I have a core dump file where pthread_mutex_destroy() has returned an error, probably because in the pthread_mutex_t data structure the __nusers field is set to 4294967295 (0xFFFFFFFF). Here are the full values:
mMutex = {
__data = {
__lock = 0,
__count = 0,
__owner = 0,
__nusers = 4294967295,
__kind = 1,
__spins = 0,
__elision = 0,
__list = {
__prev = 0x0,
__next = 0x0
}
},
__size = '\000' <repeats 12 times>, "\377\377\377\377\001", '\000' <repeats 22 times>,
__align = 0
}
This is a recursive mutex. The code is running on a RHEL 8 system.
So at first glance this looks like __nusers was somehow decremented once too often. But I don't see how this could happen - calling pthread_mutex_unlock() without locking first leaves the __nusers count at 0 (it returns EPERM, but there shouldn't be any undefined behavior involved for a recursive mutex).
Under what circumstances would __nusers become essentially "negative"?