Hello, I had a closer look to the core dump. The backtrace shows as follows:
(gdb) bt #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51 #1 0x00007fd5463d62f1 in __GI_abort () at abort.c:79 #2 0x00007fd546417867 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7fd546521273 "%s\n") at ../sysdeps/posix/libc_fatal.c:181 #3 0x00007fd54641de0a in malloc_printerr (str=str@entry=0x7fd546522b90 "munmap_chunk(): invalid pointer") at malloc.c:5350 #4 0x00007fd54641e36c in munmap_chunk (p=<optimized out>) at malloc.c:2846 #5 0x0000564d381c7c86 in main (argc=1, argv=0x7ffd86f7cd88) at utils/cups-browsed.c:8814 (gdb) print DomainSocket $1 = 0x564d381dd409 "/var/run/cups/cups.sock" The lines in main function: utils/cups-browsed.c 8467 #ifdef CUPS_DEFAULT_DOMAINSOCKET 8468 if (DomainSocket == NULL) 8469 DomainSocket = CUPS_DEFAULT_DOMAINSOCKET; ... 8813 if (DomainSocket != NULL) 8814 free(DomainSocket); 8815 8816 return ret; Looks like CUPS_DEFAULT_DOMAINSOCKET is defined in ./config.h: #define CUPS_DEFAULT_DOMAINSOCKET "/var/run/cups/cups.sock" Therefore I assume we try to free the memory of a string literal, that has to fail. This looks like introduced in commit "Fixing covscan issues" [1]. Could not yet find an upstream bug report for this issue in [2]. A workaround could be to explicitly configure DomainSocket in /etc/cups/cups-browsed.conf. Kind regards, Bernhard [1] https://github.com/OpenPrinting/cups-filters/commit/fc6a67dfbfc7346e80bd48a0d6ddc858afcabcdf https://github.com/OpenPrinting/cups-filters/pull/53 [2] https://github.com/OpenPrinting/cups-filters/issues
apt install devscripts dpkg-dev gdb lz4 cups-browsed-dbgsym mc mkdir cups-browsed/orig -p cd cups-browsed/orig apt source cups-browsed cd ../.. mkdir cups cd cups wget "https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=907399;filename=core.cups-browsed.0.92be2c80dd62445a8f63c2f29311ef3d.10180.1535612401000000.lz4;msg=38" -O core.cups-browsed.0.92be2c80dd62445a8f63c2f29311ef3d.10180.1535612401000000.lz4 unlz4 -k core.cups-browsed.0.92be2c80dd62445a8f63c2f29311ef3d.10180.1535612401000000.lz4 gdb -q /usr/sbin/cups-browsed --core core.cups-browsed.0.92be2c80dd62445a8f63c2f29311ef3d.10180.1535612401000000 set height 0 set width 0 set pagination off directory /home/benutzer/cups-browsed/orig/cups-filters-1.21.1 benutzer@debian:~/cups$ gdb -q /usr/sbin/cups-browsed --core core.cups-browsed.0.92be2c80dd62445a8f63c2f29311ef3d.10180.1535612401000000 Reading symbols from /usr/sbin/cups-browsed...Reading symbols from /usr/lib/debug/.build-id/92/11537d40281e41394b4b4fc46a118c5997dfaa.debug...done. done. [New LWP 10180] [New LWP 10181] [New LWP 10182] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Core was generated by `/usr/sbin/cups-browsed'. Program terminated with signal SIGABRT, Aborted. #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51 51 ../sysdeps/unix/sysv/linux/raise.c: Datei oder Verzeichnis nicht gefunden. [Current thread is 1 (Thread 0x7fd542fdeb00 (LWP 10180))] (gdb) set height 0 (gdb) set width 0 (gdb) set pagination off (gdb) directory /home/benutzer/cups-browsed/orig/cups-filters-1.21.1 Source directories searched: /home/benutzer/cups-browsed/orig/cups-filters-1.21.1:$cdir:$cwd (gdb) bt full #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51 set = {__val = {0, 11966690534043898880, 4, 281470681751424, 206158430232, 140726867839760, 30072307974, 14973365004415290, 21482373383, 206983541050, 14973365004415290, 47252308229, 124570895468, 588410521149, 90201587969, 7310017498960785199}} pid = <optimized out> tid = <optimized out> ret = <optimized out> #1 0x00007fd5463d62f1 in __GI_abort () at abort.c:79 save_stage = 1 act = {__sigaction_handler = {sa_handler = 0x0, sa_sigaction = 0x0}, sa_mask = {__val = {0, 0, 0, 0, 64, 38654705664, 7, 144, 94889677680712, 176, 2065, 18446744073709551536, 2, 214748364809, 140726867839568, 140726867839856}}, sa_flags = -2030581168, sa_restorer = 0x1000} sigs = {__val = {32, 0 <repeats 15 times>}} #2 0x00007fd546417867 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7fd546521273 "%s\n") at ../sysdeps/posix/libc_fatal.c:181 ap = {{gp_offset = 24, fp_offset = 0, overflow_arg_area = 0x7ffd86f7cb80, reg_save_area = 0x7ffd86f7cb10}} fd = <optimized out> list = <optimized out> nlist = <optimized out> cp = <optimized out> written = <optimized out> #3 0x00007fd54641de0a in malloc_printerr (str=str@entry=0x7fd546522b90 "munmap_chunk(): invalid pointer") at malloc.c:5350 No locals. #4 0x00007fd54641e36c in munmap_chunk (p=<optimized out>) at malloc.c:2846 size = <optimized out> __PRETTY_FUNCTION__ = "munmap_chunk" block = <optimized out> total_size = <optimized out> #5 0x0000564d381c7c86 in main (argc=1, argv=0x7ffd86f7cd88) at utils/cups-browsed.c:8814 ret = 0 http = <optimized out> i = <optimized out> val = <optimized out> p = <optimized out> proxy = <optimized out> error = 0x0 subscription_id = 2365 action = {__sigaction_handler = {sa_handler = 0x564d381cc360 <sigusr2_handler>, sa_sigaction = 0x564d381cc360 <sigusr2_handler>}, sa_mask = {__val = {2048, 0 <repeats 15 times>}}, sa_flags = 0, sa_restorer = 0x0} (gdb) bt #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51 #1 0x00007fd5463d62f1 in __GI_abort () at abort.c:79 #2 0x00007fd546417867 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7fd546521273 "%s\n") at ../sysdeps/posix/libc_fatal.c:181 #3 0x00007fd54641de0a in malloc_printerr (str=str@entry=0x7fd546522b90 "munmap_chunk(): invalid pointer") at malloc.c:5350 #4 0x00007fd54641e36c in munmap_chunk (p=<optimized out>) at malloc.c:2846 #5 0x0000564d381c7c86 in main (argc=1, argv=0x7ffd86f7cd88) at utils/cups-browsed.c:8814 (gdb) up #5 0x0000564d381c7c86 in main (argc=1, argv=0x7ffd86f7cd88) at utils/cups-browsed.c:8814 8814 free(DomainSocket); (gdb) print DomainSocket $1 = 0x564d381dd409 "/var/run/cups/cups.sock" 384 static char *DomainSocket = NULL; 8457 /* Point to selected CUPS server or domain socket via the CUPS_SERVER 8458 environment variable or DomainSocket configuration file option. 8459 Default to localhost:631 (and not to CUPS default to override 8460 client.conf files as cups-browsed works only with a local CUPS 8461 daemon, not with remote ones. */ 8462 if (getenv("CUPS_SERVER") != NULL) { 8463 strncpy(local_server_str, getenv("CUPS_SERVER"), sizeof(local_server_str)); 8464 if (strlen(getenv("CUPS_SERVER")) > 1023) 8465 local_server_str[1023] = '\0'; 8466 } else { 8467 #ifdef CUPS_DEFAULT_DOMAINSOCKET 8468 if (DomainSocket == NULL) 8469 DomainSocket = CUPS_DEFAULT_DOMAINSOCKET; 8470 #endif 8471 if (DomainSocket != NULL) { 8472 struct stat sockinfo; /* Domain socket information */ 8473 if (strcasecmp(DomainSocket, "None") != 0 && 8474 strcasecmp(DomainSocket, "Off") != 0 && 8475 !stat(DomainSocket, &sockinfo) && 8476 (sockinfo.st_mode & S_IROTH) != 0 && 8477 (sockinfo.st_mode & S_IWOTH) != 0) 8478 strncpy(local_server_str, DomainSocket, sizeof(local_server_str)); 8479 else 8480 strncpy(local_server_str, "localhost:631", sizeof(local_server_str)); 8481 } else 8482 strncpy(local_server_str, "localhost:631", sizeof(local_server_str)); 8483 setenv("CUPS_SERVER", local_server_str, 1); 8484 } 8736 fail: 8813 if (DomainSocket != NULL) 8814 free(DomainSocket); 8815 8816 return ret; ./config.h:#define CUPS_DEFAULT_DOMAINSOCKET "/var/run/cups/cups.sock" Looks like introduced here: Fixing covscan issues https://github.com/OpenPrinting/cups-filters/commit/fc6a67dfbfc7346e80bd48a0d6ddc858afcabcdf