Bug 1761530
| Summary: | genesys backend aborts simple-scan due being compiled with _GLIBCXX_ASSERTIONS | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Zdenek Dohnal <zdohnal> |
| Component: | sane-backends | Assignee: | Nils Philippsen <nphilipp> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 30 | CC: | alex, ced, el, link, mike, nphilipp, phil, thibault.north, xose.vazquez, zdohnal |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | sane-backends-1.0.28-4.fc30 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-10-19 17:41:51 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Zdenek Dohnal
2019-10-14 15:06:44 UTC
And the backtrace is the same too or it asserts on different place? And would you mind testing this build https://koji.fedoraproject.org/koji/taskinfo?taskID=38292981 ? Would anyone mind testing this build? https://koji.fedoraproject.org/koji/taskinfo?taskID=38305816 If it still aborts, then attach the backtrace when it differs from initial one. Reason of crash: ---------------- sane-backends in Fedora is built with -D _GLIBCXX_ASSERTIONS option, which is added by default by build system. The option causes to abort the program when there is an attempt to access vector on an index which does not exist (size of vector is smaller than index value). The behavior can be on more places in genesys backend code, but since I do not have a scanner which uses genesys backend, I cannot test it and fix it properly without reporters cooperation (testing it on the real scanner). The genesys backend code went through refactoring between 1.0.27 and 1.0.28 and the real and full fix will need to come from upstream. I'm deeply sorry for inconvenience. This looks like a slightly different backtrace:
/usr/include/c++/9/bits/stl_vector.h:1042: std::vector<_Tp, _Alloc>::reference std::vector<_Tp, _Alloc>::operator[](std::vector<_Tp, _Alloc>::size_type) [with _Tp = short unsigned int; _Alloc = std::allocator<short unsigned int>; std::vector<_Tp, _Alloc>::reference = short unsigned int&; std::vector<_Tp, _Alloc>::size_type = long unsigned int]: Assertion '__builtin_expect(__n < this->size(), true)' failed.
Thread 8 "scan-thread" received signal SIGABRT, Aborted.
[Switching to Thread 0x7fffe62e7700 (LWP 72954)]
0x00007ffff6e9d625 in raise () from /lib64/libc.so.6
(gdb) ba
#0 0x00007ffff6e9d625 in raise () from /lib64/libc.so.6
#1 0x00007ffff6e868d9 in abort () from /lib64/libc.so.6
#2 0x00007fffe43ab0c8 in std::__replacement_assert (
__file=__file@entry=0x7fffe44103e0 "/usr/include/c++/9/bits/stl_vector.h",
__line=__line@entry=1042,
__function=__function@entry=0x7fffe44112f8 "std::vector<_Tp, _Alloc>::reference std::vector<_Tp, _Alloc>::operator[](std::vector<_Tp, _Alloc>::size_type) [with _Tp = short unsigned int; _Alloc = std::allocator<short unsigned int>; std::vector<_"...,
__condition=__condition@entry=0x7fffe4410290 "__builtin_expect(__n < this->size(), true)") at /usr/include/c++/9/x86_64-redhat-linux/bits/c++config.h:2533
#3 0x00007fffe440a43e in std::vector<unsigned short, std::allocator<unsigned short> >::operator[] (__n=<optimized out>, this=0x7fffe62e68d0)
at /usr/include/c++/9/bits/stl_vector.h:1040
#4 safe_vec_addr<unsigned short> (i=<optimized out>,
vec=std::vector of length 256, capacity 256 = {...}) at genesys_low.cc:55
#5 sanei_genesys_generate_gamma_buffer (dev=<optimized out>, sensor=...,
bits=<optimized out>, max=65535, size=257, gamma=0x7fffdc0cf1e0 "")
at genesys_low.cc:1237
#6 0x00007fffe440a5ae in sanei_genesys_send_gamma_table (dev=0x7fffdc0a2c80,
sensor=...) at genesys_low.cc:1276
#7 0x00007fffe43a3cd2 in genesys_start_scan (lamp_off=0, dev=0x7fffdc0a2c80)
at genesys.cc:3849
#8 sane_start_impl (handle=0x7fffdc0cc170) at genesys.cc:7230
#9 sane_start_impl (handle=0x7fffdc0cc170) at genesys.cc:7208
#10 0x00007fffe43a540e in <lambda()>::operator() (__closure=<optimized out>)
at genesys.cc:7295
#11 wrap_exceptions_to_status_code<sane_genesys_start(SANE_Handle)::<lambda()> > (func=0x7fffe4413953 "sane_genesys_start", function=...)
at genesys_error.h:165
#12 sane_genesys_start (handle=<optimized out>) at genesys.cc:7293
#13 0x000055555558b3d5 in _scanner_scan_thread_gthread_func ()
#14 0x00007ffff7dc2f52 in g_thread_proxy () from /lib64/libglib-2.0.so.0
#15 0x00007ffff6dd44e2 in start_thread () from /lib64/libpthread.so.0
#16 0x00007ffff6f62643 in clone () from /lib64/libc.so.6
Hmm... I wrote the similar code in my test example and it worked without abort. Would you mind trying the build https://koji.fedoraproject.org/koji/taskinfo?taskID=38324885 ? Please note you need to use 'dnf reinstall' when you install rpms from the build, because it has the same NVR as previous builds, and all packages are needed. Just tried build 38324903 on my side and it works fine: ❯ scanimage -L device `genesys:libusb:001:024' is a Canon LiDE 110 flatbed scanner ❯ scanimage --test Output format is not set, using pnm as a default. scanimage: scanning image of size 636x885 pixels at 8 bits/pixel scanimage: acquiring gray frame, 8 bits/sample scanimage: reading one scanline, 636 bytes... PASS scanimage: reading one byte... PASS scanimage: stepped read, 2 bytes... PASS scanimage: stepped read, 4 bytes... PASS scanimage: stepped read, 8 bytes... PASS scanimage: stepped read, 16 bytes... PASS scanimage: stepped read, 32 bytes... PASS scanimage: stepped read, 64 bytes... PASS scanimage: stepped read, 128 bytes... PASS scanimage: stepped read, 256 bytes... PASS scanimage: stepped read, 512 bytes... PASS scanimage: stepped read, 1024 bytes... PASS scanimage: stepped read, 1023 bytes... PASS scanimage: stepped read, 511 bytes... PASS scanimage: stepped read, 255 bytes... PASS scanimage: stepped read, 127 bytes... PASS scanimage: stepped read, 63 bytes... PASS scanimage: stepped read, 31 bytes... PASS scanimage: stepped read, 15 bytes... PASS scanimage: stepped read, 7 bytes... PASS scanimage: stepped read, 3 bytes... PASS A quick preview and scan test in xsane is fine too @Zdenek Dohnal I tested your referenced build https://koji.fedoraproject.org/koji/taskinfo?taskID=38324885 and everything appears to be working fine on my end. Thanks! Also confirming that the build in https://koji.fedoraproject.org/koji/taskinfo?taskID=38324885 seems to work fine. I just scanned a couple of documents using https://koji.fedoraproject.org/koji/taskinfo?taskID=38324885 and it worked fine for me too! FEDORA-2019-4c80d8cf5f has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-4c80d8cf5f (In reply to Fedora Update System from comment #10) > FEDORA-2019-4c80d8cf5f has been submitted as an update to Fedora 30. > https://bodhi.fedoraproject.org/updates/FEDORA-2019-4c80d8cf5f Please, karma is needed https://bodhi.fedoraproject.org/updates/FEDORA-2019-4c80d8cf5f Thanks. sane-backends-1.0.28-3.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-4c80d8cf5f FEDORA-2019-4e0ac1c8bb has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-4e0ac1c8bb Hi all, I'm still working with upstream on permanent solution https://gitlab.com/sane-project/backends/issues/156 , pull request https://gitlab.com/sane-project/backends/merge_requests/220 . I probably found out the real cause of abort - sanei_genesys_create_default_gamma_table() creates a vector of length only 256, but size needed by sanei_genesys_generate_gamma_buffer() is 257. IMO it is due the scanner asic type is GL846 and higher - those types need size=257. I'm going to create a patch, but I would like to ask any of you to test it, because I'm not able to. Would anyone mind testing the build https://koji.fedoraproject.org/koji/taskinfo?taskID=38362978 ? With build https://koji.fedoraproject.org/koji/taskinfo?taskID=38362978 x86_64: ❯ sha256sum /usr/lib64/sane/libsane-genesys.so.1.0.28 9cffd4c5b3b2f0c2f472d0ef50f7cd1c2d06ce79301580f4bec4765f59f94c3e /usr/lib64/sane/libsane-genesys.so.1.0.28 ❯ scanimage -L device `genesys:libusb:001:039' is a Canon LiDE 110 flatbed scanner ❯ gdb /usr/bin/scanimage (gdb) run --test 0x00007ffff7d77e35 in raise () from /usr/lib64/libc.so.6 Missing separate debuginfos, use: dnf debuginfo-install jbigkit-libs-2.1-16.fc30.x86_64 libgcc-9.2.1-1.fc30.x86_64 libieee1284-0.2.11-30.fc30.x86_64 libjpeg-turbo-2.0.2-1.fc30.x86_64 libpng-1.6.36-1.fc30.x86_64 libstdc++-9.2.1-1.fc30.x86_64 libtiff-4.0.10-5.fc30.x86_64 libusbx-1.0.22-2.fc30.x86_64 libv4l-1.16.7-1.fc30.x86_64 systemd-libs-241-12.git1e19bcd.fc30.x86_64 zlib-1.2.11-18.fc30.x86_64 (gdb) bt #0 0x00007ffff7d77e35 in raise () from /usr/lib64/libc.so.6 #1 0x00007ffff7d62895 in abort () from /usr/lib64/libc.so.6 #2 0x00007ffff69e80e8 in std::__replacement_assert (__file=__file@entry=0x7ffff6a4d3e0 "/usr/include/c++/9/bits/stl_vector.h", __line=__line@entry=1042, __function=__function@entry=0x7ffff6a4e2f8 "std::vector<_Tp, _Alloc>::reference std::vector<_Tp, _Alloc>::operator[](std::vector<_Tp, _Alloc>::size_type) [with _Tp = short unsigned int; _Alloc = std::allocator<short unsigned int>; std::vector<_"..., __condition=__condition@entry=0x7ffff6a4d290 "__builtin_expect(__n < this->size(), true)") at /usr/include/c++/9/x86_64-redhat-linux/bits/c++config.h:2533 #3 0x00007ffff6a471cf in std::vector<unsigned short, std::allocator<unsigned short> >::operator[] (__n=<optimized out>, this=<optimized out>) at /usr/include/c++/9/bits/stl_vector.h:1040 #4 sanei_genesys_generate_gamma_buffer (dev=0x55555562cdf0, sensor=..., bits=<optimized out>, max=65535, size=<optimized out>, gamma=0x555555651150 "") at genesys_low.cc:1232 #5 0x00007ffff6a474ce in sanei_genesys_send_gamma_table (dev=0x55555562cdf0, sensor=...) at genesys_low.cc:1271 #6 0x00007ffff69e0cf2 in genesys_start_scan (lamp_off=0, dev=0x55555562cdf0) at genesys.cc:3852 #7 sane_start_impl (handle=0x55555564f930) at genesys.cc:7233 #8 sane_start_impl (handle=0x55555564f930) at genesys.cc:7211 #9 0x00007ffff69e242e in <lambda()>::operator() (__closure=<optimized out>) at genesys.cc:7298 #10 wrap_exceptions_to_status_code<sane_genesys_start(SANE_Handle)::<lambda()> > (func=0x7ffff6a50953 "sane_genesys_start", function=...) at genesys_error.h:165 #11 sane_genesys_start (handle=<optimized out>) at genesys.cc:7296 #12 0x000055555555925f in test_it () at scanimage.c:2800 #13 main (argc=<optimized out>, argv=<optimized out>) at scanimage.c:2800 Can you set breakpoint on get_gamma_table() function and find out value of dev->model->asic_type? Yep, here it is:
Thread 1 "scanimage" hit Breakpoint 1, 0x00007ffff69b1790 in get_gamma_table(Genesys_Device*, Genesys_Sensor const&, int)@plt () from /usr/lib64/sane/libsane-genesys.so.1
[skipped]
Thread 1 "scanimage" hit Breakpoint 1, get_gamma_table (dev=0x55555562cdf0, sensor=..., color=0) at genesys_low.cc:1169
1169 {
(gdb) p dev->model
$4 = (Genesys_Model *) 0x7ffff6a6c500 <canon_lide_110_model>
(gdb) p dev->model->asic_type
$5 = 124
sane-backends-1.0.28-4.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-4e0ac1c8bb sane-backends-1.0.28-4.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report. Ok, it seems size 257 should be used for GL124 too, even when comments by sanei_genesys_send_gamma_table() function in genesys_low.cc say it used by ASICs gl846+... Would you mind trying https://koji.fedoraproject.org/koji/taskinfo?taskID=38503088 ? Build https://koji.fedoraproject.org/koji/taskinfo?taskID=38503088 works fine for me (Canon LiDE 110, scanimage + xsane + simple-scan) I am still getting this crash with 1.0.28-5 on f31. This appears to be a related, but different crash, so I filed another bug. https://bugzilla.redhat.com/show_bug.cgi?id=1774319 |