Date: Tue, 30 Apr 2002 15:12:40 -0700 (PDT) From: Archie Cobbs <archie@dellroad.org> To: FreeBSD-gnats-submit@FreeBSD.org Subject: bin/37614: libc_r aborts when exiting thread is canceled Message-ID: <200204302212.g3UMCeV89274@arch20m.dellroad.org>
next in thread | raw e-mail | index | archive | help
>Number: 37614
>Category: bin
>Synopsis: libc_r aborts when exiting thread is canceled
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Apr 30 15:20:01 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator: Archie Cobbs
>Release: FreeBSD 4.5-RELEASE i386
>Organization:
Packet Design
>Environment:
System: FreeBSD arch20m.dellroad.org 4.5-RELEASE FreeBSD 4.5-RELEASE #1: Sat Feb 2 19:17:35 PST 2002 root@arch20m.dellroad.org:/usr/obj/usr/src/sys/THINKPAD i386
>Description:
There seems to be a bug or problem in our pthreads implementation.
Consider a thread that has exited and is invoking its cleanup routines.
Another thread cancels that thread. Then one of the cleanup routines
invokes a function which is a cancelation point.
Here's what happens:
> Fatal error 'Thread 0x806fc00 has called pthread_exit() from a destructor. POS
IX 1003.1 1996 s16.2.5.2 does not allow this!' at line ? in file /usr/src/lib/li
bc_r/uthread/uthread_exit.c (errno = ?)
>
> Program received signal SIGABRT, Aborted.
> 0x281ee53c in kill () from /usr/lib/libc_r.so.4
> (gdb) where
> #0 0x281ee53c in kill () from /usr/lib/libc_r.so.4
> #1 0x2823878a in abort () from /usr/lib/libc_r.so.4
> #2 0x2820504a in _thread_exit () from /usr/lib/libc_r.so.4
> #3 0x282050e9 in pthread_exit () from /usr/lib/libc_r.so.4
> #4 0x282370d7 in pthread_testcancel () from /usr/lib/libc_r.so.4
> #5 0x282370f8 in _thread_enter_cancellation_point () from /usr/lib/libc_r.so.
4
> #6 0x28236bc4 in close () from /usr/lib/libc_r.so.4
> #7 0x28193416 in timeout_fp_close (cookie=0x80645b4)
> at /usr/home/archie/libpdel/io/timeout_fp.c:148
> #8 0x2822622b in fclose () from /usr/lib/libc_r.so.4
> #9 0x2818e780 in foobar_connection_free (connp=0xbfadced4)
> at /usr/home/archie/libpdel/http/http_connection.c:136
> #10 0x28185d07 in foobar_server_connection_cleanup (arg=0x8062584)
> at /usr/home/archie/libpdel/http/http_server.c:650
> #11 0x2820611d in pthread_cleanup_pop () from /usr/lib/libc_r.so.4
> #12 0x2820511e in pthread_exit () from /usr/lib/libc_r.so.4
> #13 0x281c5f99 in _thread_start () from /usr/lib/libc_r.so.4
> #14 0x0 in ?? ()
It seems that pthread_testcancel() should do nothing if the
thread is already in the process of exiting. Below is a patch.
>How-To-Repeat:
>Fix:
This is just a guess, but...
Index: uthread_cancel.c
===================================================================
RCS file: /home/cvs/freebsd/src/lib/libc_r/uthread/uthread_cancel.c,v
retrieving revision 1.3.2.4
diff -u -r1.3.2.4 uthread_cancel.c
--- uthread_cancel.c 19 Aug 2001 11:45:58 -0000 1.3.2.4
+++ uthread_cancel.c 30 Apr 2002 22:13:44 -0000
@@ -186,7 +186,8 @@
pthread_testcancel(void)
{
if (((_thread_run->cancelflags & PTHREAD_CANCEL_DISABLE) == 0) &&
- ((_thread_run->cancelflags & PTHREAD_CANCELLING) != 0)) {
+ ((_thread_run->cancelflags & PTHREAD_CANCELLING) != 0) &&
+ ((_thread_run->flags & PTHREAD_EXITING) != 0)) {
/*
* It is possible for this thread to be swapped out
* while performing cancellation; do not allow it
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200204302212.g3UMCeV89274>