Ubuntu
cups package

cupsd crashed with SIGSEGV in main() straight after boot and then periodically.

Bug #860691 reported by j0e
42
This bug affects 5 people
Affects Status Importance Assigned to Milestone
cups (Ubuntu)
Fix Released
Medium
Till Kamppeter
Ubuntu oneiric-updates
Oneiric
Fix Released
Medium
Till Kamppeter
Ubuntu oneiric-updates

Bug Description

After boot Cupsd crashes. There seems to be a watch dog that starts it again, after a couple minutes it crashes again. There is no printer at all attached to the computer.

ProblemType: Crash
DistroRelease: Ubuntu 11.10
Package: cups 1.5.0-7
ProcVersionSignature: Ubuntu 3.0.0-11.18-generic 3.0.4
Uname: Linux 3.0.0-11-generic i686
ApportVersion: 1.23-0ubuntu1
Architecture: i386
Date: Tue Sep 27 23:43:56 2011
ExecutablePath: /usr/sbin/cupsd
Lpstat: Error: command ['lpstat', '-v'] failed with exit code 1: lpstat: No destinations added.
MachineType: TOSHIBA Satellite M50
Papersize: a4
PccardctlIdent:
 Socket 0:
   no product info available
PccardctlStatus:
 Socket 0:
   no card
ProcAttrCurrent: /usr/sbin/cupsd (enforce)
ProcCmdline: /usr/sbin/cupsd -F
ProcEnviron: PATH=(custom, no user)
ProcKernelCmdLine: root=UUID=ab11c613-666e-4ac0-a871-2b64754c6df5 ro quiet splash
SegvAnalysis:
 Segfault happened at: 0xd869e3: call *%edx
 PC (0x00d869e3) ok
 source "*%edx" (0x632d7365) not located in a known VMA region (needed readable region)!
 destination "(%esp)" (0xbfeb2480) ok
SegvReason: reading unknown VMA
Signal: 11
SourcePackage: cups
Stacktrace:
 #0 0x00d869e3 in ?? ()
 No symbol table info available.
 #1 0x00d49446 in main ()
 No symbol table info available.
StacktraceTop:
 ?? ()
 main ()
Title: cupsd crashed with SIGSEGV in main()
UpgradeStatus: Upgraded to oneiric on 2011-09-27 (0 days ago)
UserGroups:

dmi.bios.date: 07/04/2005
dmi.bios.vendor: TOSHIBA
dmi.bios.version: V1.30
dmi.board.name: ECU00
dmi.board.vendor: TOSHIBA
dmi.board.version: Null
dmi.chassis.asset.tag: *
dmi.chassis.type: 10
dmi.chassis.vendor: TOSHIBA
dmi.chassis.version: N/A
dmi.modalias: dmi:bvnTOSHIBA:bvrV1.30:bd07/04/2005:svnTOSHIBA:pnSatelliteM50:pvrPSM51A-01L00K:rvnTOSHIBA:rnECU00:rvrNull:cvnTOSHIBA:ct10:cvrN/A:
dmi.product.name: Satellite M50
dmi.product.version: PSM51A-01L00K
dmi.sys.vendor: TOSHIBA

Revision history for this message
j0e (joe-james) wrote :
Revision history for this message
Apport retracing service (apport) wrote :

StacktraceTop:
 cupsdRunTimeout (timeout=0x226d2bd0) at timeout.c:157
 main (argc=2, argv=0xbfeb2664) at main.c:900

Revision history for this message
Apport retracing service (apport) wrote : Stacktrace.txt
Revision history for this message
Apport retracing service (apport) wrote : ThreadStacktrace.txt
Changed in cups (Ubuntu):
importance: Undecided → Medium
tags: removed: need-i386-retrace
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in cups (Ubuntu):
status: New → Confirmed
Till Kamppeter (till-kamppeter)
visibility: private → public
Revision history for this message
Till Kamppeter (till-kamppeter) wrote :

Here is another problem with an Avahi code call via timeout.

Revision history for this message
Tim Waugh (twaugh) wrote :

Very clearly a memory scribble. The called address is 0x632d7365, which is ASCII.

$ printf %b '\x63\x2d\x73\x65\n'
c-se

Revision history for this message
Tim Waugh (twaugh) wrote :

My best guess is that this is another instance of cupsArrayRemove() causing problems, as in http://www.cups.org/str.php?L3951.

Revision history for this message
Tim Waugh (twaugh) wrote :

Please take a look at commit 2ed292ab433f6fa51f2dd8639ca445390ae25fac. It changes the Timeouts array into an unsorted array, which makes cupsArrayRemove() a lot more predictable.

Revision history for this message
Tim Waugh (twaugh) wrote :

I've pushed another, simpler, fix: compare_timeouts() now uses the address of the cupsd_timeout_t object in the case of a tie.

Revision history for this message
Till Kamppeter (till-kamppeter) wrote :

Thanks for your patches. I am testing now with the sum of your patches from 2ed292ab4 to now, which results in a nice small patch for in-freeze or SRU upload ...

Changed in cups (Ubuntu):
status: Confirmed → In Progress
Revision history for this message
Till Kamppeter (till-kamppeter) wrote :

Tim, I have tested your patch now and CUPS is stable for me (but I did not have the crash before).

Changed in cups (Ubuntu):
status: In Progress → Fix Committed
Till Kamppeter (till-kamppeter)
Changed in cups (Ubuntu):
milestone: none → oneiric-updates
Till Kamppeter (till-kamppeter)
Changed in cups (Ubuntu):
assignee: nobody → Martin Pitt (pitti)
Revision history for this message
Martin Pitt (pitti) wrote : Please test proposed package

Hello j0e, or anyone else affected,

Accepted cups into oneiric-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in cups (Ubuntu Oneiric):
assignee: Martin Pitt (pitti) → Till Kamppeter (till-kamppeter)
tags: added: verification-needed
Revision history for this message
j0e (joe-james) wrote :

I can confirm that this is no longer an issue for me in package: cups 1.5.0-8

Thanks.

Martin Pitt (pitti)
tags: added: verification-done
removed: verification-needed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package cups - 1.5.0-8ubuntu1

---------------
cups (1.5.0-8ubuntu1) oneiric-proposed; urgency=low

  [ Till Kamppeter ]
  * debian/patches/cups-avahi.patch: Updated patch from upstream (Red Hat)
    to fix crashes of the CUPS daemon when using the timeout function call
    functionality (LP: #860691, LP: #860498).

  [ Martin Pitt ]
  * debian/local/apparmor-profile: Also allow cups to map libraries under
    /usr/local/. (LP: #860765)
 -- Till Kamppeter <email address hidden> Fri, 7 Oct 2011 17:01:43 +0200

Changed in cups (Ubuntu):
status: Fix Committed → Fix Released
Changed in cups (Ubuntu Oneiric):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.