Ubuntu
cups-filters package

cups-browsed crashed with SIGSEGV in timeout_free()

Bug #1427344 reported by Poezevara alain
98
This bug affects 15 people
Affects Status Importance Assigned to Milestone
cups-filters (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

on every boot

ProblemType: Crash
DistroRelease: Ubuntu 15.04
Package: cups-browsed 1.0.66-0ubuntu1
ProcVersionSignature: Ubuntu 3.19.0-7.7-generic 3.19.0
Uname: Linux 3.19.0-7-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.16.2-0ubuntu1
Architecture: amd64
CupsErrorLog:

Date: Mon Mar 2 17:27:28 2015
ExecutablePath: /usr/sbin/cups-browsed
InstallationDate: Installed on 2015-01-25 (35 days ago)
InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Alpha amd64 (20150125)
Lpstat: device for HP-Photosmart-C3100-series: usb://HP/Photosmart%20C3100%20series?serial=MY6ABC32ND04P9&interface=1
MachineType: ASUS All Series
Papersize: a4
PpdFiles: HP-Photosmart-C3100-series: HP Photosmart c3100 Series, hpcups 3.14.6
ProcAttrCurrent: /usr/sbin/cups-browsed (enforce)
ProcCmdline: /usr/sbin/cups-browsed
ProcEnviron:
 LANG=fr_FR.UTF-8
 PATH=(custom, no user)
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.19.0-7-generic root=UUID=a1f4e400-6d47-4810-8d22-d51139013aa1 ro resume=UUID=c756b5d8-0950-4dd7-8532-4932aac06078 quiet splash vga=845
SegvAnalysis:
 Segfault happened at: 0x7fdf8bc9a15a: movl $0x1,0xa8(%rax)
 PC (0x7fdf8bc9a15a) ok
 source "$0x1" ok
 destination "0xa8(%rax)" (0x000000a8) not located in a known VMA region (needed writable region)!
SegvReason: writing NULL VMA
Signal: 11
SourcePackage: cups-filters
StacktraceTop:
 ?? () from /usr/lib/x86_64-linux-gnu/libavahi-glib.so.1
 ?? () from /usr/lib/x86_64-linux-gnu/libavahi-client.so.3
 ?? () from /usr/lib/x86_64-linux-gnu/libavahi-glib.so.1
 g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
 ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
Title: cups-browsed crashed with SIGSEGV in g_main_context_dispatch()
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups:

dmi.bios.date: 01/28/2014
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: 1802
dmi.board.asset.tag: To be filled by O.E.M.
dmi.board.name: Z87-C
dmi.board.vendor: ASUSTeK COMPUTER INC.
dmi.board.version: Rev 1.xx
dmi.chassis.asset.tag: Asset-1234567890
dmi.chassis.type: 3
dmi.chassis.vendor: Chassis Manufacture
dmi.chassis.version: Chassis Version
dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvr1802:bd01/28/2014:svnASUS:pnAllSeries:pvrSystemVersion:rvnASUSTeKCOMPUTERINC.:rnZ87-C:rvrRev1.xx:cvnChassisManufacture:ct3:cvrChassisVersion:
dmi.product.name: All Series
dmi.product.version: System Version
dmi.sys.vendor: ASUS

Revision history for this message
Poezevara alain (nenokryz) wrote :
Revision history for this message
Apport retracing service (apport) wrote :

StacktraceTop:
 timeout_free (t=0x22a5240) at glib-watch.c:206
 connection_data_unref (d=0x22b55a0) at ../avahi-common/dbus-watch-glue.c:81
 start_timeout_callback (t=0x22a5240) at glib-watch.c:252
 dispatch_func (source=0x22b9ea0, callback=<optimized out>, userdata=<optimized out>) at glib-watch.c:331
 g_main_dispatch (context=0x2298c70) at /build/buildd/glib2.0-2.43.90/./glib/gmain.c:3122

Revision history for this message
Apport retracing service (apport) wrote : Stacktrace.txt
Revision history for this message
Apport retracing service (apport) wrote : StacktraceSource.txt
Revision history for this message
Apport retracing service (apport) wrote : ThreadStacktrace.txt
Changed in cups-filters (Ubuntu):
importance: Undecided → Medium
summary: - cups-browsed crashed with SIGSEGV in g_main_context_dispatch()
+ cups-browsed crashed with SIGSEGV in timeout_free()
tags: removed: need-amd64-retrace
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in cups-filters (Ubuntu):
status: New → Confirmed
Till Kamppeter (till-kamppeter)
information type: Private → Public
Revision history for this message
Till Kamppeter (till-kamppeter) wrote :

Anyone with this problem, can you please attach your /etc/cups/cups-browsed.conf to this bug report. Thanks.

Changed in cups-filters (Ubuntu):
status: Confirmed → Incomplete
Revision history for this message
Cristian Aravena Romero (caravena) wrote :
Revision history for this message
Till Kamppeter (till-kamppeter) wrote :

Tim, I think it was you who added the timeout stuff. Have you an idea what is going on here?

Revision history for this message
Tim Waugh (twaugh) wrote :

From a quick glance, this looks wrong:

```
  /* If auto shutdown is active we have perhaps scheduled a timer to shut down
     due to not having queues any more to maintain, kill the timer now */
  if (autoshutdown && autoshutdown_exec_id &&
      cupsArrayCount(remote_printers) > 0) {
    debug_printf ("cups-browsed: New printers there to make available, killing auto shutdown timer.\n");
    g_source_destroy(g_main_context_find_source_by_id(NULL,
                                                      autoshutdown_exec_id));
    autoshutdown_exec_id = 0;
  }
```

Why are you calling g_source_destroy() rather than g_source_remove()?

Revision history for this message
Till Kamppeter (till-kamppeter) wrote : Re: [Bug 1427344] Re: cups-browsed crashed with SIGSEGV in timeout_free()

On 03/11/2015 12:14 PM, Tim Waugh wrote:
>>From a quick glance, this looks wrong:
>
> ```
> /* If auto shutdown is active we have perhaps scheduled a timer to shut down
> due to not having queues any more to maintain, kill the timer now */
> if (autoshutdown && autoshutdown_exec_id &&
> cupsArrayCount(remote_printers) > 0) {
> debug_printf ("cups-browsed: New printers there to make available, killing auto shutdown timer.\n");
> g_source_destroy(g_main_context_find_source_by_id(NULL,
> autoshutdown_exec_id));
> autoshutdown_exec_id = 0;
> }
> ```
>
> Why are you calling g_source_destroy() rather than g_source_remove()?
>

I do not know why I have used "g_source_destroy()", perhaps seeing some
example somewhere on the internet.

What is the difference between "g_source_destroy()" and
"g_source_remove()"? Can I safely use "g_source_remove()" without
breaking something else? Or do I even have to use "g_source_remove()"
because the other is missing to do something important?

   Till

Revision history for this message
Tim Waugh (twaugh) wrote :

Well, read the documentation, don't just call functions at random. ;-)

https://developer.gnome.org/glib/stable/glib-The-Main-Event-Loop.html

Or look at what other programs do.

Revision history for this message
Till Kamppeter (till-kamppeter) wrote :

OK, I will replace the g_source_destroy() by g_source_remove()g_source_remove().

Changed in cups-filters (Ubuntu):
status: Incomplete → Triaged
Revision history for this message
Till Kamppeter (till-kamppeter) wrote :

Replaced g_source_destroy() by g_source_remove() in cups-browsed in upstream BZR rev. 7335. Will be included in cups-filters 1.0.67.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package cups-filters - 1.0.67-0ubuntu1

---------------
cups-filters (1.0.67-0ubuntu1) vivid; urgency=medium

  * New upstream release
     - cups-browsed: Use g_source_remove() instead of g_source_destroy()
       for killing auto shutdown timers (LP: #1427344).
 -- Till Kamppeter <email address hidden> Wed, 11 Mar 2015 16:31:03 +0100

Changed in cups-filters (Ubuntu):
status: Triaged → Fix Released
Revision history for this message
Till Kamppeter (till-kamppeter) wrote :

Everyone who was able to rreproduce the crash with the old package, please test with the new package and tell us whether it solves the problem. Thanks.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.