Opening a pdf from Zotero in evince, I got "failed to load backend for 'application/pdf': libnss3.so: failed to load shared object mapping segment

Thank you for your bug report, what's the output of those commands

$ dpkg -l | grep evince
$ dpkg -l | grep nss
$ ldd -v /usr/lib/x86_64-linux-gnu/evince/4/backends/libpdfdocument.sos

@seb128 Please find these output:

$ dpkg -l | grep evince
ii evince 3.36.0-1 amd64 Document (PostScript, PDF) viewer
ii evince-common 3.36.0-1 all Document (PostScript, PDF) viewer - common files

$ dpkg -l | grep nss
ii libconfig-model-openssh-perl 2.8.0.1-1 all configuration editor for OpenSsh
ii libcurl4-openssl-dev:amd64 7.68.0-1ubuntu1 amd64 development files and documentation for libcurl (OpenSSL flavour)
ii libevent-openssl-2.1-7:amd64 2.1.11-stable-1 amd64 Asynchronous event notification library (openssl)
ii libjansson4:amd64 2.12-1build1 amd64 C library for encoding, decoding and manipulating JSON data
ii libnss-mdns:amd64 0.14.1-1ubuntu1 amd64 NSS module for Multicast DNS name resolution
ii libnss-myhostname:amd64 245.2-1ubuntu2 amd64 nss module providing fallback resolution for the current hostname
ii libnss-systemd:amd64 245.2-1ubuntu2 amd64 nss module providing dynamic user and group name resolution
ii libnss3:amd64 2:3.49.1-1ubuntu1 amd64 Network Security Service libraries
ii libxmlsec1-nss:amd64 1.2.28-2 amd64 Nss engine for the XML security library
ii openssh-client 1:8.1p1-5 amd64 secure shell (SSH) client, for secure access to remote machines
ii openssh-server 1:8.1p1-5 amd64 secure shell (SSH) server, for secure access from remote machines
ii openssh-sftp-server 1:8.1p1-5 amd64 secure shell (SSH) sftp server module, for SFTP access from remote machines
ii openssl 1.1.1d-2ubuntu6 amd64 Secure Sockets Layer toolkit - cryptographic utility
ii perl-openssl-defaults:amd64 4 amd64 version compatibility baseline for Perl OpenSSL packages
ii python-openssl 19.0.0-1build1 all Python 2 wrapper around the OpenSSL library

And there's no libpdfdocument.sos but I suppose you meant libpdfdocument.so :

$ ldd -v /usr/lib/x86_64-linux-gnu/evince/4/backends/libpdfdocument.so
 linux-vdso.so.1 (0x00007ffe9ca13000)
 libevdocument3.so.4 => /usr/lib/x86_64-linux-gnu/libevdocument3.so.4 (0x00007fd470424000)
 libgtk-3.so.0 => /usr/lib/x86_64-linux-gnu/libgtk-3.so.0 (0x00007fd46fd18000)
 libpango-1.0.so.0 => /us...

Thanks, that looks normal. I'm unsure to understand the description now though, 'Opening a pdf file from Zotero in evince' ... what is Zotero in that context? Is that where the file is stored/in a remote location?

Can you add a 'journalctl -b 0' log to the bug after triggering the bug?

Zotero is a bibliography tool (https://www.zotero.org/). When I double click on a pdf in it, it opens the pdf file using the default system tool, here evince, and triggers that evince error.

Here is the tail of journalctl -b 0 output with the relevant lines:

mars 27 11:53:08 darwin audit[52507]: AVC apparmor="DENIED" operation="file_mmap" profile="/usr/bin/evince" name="/home/nicolas/Zotero_linux-x86_64/libnss3.so" pid=52507 comm="EvJobScheduler" requested_mask="m" denied_mask="m" fsuid=1000 ouid=1000
mars 27 11:53:08 darwin kernel: audit: type=1400 audit(1585306388.116:3096): apparmor="DENIED" operation="file_mmap" profile="/usr/bin/evince" name="/home/nicolas/Zotero_linux-x86_64/libnss3.so" pid=52507 comm="EvJobScheduler" requested_mask="m" denied_mask="m" fsuid=1000 ouid=1000
mars 27 11:53:08 darwin kernel: audit: type=1400 audit(1585306388.116:3097): apparmor="DENIED" operation="file_mmap" profile="/usr/bin/evince" name="/home/nicolas/Zotero_linux-x86_64/libnss3.so" pid=52507 comm="EvJobScheduler" requested_mask="m" denied_mask="m" fsuid=1000 ouid=1000
mars 27 11:53:08 darwin audit[52507]: AVC apparmor="DENIED" operation="file_mmap" profile="/usr/bin/evince" name="/home/nicolas/Zotero_linux-x86_64/libnss3.so" pid=52507 comm="EvJobScheduler" requested_mask="m" denied_mask="m" fsuid=1000 ouid=1000

That's seems to be fixed in latest version, probably through this modification:

  * d/apparmor-profile.abstraction:
    Allow running dash/bash with inherited AppArmor profile.
    GDesktopAppInfo in GLib 2.64.x uses a one-line shell script to carry
    out some setup when launching .desktop files, for example as a
    URL handler. (Closes: #954013)

@seb128: it's broken again in latest 3.36.0 release: Failed to load backend for 'application/pdf': libnss3.so: échec d'adressage (mapping) du segment de l'objet partagé

could you give the output of

$ ldd -r `which evince`

I have the same (or at least a very similar) problem. On a fully up to date xubuntu 20-04 system, when i run evince and click on a link, it fails to follow that link in my browser. This kind of thing happens when you are reading a technical paper and want to follow one of the references and click on the doi or url.

When i click on the link i get a box that i cannot copy from that says:
Failed to launch preferred application for category "WebBrowser".

Failed to execute child process "/usr/lib/x86_64-linux-gnu/xfce4/exo-2/exo-helper-2"(Permission denied).

Did I say that it is annoying that i could not copy the text in this box!!!!!!

The output of the ldd command you asked for is attached.

I should also point out that this worked fine under xubuntu 18.04.

One more comment: atril works just fine and is a perfectly good work around.

@Kenneth, the issue you describe is a different one and similar to bug #987578 , it sounds like the apparmor profile doesn't recognize the binary you want called as an authorized one. You should try opening an apparmor report

bug #1891338 is about the new issue