Description of problem: # gdb Xvfb core.22745 GNU gdb Fedora (6.8-12.fc9) Copyright (C) 2008 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i386-redhat-linux-gnu"... warning: Can't read pathname for load map: Input/output error. Reading symbols from /usr/lib/libXfont.so.1...done. Loaded symbols for /usr/lib/libXfont.so.1 Reading symbols from /usr/lib/libXau.so.6...done. Loaded symbols for /usr/lib/libXau.so.6 Reading symbols from /usr/lib/libfontenc.so.1...done. Loaded symbols for /usr/lib/libfontenc.so.1 Reading symbols from /usr/lib/libpixman-1.so.0...done. Loaded symbols for /usr/lib/libpixman-1.so.0 Reading symbols from /usr/lib/libhal.so.1...done. Loaded symbols for /usr/lib/libhal.so.1 Reading symbols from /lib/libdbus-1.so.3...done. Loaded symbols for /lib/libdbus-1.so.3 Reading symbols from /usr/lib/libXdmcp.so.6...done. Loaded symbols for /usr/lib/libXdmcp.so.6 Reading symbols from /lib/libcrypto.so.7...done. Loaded symbols for /lib/libcrypto.so.7 Reading symbols from /lib/libaudit.so.0...done. Loaded symbols for /lib/libaudit.so.0 Reading symbols from /lib/libselinux.so.1...done. Loaded symbols for /lib/libselinux.so.1 Reading symbols from /lib/libm.so.6...done. Loaded symbols for /lib/libm.so.6 Reading symbols from /lib/librt.so.1...done. Loaded symbols for /lib/librt.so.1 Reading symbols from /lib/libc.so.6...done. Loaded symbols for /lib/libc.so.6 Reading symbols from /lib/libdl.so.2...done. Loaded symbols for /lib/libdl.so.2 Reading symbols from /usr/lib/libfreetype.so.6...done. Loaded symbols for /usr/lib/libfreetype.so.6 Reading symbols from /lib/libz.so.1...done. Loaded symbols for /lib/libz.so.1 Reading symbols from /lib/libcap.so.2...done. Loaded symbols for /lib/libcap.so.2 Reading symbols from /lib/ld-linux.so.2...done. Loaded symbols for /lib/ld-linux.so.2 Reading symbols from /lib/libpthread.so.0...done. Loaded symbols for /lib/libpthread.so.0 Reading symbols from /usr/lib/dri/swrast_dri.so...done. Loaded symbols for /usr/lib/dri/swrast_dri.so Reading symbols from /usr/lib/dri/libdricore.so...done. Loaded symbols for /usr/lib/dri/libdricore.so Reading symbols from /usr/lib/libdrm.so.2...done. Loaded symbols for /usr/lib/libdrm.so.2 Reading symbols from /lib/libexpat.so.1...done. Loaded symbols for /lib/libexpat.so.1 Core was generated by `Xvfb -fbdir /home/myuser/tmp/ :2'. Program terminated with signal 11, Segmentation fault. [New process 22745] #0 0x0814ec0b in FreeColormap (value=0x90fecd0, mid=64) at colormap.c:454 454 if (--pent->co.shco.red->refcnt == 0) Missing separate debuginfos, use: debuginfo-install audit.i386 dbus.i386 expat.i386 freetype.i386 glibc.i686 hal.i386 libXau.i386 libXdmcp.i386 libXfont.i386 libcap.i386 libdrm.i386 libfontenc.i386 libselinux.i386 mesa.i386 openssl.i686 pixman.i386 zlib.i386 (gdb) bt #0 0x0814ec0b in FreeColormap (value=0x90fecd0, mid=64) at colormap.c:454 #1 0x081729e6 in FreeClientResources (client=0x8ee4c00) at resource.c:807 #2 0x08172ac7 in FreeAllResources () at resource.c:824 #3 0x0816f284 in main (argc=4, argv=0xbffda774, envp=Cannot access memory at address 0x139 ) at main.c:453 Version-Release number of selected component (if applicable): xorg-x11-server-Xvfb-1.4.99.905-2.20080702.fc9 How reproducible: I can get about 20 to 30 runs out of mozilla2ps before Xvfb seg faults. Steps to Reproduce: 1. start up Xvfb 2. run mozilla2ps in a loop. 3. Xvfb seg faults around the 20th run. Actual results: Xvfb seg faults Expected results: Xvfb doesn't seg fault Additional info: dmesg has this: Xvfb[14448]: segfault at 142 ip 0814ec0b sp bf9ab600 error 4 in Xvfb[8047000+1b6000] Xvfb[21223]: segfault at 38 ip 0814ebd7 sp bff645a0 error 4 in Xvfb[8047000+1b6000] Xvfb[22745]: segfault at 2 ip 0814ec0b sp bffda610 error 4 in Xvfb[8047000+1b6000] Xvfb[24736]: segfault at 3 ip 0814ebd7 sp bf93b780 error 4 in Xvfb[8047000+1b6000] Xvfb[26665]: segfault at 3 ip 0814ebd7 sp bfb40180 error 4 in Xvfb[8047000+1b6000]
This seems to have something to do with pixel depth. At a depth of 24, Xvfb has been running continously stable for the past couple of hours. At a depth of 8 (the default), it'll crash within a few minutes with the usage above.
Thanks for the bug report. We have reviewed the information you have provided above, and there is some additional information we require that will be helpful in our diagnosis of this issue. Please attach your X server config file (/etc/X11/xorg.conf) and X server log file (/var/log/Xorg.*.log) to the bug report as individual uncompressed file attachments using the bugzilla file attachment link below. Could you please also try to run without any /etc/X11/xorg.conf whatsoever and let X11 autodetect your display and video card? Attach to this bug /var/log/Xorg.0.log from this attempt as well, please. We will review this issue again once you've had a chance to attach this information. Thanks in advance.
Created attachment 316984 [details] my xorg.conf file It doesn't matter if this xorg.conf is used or it's deleted... Xvfb still segfaults eventually.
Created attachment 316986 [details] first xorg.log
Created attachment 316987 [details] the old xorg.log file
It seems this bug is GLX extension related. I tried run "Xvfb :1 -ac -depth 8", terminate it with "CTRL + C" and Xvfb gets sigsegv (same backtrace as written in description). valgrind shows this (stripped output, of course): ==24379== Invalid read of size 2 ==24379== at 0x5DB257: FreeColormap (colormap.c:448) ==24379== by 0x60E119: FreeClientResources (resource.c:807) ==24379== by 0x60E20B: FreeAllResources (resource.c:824) ==24379== by 0x609346: main (main.c:453) ==24379== Address 0x4d05058 is 64 bytes inside a block of size 560 free'd ==24379== at 0x4A074D1: realloc (vg_replace_malloc.c:429) ==24379== by 0x65C4C6: Xrealloc (utils.c:1426) ==24379== by 0x4B6A63: AddScreenVisuals (glxscreens.c:364) ==24379== by 0x4B7155: addFullSet (glxscreens.c:530) ==24379== by 0x4B7368: __glXScreenInit (glxscreens.c:591) ==24379== by 0x4B615D: __glXDRIscreenProbe (glxdriswrast.c:522) ==24379== by 0x4B4E57: GlxExtensionInit (glxext.c:297) ==24379== by 0x45881E: InitExtensions (miinitext.c:667) ==24379== by 0x60901D: main (main.c:367) When I run "Xvfb :1 -ac -depth 8 -extension GLX" all works as expected, no sigsegv. I'm using rawhide x86_64 but X codebase is nearly same as in F9
I can reproduce this segfault using just: Xvfb :50 DISPLAY=:50 xdpyinfo Core was generated by `Xvfb :50'. Program terminated with signal 11, Segmentation fault. [New process 27781] #0 0x00000000004f986f in FreeColormap (value=0x174b420, mid=64) at colormap.c:454 454 if (--pent->co.shco.red->refcnt == 0) Missing separate debuginfos, use: debuginfo-install mesa.x86_64 (gdb) bt #0 0x00000000004f986f in FreeColormap (value=0x174b420, mid=64) at colormap.c:454 #1 0x000000000051c19b in FreeClientResources (client=0x1730ee0) at resource.c:807 #2 0x000000000051c284 in FreeAllResources () at resource.c:824 #3 0x0000000000518a9b in main (argc=2, argv=0x7fffb7f0f2e8, envp=<value optimized out>) at main.c:453 (I have executed "debuginfo-install mesa.x86_64".)
This upstream report looks relevant: http://bugs.freedesktop.org/show_bug.cgi?id=19470
This message is a reminder that Fedora 9 is nearing its end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 9. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '9'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 9's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 9 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug to the applicable version. If you are unable to change the version, please add a comment here and someone will do it for you. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
I can't reproduce this on Fedora 11.
Seems to work fine for me as well on Fedora 11.
Reporter, can you confirm, that this has been fixed in F11, please?
looks good to me on F11.