Bug 248929

Please do this as root:

  yum --enablerepo=updates-debuginfo install -y cups-debuginfo
  service cups stop
  gdb --args /usr/sbin/cupsd -f

then at the (gdb) prompt type: run

If/when cupsd crashes you should get a (gdb) prompt again.  In that case, please
enter:

  info locals
  bt

and tell me what it says.  Thanks.

(gdb) run
Starting program: /usr/sbin/cupsd -f
[Thread debugging using libthread_db enabled]
[New Thread -1208313632 (LWP 29649)]

Program received signal SIGPIPE, Broken pipe.
[Switching to Thread -1208313632 (LWP 29649)]
0x008d3402 in __kernel_vsyscall ()
(gdb) info locals
No symbol table info available.
(gdb) bt
#0  0x008d3402 in __kernel_vsyscall ()
#1  0x0032bae8 in writev () from /lib/libc.so.6
#2  0x00139cb6 in dbus_malloc () from /lib/libdbus-1.so.3
#3  0x00139d17 in dbus_malloc () from /lib/libdbus-1.so.3
#4  0x0013192b in dbus_threads_init () from /lib/libdbus-1.so.3
#5  0x00131b81 in dbus_threads_init () from /lib/libdbus-1.so.3
#6  0x0013019c in dbus_threads_init () from /lib/libdbus-1.so.3
#7  0x0011c27d in dbus_connection_set_watch_functions ()
   from /lib/libdbus-1.so.3
#8  0x0011c33a in dbus_connection_set_watch_functions ()
   from /lib/libdbus-1.so.3
#9  0x0011e3d6 in dbus_connection_open () from /lib/libdbus-1.so.3
#10 0x0011e5d7 in dbus_connection_send_preallocated () from /lib/libdbus-1.so.3
#11 0x0011e65a in dbus_connection_send () from /lib/libdbus-1.so.3
#12 0x80046904 in cupsdAddEvent (event=CUPSD_EVENT_PRINTER_DELETED, 
    dest=0x81fdcf18, job=0x0, 
    text=0x8005073c "%s '%s' deleted by directory services (timeout).")
    at subscriptions.c:1372
#13 0x8001e06f in cupsdSendBrowseList () at dirsvc.c:828
#14 0x80020e41 in main (argc=2, argv=0xbfcccf94) at main.c:911
(gdb) 

subscriptions.c:
1372:  dbus_connection_send(con, message, NULL);

Both con and message are valid at that point.

What do these commands say?:

rpm -q dbus
rpm -V cups

[root@brendab ~]# rpm -q dbus
dbus-1.0.1-12.fc6
[root@brendab ~]# rpm -V cups
SM5....T c /etc/cups/classes.conf
S.5....T c /etc/cups/printers.conf

Please install dbus-debuginfo:

  yum --enablerepo=updates-debuginfo install -y cups-debuginfo

Also see if the latest CUPS update has reached your mirror yet (1.2.12):

  yum update 'cups*'

Then try the gdb bit again; hopefully we'll get a useful stack trace from the
dbus code.

FYI:  warning: cups-libs-1.2.12-1.fc6: Header V3 DSA signature: NOKEY, key ID
30c9ecf8

I had to unset "gpgcheck" to get it to install, but it installed fine.  We'll
see if it helps...

Also updated my cups-debuginfo package to match and installed the
dbus-debuginfo.  I'll post results from gdb as soon as it crashes.

Things appear to be working much better.  It hasn't crashed for several hours
now and it was having trouble getting past 10 minutes before.  This is my
(currently) working combination:

[root@brendab ~]# (rpm -qa | grep cups; rpm -qa | grep dbus) | sort
cups-1.2.12-1.fc6
cups-debuginfo-1.2.12-1.fc6
cups-libs-1.2.12-1.fc6
dbus-1.0.1-12.fc6
dbus-debuginfo-1.0.1-12.fc6
dbus-glib-0.70-6.fc6
dbus-python-0.70-6
dbus-x11-1.0.1-12.fc6
hal-cups-utils-0.6.9-1.fc6
libgnomecups-0.2.2-8

The only problem is that the cups-libs update has that key/signature problem so
I have to manually update each workstation here.  Not a big deal, I'd rather do
that than listen to complaints about printing.  LOL

Thanks for your help.

There's been a fixed package pushed today; should hit your local mirror fairly soon.

Another one (different machine -- still fc6 & cups)

(gdb) run
Starting program: /usr/sbin/cupsd -f
[Thread debugging using libthread_db enabled]
[New Thread -1208911648 (LWP 3740)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1208911648 (LWP 3740)]
delete_rules (rules=0x6e6f6974) at mime.c:452
452         if (rules->child != NULL)
(gdb) info locals
next = (mime_magic_t *) 0x2d726574
(gdb) bt
#0  delete_rules (rules=0x6e6f6974) at mime.c:452
#1  0x80048a84 in delete_rules (rules=0x8054acc0) at mime.c:453
#2  0x80048a84 in delete_rules (rules=0x80561788) at mime.c:453
#3  0x800497f6 in mimeDeleteType (mime=0x805403e8, mt=0x8056c6e8) at mime.c:169
#4  0x800430ef in cupsdDeletePrinter (p=0x805dd218, update=1) at printers.c:743
#5  0x8001e0ac in cupsdSendBrowseList () at dirsvc.c:839
#6  0x80020e41 in main (argc=2, argv=0xbff88a54) at main.c:911
(gdb) 



[root@kathyo ~]# (rpm -qa | grep cups; rpm -qa | grep dbus) | sort
cups-1.2.12-1.fc6
cups-debuginfo-1.2.12-1.fc6
cups-libs-1.2.12-1.fc6
dbus-1.0.1-12.fc6
dbus-debuginfo-1.0.1-12.fc6
dbus-glib-0.70-6.fc6
dbus-python-0.70-6
dbus-x11-1.0.1-12.fc6
hal-cups-utils-0.6.9-1.fc6
libgnomecups-0.2.2-8
[root@kathyo ~]# rpm -V cups
SM5....T c /etc/cups/classes.conf
S.5....T c /etc/cups/cupsd.conf
S.5....T c /etc/cups/printers.conf

Same host, this crash looks different:

(gdb) run
Starting program: /usr/sbin/cupsd -f
[Thread debugging using libthread_db enabled]
[New Thread -1208317728 (LWP 2841)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1208317728 (LWP 2841)]
0x001e24f3 in strcasecmp () from /lib/libc.so.6
(gdb) info locals
No symbol table info available.
(gdb) bt
#0  0x001e24f3 in strcasecmp () from /lib/libc.so.6
#1  0x8003e185 in compare_printers (first=0xbfa2d670, second=0x816ee028,
data=0x0) at printers.c:3145
#2  0x00ddcaea in cups_array_find (a=0x816a90d0, e=0xbfa2d670, prev=69,
rdiff=0xbfa2d638) at array.c:905
#3  0x00ddcca7 in cupsArrayFind (a=0x816a90d0, e=0xbfa2d670) at array.c:328
#4  0x8003e603 in cupsdFindDest (name=0xbfa2dba8 "skin_laser") at printers.c:793
#5  0x8001ab77 in process_implicit_classes () at dirsvc.c:2453
#6  0x8001b577 in process_browse_data (uri=0xbfa2f3e8
"ipp://lancel.kendeco.com:631/printers/p9", host=0xbfa2efe8 "lancel.kendeco.com", 
    resource=0xbfa2ebe8 "/printers/p9", type=<value optimized out>,
state=IPP_PRINTER_IDLE, location=0xbfa2fce8 "Location Unknown", 
    info=0xbfa2fde8 "p9", make_model=0xbfa2fbe8 "HP LaserJet 1300
Foomatic/ljet4", num_attrs=7, attrs=0x81737538) at dirsvc.c:2308
#7  0x8001ca00 in cupsdUpdateCUPSBrowse () at dirsvc.c:1512
#8  0x8002171f in main (argc=2, argv=0xbfa34504) at main.c:891
(gdb) 

Another delete_rules:

(gdb) run
Starting program: /usr/sbin/cupsd -f
[Thread debugging using libthread_db enabled]
[New Thread -1208432416 (LWP 2879)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1208432416 (LWP 2879)]
delete_rules (rules=0x7075732d) at mime.c:452
452         if (rules->child != NULL)
(gdb) info locals
next = (mime_magic_t *) 0x75636573
(gdb) bt
#0  delete_rules (rules=0x7075732d) at mime.c:452
#1  0x80048a84 in delete_rules (rules=0x803d5c18) at mime.c:453
#2  0x80048a84 in delete_rules (rules=0x8044d528) at mime.c:453
#3  0x800497f6 in mimeDeleteType (mime=0x803cb3e8, mt=0x803f56e0) at mime.c:169
#4  0x800430ef in cupsdDeletePrinter (p=0x803f5178, update=1) at printers.c:743
#5  0x8001e0ac in cupsdSendBrowseList () at dirsvc.c:839
#6  0x80020e41 in main (argc=2, argv=0xbf8a4374) at main.c:911
(gdb) 

(gdb) info locals
next = (mime_magic_t *) 0x81dbbbe8
(gdb) bt
#0  delete_rules (rules=0x1) at mime.c:452
#1  0x800497f6 in mimeDeleteType (mime=0x81d913e8, mt=0x81dbc158) at mime.c:169
#2  0x800430ef in cupsdDeletePrinter (p=0x81dbbbe8, update=1) at printers.c:743
#3  0x8001e0ac in cupsdSendBrowseList () at dirsvc.c:839
#4  0x80020e41 in main (argc=2, argv=0xbfe48914) at main.c:911
(gdb) 

(gdb) run
Starting program: /usr/sbin/cupsd -f
[Thread debugging using libthread_db enabled]
[New Thread -1208567584 (LWP 3005)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1208567584 (LWP 3005)]
delete_rules (rules=0x7075732d) at mime.c:452
452         if (rules->child != NULL)
(gdb) info locals
next = (mime_magic_t *) 0x75636573
(gdb) bt
#0  delete_rules (rules=0x7075732d) at mime.c:452
#1  0x80048a84 in delete_rules (rules=0x800f6c18) at mime.c:453
#2  0x80048a84 in delete_rules (rules=0x8011be58) at mime.c:453
#3  0x800497f6 in mimeDeleteType (mime=0x800ec3e8, mt=0x8011be30) at mime.c:169
#4  0x800430ef in cupsdDeletePrinter (p=0x8016c728, update=1) at printers.c:743
#5  0x8001e0ac in cupsdSendBrowseList () at dirsvc.c:839
#6  0x80020e41 in main (argc=2, argv=0xbf8c2384) at main.c:911

Please try this:

/sbin/service cups stop
MALLOC_CHECK_=2 cupsd -f

This will run cupsd in the foreground, checking for memory handling problems
(which this seems like it might be).  Let me know how you get on.

Fedora apologizes that these issues have not been resolved yet. We're
sorry it's taken so long for your bug to be properly triaged and acted
on. We appreciate the time you took to report this issue and want to
make sure no important bugs slip through the cracks.

If you're currently running a version of Fedora Core between 1 and 6,
please note that Fedora no longer maintains these releases. We strongly
encourage you to upgrade to a current Fedora release. In order to
refocus our efforts as a project we are flagging all of the open bugs
for releases which are no longer maintained and closing them.
http://fedoraproject.org/wiki/LifeCycle/EOL

If this bug is still open against Fedora Core 1 through 6, thirty days
from now, it will be closed 'WONTFIX'. If you can reporduce this bug in
the latest Fedora version, please change to the respective version. If
you are unable to do this, please add a comment to this bug requesting
the change.

Thanks for your help, and we apologize again that we haven't handled
these issues to this point.

The process we are following is outlined here:
http://fedoraproject.org/wiki/BugZappers/F9CleanUp

We will be following the process here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping to ensure this
doesn't happen again.

And if you'd like to join the bug triage team to help make things
better, check out http://fedoraproject.org/wiki/BugZappers

This bug is open for a Fedora version that is no longer maintained and
will not be fixed by Fedora. Therefore we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen thus bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.