cups-browsed crashed with SIGSEGV in timeout_free()

Bug #1427344 reported by Poezevara alain on 2015-03-02
98
This bug affects 15 people
Affects Status Importance Assigned to Milestone
cups-filters (Ubuntu)
Medium
Unassigned

Bug Description

on every boot

ProblemType: Crash
DistroRelease: Ubuntu 15.04
Package: cups-browsed 1.0.66-0ubuntu1
ProcVersionSignature: Ubuntu 3.19.0-7.7-generic 3.19.0
Uname: Linux 3.19.0-7-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.16.2-0ubuntu1
Architecture: amd64
CupsErrorLog:

Date: Mon Mar 2 17:27:28 2015
ExecutablePath: /usr/sbin/cups-browsed
InstallationDate: Installed on 2015-01-25 (35 days ago)
InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Alpha amd64 (20150125)
Lpstat: device for HP-Photosmart-C3100-series: usb://HP/Photosmart%20C3100%20series?serial=MY6ABC32ND04P9&interface=1
MachineType: ASUS All Series
Papersize: a4
PpdFiles: HP-Photosmart-C3100-series: HP Photosmart c3100 Series, hpcups 3.14.6
ProcAttrCurrent: /usr/sbin/cups-browsed (enforce)
ProcCmdline: /usr/sbin/cups-browsed
ProcEnviron:
 LANG=fr_FR.UTF-8
 PATH=(custom, no user)
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.19.0-7-generic root=UUID=a1f4e400-6d47-4810-8d22-d51139013aa1 ro resume=UUID=c756b5d8-0950-4dd7-8532-4932aac06078 quiet splash vga=845
SegvAnalysis:
 Segfault happened at: 0x7fdf8bc9a15a: movl $0x1,0xa8(%rax)
 PC (0x7fdf8bc9a15a) ok
 source "$0x1" ok
 destination "0xa8(%rax)" (0x000000a8) not located in a known VMA region (needed writable region)!
SegvReason: writing NULL VMA
Signal: 11
SourcePackage: cups-filters
StacktraceTop:
 ?? () from /usr/lib/x86_64-linux-gnu/libavahi-glib.so.1
 ?? () from /usr/lib/x86_64-linux-gnu/libavahi-client.so.3
 ?? () from /usr/lib/x86_64-linux-gnu/libavahi-glib.so.1
 g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
 ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
Title: cups-browsed crashed with SIGSEGV in g_main_context_dispatch()
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups:

dmi.bios.date: 01/28/2014
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: 1802
dmi.board.asset.tag: To be filled by O.E.M.
dmi.board.name: Z87-C
dmi.board.vendor: ASUSTeK COMPUTER INC.
dmi.board.version: Rev 1.xx
dmi.chassis.asset.tag: Asset-1234567890
dmi.chassis.type: 3
dmi.chassis.vendor: Chassis Manufacture
dmi.chassis.version: Chassis Version
dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvr1802:bd01/28/2014:svnASUS:pnAllSeries:pvrSystemVersion:rvnASUSTeKCOMPUTERINC.:rnZ87-C:rvrRev1.xx:cvnChassisManufacture:ct3:cvrChassisVersion:
dmi.product.name: All Series
dmi.product.version: System Version
dmi.sys.vendor: ASUS

Poezevara alain (nenokryz) wrote :

StacktraceTop:
 timeout_free (t=0x22a5240) at glib-watch.c:206
 connection_data_unref (d=0x22b55a0) at ../avahi-common/dbus-watch-glue.c:81
 start_timeout_callback (t=0x22a5240) at glib-watch.c:252
 dispatch_func (source=0x22b9ea0, callback=<optimized out>, userdata=<optimized out>) at glib-watch.c:331
 g_main_dispatch (context=0x2298c70) at /build/buildd/glib2.0-2.43.90/./glib/gmain.c:3122

Changed in cups-filters (Ubuntu):
importance: Undecided → Medium
summary: - cups-browsed crashed with SIGSEGV in g_main_context_dispatch()
+ cups-browsed crashed with SIGSEGV in timeout_free()
tags: removed: need-amd64-retrace
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in cups-filters (Ubuntu):
status: New → Confirmed
information type: Private → Public
Till Kamppeter (till-kamppeter) wrote :

Anyone with this problem, can you please attach your /etc/cups/cups-browsed.conf to this bug report. Thanks.

Changed in cups-filters (Ubuntu):
status: Confirmed → Incomplete
Till Kamppeter (till-kamppeter) wrote :

Tim, I think it was you who added the timeout stuff. Have you an idea what is going on here?

Tim Waugh (twaugh) wrote :

From a quick glance, this looks wrong:

```
  /* If auto shutdown is active we have perhaps scheduled a timer to shut down
     due to not having queues any more to maintain, kill the timer now */
  if (autoshutdown && autoshutdown_exec_id &&
      cupsArrayCount(remote_printers) > 0) {
    debug_printf ("cups-browsed: New printers there to make available, killing auto shutdown timer.\n");
    g_source_destroy(g_main_context_find_source_by_id(NULL,
                                                      autoshutdown_exec_id));
    autoshutdown_exec_id = 0;
  }
```

Why are you calling g_source_destroy() rather than g_source_remove()?

On 03/11/2015 12:14 PM, Tim Waugh wrote:
>>From a quick glance, this looks wrong:
>
> ```
> /* If auto shutdown is active we have perhaps scheduled a timer to shut down
> due to not having queues any more to maintain, kill the timer now */
> if (autoshutdown && autoshutdown_exec_id &&
> cupsArrayCount(remote_printers) > 0) {
> debug_printf ("cups-browsed: New printers there to make available, killing auto shutdown timer.\n");
> g_source_destroy(g_main_context_find_source_by_id(NULL,
> autoshutdown_exec_id));
> autoshutdown_exec_id = 0;
> }
> ```
>
> Why are you calling g_source_destroy() rather than g_source_remove()?
>

I do not know why I have used "g_source_destroy()", perhaps seeing some
example somewhere on the internet.

What is the difference between "g_source_destroy()" and
"g_source_remove()"? Can I safely use "g_source_remove()" without
breaking something else? Or do I even have to use "g_source_remove()"
because the other is missing to do something important?

   Till

Tim Waugh (twaugh) wrote :

Well, read the documentation, don't just call functions at random. ;-)

https://developer.gnome.org/glib/stable/glib-The-Main-Event-Loop.html

Or look at what other programs do.

OK, I will replace the g_source_destroy() by g_source_remove()g_source_remove().

Changed in cups-filters (Ubuntu):
status: Incomplete → Triaged

Replaced g_source_destroy() by g_source_remove() in cups-browsed in upstream BZR rev. 7335. Will be included in cups-filters 1.0.67.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package cups-filters - 1.0.67-0ubuntu1

---------------
cups-filters (1.0.67-0ubuntu1) vivid; urgency=medium

  * New upstream release
     - cups-browsed: Use g_source_remove() instead of g_source_destroy()
       for killing auto shutdown timers (LP: #1427344).
 -- Till Kamppeter <email address hidden> Wed, 11 Mar 2015 16:31:03 +0100

Changed in cups-filters (Ubuntu):
status: Triaged → Fix Released

Everyone who was able to rreproduce the crash with the old package, please test with the new package and tell us whether it solves the problem. Thanks.

To post a comment you must log in.