本文主要是介绍记一次pthread_key_create导致的__nptl_deallocate_tsd段错误,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
记一次由于pthread_key_create导致的__nptl_deallocate_tsd。
- 版本:
glibc-2.17 - 完整示例代码
1. 简介
#include <pthread.h>int pthread_key_create(pthread_key_t *key, void (*destructor)(void*));
其中destructor为析构函数,它将在__nptl_deallocate_tsd中被调用。
2. Coredump:__nptl_deallocate_tsd
Thread 2 "a.out" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff77f0700 (LWP 140173)]
__GI___libc_free (mem=0x1) at malloc.c:2941
2941 if (chunk_is_mmapped(p)) /* release mmapped memory. */
(gdb)
(gdb) bt
#0 __GI___libc_free (mem=0x1) at malloc.c:2941
#1 0x00007ffff7bc6c62 in __nptl_deallocate_tsd () at pthread_create.c:155
#2 0x00007ffff7bc6e73 in start_thread (arg=0x7ffff77f0700) at pthread_create.c:314
#3 0x00007ffff78ef88d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
为什么会这样?为什么会执行析构函数。一步一步分析。
首先创建key,这里我们挂入malloc对应的free,因为我们将为每个线程的key使用malloc分配内存:
pthread_key_create(&key, free);
然后创建线程:
pthread_create(&thid1, NULL, thread1, NULL);
在thread1中申请内存并将其设置为该线程的TLS的key值:
int *key_va = malloc(sizeof(int)) ;
*key_va = 2;
pthread_setspecific(key, (void*)key_va);
当线程thread1执行结束后,主线程调用pthread_join回收线程,这时候析构函数将被执行:
pthread_join(thid1, NULL);
这里我在调研过程中,有些文章也讲到,由于key的malloc对应的析构函数被设置为NULL,导致内存泄漏。
当key使用完毕后进行删除:
pthread_key_delete(key);
示例代码见完整示例代码或者文末章节。
那么段错误如何产生呢?
我们还是使用free填充析构函数:
pthread_key_create(&key, free);
但是我将pthread_setspecific入参的value填写问静态变量值:
int key_va = 2;
pthread_setspecific(key, (void*)key_va);
没错,这时候在运行程序并用gdb调试,就会产生文章开头描述的段错误。
3. 不显示调用pthread_key_create的段错误
不显示调用pthread_key_create的程序也可能出错,比如说文末章节的实例sane.c.
不能对开源软件有过高的要求,有bug大家一起解决。
void* scan_thread(void *arg) {SANE_Status status;status = sane_init(NULL, NULL);assert(status == SANE_STATUS_GOOD);const SANE_Device** device_list = NULL;status = sane_get_devices(&device_list, false);assert(status == SANE_STATUS_GOOD);int i;for(i = 0; device_list[i] != NULL; ++i){printf("%s\n", device_list[i]->name);}sane_exit();
}
gdb运行程序,并设置断点:
(gdb) b pthread_key_create
Function "pthread_key_create" not defined.
Make breakpoint pending on future shared library load? (y or [n]) y
Breakpoint 1 (pthread_key_create) pending.
到达断点:
Thread 2 "test.c.out" hit Breakpoint 1, __GI___pthread_key_create (key=key@entry=0x7ffff75c20c0 <key>, destr=destr@entry=0x7ffff73c01f0 <free_key_mem>) at pthread_key_create.c:26
26 {
继续执行,产生段错误:
(gdb) c
Continuing.Thread 2 "test.c.out" hit Breakpoint 1, __GI___pthread_key_create (key=0x7fffe4eb6dc8, destr=0x7fffe4c77600 <cups_globals_free>) at pthread_key_create.c:26
26 {
(gdb) c
Continuing.Thread 2 "test.c.out" received signal SIGSEGV, Segmentation fault.
0x00007fffe4c77600 in ?? ()
(gdb) bt
#0 0x00007fffe4c77600 in ?? ()
#1 0x00007ffff7998c62 in __nptl_deallocate_tsd () at pthread_create.c:155
#2 0x00007ffff7998e73 in start_thread (arg=0x7ffff4168700) at pthread_create.c:314
#3 0x00007ffff76c188d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
(gdb)
这种问题如何解决呢?
- 去除
sane_exit();,但是可能面临内存泄漏的危险; - TODO:走读sane-backends源码,提交patch;
4. 示例代码
4.1. main.c
#include <pthread.h>
#include <stdio.h>
#include <malloc.h>pthread_key_t key;
pthread_t thid1;
pthread_t thid2;#ifndef MALLOC_KEY
#define MALLOC_KEY 0
#endifvoid* thread2(void* arg)
{printf("thread:%lu is running\n", pthread_self());
#if MALLOC_KEY int *key_va = malloc(sizeof(int)) ;*key_va = 2;
#elseint key_va = 2;
#endifpthread_setspecific(key, (void*)key_va);printf("thread:%lu return %d\n", pthread_self(), (int)pthread_getspecific(key));
}void* thread1(void* arg)
{printf("thread:%lu is running\n", pthread_self());#if MALLOC_KEY int *key_va = malloc(sizeof(int)) ;*key_va = 1;
#elseint key_va = 1;
#endifpthread_setspecific(key, (void*)key_va);pthread_create(&thid2, NULL, thread2, NULL);printf("thread:%lu return %d\n", pthread_self(), (int)pthread_getspecific(key));
}int main()
{printf("main thread:%lu is running\n", pthread_self());//如果 pthread_setspecific 传入的是局部变量,//并且 pthread_key_create 传入了析构函数,//那么将产生如下段错误//#0 __GI___libc_free (mem=0x5) at malloc.c:2941//#1 0x00007feb4c550c62 in __nptl_deallocate_tsd () at pthread_create.c:155//#2 0x00007feb4c550e73 in start_thread (arg=0x7feb4c17a700) at pthread_create.c:314//#3 0x00007feb4c27988d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111pthread_key_create(&key, free); //这里会段错误 pthread_create(&thid1, NULL, thread1, NULL);pthread_join(thid1, NULL);pthread_join(thid2, NULL);#if MALLOC_KEY int *key_va = malloc(sizeof(int)) ;*key_va = 2;
#elseint key_va = 2;
#endifpthread_setspecific(key, (void*)key_va);printf("thread:%lu return %d\n", pthread_self(), (int)pthread_getspecific(key));pthread_key_delete(key);printf("main thread exit\n");return 0;
}
4.2. sane.c
此示例参见https://bugzilla.redhat.com/show_bug.cgi?id=1065695。
#include <assert.h>
#include <stdio.h>
#include <pthread.h>
#include <unistd.h>
#include <stdbool.h>
#include <stdlib.h>
#include <malloc.h>
#include <sane/sane.h>#define PTHREAD_STACK_MIN 16384void* scan_thread(void *arg) {SANE_Status status;status = sane_init(NULL, NULL);assert(status == SANE_STATUS_GOOD);const SANE_Device** device_list = NULL;status = sane_get_devices(&device_list, false);assert(status == SANE_STATUS_GOOD);int i;for(i = 0; device_list[i] != NULL; ++i){printf("%s\n", device_list[i]->name);}sane_exit();
}int main()
{ pthread_t t;pthread_attr_t attr;void *stackAddr = NULL;int paseSize = getpagesize();size_t stacksize = paseSize*4;pthread_attr_init(&attr);posix_memalign(&stackAddr, paseSize, stacksize);pthread_attr_setstack(&attr, stackAddr, stacksize);pthread_create(&t, NULL, scan_thread, NULL);pthread_join(t, NULL);return 0;
}
这篇关于记一次pthread_key_create导致的__nptl_deallocate_tsd段错误的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
