Comment 52 for bug 348428

Okay so piecing everything together...

#5 0xb7c275b6 in free () from /lib/tls/i686/cmov/libc.so.6
No symbol table info available.
#6 0xb7862e25 in free_block (bufmgr_fake=0x93730f0, block=0xcc956c8)
    at ../../../libdrm/intel/intel_bufmgr_fake.c:473
 bo_fake = (drm_intel_bo_fake *) 0x937cac0

static void free_block(drm_intel_bufmgr_fake *bufmgr_fake, struct block *block)
{
   ...
      mmFreeMem(block->mem);
      free(block); /* <-- boom */
   }
}

*** glibc detected *** /usr/bin/X: double free or corruption (out): 0x0d73de98 ***

Sounds like a double free. Could 2 sessions cause 2 frees? Or is it something else. Probably needs additional debug statements to track the frees. Maybe upstream can provide better insights when they respond.