X.Org X server

[hardy] X crashes when using compiz 0.7.4 + firefox 3.0b5 + java applets ("VNC java viewer")

Bug #224798 reported by titi4u
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
X.Org X server
Invalid
High
xserver-xorg-video-intel (Ubuntu)
Fix Released
High
Unassigned

Bug Description

Hello,
since I'm using ubuntu 8.04, with compiz 0.7.4 activated,
X crashes and restarts each time when I am using firefox 3.0b5 to connect to my vnc server.
The connection to my vnc server is made by a "java viewer" using http port and a webbrowser (here firefox 3.0b5).
The vnc server and "java viewer" are realvnc (http://www.realvnc.com/support/javavncviewer.html#1)
My graphic card is an Intel 915GM card (using X and intel driver).

This bug is ALWAYS reproducible.
I've attached to this bug report all necessary files (I hope).

Thank you for your help :)

Revision history for this message
titi4u (titi4u) wrote :
Bryce Harrington (bryce)
Changed in xserver-xorg-video-intel:
importance: Undecided → High
status: New → Confirmed
Revision history for this message
SunnyBUG (sunnybug) wrote :

Easily reproducable on my IBM X41 sub-notebook.
Closing and then opening the lid triggers this bug immediately.

Hardy Heron, latest updates, intel integrated card.

(II) Open ACPI successful (/var/run/acpid.socket)
(II) AIGLX: Resuming AIGLX clients after VT switch
(II) I810(0): Detected resume, re-POSTing.
(WW) I810(0): Bad V_BIOS checksum
(II) I810(0): Primary V_BIOS segment is: 0xc000

Backtrace:
0: /usr/bin/X(xf86SigHandler+0x7e) [0x80c780e]
1: [0xb7faa420]
2: /usr/lib/xorg/modules//libint10.so(Mem_rb+0x29) [0xb7b15899]
3: /usr/lib/xorg/modules//libint10.so(fetch_data_byte+0x2f) [0xb7b188af]
4: /usr/lib/xorg/modules//libint10.so [0xb7b1aa38]
5: /usr/lib/xorg/modules//libint10.so(X86EMU_exec+0xa3) [0xb7b2b0f3]
6: /usr/lib/xorg/modules//libint10.so(xf86ExecX86int10+0x55) [0xb7b17955]
7: /usr/lib/xorg/modules/drivers//i810_drv.so [0xb7b658f9]
8: /usr/lib/xorg/modules//libxaa.so [0xb78c58eb]
9: /usr/bin/X [0x80cec6c]
10: /usr/bin/X [0x80dbb38]
11: /usr/lib/xorg/modules/extensions//libglx.so [0xb7c0bc4a]
12: /usr/bin/X(xf86Wakeup+0x3bf) [0x80c84bf]
13: /usr/bin/X(WakeupHandler+0x59) [0x8091719]
14: /usr/bin/X(WaitForSomething+0x1e2) [0x81b1d22]
15: /usr/bin/X(Dispatch+0x8d) [0x808d69d]
16: /usr/bin/X(main+0x48b) [0x807471b]
17: /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe0) [0xb7d3a450]
18: /usr/bin/X(FontFileCompleteXLFD+0x201) [0x8073a91]

Fatal server error:
Caught signal 11. Server aborting

Revision history for this message
Bryce Harrington (bryce) wrote :

Can you please collect a full backtrace from when X crashes? http://wiki.ubuntu.com/X/Backtracing has directions on doing this.

Changed in xserver-xorg-video-intel:
status: Confirmed → Incomplete
Revision history for this message
titi4u (titi4u) wrote :

Hello,
sorry it took me some time to provide you a full backtrace.
This bug is still present with latest updates of ubuntu 8.04.

Thank you for your help.

unggnu (unggnu)
Changed in xserver-xorg-video-intel:
status: Incomplete → Confirmed
Revision history for this message
In , Bryce Harrington (bryce) wrote :
Download full text (3.5 KiB)

A Ubuntu user reports the following bug:
https://bugs.launchpad.net/ubuntu/+source/xserver-xorg-video-intel/+bug/224798

"Hello,
since I'm using ubuntu 8.04, with compiz 0.7.4 activated,
X crashes and restarts each time when I am using firefox 3.0b5 to connect to my vnc server.
The connection to my vnc server is made by a "java viewer" using http port and a webbrowser (here firefox 3.0b5).
The vnc server and "java viewer" are realvnc (http://www.realvnc.com/support/javavncviewer.html#1)
My graphic card is an Intel 915GM card (using X and intel driver).

This bug is ALWAYS reproducible."

xorg.conf: http://launchpadlibrarian.net/16106959/xorg.conf
Xorg.0.log: http://launchpadlibrarian.net/16106966/Xorg.0.log.old
Backtrace: http://launchpadlibrarian.net/15608914/gdb-Xorg.txt

From the backtrace, it seems the crash is due to the dst pointer in fbBlt getting incremented to a point where it's out of bounds:

(gdb) backtrace full
#0 0xb7dcd9bc in memcpy () from /lib/tls/i686/cmov/libc.so.6
No symbol table info available.
#1 0xb7a66112 in fbBlt (srcLine=0x9ea02d28, srcStride=5116, srcX=8, dstLine=0xbfc53450, dstStride=5108, dstX=<value optimized out>, width=5108, height=12, alu=3, pm=4294967295, bpp=32, reverse=0, upsidedown=0) at ../../fb/fbblt.c:93
 i = 3
 src = <value optimized out>
 dst = (CARD8 *) 0x346 <Address 0x346 out of bounds>
 src = <value optimized out>
 dst = <value optimized out>
 leftShift = <value optimized out>
 rightShift = <value optimized out>
 startmask = <value optimized out>
 endmask = <value optimized out>
 bits = <value optimized out>
 bits1 = <value optimized out>
 nmiddle = <value optimized out>
 destInvarient = <value optimized out>
 startbyte = <value optimized out>
 endbyte = <value optimized out>
 _ca1 = <value optimized out>
 _cx1 = <value optimized out>
 _ca2 = <value optimized out>
 _cx2 = <value optimized out>
#2 0xb7a66633 in fbBltStip (src=0x9ea02d28, srcStride=1279, srcX=64, dst=0xbfc53450, dstStride=1277, dstX=0, width=40864, height=12, alu=3, pm=4294967295, bpp=32) at ../../fb/fbblt.c:947
No locals.
#3 0xb7a6b60a in fbGetImage (pDrawable=0x8a308c0, x=3, y=771, w=1277, h=12, format=2, planeMask=4294967295, d=0xbfc53450 "������������������������������������\177\177\177�\177\177\177�\177\177\177���������������������������������������������������������������������������������������������������������������������������������������������������������"...) at ../../fb/fbimage.c:332
 pm = 4294967295
 src = (FbBits *) 0x9e67d070
 srcStride = 1279
 srcBpp = 32
 srcXoff = -1
 srcYoff = -49
 dstStride = <value optimized out>
#4 0xb7a54baf in ExaCheckGetImage (pDrawable=0x8a308c0, x=0, y=720, w=1277, h=12, format=2, planeMask=4294967295, d=0xbfc53450 "������������������������������������\177\177\177�\177\177\177�\177\177\177���������������������������������������������������������������������������������������������������������������������������������������������������������"...) at ../../exa/exa_unaccel.c:268
No locals.
#5 0xb7a4e8a2 in exaGetImage (pDrawable=0x8a308c0, x=0, y=720, w=1277, h=12, format=2, planeMask=4294967295, d=0xbfc53450 "������������������������������������\177\177\177�\177\177\177�\177\177\1...

Read more...

Revision history for this message
Bryce Harrington (bryce) wrote :

Btw, please attach files separately, not in a tarball, as this makes it simpler when upstreaming the bug...

Revision history for this message
Bryce Harrington (bryce) wrote :
Revision history for this message
Bryce Harrington (bryce) wrote :
Revision history for this message
Bryce Harrington (bryce) wrote :
Revision history for this message
Bryce Harrington (bryce) wrote :
Revision history for this message
Bryce Harrington (bryce) wrote :
Revision history for this message
Bryce Harrington (bryce) wrote :
Bug Watch Updater (bug-watch-updater)
Changed in xorg-server:
status: Unknown → Confirmed
Revision history for this message
Bryce Harrington (bryce) wrote :

Hi titi,

I've forwarded this bug upstream to https://bugs.freedesktop.org/show_bug.cgi?id=16758. Please subscribe yourself to this bug, so that if the upstream developers need further information or have something they need you to test, you can work with them directly on it.

Meanwhile, I have a few other things to suggest looking at.

1. If possible, see if you can reproduce the error with Intrepid, which has a newer xserver. I would guess this issue is not fixed there, but it would be valuable info to know one way or the other, in helping track down a fix.

2. Can you reproduce the error with a different web browser (say, galleon or firefox-2)?

3. Can you reproduce the error with compiz turned off?

4. Does opening/closing the lid cause a crash, as Sunny mentions in comment #2? If so, could you try adding Option "ForceEnablePipeA" "true" to your Device section and see if that stops the lid crash, and/or the vnc crash. If so, please follow the directions on bug #13256 and provide that info, and I can patch.

Changed in xserver-xorg-video-intel:
status: Confirmed → Triaged
Revision history for this message
titi4u (titi4u) wrote :

Hello,
juste to tell you that the bug disapeared in Ubuntu 8.10
Great work, thanx :)
And to answer previous questions :
1. No, it seems to be resolved
2. No, I can't, because the java appletviewer only works in firefox
3. Yes
4. didn't tried

Revision history for this message
Bryce Harrington (bryce) wrote :

Thanks for letting us know the issue is fixed in Intrepid.

Changed in xserver-xorg-video-intel:
status: Triaged → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in xorg-server:
importance: Unknown → High
Bug Watch Updater (bug-watch-updater)
Changed in xorg-server:
importance: High → Unknown
Bug Watch Updater (bug-watch-updater)
Changed in xorg-server:
importance: Unknown → High
Revision history for this message
In , Ajax-a (ajax-a) wrote :

Mass closure: This bug has been untouched for more than six years, and is not obviously still valid. Please file a new report if you continue to experience issues with a current server.

Bug Watch Updater (bug-watch-updater)
Changed in xorg-server:
status: Confirmed → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.