[cups.development] cups-polld issue and cupsd segfaulting

Maciej (Matchek) Blizinski blizinski at google.com
Wed Sep 2 11:56:04 PDT 2009 

Hi cups-dev,

About July 2009, I noticed an issue with cups-polld (initially in
version 1.3.9) in which polld daemons would start consuming 100% of a
processor and stop otherwise working.

http://www.cups.org/str.php?L3257

I then reproduced the issue with 1.3.11, but I wasn't quick enough and
the issue got closed. I got back to this issue now and did some more
debugging. I compiled an unoptimized binary with symbols under Sun
Studio 12 and ran it under a debugger in the hope that I would be able
to reproduce the polld issue. I did reproduce something, but it looks
like a completely different issue. I don't know whether it's better go
pursue the new issue I'm seeing, or try to debug the original polld
outside the debugger. I'll try to give the new issue a shot.

The main daemon, cupsd, segfaults. Here are all the details I've been
able to collect so far:

Code: cups-1.3.11 tarball
OS: Solaris 10 U6 (free from Sun)
Compiler: Sun Studio 12 (available freely from Sun)

The segfault is reproducible, it happens every time I run cups. The
location is line 446 of mime.c, in function delete_rules(mime_magic_t
*rules).

  while (rules != NULL)
  {
    next = rules->next; /* <-- here */
    (...)
  }

The rules pointer has a value, but the memory address can not be read from:

(dbx) where
  [1] delete_rules(rules = 0x4d2d5355), line 444 in "mime.c"
=>[2] mimeDeleteType(mime = 0x80c2788, mt = 0x8103e40), line 160 in "mime.c"
  [3] cupsdRenamePrinter(p = 0x8185348, name = 0x8045330
"hpduke at cabbage.dub.corp.google.com"), line 1284 in "printers.c"
  [4] process_browse_data(uri = 0x8046480
"ipp://x.x.x.x/printers/hpduke", host = 0x8046080 "y.y.y.y", resource
= 0x8045c80 "/printers/hpduke", type = 16814110U, state =
IPP_PRINTER_IDLE, location = 0x8045a80 "1250 Charleston", info =
0x8045b80 "HP Color Laserjet 3600", make_model = 0x8045980 "HP Color
LaserJet 3600 Foomatic/hpijs (recommended) - HPLIP 0.9.7", num_attrs =
2, attrs = 0x863f2d0), line 1868 in "dirsvc.c"
  [5] update_cups_browse(), line 3747 in "dirsvc.c"
  [6] cupsdDoSelect(timeout = 1), line 655 in "select.c"
  [7] main(argc = 4, argv = 0x8047890), line 829 in "main.c"
(dbx) frame 1
Current function is delete_rules
(dbx) print rules
rules = 0x4d2d5355
(dbx) print *rules
dbx: cannot access address 0x4d2d5355
(dbx) frame 2
Current function is mimeDeleteType
(dbx) print mt
mt = 0x8103e40
(dbx) print *mt
*mt = {
    rules = 0x4d2d5355
    super = "TV-202/1250 Char"
    type  = "leston/105"
}

That's all the information I have at this time. I'm unfamiliar with
cups code, so I can't really guess what the issue might be. I have the
session open in Sun Studio IDE and can interrogate the current (dead)
process some more. I can also offer all the information on how to set
up Sun Studio and reproduce the issue.

The issue I'm really after is the wedged cups-polld (STR 3257), but I
can't reproduce it until I get this segfault sorted out.

What course of action do  you suggest?

Maciej

More information about the cups mailing list