Segmentation fault in colord-sane

Question

Segmentation fault in colord-sane

TheTumultuousUnicornOfDarkness opened this issue a year ago · 1 comments

TheTumultuousUnicornOfDarkness commented a year ago

Hello,

On Arch Linux with sane 1.2.1 and colord-sane 1.4.6, I see a lot a coredumps from colord-sane everyday.
From journalctl:

Process 955 (colord-sane) of user 975 dumped core.

Stack trace of thread 119134:
#0  0x00007f6c73b30e1a sane_dll_get_devices (libsane.so.1 + 0xce1a)
#1  0x00005613f5cb6c3d cd_sane_client_refresh (colord-sane + 0x2c3d)
#2  0x00007f6c73d96ce4 n/a (libgio-2.0.so.0 + 0xa9ce4)
#3  0x00007f6c73d9abdd n/a (libgio-2.0.so.0 + 0xadbdd)
#4  0x00007f6c73f47cf9 cd_client_get_devices_cb (libcolord.so.2 + 0x30cf9)
#5  0x00007f6c73d96ce4 n/a (libgio-2.0.so.0 + 0xa9ce4)
#6  0x00007f6c73d9abdd n/a (libgio-2.0.so.0 + 0xadbdd)
#7  0x00007f6c73e0504e n/a (libgio-2.0.so.0 + 0x11804e)
#8  0x00007f6c73d96ce4 n/a (libgio-2.0.so.0 + 0xa9ce4)
#9  0x00007f6c73d9abdd n/a (libgio-2.0.so.0 + 0xadbdd)
#10 0x00007f6c73df2243 n/a (libgio-2.0.so.0 + 0x105243)
#11 0x00007f6c73d96ce4 n/a (libgio-2.0.so.0 + 0xa9ce4)
#12 0x00007f6c73d96d1d n/a (libgio-2.0.so.0 + 0xa9d1d)
#13 0x00007f6c73b98f19 n/a (libglib-2.0.so.0 + 0x59f19)
#14 0x00007f6c73bf72b7 n/a (libglib-2.0.so.0 + 0xb82b7)
#15 0x00007f6c73b99b47 g_main_loop_run (libglib-2.0.so.0 + 0x5ab47)
#16 0x00005613f5cb7327 main (colord-sane + 0x3327)
#17 0x00007f6c738d7cd0 n/a (libc.so.6 + 0x27cd0)
#18 0x00007f6c738d7d8a __libc_start_main (libc.so.6 + 0x27d8a)
#19 0x00005613f5cb67f5 _start (colord-sane + 0x27f5)

Stack trace of thread 119135:
#0  0x00007f6c739bed6d syscall (libc.so.6 + 0x10ed6d)
#1  0x00007f6c73bf2247 g_cond_wait (libglib-2.0.so.0 + 0xb3247)
#2  0x00007f6c73b641b4 n/a (libglib-2.0.so.0 + 0x251b4)
#3  0x00007f6c73bcca2e n/a (libglib-2.0.so.0 + 0x8da2e)
#4  0x00007f6c73bca9a5 n/a (libglib-2.0.so.0 + 0x8b9a5)
#5  0x00007f6c7393c9eb n/a (libc.so.6 + 0x8c9eb)
#6  0x00007f6c739c0dfc n/a (libc.so.6 + 0x110dfc)

Stack trace of thread 119137:
#0  0x00007f6c739bed6d syscall (libc.so.6 + 0x10ed6d)
#1  0x00007f6c73bf2c23 g_cond_wait_until (libglib-2.0.so.0 + 0xb3c23)
#2  0x00007f6c73b64185 n/a (libglib-2.0.so.0 + 0x25185)
#3  0x00007f6c73bcd4db n/a (libglib-2.0.so.0 + 0x8e4db)
#4  0x00007f6c73bca9a5 n/a (libglib-2.0.so.0 + 0x8b9a5)
#5  0x00007f6c7393c9eb n/a (libc.so.6 + 0x8c9eb)
#6  0x00007f6c739c0dfc n/a (libc.so.6 + 0x110dfc)

Stack trace of thread 119136:
#0  0x00007f6c739b359f __poll (libc.so.6 + 0x10359f)
#1  0x00007f6c73bf7206 n/a (libglib-2.0.so.0 + 0xb8206)
#2  0x00007f6c73b97112 g_main_context_iteration (libglib-2.0.so.0 + 0x58112)
#3  0x00007f6c73b97162 n/a (libglib-2.0.so.0 + 0x58162)
#4  0x00007f6c73bca9a5 n/a (libglib-2.0.so.0 + 0x8b9a5)
#5  0x00007f6c7393c9eb n/a (libc.so.6 + 0x8c9eb)
#6  0x00007f6c739c0dfc n/a (libc.so.6 + 0x110dfc)

Stack trace of thread 119138:
#0  0x00007f6c739b359f __poll (libc.so.6 + 0x10359f)
#1  0x00007f6c73bf7206 n/a (libglib-2.0.so.0 + 0xb8206)
#2  0x00007f6c73b99b47 g_main_loop_run (libglib-2.0.so.0 + 0x5ab47)
#3  0x00007f6c73dff02c n/a (libgio-2.0.so.0 + 0x11202c)
#4  0x00007f6c73bca9a5 n/a (libglib-2.0.so.0 + 0x8b9a5)
#5  0x00007f6c7393c9eb n/a (libc.so.6 + 0x8c9eb)
#6  0x00007f6c739c0dfc n/a (libc.so.6 + 0x110dfc)
ELF object binary architecture: AMD x86-64

Backtrace from GDB:

#0  sane_dll_get_devices (device_list=device_list@entry=0x7fff07ad6910, local_only=local_only@entry=1) at dll.c:1103
#1  0x00007f6c73b2d74a in sane_get_devices (dl=dl@entry=0x7fff07ad6910, local=local@entry=1) at dll-s.c:21
#2  0x00005613f5cb6c3d in cd_sane_client_refresh (priv=0x5613f7b58b50) at ../colord/contrib/colord-sane/cd-main.c:206
#3  cd_sane_populate_existing_devices_cb (source_object=<optimized out>, res=<optimized out>, user_data=0x5613f7b58b50) at ../colord/contrib/colord-sane/cd-main.c:282
#4  0x00007f6c73d96ce4 in  () at /usr/lib/libgio-2.0.so.0
#5  0x00007f6c73d9abdd in  () at /usr/lib/libgio-2.0.so.0
#6  0x00007f6c73f47cf9 in cd_client_get_devices_cb (source_object=<optimized out>, res=<optimized out>, user_data=0x5613f7b6a6e0) at ../colord/lib/colord/cd-client.c:1807
#7  0x00007f6c73d96ce4 in  () at /usr/lib/libgio-2.0.so.0
#8  0x00007f6c73d9abdd in  () at /usr/lib/libgio-2.0.so.0
#9  0x00007f6c73e0504e in  () at /usr/lib/libgio-2.0.so.0
#10 0x00007f6c73d96ce4 in  () at /usr/lib/libgio-2.0.so.0
#11 0x00007f6c73d9abdd in  () at /usr/lib/libgio-2.0.so.0
#12 0x00007f6c73df2243 in  () at /usr/lib/libgio-2.0.so.0
#13 0x00007f6c73d96ce4 in  () at /usr/lib/libgio-2.0.so.0
#14 0x00007f6c73d96d1d in  () at /usr/lib/libgio-2.0.so.0
#15 0x00007f6c73b98f19 in  () at /usr/lib/libglib-2.0.so.0
#16 0x00007f6c73bf72b7 in  () at /usr/lib/libglib-2.0.so.0
#17 0x00007f6c73b99b47 in g_main_loop_run () at /usr/lib/libglib-2.0.so.0
#18 0x00005613f5cb7327 in main (argc=<optimized out>, argv=0x7fff07ad6e18) at ../colord/contrib/colord-sane/cd-main.c:332

Crash is here:

#0  sane_dll_get_devices (device_list=device_list@entry=0x7fff07ad6910, local_only=local_only@entry=1) at dll.c:1103
1103	      for (num_devs = 0; be_list[num_devs]; ++num_devs);

I started to print the value of variables:

(gdb) p status
$1 = SANE_STATUS_GOOD
(gdb) p be_list
$2 = (const SANE_Device **) 0x1
(gdb) p num_devs
$3 = 0

I opened an issue to sane, but the issue is likely on colord-sane side. dll backend is not thread-safe.
More details are available here: https://gitlab.com/sane-project/backends/-/issues/701

Answer 1 · 2023-11-04T10:11:13.000Z

It seems it does not crash when I use --verbose so it makes things harder to debug for me.