Bug 455359
Summary: | Firefox crashes X-Server - blows out to login prompt | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | Charles Houp <moon> | ||||||||||||
Component: | xorg-x11-server | Assignee: | Dave Airlie <airlied> | ||||||||||||
Status: | CLOSED ERRATA | QA Contact: | desktop-bugs <desktop-bugs> | ||||||||||||
Severity: | high | Docs Contact: | |||||||||||||
Priority: | low | ||||||||||||||
Version: | 5.2 | CC: | airlied, amyagi, bforte, cmeadors, gecko-bugs-nobody, lihuang, pasteur, philip.r.schaffner, ralph, rodrigue, tao, tim.verhoeven.be, xgl-maint, yzhou | ||||||||||||
Target Milestone: | rc | ||||||||||||||
Target Release: | --- | ||||||||||||||
Hardware: | x86_64 | ||||||||||||||
OS: | Linux | ||||||||||||||
Whiteboard: | |||||||||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||||||||
Doc Text: |
* when certain values for trapezoidal data were passed to the X server by Firefox, X would crash. Therefore, if the user visited a html document that contained such data, X would attempt to render it, crash, and leave the user at the login prompt. This update for X corrects this behavior, and is able to handle these values without crashing.
|
Story Points: | --- | ||||||||||||
Clone Of: | |||||||||||||||
: | 492561 (view as bug list) | Environment: | |||||||||||||
Last Closed: | 2009-01-20 21:29:32 UTC | Type: | --- | ||||||||||||
Regression: | --- | Mount Type: | --- | ||||||||||||
Documentation: | --- | CRM: | |||||||||||||
Verified Versions: | Category: | --- | |||||||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||||||
Embargoed: | |||||||||||||||
Bug Depends On: | |||||||||||||||
Bug Blocks: | 492561 | ||||||||||||||
Attachments: |
|
Description
Charles Houp
2008-07-15 02:47:11 UTC
Just adding another example URL that causes the X session to crash. Seems to happen even with Firefox3 downloaded from the mozilla site. http://wiki.contribs.org/SME_Server:Documentation:Administration_Manual:Booklet In my testing I have only seen this happen on x86_64 systems, I have had no crashes on i686. I've tested with both 32bit and 64bit firefox on x86_64 and both have the isse. I can reproduce it reliably on RHEL-5.2 / x86_64. But works fine in F9, seems to be RHEL-5 specific. Works fine inside RHEL-5.2 / x86_64 / VNC session.... /var/log/messages: Jul 15 12:42:47 dhcp-lab-122 kernel: Xorg[3446]: segfault at 000000ff67b4eb0f rip 0000003667871ce6 rsp 00007fffbc20fa70 error 6 Jul 15 12:42:47 dhcp-lab-122 gconfd (komat-3580): Received signal 15, shutting down cleanly Jul 15 12:42:47 dhcp-lab-122 gconfd (komat-3580): Exiting Jul 15 12:42:49 dhcp-lab-122 kernel: mtrr: type mismatch for c0000000,1000000 old: write-back new: write-combining From Xorg.0.log.old: Backtrace: 0: /usr/bin/Xorg(xf86SigHandler+0x71) [0x4a1021] 1: /lib64/libc.so.6 [0x36678301b0] 2: /usr/bin/Xorg(CompositePicture+0x73) [0x4fd833] 3: /usr/bin/Xorg(miTrapezoids+0x239) [0x4fcd99] 4: /usr/bin/Xorg [0x513a80] 5: /usr/bin/Xorg [0x5041c4] 6: /usr/bin/Xorg(Dispatch+0x1ca) [0x449c9a] 7: /usr/bin/Xorg(main+0x44e) [0x4325ee] 8: /lib64/libc.so.6(__libc_start_main+0xf4) [0x366781d8b4] 9: /usr/bin/Xorg(FontFileCompleteXLFD+0x231) [0x4318c9] Fatal server error: Caught signal 11. Server aborting Created attachment 311800 [details]
dmesg
Created attachment 311801 [details]
xorg.conf
Created attachment 311802 [details]
Xorg.0.log
Created attachment 311803 [details]
Xorg.0.log.old
[root@dhcp-lab-122 ~]# lspci 00:00.0 Host bridge: Intel Corporation 5000X Chipset Memory Controller Hub (rev 12) 00:02.0 PCI bridge: Intel Corporation 5000 Series Chipset PCI Express x4 Port 2 (rev 12) 00:03.0 PCI bridge: Intel Corporation 5000 Series Chipset PCI Express x4 Port 3 (rev 12) 00:04.0 PCI bridge: Intel Corporation 5000X Chipset PCI Express x16 Port 4-7 (rev 12) 00:05.0 PCI bridge: Intel Corporation 5000 Series Chipset PCI Express x4 Port 5 (rev 12) 00:06.0 PCI bridge: Intel Corporation 5000 Series Chipset PCI Express x4 Port 6 (rev 12) 00:07.0 PCI bridge: Intel Corporation 5000 Series Chipset PCI Express x4 Port 7 (rev 12) 00:10.0 Host bridge: Intel Corporation 5000 Series Chipset FSB Registers (rev 12) 00:10.1 Host bridge: Intel Corporation 5000 Series Chipset FSB Registers (rev 12) 00:10.2 Host bridge: Intel Corporation 5000 Series Chipset FSB Registers (rev 12) 00:11.0 Host bridge: Intel Corporation 5000 Series Chipset Reserved Registers (rev 12) 00:13.0 Host bridge: Intel Corporation 5000 Series Chipset Reserved Registers (rev 12) 00:15.0 Host bridge: Intel Corporation 5000 Series Chipset FBD Registers (rev 12) 00:16.0 Host bridge: Intel Corporation 5000 Series Chipset FBD Registers (rev 12) 00:1b.0 Audio device: Intel Corporation 631xESB/632xESB High Definition Audio Controller (rev 09) 00:1c.0 PCI bridge: Intel Corporation 631xESB/632xESB/3100 Chipset PCI Express Root Port 1 (rev 09) 00:1d.0 USB Controller: Intel Corporation 631xESB/632xESB/3100 Chipset UHCI USB Controller #1 (rev 09) 00:1d.1 USB Controller: Intel Corporation 631xESB/632xESB/3100 Chipset UHCI USB Controller #2 (rev 09) 00:1d.2 USB Controller: Intel Corporation 631xESB/632xESB/3100 Chipset UHCI USB Controller #3 (rev 09) 00:1d.3 USB Controller: Intel Corporation 631xESB/632xESB/3100 Chipset UHCI USB Controller #4 (rev 09) 00:1d.7 USB Controller: Intel Corporation 631xESB/632xESB/3100 Chipset EHCI USB2 Controller (rev 09) 00:1e.0 PCI bridge: Intel Corporation 82801 PCI Bridge (rev d9) 00:1f.0 ISA bridge: Intel Corporation 631xESB/632xESB/3100 Chipset LPC Interface Controller (rev 09) 00:1f.1 IDE interface: Intel Corporation 631xESB/632xESB IDE Controller (rev 09) 00:1f.2 SATA controller: Intel Corporation 631xESB/632xESB SATA AHCI Controller (rev 09) 00:1f.3 SMBus: Intel Corporation 631xESB/632xESB/3100 Chipset SMBus Controller (rev 09) 01:00.0 PCI bridge: Intel Corporation 6311ESB/6321ESB PCI Express Upstream Port (rev 01) 01:00.3 PCI bridge: Intel Corporation 6311ESB/6321ESB PCI Express to PCI-X Bridge (rev 01) 02:00.0 PCI bridge: Intel Corporation 6311ESB/6321ESB PCI Express Downstream Port E1 (rev 01) 02:01.0 PCI bridge: Intel Corporation 6311ESB/6321ESB PCI Express Downstream Port E2 (rev 01) 07:00.0 VGA compatible controller: ATI Technologies Inc RV516 [Radeon X1300/X1550 Series] 07:00.1 Display controller: ATI Technologies Inc RV516 [Radeon X1300 Pro] (Secondary) 0b:00.0 Ethernet controller: Broadcom Corporation NetXtreme BCM5752 Gigabit Ethernet PCI Express (rev 02) Created attachment 311805 [details]
Xorg.0.log with ATI driver. It doesn't start.
I've been able to reproduce this behaviour on three x86-based ThinkPads: models T43, T60 and T61, all running RHEL 5.2. The behaviour presents in both RHEL 5.2 CSB (running Firefox 3.0b5) and generic RHEL 5.2 (running Firefox 3.0.1). The behaviour does not present if Konquerer 3.5.4-18 is used to load the URL. The behaviour does not present in Fedora 9, regardless of the browser used to load the URL. Also, add the following URL to the list of 'crashes X' URLs: <http://fedoraguide.info/index.php?title=Main_Page>. At the risk of stating the obvious, all three URLs noted as causing the behaviour are running MediaWiki. I have a T60 with RHEL 5.2 x86. This crash is very reproducible. Hard to qaulify, but this may be a regression. I am sure atleast one person viewed one of these URLS before. Maybe it never worked. I just realized that this is filed against the vesa driver, but I am using the "intel" driver. This request was evaluated by Red Hat Product Management for inclusion, but this component is not scheduled to be updated in the current Red Hat Enterprise Linux release. If you would like this request to be reviewed for the next minor release, ask your support representative to set the next rhel-x.y flag to "?". Experiencing this problem with the "nv" driver as well, so it seems to be more general than the component indicates. Yet another MediaWiki site that triggers the problem is http://wiki.osx86project.org/wiki/index.php/HCL_10.5.2 This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release. MODIFIED xorg-x11-server-1.1.1-48.49.el5 built in brew. RHEL4 version of this bug is bug 463137 For this bug on rhel5-x86_64 package *firefox-3.0.5-1.el5_2*, cannot login (stopping at black screen) after system logout. On rhel5-i386, system will logout as well, but can re-login. *** Bug 475937 has been marked as a duplicate of this bug. *** Release note added. If any revisions are required, please set the "requires_release_notes" flag to "?" and edit the "Release Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: * when certain values for trapezoidal data were passed to the X server by Firefox, X would crash. Therefore, if the user visited a html document that contained such data, X would attempt to render it, crash, and leave the user at the login prompt. This update for X corrects this behavior, and is able to handle these values without crashing. An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2009-0162.html on my RHEL5.3 x86_64 os . the given page still crash vnc connection: bt log: (gdb) c Continuing. Program received signal SIGSEGV, Segmentation fault. 0x000000000068f98c in ValidateOnePicture (pPicture=0x2cccad0) at picture.c:1596 1596 if (pPicture->pDrawable && pPicture->serialNumber != pPicture->pDrawable->serialNumber) (gdb) bt #0 0x000000000068f98c in ValidateOnePicture (pPicture=0x2cccad0) at picture.c:1596 #1 0x000000000068f9d9 in ValidatePicture (pPicture=0x2cccad0) at picture.c:1609 #2 0x000000000068fa96 in CompositePicture (op=12 '\f', pSrc=0x2cccad0, pMask=0x2d26fa0, pDst=0x2c26fd0, xSrc=0, ySrc=0, xMask=0, yMask=0, xDst=0, yDst=0, width=1, height=1) at picture.c:1780 #3 0x000000000068efd9 in miTrapezoids (op=12 '\f', pSrc=0x2cccad0, pDst=0x2c26fd0, maskFormat=<value optimized out>, xSrc=0, ySrc=0, ntrap=0, traps=0x3003300) at mitrap.c:175 #4 0x00000000006963b4 in ProcRenderTrapezoids (client=0x2c43b20) at render.c:820 #5 0x0000000000431eda in Dispatch () at dispatch.c:459 #6 0x00000000004424c5 in main (argc=19, argv=0x7fff836cac98, envp=<value optimized out>) at main.c:447 (gdb) q The program is running. Quit anyway (and detach it)? (y or n) y LND: Sending signal 11 to process 4344 Detaching from program: /usr/bin/Xvnc, process 4344 [root@dhcp-65-4 ~]# uname -a Linux dhcp-65-4.nay.redhat.com 2.6.18-128.el5 #1 SMP Wed Dec 17 11:41:38 EST 2008 x86_64 x86_64 x86_64 GNU/Linux [root@dhcp-65-4 ~]# rpm -qa | grep xorg-x11-server xorg-x11-server-utils-7.1-4.fc6 xorg-x11-server-Xnest-1.1.1-48.52.el5 xorg-x11-server-debuginfo-1.1.1-48.52.el5 xorg-x11-server-Xvnc-source-1.1.1-48.52.el5 xorg-x11-server-sdk-1.1.1-48.52.el5 xorg-x11-server-Xvfb-1.1.1-48.52.el5 xorg-x11-server-randr-source-1.1.1-48.52.el5 xorg-x11-server-Xephyr-1.1.1-48.52.el5 xorg-x11-server-Xdmx-1.1.1-48.52.el5 xorg-x11-server-Xorg-1.1.1-48.52.el5 I have no permission to reopen this bug. could someone help me ? Thanks (In reply to comment #33) > I have no permission to reopen this bug. could someone help me ? Thanks Please file a new bug against component vnc (which is where the crash happens) and attach the information from comment 32. Thank you *** Bug 618976 has been marked as a duplicate of this bug. *** |