Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Drivers shipped by Kyocera gets segfault due thread conflict in 2.4.2 #619

Closed
zdohnal opened this issue Feb 20, 2023 · 5 comments
Closed
Labels
bug Something isn't working priority-medium

Comments

@zdohnal
Copy link
Member

zdohnal commented Feb 20, 2023

Describe the bug
Reported in Fedora as bug - to sum it up - install your Kyocera printer with the driver from the link and try to print

To Reproduce

  1. $ lp -d <printer_installed_with_kyocera_driver_from_the_link> /etc/fstab
  2. rastertokpsl crashes
июн 07 14:31:47 AmCave systemd-coredump[117131]: [🡕] Process 117128 (rastertokpsl) of user 4 dumped core.
                                                    
                                                    Module linux-vdso.so.1 with build-id bbfba337e4ff5782c225df596fd0560be96d05f2
                                                    Module libgpg-error.so.0 with build-id a53c231739d55cc39b97e28c36cd8b3e58a8f8f8
                                                    Metadata for module libgpg-error.so.0 owned by FDO found: {
                                                            "type" : "rpm",
                                                            "name" : "libgpg-error",
                                                            "version" : "1.45-1.fc36",
                                                            "architecture" : "x86_64",
                                                            "osCpe" : "cpe:/o:fedoraproject:fedora:36"
                                                    }
                                                    
                                                    Module libgcc_s.so.1 with build-id 1e82df1fa0e0de4d8382b75c0fa730e0672f1a47
                                                    Module libgcrypt.so.20 with build-id ab80eae398f8814c7dc7bfc27fa3724491a47294
                                                    Stack trace of thread 117128:
                                                    #0  0x00007f6e8411eebd _cupsRasterClearError (libcups.so.2 + 0x4aebd)
                                                    #1  0x00007f6e8411ef10 _cupsRasterNew (libcups.so.2 + 0x4af10)
                                                    #2  0x0000000000406cdf n/a (rastertokpsl + 0x6cdf)
                                                    #3  0x00007f6e841a2550 __libc_start_call_main (libc.so.6 + 0x29550)
                                                    #4  0x00007f6e841a2609 __libc_start_main@@GLIBC_2.34 (libc.so.6 + 0x29609)
                                                    #5  0x000000000040799d n/a (rastertokpsl + 0x799d)
                                                    ELF object binary architecture: AMD x86-64

Expected behavior
No crash.

System Information:

  • Fedora 36
  • 'lp'
  • CUPS 2.4.2

Additional context
More debugging information are provided in Fedora bugzilla - I was able to found out it happens because _cupsGlobals() returns NULL in _cupsRasterClearError() and then dereferences it and I've tracked the issue had started to happen after our commit for multithreaded glibc functions.

@michaelrsweet
Copy link
Member

Interesting because _cupsGlobals will only return NULL if the malloc fails, and that code did not change...

@zdohnal zdohnal added the investigating Investigating the issue label Mar 8, 2023
@LorenzISR
Copy link

I am not sure if this is related, but if I am trying to add a Kyocera printer using the cups web-UI it says "Unable to get list of printer drivers: Internal Server Error" /var/log/cups/error_log has this:
PID 4562 (/usr/lib/cups/daemon/cups-driverd) crashed on signal 11.

I am on Alpine Linux edge. It broke after I updated it today (I probably last updated a week ago). I don't have time to investigate this further currently, but if I find some more information, I'll add it later.

@zdohnal
Copy link
Member Author

zdohnal commented May 18, 2023

Hi @LorenzISR ,

thank you for the info! It looks like a different issue - the one crashing here in this issue is Kyocera filter during printing. Once you get to the issue again, please open a new issue, upload a full backtrace of the crash and more detailed steps how to got the issue (detailed steps+your cups version+if it happens everytime).

@zdohnal
Copy link
Member Author

zdohnal commented May 18, 2023

@michaelrsweet I was wrong - _cupsGlobals() returns a pointer, but the pointer can't be accessed:

Breakpoint 2, _cupsRasterClearError () at raster-error.c:98
98	  _cups_globals_t	*cg = _cupsGlobals();
(gdb) disable br 1
(gdb) n
100	  _cups_raster_error_t	*buf = &cg->raster_error;
(gdb) p cg
$2 = (_cups_globals_t *) 0x651a20
(gdb) p *cg
Cannot access memory at address 0x655000

it happens because pthread_setspecific() gets inaccessible pointer from cups_globals_allocate():

(gdb) p value
$5 = (const void *) 0x651a20
(gdb) p *(_cups_globals_t*)value
Cannot access memory at address 0x655000

I was able to track that it the new array in _cups_globals_t (pw_buf) was causing this - moving the buffer to a local variable does the trick.

@zdohnal zdohnal added bug Something isn't working priority-medium and removed investigating Investigating the issue labels May 19, 2023
@zdohnal
Copy link
Member Author

zdohnal commented May 19, 2023

3257232 fixes the issue, thank you, Mike!

@zdohnal zdohnal closed this as completed May 19, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working priority-medium
Projects
None yet
Development

No branches or pull requests

3 participants