cups-browsed crashed with SIGSEGV in timeout_free()

This crash has the same stack trace characteristics as bug #1427344. However, the latter was already fixed in an earlier package version than the one in this report. This might be a regression or because the problem is in a dependent package.

StacktraceTop:
 timeout_free (t=0x107f860) at glib-watch.c:206
 connection_data_unref (d=0x10831d0) at ../avahi-common/dbus-watch-glue.c:81
 start_timeout_callback (t=0x107f860) at glib-watch.c:252
 dispatch_func (source=0x1076ec0, callback=<optimized out>, userdata=<optimized out>) at glib-watch.c:331
 g_main_dispatch (context=0x1076dd0) at /build/buildd/glib2.0-2.43.91/./glib/gmain.c:3122

Status changed to 'Confirmed' because the bug affects multiple users.

Tim, I have followed your suggestion in bug 1427344, replacing g_source_destroy() by g_source_remove(), but this seems to have caused this bug. Any further suggestion?

Please everyone suffering this problem, can you attach your /etc/cups/cups-browsed.conf file? Thanks.

Maybe it's an avahi bug? Without symbols it's hard to say.

Tim, he stack traces attached to comment #4, #5, and #6 seem to contain symbols.

I am adding an Avahi task, to check whether it is perhaps really an Avahi problem.

Till, that's a quite hightly ranked issue on e.u.c
https://errors.ubuntu.com/problem/e6a8f46421486ee16eb01db5bd331f69a3292d0c

Could you try to get that moving forward/resolved for vivid?

Status changed to 'Confirmed' because the bug affects multiple users.

I got this errror at boot this morning.

On 16.03.2015 09:51, Tim Waugh wrote:
> Maybe it's an avahi bug? Without symbols it's hard to say.
>

I have changed the use of main loop functions as you told and released
1.0.67. Since then I get many more crashes. See

https://bugs.launchpad.net/ubuntu/+source/cups-filters

I have unlocked all bugs (after auto-generation they are all private) so
that you can read them. Most have symbolic backtraces and there are many
more cups-browsed crashes with 1.0.67 than with 1.0.66.

Did you observe similar things in Red Hat or Fedora?

I am asking you because you originally introduced the main loop and I
never modified anything on the main loop stuff.

    Till

No, I've not seen similar crashes in Red Hat Enterprise Linux or in Fedora.

From the varied reports, I haven't actually seen one that definitely uses the auto-shutdown feature, so I'm not sure the destroy/remove thing is relevant. In fact, with several reports it seems to be with the default configuration, l

It looks more like something is scribbling over memory somewhere. Have you tried using valgrind on it?

Status changed to 'Confirmed' because the bug affects multiple users.

To everyone who observed this crash: Are you able to reproduce the crash? If so, can you try to downgrade cups-browsed and/or libglib2.0-0 to older versions and see with which versions the crash goes away?

This bug was fixed in the package cups-filters - 1.0.67-0ubuntu2

---------------
cups-filters (1.0.67-0ubuntu2) vivid; urgency=medium

  * debian/patches/cups-browsed-fix-numeric-ids-of-gsources.patch:
    cups-browsed: Numeric IDs for GSources of the glib event
    loop must be positive integers greater than zero according
    to the documentation of the g_source_get_id() function.
    Taken care of this at all places.
    Hopefully it fixes the recent crashes of cups-browsed: LP: #1435287,
    LP: #1436733, LP: #1436684, LP: #1431041, LP: #1434321
 -- Till Kamppeter <email address hidden> Thu, 9 Apr 2015 22:40:03 -0300

Thank you Till for the fix. This error no longer appeared on my Xubuntu since my last comment here. Anyway, thanks a lot for your work.

Error tracker: https://errors.ubuntu.com/problem/e6a8f46421486ee16eb01db5bd331f69a3292d0c