segfault in 1.3.1 after inserting USB cable
scanbd is a scanner button daemon looking for scanner button pressed
Brought to you by:
wimalopaan
Menu
▾
▴
#2 segfault in 1.3.1 after inserting USB cable
I get a segfault for 1.3.1 when starting scanbd first and only inserting the scanner USB cable afterwards.
$ scanbd -f
scanbd: Can't set the effective gid to 157
scanbd: Can't set the effective uid to 113
scanbd: dbus match type='signal',interface='org.freedesktop.Hal.Manager'
scanbd: Not Primary Owner (-1)
scanbd: Name Error (Connection ":1.130" is not allowed to own the service "de.kmux.scanbd.server" due to security policies in the configuration file)
Segmentation fault (core dumped)
Related
Please try trunk now. And please make sure not to disable debug code, so please check, that no compiler flags -DNDEBUG is set during compilation.
Please give me the versions of all nss... oder libnss.. packages installed.
I recompiled r219 now.
"grep -i debug ~/pbuilder/trusty_result/scanbd_1.4.4-1rl1_i386.build" is empty. So, as far as I can tell -DNDEBUG isn't set. Not sure if that is the silent default for Ubuntu compilations, though. The log didn't really change, so I'll skip attaching it.
$ dpkg -l libnss|grep ^ii
ii libnss-mdns:i386 0.10-6 i386 NSS module for Multicast DNS name resolution
ii libnss-myhostname:i386 0.3-6 i386 nss module providing fallback resolution for the current hostname
ii libnss-winbind:i386 2:4.1.6+dfsg-1ubuntu2.14.04.13 i386 Samba nameservice integration plugins
ii libnss3:i386 2:3.21-0ubuntu0.14.04.2 i386 Network Security Service libraries
ii libnss3-1d:i386 2:3.21-0ubuntu0.14.04.2 i386 Network Security Service libraries - transitional package
ii libnss3-nssdb 2:3.21-0ubuntu0.14.04.2 all Network Security Security libraries - shared databases
If the logs didn't change, we get a segfault in the call of sane_exit() and therein in some function of libnss it seems. Strange! Please make sure you got the right logs. Look at this sequence:
Mar 24 13:37:11 localhost scanbd: /usr/sbin/scanbd: new devive
Mar 24 13:37:11 localhost scanbd: /usr/sbin/scanbd: udev device type: usb_device
Mar 24 13:37:11 localhost scanbd: /usr/sbin/scanbd: udev device action: add
Mar 24 13:37:11 localhost scanbd: /usr/sbin/scanbd: dbus_signal_device_added
Mar 24 13:37:11 localhost scanbd: /usr/sbin/scanbd: stop_sane_threads
Mar 24 13:37:11 localhost scanbd: /usr/sbin/scanbd: sane_exit
<--------- (here should be more messages perhaps)
Mar 24 13:37:11 localhost kernel: [ 6457.045076] scanbd[1861]: segfault at b714f442 ip b714f442 sp b7140320 error 14 in libnss_files-2.19.so[b7213000+b000]
$ dpkg-buildflags
CFLAGS=-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security
CPPFLAGS=-D_FORTIFY_SOURCE=2
CXXFLAGS=-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security
FFLAGS=-g -O2 -fstack-protector --param=ssp-buffer-size=4
GCJFLAGS=-g -O2 -fstack-protector --param=ssp-buffer-size=4
LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro
Good, so we don't miss any assertion failures.
Issue still present with the latest upgrade to ubuntu 16.10. Here is the journalctl log around the time of the crash (12:50:21). I have fujitsu fi-6130.
Oct 16 12:50:14 knopfler scanbd[17891]: /usr/sbin/scanbd: Can't read value of page-loaded: Error during device I/O
Oct 16 12:50:15 knopfler kernel: usb 2-1.4: USB disconnect, device number 6
Oct 16 12:50:15 knopfler fwupd[3056]: g_object_unref: assertion 'G_IS_OBJECT (object)' failed
Oct 16 12:50:18 knopfler kernel: usb 2-1.4: new high-speed USB device number 7 using ehci-pci
Oct 16 12:50:18 knopfler kernel: usb 2-1.4: New USB device found, idVendor=04c5, idProduct=114f
Oct 16 12:50:18 knopfler kernel: usb 2-1.4: New USB device strings: Mfr=0, Product=0, SerialNumber=0
Oct 16 12:50:21 knopfler kernel: scanbd[17892]: segfault at 7f55b66886db ip 00007f55b66886db sp 00007f55b6677d90 error 14 in libnss_files-2.24.so[7f55b6dae000+b000]
Oct 16 12:50:21 knopfler systemd[2251]: Starting Notification regarding a crash report...
Oct 16 12:50:22 knopfler update-notifier-crash[18042]: scanbd
Oct 16 12:50:22 knopfler system-crash-no[18048]: GtkDialog mapped without a transient parent. This is discouraged.
Oct 16 12:50:22 knopfler systemd[1]: scanbd.service: Main process exited, code=killed, status=11/SEGV
Oct 16 12:50:22 knopfler systemd[1]: scanbd.service: Unit entered failed state.
Oct 16 12:50:22 knopfler systemd[1]: scanbd.service: Failed with result 'signal'.
Oct 16 12:50:23 knopfler systemd[2251]: update-notifier-crash.service: Main process exited, code=exited, status=1/FAILURE
Oct 16 12:50:23 knopfler systemd[2251]: Failed to start Notification regarding a crash report.
Oct 16 12:50:23 knopfler systemd[2251]: update-notifier-crash.service: Unit entered failed state.
Oct 16 12:50:23 knopfler systemd[2251]: update-notifier-crash.service: Failed with result 'exit-code'.
I had the same problem with scanbd SEGV on me when connecting or disconnecting a scanner.
The problems seems to be the call to sane_exit() in dbus.c in dbus_signal_device_removed or dbus_signal_device_added. I believe that there is a race condition somewhere. It seems to me that some thread is trying to access resources related to the sane shared libraries that are unloaded by sane_exit. If this happens before the call to sane_init() a bit later in the function then things go wrong.
The question I have asked myself is if the call to sane_exit() is really necessary in the device add and remove functions. I tested removing the call to sane_exit() and the SEGV went away. I am just not sure which side effects this will produce. Everything seems to work. But I have not done extensive testing!
This is for version 1.4.4 downloaded from sourceforge compiled on ubuntu 16.04 LTS.
Anyone interested I can supply more details.
Christoph
It should be fixed now in the repository (Committed revision 223).
Tried 1.4.6. Still segfault'ing on me.
Have you checked on a possible problem with calling sane_exit() in dbus.c
when other threads might still be relying on shared libs being there that
have been unloaded by sane_exit().
I haven't seen any changes to those parts of the code.
Christoph.
Related
Tickets:
#2Now I inserted some brute force test code into trunk. Please give it a try, since on my system I can't trigger the error.
Still the same...
./scanbd: debug on: level: 7
./scanbd: dropping privs to uid saned
./scanbd: dropping privs to gid scanner
./scanbd: group scanner has member:
./scanbd: chris
./scanbd: drop privileges to gid: 109
./scanbd: Running as effective gid 109
./scanbd: drop privileges to uid: 108
./scanbd: Running as effective uid 108
./scanbd: dbus_init
./scanbd: dbus match type='signal',interface='org.freedesktop.Hal.Manager'
./scanbd: SANE_CONFIG_DIR not set
./scanbd: sane version 1.0
./scanbd: Scanning for local-only devices
./scanbd: start_sane_threads
./scanbd: start dbus thread
./scanbd: udev init
./scanbd: get udev monitor
./scanbd: udev fd is non-blocking, now setting to blocking mode
./scanbd: start udev thread
./scanbd: timeout: 500 ms
./scanbd: udev thread started
./scanbd: Iteration on dbus call
./scanbd: Iteration on dbus call
./scanbd: Iteration on dbus call
./scanbd: Iteration on dbus call
./scanbd: Iteration on dbus call
./scanbd: new devive
./scanbd: udev device type: usb_device
./scanbd: udev device action: add
./scanbd: dbus_signal_device_added
./scanbd: stop_sane_threads
./scanbd: sane_exit
./scanbd: Iteration on dbus call
Segmentation fault (core dumped)
Anything I can do to help identifying the root cause?
Christoph
Related
Tickets:
#2... next try please
Here we go... same same :(
./scanbd: debug on: level: 7
./scanbd: dropping privs to uid saned
./scanbd: dropping privs to gid scanner
./scanbd: group scanner has member:
./scanbd: chris
./scanbd: drop privileges to gid: 109
./scanbd: Running as effective gid 109
./scanbd: drop privileges to uid: 108
./scanbd: Running as effective uid 108
./scanbd: dbus_init
./scanbd: dbus match type='signal',interface='org.freedesktop.Hal.Manager'
./scanbd: SANE_CONFIG_DIR not set
./scanbd: sane version 1.0
./scanbd: Scanning for local-only devices
./scanbd: start_sane_threads
./scanbd: no devices, not starting any polling thread
./scanbd: start dbus thread
./scanbd: udev init
./scanbd: get udev monitor
./scanbd: udev fd is non-blocking, now setting to blocking mode
./scanbd: start udev thread
./scanbd: udev thread started
./scanbd: timeout: 500 ms
./scanbd: Iteration on dbus call
./scanbd: Iteration on dbus call
./scanbd: Iteration on dbus call
./scanbd: Iteration on dbus call
./scanbd: Iteration on dbus call
./scanbd: Iteration on dbus call
./scanbd: new devive
./scanbd: udev device type: usb_device
./scanbd: udev device action: add
./scanbd: dbus_signal_device_added
./scanbd: stop_sane_threads
./scanbd: stop_sane_threads: nothing to stop
./scanbd: sane_exit
./scanbd: Iteration on dbus call
Segmentation fault (core dumped)
Christoph
Now I think wie hit this debian bug:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813273
There is now a test program under src/test. Please compile and run this test while inserting/removing devices. It should crash ;-(
I tested this now on ubuntu-16.10 and get a crash too (and therefore with scanbd also).
Looks like a severe libsane bug ...
I put a workaround for this libsane-bug into place. Looks like it makes the SEGV disappear on my Ubuntu VM. Please test ...!
reopened
Well, its embarassing ...
But I checked the code and found an additional issue, that might be related here. Will fix that in the next few days ...
I tested this now on ubuntu-16.10 and get a crash too (and therefore with scanbd also). Looks like a bug to me fix it
Last edit: Tatereal 2025-06-04
1.4.4 builds fine in Debian unstable but fails to build in Ubuntu
Last edit: aenam 2025-12-26
want to keep this build separate from the official version that was installed on my computer originally. How do I do accomplish this? please reply
Last edit: carrillo 2025-10-02
Hey Debian 1.4.4-1 is released so people on Debian should be able to test for this problem more easily now. I have tried same for minecraft apk ultima versión
Last edit: aenam 2025-12-26