Calling free() in signal handler -> hang

Bernardo Innocenti bernie at develer.com
Wed Mar 7 10:05:32 PST 2007 

Very often I can freeze the Xorg server (git head) by typing
my username in the gdm editbox.

This is most probably related to the fact my X server is
falling back to using a pre-xkb keyboard map (and this is
another bug, I think).

Looks like a segfault happened and xf86SigHandler is trying
to kill the server from _inside_ the SEGV signal handler,
thus deadlocking on the global malloc arena lock.

Calling free() (and many other libc functions) from signal
handlers is illegal according to POSIX.

So I think the codepath should be changed to avoid doing too
much in SEGV... or add explicit checks to skip disallowed
functions (i.e. almost any).

The gdb backtrace is a bit terse because the server wasn't built
with -g.  Sorry.  Additionally, I couldn't easily attach the
Xorg process with gdb because it triggered an assertion failure
in the debugger iteself.  This is most probably a gdb bug, but
the X server must be doing something weird with signals:

../../gdb/linux-nat.c:1085: internal-error: linux_nat_attach: Assertion
`pid == GET_PID (inferior_ptid) && WIFSTOPPED (status) && (WSTOPSIG
(status) == SIGSTOP || WSTOPSIG (status) == 0)' failed.
A problem internal to GDB has been detected,
further debugging may prove unreliable.

I filed the following bugs:
 https://bugs.freedesktop.org/show_bug.cgi?id=10212
 https://bugs.freedesktop.org/show_bug.cgi?id=10212

(gdb) bt
#0  0x0000003d3dad9ca8 in __lll_mutex_lock_wait () from /lib64/libc.so.6
#1  0x0000003d3da73382 in _L_lock_14395 () from /lib64/libc.so.6
#2  0x0000003d3da72411 in free () from /lib64/libc.so.6
#3  0x00000000004457aa in CloseDevice ()
#4  0x0000000000445b1a in CloseDownDevices ()
#5  0x000000000057ba67 in AbortServer ()
#6  0x000000000057bffe in FatalError ()
#7  0x0000000000483be7 in xf86SigHandler ()
#8  <signal handler called>
#9  0x0000003d3da6f3f9 in _int_malloc () from /lib64/libc.so.6
#10 0x0000003d3da70b3d in malloc () from /lib64/libc.so.6
#11 0x0000000000576007 in Xalloc ()
#12 0x0000000000548ef2 in XkbCopyKeymap ()
#13 0x000000000045c990 in SwitchCoreKeyboard ()
#14 0x00000000004d8d0f in mieqProcessInputEvents ()
#15 0x00000000004842d1 in ProcessInputEvents ()
#16 0x000000000044c8a8 in Dispatch ()
#17 0x000000000043429a in main ()

-- 
   // Bernardo Innocenti - Develer S.r.l., R&D dept.
 \X/  http://www.develer.com/

More information about the xorg mailing list