Bug 1946977

Summary: pthread_join segfaults in stack unwinding
Product: Red Hat Enterprise Linux 8 Reporter: Richard W.M. Jones <rjones>
Component: binutilsAssignee: Nick Clifton <nickc>
binutils sub component: system-version QA Contact: Miloš Prchlík <mprchlik>
Status: CLOSED ERRATA Docs Contact:
Severity: unspecified    
Priority: unspecified CC: ashankar, carl, codonell, dj, drjones, fweimer, mnewsome, mprchlik, ohudlick, pfrankli, sipoyare
Version: 8.5Keywords: Bugfix, Triaged
Target Milestone: beta   
Target Release: ---   
Hardware: aarch64   
OS: Unspecified   
Whiteboard:
Fixed In Version: binutils-2.30-100.el8 Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-11-09 19:31:20 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
pthread-crash.c none

Description Richard W.M. Jones 2021-04-07 12:10:39 UTC 
Created attachment 1769835 [details]
pthread-crash.c

Description of problem:

The attached program segfaults when it calls pthread_join
for the first time:

$ ./pthread-crash 
about to call pthread_join on threads[0] ...
thread 1: finished OK
thread 5: finished OK
thread 7: finished OK
thread 3: finished OK
thread 0: finished OK
thread 2: finished OK
thread 4: finished OK
thread 6: finished OK
Aborted (core dumped)

Unfortunately because of a bug in gdb I'm unable to get
a complete stack trace (bug 1946948).  However the partial
stack trace is:

Core was generated by `./pthread-crash'.
Program terminated with signal SIGABRT, Aborted.
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
50	  return ret;
[Current thread is 1 (Thread 0xffffb378f1e0 (LWP 440499))]
(gdb) bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x0000ffffb3fc096c in __GI_abort () at abort.c:79
#2  0x0000ffffafeed594 in uw_update_context_1 (
    context=context@entry=0xffffb378e180, fs=fs@entry=0xffffb378d670)
    at ../../../libgcc/unwind-dw2.c:1442
#3  0x0000ffffafeed8e0 in uw_update_context (
    context=context@entry=0xffffb378e180, fs=fs@entry=0xffffb378d670)
    at ../../../libgcc/unwind-dw2.c:1518
#4  0x0000ffffafeedaf4 in uw_advance_context (fs=0xffffb378d670, 
    context=0xffffb378e180) at ../../../libgcc/unwind-dw2.c:1546
#5  _Unwind_ForcedUnwind_Phase2 (exc=exc@entry=0xffffb378f650, 
    context=context@entry=0xffffb378e180, 
    frames_p=frames_p@entry=0xffffb378ddb8) at ../../../libgcc/unwind.inc:192
#6  0x0000ffffafeedeb8 in _Unwind_ForcedUnwind (exc=0xffffb378f650, 
    stop=stop@entry=0xffffb4130ca0 <unwind_stop>, stop_argument=0xffffb378ea00)
    at ../../../libgcc/unwind.inc:217
#7  0x0000ffffb4130e30 in __GI___pthread_unwind (buf=<optimized out>)
    at unwind.c:121
#8  0x0000ffffb41287e8 in __do_cancel () at pthreadP.h:304
#9  __pthread_exit (
../../gdb/dwarf2-frame.c:1061: internal-error: Unknown CFA rule.
A problem internal to GDB has been detected,
further debugging may prove unreliable.
Quit this debugging session? (y or n) 

Version-Release number of selected component (if applicable):

glibc-2.28-154.el8.aarch64

How reproducible:

100%

Steps to Reproduce:
1. Compile and run the attached program.
Comment 1 Richard W.M. Jones 2021-04-07 12:22:10 UTC 
Crashes when compiled with -O0.

Crashes with binutils-2.30-99.el8.aarch64

Does not crash with binutils-2.30-93.el8.aarch64

Does not crash on Fedora aarch64.

Does not crash on Fedora x86-64.
Comment 2 Nick Clifton 2021-04-12 09:35:17 UTC 
Fixed in binutils-2.30-100.el8
Comment 4 Richard W.M. Jones 2021-04-12 13:40:00 UTC 
My colleague Marcelo Condotta tested the -100 package and confirmed that
it fixes the pthread bug in the test program above.
Comment 8 Miloš Prchlík 2021-04-29 12:53:43 UTC 
Verified with binutils-2.30-101.el8.aarch64.
Comment 11 errata-xmlrpc 2021-11-09 19:31:20 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: binutils security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:4364