Calling free() in signal handler -> hang
bernie at develer.com
Wed Mar 7 10:05:32 PST 2007
Very often I can freeze the Xorg server (git head) by typing
my username in the gdm editbox.
This is most probably related to the fact my X server is
falling back to using a pre-xkb keyboard map (and this is
another bug, I think).
Looks like a segfault happened and xf86SigHandler is trying
to kill the server from _inside_ the SEGV signal handler,
thus deadlocking on the global malloc arena lock.
Calling free() (and many other libc functions) from signal
handlers is illegal according to POSIX.
So I think the codepath should be changed to avoid doing too
much in SEGV... or add explicit checks to skip disallowed
functions (i.e. almost any).
The gdb backtrace is a bit terse because the server wasn't built
with -g. Sorry. Additionally, I couldn't easily attach the
Xorg process with gdb because it triggered an assertion failure
in the debugger iteself. This is most probably a gdb bug, but
the X server must be doing something weird with signals:
../../gdb/linux-nat.c:1085: internal-error: linux_nat_attach: Assertion
`pid == GET_PID (inferior_ptid) && WIFSTOPPED (status) && (WSTOPSIG
(status) == SIGSTOP || WSTOPSIG (status) == 0)' failed.
A problem internal to GDB has been detected,
further debugging may prove unreliable.
I filed the following bugs:
#0 0x0000003d3dad9ca8 in __lll_mutex_lock_wait () from /lib64/libc.so.6
#1 0x0000003d3da73382 in _L_lock_14395 () from /lib64/libc.so.6
#2 0x0000003d3da72411 in free () from /lib64/libc.so.6
#3 0x00000000004457aa in CloseDevice ()
#4 0x0000000000445b1a in CloseDownDevices ()
#5 0x000000000057ba67 in AbortServer ()
#6 0x000000000057bffe in FatalError ()
#7 0x0000000000483be7 in xf86SigHandler ()
#8 <signal handler called>
#9 0x0000003d3da6f3f9 in _int_malloc () from /lib64/libc.so.6
#10 0x0000003d3da70b3d in malloc () from /lib64/libc.so.6
#11 0x0000000000576007 in Xalloc ()
#12 0x0000000000548ef2 in XkbCopyKeymap ()
#13 0x000000000045c990 in SwitchCoreKeyboard ()
#14 0x00000000004d8d0f in mieqProcessInputEvents ()
#15 0x00000000004842d1 in ProcessInputEvents ()
#16 0x000000000044c8a8 in Dispatch ()
#17 0x000000000043429a in main ()
// Bernardo Innocenti - Develer S.r.l., R&D dept.
More information about the xorg