From: Sergey Bugaev <bugaevc@gmail.com>
To: libc-alpha@sourceware.org, bug-hurd <bug-hurd@gnu.org>
Cc: Florian Weimer <fweimer@redhat.com>,
Samuel Thibault <samuel.thibault@gnu.org>
Subject: __pthread_setcancelstate called unconditionally, crashes at 0
Date: Thu, 11 May 2023 20:31:03 +0300 [thread overview]
Message-ID: <CAN9u=HeNmqWmOgR7Q-CXZgzuwJhU0CeKjTmT03ZuCxCc8iLLvg@mail.gmail.com> (raw)
Hello,
I'm hitting a crash with the following backtrace:
#0 0x0000000000000000 in ?? ()
#1 0x00000000004660dd in __error_internal (status=1,
errnum=1073741826, message=0x9adcef1c, args=0x9adcef18,
args@entry=0x156aa48, mode_flags=2598170400, mode_flags@entry=0) at
error.c:243
#2 0x00000000004661d5 in __error (status=status@entry=0,
errnum=<optimized out>, message=<optimized out>) at error.c:274
#3 0x0000000000401497 in error (__format=<optimized out>,
__errnum=<optimized out>, __status=<optimized out>) at error.h:42
Note that PC is 0 in the top frame. Here's the relevant listing and
backtrace of the frame #1:
(gdb) l
238 {
239 #if defined _LIBC
240 /* We do not want this call to be cut short by a thread
241 cancellation. Therefore disable cancellation for now. */
242 int state = PTHREAD_CANCEL_ENABLE;
243 __pthread_setcancelstate (PTHREAD_CANCEL_DISABLE, &state);
244 #endif
245
246 flush_stdout ();
247 #ifdef _LIBC
(gdb) disas
Dump of assembler code for function __error_internal:
0x00000000004660b0 <+0>: push %r14
0x00000000004660b2 <+2>: mov %r8d,%r14d
0x00000000004660b5 <+5>: push %r13
0x00000000004660b7 <+7>: mov %rcx,%r13
0x00000000004660ba <+10>: push %r12
0x00000000004660bc <+12>: mov %rdx,%r12
0x00000000004660bf <+15>: push %rbp
0x00000000004660c0 <+16>: mov %esi,%ebp
0x00000000004660c2 <+18>: push %rbx
0x00000000004660c3 <+19>: mov %edi,%ebx
0x00000000004660c5 <+21>: xor %edi,%edi
0x00000000004660c7 <+23>: sub $0x10,%rsp
0x00000000004660cb <+27>: lea 0xc(%rsp),%rsi
0x00000000004660d0 <+32>: movl $0x1,0xc(%rsp)
0x00000000004660d8 <+40>: call 0x0
=> 0x00000000004660dd <+45>: mov $0x569b10,%rax
0x00000000004660e4 <+52>: mov (%rax),%rdi
0x00000000004660e7 <+55>: call 0x433900 <_IO_fflush>
"call 0x0", ouch!
Clearly __pthread_setcancelstate has been pragma weak'd, and used here
without a check. This is a statically linked x86_64-gnu (so, Hurd and
HTL) executable. Commit 93d78ec1cba68184931b75bef29afd3aed30f43a
"nptl: Move pthread_setcancelstate into libc" seems to be the culprit:
that commit only moved the NPTL symbol into libc, yet changed the
original __libc_ptf_call (__pthread_setcancelstate) calls to direct
__pthread_setcancelstate calls, in this and many other places.
This likely hasn't been noticed in the past because the only
statically linked executables typically used on Hurd systems are the
few bootstrap servers, and they're (presumably) all multithreaded.
What would be the best way to get this fixed? (other than eventually
moving htl into libc) Are the other pthread symbols also used
unconditionally? Is there, or should there be, a test for this?
Sergey
next reply other threads:[~2023-05-11 17:31 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-11 17:31 Sergey Bugaev [this message]
2023-05-11 17:44 ` Florian Weimer
2023-05-11 17:52 ` Samuel Thibault
2023-05-11 17:56 ` Florian Weimer
2023-05-11 18:00 ` Sergey Bugaev
2023-05-11 18:12 ` Florian Weimer
2023-05-11 18:28 ` Sergey Bugaev
2023-05-11 18:35 ` Florian Weimer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAN9u=HeNmqWmOgR7Q-CXZgzuwJhU0CeKjTmT03ZuCxCc8iLLvg@mail.gmail.com' \
--to=bugaevc@gmail.com \
--cc=bug-hurd@gnu.org \
--cc=fweimer@redhat.com \
--cc=libc-alpha@sourceware.org \
--cc=samuel.thibault@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).