In our fleet it mostly manifested with tsan builds, which is very sensitive to callback called twice. But I managed to reproduce with code like below of regular builds. With asserts it triggers internal accerts, without them it calls atexit callback twice for the same argument. It very similar to bug 14333, but the fix for that bug just significantly reduced probability of the data race but not eliminated it completely. I reproduced it on 2.27 and head, but I should be reproducible for earlier versions as well. #include <stdatomic.h> #include <stdio.h> #include <stdlib.h> #include <support/xthread.h> #include <sys/wait.h> #include <unistd.h> static atomic_int registered; static atomic_int todo = 100000; static void atexit_cb (void *arg) { --registered; static void *prev; if (arg == prev) { printf ("%p\n", arg); abort (); } prev = arg; while (todo > 0 && registered < 100) ; } int __cxa_atexit (void (*func) (void *), void *arg, void *d); static void *cb_arg = NULL; static void add_handlers (void) { int n = 10; for (int i = 0; i < n; ++i) __cxa_atexit (&atexit_cb, ++cb_arg, 0); registered += n; todo -= n; } static void * thread_func (void *arg) { while (todo > 0) if (registered < 10000) add_handlers (); return 0; } static void test_and_exit (void) { pthread_attr_t attr; xpthread_attr_init (&attr); xpthread_attr_setdetachstate (&attr, 1); xpthread_create (&attr, thread_func, NULL); xpthread_attr_destroy (&attr); while (!registered) ; exit (0); } static int do_test (void) { for (int i = 0; i < 20; ++i) { for (int i = 0; i < 10; ++i) if (fork () == 0) test_and_exit (); int status; while (wait (&status) > 0) { if (!WIFEXITED (status)) { printf ("Failed interation %d\n", i); abort (); } } } exit (0); } #define TEST_FUNCTION do_test #include <support/test-driver.c>
The fix with the test https://sourceware.org/pipermail/libc-alpha/2021-April/125170.html
Fixed atomic usage in the test https://sourceware.org/pipermail/libc-alpha/2021-April/125172.html
Fixed on 2.34.