Ubuntu
xulrunner-1.9 package

infinite loop calling FcConfigUptoDate in directory with symlinks

Bug #355931 reported by Patrick Horn
2
Affects Status Importance Assigned to Milestone
xulrunner-1.9 (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

Binary package hint: xulrunner-1.9

Description: Ubuntu 8.10
Release: 8.10

firefox-3.0:
  Installed: 3.0.8+nobinonly-0ubuntu0.8.10.2
  Candidate: 3.0.8+nobinonly-0ubuntu0.8.10.2
  Version table:
 *** 3.0.8+nobinonly-0ubuntu0.8.10.2 0
        500 http://mirror.anl.gov intrepid-updates/main Packages
        500 http://security.ubuntu.com intrepid-security/main Packages
        100 /var/lib/dpkg/status
     3.0.3+nobinonly-0ubuntu2 0
        500 http://mirror.anl.gov intrepid/main Packages
xulrunner-1.9:
  Installed: 1.9.0.8+nobinonly-0ubuntu0.8.10.1
  Candidate: 1.9.0.8+nobinonly-0ubuntu0.8.10.1
  Version table:
 *** 1.9.0.8+nobinonly-0ubuntu0.8.10.1 0
        500 http://mirror.anl.gov intrepid-updates/main Packages
        500 http://security.ubuntu.com intrepid-security/main Packages
        100 /var/lib/dpkg/status
     1.9.0.3+nobinonly-0ubuntu1 0
        500 http://mirror.anl.gov intrepid/main Packages
libfontconfig1:
  Installed: 2.6.0-1ubuntu4
  Candidate: 2.6.0-1ubuntu4
  Version table:
 *** 2.6.0-1ubuntu4 0
        500 http://mirror.anl.gov intrepid/main Packages
        100 /var/lib/dpkg/status

I had a flash video open in one tab.
In a different tab, I clicked at an anchor link (wikipedia, so no flash involved here).
As soon as I clicked the anchor, firefox hung. 10 seconds later it responded for a fraction of a second then failed to respond after that.

My flash player version is 10,0,22,87 (the native 64-bit beta version, updated from an older 64-bit version within the past month)

I have never had this crash before--it seems to be very rare, but it is caused by a function called from Flash

strace -p PID showed firefox looking at several directories undeer /usr/share/fonts/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/encodings/large
(it had already been hung for a minute by the time I tried this)

Upon removing the recursive "X11 -> ." symbolic link inside of /usr/share/fonts/X11, the function quickly returned from all of its recursive calls and Firefox was able to continue.

I am not sure what code inside xulrunner is responsible for a recursive fontconfig search, but if there is any function that recursively calls FcConfigUptoDate, it should check whether a file is a symbolic link, and if so, expand the absolute path of the symbolic link so that it can check if it is looking recursively.

Here is the GDB backtrace while it was looking through these directories -- I do not have debugging symbols because this has never happened before, but I can't imagine many duplicated places where you do recursive directory searches so it hopefully won't be too hard to find this spot):
#0 0x00007f6c916be025 in __xstat64 () from /lib/libc.so.6
#1 0x00007f6c8db34e05 in ?? () from /usr/lib/libfontconfig.so.1
#2 0x00007f6c8db34f04 in FcConfigUptoDate () from /usr/lib/libfontconfig.so.1
#3 0x00007f6c9056ebcc in ?? () from /usr/lib/xulrunner-1.9.0.8/libxul.so
#4 0x00007f6c9056eca7 in ?? () from /usr/lib/xulrunner-1.9.0.8/libxul.so
#5 0x00007f6c901f3c2d in ?? () from /usr/lib/xulrunner-1.9.0.8/libxul.so
#6 0x00007f6c905512a5 in ?? () from /usr/lib/xulrunner-1.9.0.8/libxul.so
#7 0x00007f6c901f0254 in ?? () from /usr/lib/xulrunner-1.9.0.8/libxul.so
#8 0x00007f6c901f07db in ?? () from /usr/lib/xulrunner-1.9.0.8/libxul.so
#9 0x00007f6c901fa05f in ?? () from /usr/lib/xulrunner-1.9.0.8/libxul.so
#10 0x00007f6c901fa656 in ?? () from /usr/lib/xulrunner-1.9.0.8/libxul.so
...
#103 0x00007f6c8ff2a252 in ?? () from /usr/lib/xulrunner-1.9.0.8/libxul.so
#104 0x00007f6c8ff2aed6 in ?? () from /usr/lib/xulrunner-1.9.0.8/libxul.so
#105 0x00007f6c8ff2b351 in ?? () from /usr/lib/xulrunner-1.9.0.8/libxul.so
#106 0x00007f6c8ff2bf17 in ?? () from /usr/lib/xulrunner-1.9.0.8/libxul.so
#107 0x00007f6c8ff32d67 in ?? () from /usr/lib/xulrunner-1.9.0.8/libxul.so
#108 0x00007f6c8ff49249 in ?? () from /usr/lib/xulrunner-1.9.0.8/libxul.so
#109 0x00007f6c8ff32d67 in ?? () from /usr/lib/xulrunner-1.9.0.8/libxul.so
#110 0x00007f6c8ff46905 in ?? () from /usr/lib/xulrunner-1.9.0.8/libxul.so
#111 0x00007f6c8ff46e72 in ?? () from /usr/lib/xulrunner-1.9.0.8/libxul.so
#112 0x00007f6c8ff471bc in ?? () from /usr/lib/xulrunner-1.9.0.8/libxul.so
#113 0x00007f6c8ff32d67 in ?? () from /usr/lib/xulrunner-1.9.0.8/libxul.so
#114 0x00007f6c8ff78e92 in ?? () from /usr/lib/xulrunner-1.9.0.8/libxul.so
#115 0x00007f6c8ff1559d in ?? () from /usr/lib/xulrunner-1.9.0.8/libxul.so
---Type <return> to continue, or q <return> to quit---
#116 0x00007f6c8ff18a8f in ?? () from /usr/lib/xulrunner-1.9.0.8/libxul.so
#117 0x00007f6c8ff18bc6 in ?? () from /usr/lib/xulrunner-1.9.0.8/libxul.so
#118 0x00007f6c8ff18c5a in ?? () from /usr/lib/xulrunner-1.9.0.8/libxul.so
#119 0x00007f6c90533036 in ?? () from /usr/lib/xulrunner-1.9.0.8/libxul.so
#120 0x00007f6c9050838a in ?? () from /usr/lib/xulrunner-1.9.0.8/libxul.so
#121 0x00007f6c9048ca84 in ?? () from /usr/lib/xulrunner-1.9.0.8/libxul.so
#122 0x00007f6c90479074 in ?? () from /usr/lib/xulrunner-1.9.0.8/libxul.so
#123 0x00007f6c8d454d5b in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#124 0x00007f6c8d45852d in ?? () from /usr/lib/libglib-2.0.so.0
#125 0x00007f6c8d4586eb in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#126 0x00007f6c8c839651 in gtk_main_iteration () from /usr/lib/libgtk-x11-2.0.so.0
#127 0x00007f6c785babab in ?? () from /usr/lib/firefox/plugins/libflashplayer.so
#128 0x00007f6c8d45551b in ?? () from /usr/lib/libglib-2.0.so.0
#129 0x00007f6c8d454d5b in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#130 0x00007f6c8d45852d in ?? () from /usr/lib/libglib-2.0.so.0
#131 0x00007f6c8d4586eb in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#132 0x00007f6c9048c7b1 in ?? () from /usr/lib/xulrunner-1.9.0.8/libxul.so
#133 0x00007f6c9048c962 in ?? () from /usr/lib/xulrunner-1.9.0.8/libxul.so
#134 0x00007f6c90532fe1 in ?? () from /usr/lib/xulrunner-1.9.0.8/libxul.so
#135 0x00007f6c905082f6 in ?? () from /usr/lib/xulrunner-1.9.0.8/libxul.so
#136 0x00007f6c9048ca1d in ?? () from /usr/lib/xulrunner-1.9.0.8/libxul.so
#137 0x00007f6c9032c721 in ?? () from /usr/lib/xulrunner-1.9.0.8/libxul.so
#138 0x00007f6c8fdb2082 in XRE_main () from /usr/lib/xulrunner-1.9.0.8/libxul.so
#139 0x00000000004016b4 in ?? ()
#140 0x00007f6c91604466 in __libc_start_main () from /lib/libc.so.6

The strace from firefox sadly scrolled off the top of the console because I forgot to use a different terminal window, but subsequent to removing the symbolic link, it was still looking at deep directories until it finally had gone through all directories in the heirarchy and returned:
...
stat("/usr/share/fonts/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/misc", 0x7fff9a733750) = -1 ENOENT (No such file or directory)
stat("/usr/share/fonts/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/util", 0x7fff9a733750) = -1 ENOENT (No such file or directory)
stat("/usr/share/fonts/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/encodings/large", 0x7fff9a733750) = -1 ENOENT (No such file or directory)
stat("/usr/share/fonts/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/X11/encodings/large", 0x7fff9a733750)
...

I will add the symbolic link back in, and then keep checking if I see the bug happen another time.

Revision history for this message
Patrick Horn (phrh) wrote :

Please disregard everything to do with flash--that was probably just a coincidence because of how the main event loop runs.

I just realized that I was looking at a lot of google results for something, and in addition to the wikipedia page, I had opened this site in another tab:
http://cnx.org/content/m0068/latest/
This page has MathML, which would very likely require looking for fonts on my hard drive, so this may indeed have been the cause of the crash.

Indeed, adding the symbolic link back and refreshing that page triggers the bug once more.

here is a page on that same site with a much more pronounced effect (probably happens once per equation): http://cnx.org/content/m10622/latest/
Also, this is not an infinite loop, but rather a *very* *long* finite loop--it does seem to return eventually after several minutes (maybe the OS maxes out the number of recursive symbolic links you can have in a directory)

So yes the bug is entirely reproducable on sites using MathML! I probably won't have time this week to install the debug libraries for xulrunner, but I have been considering trying out the Jaunty beta. Would that help?

Revision history for this message
Stephen (sdupre) wrote :

There is another link in /usr/bin/X11 -> . Don't know if that affects the font lookup recursively. (9.04)

Revision history for this message
Phillip Susi (psusi) wrote :

This package has been removed from Ubuntu. Closing all related bugs.

Changed in xulrunner-1.9 (Ubuntu):
status: New → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.