Re: cupsd in free(): modified chunk-pointer, abort trap, core dumped

Sat, 09 Nov 2019 09:03:55 -0800 

On Sat, Nov 09, 2019 at 04:20:28PM +0000, Mikolaj Kucharski wrote:
> Hi,
> 
> # pkg_info -qI cups
> cups-2.3.0p1
> 
> # sysctl -n kern.version
> OpenBSD 6.6-current (GENERIC.MP) #442: Sat Nov  9 01:36:23 MST 2019
>     dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> 
> # /usr/local/sbin/cupsd -f -c /etc/cups/cupsd.conf -s 
> /etc/cups/cups-files.conf
> cupsd(45462) in free(): modified chunk-pointer 0x126598f470c4
> Abort trap (core dumped)
> 
> Does anyone seen this by a chance? I hit this when I navigate CUPS web
> UI -> Printers -> Modify Printer and then I get conn refused in browser,
> cupsd is gone in process list and when I run it in the forground I see
> above abort and core dump.
> 
> I need to rebuild it with debug symbols, but wanted to start a thread to
> get feedback does anyone else had a chance to trigger this condition.

Repro on my end is:

- start /usr/local/sbin/cupsd -f -c /etc/cups/cupsd.conf -s 
/etc/cups/cups-files.conf
- open http://localhost:631/
- navigate to Printers
- select printer from the list, in my case is 
http://localhost:631/printers/Samsung-M2070
- from left Maintenance drop down menu, select Print Test Page
- printer is printing test page (in my case, driver is wrong, so it doesn't 
print correctly)
- then navigate in right Administration drop down menu, select Modify Printer
- cupsd dumps core

# grep -ve '^[[:blank:]]*$' -e '^[[:blank:]]*#' /etc/cups/cupsd.conf
LogLevel debug
PageLogFormat
Listen localhost:631
Listen /var/run/cups/cups.sock
Browsing On
BrowseLocalProtocols dnssd
DefaultAuthType Basic
WebInterface Yes
ErrorPolicy abort-job
<Location />
  Order allow,deny
</Location>
<Location /admin>
  Order allow,deny
</Location>
<Location /admin/conf>
  AuthType Default
  Require user @SYSTEM
  Order allow,deny
</Location>
<Location /admin/log>
  AuthType Default
  Require user @SYSTEM
  Order allow,deny
</Location>
<Policy default>
  JobPrivateAccess default
  JobPrivateValues default
  SubscriptionPrivateAccess default
  SubscriptionPrivateValues default
  <Limit Create-Job Print-Job Print-URI Validate-Job>
    Order deny,allow
  </Limit>
  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs 
Set-Job-Attributes Create-Job-Subscription Renew-Subscription 
Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job 
Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job 
CUPS-Get-Document>
    Require user @OWNER @SYSTEM
    Order deny,allow
  </Limit>
  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class 
CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
  </Limit>
  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer 
Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs 
Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer 
Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs 
CUPS-Reject-Jobs>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
  </Limit>
  <Limit Cancel-Job CUPS-Authenticate-Job>
    Require user @OWNER @SYSTEM
    Order deny,allow
  </Limit>
  <Limit All>
    Order deny,allow
  </Limit>
</Policy>
<Policy authenticated>
  JobPrivateAccess default
  JobPrivateValues default
  SubscriptionPrivateAccess default
  SubscriptionPrivateValues default
  <Limit Create-Job Print-Job Print-URI Validate-Job>
    AuthType Default
    Order deny,allow
  </Limit>
  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs 
Set-Job-Attributes Create-Job-Subscription Renew-Subscription 
Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job 
Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job 
CUPS-Get-Document>
    AuthType Default
    Require user @OWNER @SYSTEM
    Order deny,allow
  </Limit>
  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class 
CUPS-Delete-Class CUPS-Set-Default>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
  </Limit>
  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer 
Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs 
Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer 
Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs 
CUPS-Reject-Jobs>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
  </Limit>
  <Limit Cancel-Job CUPS-Authenticate-Job>
    AuthType Default
    Require user @OWNER @SYSTEM
    Order deny,allow
  </Limit>
  <Limit All>
    Order deny,allow
  </Limit>
</Policy>
<Policy kerberos>
  JobPrivateAccess default
  JobPrivateValues default
  SubscriptionPrivateAccess default
  SubscriptionPrivateValues default
  <Limit Create-Job Print-Job Print-URI Validate-Job>
    AuthType Negotiate
    Order deny,allow
  </Limit>
  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs 
Set-Job-Attributes Create-Job-Subscription Renew-Subscription 
Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job 
Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job 
CUPS-Get-Document>
    AuthType Negotiate
    Require user @OWNER @SYSTEM
    Order deny,allow
  </Limit>
  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class 
CUPS-Delete-Class CUPS-Set-Default>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
  </Limit>
  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer 
Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs 
Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer 
Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs 
CUPS-Reject-Jobs>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
  </Limit>
  <Limit Cancel-Job CUPS-Authenticate-Job>
    AuthType Negotiate
    Require user @OWNER @SYSTEM
    Order deny,allow
  </Limit>
  <Limit All>
    Order deny,allow
  </Limit>
</Policy>


# grep -ve '^[[:blank:]]*$' -e '^[[:blank:]]*#' /etc/cups/cups-files.conf
SystemGroup wheel
AccessLog /var/log/cups/access_log
ErrorLog /var/log/cups/error_log
PageLog /var/log/cups/page_log


Here is the diff between my config and dist config:

# diff -u /etc/cups/cupsd.conf.dist /etc/cups/cupsd.conf
--- /etc/cups/cupsd.conf.dist  Sat Nov  9 11:28:25 2019
+++ /etc/cups/cupsd.conf        Sat Nov  9 12:33:15 2019
@@ -1,11 +1,6 @@
-#
-# Configuration file for the CUPS scheduler.  See "man cupsd.conf" for a
-# complete description of this file.
-#
+# /etc/cups/cupsd.conf
 
-# Log general information in error_log - change "warn" to "debug"
-# for troubleshooting...
-LogLevel warn
+LogLevel debug
 PageLogFormat
 
 # Only listen for connections from the local machine.
@@ -21,6 +16,8 @@
 
 # Web interface setting...
 WebInterface Yes
+
+ErrorPolicy abort-job
 
 # Restrict access to the server...
 <Location />


(gdb) bt full
#0  thrkill () at -:3
No locals.
#1  0x000005bf1d8e649e in _libc_abort () at /usr/src/lib/libc/stdlib/abort.c:51
        mask = 4294967263
        sa = <optimized out>
#2  0x000005bf1d8c6df6 in wrterror (d=0x5bf66e42ad0, msg=0x5bf1d8a21a1 
"modified chunk-pointer %p")
    at /usr/src/lib/libc/stdlib/malloc.c:300
        ap = {{gp_offset = 24, fp_offset = 48, overflow_arg_area = 
0x7f7ffffbfb40, reg_save_area = 0x7f7ffffbfa40}}
        saved_errno = 0
#3  0x000005bf1d8ca17c in find_chunknum (d=0x0, info=<optimized out>, ptr=0x0, 
check=1) at /usr/src/lib/libc/stdlib/malloc.c:1067
        chunknum = <optimized out>
#4  0x000005bf1d8c73d4 in ofree (argpool=0x7f7ffffbfbc0, p=0x5bf22209a44, 
clear=0, check=<optimized out>, argsz=0)
    at /usr/src/lib/libc/stdlib/malloc.c:1431
        info = 0x6
        pool = 0x5bf66e42ad0
        saved_function = 0x5bef1df5be0 '\337' <repeats 32 times>, "Stapler Near 
Limit"
        r = 0x0
        sz = <optimized out>
#5  0x000005bf1d8c7040 in free (ptr=0x5bf22209a44) at 
/usr/src/lib/libc/stdlib/malloc.c:1488
        saved_errno = 0
        d = 0x5bf66e42ad0
#6  0x000005bf35cfc083 in ipp_free_values (attr=0x5bf6011d540, element=0, 
count=1) at ipp.c:6324
        i = 1
        value = 0x5bf6011d560
#7  0x000005bf35cfbdcd in ippDelete (ipp=0x5bf0f335100) at ipp.c:1755
        attr = 0x5bf6011d540
        next = 0x5bf4935b3c0
#8  0x000005bc9997852e in cupsdWriteClient (con=0x5bf6012b000) at client.c:2563
        bytes = 0
        field_col = -1345501440
        bufptr = 0x5bf7ee228a0 "\f"
        bufend = 0x5bf35cd09ba <cupsArrayNext+90> 
"H\211E\360H\213E\360H\203\304\030A[]L3\034$L;\035\024\207\b"
        ipp_state = IPP_STATE_DATA
#9  0x000005bc999cc1b6 in cupsdDoSelect (timeout=1) at select.c:438
        nfds = 1
        fdptr = 0x5bf7ee228a0
        i = 1
        event = 0x5bf4935c000
        ktimeout = {tv_sec = 1, tv_nsec = 0}
#10 0x000005bc9998ad96 in main (argc=6, argv=0x7f7ffffc0688) at main.c:845
        i = 6
        opt = 0x7f7ffffc07c3 ""
        close_all = 0
        disconnect = 0
        fg = 1
        run_as_child = 0
        print_profile = 0
        fds = 1
        con = 0x0
        job = 0x0
        lis = 0x5bf1d8f38ba <_libc___cxa_atexit+362>
        current_time = 1573317791
        activity = 1573316891
        senddoc_time = 1573317785
        expire_time = 1573317791
        report_time = 1573317765
        event_time = 1573317791
        timeout = 1
        limit = {rlim_cur = 1024, rlim_max = 1024}
        action = {__sigaction_u = {__sa_handler = 0x5bc9998bd30 
<sigterm_handler>,
            __sa_sigaction = 0x5bc9998bd30 <sigterm_handler>}, sa_mask = 
540672, sa_flags = 0}
        netif_time = 1573317765
(gdb)


-- 
Regards,
 Mikolaj

Reply via email to