When using the microsoft comfort curved usb keyboard 2000, an x server crash can be triggered on exit via ctrl-alt-backspace, kill, end of session, etc. Original reporter's bug report: https://bugs.launchpad.net/ubuntu/+source/xserver-xorg-video-intel/+bug/205979 Xorg.0.log: http://launchpadlibrarian.net/12838947/Xorg.0.log.old xorg.conf: http://launchpadlibrarian.net/12838951/xorg.conf Program received signal SIGSEGV, Segmentation fault. 0xb7d8f39c in free () from /lib/tls/i686/cmov/libc.so.6 (gdb) backtrace full #0 0xb7d8f39c in free () from /lib/tls/i686/cmov/libc.so.6 No symbol table info available. #1 0x081b88f1 in Xfree (ptr=0x1180002) at ../../os/utils.c:1466 No locals. #2 0x081aa7c0 in _XkbFreeGeomLeafElems (freeAll=<value optimized out>, first=<value optimized out>, count=17, num_inout=0x82652bc, sz_inout=0x82652be, elems=0x82652c4, elem_sz=8) at ../../xkb/XKBGAlloc.c:62 No locals. #3 0x081aa85c in _XkbClearRow (row_in=0x0) at ../../xkb/XKBGAlloc.c:342 No locals. #4 0x081aa29d in _XkbFreeGeomNonLeafElems (freeAll=1, first=0, count=4, num_inout=0x8264fc8, sz_inout=0x8264fce, elems=0x8264fd4, elem_sz=24, freeFunc=0x81aa820 <_XkbClearRow>) at ../../xkb/XKBGAlloc.c:119 i = 2 ptr = 0x82652b8 "])" #5 0x081aa409 in SrvXkbFreeGeomRows (section=0x8264fb8, first=0, count=4, freeAll=1) at ../../xkb/XKBGAlloc.c:349 No locals. #6 0x081aa451 in _XkbClearSection (section_in=0x8264fb8 "�") at ../../xkb/XKBGAlloc.c:363 No locals. #7 0x081aa29d in _XkbFreeGeomNonLeafElems (freeAll=1, first=0, count=7, num_inout=0x82643e6, sz_inout=0x82643da, elems=0x82643f8, elem_sz=48, freeFunc=0x81aa410 <_XkbClearSection>) at ../../xkb/XKBGAlloc.c:119 i = 3 ptr = 0x8264fb8 "�" #8 0x081aa3b9 in SrvXkbFreeGeomSections (geom=0x82643c0, first=0, count=7, freeAll=1) at ../../xkb/XKBGAlloc.c:374 No locals. #9 0x081aaacf in SrvXkbFreeGeometry (geom=0x82643c0, which=63, freeMap=1) at ../../xkb/XKBGAlloc.c:443 No locals. #10 0x081a8ca1 in SrvXkbFreeKeyboard (xkb=0x8279528, which=127, freeAll=1) at ../../xkb/XKBAlloc.c:328 No locals. #11 0x08196c1f in XkbFreeInfo (xkbi=0x827a550) at ../../xkb/xkbInit.c:820 No locals. #12 0x08085a1f in CloseDevice (dev=0x8260258) at ../../dix/devices.c:530 k = <value optimized out> knext = <value optimized out> p = <value optimized out> pnext = <value optimized out> i = <value optimized out> inext = <value optimized out> s = <value optimized out> snext = <value optimized out> b = <value optimized out> bnext = <value optimized out> l = <value optimized out> lnext = <value optimized out> #13 0x08085e79 in CloseDownDevices () at ../../dix/devices.c:626 dev = (DeviceIntPtr) 0x1180002 next = (DeviceIntPtr) 0x8261408 #14 0x0807474e in main (argc=8, argv=0xbf9c9f74, envp=Cannot access memory at address 0x19 ) at ../../dix/main.c:472 pScreen = <value optimized out> i = <value optimized out> error = 136163204 xauthfile = <value optimized out> alwaysCheckForInput = {0, 1} Looking at the backtrace, it appears a NULL pointer is getting passed in: _XkbFreeGeomNonLeafElems(..., freeFunc[=_XkbClearRow]) { ... if (freeFunc) { ptr= *elems; ptr+= first*elem_sz; for (i=0;i<count;i++) { (*freeFunc)(ptr); ptr+= elem_sz; } } ... I'm not sure how ptr comes to be NULL, but there's no check for it, and it is getting passed to freeFunc() (aka _XkbClearRow()): #3 0x081aa85c in _XkbClearRow (row_in=0x0) at ../../xkb/XKBGAlloc.c:342 Then _XkbClearRow tries dereferencing the NULL pointer: static void _XkbClearRow(char *row_in) { XkbRowPtr row= (XkbRowPtr)row_in; if (row->keys!=NULL) XkbFreeGeomKeys(row,0,row->num_keys,True); return; } So my guess is this needs a NULL pointer check either in the calling code, or in _XkbClearRow, like if (row && row->keys!=NULL)
Turned out to be a dupe. *** This bug has been marked as a duplicate of bug 14162 ***
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.