The bug has been opened on https://launchpad.net/bugs/94737 "Binary package hint: gdm crash when I used xdmcp server ... libx11-6 2:1.1.1-1ubuntu1 ... http://librarian.launchpad.net/6898243/ThreadStacktrace.txt ThreadStacktrace.txt ..." Debug backtrace for the crash: 206 map->syms[offset]= 0; (gdb) thread apply all bt full Thread 1 (process 5372): #0 0xb76df41b in _XkbReadGetMapReply (dpy=0x8086108, rep=0xbf8e97a4, xkb=0x8557fc0, nread_rtrn=0x0) at ../../../src/xkb/XKBGetMap.c:206 sz = <value optimized out> prev_syms = (KeySym *) 0x855c7b8 extraData = <value optimized out> mask = <value optimized out> #1 0xb76df864 in _XkbHandleGetMapReply (dpy=0x8086108, xkb=0x8557fc0) at ../../../src/xkb/XKBGetMap.c:526 rep = {type = 1 '\001', deviceID = 4 '\004', sequenceNumber = 843, length = 1010, pad1 = 0, minKeyCode = 8 '\b', maxKeyCode = 255 '�', present = 71, firstType = 0 '\0', nTypes = 18 '\022', totalTypes = 18 '\022', firstKeySym = 8 '\b', totalSyms = 289, nKeySyms = 248 '�', firstKeyAct = 0 '\0', totalActs = 0, nKeyActs = 0 '\0', firstKeyBehavior = 0 '\0', nKeyBehaviors = 0 '\0', totalKeyBehaviors = 0 '\0', firstKeyExplicit = 0 '\0', nKeyExplicit = 0 '\0', totalKeyExplicit = 0 '\0', firstModMapKey = 8 '\b', nModMapKeys = 248 ' totalModMapKeys = 14 '\016', firstVModMapKey = 0 '\0', nVModMapKeys = 0 '\0', totalVModMapKeys = 0 '\0', pad2 = 0 '\0', virtualMods = 65535} #2 0xb76e0204 in XkbGetUpdatedMap (dpy=0x8086108, which=71, xkb=0x8557fc0) at ../../../src/xkb/XKBGetMap.c:543 req = <value optimized out> status = 0 #3 0xb76e02c4 in XkbGetMap (dpy=0x8086108, which=71, deviceSpec=256) at ../../../src/xkb/XKBGetMap.c:561 xkb = (XkbDescPtr) 0x8557fc0 #4 0xb7bd4950 in get_xkb (keymap_x11=0x855a038) at gdkkeys-x11.c:256 display_x11 = (GdkDisplayX11 *) 0x808e098 xdisplay = (Display *) 0x8086108 #5 0xb7bd4f3f in update_direction (keymap_x11=0x85c3ae8, group=65825) at gdkkeys-x11.c:591 xkb = <value optimized out> group_atom = 0 #6 0xb7bd5178 in IA__gdk_keymap_get_direction (keymap=0x855a038) at gdkkeys-x11.c:713 state_rec = {group = 0 '\0', locked_group = 0 '\0', base_group = 0, latched_group = 0, mods = 0 '\0', base_mods = 0 '\0', latched_mods = 0 '\0', locked_mods = 0 '\0', compat_state = 0 '\0', grab_mods = 0 '\0', compat_grab_mods = 0 '\0', lookup_mods = 0 '\0', compat_lookup_mods = 0 '\0', ptr_buttons = 0} __PRETTY_FUNCTION__ = "IA__gdk_keymap_get_direction" #7 0xb7ccfb25 in gtk_entry_ensure_layout (entry=0x82080a8, include_preedit=1) at gtkentry.c:3251 No locals. #8 0xb7cd3033 in gtk_entry_adjust_scroll (entry=0x82080a8) at gtkentry.c:3705 min_offset = <value optimized out> max_offset = <value optimized out> text_area_width = 152 text_width = <value optimized out> inner_border = {left = 2, right = 2, top = 2, bottom = 2} strong_x = <value optimized out> weak_x = <value optimized out> strong_xoffset = <value optimized out> weak_xoffset = <value optimized out> xalign = 1.9375 layout = <value optimized out> ---Type <return> to continue, or q <return> to quit--- logical_rect = {x = 136347816, y = 1079488016, width = -1218125536, height = -1208607828} #9 0xb7cd31c7 in recompute_idle_func (data=0x82080a8) at gtkentry.c:3111 entry = (GtkEntry *) 0x85c3ae8 #10 0xb78db091 in g_idle_dispatch (source=0x8556bf0, callback=0x10121, user_data=0x82080a8) at gmain.c:3928 No locals. #11 0xb78dcdf2 in IA__g_main_context_dispatch (context=0x80953c0) at gmain.c:2045 No locals. #12 0xb78dfdcf in g_main_context_iterate (context=0x80953c0, block=1, dispatch=1, self=0x80a3d18) at gmain.c:2677 got_ownership = <value optimized out> max_priority = 115 timeout = 0 some_ready = 1 nfds = <value optimized out> allocated_nfds = <value optimized out> fds = (GPollFD *) 0x8096df0 __PRETTY_FUNCTION__ = "g_main_context_iterate" #13 0xb78e0179 in IA__g_main_loop_run (loop=0x8517778) at gmain.c:2881 got_ownership = 0 self = (GThread *) 0x80a3d18 __PRETTY_FUNCTION__ = "IA__g_main_loop_run" #14 0xb7d4c044 in IA__gtk_main () at gtkmain.c:1177 tmp_list = (GList *) 0x0 functions = (GList *) 0x0 init = (GtkInitFunction *) 0x0 loop = (GMainLoop *) 0x8517778 #15 0x08051925 in ?? () No symbol table info available. #16 0x0854f320 in ?? () No symbol table info available. #17 0x080992b0 in ?? () No symbol table info available. #18 0x080526b0 in ?? () No symbol table info available. #19 0x00000000 in ?? () No symbol table info available. (gdb) p *xkb->map->syms $1 = 0
what's the value of offset at the time, and what are xkb->map->{num,size}_syms?
(gdb) p xkb->map $1 = (XkbClientMapPtr) 0x853c0f0 (gdb) p xkb->map->num_syms $2 = 0 (gdb) p xkb->map->size_syms $3 = 6144 (gdb) p offset No symbol "offset" in current context. Do you have any idea why the offset value is not available?
Egh, size_syms is clearly bogus. offset won't be available if the loop gets unrolled, IIRC. Depends on the level of optimisation.
Following downstream in closing due to lack of response and reproducibility.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.