Bug 2316971 - [abrt] evolution: gnome_canvas_request_update(): evolution killed by SIGSEGV
Summary: [abrt] evolution: gnome_canvas_request_update(): evolution killed by SIGSEGV
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: evolution
Version: 40
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Milan Crha
QA Contact: Fedora Extras Quality Assurance
URL: https://retrace.fedoraproject.org/faf...
Whiteboard: abrt_hash:056193c8a005d3060449857862d...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-10-07 13:40 UTC by Brian J. Murrell
Modified: 2024-10-08 11:30 UTC (History)
3 users (show)

Fixed In Version: evolution-3.54.1
Clone Of:
Environment:
Last Closed: 2024-10-08 11:30:28 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
File: exploitable (81 bytes, text/plain)
2024-10-07 13:40 UTC, Brian J. Murrell
no flags Details
File: os_info (734 bytes, text/plain)
2024-10-07 13:40 UTC, Brian J. Murrell
no flags Details
File: environ (2.38 KB, text/plain)
2024-10-07 13:40 UTC, Brian J. Murrell
no flags Details
File: maps (3.97 KB, text/plain)
2024-10-07 13:40 UTC, Brian J. Murrell
no flags Details
File: proc_pid_status (1.52 KB, text/plain)
2024-10-07 13:40 UTC, Brian J. Murrell
no flags Details
File: core_backtrace (78.96 KB, text/plain)
2024-10-07 13:41 UTC, Brian J. Murrell
no flags Details
File: mountinfo (3.93 KB, text/plain)
2024-10-07 13:41 UTC, Brian J. Murrell
no flags Details
File: open_fds (18.14 KB, text/plain)
2024-10-07 13:41 UTC, Brian J. Murrell
no flags Details
File: backtrace (143.19 KB, text/plain)
2024-10-07 13:41 UTC, Brian J. Murrell
no flags Details
File: cpuinfo (3.18 KB, text/plain)
2024-10-07 13:41 UTC, Brian J. Murrell
no flags Details
File: limits (1.29 KB, text/plain)
2024-10-07 13:41 UTC, Brian J. Murrell
no flags Details

Description Brian J. Murrell 2024-10-07 13:40:49 UTC
Description of problem:
Just using Evolution as usual.

Version-Release number of selected component:
evolution-3.52.4-1.fc40

Additional info:
reporter:       libreport-2.17.15
backtrace_rating: 4
uid:            1001
dso_list:       /usr/bin/evolution evolution-3.52.4-1.fc40.x86_64 (Fedora Project) 1722854482
package:        evolution-3.52.4-1.fc40
rootdir:        /
crash_function: gnome_canvas_request_update
comment:        Just using Evolution as usual.
cmdline:        /usr/bin/evolution
kernel:         6.10.6-200.fc40.x86_64
cgroup:         0::/user.slice/user-1001.slice/user/app.slice/app-gnome-org.gnome.Evolution-3363714.scope
journald_cursor: s=490d139e85184c21b92250c4c79a5365;i=9935f10;b=a6540aaa2a364c1a92a23bf20ef21112;m=190cea7c686;t=622dfb542d295;x=a4c11c1664b78e15
reason:         evolution killed by SIGSEGV
executable:     /usr/bin/evolution
type:           CCpp
runlevel:       N 5

Truncated backtrace:
Thread no. 1 (16 frames)
 #0 gnome_canvas_request_update at /usr/src/debug/evolution-3.52.4-1.fc40.x86_64/src/libgnomecanvas/gnome-canvas.c:3176
 #1 gnome_canvas_item_request_update at /usr/src/debug/evolution-3.52.4-1.fc40.x86_64/src/libgnomecanvas/gnome-canvas.c:1229
 #3 signal_emit_unlocked_R.isra.0 at ../gobject/gsignal.c:3888
 #4 signal_emit_valist_unlocked at ../gobject/gsignal.c:3520
 #7 e_selection_model_array_insert_rows at /usr/src/debug/evolution-3.52.4-1.fc40.x86_64/src/e-util/e-selection-model-array.c:139
 #8 model_rows_inserted at /usr/src/debug/evolution-3.52.4-1.fc40.x86_64/src/e-util/e-table-selection-model.c:164
 #9 ffi_call_unix64 at ../src/x86/unix64.S:104
 #10 ffi_call_int at ../src/x86/ffi64.c:673
 #11 ffi_call at ../src/x86/ffi64.c:710
 #12 g_cclosure_marshal_generic at ../gobject/gclosure.c:1538
 #14 signal_emit_unlocked_R.isra.0 at ../gobject/gsignal.c:3888
 #15 signal_emit_valist_unlocked at ../gobject/gsignal.c:3520
 #18 cal_data_model_add_component_cb at /usr/src/debug/evolution-3.52.4-1.fc40.x86_64/src/calendar/gui/e-cal-data-model.c:648
 #19 cal_data_model_foreach_subscriber_in_range at /usr/src/debug/evolution-3.52.4-1.fc40.x86_64/src/calendar/gui/e-cal-data-model.c:578
 #20 cal_data_model_process_added_component at /usr/src/debug/evolution-3.52.4-1.fc40.x86_64/src/calendar/gui/e-cal-data-model.c:878
 #22 cal_data_model_process_modified_or_added_objects at /usr/src/debug/evolution-3.52.4-1.fc40.x86_64/src/calendar/gui/e-cal-data-model.c:1320

Comment 1 Brian J. Murrell 2024-10-07 13:40:53 UTC
Created attachment 2050838 [details]
File: exploitable

Comment 2 Brian J. Murrell 2024-10-07 13:40:54 UTC
Created attachment 2050839 [details]
File: os_info

Comment 3 Brian J. Murrell 2024-10-07 13:40:55 UTC
Created attachment 2050840 [details]
File: environ

Comment 4 Brian J. Murrell 2024-10-07 13:40:57 UTC
Created attachment 2050841 [details]
File: maps

Comment 5 Brian J. Murrell 2024-10-07 13:40:58 UTC
Created attachment 2050842 [details]
File: proc_pid_status

Comment 6 Brian J. Murrell 2024-10-07 13:41:00 UTC
Created attachment 2050843 [details]
File: core_backtrace

Comment 7 Brian J. Murrell 2024-10-07 13:41:01 UTC
Created attachment 2050844 [details]
File: mountinfo

Comment 8 Brian J. Murrell 2024-10-07 13:41:03 UTC
Created attachment 2050845 [details]
File: open_fds

Comment 9 Brian J. Murrell 2024-10-07 13:41:04 UTC
Created attachment 2050846 [details]
File: backtrace

Comment 10 Brian J. Murrell 2024-10-07 13:41:06 UTC
Created attachment 2050847 [details]
File: cpuinfo

Comment 11 Brian J. Murrell 2024-10-07 13:41:07 UTC
Created attachment 2050848 [details]
File: limits

Comment 12 Milan Crha 2024-10-08 09:55:09 UTC
Thanks for a bug report. The backtace shows that the crash happened while one of the calendars (task lists or memo lists, it's not obvious from the backtrace which one it was) reported new events to be added into the GUI, which wanted to update the selection, when the crash happened.

I do not recall seeing any such crash in the past and this code did not change for years, thus it's at least nothing new (not a regression).

I will add safety checks into the top functions in the backtrace, which can avoid the crash, but which will not fix the root cause of the problem.

Comment 13 Milan Crha 2024-10-08 11:30:28 UTC
I made the change upstream [1] for 3.55.1+ and 3.54.1+, thus for Fedora 41 and rawhide. If it'll turn out the crash happens repeatedly for you, I can backport the change to the Fedora 40 as well.

[1] https://gitlab.gnome.org/GNOME/evolution/-/commit/4530b4ecc1


Note You need to log in before you can comment on or make changes to this bug.