running 'xterm' crashes X server

Are you using lightdm or gdm?

Can you attach your .xsession-errors file from after reproducing the bug?

You mentioned the regression started just recently; could you narrow down on a date range? We haven't had much change in X, so it's possible the bug is due to something else; knowing roughly when the regression started we can examine your dpkg.log to see what might be causing it. I'm attaching a parsed list of packages that you upgraded in the past couple days.

I notice there was a kernel upgrade in this period; you could try booting into 3.0.0-8 and see if you can reproduce it there (hold down the left shift during boot to bring up the kernel boot menu).

.xsession-errors after crash/endsession attached.

this is with GDM.

pretty sure this was working approximately 2 weeks ago, but not sure exactly when it got broken.

left shift during boot didn't seem to bring up the kernel boot menu; will try again, possible I got the timing of it wrong.

Quoting Joe Barnett <email address hidden>:

> Public bug reported:
>
> As of relatively recently in onieric, if I run xterm, my X session ends
> abruptly.
>
> tested with gnome-shell's alt+f2 runner as well as running from within a
> gnome-terminal command line.
>
> ProblemType: Bug
> DistroRelease: Ubuntu 11.10
> Package: xterm 271-1ubuntu2
> ProcVersionSignature: Ubuntu 3.0.0-9.12-generic 3.0.3
> Uname: Linux 3.0.0-9-generic x86_64
> Architecture: amd64
> CompizPlugins:

This sounds like yet another bug in compiz.

--
Thomas E. Dickey
http://invisible-island.net
ftp://invisible-island.net

... except i'm running gnome-shell/mutter, not compiz...

On Mon, 22 Aug 2011, Joe Barnett wrote:

> .... except i'm running gnome-shell/mutter, not compiz...

The description I read of it sounded as if it uses much of the same code.
(I would comment directly on it, but 11.04 is the latest Ubuntu I've
installed so far, and it refused to run Unity in a VM - and most of
the Ubuntu reports I've seen in the past year have been compiz-related).

--
Thomas E. Dickey
http://invisible-island.net
ftp://invisible-island.net

@Thomas, it does sound like a compiz bug, however "CompositorRunning: None" indicates no compiz. (I thought that would detect gnome-shell/mutter too but perhaps not). In any case, GdmLog2.txt shows:

*** glibc detected *** /usr/bin/Xorg: free(): corrupted unsorted chunks: 0x0000000002b844c0 ***
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x78a96)[0x7f2b9762ba96]
/lib/x86_64-linux-gnu/libc.so.6(cfree+0x6c)[0x7f2b9762fd7c]
/usr/bin/Xorg(DeletePassiveGrab+0x40)[0x445df0]
/usr/bin/Xorg(FreeResource+0x124)[0x44e2c4]
/usr/bin/Xorg(DeletePassiveGrabFromList+0x182)[0x4461a2]
/usr/bin/Xorg(AddPassiveGrabToList+0x22d)[0x44675d]
/usr/bin/Xorg(ProcGrabButton+0x212)[0x43b8d2]
/usr/bin/Xorg[0x42fb39]
/usr/bin/Xorg[0x4232ae]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xed)[0x7f2b975d430d]
/usr/bin/Xorg[0x42359d]

Which is why I asked about lightdm vs. gdm. That log shows a 8/12 build date on xserver, which seems to correspond with the timeframe of 2 weeks. So, while xterm might be triggering it, it's looking more like an xserver bug to me.

@Joe, could you collect a full backtrace on this bug? I think it'd provide some better details than was captured in that log.

See http://wiki.ubuntu.com/X/Backtracing for guidance on collecting backtraces. In this case I think skip the apport bits, and use gdb directly.

debug bt attached

not sure if related, but as of today* noticing weird potentially damage-related issues in gnome-terminal/chromium-browser:

if i have two tabs open and switch between them, the terminal/tab display doesn't always update. Sometimes only the tab contents get repainted, sometimes only the tab itself, sometimes neither. if I then unfocus the window, the terminal gets repainted appropriately. let me know if I should file a separate bug for that.

* possibly related to mutter/clutter upgrade? unclear to me...

Hmm, the code is failing on this line in exa_migration_mixed.c in the server:

            pExaPixmap->sys_ptr = malloc(pExaPixmap->sys_pitch *
                                         pPixmap->drawable.height);

However the backtrace doesn't indicate what the values are for sys_pitch or drawable.height, so it's unclear why malloc would fail here.

Can you tell me more about your setup? What makes it unusual compared with a stock Ubuntu instance? Any ideas why memory allocation might be failing?

Also, you mentioned that you saw this "relatively recently" - is your implication that this used to work in oneiric and regressed recently? If so, can you give an estimate as to roughly what day (or range of days) the regression began for you?

You mention gnome-shell... are you able to reproduce this bug *only* in gnome-shell, or do you see it under other window managers like unity or unity-2d?

Nothing particularly unusual I think... gfx card is a ATI Technologies Inc Broadway PRO [Mobility Radeon HD 5800 Series]; probably most unusual part of setup is 1920x1080 laptop screen attached to 1920x1200 monitor. Definitely no idea why malloc would fail.

This worked in oneiric until around when bug report was filed (definitely worked ~2 weeks beforehand, then didn't test for a week, then failed). It also worked in natty, although I just remembered that I was seeing the same behavior towards the end of the natty xorg-edgers updates. It fixed when purging xorg-edgers ppa, and then remained fixed on upgrade to oneiric.

will test with gnome-panel/unity/unity2d later today and let you know. Am also able/willing to do any other testing that would help track this down, as its 100% reproducible by starting xterm (and I've also seen X crash more randomly when, for example, opening a new chromium-browser instance).

ok, right now getting X to freeze/lock up instead of exit when starting xterm. tested in gnome-panel, gnome-shell, and unity sessions

also seeing this in /var/log/Xorg.0.log and /var/log/Xorg.0.log.old (should correspond to gnome-panel and unity attempts, respectively):

/var/log/Xorg.0.log:

[ 253.514]
Backtrace:
[ 253.533] 0: /usr/bin/Xorg (xorg_backtrace+0x26) [0x460436]
[ 253.533] 1: /usr/bin/Xorg (0x400000+0x64a4a) [0x464a4a]
[ 253.533] 2: /lib/x86_64-linux-gnu/libpthread.so.0 (0x7fda9cff3000+0x10040) [0x7fda9d003040]
[ 253.533] 3: /lib/x86_64-linux-gnu/libc.so.6 (0x7fda9bf0e000+0x7a29b) [0x7fda9bf8829b]
[ 253.533] 4: /lib/x86_64-linux-gnu/libc.so.6 (__libc_malloc+0x6d) [0x7fda9bf8a77d]
[ 253.533] 5: /usr/lib/xorg/modules/libexa.so (0x7fda9943e000+0x8e54) [0x7fda99446e54]
[ 253.533] 6: /usr/lib/xorg/modules/libexa.so (0x7fda9943e000+0x13337) [0x7fda99451337]
[ 253.533] 7: /usr/bin/Xorg (0x400000+0xdd33a) [0x4dd33a]
[ 253.533] 8: /usr/bin/Xorg (0x400000+0xe109d) [0x4e109d]
[ 253.534] 9: /usr/bin/Xorg (doImageText+0x23f) [0x4316cf]
[ 253.534] 10: /usr/bin/Xorg (ImageText+0x40) [0x432b40]
[ 253.534] 11: /usr/bin/Xorg (0x400000+0x2d222) [0x42d222]
[ 253.534] 12: /usr/bin/Xorg (0x400000+0x2fb39) [0x42fb39]
[ 253.534] 13: /usr/bin/Xorg (0x400000+0x232ae) [0x4232ae]
[ 253.534] 14: /lib/x86_64-linux-gnu/libc.so.6 (__libc_start_main+0xed) [0x7fda9bf2f30d]
[ 253.534] 15: /usr/bin/Xorg (0x400000+0x2359d) [0x42359d]
[ 253.534] Segmentation fault at address (nil)
[ 253.534]
Caught signal 11 (Segmentation fault). Server aborting
[ 253.534]
Please consult the The X.Org Foundation support
         at http://wiki.x.org
 for help.
[ 253.534] Please also check the log file at "/var/log/Xorg.0.log" for additional information.
[ 253.534]
[ 257.818] [mi] EQ overflowing. The server is probably stuck in an infinite loop.
[ 257.818]
Backtrace:
[ 257.836] 0: /usr/bin/Xorg (xorg_backtrace+0x26) [0x460436]
[ 257.836] 1: /usr/bin/Xorg (mieqEnqueue+0x201) [0x45a891]
[ 257.836] 2: /usr/bin/Xorg (xf86PostMotionEventM+0xa3) [0x480463]
[ 257.836] 3: /usr/lib/xorg/modules/input/evdev_drv.so (0x7fda9644f000+0x5f23) [0x7fda96454f23]
[ 257.836] 4: /usr/lib/xorg/modules/input/evdev_drv.so (0x7fda9644f000+0x65fb) [0x7fda964555fb]
[ 257.836] 5: /usr/bin/Xorg (0x400000+0x6d947) [0x46d947]
[ 257.836] 6: /usr/bin/Xorg (0x400000+0x121b9e) [0x521b9e]
[ 257.836] 7: /lib/x86_64-linux-gnu/libpthread.so.0 (0x7fda9cff3000+0x10040) [0x7fda9d003040]
[ 257.836] 8: /lib/x86_64-linux-gnu/libc.so.6 (0x7fda9bf0e000+0xefb8e) [0x7fda9bffdb8e]
[ 257.836] 9: /lib/x86_64-linux-gnu/libc.so.6 (0x7fda9bf0e000+0x7e9df) [0x7fda9bf8c9df]
[ 257.836] 10: /lib/x86_64-linux-gnu/libc.so.6 (cfree+0x61) [0x7fda9bf8ad71]
[ 257.836] 11: /usr/bin/Xorg (0x400000+0x6bc62) [0x46bc62]
[ 257.837] 12: /usr/bin/Xorg (0x400000+0x6c0e4) [0x46c0e4]
[ 257.837] 13: /usr/bin/Xorg (CloseWellKnownConnections+0x2f) [0x460f1f]
[ 257.837] 14: /usr/bin/Xorg (0x400000+0x639a8) [0x4639a8]
[ 257.837] 15: /usr/bin/Xorg (0x400000+0x645b3) [0x4645b3]
[ 257.837] 16: /lib/x86_64-linux-gnu/libpthread.so.0 (0x7fda9cff3000+0x10040) [0x7fda9d003040]
[ 2...

hmm.... is working again now; not sure what changed?!

Hey thejoe,

Hi, thanks for reporting this issue during the development period of
Ubuntu.

I notice there's not been further comments to the bug report since the
release came out, would you mind updating us on the status of it in the
release?

Are you still able to reproduce the issue? If not, do you think the bug
report can be closed, or do you think we should continue tracking it?

ok with closing this one, haven't seen since 2011-09-12 on oneiric

[Expired for xorg-server (Ubuntu) because there has been no activity for 60 days.]