Bug 1293088 - [abrt] evince: g_type_check_instance(): evince killed by SIGSEGV
[abrt] evince: g_type_check_instance(): evince killed by SIGSEGV
Status: CLOSED UPSTREAM
Product: Fedora
Classification: Fedora
Component: evince (Show other bugs)
23
x86_64 Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Michael Stahl
Fedora Extras Quality Assurance
https://retrace.fedoraproject.org/faf...
abrt_hash:e9311196cd1ce0af6cdec0a2adf...
:
: 1280106 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-12-19 21:30 EST by Neil
Modified: 2016-11-08 16:59 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-11-08 16:59:48 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
File: backtrace (31.41 KB, text/plain)
2015-12-19 21:30 EST, Neil
no flags Details
File: cgroup (190 bytes, text/plain)
2015-12-19 21:30 EST, Neil
no flags Details
File: core_backtrace (6.00 KB, text/plain)
2015-12-19 21:30 EST, Neil
no flags Details
File: dso_list (10.60 KB, text/plain)
2015-12-19 21:30 EST, Neil
no flags Details
File: environ (2.59 KB, text/plain)
2015-12-19 21:30 EST, Neil
no flags Details
File: exploitable (110 bytes, text/plain)
2015-12-19 21:30 EST, Neil
no flags Details
File: limits (1.29 KB, text/plain)
2015-12-19 21:30 EST, Neil
no flags Details
File: maps (52.39 KB, text/plain)
2015-12-19 21:30 EST, Neil
no flags Details
File: mountinfo (3.18 KB, text/plain)
2015-12-19 21:30 EST, Neil
no flags Details
File: namespaces (85 bytes, text/plain)
2015-12-19 21:30 EST, Neil
no flags Details
File: open_fds (2.02 KB, text/plain)
2015-12-19 21:30 EST, Neil
no flags Details
File: proc_pid_status (1003 bytes, text/plain)
2015-12-19 21:30 EST, Neil
no flags Details
File: var_log_messages (287 bytes, text/plain)
2015-12-19 21:30 EST, Neil
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
GNOME Desktop 756515 None None None 2016-11-08 16:59 EST

  None (edit)
Description Neil 2015-12-19 21:30:14 EST
Description of problem:
If you let evince in full screen mode, it'll crash in the next launch  (only the first launch, then it'll work ok)


Fedora 23
Cinnamon 2.8.4

Version-Release number of selected component:
evince-3.18.2-2.fc23

Additional info:
reporter:       libreport-2.6.3
backtrace_rating: 4
cmdline:        evince /home/neil/Documentos/Text/Books/Happiness-Beyond-Thought-A-Practical-Guide-to-Awakening.pdf
crash_function: g_type_check_instance
executable:     /usr/bin/evince
global_pid:     2487
kernel:         4.2.7-300.fc23.x86_64
runlevel:       N 3
type:           CCpp
uid:            1000

Truncated backtrace:
Thread no. 1 (10 frames)
 #0 g_type_check_instance at gtype.c:4138
 #1 g_signal_handler_disconnect at gsignal.c:2620
 #2 ev_page_action_widget_set_document at ev-page-action-widget.c:265
 #8 g_object_notify_by_spec_internal at gobject.c:1154
 #9 g_object_notify at gobject.c:1202
 #10 ev_document_model_set_document at ev-document-model.c:381
 #11 ev_window_load_job_cb at ev-window.c:1727
 #12 _g_closure_invoke_va at gclosure.c:864
 #15 emit_finished at ev-jobs.c:181
 #19 g_main_context_iteration at gmain.c:3901

Potential duplicate: bug 1191772
Comment 1 Neil 2015-12-19 21:30:19 EST
Created attachment 1107854 [details]
File: backtrace
Comment 2 Neil 2015-12-19 21:30:20 EST
Created attachment 1107855 [details]
File: cgroup
Comment 3 Neil 2015-12-19 21:30:21 EST
Created attachment 1107856 [details]
File: core_backtrace
Comment 4 Neil 2015-12-19 21:30:23 EST
Created attachment 1107857 [details]
File: dso_list
Comment 5 Neil 2015-12-19 21:30:24 EST
Created attachment 1107858 [details]
File: environ
Comment 6 Neil 2015-12-19 21:30:25 EST
Created attachment 1107859 [details]
File: exploitable
Comment 7 Neil 2015-12-19 21:30:26 EST
Created attachment 1107860 [details]
File: limits
Comment 8 Neil 2015-12-19 21:30:28 EST
Created attachment 1107861 [details]
File: maps
Comment 9 Neil 2015-12-19 21:30:29 EST
Created attachment 1107862 [details]
File: mountinfo
Comment 10 Neil 2015-12-19 21:30:30 EST
Created attachment 1107863 [details]
File: namespaces
Comment 11 Neil 2015-12-19 21:30:32 EST
Created attachment 1107864 [details]
File: open_fds
Comment 12 Neil 2015-12-19 21:30:33 EST
Created attachment 1107865 [details]
File: proc_pid_status
Comment 13 Neil 2015-12-19 21:30:34 EST
Created attachment 1107866 [details]
File: var_log_messages
Comment 14 Fedora Admin XMLRPC Client 2016-10-14 04:09:28 EDT
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 15 Caolan McNamara 2016-10-14 05:04:01 EDT
*** Bug 1280106 has been marked as a duplicate of this bug. ***
Comment 16 Michael Stahl 2016-11-08 16:59:48 EST
cannot reproduce fullscreen crash in current F24.

action_widget->doc_model is apparently a weak pointer
if it were 0 that would explain it but gdb shows it as non-0.

the glib docs say that this weak reference isn't thread safe
so it's theoretically possible that another thread
deletes the object concurrently but i don't know enough
about evince to say if that is possible.

upstream bug with very similar stack:

https://bugzilla.gnome.org/show_bug.cgi?id=756515

... which i can't reproduce either.

ev_document_model_set_document calls
  g_object_notify (object=0x5616082b60c0, ...
but then ev_page_action_widget_set_document calls
  g_signal_handler_disconnect (instance=0x5616086045b0, ...
is it expected that there are 2 different instances of
EvDocumentModel?

the only place where EvDocumentModel is created is
	ev_window->priv->model = ev_document_model_new ();
in ev_window_init()

the signal that is being broadcast here has a handler registered
from ev_page_action_widget_set_model, but that handler is
never unregistered.

so it could be possible that ev_page_action_widget_set_model
is called twice, and the second call sets a model that is then
destroyed before the first one emits this "notify::document" signal.

but i think i'm not able to fix this if i can't reproduce it,
so i'll just close it upstream since there is already an
upstream bug about it, maybe somebody will fix it...

Note You need to log in before you can comment on or make changes to this bug.