With xorg-server-1.15.99.903, running Xvfb SEGV with the following error when a client disconnect from Xvfb server : # /usr/bin/Xvfb :0 -ac & # DISPLAY=:0 timeout 1 xclock (wait 1 second, and then) (EE) (EE) Backtrace: (EE) 0: /usr/bin/Xvfb (xorg_backtrace+0x64) [0xb779562e] (EE) 1: /usr/bin/Xvfb (0xb7608000+0x191c5f) [0xb7799c5f] (EE) 2: linux-gate.so.1 (__kernel_rt_sigreturn+0x0) [0xb75e540c] (EE) 3: /usr/bin/Xvfb (FreePixmap+0x36) [0xb7756ee6] (EE) 4: /usr/bin/Xvfb (fbCloseScreen+0x82) [0xb762e1b7] (EE) 5: /usr/bin/Xvfb (PictureCloseScreen+0x63) [0xb76bb0d9] (EE) 6: /usr/bin/Xvfb (0xb7608000+0x1716e3) [0xb77796e3] (EE) 7: /usr/bin/Xvfb (0xb7608000+0xc7982) [0xb76cf982] (EE) 8: /usr/bin/Xvfb (0xb7608000+0x1778e1) [0xb777f8e1] (EE) 9: /usr/bin/Xvfb (0xb7608000+0x17b6a5) [0xb77836a5] (EE) 10: /usr/bin/Xvfb (0xb7608000+0x23972) [0xb762b972] (EE) 11: /usr/bin/Xvfb (0xb7608000+0xc6a56) [0xb76cea56] (EE) 12: /usr/bin/Xvfb (0xb7608000+0x3ff56) [0xb7647f56] (EE) 13: /usr/bin/Xvfb (0xb7608000+0xbe5df) [0xb76c65df] (EE) 14: /usr/bin/Xvfb (0xb7608000+0xc2cf9) [0xb76cacf9] (EE) 15: /usr/bin/Xvfb (0xb7608000+0xc0e42) [0xb76c8e42] (EE) 16: /usr/bin/Xvfb (0xb7608000+0x6e945) [0xb7676945] (EE) 17: /usr/bin/Xvfb (0xb7608000+0x133492) [0xb773b492] (EE) 18: /usr/bin/Xvfb (0xb7608000+0x22807) [0xb762a807] (EE) 19: /lib/libc.so.6 (__libc_start_main+0xf4) [0xb7077c44] (EE) 20: /usr/bin/Xvfb (0xb7608000+0x2284f) [0xb762a84f] (EE) (EE) Segmentation fault at address 0x18 (EE) Fatal server error: (EE) Caught signal 11 (Segmentation fault). Server aborting (EE) Here is a compile gdb backtrace # gdb --args /usr/bin/Xvfb :0 -ac GNU gdb (Gentoo 7.7.1 p1) 7.7.1 Copyright (C) 2014 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i686-pc-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <http://bugs.gentoo.org/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from /usr/bin/Xvfb...Reading symbols from /usr/lib/debug//usr/bin/Xvfb.debug...done. done. (gdb) r Starting program: /usr/bin/Xvfb :0 -ac warning: Could not load shared library symbols for linux-gate.so.1. Do you need "set solib-search-path" or "set sysroot"? [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/libthread_db.so.1". I another term, run : $ DISPLAY=:0 timeout 1 xclock Back to gdb : Program received signal SIGSEGV, Segmentation fault. 0x8014eee6 in FreePixmap (pPixmap=0x0) at /usr/src/debug/x11-base/xorg-server-1.15.99.903/xorg-server-1.15.99.903/dix/pixmap.c:129 129 dixFiniPrivates(pPixmap, PRIVATE_PIXMAP); (gdb) (gdb) bt #0 0x8014eee6 in FreePixmap (pPixmap=0x0) at /usr/src/debug/x11-base/xorg-server-1.15.99.903/xorg-server-1.15.99.903/dix/pixmap.c:129 #1 0x800261b7 in fbCloseScreen (pScreen=0x8020d238) at /usr/src/debug/x11-base/xorg-server-1.15.99.903/xorg-server-1.15.99.903/fb/fbscreen.c:40 #2 0x800b30d9 in PictureCloseScreen (pScreen=0x8020d238) at /usr/src/debug/x11-base/xorg-server-1.15.99.903/xorg-server-1.15.99.903/render/picture.c:90 #3 0x801716e3 in miDCCloseScreen (pScreen=0x8020d238) at /usr/src/debug/x11-base/xorg-server-1.15.99.903/xorg-server-1.15.99.903/mi/midispcur.c:156 #4 0x800c7982 in damageCloseScreen (pScreen=0x8020d238) at /usr/src/debug/x11-base/xorg-server-1.15.99.903/xorg-server-1.15.99.903/miext/damage/damage.c:1574 #5 0x801778e1 in miPointerCloseScreen (pScreen=0x8020d238) at /usr/src/debug/x11-base/xorg-server-1.15.99.903/xorg-server-1.15.99.903/mi/mipointer.c:158 #6 0x8017b6a5 in miSpriteCloseScreen (pScreen=0x8020d238) at /usr/src/debug/x11-base/xorg-server-1.15.99.903/xorg-server-1.15.99.903/mi/misprite.c:377 #7 0x80023972 in vfbCloseScreen (pScreen=0x8020d238) at /usr/src/debug/x11-base/xorg-server-1.15.99.903/xorg-server-1.15.99.903/hw/vfb/InitOutput.c:782 #8 0x800c6a56 in SyncCloseScreen (pScreen=0x8020d238) at /usr/src/debug/x11-base/xorg-server-1.15.99.903/xorg-server-1.15.99.903/miext/sync/misync.c:159 #9 0x8003ff56 in CursorCloseScreen (pScreen=0x8020d238) at /usr/src/debug/x11-base/xorg-server-1.15.99.903/xorg-server-1.15.99.903/xfixes/cursor.c:187 #10 0x800be5df in AnimCurCloseScreen (pScreen=0x8020d238) at /usr/src/debug/x11-base/xorg-server-1.15.99.903/xorg-server-1.15.99.903/render/animcur.c:106 #11 0x800c2cf9 in present_close_screen (screen=0x8020d238) at /usr/src/debug/x11-base/xorg-server-1.15.99.903/xorg-server-1.15.99.903/present/present_screen.c:63 #12 0x800c0e42 in dri3_close_screen (screen=0x8020d238) at /usr/src/debug/x11-base/xorg-server-1.15.99.903/xorg-server-1.15.99.903/dri3/dri3.c:41 #13 0x8006e945 in glxCloseScreen (pScreen=0x8020d238) at /usr/src/debug/x11-base/xorg-server-1.15.99.903/xorg-server-1.15.99.903/glx/glxscreens.c:187 #14 0x80133492 in dix_main (argc=3, argv=0xbffff064, envp=0xbffff074) at /usr/src/debug/x11-base/xorg-server-1.15.99.903/xorg-server-1.15.99.903/dix/main.c:349 #15 0x80022807 in main (argc=3, argv=0xbffff064, envp=0xbffff074) at /usr/src/debug/x11-base/xorg-server-1.15.99.903/xorg-server-1.15.99.903/dix/stubmain.c:34 (gdb) fr 0 #0 0x8014eee6 in FreePixmap (pPixmap=0x0) at /usr/src/debug/x11-base/xorg-server-1.15.99.903/xorg-server-1.15.99.903/dix/pixmap.c:129 129 dixFiniPrivates(pPixmap, PRIVATE_PIXMAP); (gdb) print pPixmap $1 = (PixmapPtr) 0x0 Everything is fine with xorg-server-1.15.1
444a1f7a8802999e27ecf5f6eb598df2206f7277 is the first bad commit commit 444a1f7a8802999e27ecf5f6eb598df2206f7277 Author: Brendan King <brendan.king@imgtec.com> Date: Thu Apr 24 11:37:45 2014 +0100 fb: fix screen pixmap leak on server reset Call FreePixmap() instead of free() to destroy the screen pixmap in fbCloseScreen(). Signed-off-by: Frank Binns <frank.binns@imgtec.com> Reviewed-by: Keith Packard <keithp@keithp.com> Signed-off-by: Keith Packard <keithp@keithp.com>
(In reply to comment #1) > 444a1f7a8802999e27ecf5f6eb598df2206f7277 is the first bad commit > commit 444a1f7a8802999e27ecf5f6eb598df2206f7277 > Author: Brendan King <brendan.king@imgtec.com> > Date: Thu Apr 24 11:37:45 2014 +0100 > > fb: fix screen pixmap leak on server reset > > Call FreePixmap() instead of free() to destroy the screen pixmap in > fbCloseScreen(). > > Signed-off-by: Frank Binns <frank.binns@imgtec.com> > Reviewed-by: Keith Packard <keithp@keithp.com> > Signed-off-by: Keith Packard <keithp@keithp.com> Perfect, thank you.
How about we have fb just check to see if devPrivate is NULL before calling FreePixmap then? That's easy to do.
commit 10d2805dbc6b96a159b8c5acedcd53f34df362bf Author: Keith Packard <keithp@keithp.com> Date: Thu Jun 26 14:12:24 2014 -0700 fb: Don't free NULL pixmap in fbCloseScreen. Bug #80313 We fixed fbCloseScreen to use the FreePixmap function so that the private counts would be updated correctly during CloseScreen. Xvfb calls FreePixmap and sets devPrivate to NULL before fbCloseScreen is called; not checking devPrivate before calling would result in a NULL pointer dereference. Signed-off-by: Keith Packard <keithp@keithp.com> Reviewed-by: Julien Cristau <jcristau@debian.org>
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.