Bug 27237 - deadlock in malloc/tst-malloc-stats-cancellation
Summary: deadlock in malloc/tst-malloc-stats-cancellation
Status: RESOLVED FIXED
Alias: None
Product: glibc
Classification: Unclassified
Component: malloc (show other bugs)
Version: 2.33
: P2 critical
Target Milestone: 2.33
Assignee: Not yet assigned to anyone
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-01-25 11:01 UTC by Andreas Schwab
Modified: 2021-01-28 14:07 UTC (History)
4 users (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Schwab 2021-01-25 11:01:34 UTC 
Broken by commit 2682695e5c.

(gdb) thr a a bt

Thread 2 (Thread 0xf7de2b00 (LWP 3534) "tst-malloc-stat"):
#0  futex_wait (private=0, expected=2, futex_word=0xf7f9b700 <main_arena>) at ../sysdeps/nptl/futex-internal.h:146
#1  __lll_lock_wait_private (futex=0xf7f9b700 <main_arena>) at ./lowlevellock.c:35
#2  0xf7e6b144 in realloc_check (oldmem=0x5655a330, bytes=1, caller=0xf7e5cc7d <_IO_mem_finish+45>) at hooks.c:319
#3  0xf7e6c18e in __GI___libc_realloc (oldmem=0x5655a330, bytes=1) at malloc.c:3327
#4  0xf7e5cc7d in _IO_mem_finish (fp=0x5655a1e0, dummy=0) at memstream.c:131
#5  0xf7e53921 in _IO_new_fclose (fp=0x5655a1e0) at libioP.h:947
#6  0x5655680a in buffer_threadproc (argp=0xffffd878) at tst-malloc-stats-cancellation.c:89
#7  0xf7fabdfd in start_thread (arg=0xf7de2b00) at pthread_create.c:473
#8  0xf7ed9bd6 in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:108

Thread 1 (Thread 0xf7de3700 (LWP 3533) "tst-malloc-stat"):
#0  0xf7fb9aa7 in __futex_abstimed_wait_common64 (futex_word=0xf7de2b68, expected=3534, clockid=<optimized out>, abstime=0x0, private=128, cancel=true) at ../sysdeps/nptl/futex-internal.c:74
#1  0xf7fb9b8b in __GI___futex_abstimed_wait_cancelable64 (futex_word=<optimized out>, expected=<optimized out>, clockid=<optimized out>, abstime=0x0, private=128) at ../sysdeps/nptl/futex-internal.c:123
#2  0xf7fad3f9 in __pthread_clockjoin_ex (threadid=<optimized out>, thread_return=0xffffd874, clockid=0, abstime=0x0, block=true) at pthread_join_common.c:102
#3  0xf7fad126 in __pthread_join (threadid=4158532352, thread_return=0xffffd874) at pthread_join.c:24
#4  0x56556332 in main () at tst-malloc-stats-cancellation.c:182
Comment 1 Szabolcs Nagy 2021-01-25 17:20:52 UTC 
i cannot reproduce this.

in fact on i686 there is no difference between stripped libc.so.6, libpthread.so.0, ld-linux.so.2 and tst-malloc-stats-cancellation binaries before and after that commit (as expected: the commit should have no effect on i386).

what binutils/gcc/.. are you using? i have a gcc-10.2 and binutils-2.35

what config options are you using? and what environment in case there is anything relevant.
Comment 3 Szabolcs Nagy 2021-01-26 18:18:39 UTC 
i used the exact same configuration, with a default pie toolchain (since that's what you seem to be using) and still cannot reproduce the issue.

so i guess the problem is in your toolchain/glibc patches.
Comment 5 Andreas Schwab 2021-01-26 18:56:01 UTC 
@@ -57,6 +57,7 @@ SYMBOL TABLE:
 000024e8 l     O .eh_frame     00000000              __FRAME_END__
 00000000 l    df *ABS* 00000000
 00003edc l       .init_array   00000000              __init_array_end
+00002004 l     O .rodata       00000004              _IO_stdin_used
 00003ee0 l     O .dynamic      00000000              _DYNAMIC
 00003ed8 l       .init_array   00000000              __init_array_start
 00002234 l       .eh_frame_hdr 00000000              __GNU_EH_FRAME_HDR
@@ -87,7 +88,6 @@ SYMBOL TABLE:
 00000000  w      *UND* 00000000              __gmon_start__
 00004074 g     O .data 00000000              .hidden __dso_handle
 00000000       F *UND* 00000000              fdopen@@GLIBC_2.1
-00002004 g     O .rodata       00000004              _IO_stdin_used
 00000000       F *UND* 00000000              __libc_start_main@@GLIBC_2.0
 00000000       F *UND* 00000000              fprintf@@GLIBC_2.0
 00001870 g     F .text 0000005d              __libc_csu_init
Comment 6 Andreas Schwab 2021-01-27 09:21:29 UTC 
This is broken everywhere.
Comment 7 Szabolcs Nagy 2021-01-27 09:41:47 UTC 
_IO_stdin_used is defined in csu/init.c which is built as

gcc init.c -c -std=gnu11 -fgnu89-inline  -O2 [...] -D_LIBC_REENTRANT -include /work/build/libc-modules.h -DMODULE_NAME=libc -include ../include/libc-symbols.h  -DPIC     -DTOP_NAMESPACE=glibc -o /work/build/csu/init.o [...]

i think it should have -DLIBC_NONSHARED=1 since crt files end up in dynamic
linked binaries, so that's the actual bug.

on new targets _IO_stdin_used is unused (it's for bw compat with < glibc 2.1).

and the reason i could not reproduce this on i386 is that my gcc is multi
arch and then NO_HIDDEN_EXTERN_FUNC_IN_PIE is set, so the visibility pragma
is not present.
Comment 8 Sourceware Commits 2021-01-27 11:30:24 UTC 
The master branch has been updated by Szabolcs Nagy <nsz@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=df359a25ba6f6bda06104229fbfe284c1fb30915

commit df359a25ba6f6bda06104229fbfe284c1fb30915
Author: Szabolcs Nagy <szabolcs.nagy@arm.com>
Date:   Wed Jan 27 09:44:19 2021 +0000

    Revert "Make libc symbols hidden in static PIE" [BZ #27237]
    
    This reverts commit 2682695e5c7acf1e60dd3b5c3a14d4e82416262c.
    Fixes bug 27237.
    
    That commit turned out to be too intrusive affecting crt files, test
    system and benchmark files.  They should not be affected, but the
    build system does not set the MODULE_NAME and LIBC_NONSHARED reliably.
Comment 9 Adhemerval Zanella 2021-01-28 14:07:10 UTC 
Fixed upstream.