Dear Maintainer, from the dmesg line from the submitter I think the crash happens save_thumbnail_in_cache_thread in [1], between the calls to cairo_image_surface_get_height and -width.
Tried to reach that function just showing some random PDF but did not get there. @Nicolas: I assume Simon asked for a backtrace of the crash. There are several ways described in the link in his last mail. The easiest might be to install systemd-coredump and when the next crash happens look at the end of the output of 'journalctl --no-pager'. Kind regards, Bernhard [1] https://gitlab.gnome.org/GNOME/evince/-/blob/master/shell/ev-recent-view.c#L351
# Bullseye/testing i386 qemu VM 2020-12-18 apt update apt dist-upgrade apt install systemd-coredump gnome gdb evince libgdk-pixbuf2.0-0 systemctl stop sddm systemctl start sddm wget https://snapshot.debian.org/archive/debian/20201013T145646Z/pool/main/e/evince/evince_3.38.0-2_i386.deb wget https://snapshot.debian.org/archive/debian/20201013T145646Z/pool/main/e/evince/evince-common_3.38.0-2_all.deb wget https://snapshot.debian.org/archive/debian/20201013T145646Z/pool/main/e/evince/libevdocument3-4_3.38.0-2_i386.deb wget https://snapshot.debian.org/archive/debian/20201013T145646Z/pool/main/e/evince/libevview3-3_3.38.0-2_i386.deb wget https://snapshot.debian.org/archive/debian-debug/20201013T145001Z/pool/main/e/evince/evince-dbgsym_3.38.0-2_i386.deb wget https://snapshot.debian.org/archive/debian/20201013T145646Z/pool/main/e/evince/gir1.2-evince-3.0_3.38.0-2_i386.deb dpkg -i *.deb cd Dokumente/ wget https://www.debian.org/doc/manuals/debian-faq/debian-faq.de.pdf https://wiki.debian.org/InterpretingKernelOutputAtProcessCrash nov. 16 20:33:38 nicolas.home kernel: pool-evince[16278]: segfault at fffffdd4 ip 004de186 sp afbfa034 error 5 in evince[4cd000+3a000] nov. 16 20:33:38 nicolas.home kernel: Code: 89 34 24 89 44 24 1c e8 b8 08 ff ff 8b 54 24 1c 89 14 24 50 6a 00 6a 00 56 e8 06 19 ff ff 83 c4 20 ff 77 08 ff 77 04 89 c6 50 <ff> 75 14 e8 52 06 ff ff 89 34 24 e8 b2 3f ff ff 58 5a 6a 01 ff 74 "error 5" == 0b00000101 == * bit 0 == 1: protection fault * bit 1 == 0: read access * bit 2 == 1: user-mode access benutzer@debian:~$ echo -n "find /b ..., ..., 0x" && \ echo "89 34 24 89 44 24 1c e8 b8 08 ff ff 8b 54 24 1c 89 14 24 50 6a 00 6a 00 56 e8 06 19 ff ff 83 c4 20 ff 77 08 ff 77 04 89 c6 50 <ff> 75 14 e8 52 06 ff ff 89 34 24 e8 b2 3f ff ff 58 5a 6a 01 ff 74" \ | sed 's/[<>]//g' | sed 's/ /, 0x/g' find /b ..., ..., 0x89, 0x34, 0x24, 0x89, 0x44, 0x24, 0x1c, 0xe8, 0xb8, 0x08, 0xff, 0xff, 0x8b, 0x54, 0x24, 0x1c, 0x89, 0x14, 0x24, 0x50, 0x6a, 0x00, 0x6a, 0x00, 0x56, 0xe8, 0x06, 0x19, 0xff, 0xff, 0x83, 0xc4, 0x20, 0xff, 0x77, 0x08, 0xff, 0x77, 0x04, 0x89, 0xc6, 0x50, 0xff, 0x75, 0x14, 0xe8, 0x52, 0x06, 0xff, 0xff, 0x89, 0x34, 0x24, 0xe8, 0xb2, 0x3f, 0xff, 0xff, 0x58, 0x5a, 0x6a, 0x01, 0xff, 0x74 gdb -q set width 0 set pagination off set environment DISPLAY=:0 file /usr/bin/evince tb main run info target ... 0x0042c150 - 0x00460924 is .text ... (gdb) find /b 0x0042c150, 0x00460924, 0x89, 0x34, 0x24, 0x89, 0x44, 0x24, 0x1c, 0xe8, 0xb8, 0x08, 0xff, 0xff, 0x8b, 0x54, 0x24, 0x1c, 0x89, 0x14, 0x24, 0x50, 0x6a, 0x00, 0x6a, 0x00, 0x56, 0xe8, 0x06, 0x19, 0xff, 0xff, 0x83, 0xc4, 0x20, 0xff, 0x77, 0x08, 0xff, 0x77, 0x04, 0x89, 0xc6, 0x50, 0xff, 0x75, 0x14, 0xe8, 0x52, 0x06, 0xff, 0xff, 0x89, 0x34, 0x24, 0xe8, 0xb2, 0x3f, 0xff, 0xff, 0x58, 0x5a, 0x6a, 0x01, 0xff, 0x74 0x43815c <save_thumbnail_in_cache_thread+60> 1 pattern found. (gdb) b *0x43815c Breakpoint 2 at 0x43815c: file ../shell/ev-recent-view.c, line 351. (gdb) info b Num Type Disp Enb Address What 2 breakpoint keep y 0x0043815c in save_thumbnail_in_cache_thread at ../shell/ev-recent-view.c:351 (gdb) disassemble save_thumbnail_in_cache_thread Dump of assembler code for function save_thumbnail_in_cache_thread: 0x00438120 <+0>: push %ebp 0x00438121 <+1>: push %edi 0x00438122 <+2>: push %esi 0x00438123 <+3>: push %ebx 0x00438124 <+4>: call 0x42c780 <__x86.get_pc_thunk.bx> 0x00438129 <+9>: add $0x57a2f,%ebx 0x0043812f <+15>: sub $0x1c,%esp 0x00438132 <+18>: mov 0x38(%esp),%edi 0x00438136 <+22>: call 0x42af10 <ev_job_thumbnail_get_type@plt> 0x0043813b <+27>: mov 0x181c(%ebx),%ebp 0x00438141 <+33>: sub $0x8,%esp 0x00438144 <+36>: add 0x3c(%esp),%ebp 0x00438148 <+40>: push %eax 0x00438149 <+41>: push 0x14(%edi) 0x0043814c <+44>: call 0x427df0 <g_type_check_instance_cast@plt> 0x00438151 <+49>: mov 0x4c(%eax),%esi 0x00438154 <+52>: mov %esi,(%esp) 0x00438157 <+55>: call 0x42aa00 <cairo_image_surface_get_height@plt> 0x0043815c <+60>: mov %esi,(%esp) <<<<<<<<<<<< 0x0043815f <+63>: mov %eax,0x1c(%esp) 0x00438163 <+67>: call 0x428a20 <cairo_image_surface_get_width@plt> 0x00438168 <+72>: mov 0x1c(%esp),%edx 0x0043816c <+76>: mov %edx,(%esp) 0x0043816f <+79>: push %eax 0x00438170 <+80>: push $0x0 0x00438172 <+82>: push $0x0 0x00438174 <+84>: push %esi 0x00438175 <+85>: call 0x429a80 <gdk_pixbuf_get_from_surface@plt> 0x0043817a <+90>: add $0x20,%esp 0x0043817d <+93>: push 0x8(%edi) 0x00438180 <+96>: push 0x4(%edi) 0x00438183 <+99>: mov %eax,%esi 0x00438185 <+101>: push %eax 0x00438186 <+102>: push 0x14(%ebp) 0x00438189 <+105>: call 0x4287e0 <gnome_desktop_thumbnail_factory_save_thumbnail@plt> 0x0043818e <+110>: mov %esi,(%esp) 0x00438191 <+113>: call 0x42c148 <g_object_unref@plt> 0x00438196 <+118>: pop %eax 0x00438197 <+119>: pop %edx 0x00438198 <+120>: push $0x1 0x0043819a <+122>: push 0x3c(%esp) 0x0043819e <+126>: call 0x4296d0 <g_task_return_boolean@plt> 0x004381a3 <+131>: add $0x2c,%esp 0x004381a6 <+134>: pop %ebx 0x004381a7 <+135>: pop %esi 0x004381a8 <+136>: pop %edi 0x004381a9 <+137>: pop %ebp 0x004381aa <+138>: ret End of assembler dump. (gdb) b save_thumbnail_in_cache_thread Breakpoint 3 at 0x438120: file ../shell/ev-recent-view.c, line 348. https://sources.debian.org/src/evince/3.38.0-3/shell/ev-recent-view.c/#L351 https://gitlab.gnome.org/GNOME/evince/-/blob/master/shell/ev-recent-view.c#L351 https://buildd.debian.org/status/fetch.php?pkg=evince&arch=i386&ver=3.38.0-2&stamp=1602587776&raw=0
