[sane-devel] sane-backends (eposn2) segfaults pretty much all the time

Johannes Bauer dfnsonfsduifb at gmx.de
Thu Oct 3 09:32:02 UTC 2013 

Hi list,

I have two scanners, one that uses the epson2 backend and a nex ScanSnap
ix500 which uses the fujitsu. For the newer ix500 I needed a fairly
recent version, so I'm currently using git head of sane-backends. This
report concerns 472daf78.

First note: the epson2 backend doesn't compile, because the pedantic
setup forces C90 and mixed declarations and code are C99. Change
concerns backend/epson2-ops.c line 234 where I simply created a new
scope before the declaration/initialization of "int last" until line
256. Then it compiles.

However, it continuously blows up in my face with segfaults:

$ scanimage --resolution 150 --mode Gray
scanimage: output is not a file, exiting
Segmentation fault

$ scanimage --help
Usage: scanimage [OPTION]...

Start image acquisition on a scanner device and write image data to
standard output.
[...]
Options specific to device `epson2:libusb:001:008':
  Scan Mode:
    --mode Lineart|Gray|Color [Lineart]
[...]

Type ``scanimage --help -d DEVICE'' to get list of all options for DEVICE.

List of available devices:
Segmentation fault

This here starts scanning a complete document, actually creates a file,
then outputs some broken debug output (control character is outputted)
and then hangs (never exits):
$ scanimage --resolution 150 --mode Gray >x
[Some weird CTRL char]libusb: 0.000000 warning [libusb_close] internal
signalling read failed, closing anyway
libusb: 0.000019 error [do_close] Device handle closed while transfer
was still being processed, but the device is still connected as far as
we know
libusb: 0.000026 error [do_close] A cancellation hasn't even been
scheduled on the transfer for which the device is closing

After I abort the hang with Ctrl-C, the scanner isn't recognized anymore
and I need to plug it out and into USB again.

Tracing the segfault for this command:
$ /usr/local/bin/scanimage --resolution 150 --mode Gray

yields:

#0  0x00007ffff4bd48c3 in libusb_submit_transfer () from
/usr/lib64/libusb-1.0.so.0
#1  0x00007ffff4bd600f in do_sync_bulk_transfer () from
/usr/lib64/libusb-1.0.so.0
#2  0x00007ffff4bd6384 in libusb_bulk_transfer () from
/usr/lib64/libusb-1.0.so.0
#3  0x00007ffff67fbf66 in usb_bulk_io.isra.1 () from
/usr/lib64/libusb-0.1.so.4
#4  0x00007ffff7bb93ae in sanei_usb_write_bulk (dn=0,
buffer=0x7fffffffb760 "\033Fz\365\377\177", size=0x7fffffffb708) at
sanei_usb.c:2433
#5  0x00007ffff42a3f3e in e2_send (s=0x627580, buf=0x7fffffffb760,
buf_size=2, reply_len=4, status=0x7fffffffb75c) at epson2-io.c:99
#6  0x00007ffff42a522d in esci_request_status (handle=0x627580,
scanner_status=0x0) at epson2-commands.c:394
#7  0x00007ffff429ffc2 in close_scanner (s=0x627580) at epson2.c:365
#8  0x00007ffff42a2214 in sane_epson2_close (handle=0x627580) at
epson2.c:1545
#9  0x00007ffff7bcb234 in sane_dll_close (handle=0x618710) at dll.c:1223
#10 0x0000000000405d6d in scanimage_exit () at scanimage.c:1654
#11 0x00007ffff5445721 in __run_exit_handlers (status=1,
listp=0x7ffff57ad5a8 <__exit_funcs>, run_list_atexit=true) at exit.c:78
#12 0x00007ffff54457a5 in __GI_exit (status=<optimized out>) at exit.c:100
#13 0x0000000000402ad3 in main (argc=<optimized out>,
argv=0x7fffffffd9f8) at scanimage.c:2040

The backtrace with the appropriate code:

(gdb) up
#1  0x00007ffff4bd600f in do_sync_bulk_transfer () from
/usr/lib64/libusb-1.0.so.0
(gdb) up
#2  0x00007ffff4bd6384 in libusb_bulk_transfer () from
/usr/lib64/libusb-1.0.so.0
(gdb) up
#3  0x00007ffff67fbf66 in usb_bulk_io.isra.1 () from
/usr/lib64/libusb-0.1.so.4
(gdb) up
#4  0x00007ffff7bb93ae in sanei_usb_write_bulk (dn=0,
buffer=0x7fffffffb820 "\033Fz\365\377\177", size=0x7fffffffb7c8) at
sanei_usb.c:2433
2433		  write_size = usb_bulk_write (devices[dn].libusb_handle,
(gdb) up
#5  0x00007ffff42a3f3e in e2_send (s=0x627580, buf=0x7fffffffb820,
buf_size=2, reply_len=4, status=0x7fffffffb81c) at epson2-io.c:99
99			*status = sanei_usb_write_bulk(s->fd, buf, &n);
(gdb) up
#6  0x00007ffff42a522d in esci_request_status (handle=0x627580,
scanner_status=0x0) at epson2-commands.c:394
394		e2_send(s, params, 2, 4, &status);
(gdb) up
#7  0x00007ffff429ffc2 in close_scanner (s=0x627580) at epson2.c:365
365			esci_request_status(s, NULL);
(gdb) up
#8  0x00007ffff42a2214 in sane_epson2_close (handle=0x627580) at
epson2.c:1545
1545			close_scanner(s);
(gdb) up
#9  0x00007ffff7bcb234 in sane_dll_close (handle=0x618710) at dll.c:1223
1223	  (*(op_close_t)s->be->op[OP_CLOSE]) (s->handle);
(gdb) up
#10 0x0000000000405d6d in scanimage_exit () at scanimage.c:1654
1654	      sane_close (device);
(gdb) up
#11 0x00007ffff5445721 in __run_exit_handlers (status=1,
listp=0x7ffff57ad5a8 <__exit_funcs>, run_list_atexit=true) at exit.c:78
78		      cxafct (f->func.cxa.arg, status);
(gdb) up
#12 0x00007ffff54457a5 in __GI_exit (status=<optimized out>) at exit.c:100
100	  __run_exit_handlers (status, &__exit_funcs, true);
(gdb) up
#13 0x0000000000402ad3 in main (argc=<optimized out>,
argv=0x7fffffffdab8) at scanimage.c:2040
2040		  exit (1);

If there's anything I could do to further trace this problem, please let
me know. It would be awesome to have a sane backends version that works
with both scanners, not just one or the other :-(

Best regards,
Johannes

More information about the sane-devel mailing list