User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:10.0) Gecko/20100101 Firefox/10.0 Build ID: 20120130150400 Steps to reproduce: go to http://www.inka3d.com/llvm2011/#phong move around in the slide for maybe 30 seconds or so ------- Ubuntu GNU/Linux 10.04, with backports enabled, and non-free fglrx driver Actual results: BAM, crashes and you see mozilla crash reporter Expected results: beautiful WebGL graphics, maybe a crash that doesn't also crash the browser as is implemented for add-ons, if WebGL is something much harder to make DoS-free
duplicate of #698040 ?
Can you provide the crash ID from about:crashes? Does it happen with Nightly you can download from http://nightly.mozilla.org/?
https://crash-stats.mozilla.com/report/index/bp-336a3a9e-6d21-43b9-8bc4-891a52120207 that is from nightly
(In reply to scientes from comment #1) > duplicate of #698040 ? Bug 698040 depends on the window size and the stack is different. It seems to happen only on Ubuntu: https://crash-stats.mozilla.com/report/list?signature=fglrx_dri.so%400x1941f4
I don't have a 11.10 or 12.04 Ubuntu, or even more recent GNU/Linux computer with AMD graphics so can't test with that, sorry. Request others test the url.
I'm afraid that this might be the tipping point where we have to blacklist FGLRX. A segfault at random address ( https://crash-stats.mozilla.com/report/index/bp-336a3a9e-6d21-43b9-8bc4-891a52120207 ) is potentially sg:critical.
That stack doesn't make much sense. jemalloc calling back into their driver? Without debugging what their drivers are doing it's hard to know if this is exploitable or relatively benign data reading, but the messed-up stack doesn't bode well. bug 698040 showed different but similarly nonsensical stacks. We should probably blocklist at this point.
What's the next step? Assigning to bjacob, please pass along if someone else manages the blocklist.
I guess we should take advantage of the fact that's specific to the 2.6.32 linux kernel version. Is there a preferred way for us to query the host linux kernel version? Do we already do it?
I guess I'll just read the linux kernel version in the glxtest process, which runs in parallel with the rest of startup so shouldn't slow down things.
Created attachment 610926 [details] [diff] [review] block 2.6.32 linux kernel with fglrx driver
Comment on attachment 610926 [details] [diff] [review] block 2.6.32 linux kernel with fglrx driver Review of attachment 610926 [details] [diff] [review]: ----------------------------------------------------------------- ::: toolkit/xre/glxtest.cpp @@ +273,5 @@ > + "OS\n%s\n" > + "OSRELEASE\n%s\n", > + unameobj.sysname, > + unameobj.release); > + write(write_end_of_the_pipe, buf, length); Wouldn't it be much simpler to get utsname from the parent process?
That is very true. I started with this design when I thought that getting uname info would be expensive i.e. would involve running the uname program. New patch coming.
I've tried to reproduce on differn't kernels with fglrx and been unsuccessful.
Can you be more specific? Can you go to about:crashes and give us the corresponding crash links? Or at least the uname -a of these machines.
Created attachment 611171 [details] [diff] [review] block 2.6.32 linux kernel with fglrx driver By the way, the chemical symbol for the Glandium element is... Gl ?
QA verification test: MOZ_GFX_SPOOF_GL_VENDOR="ATI Technologies Inc." MOZ_GFX_SPOOF_GL_RENDERER="ATI Radeon 3000 Graphics" MOZ_GFX_SPOOF_GL_VERSION="3.2.9756 Compatibility Profile Context" MOZ_GFX_SPOOF_OS=linux MOZ_GFX_SPOOF_OS_RELEASE="22.214.171.124-generic" obj-firefox-debug/dist/bin/firefox -P test -no-remote
Comment on attachment 611171 [details] [diff] [review] block 2.6.32 linux kernel with fglrx driver Review of attachment 611171 [details] [diff] [review]: ----------------------------------------------------------------- ::: widget/xpwidgets/GfxInfoX11.cpp @@ +157,5 @@ > stringToFill = &textureFromPixmap; > + else if(!strcmp(line, "OS")) > + stringToFill = &mOS; > + else if(!strcmp(line, "OSRelease")) > + stringToFill = &mOSRelease; I guess this is leftover from the previous patch. r+ with that removed.
Created attachment 611427 [details] [diff] [review] block 2.6.32 linux kernel with fglrx driver (patch for landing) Carrying forward r+. Thanks for the catch; there was another mistake, but that was hard to miss as it caused everything to be blacklisted: the if(uname(...)) had to be if (!uname(...)) as zero means success.
http://hg.mozilla.org/integration/mozilla-inbound/rev/5a12884290a8 Let's keep this open until we've verified it no longer crashes for the original reporter here. We also expect a large decrease of crashes with linux 2.6.32 kernel and FGLRX driver on crash-stats.
(In reply to scientes from comment #14) > I've tried to reproduce on differn't kernels with fglrx and been > unsuccessful. Ah! I just reread your comment and had misread it the first time: (In reply to Benoit Jacob [:bjacob] from comment #15) > Can you be more specific? Can you go to about:crashes and give us the > corresponding crash links? Or at least the uname -a of these machines. Nevermind my comment 15 then. Your comment 14 is all good news, it confirms that we should be safe with the patch that just landed. Expect it in Wednesday's Nightly build.
Does the crash still occur? crash-stats should show a drop in # of crashes with FGLRX + 2.6.32 kernel on Nightly.
I watch whole presentation without any issues. Kubuntu 12.04 x86_64, Linux 3.2, latest fglrx, latest nightly build. AMD Radeon HD 6620G.
that is a very differn't system. I do not have a 10.04 system (and might just be that specific hardware) anymore so have been unable to confirm that this is fixed.
What version of fglrx do you use, when you register this bugreport? Catalyst 12.x or older?
wheres 12? http://packages.ubuntu.com/lucid/fglrx
Catalyst 12 is fglrx 8.931 and newer. fglrx 8.723.1 is Catalyst 10.4. Your issue probably fixed long time ago, but you just use not fresh enough driver in your Lucid setup.
Closing this bug based on comment 20. The fix landed long ago. Reopen if needed.