I should mention that Drepper's old implementation and thus uclibc/uclibc-ng's implementations are much simpler and do not have this bug. The musl libc does not have this issue because it puts an upper limit on the number of user-space spins in one try. Unlimited spin should NEVER appear in user space!
I cannot believe that such a highly-reproducible bug is left untouched for nearly a year.
PS: All versions of glibc since 2.25 are affected.