Bug#886777: crashes with Mustek scanner which worked before
Hello On Tue, 3 Jul 2018 20:57:46 +0200 "W. Martin Borgert" wrote: > Any more ideas? The workaround with the Jessie chroot is OK, but.. ;~) A way to get more information would be to install the debug information packages and let simple-scan run by gdb [1]. [1] https://wiki.debian.org/HowToGetABacktrace I suggest these steps: - Add "deb http://debug.mirrors.debian.org/debian-debug/ testing-debug main" to your sources.list - apt update - apt install gdb simple-scan-dbgsym libsane-dbgsym As regular user then: - gdb -q --args simple-scan - cont When the stack smashing happens: - bt - detach - q Also I tried to instect a simple-scan process without having the actual scanner. I gues the problem is inside function Mustek_DMAWrite: 0x7fffb6db7f40: Mustek_DMAWrite: 354 } // 0x7fffb6db7f3b :callq 0x7fffb6dabf70 <__stack_chk_fail@plt> 0x7fffb6db8bf5: Asic_Open:2444: status = Mustek_DMAWrite (chip, 64, (SANE_Byte *) (temps)); 0x7fffb6dbcfe0: MustScanner_PowerControl: 298: if (STATUS_GOOD != Asic_Open (&g_chip, g_pDeviceFile)) 0x7fffb6dbfeba: sane_mustek_usb2_open: 565: return MustScanner_PowerControl (isLampOn, isTALampOn); Unfortunately the "stack smashing" is just detected when leaving the function, so the actual problem was somewhere between entering Mustek_DMAWrite and leaving. So if one does not fear gdb and wants to debug that following sequence could lead to the exact location where the stack smashing detection bytes get overwritten: (gdb) print Mustek_DMAWrite $6 = {STATUS (unsigned int, SANE_Byte *, PAsic)} 0x7fffb6db7da0 # use function address from above (gdb) b *(0x7fffb6db7da0+36) Breakpoint 5 at 0x7fffb6db7dc4: file mustek_usb2_asic.c, line 304. (gdb) cont (gdb) print/x $rsp+0x18 $4 = 0x7fffe3c8 # use memory location from above (gdb) watch *0x7fffe3c8 Hardware watchpoint 2: *0x7fffe3c8 (gdb) cont Continuing. # possibly the watchpoint triggers Hardware watchpoint 2: *0x7fffe3c8 Old value = 1953463552 New value = 1953463807 ... # that should show the problematic stack (gdb) bt (gdb) disassemble Mustek_DMAWrite Dump of assembler code for function Mustek_DMAWrite: ... 0x7fffb6db7db6 <+22>:mov%fs:0x28,%rax # "magic" value loaded to register 0x7fffb6db7dbf <+31>:mov%rax,0x18(%rsp)# and stored from register to some memory after local variables 0x7fffb6db7dc4 <+36>:xor%eax,%eax ... # do some useful work ... 0x7fffb6db7e80 <+224>: xor%fs:0x28,%rcx # compare "magic" to the memory we stored above 0x7fffb6db7e89 <+233>: mov%r15d,%eax 0x7fffb6db7e8c <+236>: jne0x7fffb6db7f3b# if it changed we jump to +411 -> stack smashing detected 0x7fffb6db7e92 <+242>: add$0x28,%rsp # or if unchanged all is ok -> safe to continue 0x7fffb6db7e96 <+246>: pop%rbx 0x7fffb6db7e97 <+247>: pop%rbp 0x7fffb6db7e98 <+248>: pop%r12 0x7fffb6db7e9a <+250>: pop%r13 0x7fffb6db7e9c <+252>: pop%r14 0x7fffb6db7e9e <+254>: pop%r15 0x7fffb6db7ea0 <+256>: retq ... 0x7fffb6db7f3b <+411>: callq 0x7fffb6dabf70 <__stack_chk_fail@plt> End of assembler dump. Kind regards, Bernhard 7f38806a-7f38806c7000 r-xp fd:01 13110586 /usr/lib/x86_64-linux-gnu/sane/libsane-mustek_usb2.so.1.0.25 *** stack smashing detected ***: simple-scan terminated === Backtrace: = /usr/lib/x86_64-linux-gnu/sane/libsane-mustek_usb2.so.1(+0xef40)[0x7f38806aef40] /usr/lib/x86_64-linux-gnu/sane/libsane-mustek_usb2.so.1(+0xfbf5)[0x7f38806afbf5] /usr/lib/x86_64-linux-gnu/sane/libsane-mustek_usb2.so.1(+0x13fe0)[0x7f38806b3fe0] /usr/lib/x86_64-linux-gnu/sane/libsane-mustek_usb2.so.1(sane_mustek_usb2_open+0x35a)[0x7f38806b6eba] 0x7f38806b6eba == sane_mustek_usb2_open+0x35a -> sane_mustek_usb2_open == 0x7F38806B6B60 -> offset 0x16B60 # # # # 0x7fffb6db7f40: Mustek_DMAWrite: 354 } // 0x7fffb6db7f3b :callq 0x7fffb6dabf70 <__stack_chk_fail@plt> 0x7fffb6db8bf5: Asic_Open:2444: status = Mustek_DMAWrite (chip, 64, (SANE_Byte *) (temps)); 0x7fffb6dbcfe0: MustScanner_PowerControl: 298: if (STATUS_GOOD != Asic_Open (&g_chip, g_pDeviceFile)) 0x7fffb6dbfeba: sane_mustek_usb2_open: 565: return MustScanner_PowerControl (isLampOn, isTALampOn); # # # # nano /etc/apt/sources.list.d/buster.list deb http://debug.mirrors.debian.org/de
Bug#886777: crashes with Mustek scanner which worked before
On 2018-01-11 10:08, W. Martin Borgert wrote: > I can try an older kernel, but because it works in jessie, I > assume something purely user space, right? Same exception with Linux 3.16.0-6-amd64 #1 SMP Debian 3.16.56-1+deb8u1 (2018-05-08) x86_64 GNU/Linux Any more ideas? The workaround with the Jessie chroot is OK, but.. ;~)
Bug#886777: crashes with Mustek scanner which worked before
Control: tag -1 - moreinfo > Do you have update the kernel after the last successful scan? I can use simple-scan in a jessie chroot, just not in stretch (other chroot) or buster ("native"). I.e. same (buster) kernel: Linux 4.14.0-2-amd64 #1 SMP Debian 4.14.7-1 (2017-12-22) x86_64 GNU/Linux I can try an older kernel, but because it works in jessie, I assume something purely user space, right? Cheers signature.asc Description: PGP signature
Bug#886777: crashes with Mustek scanner which worked before
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 tags 886777 + moreinfo thanks Hello Martin, thank you for spending your time helping to make Debian better with this bug report. Do you have update the kernel after the last successful scan? If yes please can you test with the old kernel? Many thanks. CU Jörg - -- New: GPG Fingerprint: 63E0 075F C8D4 3ABB 35AB 30EE 09F8 9F3C 8CA1 D25D GPG key (long) : 09F89F3C8CA1D25D GPG Key: 8CA1D25D CAcert Key S/N : 0E:D4:56 Old pgp Key: BE581B6E (revoked since 2014-12-31). Jörg Frings-Fürst D-54470 Lieser Threema: SYR8SJXB Wire: @joergfringsfuerst Skype:joergpenguin Ring: jff Telegram: @joergfringsfuerst IRC: j_...@freenode.net j_...@oftc.net My wish list: - Please send me a picture from the nature at your home. -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEY+AHX8jUOrs1qzDuCfifPIyh0l0FAlpW/aQACgkQCfifPIyh 0l2o5xAA1hnKQL37zIIc5uTT34lPV1J+XzrlV0mFafrsR7lf8/uP7ng5LRdX4oqT 7Skuhm8lxZ8PQq6KobH+oIgr/wMbSc6A7Mjhu3gaSh4aZd0vDjfE44YBDXO2hXNI bn0kWz1lrsb2AgpmSthC6z6ZnYbIBVp6hBe8lnuR5ZPrkrw7DEGn2cvjdPXkG+Ho BQQG6jy+Kn6Ee1aL3/dY+Y3JFA+LYuk1T2tjbWKyHiBuZfhp8xOBgCV37MSfN3Qf edyhu90EUk4Q0XQzx28FmtX6G2EEnNDaU5cDYNQ19jX/I6Ws8CrehIzAZkYZrwGP gDxkDq3I5zeHDl1T5R0mNXmHS5LvIlaeN7xcsoSvnp+Uas9aYn0MUu4FSMziNz6D 09c6y3VpbX+kz402bia6oML57lEtXBnOUxSaUY4jibI+V86ua+MWdgSuoI5YibtZ V6ItSWC36RxT2/cA+jrDRSf6hshglSluSQx81ib4LHyLRIkoYMQph09JCv20UwxK u9ijwnFVWvXFhJ1yX2nySYdb7rHYob9kKTehk5OPyavV54ot49kLH91KbhQEYXTt EkKjUlcUrp1zi/V0xyZTTqmjKkInJafmXoE01pwlvB6gBjeGsd8E5f52SPH6DJ9u Jqv/nVS2CVcEKSiLZmmhNVIHua4YqlTNMUrXUd3mc68VF51Qruc= =Q3Uo -END PGP SIGNATURE-
Bug#886777: crashes with Mustek scanner which worked before
Package: sane Version: 1.0.14-12 Severity: important Unfortunately, I cannot scan anymore, neither with simple-scan nor from Gimp. Both give similar error messages. Last successful scan was on stretch, so it is not the version of sane that is broken, but maybe bad interaction with glibc SSP. $ lsusb Bus 004 Device 006: ID 055f:0409 Mustek Systems, Inc. BearPaw 2448 TA Pro $ simple-scan (simple-scan:24462): Gtk-WARNING **: Failed to register client: GDBus.Error:org.freedesktop.DBus.Error.UnknownMethod: Method "RegisterClient" with signature "ss" on interface "org.xfce.Session.Manager" doesn't exist *** stack smashing detected ***: simple-scan terminated === Backtrace: = /lib/x86_64-linux-gnu/libc.so.6(+0x722fb)[0x7f38a37e42fb] /lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7f38a386f947] /lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x0)[0x7f38a386f910] /usr/lib/x86_64-linux-gnu/sane/libsane-mustek_usb2.so.1(+0xef40)[0x7f38806aef40] /usr/lib/x86_64-linux-gnu/sane/libsane-mustek_usb2.so.1(+0xfbf5)[0x7f38806afbf5] /usr/lib/x86_64-linux-gnu/sane/libsane-mustek_usb2.so.1(+0x13fe0)[0x7f38806b3fe0] /usr/lib/x86_64-linux-gnu/sane/libsane-mustek_usb2.so.1(sane_mustek_usb2_open+0x35a)[0x7f38806b6eba] /usr/lib/x86_64-linux-gnu/libsane.so.1(sane_dll_open+0xf6)[0x7f38a3f99b16] simple-scan(+0x34143)[0x55be05b24143] /lib/x86_64-linux-gnu/libglib-2.0.so.0(+0x72635)[0x7f38a5d6b635] /lib/x86_64-linux-gnu/libpthread.so.0(+0x7519)[0x7f38a3357519] /lib/x86_64-linux-gnu/libc.so.6(clone+0x3f)[0x7f38a385ea4f] === Memory map: 55be05af-55be05b4f000 r-xp fd:01 12588957 /usr/bin/simple-scan 55be05d4f000-55be05d52000 r--p 0005f000 fd:01 12588957 /usr/bin/simple-scan 55be05d52000-55be05d53000 rw-p 00062000 fd:01 12588957 /usr/bin/simple-scan 55be06305000-55be06919000 rw-p 00:00 0 [heap] 7f387000-7f3870021000 rw-p 00:00 0 7f3870021000-7f387400 ---p 00:00 0 7f3874fb2000-7f3874fb3000 ---p 00:00 0 7f3874fb3000-7f38757b3000 rw-p 00:00 0 7f38757b3000-7f38757c2000 r-xp fd:01 13110634 /usr/lib/x86_64-linux-gnu/sane/libsane-net.so.1.0.25 7f38757c2000-7f38759c1000 ---p f000 fd:01 13110634 /usr/lib/x86_64-linux-gnu/sane/libsane-net.so.1.0.25 7f38759c1000-7f38759c2000 r--p e000 fd:01 13110634 /usr/lib/x86_64-linux-gnu/sane/libsane-net.so.1.0.25 7f38759c2000-7f38759c3000 rw-p f000 fd:01 13110634 /usr/lib/x86_64-linux-gnu/sane/libsane-net.so.1.0.25 7f38759c3000-7f38759d r-xp fd:01 13107747 /usr/lib/x86_64-linux-gnu/sane/libsane-abaton.so.1.0.25 7f38759d-7f3875bd ---p d000 fd:01 13107747 /usr/lib/x86_64-linux-gnu/sane/libsane-abaton.so.1.0.25 7f3875bd-7f3875bd1000 r--p d000 fd:01 13107747 /usr/lib/x86_64-linux-gnu/sane/libsane-abaton.so.1.0.25 7f3875bd1000-7f3875bd2000 rw-p e000 fd:01 13107747 /usr/lib/x86_64-linux-gnu/sane/libsane-abaton.so.1.0.25 7f3875bd2000-7f3875be2000 r-xp fd:01 13107910 /usr/lib/x86_64-linux-gnu/sane/libsane-agfafocus.so.1.0.25 7f3875be2000-7f3875de1000 ---p 0001 fd:01 13107910 /usr/lib/x86_64-linux-gnu/sane/libsane-agfafocus.so.1.0.25 7f3875de1000-7f3875de2000 r--p f000 fd:01 13107910 /usr/lib/x86_64-linux-gnu/sane/libsane-agfafocus.so.1.0.25 7f3875de2000-7f3875de3000 rw-p 0001 fd:01 13107910 /usr/lib/x86_64-linux-gnu/sane/libsane-agfafocus.so.1.0.25 7f3875de3000-7f3875df3000 r-xp fd:01 13108298 /usr/lib/x86_64-linux-gnu/sane/libsane-apple.so.1.0.25 7f3875df3000-7f3875ff3000 ---p 0001 fd:01 13108298 /usr/lib/x86_64-linux-gnu/sane/libsane-apple.so.1.0.25 7f3875ff3000-7f3875ff4000 r--p 0001 fd:01 13108298 /usr/lib/x86_64-linux-gnu/sane/libsane-apple.so.1.0.25 7f3875ff4000-7f3875ff5000 rw-p 00011000 fd:01 13108298 /usr/lib/x86_64-linux-gnu/sane/libsane-apple.so.1.0.25 7f3875ff5000-7f387602 r-xp fd:01 13109694 /usr/lib/x86_64-linux-gnu/sane/libsane-avision.so.1.0.25 7f387602-7f387622 ---p 0002b000 fd:01 13109694 /usr/lib/x86_64-linux-gnu/sane/libsane-avision.so.1.0.25 7f387622-7f3876221000 r--p 0002b000 fd:01 13109694 /usr/lib/x86_64-linux-gnu/sane/libsane-avision.so.1.0.25 7f3876221000-7f3876223000 rw-p 0002c000 fd:01 13109694 /usr/lib/x86_64-linux-gnu/sane/libsane-avision.so.1.0.25 7f3876223000-7f3876226000 rw-p 00:00 0 7f3876226000-7f387623a000 r-xp fd:01 13109407 /usr/lib/x86_64-linux-gnu/sane/libsane-artec.so.1.0.25 7f387623a000-7f3876439000 ---p 00014000 fd:01 13109407 /usr/lib/x86_64-l