227922 – KMail sometimes crashes X when opening the composer

Bug 227922 - KMail sometimes crashes X when opening the composer

Summary: KMail sometimes crashes X when opening the composer

Status:	RESOLVED UPSTREAM

Alias:	None

Product:	kmail
Classification:	Applications
Component:	general (show other bugs)
Version:	unspecified
Platform:	Ubuntu Unspecified

Importance:	NOR crash
Target Milestone:	---
Assignee:	kdepim bugs

URL:
Keywords:

Depends on:
Blocks:

Reported:	2010-02-21 12:08 UTC by Ralf Jung
Modified:	2010-03-01 18:54 UTC (History)
CC List:	4 users (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Ralf Jung 2010-02-21 12:08:52 UTC

Version:           KMail 1.12.4 (using KDE 4.3.5)
Installed from:    Ubuntu Packages

Sometimes when I open the messages composer (either by selecting "New message" or by hitting "reply" in an existing message), the whole X server is crashing. I am usually writing 5 to 15 mails each day, and this happens every 1 to 2 weeks - but when it happens, it's of course really annoying as *all* applications are terminated.



The .xsession-errors file contains some messages like this:

kdeinit4: Fatal IO error: client killed
kdeinit4: sending SIGHUP to children.

but since there is no timestamp, it's hard to tell when they occurred.



The Xserver log file contains this backtrace:

Backtrace:
0: /usr/bin/X(xorg_backtrace+0x3b) [0x8133d6b]
1: /usr/bin/X(xf86SigHandler+0x55) [0x80c7d35]
2: [0x739400]
3: /usr/bin/X(FindGlyphByHash+0x3c) [0x816e71c]
4: /usr/bin/X [0x817b13c]
5: /usr/bin/X [0x81742e5]
6: /usr/bin/X(Dispatch+0x35f) [0x808d17f]
7: /usr/bin/X(main+0x395) [0x8072515]
8: /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe6) [0x22cb56]
9: /usr/bin/X [0x80719c1]
Saw signal 11.  Server aborting.

Which is always the same except for the hex numbers in line 2 and 8. This backtrace is of course rather useless without debug symbols, but I don't know how to install them and get a good backtrace without having to compile X myself.



I am using Kubuntu 9.10 and X.Org X Server 1.6.4. KMail is the only application which ever triggered an Xserver crash so far.

Comment 1 Manolis Papadakis 2010-02-27 13:53:28 UTC

I can confirm this on KMail 1.12.4, KDE 4.3.4, X.org 1.7.5 (Debian Testing).

X.org log file contains the following:

Backtrace:
0: /usr/bin/X (xorg_backtrace+0x3b) [0x80e68cb]
1: /usr/bin/X (0x8048000+0x60ad5) [0x80a8ad5]
2: (vdso) (__kernel_rt_sigreturn+0x0) [0xb77bb40c]
3: /usr/bin/X (FindGlyphByHash+0x3c) [0x81b2edc]
4: /usr/bin/X (0x8048000+0xcfa22) [0x8117a22]
5: /usr/bin/X (0x8048000+0xca553) [0x8112553]
6: /usr/bin/X (0x8048000+0x2afa7) [0x8072fa7]
7: /usr/bin/X (0x8048000+0x1e95a) [0x806695a]
8: /lib/i686/cmov/libc.so.6 (__libc_start_main+0xe5) [0xb74cfb55]
9: /usr/bin/X (0x8048000+0x1e541) [0x8066541]
Segmentation fault at address 0x4

I just installed (what appears to be) the X.org debugging symbols (package xserver-xorg-core-dbg) and will try to reproduce.

Comment 2 Ralf Jung 2010-02-28 15:40:54 UTC

Apparently installing the dbg packet you mentioned is not enough to get a good backtrace - it just crashed again here, with this result:

Backtrace:
0: /usr/bin/X(xorg_backtrace+0x3b) [0x8133d6b]
1: /usr/bin/X(xf86SigHandler+0x55) [0x80c7d35]
2: [0x9b1400]
3: /usr/bin/X(FindGlyphByHash+0x3c) [0x816e71c]
4: /usr/bin/X [0x817b13c]
5: /usr/bin/X [0x81742e5]
6: /usr/bin/X(Dispatch+0x35f) [0x808d17f]
7: /usr/bin/X(main+0x395) [0x8072515]
8: /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe6) [0x213b56]
9: /usr/bin/X [0x80719c1]
Saw signal 11.  Server aborting.

In order to get the actual source lines, I tried to use addr2line on the Xorg binary contained in the dbg packet, like this:
addr2line -fe /usr/lib/debug/usr/bin/Xorg 0x816e71c
I am not sure if that is correct, it gives this result:
3: FindGlyphByHash
/build/buildd/xorg-server-1.6.4/obj-i486-linux-gnu/render/../../render/glyph.c:263
4: ProcRenderAddGlyphs
/build/buildd/xorg-server-1.6.4/obj-i486-linux-gnu/render/../../render/render.c:1131
5: ProcRenderDispatch
/build/buildd/xorg-server-1.6.4/obj-i486-linux-gnu/render/../../render/render.c:2092
6: Dispatch
/build/buildd/xorg-server-1.6.4/obj-i486-linux-gnu/dix/../../dix/dispatch.c:457
7: main
/build/buildd/xorg-server-1.6.4/obj-i486-linux-gnu/dix/../../dix/main.c:399

Comment 3 Manolis Papadakis 2010-02-28 18:08:37 UTC

Got a crash again today. Actually, it happened when I tried to compose an answer to Ralf's last comment - KMail has a strange sense of humor it seems. The backtrace was still cryptic, but I tried addr2line as well and I am attaching the results:

Backtrace:
0: /usr/bin/X (xorg_backtrace+0x3b) [0x80e696b]
1: /usr/bin/X (0x8048000+0x60b75) [0x80a8b75]
2: (vdso) (__kernel_rt_sigreturn+0x0) [0xb770e40c]
3: /usr/bin/X (FindGlyphByHash+0x3c) [0x81b346c]
4: /usr/bin/X (0x8048000+0xcfa22) [0x8117a22]
5: /usr/bin/X (0x8048000+0xca553) [0x8112553]
6: /usr/bin/X (0x8048000+0x2b017) [0x8073017]
7: /usr/bin/X (0x8048000+0x1e95a) [0x806695a]
8: /lib/i686/cmov/libc.so.6 (__libc_start_main+0xe5) [0xb7423b55]
9: /usr/bin/X (0x8048000+0x1e541) [0x8066541]
Segmentation fault at address 0x4

addr2line output (same command as Ralf):
0: xorg_backtrace
/home/bgoglin/debian/git/xserver/xorg-server-1.7.5/build/os/../../os/backtrace.c:46
1: OsSigHandler
/home/bgoglin/debian/git/xserver/xorg-server-1.7.5/build/os/../../os/osinit.c:142
3: FindGlyphByHash
/home/bgoglin/debian/git/xserver/xorg-server-1.7.5/build/render/../../render/glyph.c:263
4: ProcRenderAddGlyphs
/home/bgoglin/debian/git/xserver/xorg-server-1.7.5/build/render/../../render/render.c:1107
5: ProcRenderDispatch
/home/bgoglin/debian/git/xserver/xorg-server-1.7.5/build/render/../../render/render.c:2059
6: Dispatch
/home/bgoglin/debian/git/xserver/xorg-server-1.7.5/build/dix/../../dix/dispatch.c:440
7: main
/home/bgoglin/debian/git/xserver/xorg-server-1.7.5/build/dix/../../dix/main.c:287

Although I'm not sure it's the same binary (backtrace mentions "X", while the debugging symbols refer to "Xorg"). I forgot to mention that I've been experiencing the same crash using both fglrx and radeonhd drivers, therefore it's probably not driver-related. I'll try attaching gdb to X before trying to reproduce it next time, as explained here: http://wiki.debian.org/XStrikeForce/XserverDebugging.

Comment 4 Michael Pyne 2010-02-28 18:17:49 UTC

The crash itself happens in 3: FindGlyphByHash, frame 1 and 2 are just the Xorg code that actually prints out the backtrace. There's supposed to be nothing an X client can do to crash the X server, so this is an Xorg bug.

Given that it comes from a function trying to find glyphs I would assume you have a corrupted font glyph cache somehow. So you may want to try running fc-cache --really-force to rebuild your font caches and then restart KDE. Either way it's not a KDE bug, although if you find some way we're abusing X that we shouldn't be then please reopen this bug with details. Thanks.

Comment 5 Ralf Jung 2010-02-28 18:27:00 UTC

The Xorg bugtracker seems to be https://bugs.freedesktop.org/
Manolis, do you have an account there? I don't, and I think we should not both report the bug there :D

Comment 6 Ralf Jung 2010-03-01 18:54:24 UTC

Manolis created an upstream report at https://bugs.freedesktop.org/show_bug.cgi?id=26801 , which was marked as duplicate of https://bugs.freedesktop.org/show_bug.cgi?id=20718