sfs reported a python crash in IRC earlier that ended up being due to an oversight in __elf_phdr_match_addr().
Due to __elf_phdr_match_addr() limiting its search to PF_X sections, on the PPC64 ELFv1 ABI, it was never matching function pointers properly.
This meant that libthr was never cleaning up its atfork list in __pthread_cxa_finalize(), so if a library with an atfork handler was unloaded, libthr would crash on the next fork.
Normally, the null pointer check it does before calling the handler would avoid this crash, but, due to PPC64 ELFv1 using function descriptors instead of raw function pointers, a null check against the pointer itself is insufficient, as the pointer itself was not null, it was just pointing at a function descriptor that had been zeroed. (Which is an ABI violation.)
Calling a zeroed function descriptor on PPC64 ELFv1 causes a jump to address 0 with a zeroed r2 and r11.