Ubuntu
glibc package

race between exit() and pthread_exit() with static linking

Bug #1982326 reported by Francesco Lavra on 2022-07-20

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	glibc (Ubuntu)	New	Undecided	Unassigned

Bug Description

When statically linking a C multi-threaded application, there is a race between pthread_exit() and exit() which may cause pthread_exit() to abort the program.
It appears the issue is due to the forced unwind executed by pthread_exit() failing because _Unwind_Find_FDE() returns NULL. Apparently, _Unwind_Find_FDE() returns NULL after __deregister_frame_info_bases() is called as part of the exit handlers invoked by exit().
The issue is easily reproducible (in my machine it occurs approximately in 1 out of 3 runs) when running the attached sample program under strace.
Steps to reproduce:
- build the attached source with `gcc thread_test.c -lpthread -static -o thread_test`
- run with `strace -f ./thread_test`

Example output:
```
<snip>
[pid 28302] +++ killed by SIGABRT (core dumped) +++
+++ killed by SIGABRT (core dumped) +++
Aborted (core dumped)
```

If the commented code in the sample source is uncommented, we can confirm that _Unwind_Find_FDE() sometimes returns NULL.

Ubuntu 18.04.6 LTS
Package: libc6 2.27-3ubuntu1.6
Source package: https://launchpad.net/ubuntu/+source/glibc/2.27-3ubuntu1.6

Revision history for this message

Francesco Lavra (francescolavra-fl) wrote on 2022-07-20:

Sample program to reproduce the issue Edit (1.1 KiB, text/x-csrc)

Revision history for this message

lotuspsychje (lotuspsychje) wrote on 2022-07-20:

Thank you for taking the time to report this bug and helping to make Ubuntu better. Please execute the following command only once, as it will automatically gather debugging information, in a terminal:
apport-collect 1982326

When reporting bugs in the future please use apport by using 'ubuntu-bug' and the name of the package affected. You can learn more about this functionality at https://wiki.ubuntu.com/ReportingBugs.

Revision history for this message

Michael Hudson-Doyle (mwhudson) wrote on 2022-07-27:

Have you tried this with glibc from a newer release like 22.04? Or looked for an upstream bug report on this?

Revision history for this message

Francesco Lavra (francescolavra-fl) wrote on 2022-07-27:

I searched the glibc bug list in Sourceware Bugzilla, but couldn't find any bug report on this.

I tried with glibc 2.35 from 22.04, and yes, the issue is present there too, although it happens less frequently (but this is most likely due to differences in the kernel scheduler, because the test binary built with glibc 2.35 on 22.04 fails when run on 18.04 just like the binary built on 18.04).
I found a way to trigger the issue reliably also when running the test program on 22.04: just uncomment the commented code in the source, rebuild, and then run with `while true; do ../thread_test || break; done`. From the output I can see that _Unwind_Find_FDE() sometimes returns NULL, and eventually II get the usual `Aborted (core dumped)` message.