Red Hat Bugzilla – Bug 506796
kernel: rastertogutenpr[xxx]: segfault - when printing test page from cups webui
Last modified: 2010-06-28 09:08:08 EDT
Description of problem:
Version-Release number of selected component (if applicable):
$ rpm -qa | grep gutenp
Steps to Reproduce:
2.choose some printer
3.maintainance drop down menu->print test page
stopped "/usr/lib/cups/filter/rastertogutenprint.5.2 failed"
in var log messages:
Jun 18 19:07:20 localhost kernel: rastertogutenpr: segfault at 2a0 ip 0000003f7061918a sp 00007fff00cd4eb0 error 6 in libgutenprint.so.2.0.3[3f70600000+3b000]
test page printed
I don't see this here. Please attach the PPD for the queue you are using (from the /etc/cups/ppd/ directory). Thanks.
thats odd... I've reinstalled gutenprint* packages. It produced:
Installing : gutenprint-cups-5.2.3-5.fc11.x86_64 3/3
Updated /etc/cups/ppd/EPSON_Stylus_Photo_R285.ppd using gutenprint.5.2://escp2-r285/expert
Updated 1 PPD file.Restart cupsd for the changes to take effect.
and I can't reproduce it now.
OK. Please re-open if it happens again.
Re-opened as this has been spotted by a user on the CUPS mailing list as well.
If anyone sees this problem, please attach the PPD file for the queue you are using (from the /etc/cups/ppd/ directory). DON'T UPGRADE OR REINSTALL ANY PACKAGES, as this will change the PPD and the problem will remain unfixed.
I think this bug is x86_64 specific and is caused by prelinker modification of libgcrypt.so.11. If the prelinker is allowed to process
/usr/lib64/libgcrypt.so.11 then you get error 6 crashes from cups components as well as the fips processing for that arch.
A workaround worth trying is to blacklist libgcrypt.so.* in /etc/prelink.conf and to un-prelink that library -- something like prelink -u /usr/lib64/libgcrypt.so.*
I'm not quite certain about the syntax because I'm not anywhere near my 64-bit systems right now.
FWIW: The md5 sum .hmac shipped with the 64-bit libgcrypt is wrong as well. I think it's probably the 32-bit library's sum. Whether that is right or wrong, it's certain that the .hmac file will be wrong once the prelinker modifies the binary, which means fips support will not have a chance of working on x86_64 until the package is repaired.
The prelinker doesn't run immediately upon a reinstall of the problem package, which is probably why it works for "a while" after the reinstall and then suddenly starts getting error 6.
Wei: how did you narrow it down to that?
I have a fully prelinked Fedora 11 x86_64 system here and the filter does *not* crash, so the problem is more subtle. Unfortunately, of course, prelink randomizes addresses so it might be hit and miss whether the bug shows itself.
Note: the filter has also crashed with signal 11 on 32-bit platforms but perhaps that is a different issue.
If you are seeing this problem, please create copies of all of the libraries that rastertogutenprint.5.2 uses, as well as the PPDs for the queues.
Here is how to do that:
ldd /usr/lib/cups/filter/rastertogutenprint.5.2|grep '=> /'|cut -f3 -d' '>libs.txt
tar hjcf libs.tar.bz2 $(cat libs.txt) /etc/cups/ppd
Please attach the libs.tar.bz2 file you get to this bug report using the 'Add an attachment' link further up this page.
I focused in on that because I have a x86_64 machine that I recently upgraded from fc10 to fc11. After the update, I was getting error popups from the kde4 cups system reporting error 6. The cups daemon also failed to start. After some study, and a complete removal and reinstall of everything related to cups, foomatic, gutenprint, etc, I started staring at the system logs...
In the boot and message logs I saw many errors related to libgcrypt from python, cups, gnome-keyring-daemon, and gcrypt-Message. I also saw several messages from prelink. I don't have access to the system from my current location, so this is mostly from notes.
The prelink messages were of the form
prelink segfault at <deleted> error 6 in prelink
The other apps (cupsd, python, gnome-keyring-daemon, gcrypt-Message) had error messages of the form
Libgcrypt notice: stack transition Init => Error
Libgcrypt error: fatal error in file visibility.c, line 1250, function gcry_create_nonce: called in non-operational state@012
Libgcrypt terminated the application
error: integrity checking using '/lib64/.libgcrypt.so.11.hmac' failed: selftest failed
The integrity check error only happens during boot, which is per the libgcrypt design, but the other errors, especially the 'Libgcrypt terminated the application' (error 6 == abort signal received) combined with the prelink and integrity check problem got me thinking about prelink.
So, I did the workaround I suggested above (sorry, btw, the library is in /lib64, not /usr/lib64) and literally every problem went away, the cups daemon started running, as did gnome-keyring-daemon, and the kde cups widget (python). Just to confirm, I went ahead and re-ran prelink without the blacklist workaround, and the problems came back.
I agree that the problem is probably subtle and might not show up on every system. (e.g. my system has no 32-bit rpms installed). I also haven't tried this against the subject filter. I have seen signal 11 hits as well, but none since the mass reinstall and un-prelinking of libgcrypt. So, this might not fix this user's problem, but I think it's worth trying just because its symptoms match the problems I saw.
Whether this fixes the filter or not, I'm certain that prelinking libgcrypt is a mistake, and that the libgcrypt rpm needs a blacklist include added to it along the lines of the one for libfreebl3 and libsoftokn3 (see /etc/prelink.conf.d/nss-prelink.conf found within the nss rpm).
I've filed bug #516549 against libgcrypt asking whether it needs to be blacklisted from prelink.
In the meantime, anyone experiencing this problem: please follow the instructions in comment #8!
CCing prelink maintainer.
This message is a reminder that Fedora 11 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 11. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as WONTFIX if it remains open with a Fedora
'version' of '11'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version'
to a later Fedora version prior to Fedora 11's end of life.
Bug Reporter: Thank you for reporting this issue and we are sorry that
we may not be able to fix it before Fedora 11 is end of life. If you
would still like to see this bug fixed and are able to reproduce it
against a later version of Fedora please change the 'version' of this
bug to the applicable version. If you are unable to change the version,
please add a comment here and someone will do it for you.
Although we aim to fix as many bugs as possible during every release's
lifetime, sometimes those efforts are overtaken by events. Often a
more recent Fedora release includes newer upstream software that fixes
bugs or makes them obsolete.
The process we are following is described here:
Fedora 11 changed to end-of-life (EOL) status on 2010-06-25. Fedora 11 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.
If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version.
Thank you for reporting this bug and we are sorry it could not be fixed.