Bug 598761

Summary: X server crash when text entered in Firefox Search bar
Product: [Fedora] Fedora Reporter: Jerry Amundson <jamundso>
Component: xorg-x11-serverAssignee: Adam Jackson <ajax>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: low    
Version: 13CC: airlied, ajax, brendon, brick, bskeggs, cooling.crystals, jglisse, mariofutire, mcepl, nuttchr, xgl-maint
Target Milestone: ---Keywords: Triaged
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: xorg-x11-server-Xorg-1.8.2-1.fc13 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 580251 Environment:
Last Closed: 2010-07-13 15:08:42 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
dmesg output
none
messages
none
Xorg.0.log of the crash
none
dmesg
none
/var/log/messages
none
Starting in safe mode, everything disabled or reset except bookmarks.
none
dmesg.txt with drm.debug=0x04
none
/var/log/messages with drm.debug=0x04
none
Xorg.0.log with drm.debug=0x04
none
I can recreate this consistently now, and there seems more to this backtrace.
none
Debug session with resurrected stack none

Description Jerry Amundson 2010-06-02 01:10:18 UTC 
+++ This bug was initially created as a clone of Bug #580251 +++

Created an attachment (id=405085)
xorg log old

Description of problem:
If I remember correctly then before crash and X restart I closed Firefox, gedit and re-opened Firefox shortly thereafter. Typed something in search? And moved cursor a little bit to the upper right part of the screen.

Version-Release number of selected component (if applicable):
2.6.33.1-19.fc13.i686

How reproducible:
? no idea

Steps to Reproduce:
1. absolutely no idea. have system running for some time?
2.
3.
  
Actual results:
unexpected X server crash and restart

Expected results:
be stable, don't crash ;-)

Additional info:

--- Additional comment from cooling.crystals on 2010-04-07 16:05:57 EDT ---

Created an attachment (id=405086)
dmesg

--- Additional comment from cooling.crystals on 2010-04-12 18:28:57 EDT ---

Created an attachment (id=406099)
xorg log old

Another crash, just booted into Fedora. It happened while I tried to use Backspace to retype something into Firefox's search box.

--- Additional comment from cooling.crystals on 2010-04-12 18:29:59 EDT ---

Created an attachment (id=406100)
xorg log old 2

--- Additional comment from cooling.crystals on 2010-04-12 18:30:34 EDT ---

Created an attachment (id=406101)
dmesg 2

--- Additional comment from jamundso on 2010-05-22 21:18:25 EDT ---

Created an attachment (id=415902)
Xorg log

I can't get anything more than the seg fault. I have all the debug pkgs installed. Direction to get more info would help me out, though I'll try it wired when I get a chance. (the crash disconnects the desktop-started wireless... duh ;-)

--- Additional comment from mcepl on 2010-05-24 11:36:15 EDT ---

Backtrace:
[ 19007.922] 0: /usr/bin/Xorg (xorg_backtrace+0x3c) [0x80e515c]
[ 19007.922] 1: /usr/bin/Xorg (0x8047000+0x5e056) [0x80a5056]
[ 19007.922] 2: (vdso) (__kernel_rt_sigreturn+0x0) [0xc4440c]
[ 19007.922] 3: /usr/lib/xorg/modules/drivers/nouveau_drv.so (0x180000+0xd2e8) [0x18d2e8]
[ 19007.922] 4: /usr/lib/xorg/modules/drivers/nouveau_drv.so (0x180000+0x4263) [0x184263]
[ 19007.922] 5: /usr/lib/xorg/modules/libexa.so (0x1cb000+0x8748) [0x1d3748]
[ 19007.925] 6: /usr/lib/xorg/modules/libexa.so (0x1cb000+0xe102) [0x1d9102]
[ 19007.925] 7: /usr/bin/Xorg (0x8047000+0xd4957) [0x811b957]
[ 19007.925] 8: /usr/bin/Xorg (CompositePicture+0x290) [0x810e980]
[ 19007.925] 9: /usr/bin/Xorg (0x8047000+0xcdba5) [0x8114ba5]
[ 19007.925] 10: /usr/bin/Xorg (0x8047000+0xca734) [0x8111734]
[ 19007.926] 11: /usr/bin/Xorg (0x8047000+0x26e27) [0x806de27]
[ 19007.926] 12: /usr/bin/Xorg (0x8047000+0x1b565) [0x8062565]
[ 19007.926] 13: /lib/libc.so.6 (__libc_start_main+0xe6) [0x55dc96]
[ 19007.926] 14: /usr/bin/Xorg (0x8047000+0x1b151) [0x8062151]
[ 19007.926] Segmentation fault at address (nil)
[ 19007.926] 
Fatal server error:
[ 19007.926] Caught signal 11 (Segmentation fault). Server aborting

--- Additional comment from jamundso on 2010-05-24 20:58:18 EDT ---

mcepl  2010-05-24 11:36:15 EDT      xorg-x11-drv-nouveau 

Why?
In my case, nouveau is not involved.

--- Additional comment from mcepl on 2010-05-25 02:15:46 EDT ---

(In reply to comment #7)
> mcepl  2010-05-24 11:36:15 EDT      xorg-x11-drv-nouveau 
> 
> Why?
> In my case, nouveau is not involved.    

Yes, because your backtrace is completely different:

Backtrace:
[  2216.783] 0: /usr/bin/X (xorg_backtrace+0x3c) [0x80e51dc]
[  2216.783] 1: /usr/bin/X (0x8047000+0x5e176) [0x80a5176]
[  2216.784] 2: (vdso) (__kernel_rt_sigreturn+0x0) [0xc4640c]
[  2216.784] 3: /lib/libc.so.6 (0x282000+0x792c6) [0x2fb2c6]
[  2216.784] Segmentation fault at address (nil)
[  2216.784] 
Fatal server error:
[  2216.784] Caught signal 11 (Segmentation fault). Server aborting

Please file a separate bug with attachments

* your X server config file (/etc/X11/xorg.conf, if available),
* output of the dmesg command, and
* system log (/var/log/messages)

to the bug report as individual uncompressed file attachments using the bugzilla file attachment link above.

We will review this issue again once you've had a chance to attach this information.

Thanks in advance.
Comment 1 Jerry Amundson 2010-06-02 02:43:37 UTC 
Realistically, the best way for me to research is by Debugging with gdbserver, but even that does not give many clues. This is low level. Only help if you're up to the challenge.

http://www.x.org/wiki/Development/Documentation/ServerDebugging#Debuggingwithgdbserver

The key part is I can search in FF and crash X.
Comment 2 Adam Williamson 2010-06-02 16:16:46 UTC 
jerry, for the future, when we ask you to create a 'separate' bug, please create a new bug, do _not_ use the clone function. as you can see from the above, cloning a bug brings in all sorts of information from the original bug, which is not at all relevant to your report and will just confuse people. thanks.

please add the attachments mcepl requested, too. thanks.
Comment 3 Jerry Amundson 2010-06-02 22:23:18 UTC 
Created attachment 419197 [details]
dmesg output
Comment 4 Jerry Amundson 2010-06-02 22:24:03 UTC 
Created attachment 419198 [details]
messages
Comment 5 Jerry Amundson 2010-06-02 22:24:35 UTC 
What gdb gives me:

gdb) c
Continuing.

Program received signal SIGSEGV, Segmentation fault.
__memcpy_ia32 () at ../sysdeps/i386/i686/memcpy.S:75
75              rep
(gdb) bt
#0  __memcpy_ia32 () at ../sysdeps/i386/i686/memcpy.S:75
#1  0x00000000 in ?? ()
Comment 6 Andrea 2010-06-07 19:24:42 UTC 
> Yes, because your backtrace is completely different:
> 
> Backtrace:
> [  2216.783] 0: /usr/bin/X (xorg_backtrace+0x3c) [0x80e51dc]
> [  2216.783] 1: /usr/bin/X (0x8047000+0x5e176) [0x80a5176]
> [  2216.784] 2: (vdso) (__kernel_rt_sigreturn+0x0) [0xc4640c]
> [  2216.784] 3: /lib/libc.so.6 (0x282000+0x792c6) [0x2fb2c6]
> [  2216.784] Segmentation fault at address (nil)
> [  2216.784] 
> Fatal server error:
> [  2216.784] Caught signal 11 (Segmentation fault). Server aborting
> 
> Please file a separate bug with attachments
> 
> * your X server config file (/etc/X11/xorg.conf, if available),
> * output of the dmesg command, and
> * system log (/var/log/messages)
> 
> to the bug report as individual uncompressed file attachments using the
> bugzilla file attachment link above.
> 
> We will review this issue again once you've had a chance to attach this
> information.
> 
> Thanks in advance.    

Exactly the same here.
I was typing something in the search box and got this crash.

I'm running F13 in KDE up to date.

Linux thinkpad 2.6.33.5-112.fc13.i686 #1 SMP Thu May 27 03:11:56 UTC 2010 i686 i686 i386 GNU/Linux

I do not have any /etc/X11/xorg.conf.

I've attached Xorg.log, dmesg, /var/log/messages.
Comment 7 Andrea 2010-06-07 19:25:13 UTC 
Created attachment 421925 [details]
Xorg.0.log of the crash
Comment 8 Andrea 2010-06-07 19:25:47 UTC 
Created attachment 421926 [details]
dmesg
Comment 9 Andrea 2010-06-07 19:26:45 UTC 
Created attachment 421927 [details]
/var/log/messages
Comment 10 Andrea 2010-06-07 20:49:53 UTC 
I've seen that this bug has been assigned to nouveau,
 but in my case I do not have a nvidia card.
It's a ATI. Does it matter?
Comment 11 Jerry Amundson 2010-06-07 20:54:08 UTC 
ATI here also.
01:00.0 VGA compatible controller: ATI Technologies Inc Radeon RV250 [Mobility FireGL 9000] (rev 01)
Comment 12 Ben Skeggs 2010-06-07 22:27:29 UTC 
I think this may be different to the nouveau issue it was cloned from (based on the backtraces being completely different), I'll reassign to ati for the moment and see :)
Comment 13 Jérôme Glisse 2010-06-08 14:03:54 UTC 
Andrea you are on kde too ? Can you attach your Xorg log of a crash please.
Comment 14 Andrea 2010-06-08 14:18:18 UTC 
Yes KDE.
I've attached it.
It's the 3rd attachment is the list upstairs.
Comment 15 Jérôme Glisse 2010-06-08 18:49:40 UTC 
You confirm that entering text in firefox search bar while under kde always lead to crash ? Do you have any custom plugin in firefox ?
Comment 16 Jerry Amundson 2010-06-08 19:39:47 UTC 
Created attachment 422328 [details]
Starting in safe mode, everything disabled or reset except bookmarks.

It is not always the *first* search which causes the crash, but one search or another will, eventually.
I just reproduced this with "firefox -safe-mode".
Comment 17 Andrea 2010-06-09 19:33:03 UTC 
As requested here

https://bugzilla.redhat.com/show_bug.cgi?id=601364

where I originally reported this bug before finding this similar situation,

I'm posting the same files again with drm.debug=0x04.

Moreover I've tried to attach gdb to firefox but it does not show anything.
Just

Program received signal SIGHUP, Hangup.

I've tried as well to attach gdb to /usr/bin/X, but after attching when I try to Continue, the pc hangs.

How do I debug this?
Comment 18 Andrea 2010-06-09 19:33:47 UTC 
Created attachment 422667 [details]
dmesg.txt with drm.debug=0x04
Comment 19 Andrea 2010-06-09 19:34:23 UTC 
Created attachment 422669 [details]
/var/log/messages with drm.debug=0x04
Comment 20 Andrea 2010-06-09 19:34:56 UTC 
Created attachment 422670 [details]
Xorg.0.log with drm.debug=0x04
Comment 21 Jerry Amundson 2010-06-09 20:55:12 UTC 
(In reply to comment #17)
> As requested here
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=601364
> 
> where I originally reported this bug before finding this similar situation,
> 
> I'm posting the same files again with drm.debug=0x04.
> 
> Moreover I've tried to attach gdb to firefox but it does not show anything.
> Just
> 
> Program received signal SIGHUP, Hangup.
> 
> I've tried as well to attach gdb to /usr/bin/X, but after attching when I try
> to Continue, the pc hangs.
> 
> How do I debug this?    

I found http://www.x.org/wiki/Development/Documentation/ServerDebugging
helpful.
Comment 22 Andrea 2010-06-10 05:35:34 UTC 
I did try the 1 machine but Xdbg does not want to start even with permissive selinux.
The 2nd approach I do not have xorg.conf.

I need to try to use a 2nd pc.

Which method did you succed with?
Comment 23 Jerry Amundson 2010-06-10 13:06:26 UTC 
(In reply to comment #22)
> I did try the 1 machine but Xdbg does not want to start even with permissive
> selinux.
> The 2nd approach I do not have xorg.conf.
> 
> I need to try to use a 2nd pc.
> 
> Which method did you succed with?    

I used a 2nd PC, with the crash PC on a wired connection, as the X restart would also drop wireless.
Comment 24 Matěj Cepl 2010-06-10 14:38:24 UTC 
*** Bug 601364 has been marked as a duplicate of this bug. ***
Comment 25 Chris Nutt 2010-06-10 19:52:15 UTC 
Just to comment that I am having the same issue in F13 Thinkpad T41 running a ATI Radeon 7500. Only happens in firefox, never have the issue in Konquror
Comment 26 Andrea 2010-06-12 19:36:01 UTC 
(In reply to comment #5)
> What gdb gives me:
> 
> gdb) c
> Continuing.
> 
> Program received signal SIGSEGV, Segmentation fault.
> __memcpy_ia32 () at ../sysdeps/i386/i686/memcpy.S:75
> 75              rep
> (gdb) bt
> #0  __memcpy_ia32 () at ../sysdeps/i386/i686/memcpy.S:75
> #1  0x00000000 in ?? ()    

I finally managed to debug it and got exactly the same as you.

2 open points:

1) any other suggestion to debug it?

2) have we found a "precise" way to cause the crash? sometimes the first search crashes it, other time it stays on for an hour.

Andrea
Comment 27 Jerry Amundson 2010-06-12 22:25:01 UTC 
(In reply to comment #26)
> (In reply to comment #5)
> > What gdb gives me:
> > 
> > gdb) c
> > Continuing.
> > 
> > Program received signal SIGSEGV, Segmentation fault.
> > __memcpy_ia32 () at ../sysdeps/i386/i686/memcpy.S:75
> > 75              rep
> > (gdb) bt
> > #0  __memcpy_ia32 () at ../sysdeps/i386/i686/memcpy.S:75
> > #1  0x00000000 in ?? ()    
> 
> I finally managed to debug it and got exactly the same as you.
> 2) have we found a "precise" way to cause the crash? sometimes the first search
> crashes it, other time it stays on for an hour.

In "crash world", that should be all that is required - we can reproduce it. Someone else needs to step up....
Comment 28 Jerry Amundson 2010-06-16 18:43:46 UTC 
Created attachment 424551 [details]
I can recreate this consistently now, and there seems more to this backtrace.

To re-create, go to http://www.rosedalechev.com/Service
and down in the Service Specials coupon, click "Schedule Appointment".
Comment 29 Jerry Amundson 2010-06-25 03:54:10 UTC 
Ping. Some love needed here. Consistently reproduced, on latest/greatest version, but always with unhelpful debuginfo. Could somebody step it up a notch please? Even just to give debugging instruction is fine.

Possibly related bugs:
bug #598761
bug #601898
bug #603974
Comment 30 Jerry Amundson 2010-06-30 13:05:26 UTC 
Steps to Reproduce:
1. Boot using the KDE Live Fedora 13 i386 CD, and install firefox.
2. Run firefox, and start doing searches in the Google toolbar.
3.
Comment 31 Matěj Cepl 2010-06-30 20:58:41 UTC 
(In reply to comment #28)
> Created an attachment (id=424551) [details]
> I can recreate this consistently now, and there seems more to this backtrace.
> 
> To re-create, go to http://www.rosedalechev.com/Service
> and down in the Service Specials coupon, click "Schedule Appointment".    

Cannot reproduce here as I don't have flash installed. Makes me suspicious.

And concerning that crash mentioned in comment 27 ... memcpy.S is a very low level part of glibc (.S files are assembler), so we would be much more interested in how we've got there. Which unfortunately leads to

#1  0x00000000 in ?? ()    

which tells us nothing. Are you sure you have all debuginfo packages installed (didn't gdb mention something about missing debuginfo packages)? If yes, then I am getting even more suspicious we are talking about Flash crash here (because of course there is no debuginfo for flash). If you uninstall flash plugin (just for purposes of debugging), are you still able to reproduce the issue.

Of course, nothing should lead to crash of Xorg server (clearly recognized in the attachment 422670 [details] in comment 20):

Backtrace:
[   101.423] 0: /usr/bin/X (xorg_backtrace+0x3c) [0x80e51dc]
[   101.423] 1: /usr/bin/X (0x8047000+0x5e176) [0x80a5176]
[   101.423] 2: (vdso) (__kernel_rt_sigreturn+0x0) [0xf6b40c]
[   101.423] 3: /lib/libc.so.6 (0x744000+0x792c6) [0x7bd2c6]
[   101.423] Segmentation fault at address (nil)
[   101.423]
Comment 32 Simon Pamment 2010-07-01 16:09:03 UTC 
I have just come across this bug report and it sounds very similar to the problem I am having on my Thinkpad R50 laptop.

My very repeatable scenario is ...

   1. Start virt-manager on the laptop.
   2. Connect to a KVM hypervisor on a remote server (via ssh)
   3. Open a running guest on the remote server
        - a popup window appears containing the message "Connecting to graphical console for guest"
        - a second popup window appears on top of the first prompting for a password (to access the guest)
   4. When the password is entered the X server on the laptop crashes (seemingly while trying to paint the graphical console window).

After the crash Xorg.0.log.old contains the following backtrace which is very similar to that mentioned in the previous comment (#31)

Backtrace:
[ 34175.301] 0: /usr/bin/Xorg (xorg_backtrace+0x3c) [0x80e592c]
[ 34175.301] 1: /usr/bin/Xorg (0x8047000+0x5e176) [0x80a5176]
[ 34175.301] 2: (vdso) (__kernel_rt_sigreturn+0x0) [0x33340c]
[ 34175.301] 3: /lib/libc.so.6 (0xb55000+0x79296) [0xbce296]
[ 34175.301] Segmentation fault at address (nil)
[ 34175.301] 
Fatal server error:
[ 34175.302] Caught signal 11 (Segmentation fault). Server aborting

Hooking up a second laptop to the first for debugging gives the same backtrace as in comment #27, where frame #0 is memcpy() and frame #1 is 0x00000000 in ?? ()

----------------------------------------------------------

The Thinkpad R50 contains an ATI Radeon RV250 (Mobility FireGL 9000) [1002:4c66] and is running Gnome under Fedora 13.

Interestingly the second laptop (an HP-Compaq nc6400) contains an ATI Radeon M52 (Mobility Radeon X1300) [1002:714a], and is also running Gnome under Fedora 13. However, when testing this laptop with the above scenario the X server does not crash (at least with the dozen or so runs I tried).

----------------------------------------------------------

On the Thinkpad I have tried the above scenario with Fedora 12 (fails) and Fedora 11 (succeeds).

I have tried simplifying the environment by testing it (under Fedora 13) with an Xterm in OpenBox (fails) and an Xterm in LXDE (fails).

I have tried running virt-manager on the remote server (via a tunnelled SSH session) and it still crashes the local X server.

I have tried including "nomodeset" in the boot parameters and it seems to solve the above scenario. However, sooner or later the laptop freezes up (no keyboard or mouse response).

----------------------------------------------------------

Assuming that the X server, the ATI driver, and Glibc (which contains memcpy()) are the main candidates the version information for each of these (for Fedora 13) is as follows:

    xorg-x11-server-Xorg-1.8.0-17.fc13.i686
    xorg-x11-drv-ati-6.13.0-1.fc13.i686
    glibc-2.12-2.i686

----------------------------------------------------------

In case it is helpful, while playing around with the scenario described at the top of this comment, I found that I could avoid the X server crashing if, when being prompted for the password to access the guest (in the second popup window), I instead used the first popup window to switch from the "graphical console" presentation to the "virtual hardware details" presentation (using the "I" button), and then entered the password in the second popup window.

The second window would close, the first window would be populated with the details of the guest, and I could then switch back to the "graphical console" presentation without the X server crashing. 

----------------------------------------------------------

I'll try to do some further testing / debugging. Let me know if there is any more information that might be useful.
Comment 33 Simon Pamment 2010-07-02 15:25:53 UTC 
Created attachment 429097 [details]
Debug session with resurrected stack

Following up on my previous comment (#32) the attached debugging session shows an attempt to reconstruct the call stack and debug the crash further.

If the stack can be trusted then memcpy() appears to have crashed because of a bad "dst" argument, which in turn might appears to have been caused by variables in the calling frame (such as "bpp") having bad values.

I ran out of time to push things further - perhaps tomorrow.
Comment 34 Jerry Amundson 2010-07-06 16:28:59 UTC 
(In reply to comment #31)
> (In reply to comment #28)
> > Created an attachment (id=424551) [details] [details]
> > I can recreate this consistently now, and there seems more to this backtrace.
> > 
> > To re-create, go to http://www.rosedalechev.com/Service
> > and down in the Service Specials coupon, click "Schedule Appointment".    
> 
> Cannot reproduce here as I don't have flash installed. Makes me suspicious.

The steps to reproduce this in comment 30 don't involve flash.

> And concerning that crash mentioned in comment 27 ... memcpy.S is a very low
> level part of glibc (.S files are assembler), so we would be much more
> interested in how we've got there. Which unfortunately leads to
> 
> #1  0x00000000 in ?? ()    
> 
> which tells us nothing. Are you sure you have all debuginfo packages installed
> (didn't gdb mention something about missing debuginfo packages)? If yes, then I
> am getting even more suspicious we are talking about Flash crash here (because
> of course there is no debuginfo for flash). If you uninstall flash plugin (just
> for purposes of debugging), are you still able to reproduce the issue.

See comment 30.

> Of course, nothing should lead to crash of Xorg server (clearly recognized in
> the attachment 422670 [details] in comment 20):
> 
> Backtrace:
> [   101.423] 0: /usr/bin/X (xorg_backtrace+0x3c) [0x80e51dc]
> [   101.423] 1: /usr/bin/X (0x8047000+0x5e176) [0x80a5176]
> [   101.423] 2: (vdso) (__kernel_rt_sigreturn+0x0) [0xf6b40c]
> [   101.423] 3: /lib/libc.so.6 (0x744000+0x792c6) [0x7bd2c6]
> [   101.423] Segmentation fault at address (nil)
> [   101.423]    

AFAICT, all debuginfo packages are installed. I'll confirm when I am to test it again.
Comment 35 Jerry Amundson 2010-07-06 16:30:36 UTC 
*** Bug 603974 has been marked as a duplicate of this bug. ***
Comment 36 Jerry Amundson 2010-07-06 16:31:18 UTC 
*** Bug 601898 has been marked as a duplicate of this bug. ***
Comment 37 Jérôme Glisse 2010-07-06 20:09:37 UTC 
Jerry do you have flash installed ? Test case in #28 works for me (well no flash so i don't know what i should see)
Comment 38 Jerry Amundson 2010-07-06 21:39:14 UTC 
(In reply to comment #37)
> Jerry do you have flash installed ? Test case in #28 works for me (well no
> flash so i don't know what i should see)    

This seems specific to the ATI Technologies Inc Radeon RV250, which Andrea, Simon, and myself are all using. Now what should we try?
Comment 39 Jérôme Glisse 2010-07-06 21:56:27 UTC 
I will retest with such hw, can you confirm that without flash the bug appear ? also can you do screenshot of step you do to reproduce the bug thanks
Comment 40 Jerry Amundson 2010-07-06 22:11:48 UTC 
(In reply to comment #39)
> I will retest with such hw, can you confirm that without flash the bug appear ?
> also can you do screenshot of step you do to reproduce the bug thanks    

Yes, I confirmed flash was not involved. See comment 30.
Comment 41 Simon Pamment 2010-07-07 01:24:35 UTC 
FWIW ...

I tried the test in comment #28 and had no problems clicking on the "Schedule Appointment" button and bringing up the "Schedule Goodwrench Service" dialogue.

This was done with ...

    Firefox             (firefox-3.6.4-1.fc13.i686)
    Shockwave Flash     (10.1 r53)

The versions of the X server and ATI driver are the same as in comment #32
Comment 42 Simon Pamment 2010-07-07 04:02:40 UTC 
An update rpm for the X.org server has just been released

     xorg-x11-server-Xorg-1.8.2-1.fc13.i686

With this installed I no longer experience the crash I mentioned in comment #32.

I have tried numerous times but have not been able to repeat the crash, so for me it appears that the update has fixed the problem..

I checked the changelog (below) to see if I could match anything there to the problem I was having, but it wasn't obvious.

--------------------------------------------------------------------------------
ChangeLog:

* Thu Jul  1 2010 Peter Hutterer <peter.hutterer@xxxxxxxxxx> 1.8.2-1
- xserver 1.8.2
- drop upstreamed patches
* Fri Jun 18 2010 Peter Hutterer <peter.hutterer@xxxxxxxxxx> 1.8.0-17
- xserver-1.8.0-signed-deviceevents.patch: make device events signed
  (#567835)
* Mon Jun  7 2010 Ben Skeggs <bskeggs@xxxxxxxxxx> 1.8.0-16
- fix bug that caused unnecessary fb resize in multi-head configurations
* Mon May 31 2010 Dave Airlie <airlied@xxxxxxxxxx> 1.8.0-15
- update xvfb-run.sh (CVE-2009-1573) (#544036)
* Fri May  7 2010 Dave Airlie <airlied@xxxxxxxxxx> 1.8.0-14
- xserver-1.6.99-right-of.patch: don't try spanning on single crtc cards.
* Thu May  6 2010 Dave Airlie <airlied@xxxxxxxxxx> 1.8.0-13
- add no connected outputs at startup patch
--------------------------------------------------------------------------------
Comment 43 Matěj Cepl 2010-07-12 07:41:43 UTC 
Jerry, do you agree with comment 42? Was this fixed for you in xorg-x11-server-Xorg-1.8.2-1.fc13?
Comment 44 Jerry Amundson 2010-07-13 12:04:25 UTC 
(In reply to comment #43)
> Jerry, do you agree with comment 42? Was this fixed for you in
> xorg-x11-server-Xorg-1.8.2-1.fc13?    

Yes, I agree.
Comment 45 Matěj Cepl 2010-07-13 15:08:42 UTC 
Thank you for letting us know.