Hi > > Multiple Fedora 25 users running 1.19-rc1 are reporting a backtrace > > related to an InitFonts -> SendErrorToClient -> FlushAllOutput > > call chain. > > > > Since there is no trivial reproducer this is somewhat hard to debug, > > hence this mail. Anyone have a clue / hint ? See: > > > > https://bugzilla.redhat.com/show_bug.cgi?id=1382444 > > Actually, I think we cannot really trust the symbols from Xorg's own > generated backtrace, however, looking at the addresses, the sequence makes > some more sense: > > FlushAllOutput() in /usr/src/debug/xorg-server-20160929/os/io.c:612 > Dispatch() in /usr/src/debug/xorg-server-20160929/dix/dispatch.c:3491 > dix_main() in /usr/src/debug/xorg-server-20160929/dix/main.c:296 > > with /usr/src/debug/xorg-server-20160929/os/io.c:612 > > 612 xorg_list_for_each_entry_safe(client, tmp, &output_pending_clients, > output_pending) { > 613 if (client->clientGone) > 614 continue; > 615 if (!client_is_ready(client)) { > 616 oc = (OsCommPtr) client->osPrivate; > 617 (void) FlushClient(client, oc, (char *) NULL, 0); > 618 } else > 619 NewOutputPending = TRUE; > 620 } > > So it could be that output_pending_clients list got corrupted somehow. > > Not sure I can go much further than that with so little data, but if that > rings a bell with someone else...
Some more reports all pointing to FlushAllOutput() with different backtraces, e.g.: #6 FlushClient at io.c:938 #7 WriteToClient at io.c:768 #8 WriteEventsToClient at events.c:6000 #9 present_send_complete_notify at present_event.c:172 #10 present_vblank_notify at present.c:213 #11 present_execute at present.c:771 #12 present_pixmap at present.c:963 #13 present_notify_msc at present.c:1014 #14 proc_present_notify_msc at present_request.c:174 #15 Dispatch at dispatch.c:469 or #6 FlushClient at io.c:938 #7 WriteToClient at io.c:768 #8 ProcGetScreenSaver at dispatch.c:3163 #9 Dispatch at dispatch.c:469 #10 dix_main at main.c:287 with 792 int 793 FlushClient(ClientPtr who, OsCommPtr oc, const void *__extraBuf, int extraCount) 794 { ... 936 937 if (oco->size > BUFWATERMARK) { 938 free(oco->buf); <== here 939 free(oco); 940 } 941 else { 942 oco->next = FreeOutputs; 943 FreeOutputs = oco; 944 } The most important change I see affecting this code is the "Switch server to poll" series, I am not sure how this can be related though. Also, I don't see any change between xorg-server-20160929 and current git master, so chances are this is still affecting current git code. Cheers, Olivier _______________________________________________ xorg-devel@lists.x.org: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: https://lists.x.org/mailman/listinfo/xorg-devel