glibc-2.3.4-2.13 The attached testcase crashes (sometimes) on either pthread_exit(), or while printing the pthread_self() inside the thread itself. while ./pthread_exit_test ; do : ; done #0 0x009d10cc in mempcpy () from /lib/tls/libc.so.6 #1 0x009c4e43 in _IO_new_file_xsputn (f=0xa8d5e0, data=0xb7fe6ddc, n=28) at fileops.c:1319 #2 0x009a0c49 in buffered_vfprintf (s=0xa8d5e0, format=0x8048730 "Thread %lu exiting..\n", args=Variable "args" is not available. ) at vfprintf.c:2144 #3 0x009a0deb in _IO_vfprintf (s=0xa8d5e0, format=0x8048730 "Thread %lu exiting..\n", ap=0xb7fe9434 "\uffff\233\uffff\uffff\uffff\233\uffff\uffff") at vfprintf.c:1246 #4 0x009a9450 in printf (format=0x1c "") at printf.c:34 #5 0x080484ce in helper_routine (arg=0x0) at pthread_exit_test.c:12 #6 0x00bae341 in start_thread (arg=0xb7fe9bb0) at pthread_create.c:261 #7 0x00a2e6fe in clone () from /lib/tls/libc.so.6 #0 0x0094e7a2 in _dl_sysinfo_int80 () at rtld.c:576 #1 0x0098e7d5 in raise () at ../string/bits/string2.h:1000 #2 0x00990149 in abort () at ../string/bits/string2.h:1000 #3 0x009c240a in __libc_message (do_abort=2, fmt=0xa83c44 "*** glibc detected *** %s: 0x%s ***\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:145 #4 0x009c8b3f in _int_free (av=0xa8e820, mem=0xb7fe9b88) at malloc.c:5525 #5 0x009c8eba in __libc_free (mem=0xb7fe9b88) at malloc.c:3404 #6 0x0095ca5d in ___tls_get_addr (ti=0xa8ce30) at ../sysdeps/generic/dl-tls.c:670 #7 0x00a64c6b in __libc_dl_error_tsd () at dl-tsd.c:53 #8 0x0095a045 in _dl_catch_error (objname=0xb7fe93c0, errstring=0xb7fe93c4, operate=0xa64760 <do_dlsym>, args=0xb7fe93c8) at dl-error.c:155 #9 0x00a648be in *__GI___libc_dlsym (map=0x90340f8, name=0xbb5cad "_Unwind_Resume") at dl-libc.c:42 #10 0x00bb52f0 in _Unwind_ForcedUnwind (exc=0x0, stop=0, stop_argument=0x0) at ../nptl/sysdeps/pthread/unwind-forcedunwind.c:44 #11 0x00bb2f81 in __pthread_unwind (buf=Variable "buf" is not available. ) at unwind.c:130 #12 0x00baef00 in __pthread_exit (value=0x0) at pthreadP.h:158 #13 0x080484db in helper_routine (arg=0x0) at pthread_exit_test.c:13 #14 0x00bae341 in start_thread (arg=0xb7fe9bb0) at pthread_create.c:261 #15 0x00a2e6fe in clone () from /lib/tls/libc.so.6
Created attachment 120837 [details] pthread_exit_test.c
Also reproductible on RHEL4u1 (glibc-2.3.4-2.9)
Created attachment 121371 [details] glibc-dtv-is_static.patch Patch that should cure the crashes in free called from __tls_get_addr.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2006-0124.html