From owner-freebsd-current  Tue Jul 31  0:13:59 2001
Delivered-To: freebsd-current@freebsd.org
Received: from bbnmg1.net.external.hp.com (bbnmg1.net.external.hp.com [192.6.76.73])
	by hub.freebsd.org (Postfix) with ESMTP id 4BA5C37B401
	for <current@FreeBSD.ORG>; Tue, 31 Jul 2001 00:13:54 -0700 (PDT)
	(envelope-from michaelc@tmbbobmc.bbn.hp.com)
Received: from hpbbn.bbn.hp.com (hpbbn.bbn.hp.com [15.140.169.23])
	by bbnmg1.net.external.hp.com (Postfix) with ESMTP
	id 521E0CD8; Tue, 31 Jul 2001 09:13:44 +0200 (METDST)
Received: from tmbbobmc.bbn.hp.com (tmbbobmc.bbn.hp.com [15.136.123.54])
	by hpbbn.bbn.hp.com (8.9.3 (PHNE_18979)/8.9.3 SMKit6.0.6) with ESMTP id JAA11855;
	Tue, 31 Jul 2001 09:13:38 +0200 (METDST)
Received: from localhost (michaelc@localhost)
	by tmbbobmc.bbn.hp.com (8.11.3/8.11.1) with ESMTP id f6V7DUg01064;
	Tue, 31 Jul 2001 09:13:30 +0200 (CEST)
	(envelope-from michaelc@tmbbobmc.bbn.hp.com)
Date: Tue, 31 Jul 2001 09:13:29 +0200 (CEST)
From: Michael Class <michaelc@tmbbobmc.bbn.hp.com>
Reply-To: <michael_class@gmx.net>
To: Michael Robinson <robinson@netrinsics.com>
Cc: Sheldon Hearn <sheldonh@starjuice.net>, <current@FreeBSD.ORG>
Subject: Re: X in free(): error: recursive call.
In-Reply-To: <20010731143505.A771@elephant.netrinsics.com>
Message-ID: <20010731090120.X1001-100000@tmbbobmc.bbn.hp.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

Hello,

I was running in the same problem early this year. Probably you
have found my mails in the archive. Unfortunately I was not able
solve the problem. I am running now 3.3.6 on my laptop (which
furtunately supports the graphics chips that my laptop has).

Just as a datapoint: My understanding of the problem is that it
is really a problem of XFree (as opposed to FreeBSD) There seems
to be a situation where malloc is called within a signal
handler. It was explained to me that malloc cannot be recursively
called. Therefore, if a signal interrupts Xfree when it is in the
libc *alloc-functions, this can crash the server.
The following trace shows this scenario:

#0  0x2820a9e8 in kill () from /usr/lib/libc.so.5
#1  0x2825bb3d in abort () from /usr/lib/libc.so.5
#2  0x2825a682 in isatty () from /usr/lib/libc.so.5
#3  0x2825a6b0 in isatty () from /usr/lib/libc.so.5
#4  0x2825b6a6 in malloc () from /usr/lib/libc.so.5
#5  0x80d19ff in Xalloc (amount=16) at utils.c:1225
#6  0x80cc30c in TimerSet (timer=0x0, flags=0, millis=50, func=0x8788ef0,
    arg=0x88a0b00) at WaitFor.c:744
#7  0x87890fa in ?? ()
#8  0x878927d in ?? ()
#9  0x8788bf0 in ?? ()
#10 0x807da23 in xf86SigioReadInput (fd=7, closure=0x88a0b00)
    at xf86Events.c:1039
#11 0x8093d48 in xf86SIGIO (sig=23) at sigio.c:99
#12 0xbfbfffac in ?? ()
#13 0x2825b1b0 in isatty () from /usr/lib/libc.so.5
#14 0x2825b901 in realloc () from /usr/lib/libc.so.5
#15 0x80d1b18 in Xrealloc (ptr=0x8eb3000, amount=4096) at utils.c:1322
#16 0x80ceef4 in StandardReadRequestFromClient (client=0x8a0d100) at io.c:403
#17 0x80ac00c in Dispatch () at dispatch.c:438
#18 0x80bc395 in main (argc=3, argv=0xbfbffdc0, envp=0xbfbffdd0) at main.c:439
#19 0x806b31d in _start ()

My understanding is that the problem is with XFree using malloc in a
signal-handler.

Strange enough, my system at home (with a Matrox G400-Card and Xfree86-4.1.0)
does not show this symptom.

Michael


On Tue, 31 Jul 2001, Michael Robinson wrote:

> On Sun, Jul 29, 2001 at 04:38:06PM +0200, Sheldon Hearn wrote:
> > On Sun, 29 Jul 2001 22:29:40 +0800, Michael Robinson wrote:
> > > I'd like to get advice on which of the following courses of action to take:
> > >
> > >   1. Isolate and fix the problem.  I would need some help here.
> >
> > Try a better-proven release of XFree86, namely 3.3.6.
>
> Based on my preliminary efforts to isolate the problem, it seems pretty
> clear that A) the code path required to reach the error is not exposed by
> the malloc API to applications (after all, how could an application call
> "free" recursively?), and B) it likely has something to do with an overlooked
> race condition in the thread safety retrofit of libc late last year.
>
> But, as was mentioned previously, XFree86 3.3.6 doesn't have the required
> chip support for the Dell 5000e, so that's not an option, regardless.
>
> I welcome further suggestions, though.
>
> 	-Michael Robinson
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-current" in the body of the message
>
>

___________________________________________________________________________
Michael Class                            E-Mail: michael_class@gmx.net
E-Business Solution Division
___________________________________________________________________________


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message