This happens only in mock tool (and in Koji). It does not happen in a virtual machine. The test crashes like this:

# perl -Iblib/{lib,arch} t/options.t 
ok 1 - use Image::Sane;
ok 2 - get_version
file airscan-wsdd.c: line 1696 (wsdd_cleanup): assertion failed: (ll_empty(&wsdd_finding_list))
Aborted (core dumped)

While it should continue like this:

$ perl -Iblib/{lib,arch} t/options.t
ok 1 - use Image::Sane;
ok 2 - get_version
ok 3 - get_devices
[...]

I suspect a new mock behavior regarding a network isolation (e.g. getaddrinfo() started to return EAI_AGAIN instead of EAI_NONAME|EAI_NODATA) that manifests in the new airscan driver.

strace output:
[...]
openat(AT_FDCWD, "/etc/sane.d/airscan.d/", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory)
[...]
socket(AF_NETLINK, SOCK_RAW|SOCK_CLOEXEC, NETLINK_ROUTE) = 137
bind(137, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 0
getsockname(137, {sa_family=AF_NETLINK, nl_pid=-1837056385, nl_groups=00000000}, [12]) = 0
sendto(137, {{len=20, type=RTM_GETLINK, flags=NLM_F_REQUEST|NLM_F_DUMP, seq=1597070627, pid=0}, {ifi_family=AF_UNSPEC, ...}}, 20, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 20
[...]
recvmsg(137, {msg_name={sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, msg_namelen=12, msg_iov=[{iov_base={{len=72, type=RTM_NEWADDR, flags=NLM_F_MULTI, seq=1597070628, pid=2457910911}, {ifa_family=AF_INET6, ifa_prefixlen=128, ifa_flags=IFA_F_PERMANENT, ifa_scope=RT_SCOPE_HOST, ifa_index=if_nametoindex("lo")}, [{{nla_len=20, nla_type=IFA_ADDRESS}, inet_pton(AF_INET6, "::1")}, {{nla_len=20, nla_type=IFA_CACHEINFO}, {ifa_prefered=4294967295, ifa_valid=4294967295, cstamp=2491564, tstamp=2491564}}, {{nla_len=8, nla_type=IFA_FLAGS}, IFA_F_PERMANENT}]}, iov_len=4096}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 72
recvmsg(137, {msg_name={sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, msg_namelen=12, msg_iov=[{iov_base={{len=20, type=NLMSG_DONE, flags=NLM_F_MULTI, seq=1597070628, pid=2457910911}, 0}, iov_len=4096}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 20
close(137)                              = 0
write(134, "W", 1)                      = 1
getresuid([0], [0], [0])                = 0
getresgid([0], [0], [0])                = 0
socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0) = 137
connect(137, {sa_family=AF_UNIX, sun_path="/run/dbus/system_bus_socket"}, 29) = -1 ENOENT (No such file or directory)
close(137)                              = 0
write(134, "W", 1)                      = 1
write(1, "file airscan-wsdd.c: line 1696 (wsdd_cleanup): assertion failed: (ll_empty(&wsdd_finding_list))\n", 96file airscan-wsdd.c: line 1696 (wsdd_cleanup): assertion failed: (ll_empty(&wsdd_finding_list))
) = 96
rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1], [], 8) = 0
getpid()                                = 432
gettid()                                = 432
tgkill(432, 432, SIGABRT)               = 0

If I comment out the driver name in /etc/sane.d/dll.d/airscan, the crash disappear. Reassigning to sane-airscan.
I will try to come up with a Perl-free reproducer.

The Perl t/options.t test calls:

const SANE_Device **    device_list;
sane_get_devices (&device_list, 0);

I checked sane_get_devices() in backend/dll.c that the only thing it does with the first argument is assigning to the dereferenced pointer. Thus perl-Sane-Image uses the interface correctly.

I can reproduce the crash with a scanimage tool of sane-backends:

# scanimage 
Output format is not set, using pnm as a default.
Segmentation fault (core dumped)

I hope this reproducer is good enough for you.

Hi Petr,

thanks for the reproducer, I'm now able to reproduce with following steps:

$ mock -r fedora-33-x86_64 init
$ mock -r fedora-33-x86_64 install sane-backends
$ mock -r fedora-33-x86_64 install sane-backends-drivers-scanners
$ mock -r fedora-33-x86_64 shell
<mock-chroot> sh-5.0# scanimage
Output format is not set, using pnm as a default.
Segmentation fault (core dumped)

I'll try the latest version, if it helps.

Created attachment 1711079 [details]
Patch proposed upstream

In sane_init() airscan backend was calling sane_exit(), which is linked to sane_exit() function from sane-backends library, not to sane_exit() from airscan.

I checked pixma backend how they handle errors within sane_init() - it just returns error code and let the application cleanup after itself.

If I update airscan to reflect the pixma behavior, it works again without segfault.

Petr,

would you mind testing the scratch build:

https://koji.fedoraproject.org/koji/taskinfo?taskID=49078080

if it works with perl-Image-Sane?

Thank you for the quick fix. I confirm it fixes the problem for me and I can build perl-Image-Sane again.

This bug appears to have been reported against 'rawhide' during the Fedora 33 development cycle.
Changing version to 33.

Petr,

sorry for a delay, I'm talking with upstream about the proper fix here https://github.com/alexpevzner/sane-airscan/pull/61 . 

I hope I will be able to rebuild sane-airscan with final patch today.

Created attachment 1711304 [details]
Upstream patch

FEDORA-2020-841f4ce8df has been submitted as an update to Fedora 32. https://bodhi.fedoraproject.org/updates/FEDORA-2020-841f4ce8df

FEDORA-2020-841f4ce8df has been submitted as an update to Fedora 32. https://bodhi.fedoraproject.org/updates/FEDORA-2020-841f4ce8df

FEDORA-2020-841f4ce8df has been pushed to the Fedora 32 testing repository.
In short time you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-841f4ce8df`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-841f4ce8df

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

FEDORA-2020-841f4ce8df has been pushed to the Fedora 32 stable repository.
If problem still persists, please make note of it in this bug report.