Red Hat Bugzilla – Bug 125973
XDrawImageString16 sometimes crashes the X server with the nv driver
Last modified: 2007-11-30 17:10:44 EST
Description of problem: I have an nVidia GeForce 4 MX video card. Using the "nv" X11 driver, I get a repeatable X server crash (signal 11) when using XEmacs 21.5 (current CVS) + Gnus, using the steps specified below. I compiled a vanilla 2.6.6 kernel, and installed nVidia's proprietary drive. Now it sometimes works, sometimes gets the same segfault, and sometimes locks up the X server, all using the same recipe to reproduce. I used GDB in a TTY to attach to the XEmacs process prior to inducing the crash, and ran XEmacs with -synchronous. Doing so revealed that the crash or lockup is occurring immediately after XEmacs makes a call to XDrawImageString16 in order to draw the separator between the Summary window and the Article window in Gnus. Since the X server has no debug symbols, I have no way of knowing what it thinks it is doing. The end of /var/log/Xorg.0.log always looks like this right after the crash: (II) XINPUT: Adding extended input device "Mouse0" (type: MOUSE) (II) Mouse0: ps2EnableDataReporting: succeeded SetClientVersion: 0 8 *** If unresolved symbols were reported above, they might not *** be the reason for the server aborting. Fatal server error: Caught signal 11. Server aborting Please consult the The X.Org Foundation support at http://wiki.X.Org for help. Please also check the log file at "/var/log/Xorg.0.log" for additional information. The "SetClientVersion" line is the last one in the log in the case of a lockup. Version-Release number of selected component (if applicable): xorg-x11-6.7.0-2 kernel-2.6.6-1.427 XEmacs 21.5 (current CVS) Gnus 5.10.6 (XEmacs package version 1.80) How reproducible: Get a machine with an nVidia GeForce 4 MX video card, compile XEmacs 21.5 from CVS, install the Gnus package, and try to read mail or news. Steps to Reproduce: 1. Start XEmacs 21.5 2. Start Gnus (with M-x gnus or from the toolbar) 3. Select a news or mail group to read 4. Observe a server segfault (or lockup using nVidia's driver) Actual results: X server segfault or lockup Expected results: No X server segfault or lockup Additional info:
In order to investigate this, we'll need you to first attach your X server log, config file and /var/log/messages from the time of system boot onward, as uncompressed file attachments using the bugzilla file attachment link below. Please also include the output of "lsmod". Thanks in advance.
I upgraded to xorg-x11-6.7.0-5 just before receiving your message, and now I cannot provoke the crash anymore. Whether it has been fixed or gone Heisenberg, I cannot say. If you would like to investigate further, I will downgrade and produce the information you requested. Otherwise, from my point of view, X11 is now working correctly.
Created attachment 101815 [details] X server log
Apparently it went Heisenberg. Over the weekend, I managed to trigger the crash on 2 different machines. I am attaching the requested files from one of those 2 machines. I am willing to build the X server with debug symbols to help track this down. However, I will need information on how to successfully attach a debugger to the X server, or get it to dump core when it segfaults.
Created attachment 101816 [details] X configuration file
Created attachment 101817 [details] lsmod output
Created attachment 101818 [details] /var/log/messages
gdb is incapable of debugging a running modular X server. You have to recompile a static X server in order to debug it, or use a hacked gdb. I've got a hacked gdb source and binaries on my ftp space on people.redhat.com but it only works on older OS releases. xf86Msg() is another mechanism that can be used to debug, although it is rather painful. Your system appears to be using SELinux, which is highly experimental currently and not yet recommended for everyday usage. Please disable selinux by putting "selinux=0" in your kernel commandline, and see if the problems still occur. Also, your system has the proprietary Nvidia drivers installed on it which are interfering with proper X server operation of the "nv" driver: (EE) Failed to initialize GLX extension (NVIDIA XFree86 driver not found) In order to resolve that issue, you will have to uninstall the proprietary driver, and reinstall the xorg-x11 package that comes with the OS, in order to restore the Xorg supplied libglx which Nvidia's driver installation deletes, along with the libGL that comes with the OS. Please update with your results, and a new X server log file once you've reinstalled the OS supplied files, and we'll review the results. Thanks in advance.
Yes, I am experimenting with SELinux here, but I have no problem turning it off while trying to debug the X problem. As I mentioned in the original report, I tried the nVidia drivers to see if they made the problem go away. I thought I had uninstalled them, but obviously muffed that step. They are all the way gone now. I have discovered that the crash only occurs when I try to enter a mail folder where some of the message subjects have non-ASCII characters. In practical terms, this means I only crash when entering my spam folder. I do not yet know whether all non-ASCII characters cause the crash or only some of them. With SELinux off and nVidia really gone, I reproduced the crash this morning. I will attach the new X server log file and /var/log/messages.
Created attachment 101902 [details] X server log
Created attachment 101903 [details] /var/log/messages
Created attachment 102684 [details] spam that crashes X I'm seeing this as well, fully patched FC2 on Radeon 8500 with standard driver. Opening the attached spam message in mozilla 1.7.2 causes the X server to crash.
Created attachment 109473 [details] Spam that crashes X server I have a complete (i.e., all packages installed) FC3 installation, updated as of this morning, 7 Jan 2005. Opening the attached spam email with XEmacs 21.5 + Gnus (current CVS of both) crashes the X server. The nv driver appears to be absolved of blame; I get the crash on another FC3 machine with a different video card. Note that this spam has Big5 encoded From and Subject headers, and that the crash occurs when Gnus tries to draw the Summary buffer; i.e., it is only drawing the From and Subject lines, and NOT the message body when the crash occurs.
The problem lies with at least one of the fonts in the ttfonts-zh_TW RPM (I have ttfonts-zh_TW-2.11-28 installed on my FC3 machines). Here are the steps to reproduce. 1. Start up xfontsel. 2. Choose foundry "arphic technology co.". Note that window corruption has already started. It will get worse. 3. Choose family "ar pl kaitim big5". 4. Choose registry "iso10646". 5. At this point, the X server segfaults. Note that ftlint finds no problems with the font file, which is /usr/share/fonts/zh_TW/TrueType/bkai00mp.ttf.
The crash using xfontsel can be provoked on Fedora Core 3 as well, so I am changing the bug header accordingly. Also note that the font in question can be viewed successfully with ftview.
Soeren recently fixed a very similar bug to this, and I think this might be a duplicate bug with a different font triggering it. Please test xorg-x11-6.8.2 from rawhide, and let us know if it fixes the problem.
I installed xorg-x11-6.8.2 from rawhide. The xfontsel recipe still crashes the X server.
Please report this problem to X.Org developers also by filing a bug report in the X.org bugzilla located at http://bugs.freedesktop.org in the "xorg" component. This will maximize the number of developers who are aware of the problem, and increase the chances of it being resolved sooner. Once you've filed your bug report to X.Org, if you paste the new bug URL here, Red Hat will continue to track the issue in the centralized X.Org bug tracker, and will review any bug fixes that become available for consideration in future updates. Setting status to "NEEDINFO", and awaiting uptream bug report URL. Thanks in advance.
https://bugs.freedesktop.org/show_bug.cgi?id=3061
James: While reviewing this today, we discovered that the fix that was checked into rawhide which we believed should fix this for you, did not end up getting built until March 10th due to some build failures. You indicated on the 7th that rawhide did not solve the problem, which makes sense now as the fix was in CVS but not actually in rawhide. Could you please try updating to xorg-x11-6.8.2-22 or later from rawhide, which has the patch I had referred to before. This would be helpful in diagnosing this, as we still believe this patch should likely resolve the issue. If not, we'll have to explore other possibilities. Sorry for any confusion.
I installed xorg-x11-6.8.2-25 from rawhide. I can no longer provoke the crash. Thank you very much!
Good news! Thanks for the feedback! Setting status to "RAWHIDE"