Bug 658587 - xfs crashes the Fedora 14 X server with bitmapped fonts (and maybe others)
Summary: xfs crashes the Fedora 14 X server with bitmapped fonts (and maybe others)
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: xorg-x11-xfs
Version: 15
Hardware: x86_64
OS: Unspecified
low
medium
Target Milestone: ---
Assignee: Adam Jackson
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-11-30 18:47 UTC by Chris Siebenmann
Modified: 2013-02-01 15:14 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-08-07 19:26:02 UTC


Attachments (Terms of Use)
abrt report from Xorg crash (9.75 KB, text/plain)
2010-11-30 18:47 UTC, Chris Siebenmann
no flags Details

Description Chris Siebenmann 2010-11-30 18:47:00 UTC
Created attachment 463801 [details]
abrt report from Xorg crash

Description of problem:
If you attempt to use the X font server (xorg-x11-xfs) on Fedora 14 with
the Fedora 14 X server, the X server will crash on many or any operation
that seems to involve inventorying fonts. The minimal set of packages over
a stock install necessary to do this seems to be xfs itself and the 100dpi
bitmapped fonts, but it's possible that other font types will also do this.
(I have not attempted to do an exhaustive inventory.)

Reverting back to the Fedora 13 X server (and dependent drivers) on a
Fedora 14 system avoids the crash. This crash happens with all versions
of the Fedora 14 X server that I have seen, both the one on the
distribution image, the initial update in the updates repository, and the
latest update.

This may be the same bug as #651197 and #648608. I am refiling because
I have somewhat different abrt traces and a minimal reproduction, but
please feel free to mark this bug as a duplicate of one of the others
as appropriate.

Version-Release number of selected component (if applicable):

xorg-x11-xfs-1.0.5-8.fc14.x86_64
xorg-x11-fonts-100dpi-7.2-11.fc14.noarch
xorg-x11-server-Xorg-1.9.1-3.fc14.x86_64

How reproducible:
Completely

Steps to Reproduce:
1. install a stock 64-bit Fedora 14 system (may repro on i686; haven't tried)
2. install xorg-x11-utils (for xlsfonts), xorg-x11-xfs and xorg-x11-fonts-100dpi
3. start xfs with '/etc/rc.d/init.d/xfs start'
4. log in and add the xfs server to your font path:
       xset fp+ unix/:7100
5. run xlsfonts; the server will immediately crash

Actual results:

Server crash.

Expected results:

List of fonts.

Additional info:

The stock xfs configuration serves the same fonts that the X server
is already using, since both point to catalogue:/etc/X11/fontpath.d.
This has let me see that just having X with the bitmapped fonts or
just having X talk to xfs for fonts are not enough to create the crash.

The crash can also be reproduced with Xvfb:

Xvfb :1 -noreset &
DISPLAY=:1 xset fp+ unix/:7100
DISPLAY=:1 xlsfonts

Testing with Xvfb this way commonly shows a glibc error:
*** glibc detected *** Xvfb: double free or corruption (!prev): 0x0000000001d82210 ***

(the address varies)

I am attaching an abrt trace (from an Xorg crash, not Xvfb).

Comment 1 Ian Donaldson 2011-02-21 00:33:11 UTC
After noticing that firefox startup and kde menus crashed my X server 
every time, I can confirm this still happens with current FC14 Xorg:


$ rpm -q xorg-x11-xfs xorg-x11-fonts-100dpi xorg-x11-server-Xorg
xorg-x11-xfs-1.0.5-8.fc14.x86_64
xorg-x11-fonts-100dpi-7.2-12.fc14.noarch
xorg-x11-server-Xorg-1.9.3-4.fc14.x86_64


[  2888.421] (II) config/udev: Adding input device HDA NVidia HP Out at Ext Front Jack (/dev/input/event7)
[  2888.421] (II) No input driver/identifier specified (ignoring)
[  2971.531]
Backtrace:
[  2971.532] 0: /usr/bin/Xorg (xorg_backtrace+0x28) [0x4a0488]
[  2971.532] 1: /usr/bin/Xorg (0x400000+0x60d79) [0x460d79]
[  2971.532] 2: /lib64/libc.so.6 (0x7fccea130000+0x33140) [0x7fccea163140]
[  2971.532] 3: /usr/bin/Xorg (doListFontsWithInfo+0x1c1) [0x42e011]
[  2971.532] 4: /usr/bin/Xorg (ProcessWorkQueue+0x21) [0x4318d1]
[  2971.532] 5: /usr/bin/Xorg (WaitForSomething+0x5b) [0x459edb]
[  2971.532] 6: /usr/bin/Xorg (0x400000+0x2d252) [0x42d252]
[  2971.532] 7: /usr/bin/Xorg (0x400000+0x2152e) [0x42152e]
[  2971.532] 8: /lib64/libc.so.6 (__libc_start_main+0xfd) [0x7fccea14ee5d]
[  2971.532] 9: /usr/bin/Xorg (0x400000+0x210d9) [0x4210d9]
[  2971.532] Segmentation fault at address 0xd41a34b0
[  2971.532]
Fatal server error:
[  2971.532] Caught signal 11 (Segmentation fault). Server aborting


Also on an 32-bit machine, the original Xvfp test...

$ rpm -q xorg-x11-xfs xorg-x11-fonts-100dpi xorg-x11-server-Xorg
xorg-x11-xfs-1.0.5-8.fc14.i686
xorg-x11-fonts-100dpi-7.2-12.fc14.noarch
xorg-x11-server-Xorg-1.9.3-4.fc14.i686

$ Xvfb :1 -noreset &
[1] 27322
$ DISPLAY=:1 xset fp+ unix/:7100
$ DISPLAY=:1 xlsfonts

Backtrace:
0: Xvfb (xorg_backtrace+0x3c) [0x81badcc]
1: Xvfb (0x8047000+0x177226) [0x81be226]
2: (vdso) (__kernel_rt_sigreturn+0x0) [0x1e440c]
3: Xvfb (0x8047000+0x1207bb) [0x81677bb]
4: Xvfb (ProcessWorkQueue+0x31) [0x816adc1]
5: Xvfb (WaitForSomething+0x57) [0x81b84c7]
6: Xvfb (0x8047000+0x11f31e) [0x816631e]
7: Xvfb (0x8047000+0x10d715) [0x8154715]
8: /lib/libc.so.6 (__libc_start_main+0xe6) [0x4cfe36]
9: Xvfb (0x8047000+0x15051) [0x805c051]
Segmentation fault at address 0x8

Fatal server error:
Caught signal 11 (Segmentation fault). Server aborting

XIO:  fatal IO error 11 (Resource temporarily unavailable) on X server ":1.0"
      after 7 requests (7 known processed) with 0 events remaining.
$ [1]+  Exit 1                  Xvfb :1 -noreset




After removing the fontserver from the fontpath, the crashes stopped.

Comment 2 Chris Siebenmann 2011-04-06 13:57:31 UTC
I have just tested, and this still happens on the just released X server
update to 1.9.5 (xorg-x11-server-Xorg-1.9.5-1.fc14).

Comment 3 Fedora End Of Life 2012-08-07 19:26:07 UTC
This message is a notice that Fedora 15 is now at end of life. Fedora
has stopped maintaining and issuing updates for Fedora 15. It is
Fedora's policy to close all bug reports from releases that are no
longer maintained. At this time, all open bugs with a Fedora 'version'
of '15' have been closed as WONTFIX.

(Please note: Our normal process is to give advanced warning of this
occurring, but we forgot to do that. A thousand apologies.)

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, feel free to reopen
this bug and simply change the 'version' to a later Fedora version.

Bug Reporter: Thank you for reporting this issue and we are sorry that
we were unable to fix it before Fedora 15 reached end of life. If you
would still like to see this bug fixed and are able to reproduce it
against a later version of Fedora, you are encouraged to click on
"Clone This Bug" (top right of this page) and open it against that
version of Fedora.

Although we aim to fix as many bugs as possible during every release's
lifetime, sometimes those efforts are overtaken by events. Often a
more recent Fedora release includes newer upstream software that fixes
bugs or makes them obsolete.

The process we are following is described here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping


Note You need to log in before you can comment on or make changes to this bug.