>) at cairo-scaled-font.c:843 #8 0x000000316a010d22 in _cairo_gstate_unset_scaled_font ( gstate=<value optimized out>) at cairo-gstate.c:1219 #9 0x000000316a010d72 in _cairo_gstate_set_font_face ( gstate=<value optimized out>, font_face=<value optimized out>) at cairo-gstate.c:1492 #10 0x000000316a009ea9 in cairo_set_font_face (cr=<value optimized out>, font_face=<value optimized out>) at cairo.c:2688 #11 0x00007f8444fae9c1 in CairoOutputDev::updateFont () from /usr/lib64/libpoppler-glib.so.3 #12 0x000000331f2b42ad in Gfx::opShowSpaceText () from /usr/lib64/libpoppler.so.3 #13 0x000000331f2ab9ec in Gfx::go () from /usr/lib64/libpoppler.so.3 #14 0x000000331f2b20d6 in Gfx::display () from /usr/lib64/libpoppler.so.3 #15 0x000000331f2f7c10 in Page::displaySlice () from /usr/lib64/libpoppler.so.3 #16 0x00007f8444fa794f in ?? () from /usr/lib64/libpoppler-glib.so.3 #17 0x00007f843e85b506 in pdf_document_render (document=<value optimized out>, rc=0x26d5c80) at ev-poppler.cc:488 #18 0x000000000041d83b in ev_job_render_run (job=0x2934990) at ev-jobs.c:372 #19 0x000000000041bbb3 in handle_job (job=0x2934990) at ev-job-queue.c:137 #20 0x000000000041c10a in ev_render_thread (data=<value optimized out>) at ev-job-queue.c:264 #21 0x000000331a660434 in ?? () from /lib64/libglib-2.0.so.0 #22 0x0000003dd380729a in start_thread () from /lib64/libpthread.so.0 #23 0x0000003dd2ce42cd in clone () from /lib64/libc.so.6 (gdb) disassemble Dump of assembler code for function FT_List_Find: 0x0000003846a10610 <FT_List_Find+0>: mov (%rdi),%rax 0x0000003846a10613 <FT_List_Find+3>: test %rax,%rax 0x0000003846a10616 <FT_List_Find+6>: je 0x3846a1063a <FT_List_Find+42> 0x0000003846a10618 <FT_List_Find+8>: cmp %rsi,0x10(%rax) 0x0000003846a1061c <FT_List_Find+12>: jne 0x3846a1062a <FT_List_Find+26> 0x0000003846a1061e <FT_List_Find+14>: jmp 0x3846a1063c <FT_List_Find+44> 0x0000003846a10620 <FT_List_Find+16>: cmp %rsi,0x10(%rax) 0x0000003846a10624 <FT_List_Find+20>: nopl 0x0(%rax) 0x0000003846a10628 <FT_List_Find+24>: je 0x3846a1063a <FT_List_Find+42> 0x0000003846a1062a <FT_List_Find+26>: mov 0x8(%rax),%rax 0x0000003846a1062e <FT_List_Find+30>: test %rax,%rax 0x0000003846a10631 <FT_List_Find+33>: nopl 0x0(%rax) 0x0000003846a10638 <FT_List_Find+40>: jne 0x3846a10620 <FT_List_Find+16> 0x0000003846a1063a <FT_List_Find+42>: repz retq 0x0000003846a1063c <FT_List_Find+44>: repz retq End of assembler dump. (gdb) l 250 245 246 247 cur = list->head; 248 while ( cur ) 249 { 250 if ( cur->data == data ) 251 return cur; 252 253 cur = cur->next; 254 } $ rpm -q freetype evince freetype-2.3.5-6.fc9.x86_64 freetype-2.3.5-6.fc9.i386 evince-2.22.2-1.fc9.x86_64
Not 100% reproducible. Run 2 instances of evince and then resize the top one to see the other underlying. After a while, when having luck, this occurs.
This one even more interesting. See FT_Done_Face+49 and crashing FT_Done_Face+56. Program received signal SIGBUS, Bus error. [Switching to Thread 0x40cd7950 (LWP 18064)] FT_Done_Face (face=<value optimized out>) at /usr/src/debug/freetype-2.3.5/src/base/ftobjs.c:1961 1961 memory = driver->root.memory; (gdb) where #0 FT_Done_Face (face=<value optimized out>) at /usr/src/debug/freetype-2.3.5/src/base/ftobjs.c:1961 #1 0x000000316a00c4ac in _cairo_user_data_array_fini ( array=<value optimized out>) at cairo-array.c:378 #2 0x000000316a00faeb in cairo_font_face_destroy ( font_face=<value optimized out>) at cairo-font-face.c:144 #3 0x000000316a050e85 in _cairo_ft_unscaled_font_destroy ( abstract_font=<value optimized out>) at cairo-ft-font.c:493 #4 0x000000316a00f952 in _cairo_unscaled_font_destroy ( unscaled_font=<value optimized out>) at cairo-font-face.c:531 #5 0x000000316a01c2a9 in _cairo_scaled_font_fini ( scaled_font=<value optimized out>) at cairo-scaled-font.c:587 #6 0x000000316a01c387 in cairo_scaled_font_destroy ( scaled_font=<value optimized out>) at cairo-scaled-font.c:843 #7 0x000000316a010d22 in _cairo_gstate_unset_scaled_font ( gstate=<value optimized out>) at cairo-gstate.c:1219 #8 0x000000316a010d72 in _cairo_gstate_set_font_face ( gstate=<value optimized out>, font_face=<value optimized out>) at cairo-gstate.c:1492 #9 0x000000316a009ea9 in cairo_set_font_face (cr=<value optimized out>, font_face=<value optimized out>) at cairo.c:2688 #10 0x00007fae7e6cd9c1 in CairoOutputDev::updateFont () from /usr/lib64/libpoppler-glib.so.3 #11 0x000000331f2b42ad in Gfx::opShowSpaceText () from /usr/lib64/libpoppler.so.3 #12 0x000000331f2ab9ec in Gfx::go () from /usr/lib64/libpoppler.so.3 #13 0x000000331f2b20d6 in Gfx::display () from /usr/lib64/libpoppler.so.3 #14 0x000000331f2f7c10 in Page::displaySlice () from /usr/lib64/libpoppler.so.3 #15 0x00007fae7e6c694f in ?? () from /usr/lib64/libpoppler-glib.so.3 #16 0x00007fae73dfd506 in pdf_document_render (document=<value optimized out>, rc=0x1c59e40) at ev-poppler.cc:488 #17 0x000000000041d83b in ev_job_render_run (job=0x7fae69f9e020) at ev-jobs.c:372 #18 0x000000000041bbb3 in handle_job (job=0x7fae69f9e020) at ev-job-queue.c:137 #19 0x000000000041c10a in ev_render_thread (data=<value optimized out>) at ev-job-queue.c:264 #20 0x000000331a660434 in ?? () from /lib64/libglib-2.0.so.0 #21 0x0000003dd380729a in start_thread () from /lib64/libpthread.so.0 #22 0x0000003dd2ce42cd in clone () from /lib64/libc.so.6 (gdb) l 1956 1957 error = FT_Err_Invalid_Face_Handle; 1958 if ( face && face->driver ) 1959 { 1960 driver = face->driver; 1961 memory = driver->root.memory; 1962 1963 /* find face in driver's list */ 1964 node = FT_List_Find( &driver->faces_list, face ); 1965 if ( node ) (gdb) disassemble Dump of assembler code for function FT_Done_Face: 0x0000003846a10eb0 <FT_Done_Face+0>: mov %r12,-0x18(%rsp) 0x0000003846a10eb5 <FT_Done_Face+5>: mov %rbx,-0x28(%rsp) 0x0000003846a10eba <FT_Done_Face+10>: mov %rdi,%r12 0x0000003846a10ebd <FT_Done_Face+13>: mov %rbp,-0x20(%rsp) 0x0000003846a10ec2 <FT_Done_Face+18>: mov %r13,-0x10(%rsp) 0x0000003846a10ec7 <FT_Done_Face+23>: mov %r14,-0x8(%rsp) 0x0000003846a10ecc <FT_Done_Face+28>: sub $0x28,%rsp 0x0000003846a10ed0 <FT_Done_Face+32>: test %rdi,%rdi 0x0000003846a10ed3 <FT_Done_Face+35>: je 0x3846a10f40 <FT_Done_Face+144> 0x0000003846a10ed5 <FT_Done_Face+37>: mov 0xb0(%rdi),%rbp 0x0000003846a10edc <FT_Done_Face+44>: test %rbp,%rbp 0x0000003846a10edf <FT_Done_Face+47>: je 0x3846a10f40 <FT_Done_Face+144> 0x0000003846a10ee1 <FT_Done_Face+49>: lea 0x30(%rbp),%r13 0x0000003846a10ee5 <FT_Done_Face+53>: mov %rdi,%rsi 0x0000003846a10ee8 <FT_Done_Face+56>: mov 0x10(%rbp),%r14 0x0000003846a10eec <FT_Done_Face+60>: mov %r13,%rdi 0x0000003846a10eef <FT_Done_Face+63>: callq 0x3846a0c088 <FT_List_Find@plt> 0x0000003846a10ef4 <FT_Done_Face+68>: test %rax,%rax 0x0000003846a10ef7 <FT_Done_Face+71>: mov %rax,%rbx 0x0000003846a10efa <FT_Done_Face+74>: je 0x3846a10f40 <FT_Done_Face+144> 0x0000003846a10efc <FT_Done_Face+76>: mov %rax,%rsi 0x0000003846a10eff <FT_Done_Face+79>: mov %r13,%rdi 0x0000003846a10f02 <FT_Done_Face+82>: callq 0x3846a0b968 <FT_List_Remove@plt> 0x0000003846a10f07 <FT_Done_Face+87>: mov %rbx,%rsi 0x0000003846a10f0a <FT_Done_Face+90>: mov %r14,%rdi 0x0000003846a10f0d <FT_Done_Face+93>: callq 0x3846a0b5c8 <ft_mem_free@plt> 0x0000003846a10f12 <FT_Done_Face+98>: mov %rbp,%rdx 0x0000003846a10f15 <FT_Done_Face+101>: mov %r12,%rsi 0x0000003846a10f18 <FT_Done_Face+104>: mov %r14,%rdi 0x0000003846a10f1b <FT_Done_Face+107>: callq 0x3846a10dc0 <destroy_face> 0x0000003846a10f20 <FT_Done_Face+112>: xor %eax,%eax 0x0000003846a10f22 <FT_Done_Face+114>: mov (%rsp),%rbx 0x0000003846a10f26 <FT_Done_Face+118>: mov 0x8(%rsp),%rbp 0x0000003846a10f2b <FT_Done_Face+123>: mov 0x10(%rsp),%r12 0x0000003846a10f30 <FT_Done_Face+128>: mov 0x18(%rsp),%r13 0x0000003846a10f35 <FT_Done_Face+133>: mov 0x20(%rsp),%r14 0x0000003846a10f3a <FT_Done_Face+138>: add $0x28,%rsp 0x0000003846a10f3e <FT_Done_Face+142>: retq 0x0000003846a10f3f <FT_Done_Face+143>: nop 0x0000003846a10f40 <FT_Done_Face+144>: mov $0x23,%eax 0x0000003846a10f45 <FT_Done_Face+149>: jmp 0x3846a10f22 <FT_Done_Face+114> End of assembler dump. (gdb) info registers rax 0x7fae7e6cab10 140387422087952 rbx 0x7fae74a6e3d0 140387258131408 rcx 0x0 0 rdx 0x7fae74a6e3d0 140387258131408 rsi 0x7fae74a72320 140387258147616 rdi 0x7fae74a72320 140387258147616 rbp 0x4072c00000000000 0x4072c00000000000 rsp 0x40cd69a0 0x40cd69a0 r8 0x7fae6c5fe5f0 140387119261168 r9 0x3dd2f660e0 265532367072 r10 0x0 0 r11 0x0 0 r12 0x7fae74a72320 140387258147616 r13 0x4072c00000000030 4643985272004935728 r14 0x1 1 r15 0x40cd6b70 1087204208 rip 0x3846a10ee8 0x3846a10ee8 <FT_Done_Face+56> eflags 0x10206 [ PF IF RF ] cs 0x33 51 ss 0x2b 43 ds 0x0 0 es 0x0 0 fs 0x63 99 gs 0x0 0 fctrl 0x37f 895 fstat 0x0 0 ftag 0xffff 65535 fiseg 0x0 0 fioff 0x0 0 foseg 0x0 0 fooff 0x0 0 fop 0x0 0 mxcsr 0x1fa0 [ PE IM DM ZM OM UM PM ]
Created attachment 310245 [details] /proc/PID/maps of evince
Well the sequence is: open evince, open next document, X: open yet another document, close it, do the resize. If not successfull go to the step X. The rbp and rip is always the same: rbp 0x4072c00000000000 0x4072c00000000000 ... rip 0x3846a10ee8 0x3846a10ee8 <FT_Done_Face+56>
This message is a reminder that Fedora 9 is nearing its end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 9. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '9'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 9's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 9 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug to the applicable version. If you are unable to change the version, please add a comment here and someone will do it for you. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Fedora 9 changed to end-of-life (EOL) status on 2009-07-10. Fedora 9 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. Thank you for reporting this bug and we are sorry it could not be fixed.