Lots of processes crash in XCreatePixmap() with _XAllocID: Assertion `ret != inval_id' failed
Submitted by Martin Pitt
Assigned to Jamey Sharp
libx11, 1.3.2 (sorry, I didn't see a libX11 component)
We are getting tons of crash reports in Ubuntu (https://launchpad.net/bugs/507062) about programs crashing with
_XAllocID: Assertion `ret != inval_id' failed
At first we thought this would be the same problem that was recently discussed and fixed in libXext:
However, we already have that fixed version, and the stack traces of above bug reports does not go through XShmAttach(), so it does seem to be a different cause.
They all have this piece in common:
#4 0xb74d7199 in _XAllocID (dpy=0x8116770) at ../../src/xcb_io.c:378 ret = 4294967295 __PRETTY_FUNCTION__ = "_XAllocID" #5 0xb74ad048 in XCreatePixmap (dpy=0x8116770, d=265, width=24, height=24, depth=32) at ../../src/CrPixmap.c:58
i. e. they all come through XCreatePixmap() (which is called from various functions in the duplicate bugs, like XcursorImageLoadCursor(), _cairo_xlib_surface_create_similar_with_format(), etc.)
I checked that the current libX11's XCreatePixmap() already calls _XAllocID() in a LockDisplay() block, so it's not the same cause as the recent libXext fix.
Beyond that I'm afraid I don't know enough about this API to be able to continue debugging on my own. Obviously nothing must call _XAllocID() two times in succession without an _XIDHandler() in between (the only other place where next_xid is set is _XConnectXCB(), but that's only called on program initialization through XOpenDisplay(), right?)
Do you have some further hints how to debug this, or what could go wrong here?
For reference, here are some links to the full stack traces: http://launchpadlibrarian.net/23717282/Stacktrace.txt http://launchpadlibrarian.net/35702381/Stacktrace.txt http://launchpadlibrarian.net/39577843/Stacktrace.txt http://launchpadlibrarian.net/37855566/Stacktrace.txt