Bug 203994 - cupsd dies when printing
Summary: cupsd dies when printing
Alias: None
Product: Fedora
Classification: Fedora
Component: cups   
(Show other bugs)
Version: rawhide
Hardware: x86_64
OS: Linux
Target Milestone: ---
Assignee: Tim Waugh
QA Contact:
Depends On:
Blocks: FC6Target
TreeView+ depends on / blocked
Reported: 2006-08-24 21:24 UTC by Horst H. von Brand
Modified: 2007-11-30 22:11 UTC (History)
2 users (show)

Fixed In Version: 1.2.2-17
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-08-27 09:47:42 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Horst H. von Brand 2006-08-24 21:24:09 UTC
Description of problem:
Started cups, then tried to print:

  lpr /tmp/template.pdf

cupsd dies, lpr says "unknown". This hasn'r changed form the last official
rwahide package (-14, IIRC)

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. lpr /tmp/template.pdf
Actual results:
  lpr: Unknown

Dead cupsd. /varLog/messages gets:
 Aug 24 17:27:03 quelen kernel: cupsd[11916]: segfault at 0000000000000000 rip
00002aaaac9c4f92 rsp 00007fff6ad80278 error 4

Expected results:

Additional info:

Comment 1 Alan Shutko 2006-08-24 23:16:47 UTC
I'm actually seeing the same thing, also on x86_64.  selinux is disabled.  Core
dump shows

Core was generated by `cupsd -f'.
Program terminated with signal 11, Segmentation fault.
#0  0x00002aaaac73f610 in context_range_get () from /lib64/libselinux.so.1
(gdb) bt
#0  0x00002aaaac73f610 in context_range_get () from /lib64/libselinux.so.1
#1  0x000055555558e815 in main () from /usr/sbin/cupsd

Comment 2 Andy Green 2006-08-25 07:49:33 UTC
Same here on i386 SMP

Comment 3 Tim Waugh 2006-08-25 08:59:20 UTC
Could you please install the corresponding cups-debuginfo package and try gdb
again?  Thanks.

Comment 4 Andy Green 2006-08-25 09:52:09 UTC
# gdb --args cupsd -f
(gdb) run
Starting program: /usr/sbin/cupsd -f
[Thread debugging using libthread_db enabled]
[New Thread -1208838448 (LWP 15711)]
(tried to print page from Acrobat)
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1208838448 (LWP 15711)]
0x00599f8a in strcmp () from /lib/libc.so.6
(gdb) bt
#0  0x00599f8a in strcmp () from /lib/libc.so.6
#1  0x00d2ba01 in add_job (con=0x8dee098, uri=0x8debd90, dprinter=0xbfc4b180,
filetype=0x8db9358) at ipp.c:1658
#2  0x00d2d368 in print_job (con=0x8dee098, uri=0x8debd90) at ipp.c:7127
#3  0x00d2fbe6 in cupsdProcessIPPRequest (con=0x8dee098) at ipp.c:470
#4  0x00d0e12b in cupsdReadClient (con=0x8dee098) at client.c:1917
#5  0x00d1d1de in main (argc=2, argv=0xbfc5a6e4) at main.c:938

Comment 5 Tim Waugh 2006-08-25 10:12:10 UTC
Thanks.  Now what does it say if, at that last (gdb) prompt, you enter 'up' and
then 'info locals'?

Comment 6 Tim Waugh 2006-08-25 10:16:03 UTC
Actually, never mind, I think I know what this is.

I'm just about to upload 1.2.2-17 to
http://people.redhat.com/twaugh/tmp/cups-devel -- could you please try that? 

Comment 7 Andy Green 2006-08-25 10:28:30 UTC
Yes that fixes it, thanks a lot :-D

FWIW here are the locals anyway

(gdb) up
#1  0x00d2ba01 in add_job (con=0x8dee098, uri=0x8debd90, dprinter=0xbfc4b180,
filetype=0x8db9358) at ipp.c:1658
1658          if ((strcmp(userheader, Classification) == 0)
(gdb) info locals
uuid = "urn:uuid:2d9196ef-e1e2-3c08-4c61-c04f8991a7d6\000com:631:54", '\0'
<repeats 883 times>,
attr = <value optimized out>
md5state = {count = {1024, 0}, abcd = {4019622189, 144499425, 1338007820,
  buf = '\0' <repeats 56 times>, "�001\000\000\000\000\000"}
md5sum = "-\221\226��234\b\fa�\211\221�
status = <value optimized out>
attr = (ipp_attribute_t *) 0x8debe88
dest = 0x8dbef10 "printer2"
dtype = 0
val = <value optimized out>
priority = <value optimized out>
title = 0x8debe30 "Acro000r6pOYn"
job = (cupsd_job_t *) 0x8df17e8
job_uri = "exec \n          dup /$F`Uf\000Ç«Ä¿XUf\000 notXQf\000    h \000\000X
\000\000p du\000\000\000\000ngth exch maxlength eq \n          { pop userdict
dup /$FXQf\000ct kk\000\000\000 not\n   \004\000\000\000   { 100 dic�f\000
Qf\000T \000\000�027�b\a`Y\000�027�b\000\000\000\000T
method = "ipp\000mdict /internaldict get exec \n       /FlxProc known {save
true} {false} ifelse\n    } \n   {\n      userdict /internaldict known not \n  
     \000\003u8ĿI{�000آ�brdict /internaldict HV�b       {�001�000     "...
username = "\0001.2
L2 W2 vm op crd os scsa T h ef bg ucr SF EF r b fa pr seps ttf hb EF t2 irt
host =
'\0' <repeats 11 times>, "H
Qf\000�027�b\bĿ`CY\000 Qf\000�027�b�a�000\000\000\000\027�b�&\000\f�\0000Ŀ�...
resource = "/printers/printer2", '\0' <repeats 37 times>,
Qf\000T \000\000�027�b\a`Y\000�027�b\000\000\000\000T
port = 631
printer = (cupsd_printer_t *) 0x8dbea08
kbytes = <value optimized out>
i = <value optimized out>
argv = {0x0, 0x0, 0x0}
envp = {0x0, 0xbfc496f0 "", 0x0, 0x0, 0xbfc49684 "", 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0xbfc497d0 "", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
  0xffffffff <Address 0xffffffff out of bounds>, 0x1f <Address 0x1f out of
bounds>, 0xd5199b "", 0xd51995 "%c %s ", 0xbfc49684 "",
  0x1 <Address 0x1 out of bounds>, 0x2 <Address 0x2 out of bounds>, 0x0 <repeats
15 times>, 0x20 <Address 0x20 out of bounds>, 0x0, 0x0, 0x0,
  0x73000000 <Address 0x73000000 out of bounds>, 0x1c <Address 0x1c out of
bounds>, 0x0 <repeats 32 times>,
  0xffffffff <Address 0xffffffff out of bounds>, 0x0, 0xbfc4b880 "y\031�,
0xd51999 "s ", 0x0 <repeats 16 times>}
audit_message = <value optimized out>
buffer = '\0' <repeats 1023 times>
acstatus = 0
acpid = 0
printerfile = <value optimized out>
---Type <return> to continue, or q <return> to quit---
userheader = 0x8dc6df8 "none"
userfooter = 0x8dc6e50 "none"
override = <value optimized out>

Comment 8 Tim Waugh 2006-08-25 10:35:59 UTC
Great, thanks for testing.

Alan Shutko, your stack trace is entirely different:

#0  0x00002aaaac73f610 in context_range_get () from /lib64/libselinux.so.1
#1  0x000055555558e815 in main () from /usr/sbin/cupsd

Could you please do the same thing (see comment #3) to get a stack trace with

Comment 9 Tim Waugh 2006-08-25 11:39:37 UTC
In fact, Alan, can you confirm what 'rpm -q cups' says in the first instance? 
Are you running 1.2.2-16 or something earlier?

Comment 10 Alan Shutko 2006-08-26 20:11:26 UTC
Hmmm... sorry, I upgraded and got 1.2.2-17 before checking this.  But you'll be
glad to know that -17 fixes my problem as well!

Note You need to log in before you can comment on or make changes to this bug.