Bug 496034

Summary:	xorg-server: random crashes in xkb/xkb.c
Product:	[openSUSE] openSUSE 11.1	Reporter:	Roman Varenik <rommie>
Component:	X.Org	Assignee:	E-mail List <xorg-maintainer-bugs>
Status:	RESOLVED DUPLICATE	QA Contact:	E-mail List <xorg-maintainer-bugs>
Severity:	Critical
Priority:	P3 - Medium	CC:	koenig, sndirsch
Version:	Final
Target Milestone:	---
Hardware:	i586
OS:	openSUSE 11.1
Whiteboard:	maint:released:sle11-pl09a:25496 maint:released:11.1:25516 maint:released:sle11:25492
Found By:	---	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---
Attachments:	/etc/X11/xorg.conf /var/log/Xorg.0.log.old hwinfo --gfx /var/log/Xorg.0.log.old (xorg nv driver) /etc/X11/xorg.conf (now with nv driver) /home/roman/hwinfo.txt (with nv driver) lspci output Xorg.log after crash current xorg.conf this may be helpful too

Description Roman Varenik 2009-04-17 16:16:36 UTC

Created attachment 286533 [details]
/etc/X11/xorg.conf

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; ru; rv:1.9.0.8) Gecko/2009032600 SUSE/3.0.8-1.2 Firefox/3.0.8

Times to times I get freeze of all on screen activity for a sec, then the screen flickers, I see nvidia logo and then gdm shows me log in prompt. I can switch back to old display (Alt+Ctrl+F6) and there are a message "glibc detected double free or corruption(!prev)" and a back trace.
The crash appears randomly. Sometimes it happens several times a day, sometimes at once of a couple days.
I've got two coredumps of X. gdb says:
Core was generated by `/usr/bin/X :0 -br -verbose -auth /var/run/gdm/auth-for-gdm-yY2sxx/database -nol'.
Program terminated with signal 6, Aborted.
#0  0xffffe430 in __kernel_vsyscall ()
(gdb) bt
#0  0xffffe430 in __kernel_vsyscall ()
#1  0xb7b21990 in ?? ()
#2  0xb7b232c8 in ?? ()
#3  0xb7b5d6c5 in ?? ()
#4  0xb7b63654 in ?? ()
#5  0xb7b64f3c in ?? ()
#6  0x08133a41 in Xfree (ptr=0x0) at utils.c:1458
#7  0x08184c51 in XkbSendMap (client=0x8548900, xkb=0xaba6db0, rep=0xbfca4d54) at xkb.c:1409
#8  0x0818b97a in ProcXkbGetKbdByName (client=0x8548900) at xkb.c:5807
#9  0x08190128 in ProcXkbDispatch (client=0x6) at xkb.c:6690
#10 0x0808b4af in Dispatch () at dispatch.c:454
#11 0x08070d4d in main (argc=9, argv=0xbfca5fb4, envp=Cannot access memory at address 0x341c
) at main.c:441

I can put coredump to ftp if it can help (20Mb the smallest one) or try to use debug version of X. Unfortunately, I can not run X under gdb because don't have second PC here.

Reproducible: Sometimes

Steps to Reproduce:
1.
2.
3.



I use proprietary nvidia drivers and vmware workstation 6.5.0 build-118166 with its own drivers installed. This bug appeared on various 180.xx nvidia drivers and one of 177.??
I tried both available versions of xorg-x11-server (7.4-17.4.1 and 7.4-17.3) and they are both crash.
I use machine with 4 Gb of RAM and two monitors on Nvidia 7300LE without Xinerama.

Comment 1 Roman Varenik 2009-04-17 16:21:26 UTC

Created attachment 286535 [details]
/var/log/Xorg.0.log.old

Comment 2 Roman Varenik 2009-04-17 16:24:36 UTC

Created attachment 286536 [details]
hwinfo --gfx

Comment 3 Roman Varenik 2009-04-17 16:25:53 UTC

I suppose these "BOGUS LENGTH" in /var/log/Xorg.0.log.old may be related.

Comment 4 Stefan Dirsch 2009-04-17 16:26:52 UTC

Unfortunately we don't track any NVIDIA driver bugs filed against 
openSUSE in Novell's bugzilla. Please complain directly to NVIDIA.
Thanks.

Comment 5 Roman Varenik 2009-04-23 12:22:53 UTC

I have removed nvidia drivers and X server crashes again. Though, this time the crash is probably at another place:

Core was generated by `/usr/bin/X :0 -br -verbose -auth /var/run/gdm/auth-for-gdm-6eWEjb/database -nol'.
Program terminated with signal 6, Aborted.
#0  0xffffe430 in __kernel_vsyscall ()
(gdb) symbol-file /usr/lib/debug/usr/bin/X.debug 
Reading symbols from /usr/lib/debug/usr/bin/X.debug...done.
(gdb) bt
#0  0xffffe430 in __kernel_vsyscall ()
#1  0xb7b62990 in ?? ()
#2  0xb7b642c8 in ?? ()
#3  0xb7b9e6c5 in ?? ()
#4  0xb7ba4654 in ?? ()
#5  0xb7ba5f3c in ?? ()
#6  0x08134091 in XNFcalloc (amount=3083403252) at utils.c:1398
#7  0x08187e81 in ProcXkbLatchLockState (client=0xbfae6454) at xkb.c:587
#8  0x0818ebaa in _XkbSetMap (client=0x0, dev=0x0, req=0x0, values=0x0) at xkb.c:2243
#9  0x08193358 in XkbCopyKeymap (src=0x838cfc0, dst=0x92, sendNotifies=16) at xkbUtils.c:2087
#10 0x0808b91f in QueryFont (pFont=0x0, pReply=0x2, nProtoCCIStructs=0) at dixfonts.c:550
#11 0x08070fad in main (argc=9, argv=0xbfae76b4, envp=0x0) at main.c:445

Unfortunately, debuginfo version from repository does not match xserver's one, so actual stack should differ. But I have a core dump which is 7.5Mb length.

And unlike nvidia drivers, this time text consoles 1-6 are broken. Video mode set is obviously wrong. It looks like a screen is divided to 4 parts. Top 2 of them are contain identical text but it is hard to read (all symbols are four times smaller too).

Comment 6 Roman Varenik 2009-04-23 12:26:25 UTC

Created attachment 287744 [details]
/var/log/Xorg.0.log.old (xorg nv driver)

The same "BOGUS LENGTH" message is here.

Comment 7 Stefan Dirsch 2009-04-23 12:27:31 UTC

Please attach new Xserver log and current /etc/X11/xorg.conf.

Comment 8 Roman Varenik 2009-04-23 12:28:17 UTC

Created attachment 287745 [details]
/etc/X11/xorg.conf (now with nv driver)

Comment 9 Roman Varenik 2009-04-23 12:29:52 UTC

Created attachment 287746 [details]
/home/roman/hwinfo.txt (with nv driver)

Comment 10 Roman Varenik 2009-04-23 12:31:33 UTC

Created attachment 287749 [details]
lspci output

Comment 11 Stefan Dirsch 2009-04-23 12:31:44 UTC

(In reply to comment #8)
> Created an attachment (id=287745) [details]
> /etc/X11/xorg.conf (now with nv driver)

Can't you simply use SaX2 for configuration?

Comment 12 Roman Varenik 2009-04-23 12:51:15 UTC

I can try, but SaX2 did not detect my second monitor. It is unacceptable for me to use only one monitor. Can I manually add second monitor usage to xorg.conf generated by SaX2?

Comment 13 Stefan Dirsch 2009-04-23 13:00:42 UTC

Backup your existing xorg.conf and use one created by Sax2, please.

Comment 14 Stefan Dirsch 2009-04-23 14:51:13 UTC

(In reply to comment #6)
> Created an attachment (id=287744) [details]
> /var/log/Xorg.0.log.old (xorg nv driver)
> 
> The same "BOGUS LENGTH" message is here.

This is in xorg-server/xkb/xkb.c:XkbSendMap().

Comment 15 Stefan Dirsch 2009-04-23 14:59:24 UTC

You're already using xorg-server 1.5.2. Either you're running openSUSE 11.1 or you've update X.Org packges on 11.0 with packages from X11:XOrg project in OBS. Please clarify.

Comment 16 Roman Varenik 2009-04-23 16:46:58 UTC

I've updated from 11.0 to 11.1 when it came out. xorg-x11-server was installed from OpenSUSE 11.1-update repository as I can see.

Comment 17 Stefan Dirsch 2009-04-24 11:14:52 UTC

Still set to NEEDINFO due to comments #11-13.

Comment 18 Stefan Dirsch 2009-04-24 11:26:37 UTC

(In reply to comment #14)
> (In reply to comment #6)
> > Created an attachment (id=287744) [details] [details]
> > /var/log/Xorg.0.log.old (xorg nv driver)
> > 
> > The same "BOGUS LENGTH" message is here.
> 
> This is in xorg-server/xkb/xkb.c:XkbSendMap().

Same issue as in Bug #334676 and Bug #342514. So probably this is not the culprit here.

Comment 19 Roman Varenik 2009-04-24 12:06:13 UTC

I'll try to reinstall alsa to see if the problem still exists. I don't remember whether I mentioned it but I use microsoft natural keyboard. It has some nonstandard keys on it which I don't use either. May be it somehow affects xserver.
It would take some time to reproduce the bug with SaX xorg.config. Sometimes X crashes once in several days and sometimes tree times a day.

Comment 20 Stefan Dirsch 2009-04-24 12:35:21 UTC

Possibly fixed in xorg-server git master by this commit:

commit ddb8d8945d1f44d16adc366b6612eef20ae813f7
Author: Peter Åstrand <astrand@cendio.se>
Date:   Fri Feb 13 10:23:28 2009 +0100

    xserver: Avoid sending uninitialized padding data over the network
    
    Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>

Not yet in xorg-server 1.6.1.

Comment 21 Stefan Dirsch 2009-04-28 20:16:42 UTC

Since you know how to use gdb. Could you install xorg-x11-server-debuginfo and xorg-x11-server-debugsource, so I can see where the segfault occurs exactly?

Comment 22 Roman Varenik 2009-04-29 07:02:17 UTC

I have these packages installed but -server have version 7.4-17.4.1 but -debuginfo and -debugsource have version only 7.4-17.3 and I suppose gdb misses the place of crash. Since there is no recent debuginfo in repository should I downgrade to X server 7.4-17.3? Will it help?
And at this moment X with vesa driver (SaX configuration) reached uptime 4 days and no one crash. it is possible the bug is in nvidia open source driver, or the bug was caused by two monitors configuration or there are chances the bug is in X server but it didn't showed for 4 days. Or reinstalling alsa somehow helped.

Comment 23 Stefan Dirsch 2009-04-29 07:19:08 UTC

I don't think the bug is related to nv driver or a multhead configuration. I suggest to go back to original configuration and close the bug with WORKSFORME for now. Going back to a xorg-x11-server release, for which debug packages exist and install these would still make sense though. So in case the issue occurs again
you can reopen and provide even more useful information.

Comment 24 Stefan Dirsch 2009-05-08 17:38:34 UTC

*** Bug 502134 has been marked as a duplicate of this bug. ***

Comment 25 Roman Varenik 2009-05-14 07:45:16 UTC

Got another crash with nv driver and debug info for xserver though not much new info.

(gdb) file /usr/lib/debug/usr/bin/X.debug 
warning: core file may not match specified executable file.
Reading symbols from /usr/lib/debug/usr/bin/X.debug...done.
(gdb) bt
#0  0xffffe430 in __kernel_vsyscall ()
#1  0xb7b9f990 in ?? ()
#2  0xb7ba12c8 in ?? ()
#3  0xb7bdb6c5 in ?? ()
#4  0xb7be1654 in ?? ()
#5  0xb7be2f3c in ?? ()
#6  0x08133a41 in Xfree (ptr=0x0) at utils.c:1458
#7  0x08184c51 in XkbSendMap (client=0x83cd450, xkb=0x91b5508, rep=0xbff23c84) at xkb.c:1409
#8  0x0818b97a in ProcXkbGetKbdByName (client=0x83cd450) at xkb.c:5807
#9  0x08190128 in ProcXkbDispatch (client=0x6) at xkb.c:6690
#10 0x0808b4af in Dispatch () at dispatch.c:454
#11 0x08070d4d in main (argc=9, argv=0xbff24ee4, envp=0x0) at main.c:441

I have 130 Mb core file from crash.

Comment 26 Roman Varenik 2009-05-14 07:46:36 UTC

Created attachment 292091 [details]
Xorg.log after crash

Comment 27 Roman Varenik 2009-05-14 07:47:30 UTC

Created attachment 292092 [details]
current xorg.conf

Comment 28 Roman Varenik 2009-05-14 07:49:40 UTC

Created attachment 292094 [details]
this may be helpful too

Comment 29 Roman Varenik 2009-05-14 07:55:50 UTC

The same "BOGUS LENGTH" message in x log. I think it appears just before crash happens. Can it be related to microsoft natural keyboard I use? Should I try a different keyboard?

Comment 30 Roman Varenik 2009-05-14 08:02:10 UTC

Looks like it is frequent problem. after googling:
https://bugzilla.redhat.com/show_bug.cgi?id=456376
https://bugs.launchpad.net/xorg-server/+bug/311076
http://forums.opensuse.org/applications/411272-bogus-length-write-keyboard-desc-expected-5608-got-5624-a.html

Comment 31 Stefan Dirsch 2009-05-14 12:33:09 UTC

(In reply to comment #20)
> Possibly fixed in xorg-server git master by this commit:
> 
> commit ddb8d8945d1f44d16adc366b6612eef20ae813f7
> Author: Peter Åstrand <astrand@cendio.se>
> Date:   Fri Feb 13 10:23:28 2009 +0100
> 
>     xserver: Avoid sending uninitialized padding data over the network
> 
>     Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
> 
> Not yet in xorg-server 1.6.1.

Would make sense to apply the hunks for the xkb files of this commit.

Comment 32 Stefan Dirsch 2009-05-14 12:52:58 UTC

(In reply to comment #31)
> (In reply to comment #20)
> > Possibly fixed in xorg-server git master by this commit:
> > 
> > commit ddb8d8945d1f44d16adc366b6612eef20ae813f7
> > Author: Peter Åstrand <astrand@cendio.se>
> > Date:   Fri Feb 13 10:23:28 2009 +0100
> > 
> >     xserver: Avoid sending uninitialized padding data over the network
> > 
> >     Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
> > 
> > Not yet in xorg-server 1.6.1.
> 
> Would make sense to apply the hunks for the xkb files of this commit.

done. A new package with these hunks applied will be available shortly via obs://X11:XOrg:sle11. RPM changelog:

* Thu May 14 2009 sndirsch@suse.de
- commit-ddb8d89-xkb.diff
  * Avoid sending uninitialized padding data over the network;
  posssibly fixes bnc #496034

Comment 33 Stefan Dirsch 2009-05-14 14:39:02 UTC

xorg-x11-server packages are now available:

  http://download.opensuse.org/repositories/X11:/XOrg:/sle11/openSUSE_11.1/

Comment 34 Stefan Dirsch 2009-05-22 16:37:40 UTC

Most likely the patch I applied won't help, but there is now a fix upstream  available.

*** This bug has been marked as a duplicate of bug 506494 ***

Comment 35 Stefan Dirsch 2009-05-25 09:45:54 UTC

Looks like the patch helped nevertheless:

https://bugzilla.novell.com/show_bug.cgi?id=506494#c7

"Stefan, thank you very much for handling
https://bugzilla.novell.com/show_bug.cgi?id=496034.
Last week xserver worked for 4 days without crash until it hung due to [...]

Comment 36 Swamp Workflow Management 2009-06-23 23:20:35 UTC

Update released for: Mesa, Mesa-32bit, Mesa-debuginfo, Mesa-debuginfo-32bit, Mesa-debugsource, Mesa-devel, Mesa-devel-32bit, Mesa-devel-static, xkeyboard-config, xorg-x11, xorg-x11-Xvnc, xorg-x11-debuginfo, xorg-x11-debugsource, xorg-x11-driver-video, xorg-x11-driver-video-32bit, xorg-x11-driver-video-debuginfo, xorg-x11-driver-video-debuginfo-32bit, xorg-x11-driver-video-debugsource, xorg-x11-server, xorg-x11-server-debuginfo, xorg-x11-server-debugsource, xorg-x11-server-extra, xorg-x11-server-sdk, xorg-x11-xauth
Products:
SLE-PRELOAD 11-2009A (i386, x86_64)

Comment 37 Swamp Workflow Management 2009-06-23 23:21:03 UTC

Update released for: Mesa, Mesa-32bit, Mesa-debuginfo, Mesa-debuginfo-32bit, Mesa-debugsource, Mesa-devel, Mesa-devel-32bit, Mesa-devel-static, xkeyboard-config, xorg-x11, xorg-x11-Xvnc, xorg-x11-debuginfo, xorg-x11-debugsource, xorg-x11-driver-video, xorg-x11-driver-video-32bit, xorg-x11-driver-video-debuginfo, xorg-x11-driver-video-debuginfo-32bit, xorg-x11-driver-video-debugsource, xorg-x11-server, xorg-x11-server-debuginfo, xorg-x11-server-debugsource, xorg-x11-server-extra, xorg-x11-server-sdk, xorg-x11-xauth
Products:
SLE-PRELOAD 11-2009A (i386, x86_64)

Comment 38 Swamp Workflow Management 2009-07-15 15:08:40 UTC

Update released for: Mesa, Mesa-debuginfo, Mesa-debugsource, Mesa-devel, Mesa-devel-static, xkeyboard-config, xorg-x11, xorg-x11-Xvnc, xorg-x11-debuginfo, xorg-x11-debugsource, xorg-x11-driver-video, xorg-x11-driver-video-debuginfo, xorg-x11-driver-video-debugsource, xorg-x11-server, xorg-x11-server-debuginfo, xorg-x11-server-debugsource, xorg-x11-server-extra, xorg-x11-server-sdk, xorg-x11-xauth
Products:
openSUSE 11.1 (debug, i586, ppc, ppc64, x86_64)

Comment 39 Swamp Workflow Management 2009-07-15 22:11:46 UTC

Update released for: Mesa, Mesa-32bit, Mesa-debuginfo, Mesa-debuginfo-32bit, Mesa-debuginfo-x86, Mesa-debugsource, Mesa-devel, Mesa-devel-32bit, Mesa-devel-static, Mesa-x86, xkeyboard-config, xorg-x11, xorg-x11-Xvnc, xorg-x11-debuginfo, xorg-x11-debugsource, xorg-x11-driver-video, xorg-x11-driver-video-32bit, xorg-x11-driver-video-debuginfo, xorg-x11-driver-video-debuginfo-32bit, xorg-x11-driver-video-debuginfo-x86, xorg-x11-driver-video-debugsource, xorg-x11-driver-video-x86, xorg-x11-server, xorg-x11-server-debuginfo, xorg-x11-server-debugsource, xorg-x11-server-extra, xorg-x11-server-sdk, xorg-x11-xauth
Products:
SLE-DEBUGINFO 11 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11 (i386, x86_64)
SLE-SDK 11 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11 (i386, ia64, ppc64, s390x, x86_64)