Bug 172761

Summary: Crash on pthread_exit() or pthread_self()
Product: Red Hat Enterprise Linux 4 Reporter: Bastien Nocera <bnocera>
Component: glibcAssignee: Jakub Jelinek <jakub>
Status: CLOSED ERRATA QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.0CC: drepper, rkenna, roland
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: RHBA-2006-0124 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-03-07 18:25:53 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 168429    
Attachments:
Description Flags
pthread_exit_test.c
none
glibc-dtv-is_static.patch none

Description Bastien Nocera 2005-11-09 09:54:45 UTC 
glibc-2.3.4-2.13

The attached testcase crashes (sometimes) on either pthread_exit(), or while
printing the pthread_self() inside the thread itself.

while ./pthread_exit_test ; do : ; done

#0  0x009d10cc in mempcpy () from /lib/tls/libc.so.6
#1  0x009c4e43 in _IO_new_file_xsputn (f=0xa8d5e0, data=0xb7fe6ddc, n=28)
    at fileops.c:1319
#2  0x009a0c49 in buffered_vfprintf (s=0xa8d5e0,
    format=0x8048730 "Thread %lu exiting..\n", args=Variable "args" is not
available.
) at vfprintf.c:2144
#3  0x009a0deb in _IO_vfprintf (s=0xa8d5e0,
    format=0x8048730 "Thread %lu exiting..\n", ap=0xb7fe9434
"\uffff\233\uffff\uffff\uffff\233\uffff\uffff")
    at vfprintf.c:1246
#4  0x009a9450 in printf (format=0x1c "") at printf.c:34
#5  0x080484ce in helper_routine (arg=0x0) at pthread_exit_test.c:12
#6  0x00bae341 in start_thread (arg=0xb7fe9bb0) at pthread_create.c:261
#7  0x00a2e6fe in clone () from /lib/tls/libc.so.6

#0  0x0094e7a2 in _dl_sysinfo_int80 () at rtld.c:576
#1  0x0098e7d5 in raise () at ../string/bits/string2.h:1000
#2  0x00990149 in abort () at ../string/bits/string2.h:1000
#3  0x009c240a in __libc_message (do_abort=2,
    fmt=0xa83c44 "*** glibc detected *** %s: 0x%s ***\n")
    at ../sysdeps/unix/sysv/linux/libc_fatal.c:145
#4  0x009c8b3f in _int_free (av=0xa8e820, mem=0xb7fe9b88) at malloc.c:5525
#5  0x009c8eba in __libc_free (mem=0xb7fe9b88) at malloc.c:3404
#6  0x0095ca5d in ___tls_get_addr (ti=0xa8ce30)
    at ../sysdeps/generic/dl-tls.c:670
#7  0x00a64c6b in __libc_dl_error_tsd () at dl-tsd.c:53
#8  0x0095a045 in _dl_catch_error (objname=0xb7fe93c0, errstring=0xb7fe93c4,
    operate=0xa64760 <do_dlsym>, args=0xb7fe93c8) at dl-error.c:155
#9  0x00a648be in *__GI___libc_dlsym (map=0x90340f8,
    name=0xbb5cad "_Unwind_Resume") at dl-libc.c:42
#10 0x00bb52f0 in _Unwind_ForcedUnwind (exc=0x0, stop=0, stop_argument=0x0)
    at ../nptl/sysdeps/pthread/unwind-forcedunwind.c:44
#11 0x00bb2f81 in __pthread_unwind (buf=Variable "buf" is not available.
) at unwind.c:130
#12 0x00baef00 in __pthread_exit (value=0x0) at pthreadP.h:158
#13 0x080484db in helper_routine (arg=0x0) at pthread_exit_test.c:13
#14 0x00bae341 in start_thread (arg=0xb7fe9bb0) at pthread_create.c:261
#15 0x00a2e6fe in clone () from /lib/tls/libc.so.6
Comment 1 Bastien Nocera 2005-11-09 09:54:47 UTC 
Created attachment 120837 [details]
pthread_exit_test.c
Comment 4 Didier Drigues 2005-11-14 17:09:59 UTC 
Also reproductible on RHEL4u1 (glibc-2.3.4-2.9)
Comment 6 Jakub Jelinek 2005-11-22 20:55:34 UTC 
Created attachment 121371 [details]
glibc-dtv-is_static.patch

Patch that should cure the crashes in free called from __tls_get_addr.
Comment 22 Red Hat Bugzilla 2006-03-07 18:25:22 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2006-0124.html
Comment 23 Red Hat Bugzilla 2006-03-07 18:25:54 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2006-0124.html