[Xcb] Invalid XIDs
Nathaniel Smith
njs at pobox.com
Sat Jan 24 04:59:28 PST 2009
On Ubuntu 8.10, using packages as shipped, my firefox crashes every
few days with a BadIDChoice X error, and I've been trying to figure
out why. One hypothesis was that this was due to the xlib race
condition fixed in
http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=cc19618d2eb3ed92a0b574aee26a7da8b4aed5d2
but I've been informed that firefox makes all X calls from a single
thread (and some tracing seems to confirm that), so that can't be it.
Catching it in gdb while running with --sync, though, I have noticed
something that looks odd down in XCB's guts. At the time of the
crash, xlib has basically just done (in _XIDHandler):
dpy->next = xcb_generate_id(dpy->xcb->connection);
SyncHandle();
and the SyncHandle() is where the error is detected. According to
gdb, dpy->next here is 57206503.
At the same time, dpy->xcb->connection->xid.max is 57206499 (and .last
is 57206504), i.e., it looks like xcb_generate_id has overrun our XID
range without noticing.
1) Does this explain the firefox crashes? (I'm assuming yes.)
2) Any ideas how how we could be getting into this state? I'm staring
at the code and don't see how it's possible...
libxcb version "1.1-1.1", with xlib "2:1.1.5-2ubuntu1.1"; I have a
core file if that's useful for further debugging (I can also provide
it on request, but be warned that it's 250 MB compressed, and needs
the Ubuntu debug packages to be useful). Firefox bug is
https://bugzilla.mozilla.org/show_bug.cgi?id=458092 .
-- Nathaniel
More information about the Xcb
mailing list