Opened 2 years ago

Last modified 2 years ago

#18182 new bug

Crash on thread exit if image with TLS object with destructor is unloaded

Reported by: X512 Owned by: nobody
Priority: normal Milestone: Unscheduled
Component: System/runtime_loader Version: R1/Development
Keywords: Cc:
Blocked By: Blocking:
Platform: All

Description

This is hrev56630.

Steps to reproduce:

  1. Dynamically load image that creates TLS object with destructor.
  2. Unload image.
  3. Exit thread. TLS object destructor from unloaded image will be called and cause crash.

Reproduce code attached.

Attachments (1)

LoaderBug2.zip (1.8 KB ) - added by X512 2 years ago.

Download all attachments as: .zip

Change History (6)

by X512, 2 years ago

Attachment: LoaderBug2.zip added

comment:1 by jessicah, 2 years ago

I wonder if adding an implementation of __cxa_thread_exit that can call into runtime_loader directly, would be the right way to do this. Will require updating buildtools once an implementation has been added.

comment:2 by waddlesplash, 2 years ago

We already have thread hooks that call TLS destructors: https://xref.landonf.org/source/xref/haiku/src/system/libroot/os/thread.c#170

So the real problem is that things are not called in the right order.

comment:3 by X512, 2 years ago

No, real problem is that TLS destructors should be called at image unload, not thread exit if image containing TLS variable is unloaded.

comment:4 by jessicah, 2 years ago

Hmm, so does that mean that https://cgit.haiku-os.org/haiku/tree/src/system/runtime_loader/elf.cpp#n773 isn't doing the right thing here, and we should be destroying the TLS block immediately?

Last edited 2 years ago by jessicah (previous) (diff)
Note: See TracTickets for help on using tickets.