Bug 2316971

Summary: [abrt] evolution: gnome_canvas_request_update(): evolution killed by SIGSEGV
Product: [Fedora] Fedora Reporter: Brian J. Murrell <brian.murrell>
Component: evolutionAssignee: Milan Crha <mcrha>
Status: CLOSED NEXTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 40CC: brian.murrell, mcrha, rstrode
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
URL: https://retrace.fedoraproject.org/faf/reports/bthash/2feda248aae1882a6bd2551fe8f083c83d755e5
Whiteboard: abrt_hash:056193c8a005d3060449857862d1d117603cd202;VARIANT_ID=workstation;
Fixed In Version: evolution-3.54.1 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2024-10-08 11:30:28 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File: exploitable
none
File: os_info
none
File: environ
none
File: maps
none
File: proc_pid_status
none
File: core_backtrace
none
File: mountinfo
none
File: open_fds
none
File: backtrace
none
File: cpuinfo
none
File: limits none

Description Brian J. Murrell 2024-10-07 13:40:49 UTC 
Description of problem:
Just using Evolution as usual.

Version-Release number of selected component:
evolution-3.52.4-1.fc40

Additional info:
reporter:       libreport-2.17.15
backtrace_rating: 4
uid:            1001
dso_list:       /usr/bin/evolution evolution-3.52.4-1.fc40.x86_64 (Fedora Project) 1722854482
package:        evolution-3.52.4-1.fc40
rootdir:        /
crash_function: gnome_canvas_request_update
comment:        Just using Evolution as usual.
cmdline:        /usr/bin/evolution
kernel:         6.10.6-200.fc40.x86_64
cgroup:         0::/user.slice/user-1001.slice/user/app.slice/app-gnome-org.gnome.Evolution-3363714.scope
journald_cursor: s=490d139e85184c21b92250c4c79a5365;i=9935f10;b=a6540aaa2a364c1a92a23bf20ef21112;m=190cea7c686;t=622dfb542d295;x=a4c11c1664b78e15
reason:         evolution killed by SIGSEGV
executable:     /usr/bin/evolution
type:           CCpp
runlevel:       N 5

Truncated backtrace:
Thread no. 1 (16 frames)
 #0 gnome_canvas_request_update at /usr/src/debug/evolution-3.52.4-1.fc40.x86_64/src/libgnomecanvas/gnome-canvas.c:3176
 #1 gnome_canvas_item_request_update at /usr/src/debug/evolution-3.52.4-1.fc40.x86_64/src/libgnomecanvas/gnome-canvas.c:1229
 #3 signal_emit_unlocked_R.isra.0 at ../gobject/gsignal.c:3888
 #4 signal_emit_valist_unlocked at ../gobject/gsignal.c:3520
 #7 e_selection_model_array_insert_rows at /usr/src/debug/evolution-3.52.4-1.fc40.x86_64/src/e-util/e-selection-model-array.c:139
 #8 model_rows_inserted at /usr/src/debug/evolution-3.52.4-1.fc40.x86_64/src/e-util/e-table-selection-model.c:164
 #9 ffi_call_unix64 at ../src/x86/unix64.S:104
 #10 ffi_call_int at ../src/x86/ffi64.c:673
 #11 ffi_call at ../src/x86/ffi64.c:710
 #12 g_cclosure_marshal_generic at ../gobject/gclosure.c:1538
 #14 signal_emit_unlocked_R.isra.0 at ../gobject/gsignal.c:3888
 #15 signal_emit_valist_unlocked at ../gobject/gsignal.c:3520
 #18 cal_data_model_add_component_cb at /usr/src/debug/evolution-3.52.4-1.fc40.x86_64/src/calendar/gui/e-cal-data-model.c:648
 #19 cal_data_model_foreach_subscriber_in_range at /usr/src/debug/evolution-3.52.4-1.fc40.x86_64/src/calendar/gui/e-cal-data-model.c:578
 #20 cal_data_model_process_added_component at /usr/src/debug/evolution-3.52.4-1.fc40.x86_64/src/calendar/gui/e-cal-data-model.c:878
 #22 cal_data_model_process_modified_or_added_objects at /usr/src/debug/evolution-3.52.4-1.fc40.x86_64/src/calendar/gui/e-cal-data-model.c:1320
Comment 1 Brian J. Murrell 2024-10-07 13:40:53 UTC 
Created attachment 2050838 [details]
File: exploitable
Comment 2 Brian J. Murrell 2024-10-07 13:40:54 UTC 
Created attachment 2050839 [details]
File: os_info
Comment 3 Brian J. Murrell 2024-10-07 13:40:55 UTC 
Created attachment 2050840 [details]
File: environ
Comment 4 Brian J. Murrell 2024-10-07 13:40:57 UTC 
Created attachment 2050841 [details]
File: maps
Comment 5 Brian J. Murrell 2024-10-07 13:40:58 UTC 
Created attachment 2050842 [details]
File: proc_pid_status
Comment 6 Brian J. Murrell 2024-10-07 13:41:00 UTC 
Created attachment 2050843 [details]
File: core_backtrace
Comment 7 Brian J. Murrell 2024-10-07 13:41:01 UTC 
Created attachment 2050844 [details]
File: mountinfo
Comment 8 Brian J. Murrell 2024-10-07 13:41:03 UTC 
Created attachment 2050845 [details]
File: open_fds
Comment 9 Brian J. Murrell 2024-10-07 13:41:04 UTC 
Created attachment 2050846 [details]
File: backtrace
Comment 10 Brian J. Murrell 2024-10-07 13:41:06 UTC 
Created attachment 2050847 [details]
File: cpuinfo
Comment 11 Brian J. Murrell 2024-10-07 13:41:07 UTC 
Created attachment 2050848 [details]
File: limits
Comment 12 Milan Crha 2024-10-08 09:55:09 UTC 
Thanks for a bug report. The backtace shows that the crash happened while one of the calendars (task lists or memo lists, it's not obvious from the backtrace which one it was) reported new events to be added into the GUI, which wanted to update the selection, when the crash happened.

I do not recall seeing any such crash in the past and this code did not change for years, thus it's at least nothing new (not a regression).

I will add safety checks into the top functions in the backtrace, which can avoid the crash, but which will not fix the root cause of the problem.
Comment 13 Milan Crha 2024-10-08 11:30:28 UTC 
I made the change upstream [1] for 3.55.1+ and 3.54.1+, thus for Fedora 41 and rawhide. If it'll turn out the crash happens repeatedly for you, I can backport the change to the Fedora 40 as well.

[1] https://gitlab.gnome.org/GNOME/evolution/-/commit/4530b4ecc1