Setting the environment variable MALLOC_PERTURB_ to any non-zero value causes a crash, highlighting a use-after-free bug. [New LWP 5692] [New LWP 5693] [New LWP 5695] [New LWP 5696] [New LWP 5697] [New LWP 5700] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". warning: "/var/cache/abrt-di/usr/lib/debug/usr/lib64/libicudata.so.49.1.1.debug": separate debug info file has no debug info Core was generated by `/usr/lib64/libreoffice/program/soffice.bin trinity-presentation.odp --splash-pi'. Program terminated with signal 11, Segmentation fault. #0 0x0000003a0045d475 in SfxItemPool::Remove(SfxPoolItem const&) () from /usr/lib64/libreoffice/program/libsvllo.so Thread 6 (Thread 0x7ff35d898700 (LWP 5700)): #0 0x000000367de0b952 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0 No symbol table info available. #1 0x00000039fac37cf0 in osl_waitCondition () from /usr/lib64/libreoffice/program/../ure-link/lib/libuno_sal.so.3 No symbol table info available. #2 0x00007ff3630b924c in framework::WakeUpThread::run() () from /usr/lib64/libreoffice/program/../program/libfwklo.so No symbol table info available. #3 0x00007ff3630a14aa in threadFunc () from /usr/lib64/libreoffice/program/../program/libfwklo.so No symbol table info available. #4 0x00000039fac17bd7 in osl_thread_start_Impl () from /usr/lib64/libreoffice/program/../ure-link/lib/libuno_sal.so.3 No symbol table info available. #5 0x000000367de07d15 in start_thread () from /lib64/libpthread.so.0 No symbol table info available. #6 0x000000367daf246d in clone () from /lib64/libc.so.6 No symbol table info available. Thread 5 (Thread 0x7ff360015700 (LWP 5697)): #0 0x000000367dae998d in poll () from /lib64/libc.so.6 No symbol table info available. #1 0x00007ff36688c3f5 in x11::SelectionManager::dispatchEvent(int) () from /usr/lib64/libreoffice/program/libvclplug_genlo.so No symbol table info available. #2 0x00007ff36688c5d6 in x11::SelectionManager::run(void*) () from /usr/lib64/libreoffice/program/libvclplug_genlo.so No symbol table info available. #3 0x00000039fac17bd7 in osl_thread_start_Impl () from /usr/lib64/libreoffice/program/../ure-link/lib/libuno_sal.so.3 No symbol table info available. #4 0x000000367de07d15 in start_thread () from /lib64/libpthread.so.0 No symbol table info available. #5 0x000000367daf246d in clone () from /lib64/libc.so.6 No symbol table info available. Thread 4 (Thread 0x7ff362004700 (LWP 5696)): #0 0x000000367dae998d in poll () from /lib64/libc.so.6 No symbol table info available. #1 0x00007ff366872ab6 in ICEConnectionWorker () from /usr/lib64/libreoffice/program/libvclplug_genlo.so No symbol table info available. #2 0x00000039fac17bd7 in osl_thread_start_Impl () from /usr/lib64/libreoffice/program/../ure-link/lib/libuno_sal.so.3 No symbol table info available. #3 0x000000367de07d15 in start_thread () from /lib64/libpthread.so.0 No symbol table info available. #4 0x000000367daf246d in clone () from /lib64/libc.so.6 No symbol table info available. Thread 3 (Thread 0x7ff36413b700 (LWP 5695)): #0 0x000000367daf312d in accept () from /lib64/libc.so.6 No symbol table info available. #1 0x00000039fac12150 in osl_acceptPipe () from /usr/lib64/libreoffice/program/../ure-link/lib/libuno_sal.so.3 No symbol table info available. #2 0x000000370b6468aa in desktop::OfficeIPCThread::execute() () from /usr/lib64/libreoffice/program/libsofficeapp.so No symbol table info available. #3 0x00000039fc403d76 in salhelper::Thread::run() () from /usr/lib64/libreoffice/program/../ure-link/lib/libuno_salhelpergcc3.so.3 No symbol table info available. #4 0x00000039fc403fea in threadFunc () from /usr/lib64/libreoffice/program/../ure-link/lib/libuno_salhelpergcc3.so.3 No symbol table info available. #5 0x00000039fac17bd7 in osl_thread_start_Impl () from /usr/lib64/libreoffice/program/../ure-link/lib/libuno_sal.so.3 No symbol table info available. #6 0x000000367de07d15 in start_thread () from /lib64/libpthread.so.0 No symbol table info available. #7 0x000000367daf246d in clone () from /lib64/libc.so.6 No symbol table info available. Thread 2 (Thread 0x7ff36e4d3700 (LWP 5693)): #0 0x000000367de0b952 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0 No symbol table info available. #1 0x00000039fac1df09 in rtl_cache_wsupdate_all(void*) () from /usr/lib64/libreoffice/program/../ure-link/lib/libuno_sal.so.3 No symbol table info available. #2 0x000000367de07d15 in start_thread () from /lib64/libpthread.so.0 No symbol table info available. #3 0x000000367daf246d in clone () from /lib64/libc.so.6 No symbol table info available. Thread 1 (Thread 0x7ff36e4f4980 (LWP 5692)): #0 0x0000003a0045d475 in SfxItemPool::Remove(SfxPoolItem const&) () from /usr/lib64/libreoffice/program/libsvllo.so No symbol table info available. #1 0x000000370c2cffcc in CharAttribList::OptimizeRanges(SfxItemPool&) () from /usr/lib64/libreoffice/program/../program/libeditenglo.so No symbol table info available. #2 0x000000370c32a85b in ImpEditEngine::GetAttribs(unsigned short, unsigned short, unsigned short, unsigned char) const () from /usr/lib64/libreoffice/program/../program/libeditenglo.so No symbol table info available. #3 0x000000370c2d625b in EditEngine::GetAttribs(unsigned short, unsigned short, unsigned short, unsigned char) const () from /usr/lib64/libreoffice/program/../program/libeditenglo.so No symbol table info available. #4 0x000000370c3a6dd7 in SvxOutlinerForwarder::GetAttribs(ESelection const&, unsigned char) const () from /usr/lib64/libreoffice/program/../program/libeditenglo.so No symbol table info available. #5 0x000000370c3b416d in SvxUnoTextRangeBase::_setPropertyValues(com::sun::star::uno::Sequence<rtl::OUString> const&, com::sun::star::uno::Sequence<com::sun::star::uno::Any> const&, int) () from /usr/lib64/libreoffice/program/../program/libeditenglo.so No symbol table info available. #6 0x0000003a0406100e in SvXMLImportPropertyMapper::_FillMultiPropertySet(std::vector<XMLPropertyState, std::allocator<XMLPropertyState> > const&, com::sun::star::uno::Reference<com::sun::star::beans::XMultiPropertySet> const&, com::sun::star::uno::Reference<com::sun::star::beans::XPropertySetInfo> const&, UniReference<XMLPropertySetMapper> const&, _ContextID_Index_Pair*) () from /usr/lib64/libreoffice/program/../program/libxolo.so No symbol table info available. #7 0x0000003a040612e4 in SvXMLImportPropertyMapper::FillPropertySet(std::vector<XMLPropertyState, std::allocator<XMLPropertyState> > const&, com::sun::star::uno::Reference<com::sun::star::beans::XPropertySet>, _ContextID_Index_Pair*) const () from /usr/lib64/libreoffice/program/../program/libxolo.so No symbol table info available. #8 0x0000003a0412f9ac in XMLTextStyleContext::FillPropertySet(com::sun::star::uno::Reference<com::sun::star::beans::XPropertySet> const&) () from /usr/lib64/libreoffice/program/../program/libxolo.so No symbol table info available. #9 0x0000003a040f9717 in XMLTextImportHelper::SetStyleAndAttrs(SvXMLImport&, com::sun::star::uno::Reference<com::sun::star::text::XTextCursor> const&, rtl::OUString const&, unsigned char, unsigned char, signed char, unsigned char) () from /usr/lib64/libreoffice/program/../program/libxolo.so No symbol table info available. #10 0x0000003a0412531b in XMLParaContext::~XMLParaContext() () from /usr/lib64/libreoffice/program/../program/libxolo.so No symbol table info available. #11 0x0000003a04126239 in XMLParaContext::~XMLParaContext() () from /usr/lib64/libreoffice/program/../program/libxolo.so No symbol table info available. #12 0x0000003a03f288c3 in SvXMLImport::endElement(rtl::OUString const&) () from /usr/lib64/libreoffice/program/../program/libxolo.so No symbol table info available. #13 0x00007ff36004012d in sax_expatwrap::SaxExpatParser_Impl::callbackEndElement(void*, char const*) () from /usr/lib64/libreoffice/program/../program/expwrap.uno.so No symbol table info available. #14 0x00000036832087b0 in doContent () from /lib64/libexpat.so.1 No symbol table info available. #15 0x000000368320972e in contentProcessor () from /lib64/libexpat.so.1 No symbol table info available. #16 0x000000368320da3d in XML_ParseBuffer () from /lib64/libexpat.so.1 No symbol table info available. #17 0x00007ff36003e9d6 in sax_expatwrap::SaxExpatParser_Impl::parse() () from /usr/lib64/libreoffice/program/../program/expwrap.uno.so No symbol table info available. #18 0x00007ff3600427ae in sax_expatwrap::SaxExpatParser::parseStream(com::sun::star::xml::sax::InputSource const&) () from /usr/lib64/libreoffice/program/../program/expwrap.uno.so No symbol table info available. #19 0x00007ff35f1c4334 in ReadThroughComponent(com::sun::star::uno::Reference<com::sun::star::io::XInputStream>, com::sun::star::uno::Reference<com::sun::star::lang::XComponent>, String const&, com::sun::star::uno::Reference<com::sun::star::lang::XMultiServiceFactory>&, char const*, com::sun::star::uno::Sequence<com::sun::star::uno::Any>, rtl::OUString const&, unsigned char, unsigned char) () from /usr/lib64/libreoffice/program/../program/libsdlo.so No symbol table info available. #20 0x00007ff35f1c4c18 in ReadThroughComponent(com::sun::star::uno::Reference<com::sun::star::embed::XStorage> const&, com::sun::star::uno::Reference<com::sun::star::lang::XComponent>, char const*, char const*, com::sun::star::uno::Reference<com::sun::star::lang::XMultiServiceFactory>&, char const*, com::sun::star::uno::Sequence<com::sun::star::uno::Any>, rtl::OUString const&, unsigned char) () from /usr/lib64/libreoffice/program/../program/libsdlo.so No symbol table info available. #21 0x00007ff35f1c6921 in SdXMLFilter::Import(unsigned long&) () from /usr/lib64/libreoffice/program/../program/libsdlo.so No symbol table info available. #22 0x00007ff35f249382 in sd::DrawDocShell::Load(SfxMedium&) () from /usr/lib64/libreoffice/program/../program/libsdlo.so No symbol table info available. #23 0x000000370a8c211d in SfxObjectShell::LoadOwnFormat(SfxMedium&) () from /usr/lib64/libreoffice/program/libsfxlo.so No symbol table info available. #24 0x000000370a8cf00e in SfxObjectShell::DoLoad(SfxMedium*) () from /usr/lib64/libreoffice/program/libsfxlo.so No symbol table info available. #25 0x000000370a911b7d in SfxBaseModel::load(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) () from /usr/lib64/libreoffice/program/libsfxlo.so No symbol table info available. #26 0x000000370a94a980 in SfxFrameLoader_Impl::load(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&, com::sun::star::uno::Reference<com::sun::star::frame::XFrame> const&) () from /usr/lib64/libreoffice/program/libsfxlo.so No symbol table info available. #27 0x00007ff36310dab3 in framework::LoadEnv::impl_loadContent() () from /usr/lib64/libreoffice/program/../program/libfwklo.so No symbol table info available. #28 0x00007ff36310ef08 in framework::LoadEnv::startLoading() () from /usr/lib64/libreoffice/program/../program/libfwklo.so No symbol table info available. #29 0x00007ff363089c6e in framework::LoadDispatcher::impl_dispatch(com::sun::star::util::URL const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&, com::sun::star::uno::Reference<com::sun::star::frame::XDispatchResultListener> const&) () from /usr/lib64/libreoffice/program/../program/libfwklo.so No symbol table info available. #30 0x00007ff36308a158 in framework::LoadDispatcher::dispatchWithReturnValue(com::sun::star::util::URL const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) () from /usr/lib64/libreoffice/program/../program/libfwklo.so No symbol table info available. #31 0x00000039fe8fed24 in comphelper::SynchronousDispatch::dispatch(com::sun::star::uno::Reference<com::sun::star::uno::XInterface> const&, rtl::OUString const&, rtl::OUString const&, int, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) () from /usr/lib64/libreoffice/program/libcomphelpgcc3.so No symbol table info available. #32 0x000000370b63baf0 in desktop::DispatchWatcher::executeDispatchRequests(std::vector<desktop::DispatchWatcher::DispatchRequest, std::allocator<desktop::DispatchWatcher::DispatchRequest> > const&, bool) () from /usr/lib64/libreoffice/program/libsofficeapp.so No symbol table info available. #33 0x000000370b649851 in desktop::OfficeIPCThread::ExecuteCmdLineRequests(desktop::ProcessDocumentsRequest&) () from /usr/lib64/libreoffice/program/libsofficeapp.so No symbol table info available. #34 0x000000370b61fa75 in desktop::Desktop::OpenClients() () from /usr/lib64/libreoffice/program/libsofficeapp.so No symbol table info available. #35 0x000000370b620cbc in desktop::Desktop::OpenClients_Impl(void*) () from /usr/lib64/libreoffice/program/libsofficeapp.so No symbol table info available. #36 0x0000003709368a22 in ImplWindowFrameProc(Window*, SalFrame*, unsigned short, void const*) () from /usr/lib64/libreoffice/program/libvcllo.so No symbol table info available. #37 0x000000370937151c in SalGenericDisplay::DispatchInternalEvent() () from /usr/lib64/libreoffice/program/libvcllo.so No symbol table info available. #38 0x00007ff36766287f in GtkData::userEventFn(void*) () from /usr/lib64/libreoffice/program/libvclplug_gtklo.so No symbol table info available. #39 0x00007ff3676628f9 in call_userEventFn () from /usr/lib64/libreoffice/program/libvclplug_gtklo.so No symbol table info available. #40 0x0000003680247a75 in g_main_dispatch (context=0x15d9970) at gmain.c:2715 dispatch = 0x3680244e60 <g_idle_dispatch> was_in_call = 0 user_data = 0x159d340 callback = 0x7ff3676628d0 <call_userEventFn> cb_funcs = 0x36805219a0 <g_source_callback_funcs> cb_data = 0x1f34e70 current_source_link = {data = 0x1f4d690, next = 0x0} need_destroy = <optimized out> source = 0x1f4d690 current = 0x1ee0240 i = <optimized out> #41 g_main_context_dispatch (context=context@entry=0x15d9970) at gmain.c:3219 No locals. #42 0x0000003680247da8 in g_main_context_iterate (context=context@entry=0x15d9970, block=block@entry=0, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3290 max_priority = -100 timeout = 0 some_ready = 1 nfds = <optimized out> allocated_nfds = <optimized out> fds = 0x1f34ea0 #43 0x0000003680247e64 in g_main_context_iteration (context=0x15d9970, may_block=0) at gmain.c:3351 retval = <optimized out> #44 0x00007ff367662611 in GtkData::Yield(bool, bool) () from /usr/lib64/libreoffice/program/libvclplug_gtklo.so No symbol table info available. #45 0x00000037090f76f4 in Application::Yield(bool) () from /usr/lib64/libreoffice/program/libvcllo.so No symbol table info available. #46 0x00000037090f7797 in Application::Execute() () from /usr/lib64/libreoffice/program/libvcllo.so No symbol table info available. #47 0x000000370b61e450 in desktop::Desktop::Main() () from /usr/lib64/libreoffice/program/libsofficeapp.so No symbol table info available. #48 0x00000037090ffba9 in ImplSVMain() () from /usr/lib64/libreoffice/program/libvcllo.so No symbol table info available. #49 0x00000037090ffc35 in SVMain() () from /usr/lib64/libreoffice/program/libvcllo.so No symbol table info available. #50 0x000000370b64ac35 in soffice_main () from /usr/lib64/libreoffice/program/libsofficeapp.so No symbol table info available. #51 0x00000000004006fb in main () No symbol table info available. From To Syms Read Shared Object Library 0x00000039fac10a60 0x00000039fac3f994 Yes (*) /usr/lib64/libreoffice/program/../ure-link/lib/libuno_sal.so.3 0x000000370b611b80 0x000000370b65dfb0 Yes (*) /usr/lib64/libreoffice/program/libsofficeapp.so 0x0000003681a5bb80 0x0000003681ac10bb Yes /lib64/libstdc++.so.6 0x000000367ee055b0 0x000000367ee6fd68 Yes (*) /lib64/libm.so.6 0x000000367fa02a40 0x000000367fa12168 Yes /lib64/libgcc_s.so.1 0x000000367da1f1a0 0x000000367db60940 Yes (*) /lib64/libc.so.6 0x000000367de05790 0x000000367de104b4 Yes (*) /lib64/libpthread.so.0 0x000000367e200ed0 0x000000367e2019f0 Yes (*) /lib64/libdl.so.2 0x00000039fe861050 0x00000039fe93cfbc Yes (*) /usr/lib64/libreoffice/program/libcomphelpgcc3.so 0x00000039fb805440 0x00000039fb84247c Yes (*) /usr/lib64/libreoffice/program/../ure-link/lib/libuno_cppu.so.3 0x00000039fc019ab0 0x00000039fc0acbfc Yes (*) /usr/lib64/libreoffice/program/../ure-link/lib/libuno_cppuhelpergcc3.so.3 0x0000003a026097b0 0x0000003a02620900 Yes (*) /usr/lib64/libreoffice/program/libdeploymentmisclo.so 0x00000039fd002060 0x00000039fd003dc8 Yes (*) /usr/lib64/libreoffice/program/libi18nisolang1gcc3.so 0x00000039fc403770 0x00000039fc404ca8 Yes (*) /usr/lib64/libreoffice/program/../ure-link/lib/libuno_salhelpergcc3.so.3 0x000000370a6f07c0 0x000000370a983538 Yes (*) /usr/lib64/libreoffice/program/libsfxlo.so 0x0000003a00448bd0 0x0000003a004deec0 Yes (*) /usr/lib64/libreoffice/program/libsvllo.so 0x0000003709f301e0 0x000000370a187148 Yes (*) /usr/lib64/libreoffice/program/libsvtlo.so 0x0000003709946740 0x0000003709ab5d70 Yes (*) /usr/lib64/libreoffice/program/libtklo.so 0x00000039fd41f120 0x00000039fd475ce0 Yes (*) /usr/lib64/libreoffice/program/libtllo.so 0x00000039ff025fc0 0x00000039ff074c04 Yes (*) /usr/lib64/libreoffice/program/libucbhelper4gcc3.so 0x00000039fd83b400 0x00000039fd906a58 Yes (*) /usr/lib64/libreoffice/program/libutllo.so 0x00000037090ea2b0 0x00000037093e46c4 Yes (*) /usr/lib64/libreoffice/program/libvcllo.so 0x000000367d600b20 0x000000367d61a3d9 Yes (*) /lib64/ld-linux-x86-64.so.2 0x00000039fb4038c0 0x00000039fb414be8 Yes (*) /usr/lib64/libreoffice/program/../ure-link/lib/libreg.so.3 0x00000039fbc028d0 0x00000039fbc08070 Yes (*) /usr/lib64/libreoffice/program/../ure-link/lib/libxmlreader.so 0x00000039fa82f2c0 0x00000039fa96e968 Yes (*) /lib64/libdb-5.3.so 0x0000003a00016c10 0x0000003a00079fa0 Yes (*) /usr/lib64/libreoffice/program/libxcrlo.so 0x000000368e22e870 0x000000368e317470 Yes (*) /lib64/libxml2.so.2 0x00000037080232a0 0x00000037080813fc Yes (*) /usr/lib64/libreoffice/program/libfwelo.so 0x0000003a02e09230 0x0000003a02e1a7d0 Yes (*) /usr/lib64/libreoffice/program/libsaxlo.so 0x000000370ae68fd0 0x000000370af5c118 Yes (*) /usr/lib64/libreoffice/program/libsblo.so 0x00000039fe4147e0 0x00000039fe44b0a8 Yes (*) /usr/lib64/libreoffice/program/libsotlo.so 0x00000039fec12d60 0x00000039fec98be4 Yes (*) /usr/lib64/libreoffice/program/libbasegfxlo.so 0x00000039ffc04040 0x00000039ffc09e0c Yes (*) /usr/lib64/libreoffice/program/libi18nutilgcc3.so 0x00000039fe0038e0 0x00000039fe014518 Yes (*) /usr/lib64/libreoffice/program/../ure-link/lib/libjvmfwk.so.3 0x0000003688e540d0 0x0000003688f07bfc Yes /lib64/libicuuc.so.49 0x0000003695603e70 0x0000003695636210 Yes (*) /lib64/libjpeg.so.62 0x0000003681e1dee0 0x0000003681ea4280 Yes (*) /lib64/libX11.so.6 0x000000367ea02190 0x000000367ea0e640 Yes (*) /lib64/libz.so.1 0x00000036886129a0 0x0000003688625fc7 Yes /lib64/libicule.so.49 0x00000039fc80bdb0 0x00000039fc83c130 Yes (*) /lib64/liblcms2.so.2 0x00000039fcc02670 0x00000039fcc160f0 Yes /lib64/libgraphite2.so.2.0.0 0x0000003708813000 0x00000037088d551c Yes (*) /lib64/libcairo.so.2 0x0000003684606220 0x000000368462260c Yes /lib64/libfontconfig.so.1 0x0000003683a0cc80 0x0000003683a77570 Yes (*) /usr/lib64/freetype-freeworld/libfreetype.so.6 0x00000039fdc02860 0x00000039fdc04bb4 Yes (*) /usr/lib64/libreoffice/program/../ure-link/lib/libjvmaccessgcc3.so.3 0x00000039fb003800 0x00000039fb018538 Yes (*) /usr/lib64/libreoffice/program/../ure-link/lib/libstore.so.3 0x00000036842030f0 0x0000003684219340 Yes (*) /lib64/liblzma.so.5 0x000000370b20e480 0x000000370b243b60 Yes (*) /usr/lib64/libreoffice/program/libfwilo.so 0x000000368ce00570 0x000000368ce00650 Yes (*) /lib64/libicudata.so.49 0x0000003682209a00 0x00000036822158f8 Yes /lib64/libxcb.so.1 0x0000003686e09030 0x0000003686e72aac Yes /lib64/libpixman-1.so.0 0x0000003708c06ff0 0x0000003708c1851c Yes /lib64/libEGL.so.1 0x0000003683e04fe0 0x0000003683e20b50 Yes (*) /lib64/libpng15.so.15 0x000000368c600b10 0x000000368c601204 Yes /lib64/libxcb-shm.so.0 0x000000368ae03590 0x000000368ae06274 Yes /lib64/libxcb-render.so.0 0x0000003685201ab0 0x0000003685207a00 Yes (*) /lib64/libXrender.so.1 0x0000003682a03740 0x0000003682a0d810 Yes /lib64/libXext.so.6 0x00000038c3a1bc20 0x00000038c3a65ca0 Yes /lib64/libGL.so.1 0x000000367e6022a0 0x000000367e60557c Yes (*) /lib64/librt.so.1 0x0000003683203e00 0x000000368321ccdc Yes (*) /lib64/libexpat.so.1 0x0000003682600eb0 0x0000003682601bcc Yes /lib64/libXau.so.6 0x0000003685a00600 0x0000003685a006fc Yes (*) /lib64/libX11-xcb.so.1 0x0000003686a018b0 0x0000003686a02638 Yes /lib64/libxcb-dri2.so.0 0x00000036866025a0 0x0000003686603ec4 Yes /lib64/libxcb-xfixes.so.0 0x0000003687600fb0 0x00000036876018b8 Yes /lib64/libxcb-shape.so.0 0x000000368b604540 0x000000368b607ea8 Yes /lib64/libwayland-client.so.0 0x000000368be05a40 0x000000368be0be18 Yes /lib64/libwayland-server.so.0 0x0000003708401a50 0x0000003708402fa8 Yes /lib64/libgbm.so.1 0x00000038c4a1deb0 0x00000038c4a3175c Yes /lib64/libglapi.so.0 0x0000003707c033e0 0x0000003707c0b910 Yes /lib64/libudev.so.1 0x00000038c4e031d0 0x00000038c4e07ff4 Yes (*) /lib64/libdrm.so.2 0x00000038c2a06170 0x00000038c2a175d4 Yes /lib64/libselinux.so.1 0x0000003688200bd0 0x00000036882015ec Yes (*) /lib64/libXdamage.so.1 0x0000003685601530 0x0000003685603da8 Yes /lib64/libXfixes.so.3 0x0000003687a09fb0 0x0000003687a101d8 Yes /lib64/libxcb-glx.so.0 0x000000368a200f90 0x000000368a2039bc Yes (*) /lib64/libXxf86vm.so.1 0x0000003680a01990 0x0000003680a06134 Yes (*) /lib64/libffi.so.5 0x0000003707800da0 0x0000003707801bfa Yes /lib64/libsystemd-daemon.so.0 0x00000038c2601db0 0x00000038c26452e8 Yes /lib64/libpcre.so.1 0x00007ff367648f20 0x00007ff367695200 Yes (*) /usr/lib64/libreoffice/program/libvclplug_gtklo.so 0x00007ff36700a960 0x00007ff3672ac498 Yes /lib64/libgtk-x11-2.0.so.0 0x00007ff366d00800 0x00007ff366d63124 Yes /lib64/libgdk-x11-2.0.so.0 0x000000368a609ef0 0x000000368a616314 Yes (*) /lib64/libatk-1.0.so.0 0x00000038c2e30100 0x00000038c2eeecd4 Yes /lib64/libgio-2.0.so.0 0x000000368ba076b0 0x000000368ba0fa0c Yes (*) /lib64/libpangoft2-1.0.so.0 0x00007ff366ad99b0 0x00007ff366ade4d8 Yes (*) /lib64/libpangocairo-1.0.so.0 0x000000368920f1c0 0x000000368922d9a8 Yes (*) /lib64/libpango-1.0.so.0 0x00000038c5602160 0x00000038c5609a5c Yes (*) /lib64/libgdk_pixbuf_xlib-2.0.so.0 0x0000003681201130 0x0000003681201ff8 Yes /lib64/libgmodule-2.0.so.0 0x00000038c4606780 0x00000038c4619b90 Yes (*) /lib64/libgdk_pixbuf-2.0.so.0 0x0000003680e0aba0 0x0000003680e3831c Yes /lib64/libgobject-2.0.so.0 0x000000368021a050 0x00000036802af21c Yes /lib64/libglib-2.0.so.0 0x00000036806006b0 0x000000368060080c Yes /lib64/libgthread-2.0.so.0 0x00007ff366863760 0x00007ff3668b1ff0 Yes (*) /usr/lib64/libreoffice/program/libvclplug_genlo.so 0x00007ff366637c20 0x00007ff36663bd38 Yes (*) /lib64/libSM.so.6 0x0000003691e04f30 0x0000003691e1259c Yes (*) /lib64/libICE.so.6 0x0000003688a00b40 0x0000003688a01458 Yes /lib64/libXinerama.so.1 0x0000003685e02160 0x0000003685e0bfc4 Yes /lib64/libXi.so.6 0x000000368ca01b70 0x000000368ca07768 Yes (*) /lib64/libXrandr.so.2 0x000000368c202ab0 0x000000368c2076ec Yes /lib64/libXcursor.so.1 0x000000368e600c60 0x000000368e601794 Yes (*) /lib64/libXcomposite.so.1 0x000000367fe03a30 0x000000367fe1200c Yes (*) /lib64/libresolv.so.2 0x0000003686208080 0x000000368625bc0c Yes (*) /lib64/libharfbuzz.so.0 0x00007ff366432510 0x00007ff366433a8c Yes /lib64/libuuid.so.1 0x00007ff3662261e0 0x00007ff36622d67c Yes (*) /lib64/libnss_files.so.2 0x00007ff366019ce0 0x00007ff366021754 Yes /usr/lib64/gtk-2.0/2.10.0/engines/libxfce.so 0x00007ff365e0c1c0 0x00007ff365e15164 Yes (*) /usr/lib64/libreoffice/ure/lib/libgcc3_uno.so 0x00007ff365b39460 0x00007ff365bcd8e4 Yes (*) /usr/lib64/libreoffice/ure/lib/bootstrap.uno.so 0x00007ff364ed5cd0 0x00007ff364f39320 Yes (*) /usr/lib64/libreoffice/program/../program/configmgr.uno.so 0x00007ff36493fc90 0x00007ff364944f0c Yes (*) /usr/lib64/libreoffice/program/../program/localebe1.uno.so 0x00007ff363736680 0x00007ff3637380e8 Yes (*) /usr/lib64/libreoffice/program/../program/libspl_unxlo.so 0x00007ff3634e8f90 0x00007ff363520104 Yes (*) /usr/lib64/libreoffice/program/../program/libucb1.so 0x00007ff363034c50 0x00007ff36324781c Yes (*) /usr/lib64/libreoffice/program/../program/libfwklo.so 0x00007ff362d73370 0x00007ff362dbd2dc Yes (*) /usr/lib64/libreoffice/program/../program/libucpfile1.so 0x00007ff362b5be70 0x00007ff362b632cc Yes (*) /usr/lib64/libreoffice/program/../program/desktopbe1.uno.so 0x00007ff36294d940 0x00007ff3629548c8 Yes (*) /usr/lib64/libreoffice/program/../program/gconfbe1.uno.so 0x00000038c7a0b5b0 0x00000038c7a232a8 Yes (*) /lib64/libgconf-2.so.4 0x00000038c520a560 0x00000038c521c6c4 Yes /lib64/libdbus-glib-1.so.2 0x0000003683607ab0 0x00000036836312e4 Yes /lib64/libdbus-1.so.3 0x00007ff3625cb4a0 0x00007ff3626247e8 Yes (*) /usr/lib64/libreoffice/program/../program/i18npool.uno.so 0x000000368fe9bad0 0x000000368ffa0ec8 Yes /lib64/libicui18n.so.49 0x00007ff3623607e0 0x00007ff362361b68 Yes (*) /usr/lib64/libreoffice/program/liblocaledata_en.so 0x00007ff3620cc540 0x00007ff36211d338 Yes (*) /usr/lib64/libreoffice/program/../program/libpackage2.so 0x00007ff3615ec9a0 0x00007ff3615fa7f8 Yes (*) /usr/lib64/libreoffice/ure/lib/stocservices.uno.so 0x00007ff36139be20 0x00007ff3613d3848 Yes (*) /usr/lib64/libreoffice/program/../program/libuuilo.so 0x00007ff361139a10 0x00007ff3611773e8 Yes (*) /usr/lib64/libreoffice/program/../program/libfilterconfiglo.so 0x00007ff360f23920 0x00007ff360f2a8b4 Yes (*) /usr/lib64/libreoffice/program/../program/libsddlo.so 0x00007ff360763110 0x00007ff360b5a8e8 Yes (*) /usr/lib64/libreoffice/program/../program/libsvxcorelo.so 0x000000370d013830 0x000000370d02972c Yes (*) /usr/lib64/libreoffice/program/../program/libavmedialo.so 0x000000370d461ef0 0x000000370d50be80 Yes (*) /usr/lib64/libreoffice/program/../program/libdrawinglayerlo.so 0x000000370c2a9a80 0x000000370c3c3ba4 Yes (*) /usr/lib64/libreoffice/program/../program/libeditenglo.so 0x000000370cc1c8d0 0x000000370cc75ee8 Yes (*) /usr/lib64/libreoffice/program/../program/liblnglo.so 0x0000003a03e86360 0x0000003a0414578c Yes (*) /usr/lib64/libreoffice/program/../program/libxolo.so 0x000000370c80c550 0x000000370c82c020 Yes (*) /usr/lib64/libreoffice/program/../program/libcanvastoolslo.so 0x000000370d8100e0 0x000000370d843fe0 Yes (*) /usr/lib64/libreoffice/program/../program/libcppcanvaslo.so 0x00007ff360264970 0x00007ff3602d0920 Yes (*) /usr/lib64/libreoffice/program/../program/libxstor.so 0x00007ff36003c000 0x00007ff36004ee34 Yes (*) /usr/lib64/libreoffice/program/../program/expwrap.uno.so 0x00007ff35f11a890 0x00007ff35f4789f4 Yes (*) /usr/lib64/libreoffice/program/../program/libsdlo.so 0x00007ff35ecdd740 0x00007ff35ed54f78 Yes (*) /usr/lib64/libreoffice/program/../program/libmsfilterlo.so 0x00007ff35e46ce00 0x00007ff35e6c78b8 Yes (*) /usr/lib64/libreoffice/program/../program/libooxlo.so 0x00007ff35df22140 0x00007ff35e0be898 Yes (*) /usr/lib64/libreoffice/program/../program/libsvxlo.so 0x00000038c7216f30 0x00000038c724d074 Yes /lib64/libssl.so.10 0x0000003694a61fc0 0x0000003694b44af8 Yes /lib64/libcrypto.so.10 0x00000038c6e0ad90 0x00000038c6e38264 Yes /lib64/libgssapi_krb5.so.2 0x00000038c5a1b690 0x00000038c5a93410 Yes /lib64/libkrb5.so.3 0x000000368ea01560 0x000000368ea02144 Yes (*) /lib64/libcom_err.so.2 0x00000038c5e044d0 0x00000038c5e1c938 Yes /lib64/libk5crypto.so.3 0x00007ff35dbe0b50 0x00007ff35dbe60cc Yes /lib64/libkrb5support.so.0 0x000000368ee01190 0x000000368ee01b44 Yes (*) /lib64/libkeyutils.so.1 0x00007ff35d9339b0 0x00007ff35d94d7e4 Yes (*) /usr/lib64/libreoffice/ure/lib/reflection.uno.so 0x00007ff35ce234b0 0x00007ff35ce5a448 Yes (*) /usr/lib64/libreoffice/program/../program/libunoxmllo.so 0x00007ff35cb2b7d0 0x00007ff35cb61498 Yes (*) /lib64/libcups.so.2 0x00007ff35c879a70 0x00007ff35c8f42fc Yes /lib64/libgnutls.so.26 0x0000003694607200 0x0000003694652e48 Yes /lib64/libgcrypt.so.11 0x0000003694200990 0x0000003694200ee8 Yes (*) /lib64/libgpg-error.so.0 0x0000003692e03530 0x0000003692e0872c Yes (*) /lib64/libavahi-common.so.3 0x00007ff35c6539d0 0x00007ff35c65c0d4 Yes (*) /lib64/libavahi-client.so.3 0x000000368f600ed0 0x000000368f60610c Yes (*) /lib64/libcrypt.so.1 0x0000003697e01d00 0x0000003697e0ca28 Yes (*) /lib64/libtasn1.so.3 0x0000003695a02ed0 0x0000003695a0cb7c Yes (*) /lib64/libp11-kit.so.0 0x000000368fa03660 0x000000368fa47570 Yes (*) /lib64/libfreebl3.so 0x00007ff35bb5ed50 0x00007ff35bb68d0c Yes /usr/lib64/pkcs11/gnome-keyring-pkcs11.so 0x00007ff35b31f740 0x00007ff35b32b308 Yes (*) /usr/lib64/libreoffice/program/../program/libspelllo.so 0x00007ff35b0ad310 0x00007ff35b0def68 Yes (*) /lib64/libhunspell-1.3.so.0 0x00007ff35ae92b10 0x00007ff35ae9f2c8 Yes (*) /usr/lib64/libreoffice/program/../program/libhyphenlo.so 0x00007ff35ac88040 0x00007ff35ac8ac44 Yes /lib64/libhyphen.so.0 0x00007ff35aa74830 0x00007ff35aa824b8 Yes (*) /usr/lib64/libreoffice/program/../program/liblnthlo.so 0x00007ff35a86c1b0 0x00007ff35a86cd8c Yes (*) /lib64/libmythes-1.2.so.0 0x00007ff35a5b6d70 0x00007ff35a63b2e0 Yes (*) /usr/lib64/libreoffice/program/../program/libdeployment.so 0x00007ff35a37c6e0 0x00007ff35a38cb44 Yes (*) /usr/lib64/libreoffice/program/../program/libhelplinkerlo.so 0x000000369320ac50 0x000000369322f7d4 Yes (*) /lib64/libxslt.so.1 0x00007ff35a058ed0 0x00007ff35a0ff838 Yes (*) /lib64/libclucene-core.so.1 0x00007ff359db1b10 0x00007ff359db6264 Yes (*) /lib64/libclucene-shared.so.1 0x00007ff359b71c50 0x00007ff359b8a678 Yes (*) /lib64/libclucene-contribs-lib.so.1 (*): Shared library is missing debugging information. $1 = 0x0 $2 = 0x0 rax 0x7ff360e9eeb0 140683279724208 rbx 0x3131313131313131 3544668469065756977 rcx 0x23e7318 37647128 rdx 0x367db4d04c 234037235788 rsi 0x3131313131313131 3544668469065756977 rdi 0x1fc9280 33329792 rbp 0x23e8020 0x23e8020 rsp 0x7fffb3fae1d0 0x7fffb3fae1d0 r8 0x20 32 r9 0x101010101010101 72340172838076673 r10 0x47d0 18384 r11 0x367db7c930 234037430576 r12 0x1fc9280 33329792 r13 0x2 2 r14 0x23e6ad0 37645008 r15 0x23e6c20 37645344 rip 0x3a0045d475 0x3a0045d475 <SfxItemPool::Remove(SfxPoolItem const&)+37> eflags 0x10202 [ IF RF ] cs 0x33 51 ss 0x2b 43 ds 0x0 0 es 0x0 0 fs 0x0 0 gs 0x0 0 Dump of assembler code for function _ZN11SfxItemPool6RemoveERK11SfxPoolItem: 0x0000003a0045d450 <+0>: mov %rbx,-0x30(%rsp) 0x0000003a0045d455 <+5>: mov %r12,-0x20(%rsp) 0x0000003a0045d45a <+10>: mov %rsi,%rbx 0x0000003a0045d45d <+13>: mov %rbp,-0x28(%rsp) 0x0000003a0045d462 <+18>: mov %r13,-0x18(%rsp) 0x0000003a0045d467 <+23>: mov %r14,-0x10(%rsp) 0x0000003a0045d46c <+28>: mov %r15,-0x8(%rsp) 0x0000003a0045d471 <+33>: sub $0x38,%rsp => 0x0000003a0045d475 <+37>: movzwl 0x10(%rsi),%r12d 0x0000003a0045d47a <+42>: cmp $0x1387,%r12w 0x0000003a0045d480 <+48>: jbe 0x3a0045d530 <_ZN11SfxItemPool6RemoveERK11SfxPoolItem+224> 0x0000003a0045d486 <+54>: subq $0x1,0x8(%rbx) 0x0000003a0045d48b <+59>: jne 0x3a0045d508 <_ZN11SfxItemPool6RemoveERK11SfxPoolItem+184> 0x0000003a0045d48d <+61>: mov (%rbx),%rax 0x0000003a0045d490 <+64>: mov %rbx,%rdi 0x0000003a0045d493 <+67>: mov 0x10(%rsp),%rbp 0x0000003a0045d498 <+72>: mov 0x8(%rsp),%rbx 0x0000003a0045d49d <+77>: mov 0x18(%rsp),%r12 0x0000003a0045d4a2 <+82>: mov 0x20(%rsp),%r13 0x0000003a0045d4a7 <+87>: mov 0x28(%rsp),%r14 0x0000003a0045d4ac <+92>: mov 0x18(%rax),%rax 0x0000003a0045d4b0 <+96>: mov 0x30(%rsp),%r15 0x0000003a0045d4b5 <+101>: add $0x38,%rsp 0x0000003a0045d4b9 <+105>: jmpq *%rax 0x0000003a0045d4bb <+107>: nopl 0x0(%rax,%rax,1) 0x0000003a0045d4c0 <+112>: mov %rbp,%rax 0x0000003a0045d4c3 <+115>: sub %rcx,%rax 0x0000003a0045d4c6 <+118>: sar $0x3,%rax 0x0000003a0045d4ca <+122>: mov 0x8(%rdi),%rcx 0x0000003a0045d4ce <+126>: xor %edx,%edx 0x0000003a0045d4d0 <+128>: test %rcx,%rcx 0x0000003a0045d4d3 <+131>: je 0x3a0045d4dd <_ZN11SfxItemPool6RemoveERK11SfxPoolItem+141> 0x0000003a0045d4d5 <+133>: lea -0x1(%rcx),%rdx 0x0000003a0045d4d9 <+137>: mov %rdx,0x8(%rdi) 0x0000003a0045d4dd <+141>: cmp %rax,0x18(%rsi) 0x0000003a0045d4e1 <+145>: jbe 0x3a0045d4e7 <_ZN11SfxItemPool6RemoveERK11SfxPoolItem+151> 0x0000003a0045d4e3 <+147>: mov %rax,0x18(%rsi) 0x0000003a0045d4e7 <+151>: test %rdx,%rdx 0x0000003a0045d4ea <+154>: jne 0x3a0045d508 <_ZN11SfxItemPool6RemoveERK11SfxPoolItem+184> 0x0000003a0045d4ec <+156>: cmp $0xf9f,%r12w 0x0000003a0045d4f2 <+162>: ja 0x3a0045d508 <_ZN11SfxItemPool6RemoveERK11SfxPoolItem+184> 0x0000003a0045d4f4 <+164>: mov (%rdi),%rax 0x0000003a0045d4f7 <+167>: callq *0x18(%rax) 0x0000003a0045d4fa <+170>: movq $0x0,0x0(%rbp) 0x0000003a0045d502 <+178>: nopw 0x0(%rax,%rax,1) 0x0000003a0045d508 <+184>: mov 0x8(%rsp),%rbx 0x0000003a0045d50d <+189>: mov 0x10(%rsp),%rbp 0x0000003a0045d512 <+194>: mov 0x18(%rsp),%r12 0x0000003a0045d517 <+199>: mov 0x20(%rsp),%r13 0x0000003a0045d51c <+204>: mov 0x28(%rsp),%r14 0x0000003a0045d521 <+209>: mov 0x30(%rsp),%r15 0x0000003a0045d526 <+214>: add $0x38,%rsp 0x0000003a0045d52a <+218>: retq 0x0000003a0045d52b <+219>: nopl 0x0(%rax,%rax,1) 0x0000003a0045d530 <+224>: movzwl %r12w,%r13d 0x0000003a0045d534 <+228>: mov %rdi,%rbp 0x0000003a0045d537 <+231>: mov %r13d,%esi 0x0000003a0045d53a <+234>: callq 0x3a00468ff0 <_ZNK11SfxItemPool9IsInRangeEt> 0x0000003a0045d53f <+239>: test %al,%al 0x0000003a0045d541 <+241>: jne 0x3a0045d580 <_ZN11SfxItemPool6RemoveERK11SfxPoolItem+304> 0x0000003a0045d543 <+243>: mov 0x10(%rbp),%rax 0x0000003a0045d547 <+247>: mov 0x68(%rax),%rdi 0x0000003a0045d54b <+251>: test %rdi,%rdi 0x0000003a0045d54e <+254>: je 0x3a0045d580 <_ZN11SfxItemPool6RemoveERK11SfxPoolItem+304> 0x0000003a0045d550 <+256>: mov (%rdi),%rax 0x0000003a0045d553 <+259>: mov %rbx,%rsi 0x0000003a0045d556 <+262>: mov 0x10(%rsp),%rbp 0x0000003a0045d55b <+267>: mov 0x8(%rsp),%rbx 0x0000003a0045d560 <+272>: mov 0x18(%rsp),%r12 0x0000003a0045d565 <+277>: mov 0x20(%rsp),%r13 0x0000003a0045d56a <+282>: mov 0x28(%rsp),%r14 0x0000003a0045d56f <+287>: mov 0x30(%rax),%rax 0x0000003a0045d573 <+291>: mov 0x30(%rsp),%r15 0x0000003a0045d578 <+296>: add $0x38,%rsp 0x0000003a0045d57c <+300>: jmpq *%rax 0x0000003a0045d57e <+302>: xchg %ax,%ax 0x0000003a0045d580 <+304>: mov %r13d,%esi 0x0000003a0045d583 <+307>: mov %rbp,%rdi 0x0000003a0045d586 <+310>: callq 0x3a00469010 <_ZNK11SfxItemPool13GetIndex_ImplEt> 0x0000003a0045d58b <+315>: movzwl %ax,%r14d 0x0000003a0045d58f <+319>: mov 0x8(%rbp),%rax 0x0000003a0045d593 <+323>: testb $0x2,0x2(%rax,%r14,4) 0x0000003a0045d599 <+329>: jne 0x3a0045d486 <_ZN11SfxItemPool6RemoveERK11SfxPoolItem+54> 0x0000003a0045d59f <+335>: cmpw $0xfffe,0x12(%rbx) 0x0000003a0045d5a4 <+340>: je 0x3a0045d5f0 <_ZN11SfxItemPool6RemoveERK11SfxPoolItem+416> 0x0000003a0045d5a6 <+342>: mov 0x10(%rbp),%rax 0x0000003a0045d5aa <+346>: mov 0x18(%rax),%rax 0x0000003a0045d5ae <+350>: mov (%rax,%r14,8),%rsi 0x0000003a0045d5b2 <+354>: mov (%rsi),%rcx 0x0000003a0045d5b5 <+357>: mov 0x8(%rsi),%rdx 0x0000003a0045d5b9 <+361>: cmp %rdx,%rcx 0x0000003a0045d5bc <+364>: je 0x3a0045d508 <_ZN11SfxItemPool6RemoveERK11SfxPoolItem+184> 0x0000003a0045d5c2 <+370>: mov (%rcx),%rdi 0x0000003a0045d5c5 <+373>: cmp %rbx,%rdi 0x0000003a0045d5c8 <+376>: je 0x3a0045d611 <_ZN11SfxItemPool6RemoveERK11SfxPoolItem+449> 0x0000003a0045d5ca <+378>: lea 0x8(%rcx),%rax 0x0000003a0045d5ce <+382>: jmp 0x3a0045d5e1 <_ZN11SfxItemPool6RemoveERK11SfxPoolItem+401> 0x0000003a0045d5d0 <+384>: lea 0x8(%rbp),%rax 0x0000003a0045d5d4 <+388>: mov -0x8(%rax),%rdi 0x0000003a0045d5d8 <+392>: cmp %rbx,%rdi 0x0000003a0045d5db <+395>: je 0x3a0045d4c0 <_ZN11SfxItemPool6RemoveERK11SfxPoolItem+112> 0x0000003a0045d5e1 <+401>: cmp %rax,%rdx 0x0000003a0045d5e4 <+404>: mov %rax,%rbp 0x0000003a0045d5e7 <+407>: jne 0x3a0045d5d0 <_ZN11SfxItemPool6RemoveERK11SfxPoolItem+384> 0x0000003a0045d5e9 <+409>: jmpq 0x3a0045d508 <_ZN11SfxItemPool6RemoveERK11SfxPoolItem+184> 0x0000003a0045d5ee <+414>: xchg %ax,%ax 0x0000003a0045d5f0 <+416>: mov 0x10(%rbp),%rax 0x0000003a0045d5f4 <+420>: mov %r13d,%esi 0x0000003a0045d5f7 <+423>: mov %rbp,%rdi 0x0000003a0045d5fa <+426>: mov 0x58(%rax),%r15 0x0000003a0045d5fe <+430>: callq 0x3a00469010 <_ZNK11SfxItemPool13GetIndex_ImplEt> 0x0000003a0045d603 <+435>: movzwl %ax,%eax 0x0000003a0045d606 <+438>: cmp %rbx,(%r15,%rax,8) 0x0000003a0045d60a <+442>: jne 0x3a0045d5a6 <_ZN11SfxItemPool6RemoveERK11SfxPoolItem+342> 0x0000003a0045d60c <+444>: jmpq 0x3a0045d508 <_ZN11SfxItemPool6RemoveERK11SfxPoolItem+184> 0x0000003a0045d611 <+449>: mov %rcx,%rbp 0x0000003a0045d614 <+452>: xor %eax,%eax 0x0000003a0045d616 <+454>: jmpq 0x3a0045d4ca <_ZN11SfxItemPool6RemoveERK11SfxPoolItem+122> End of assembler dump.
Any scenario to reproduce this? The backtrace suggests this happened while loading a Draw or Impress document.
Yes, that's exactly it. export MALLOC_PERTURB_=31 ooffice presentation.odp
Well, yes, but it is not _reproducible_, or is it? If it is, could you please attach a test case document?
*** This bug has been marked as a duplicate of bug 889342 ***