X crashes when holding down key on non-primary screen (Xinerama)

[Switching to Thread 0x7f682b37e6f0 (LWP 16568)]
0x00000000004daa7c in miPointerWarpCursor (pDev=0x24886c0, pScreen=0x21a8cb0, x=1279, y=773) at ../../mi/mipointer.c:309
 in ../../mi/mipointer.c
(gdb) backtrace full
#0 0x00000000004daa7c in miPointerWarpCursor (pDev=0x24886c0, pScreen=0x21a8cb0, x=1279, y=773) at ../../mi/mipointer.c:309
 pPointer = (miPointerPtr) 0x0
 changedScreen = 0 '\0'
 pScreenPriv = <value optimized out>
#1 0x0000000000481c90 in xf86WarpCursor (pDev=0x24886c0, pScreen=0x21a8cb0, x=1279, y=773) at ../../../../hw/xfree86/common/xf86Curso
r.c:476
 sigstate = 0
#2 0x00000000004da6cc in miPointerSetCursorPosition (pDev=0x24886c0, pScreen=0x21a8cb0, x=1279, y=773, generateEvent=0) at ../../mi/m
ipointer.c:240
No locals.
#3 0x000000000053559f in AnimCurSetCursorPosition (pDev=0x24886c0, pScreen=0x21a8cb0, x=1279, y=773, generateEvent=0) at ../../render
/animcur.c:277
 as = (AnimCurScreenPtr) 0x220db70
 ret = 35302672
#4 0x0000000000455284 in XineramaSetCursorPosition (pDev=0x24886c0, x=1279, y=773, generateEvent=0) at ../../dix/events.c:454
 pScreen = (ScreenPtr) 0x21a8cb0
 box = {x1 = 3840, y1 = 0, x2 = 5120, y2 = 1024}
 i = 8251968
 pSprite = (SpritePtr) 0x24ac7d0

confirmed. dual 9800gt Nvidia, 3 screens. holding down backspace restarts kde 4.2

Just a temp work around solution - disabling keyboard repeat will fix the problem - although limit your ability to edit text quickly.

Thanks. Didn't even think of that. It may slow down text editing, but it's a heck of a lot faster than having to restart all of my programs.

Ctrl a delete and shift home delete for the win

Dan Syme
Beardbar Studios
ph: 509.388.4869

On Mar 14, 2009, at 2:14 PM, Jared Bunting
<email address hidden> wrote:

> Thanks. Didn't even think of that. It may slow down text editing,
> but
> it's a heck of a lot faster than having to restart all of my programs.
>
> --
> X crashes when holding down key on non-primary screen (Xinerama)
> https://bugs.launchpad.net/bugs/324465
> You received this bug notification because you are a direct subscriber
> of the bug.
>
> Status in “xorg-server” source package in Ubuntu: Triaged
>
> Bug description:
> Binary package hint: xorg
>
> When in any text field, on any screen other than the primary one,
> holding down a key causes X to crash. (Goes black, X restarts
> automatically). I have tested this with backspace, arrow keys, and
> letters. It does not crash when holding ctrl, alt, or shift.
>
> I have two NVidia 8600GT cards and 4 screens. I am using the latest
> restricted nvidia driver, which from what I can tell should be ABI
> compatible (180.27), from the jaunty repository.
>
> ProblemType: Bug
> Architecture: amd64
> DistroRelease: Ubuntu 9.04
> NonfreeKernelModules: nvidia
> Package: xorg 1:7.4~5ubuntu11
> ProcEnviron:
> PATH=(custom, user)
> LANG=en_US.UTF-8
> SHELL=/bin/bash
> ProcVersion: Linux version 2.6.28-6-generic (buildd@crested) (gcc
> version 4.3.3 (Ubuntu 4.3.3-3ubuntu1) ) #17-Ubuntu SMP Fri Jan 30
> 15:35:08 UTC 2009
>
> SourcePackage: xorg
> Uname: Linux 2.6.28-6-generic x86_64
>
> [lspci]
> 00:00.0 Host bridge [0600]: nVidia Corporation C55 Host Bridge [10de:
> 03a3] (rev a2)
> Subsystem: Micro-Star International Co., Ltd. Device
> [1462:0000]
> 03:00.0 VGA compatible controller [0300]: nVidia Corporation GeForce
> 8600 GT [10de:0402] (rev a1)
> Subsystem: Giga-byte Technology Device [1458:3452]
> 04:00.0 VGA compatible controller [0300]: nVidia Corporation GeForce
> 8600 GT [10de:0402] (rev a1)
> Subsystem: Giga-byte Technology Device [1458:3452]
>

As seen in the above backtrace, pPointer is null, and it crashes here:

309: if (pPointer->pScreen != pScreen)

Avoiding the null ptr deref is trivial enough, although this only addresses the symptom, not the cause of why that got set to null to begin with.

I've also forwarded this bug upstream to https://bugs.freedesktop.org/show_bug.cgi?id=20744 - please subscribe to that bug in case upstream needs further information or wishes you to test something.

This bug was fixed in the package xorg-server - 2:1.6.0-0ubuntu3

---------------
xorg-server (2:1.6.0-0ubuntu3) jaunty; urgency=low

  * Add 165_man_xorg_conf_no_device_ident.patch:
    - Device identifier no longer necessary in Screen section of
      xorg.conf. Update man page accordingly.
      (LP: #261577)
  * Add 166_nullptr_xinerama_keyrepeat.patch:
    - Avoids null pointer dereference when holding down keys on
      non-primary screen when using TwinView / Xinerama on -nvidia.
      (LP: #324465)
  * Add 167_nullptr_xisbread.patch:
    - Avoids null pointer dereference in XisbRead to prevent a (difficult
      to reproduce) crash during or after a resume from RAM.
      (LP: #324368)

 -- Bryce Harrington <email address hidden> Thu, 19 Mar 2009 00:17:40 -0700

Well...that patch partially helps. I no longer crash when repeating keys on either of the monitors connected to my "first" video card. However, I still crash when repeating keys on both of the monitors connected to my "second" video card. (The first video card is the one that has "Screen 0" and "Screen 1" on it.)

I'll attach a backtrace of this shortly - I'm assuming the failure is somewhere different for those two screens.

I have to take that back - I tried it a couple times on that "second screen" and it worked. Then once I noticed that it was crashing on screens 3 and 4, I couldn't ever get it to not crash on screen 2. I have installed jaunty alpha6 from scratch, and am still seeing the crash on screens 2, 3, and 4.

I am attaching the backtrace from the crash after updating to the patched version.

same here, no change and still getting the crashes, I am unsure how to
create a back trace to help out. doing some research on that to educate
myself, any guidance appreciated.

On Thu, Mar 19, 2009 at 3:48 PM, Jared Bunting
<email address hidden>wrote:

> I am attaching the backtrace from the crash after updating to the
> patched version.
>
> ** Attachment added: "screen3.crash"
> http://launchpadlibrarian.net/24130130/screen3.crash
>
> --
> X crashes when holding down key on non-primary screen (Xinerama)
> https://bugs.launchpad.net/bugs/324465
> You received this bug notification because you are a direct subscriber
> of the bug.
>
> Status in X.Org X server: Confirmed
> Status in “xorg-server” source package in Ubuntu: Fix Released
>
> Bug description:
> Binary package hint: xorg
>
> When in any text field, on any screen other than the primary one, holding
> down a key causes X to crash. (Goes black, X restarts automatically). I
> have tested this with backspace, arrow keys, and letters. It does not crash
> when holding ctrl, alt, or shift.
>
> I have two NVidia 8600GT cards and 4 screens. I am using the latest
> restricted nvidia driver, which from what I can tell should be ABI
> compatible (180.27), from the jaunty repository.
>
> ProblemType: Bug
> Architecture: amd64
> DistroRelease: Ubuntu 9.04
> NonfreeKernelModules: nvidia
> Package: xorg 1:7.4~5ubuntu11
> ProcEnviron:
> PATH=(custom, user)
> LANG=en_US.UTF-8
> SHELL=/bin/bash
> ProcVersion: Linux version 2.6.28-6-generic (buildd@crested) (gcc version
> 4.3.3 (Ubuntu 4.3.3-3ubuntu1) ) #17-Ubuntu SMP Fri Jan 30 15:35:08 UTC 2009
>
> SourcePackage: xorg
> Uname: Linux 2.6.28-6-generic x86_64
>
> [lspci]
> 00:00.0 Host bridge [0600]: nVidia Corporation C55 Host Bridge [10de:03a3]
> (rev a2)
> Subsystem: Micro-Star International Co., Ltd. Device [1462:0000]
> 03:00.0 VGA compatible controller [0300]: nVidia Corporation GeForce 8600
> GT [10de:0402] (rev a1)
> Subsystem: Giga-byte Technology Device [1458:3452]
> 04:00.0 VGA compatible controller [0300]: nVidia Corporation GeForce 8600
> GT [10de:0402] (rev a1)
> Subsystem: Giga-byte Technology Device [1458:3452]
>
>

--
Dan Syme
Web Programming and Design
509.388.4869

Here's what I used:

https://wiki.ubuntu.com/X/Backtracing

File new bugs for new crashes please, I don't often review closed bugs (it's just luck that I noticed the comments here).

Ideally apport will catch the crash and help you in doing this automatically. If not, the command 'ubuntu-bug -p xorg-server' will save you some work, although you'll still need to collect the backtrace yourself in this case - https://wiki.ubuntu.com/X/Backtracing is the right reference for that.

Fwiw, since we don't know the root cause of this bug, my patches to avoid nullptr derefs are likely going to just move the bug, rather than solve it. I figure that's better than doing nothing and leaving it to crash, but you may need to be persistent with filing new bugs and posting more backtraces as the crash moves.

Oh also, remember after doing a clean install of alpha6 to update to latest code, else you won't have the fix I put in yesterday so of course it would still crash that same way. ;-)

Reopening because Jared sent me an expanded patch from my earlier one which will catch a lot more of these MIPOINTER nullptr errors.

I've uploaded this patch to Jaunty and would like to see it go in for beta, since it may solve a lot of the -nvidia crashes we're seeing with multi-screen setups. Since this is all null pointer checks and error messages, I think it should be quite safe. Anyplace where the null pointer is returned from MIPOINTER(), it's used in a manner that would result in a segfault crash, so I'm pretty certain this change can't cause regressions.

I have removed the patch for catching the MIPOINTER nullptr errors, and applied the patch from upstream. After testing, I am not able to reproduce the bug. It seems that patch fixes this problem.

I should probably mention - the patch I applied is from the duplicate of the upstream bug noted on this issue:
https://bugs.freedesktop.org/show_bug.cgi?id=20557

This bug was fixed in the package xorg-server - 2:1.6.0-0ubuntu5

---------------
xorg-server (2:1.6.0-0ubuntu5) jaunty; urgency=low

  [Tormod Volden]
  * Disable 160_log_timestamping.patch before the beta, this was only used
    for testing, and the patch also has a serious stack corruption bug.
    (LP: #328035)

  [Bryce Harrington]
  * Disable 999_default_modedebug_on.patch before the beta, this was used
    only for testing.
  * Add 169_mipointer_nullptr_checks.patch:
    - MIPOINTER() can return NULL in some circumstances, so always check
      its return value before dereferencing.
    - Fixes crash with keyrepeat on non-primary screen on -nvidia when
      using Xinerama (and probably other serious mipointer-related crashes)
      (LP: #324465)
  * Add 170_primary_pci_video_device.patch:
    - Patch from redhat
    - Fixes failure when multiple video cards are present. Xserver currently
      exits with an error "(EE) No device detected" in such cases.
      (LP: #267241)

 -- Bryce Harrington <email address hidden> Tue, 24 Mar 2009 09:57:17 -0700

# aptitude search xorg-server
outputs nothing

how am I supposed to install/upgrade to the correct version ?

# dpkg -l xserver-xorg
ii xserver-xorg 1:7.4~5ubuntu16 the X.Org X server

Am Freitag 27 März 2009 08:48:56 schrieb Simon Morvan:
> # aptitude search xorg-server
> outputs nothing
>
> how am I supposed to install/upgrade to the correct version ?
>
> # dpkg -l xserver-xorg
> ii xserver-xorg 1:7.4~5ubuntu16
> the X.Org X server

I suppose that xserver-xorg-core was meant, a normal upgrade to the latest
packages (e.g. aptitude update && aptitude dist-upgrade) should be sufficient.

--
Klaus Holler - kho (at) gmx <dot> at

Le 27/03/2009 16:05, KlausHoller a écrit :
> Am Freitag 27 März 2009 08:48:56 schrieb Simon Morvan:
>
>> # aptitude search xorg-server
>> outputs nothing
>>
>> how am I supposed to install/upgrade to the correct version ?
>>
>> # dpkg -l xserver-xorg
>> ii xserver-xorg 1:7.4~5ubuntu16
>> the X.Org X server
>>
>
> I suppose that xserver-xorg-core was meant, a normal upgrade to the latest
> packages (e.g. aptitude update&& aptitude dist-upgrade) should be sufficient.
>
>
That's fine now. Mirrors I use weren't probably in sync at that time.
Indeed thanks for your concern.

--
Simon

169_mipointer_nullptr_checks.patch could have side effects ?

On Jaunty, Xinerama with nvidia cards does not work very well... Log messages looks like these :

 miPointerConstrainCursor: Invalid input device pointer
 miPointerConstrainCursor: Invalid input device pointer
 miPointerWarpCursor: Invalid input device pointer
 miPointerUpdateSprite: Invalid input device pointer
 miPointerConstrainCursor: Invalid input device pointer

I think these messages come from the 169_mipointer_nullptr_checks.patch.

Links :
 * https://bugs.launchpad.net/ubuntu/+source/nvidia-graphics-drivers-180/+bug/363375 (see comment 6)
 * https://bugs.launchpad.net/ubuntu/+source/xorg-server/+bug/324465

Thanks...