Bug 27267 - Firefox web browser segfault in r300_dri.so
Summary: Firefox web browser segfault in r300_dri.so
Status: NEW
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: 7
Hardware: i586 Linux
Priority: Normal normal
Target Milestone: Mageia 7
Assignee: Kernel and Drivers maintainers
QA Contact:
URL:
Whiteboard:
Keywords: Triaged
Depends on:
Blocks: 27028
  Show dependency treegraph
 
Reported: 2020-09-09 20:40 CEST by Ihar Areshchankau
Modified: 2020-09-13 10:49 CEST (History)
2 users (show)

See Also:
Source RPM: mesa-20.0.1-1.mga7.src.rpm
CVE:
Status comment:


Attachments
Firefox tab crash explanation (32.35 KB, image/png)
2020-09-10 10:46 CEST, Ihar Areshchankau
Details

Description Ihar Areshchankau 2020-09-09 20:40:41 CEST
Description of problem:
Firefox web browser (firefox-68.12.0-2.mga7) crashes on opening websites that uses Yandex Metrika counter (mc.yandex.ru), as sample: https://tut.by

Version-Release number of selected component (if applicable):
firefox-68.12.0-2.mga7.i586

Hardware:
Biostar TA690G AM2, ATI Radeon X1200
OS version:
Linux version 5.4.12-desktop586-1.mga7 (iurt@rabbit.mageia.org) (gcc version 8.3.1 20191101 (Mageia 8.3.1-0.20191101.1.mga7)) #1 SMP Tue Jan 14 21:09:02 UTC 2020

How reproducible:
Every time when open web site that contains Yandex Metrika counter.

Steps to Reproduce:
1. Run Firefox web browser
2. Type URL: "tut.by" and press Enter key.
3. Wait until mc.yandex.ru counters code will be received.

dmesg lines on crash events:
[  173.790187] Web Content[2280]: segfault at 4f ip 9d746f19 sp bfa80bb0 error 4 in r300_dri.so[9d197000+d98000]
[  173.790204] Code: 81 ec 8c 00 00 00 0f b6 84 24 a8 00 00 00 8d 8f 28 d9 a8 ff 89 7c 24 0c 8b bc 24 a4 00 00 00 88 44 24 4f 8b 84 24 a0 00 00 00 <0f> be 50 4c c7 07 02 00 00 00 c7 87 38 07 00 00 02 00 00 00 8b 1c
[  276.099607] Web Content[2499]: segfault at 4f ip 9cf6bf19 sp bfc9fdc0 error 4 in r300_dri.so[9c9bc000+d98000]
[  276.099621] Code: 81 ec 8c 00 00 00 0f b6 84 24 a8 00 00 00 8d 8f 28 d9 a8 ff 89 7c 24 0c 8b bc 24 a4 00 00 00 88 44 24 4f 8b 84 24 a0 00 00 00 <0f> be 50 4c c7 07 02 00 00 00 c7 87 38 07 00 00 02 00 00 00 8b 1c
[  308.181544] Web Content[2537]: segfault at 4f ip 988a7f19 sp bf9d4050 error 4 in r300_dri.so[982f8000+d98000]
[  308.181562] Code: 81 ec 8c 00 00 00 0f b6 84 24 a8 00 00 00 8d 8f 28 d9 a8 ff 89 7c 24 0c 8b bc 24 a4 00 00 00 88 44 24 4f 8b 84 24 a0 00 00 00 <0f> be 50 4c c7 07 02 00 00 00 c7 87 38 07 00 00 02 00 00 00 8b 1c

Notes:
xfwm4 downgraded to the version 4.13.2-1.mga7.i586 due the same trouble.
Version firefox-67.0.4-1.mga7.i586 from "Core Release" works correct.
This bug may be related to #27028 (xfwm4 segfault in r300_dri.so on the same hardware).
Comment 1 Aurelien Oudelet 2020-09-09 21:02:20 CEST
Hi, thanks for reporting this bug.

urpmf -f r300_dri.so
lib64dri-drivers
urpmq -i lib64dri-drivers
mesa

Seems a bug related to mesa stack.

Assigned to the package maintainer.
(Packager: Please set the status to 'assigned' if you are working on it)

Assignee: bugsquad => thierry.vignaud
Target Milestone: --- => Mageia 7
Source RPM: (none) => mesa
Keywords: (none) => Triaged

Aurelien Oudelet 2020-09-09 21:02:41 CEST

Assignee: thierry.vignaud => kernel
CC: (none) => thierry.vignaud

Lewis Smith 2020-09-09 22:22:48 CEST

See Also: (none) => https://bugs.mageia.org/show_bug.cgi?id=27028

Comment 2 Lewis Smith 2020-09-09 22:39:36 CEST
What software is at fault? On my up-to-date x64 M7 system,
 firefox-68.12.0-2.mga7
this bug does not happen. https://www.tut.by/ views correctly during a long time.
No mention of r300_dri.so in dmesg nor system journal. Its host package is:
 lib64dri-drivers-20.0.7-3.mga7   (updated 24 May 2020)

The related bug 27028 does not happen here either.
Is this a 32-bit-only problem?

CC: (none) => lewyssmith

Comment 3 Ihar Areshchankau 2020-09-10 10:41:51 CEST
(In reply to Lewis Smith from comment #2)
> What software is at fault? On my up-to-date x64 M7 system,
>  firefox-68.12.0-2.mga7
> this bug does not happen. https://www.tut.by/ views correctly during a long
> time.
> No mention of r300_dri.so in dmesg nor system journal. Its host package is:
>  lib64dri-drivers-20.0.7-3.mga7   (updated 24 May 2020)
> 
> The related bug 27028 does not happen here either.
> Is this a 32-bit-only problem?

firefox 67.0.4-1.mga7 - ok
firefox 68.0-1.1.mga7 - segfault

I use 32 bit system only and cannot say about 64 bit system.

I found that the system uses kernel 5.4.12-desktop586-1.mga7 while the latest is 5.7.19-1.mga7. I will configure the bootloader for it and report the results later.
Comment 4 Ihar Areshchankau 2020-09-10 10:46:15 CEST
Created attachment 11874 [details]
Firefox tab crash explanation
Comment 5 Ihar Areshchankau 2020-09-10 16:04:44 CEST
(In reply to Aurelien Oudelet from comment #1)
> Hi, thanks for reporting this bug.
> 
> urpmf -f r300_dri.so
> lib64dri-drivers
> urpmq -i lib64dri-drivers
> mesa
> 
> Seems a bug related to mesa stack.
> 
> Assigned to the package maintainer.
> (Packager: Please set the status to 'assigned' if you are working on it)

I found that downgrade to the version {mesa,libmesagl1,libdri-drivers}-19.3.4-1.mga7.i586 solves the segfault of both firefox (this bug) and xfwm4 (bug #27028). And installing {mesa,libmesagl1,libdri-drivers}-20.0.1-1.mga7.i586 brings the segfault back again.

I verified this on actual kernel version 5.7.19-desktop586-1.mga7.

Thank you very much for the detailed description how to find the source of the problem.
Comment 6 Ihar Areshchankau 2020-09-10 16:09:25 CEST
(In reply to Lewis Smith from comment #2)
> What software is at fault?

{mesa,libmesagl1,libdri-drivers}-19.3.4-1.mga7.i586 - Ok
{mesa,libmesagl1,libdri-drivers}-20.0.1-1.mga7.i586 - segfault

This is true for the both cases #27028 and #27267.
Comment 7 Lewis Smith 2020-09-10 21:43:00 CEST
Thank you for the package version details above. It should help to locate the fault.

My question "What software is at fault?" in comment 2  was not directed at you, but a generic one. Your comments 5 & 6 rather answer it; and accord with Aurelian's c1 "Seems a bug related to mesa stack".

For M7, mesa was done by tmb; for M8, ghibo. Changing the CC to the latter.

CC: lewyssmith, thierry.vignaud => ghibomgx
Source RPM: mesa => mesa-20.0.1-1.mga7.src.rpm

Comment 8 Giuseppe Ghibò 2020-09-10 22:21:10 CEST
I think it's worthwhile to upgrade mesa in mga7 too, as there were a lot of bug fixes. Current cauldron mesa spec file can be easily compiled on mga7 (there are a few version binary conmpiled on copr for testing if needed). 20.1.7 works, 20.2.0-rc4 too. Final 20.2.0 should arrive next week. I had no problems on both. Only extra-requirement for compiling is a new meson 0.52.1 backport (0.54 won't backport correctly in mga7).

In the meanwhile he can try whether using only software acceleration would cause the same segfault too, e.g. launching firefox with "LIBGL_ALWAYS_SOFTWARE=1 firefox".
Comment 9 Ihar Areshchankau 2020-09-11 09:15:08 CEST
(In reply to Giuseppe Ghibò from comment #8)
> In the meanwhile he can try whether using only software acceleration would
> cause the same segfault too, e.g. launching firefox with
> "LIBGL_ALWAYS_SOFTWARE=1 firefox".

I added the line "LIBGL_ALWAYS_SOFTWARE=1" to the file "/etc/environment" and this workaround solves both bugs. The latest versions of xfm4 and firefox both works like a charm using mesa-20.0.7-3. Thank you.
Comment 10 Giuseppe Ghibò 2020-09-11 22:40:39 CEST
There is available a newer mesa-20.1.7-1.mga7 in updates_testing of mga7 you might want to test.
Comment 11 Ihar Areshchankau 2020-09-13 09:59:04 CEST
(In reply to Giuseppe Ghibò from comment #10)
> There is available a newer mesa-20.1.7-1.mga7 in updates_testing of mga7 you
> might want to test.

I installed mesa-20.1.7-1.mga7 with its dependencies and removed the LIBGL_ALWAYS_SOFTWARE variable from the environment. The system works correct, the segfault error has left from the both xfwm4 and firefox.

So the bug of the tickets #27028 and #27267 is found and solved. Thank you.
Comment 12 Aurelien Oudelet 2020-09-13 10:46:44 CEST
Seems we have a candidate update. Don't close this bug until we release this.

CC: (none) => ouaurelien

Aurelien Oudelet 2020-09-13 10:49:59 CEST

Blocks: (none) => 27028


Note You need to log in before you can comment on or make changes to this bug.