Bug 20081 - SIGSEGV, Segmentation fault when using USB KVM Switch with Openoffice running
Summary: SIGSEGV, Segmentation fault when using USB KVM Switch with Openoffice running
Status: RESOLVED DUPLICATE of bug 21464
Alias: None
Product: xorg
Classification: Unclassified
Component: App/xkbcomp (show other bugs)
Version: unspecified
Hardware: Other All
: medium normal
Assignee: Peter Hutterer
QA Contact: Xorg Project Team
URL: http://lists.freedesktop.org/archives...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-02-12 06:04 UTC by Kevin Johnson
Modified: 2009-05-27 03:17 UTC (History)
2 users (show)

See Also:
i915 platform:
i915 features:

Attachments
0001-xkb-Fix-wrong-colour-reference-in-XKB-geometry-copy.patch (1.24 KB, patch)
2009-02-12 16:21 UTC, Peter Hutterer 		no flags Details | Splinter Review
xkb_debug_output.patch (2.11 KB, patch)
2009-03-15 18:43 UTC, Peter Hutterer 		no flags Details | Splinter Review
Log of a crashed X session, with xdb_debug patch applied (10.19 KB, text/plain)
2009-03-16 01:52 UTC, Rogutės Sparnuotos 		no flags Details
View All

Description Kevin Johnson 2009-02-12 06:04:12 UTC 
I can reproduce this 9 out of 10 times.

unning two different desktop computers, each with their own monitor, but with only one keyboard / mouse. I am using a Belkin KVM switch to control the keyboard / mouse function between the two. The switch has USB inputs and USB outputs.

I am running Fedora10 (F1)0) on each desktop computer. Each has a different NVIDIA Quadro card installed, and I am running NVIDIA drivers (different version of each because the one card is not supported anymore).

Everything works fine, until I launch OpenOffice on either computer. At that point, when I use the KVM to switch mouse / keyboard to the other desktop X will crash. I have not been able to reproduce this with anything other than the OpenOffice suite of applications.

It has something to do with the evdev module.... here is the backtrace in the Xorg.0.log

(EE) Belkin Corporation Flip CC: Read error: No such device
(II) config/hal: removing device Belkin Corporation Flip CC
(II) Belkin Corporation Flip CC: Close
(II) UnloadModule: "evdev"
(EE) Dell Dell USB Keyboard: Read error: No such device
(II) config/hal: removing device Dell Dell USB Keyboard
(II) Dell Dell USB Keyboard: Close
(II) UnloadModule: "evdev"
(II) config/hal: Adding input device Belkin Corporation Flip KVM
(**) Belkin Corporation Flip KVM: always reports core events
(**) Belkin Corporation Flip KVM: Device: "/dev/input/event3"
(II) Belkin Corporation Flip KVM: Found 5 mouse buttons
(II) Belkin Corporation Flip KVM: Found x and y relative axes
(II) Belkin Corporation Flip KVM: Configuring as mouse
(**) Belkin Corporation Flip KVM: YAxisMapping: buttons 4 and 5
(**) Belkin Corporation Flip KVM: EmulateWheelButton: 4, EmulateWheelInertia: 10, EmulateWheelTimeout: 200
(II) XINPUT: Adding extended input device "Belkin Corporation Flip KVM" (type: MOUSE)
(II) config/hal: Adding input device Belkin Corporation Flip KVM
(**) Belkin Corporation Flip KVM: always reports core events
(**) Belkin Corporation Flip KVM: Device: "/dev/input/event7"
(II) Belkin Corporation Flip KVM: Found keys
(II) Belkin Corporation Flip KVM: Configuring as keyboard
(II) XINPUT: Adding extended input device "Belkin Corporation Flip KVM" (type: KEYBOARD)
(**) Option "xkb_rules" "evdev"
(**) Belkin Corporation Flip KVM: xkb_rules: "evdev"
(**) Option "xkb_model" "pc105+inet"
(**) Belkin Corporation Flip KVM: xkb_model: "pc105+inet"
(**) Option "xkb_layout" "us"
(**) Belkin Corporation Flip KVM: xkb_layout: "us"

Backtrace:
0: /usr/bin/Xorg(xorg_backtrace+0x26) [0x4e7a26]
1: /usr/bin/Xorg(xf86SigHandler+0x39) [0x47a679]
2: /lib64/libc.so.6 [0x33dac32f90]
3: /usr/bin/Xorg(XkbStringText+0x1c) [0x56711c]
4: /usr/bin/Xorg(XkbWriteXKBGeometry+0x191) [0x5587d1]
5: /usr/bin/Xorg(XkbWriteXKBKeymapForNames+0x5bb) [0x557d1b]
6: /usr/bin/Xorg(XkbDDXLoadKeymapByNames+0x18a) [0x561cba]
7: /usr/bin/Xorg(ProcXkbGetKbdByName+0x3ab) [0x53fb2b]
8: /usr/bin/Xorg(Dispatch+0x364) [0x4468d4]
9: /usr/bin/Xorg(main+0x45d) [0x42cd1d]
10: /lib64/libc.so.6(__libc_start_main+0xe6) [0x33dac1e576]
11: /usr/bin/Xorg [0x42c0f9]

Fatal server error:
Caught signal 11.  Server aborting

(II) Power Button (FF): Close
(II) UnloadModule: "evdev"
(II) Power Button (CM): Close
(II) UnloadModule: "evdev"
(II) Macintosh mouse button emulation: Close
(II) UnloadModule: "evdev"
(II) USB Optical Mouse: Close
(II) UnloadModule: "evdev"
(II) Belkin Corporation Flip KVM: Close
(II) UnloadModule: "evdev"
(II) Belkin Corporation Flip KVM: Close
(II) UnloadModule: "evdev"



Also, here is my xorg.conf

[root@cio11-6305z usr]# cat /etc/X11/xorg.conf
# nvidia-xconfig: X configuration file generated by nvidia-xconfig
# nvidia-xconfig:  version 1.0  (buildmeister@builder58)  Thu Jul 17 18:39:00 PDT 2008

# Xorg configuration created by system-config-display

Section "ServerLayout"
    Identifier     "single head configuration"
    Screen      0  "Screen0" 0 0
#    InputDevice    "Mouse0" "CorePointer"
#    InputDevice    "Keyboard0" "CoreKeyboard"
EndSection

#Section "InputDevice"
    # generated from default
#    Identifier     "Mouse0"
#    Driver         "mouse"
#    Option         "Protocol" "auto"
#    Option       "Protocol" "ImPS/2"
#    Option         "Device" "/dev/input/mice"
#    Option         "Emulate3Buttons" "no"
#    Option         "ZAxisMapping" "4 5"
#EndSection

#Section "InputDevice"

# keyboard added by rhpxl
#    Identifier     "Keyboard0"
#    Driver         "kbd"
#    Option         "XkbModel" "pc105"
#    Option         "XkbLayout" "us"
#EndSection

Section "Monitor"
    Identifier     "Monitor0"
    VendorName     "Unknown"
    ModelName      "Unknown"
    HorizSync       30.0 - 110.0
    VertRefresh     50.0 - 150.0
    Option         "DPMS"
EndSection

Section "Device"
    Identifier     "Videocard0"
    Driver         "nvidia"
EndSection

Section "Screen"
    Identifier     "Screen0"
    Device         "Videocard0"
    Monitor        "Monitor0"
    DefaultDepth    24
    Option         "TwinView" "True"
    Option         "MetaModes" "nvidia-auto-select, nvidia-auto-select"
    SubSection     "Display"
        Viewport    0 0
        Depth       24
        Modes      "1280x960" "1152x864" "1024x768" "832x624" "800x600" "720x400" "640x480"
    EndSubSection
EndSection


and here are related packages:
openoffice.org-graphicfilter-3.0.1-15.2.fc10.x86_64
openoffice.org-brand-3.0.1-15.2.fc10.x86_64
openoffice.org-xsltfilter-3.0.1-15.2.fc10.x86_64
openoffice.org-ure-3.0.1-15.2.fc10.x86_64
openoffice.org-math-3.0.1-15.2.fc10.x86_64
openoffice.org-pdfimport-3.0.1-15.2.fc10.x86_64
openoffice.org-core-3.0.1-15.2.fc10.x86_64
openoffice.org-impress-core-3.0.1-15.2.fc10.x86_64
openoffice.org-impress-3.0.1-15.2.fc10.x86_64
openoffice.org-math-core-3.0.1-15.2.fc10.x86_64
openoffice.org-calc-core-3.0.1-15.2.fc10.x86_64
openoffice.org-presenter-screen-3.0.1-15.2.fc10.x86_64
openoffice.org-calc-3.0.1-15.2.fc10.x86_64
openoffice.org-draw-core-3.0.1-15.2.fc10.x86_64
openoffice.org-langpack-en-3.0.1-15.2.fc10.x86_64
openoffice.org-writer-core-3.0.1-15.2.fc10.x86_64
openoffice.org-draw-3.0.1-15.2.fc10.x86_64
openoffice.org-writer-3.0.1-15.2.fc10.x86_64

xorg-x11-server-Xorg-1.5.3-6.fc10.x86_64
xorg-x11-server-common-1.5.3-6.fc10.x86_64
xorg-x11-server-utils-7.4-3.fc10.x86_64

xorg-x11-drv-evdev-2.1.0-1.fc10.x86_64

glibc-headers-2.9-3.x86_64
glibc-common-2.9-3.x86_64
glibc-devel-2.9-3.x86_64
glibc-2.9-3.x86_64


Suggestion was made to hook up gdb and run backtrace -- here are the results

Received signal SIGSEGV, Segmentation fault.
XkbStringText (str=0x21 <Address 0x21 out of bounds>, format=2) at xkbtext.c:526
526        for (ok= True,len=0,in=str;*in!='\0';in++,len++) {
(gdb)
Continuing.

Program received signal SIGABRT, Aborted.
0x00000033dac32f05 in raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
64      return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);
Missing separate debuginfos, use: debuginfo-install libgcc-4.3.2-7.x86_64
(gdb) bt
#0  0x00000033dac32f05 in raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x00000033dac34a73 in abort () at abort.c:88
#2  0x00000000004613f9 in ddxGiveUp () at xf86Init.c:1483
#3  0x00000000004f208d in AbortServer () at log.c:407
#4  0x00000000004f2755 in FatalError (f=0x56f4f0 "Caught signal %d.  Server aborting\n") at log.c:553
#5  0x000000000047a689 in xf86SigHandler (signo=11) at xf86Events.c:593
#6  <signal handler called>
#7  XkbStringText (str=0x21 <Address 0x21 out of bounds>, format=2) at xkbtext.c:526
#8  0x000000000055879a in XkbWriteXKBGeometry (file=0x7fd5f046c8c0, xkb=0x1580e90, topLevel=0,
    showImplicit=0, addOn=0x557fe0 <_AddIncl>, priv=0x7fd5f0d90820) at xkbout.c:831
#9  0x0000000000557d1b in XkbWriteXKBKeymapForNames (file=0x7fd5f046c8c0, names=0x7fffffa6cde0,
    xkb=0x1580e90, want=<value optimized out>, need=63) at xkbfmisc.c:346
#10 0x0000000000561cba in XkbDDXCompileKeymapByNames () at ddxLoad.c:259
#11 XkbDDXLoadKeymapByNames (keybd=<value optimized out>, names=0x7fffffa6cde0, want=127, need=63,
    xkbRtrn=0x7fffffa6cee8, nameRtrn=0x7fffffa6cf00 "", nameRtrnLen=4096) at ddxLoad.c:357
#12 0x000000000053fb2b in ProcXkbGetKbdByName (client=0x7fd5f0f2d190) at xkb.c:5642
#13 0x00000000004468d4 in Dispatch () at dispatch.c:454
#14 0x000000000042cd1d in main (argc=9, argv=0x7fffffa6e0d8, envp=<value optimized out>) at main.c:441
Comment 1 Peter Hutterer 2009-02-12 15:16:29 UTC 
We've seen this bug in Fedora 10, but haven't been able to track it down yet.
https://bugzilla.redhat.com/show_bug.cgi?id=469572

In the meantime, this (incorrect!) patch may help.

From b4b000a22c40692d0da9023b77b6638c85d2ee32 Mon Sep 17 00:00:00 2001
From: Peter Hutterer <peter.hutterer@redhat.com>
Date: Fri, 9 Jan 2009 09:17:53 +1000
Subject: [PATCH] xkb: always fail writing XKB geometries (479122)

This is unlikely the right fix, but oh well.
---
 xkb/xkbout.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/xkb/xkbout.c b/xkb/xkbout.c
index 229cc92..eed49a1 100644
--- a/xkb/xkbout.c
+++ b/xkb/xkbout.c
@@ -806,6 +806,9 @@ XkbGeometryPtr              geom;
        _XkbLibError(_XkbErrMissingGeometry,"XkbWriteXKBGeometry",0);
        return False;
     }
+
+    return False;
+
     geom= xkb->geom;
     if (geom->name==None)
         fprintf(file,"xkb_geometry {\n\n");
-- 
1.6.0.6
Comment 2 Peter Hutterer 2009-02-12 16:21:08 UTC 
Created attachment 22875 [details] [review]
0001-xkb-Fix-wrong-colour-reference-in-XKB-geometry-copy.patch

That should do it, please give it a test.
Comment 3 Peter Hutterer 2009-02-16 14:17:03 UTC 
Fix pushed as f5bf1fdaf36163d5c2f1b9b51df96326ebbb0e9c. Please reopen if the bug persists.
Comment 4 Kevin Johnson 2009-02-18 07:36:03 UTC 
I used RPMs which you posted on the RedHat bugzilla bug and it seems to have worked.  Using these rpms:

38953 2009-02-17 08:45 xorg-x11-server-common-1.5.3-12.fc10.x86_64.rpm
1581802 2009-02-17 08:45 xorg-x11-server-Xorg-1.5.3-12.fc10.x86_64.rpm

Thanks again.
Comment 5 Peter Hutterer 2009-02-18 13:14:50 UTC 
Thanks for the confirmation.
Comment 6 Rogutės Sparnuotos 2009-03-15 11:53:27 UTC 
Why wasn't the patch included with X Server 1.6.0?

Anyway, after upgrading to 1.6.0 and still experiencing X crashes, I've applied the colour-reference patch...to no avail, unfortunately. With 1.6.0, it is now even easier to reproduce here:
  setxkbmap -layout lt
  setxkbmap -layout us
  setxkbmap -layout lt

and voila:
Errors from xkbcomp are not fatal to the X server
[xkb] BOGUS LENGTH in write keyboard desc, expected 5928, got 5944

Backtrace:
0: /usr/bin/X(xorg_backtrace+0x3b) [0x8132a1b]
1: /usr/bin/X(xf86SigHandler+0x51) [0x80d3fc1]
2: [0xb8075400]
3: /lib/libc.so.6(cfree+0x9c) [0xb7c9f7bc]
4: /usr/bin/X(Xfree+0x21) [0x8136691]
5: /usr/bin/X [0x8192041]
6: /usr/bin/X(ProcXkbGetKbdByName+0xcfc) [0x8195c8c]
7: /usr/bin/X [0x819c608]
8: /usr/bin/X(Dispatch+0x33f) [0x808cd3f]
9: /usr/bin/X(main+0x3bd) [0x8071f3d]
10: /lib/libc.so.6(__libc_start_main+0xe5) [0xb7c486c5]
11: /usr/bin/X [0x8071401]
Comment 7 Peter Hutterer 2009-03-15 15:05:16 UTC 
(In reply to comment #6)
> Why wasn't the patch included with X Server 1.6.0?

weird. it was nominated and labeled as merged. anyway - renominated for 1.6.1
Comment 8 Rogutės Sparnuotos 2009-03-15 16:59:21 UTC 
I don't want to be bothersome, but I feel that my comment failed to
communicate the fact that I am still seeing the bug on 1.6.0 AND with
xkb-Fix-wrong-colour-reference-in-XKB-geometry-copy.patch applied.

Could I be seeing another bug? A local case? Is there anything I could
do to help track it down (I really want to be able to use setxkbmap)?

By the way, the 'incorrect' patch from #1 doesn't help either.

I've tried to do add some printf's, but didn't go far with them: I've
only found out that X crashes just after calling xfree
  xfree((char *)start);
in xkb.c:1409 (at the end of XkbSendMap function).
Comment 9 Peter Hutterer 2009-03-15 18:43:09 UTC 
Created attachment 23890 [details] [review]
xkb_debug_output.patch

thanks, I did notice that but I needed to look into it first. Can't reproduce it here, unfortunately, so we need your help. Some memory seems to get corrupted here, the length calculation is incorrect. It'd probably help to figure out which one. Can you apply this patch please and post the output. This should tell us which field writes more than it should.
Comment 10 Rogutės Sparnuotos 2009-03-16 01:52:55 UTC 
Created attachment 23906 [details]
Log of a crashed X session, with xdb_debug patch applied

I ran startx (and xmonad was run from .xinitrc), opened urxvt and typed this:
setxkbmap -layout us
setxkbmap -layout lt
setxkbmap -layout us

...and it crashed.
Comment 11 Rogutės Sparnuotos 2009-03-16 02:07:33 UTC 
Probably it doesn't matter here, but I reproduced the crash with a simpler Logitech USB keyboard, which produced mostly the same log.
Comment 12 Roman 2009-03-17 07:18:30 UTC 
I have the same problem on my box under
Linux echo-roman 2.6.27.19-3.2-pae #1 SMP 2009-02-25 15:40:44 +0100 i686 i686 i386 GNU/Linux
I use nvidia binary driver 180.29 (the problem have been seen on all 180.xx and some 177.?? version) with X server 1.5.2 in twin view. No Compiz.
I do not use KVM switch, so the summary is wrong with it.

Please, give a workaround or fix. It is very annoying.. :-(

part of lspci:
01:00.0 VGA compatible controller: nVidia Corporation G72 [GeForce 7300 LE] (rev a1) (prog-if 00 [VGA controller])
	Subsystem: Micro-Star International Co., Ltd. Device 034b
	Flags: bus master, fast devsel, latency 0, IRQ 16
	Memory at e1000000 (32-bit, non-prefetchable) [size=16M]
	Memory at d0000000 (64-bit, prefetchable) [size=256M]
	Memory at e0000000 (64-bit, non-prefetchable) [size=16M]
	Capabilities: [60] Power Management version 2
	Capabilities: [68] Message Signalled Interrupts: Mask- 64bit+ Count=1/1 Enable-
	Capabilities: [78] Express Endpoint, MSI 00
	Capabilities: [100] Virtual Channel <?>
	Capabilities: [128] Power Budgeting <?>
	Kernel driver in use: nvidia
	Kernel modules: nvidia, nvidiafb
Comment 13 Roman 2009-03-17 07:24:27 UTC 
Triple setxkbmap does not triggers crash but after the crash happens I have message on tty7 saying glibc detected double free or corruption and then a backtrace. It calls ProcXkbGetKbdByName and then xfree and ends up in libc cfree. Hope it helps.
Comment 14 Julien Cristau 2009-05-27 03:17:10 UTC 
Looks like the same issue as #21464, so marking as dupe.

*** This bug has been marked as a duplicate of bug 21464 ***

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.