Bug 12926 - getaddrinfo()/make_request() may spin forever
Summary: getaddrinfo()/make_request() may spin forever
Alias: None
Product: glibc
Classification: Unclassified
Component: network (show other bugs)
Version: 2.13
: P2 normal
Target Milestone: 2.23
Assignee: Florian Weimer
Depends on:
Reported: 2011-06-23 16:50 UTC by Paul Pluzhnikov
Modified: 2019-12-03 13:34 UTC (History)
8 users (show)

See Also:
Last reconfirmed:
fweimer: security-

check_pk deadlock (2.70 KB, text/plain)
2019-12-03 04:58 UTC, wang danny
check_pf deadlock (2.52 KB, text/plain)
2019-12-03 04:59 UTC, wang danny

Note You need to log in before you can comment on or make changes to this bug.
Description Paul Pluzhnikov 2011-06-23 16:50:54 UTC
I am not sure whether this is a kernel bug or a glibc bug.

Even if it is a kernel bug, it might be wise to fix it in glibc, since
buggy kernels are observed "in the wild".

Over last two weeks, we observed several Java programs that have a thread
spinning here:

#0  0xf7717430 in __kernel_vsyscall ()
#1  0xf757e448 in recvmsg () at ../sysdeps/unix/sysv/linux/i386/socket.S:97
#2  0xf76797a6 in make_request (fd=1590, pid=<value optimized out>, seen_ipv4=0x7dceea7b, seen_ipv6=0x7dceea7a, in6ai=0x7dceea70, in6ailen=0x7dceea6c) at ../sysdeps/unix/sysv/linux/check_pf.c:123
#3  0xf7679bd4 in __check_pf (seen_ipv4=0x7dceea7b, seen_ipv6=0x7dceea7a, in6ai=0x7dceea70, in6ailen=0x7dceea6c) at ../sysdeps/unix/sysv/linux/check_pf.c:275
#4  0xf761ff4c in getaddrinfo (name=0x988f330 "<a-valid-host-name>", service=0x0, hints=0x7dceeaf8, pai=0x7dceeb18) at ../sysdeps/posix/getaddrinfo.c:2109

strace shows un-ending stream of recvmsg() calls, which all return 0.

Looking in check_pf.c, it seems clear that if recvmsg() keeps returning 0,
then the for() loop on line 131 (current git source) will not execute,
and the do-while loop on line 113 will spin forever.

We do not know what conditions provoke the kernel (2.6.34-smp and 2.6.26-smp
have been observed) to return zero here, and the problem is not repeatable
on the same machine.

The following patch will make make_request() fail under these conditions.
Not sure whether that's the right thing to do.

diff --git a/sysdeps/unix/sysv/linux/check_pf.c b/sysdeps/unix/sysv/linux/check_pf.c
index c053adc..47cf034 100644
--- a/sysdeps/unix/sysv/linux/check_pf.c
+++ b/sysdeps/unix/sysv/linux/check_pf.c
@@ -121,7 +121,7 @@ make_request (int fd, pid_t pid, bool *seen_ipv4, bool *seen_ipv6,
       ssize_t read_len = TEMP_FAILURE_RETRY (__recvmsg (fd, &msg, 0));
-      if (read_len < 0)
+      if (read_len <= 0)
        goto out_fail;
       if (msg.msg_flags & MSG_TRUNC)
Comment 1 Paul Pluzhnikov 2011-07-16 05:42:43 UTC
Further investigation showed that this is most likely an application (Java NIO actually) bug.

It appears that NIO, under some conditions, may execute the following sequence of calls:

1. accept(...) = N
2. close(N)
3. dup2(X, N) = N

which opens a race: if between 2 and 3 another thread opens N (e.g. a NETLINK socket), that thread will lose.

In our case, the victim happened to be DNS resolver thread.

Since there is nothing glibc can really do to protect itself from such application code, resolving as invalid.
Comment 2 Rich Felker 2011-07-17 03:32:00 UTC
Applications with this bug can be fixed not to close the old file descriptor before using dup2 to replace it. If there is no old file descriptor, fcntl/F_DUPFD can be used as a non-destructive dup2 that will choose the next available fd >= the requested fd if the requested fd is taken.
Comment 3 James E. King, III 2014-09-12 13:49:20 UTC
I recently discovered root cause of an issue I was investigating to the same root cause described in Paul's original report below.  Regardless of whether the application is behaving correctly, the documentation for recvmsg clearly states:


  These calls return the number of bytes received, or -1 if an error occurred.
  The return value will be 0 when the peer has performed an orderly shutdown.


It would make sense that once one received zero as a result, subsequent calls would also return zero, and that is exactly what was reported - an infinite loop.  A fix was provided that appears correct however the defect was closed as invalid.  I'd like to request this be re-opened and the fix proposed be implemented.  

There are potentially more reasons than what was suggested in post number two as to why zero could be returned.  There is evidence in other net posts that changing the networking configuration of the system (administrative or automatically) during the operation could cause this.

This code defect exists at least in eglibc-2.15 through eglibc-2.19.
Comment 4 Sourceware Commits 2014-10-14 16:05:31 UTC
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  fda389c8f0311dd5786be91a7b54b9f935fcafa1 (commit)
      from  fcb32af153a745414b0d949e707c9485ab77d6ba (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------

commit fda389c8f0311dd5786be91a7b54b9f935fcafa1
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date:   Tue Oct 14 21:05:33 2014 +0530

    Fix infinite loop in check_pf (BZ #12926)
    The recvmsg could return 0 under some conditions and cause the
    make_request function to be stuck in an infinite loop.
    Thank you Jim King <jim.king@simplivity.com> for posting Paul's patch
    on the list.


Summary of changes:
 ChangeLog                          |    6 ++++++
 NEWS                               |    2 +-
 sysdeps/unix/sysv/linux/check_pf.c |    2 +-
 3 files changed, 8 insertions(+), 2 deletions(-)
Comment 5 Siddhesh Poyarekar 2014-10-14 16:06:53 UTC
Fixed in master.
Comment 6 Sourceware Commits 2015-02-06 15:37:08 UTC
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The annotated tag, glibc-2.21 has been created
        at  dee233133daf497cdb3a507a7da9d88414820a1f (tag)
   tagging  4e42b5b8f89f0e288e68be7ad70f9525aebc2cff (commit)
  replaces  glibc-2.20
 tagged by  Carlos O'Donell
        on  Fri Feb 6 01:42:58 2015 -0500

- Log -----------------------------------------------------------------
The GNU C Library

The GNU C Library version 2.21 is now available.

The GNU C Library is used as *the* C library in the GNU system and
in GNU/Linux systems, as well as many other systems that use Linux
as the kernel.

The GNU C Library is primarily designed to be a portable
and high performance C library.  It follows all relevant
standards including ISO C11 and POSIX.1-2008.  It is also
internationalized and has one of the most complete
internationalization interfaces known.

The GNU C Library webpage is at http://www.gnu.org/software/libc/

Packages for the 2.21 release may be downloaded from:

The mirror list is at http://www.gnu.org/order/ftp.html

NEWS for version 2.21

* The following bugs are resolved with this release:

  6652, 10672, 12674, 12847, 12926, 13862, 14132, 14138, 14171, 14498,
  15215, 15378, 15884, 16009, 16418, 16191, 16469, 16576, 16617, 16618,
  16619, 16657, 16740, 16857, 17192, 17266, 17273, 17344, 17363, 17370,
  17371, 17411, 17460, 17475, 17485, 17501, 17506, 17508, 17522, 17555,
  17570, 17571, 17572, 17573, 17574, 17582, 17583, 17584, 17585, 17589,
  17594, 17601, 17608, 17616, 17625, 17630, 17633, 17634, 17635, 17647,
  17653, 17657, 17658, 17664, 17665, 17668, 17682, 17702, 17717, 17719,
  17722, 17723, 17724, 17725, 17732, 17733, 17744, 17745, 17746, 17747,
  17748, 17775, 17777, 17780, 17781, 17782, 17791, 17793, 17796, 17797,
  17801, 17803, 17806, 17834, 17844, 17848, 17868, 17869, 17870, 17885,

* CVE-2015-1472 Under certain conditions wscanf can allocate too little
  memory for the to-be-scanned arguments and overflow the allocated
  buffer.  The implementation now correctly computes the required buffer
  size when using malloc.

* A new semaphore algorithm has been implemented in generic C code for all
  machines. Previous custom assembly implementations of semaphore were
  difficult to reason about or ensure that they were safe. The new version
  of semaphore supports machines with 64-bit or 32-bit atomic operations.
  The new semaphore algorithm is used by sem_init, sem_open, sem_post,
  sem_wait, sem_timedwait, sem_trywait, and sem_getvalue.

* Port to Altera Nios II has been contributed by Mentor Graphics.

* Optimized strcpy, stpcpy, strncpy, stpncpy, strcmp, and strncmp
  implementations for powerpc64/powerpc64le.
  Implemented by Adhemerval Zanella (IBM).

* Added support for TSX lock elision of pthread mutexes on powerpc32, powerpc64
  and powerpc64le.  This may improve lock scaling of existing programs on
  HTM capable systems.  The lock elision code is only enabled with
  --enable-lock-elision=yes.  Also, the TSX lock elision implementation for
  powerpc will issue a transaction abort on every syscall to avoid side
  effects being visible outside transactions.

* Optimized strcpy, stpcpy, strchrnul and strrchr implementations for
  AArch64.  Contributed by ARM Ltd.

* i386 memcpy functions optimized with SSE2 unaligned load/store.

* CVE-2104-7817 The wordexp function could ignore the WRDE_NOCMD flag
  under certain input conditions resulting in the execution of a shell for
  command substitution when the applicaiton did not request it. The
  implementation now checks WRDE_NOCMD immediately before executing the
  shell and returns the error WRDE_CMDSUB as expected.

* CVE-2012-3406 printf-style functions could run into a stack overflow when
  processing format strings with a large number of format specifiers.

* CVE-2014-9402 The nss_dns implementation of getnetbyname could run into an
  infinite loop if the DNS response contained a PTR record of an unexpected

* The minimum GCC version that can be used to build this version of the GNU
  C Library is GCC 4.6.  Older GCC versions, and non-GNU compilers, can
  still be used to compile programs using the GNU C Library.

* The GNU C Library is now built with -Werror by default.  This can be
  disabled by configuring with --disable-werror.

* New locales: tu_IN, bh_IN, raj_IN, ce_RU.

* The obsolete sigvec function has been removed.  This was the original
  4.2BSD interface that inspired the POSIX.1 sigaction interface, which
  programs have been using instead for about 25 years.  Of course, ABI
  compatibility for old binaries using sigvec remains intact.

* Merged gettext 0.19.3 into the intl subdirectory.  This fixes building
  with newer versions of bison.

* Support for MIPS o32 FPXX, FP64A and FP64 ABI Extensions.
  The original MIPS o32 hard-float ABI requires an FPU where double-precision
  registers overlay two consecutive single-precision registers.  MIPS32R2
  introduced a new FPU mode (FR=1) where double-precision registers extend the
  corresponding single-precision registers which is incompatible with the
  o32 hard-float ABI.  The MIPS SIMD ASE and the MIPSR6 architecture both
  require the use of FR=1 making a transition necessary.  New o32 ABI
  extensions enable users to migrate over time from the original o32 ABI
  through to the updated o32 FP64 ABI.  To achieve this the dynamic linker now
  tracks the ABI of any loaded object and verifies that new objects are
  compatible.  Mode transitions will also be requested as required and
  unsupportable objects will be rejected.  The ABI checks include both soft and
  hard float ABIs for o32, n32 and n64.

  GCC 5 with GNU binutils 2.25 onwards:
  It is strongly recommended that all o32 system libraries are built using the
  new o32 FPXX ABI (-mfpxx) to facilitate the transition as this is compatible
  with the original and all new o32 ABI extensions.  Configure a MIPS GCC
  compiler using --with-fp-32=xx to set this by default.


This release was made possible by the contributions of many people.
The maintainers are grateful to everyone who has contributed
changes or bug reports.  These include:

Adhemerval Zanella
Alan Hayward
Alexandre Oliva
Allan McRae
Anders Kaseorg
Andreas Krebbel
Andreas Schwab
Andrew Pinski
Andrew Senkevich
Anton Blanchard
Arjun Shankar
Aurelien Jarno
Brooks Moses
Carlos O'Donell
Chris Metcalf
Chung-Lin Tang
David Holsgrove
David S. Miller
Eric Biggers
Florian Weimer
Gratian Crisan
H.J. Lu
J. Brown
James Lemke
Jeff Law
Jose E. Marchesi
Joseph Myers
Kaz Kojima
Kostya Serebryany
Leonhard Holz
Ma Shimiao
Maciej W. Rozycki
Marcus Shawcroft
Marek Polacek
Martin Sebor
Matthew Fortune
Mike Frysinger
Ondřej Bílka
Paul Eggert
Paul Pluzhnikov
Petar Jovanovic
Pravin Satpute
Rajalakshmi Srinivasaraghavan
Rasmus Villemoes
Renlin Li
Richard Earnshaw
Richard Henderson
Roland McGrath
Ryan Cumming
Samuel Thibault
Siddhesh Poyarekar
Stefan Liebler
Steve Ellcey
Tatiana Udalova
Tim Lammens
Tom de Vries
Torvald Riegel
Vladimir A. Nazarenko
Wilco Dijkstra
Will Newton
Version: GnuPG v1


Adhemerval Zanella (35):
      PowerPC: multiarch bzero cleanup for PPC64
      PowerPC: memset optimization for POWER8/PPC64
      powerpc: remove linux lowlevellock.h
      powerpc: Fix encoding of POWER8 instruction
      powerpc: Simplify encoding of POWER8 instruction
      libio: Refactor tst-fmemopen to use test-skeleton.c
      powerpc: Fix missing barriers in atomic_exchange_and_add_{acq,rel}
      powerpc: Add powerpc64 strspn optimization
      powerpc: Add powerpc64 strcspn optimization
      powerpc: Add powerpc64 strpbrk optimization
      libio: Fix buffer overrun in tst-ftell-active-handler
      libio: Fix variable aligment in tst-ftell-active-handler
      powerpc: Fix lgammal_r overflow warnings
      Fix __sendmmsg prototype guards
      stdio-common: Include <libc-internal.h> in some tests
      Function declaration cleanup
      mips: Fix __libc_pread prototype
      powerpc: Fix compiler warning on some syscalls
      powerpc: Add the lock elision using HTM
      powerpc: Add adaptive elision to rwlocks
      powerpc: abort transaction in syscalls
      powerpc: Fix Copyright dates and CL entry
      Add x86 32 bit vDSO time function support
      powerpc: Optimized st{r,p}cpy for POWER8/PPC64
      powerpc: Optimized strcat for POWER8/PPC64
      powerpc: Optimized strncat for POWER7/PPC64
      powerpc: Optimized st{r,p}ncpy for POWER8/PPC64
      powerpc: Optimized strcmp for POWER8/PPC64
      powerpc: Optimized strncmp for POWER8/PPC64
      powerpc: Fix POWER7/PPC64 performance regression on LE
      BZ #16418: Fix powerpc get_clockfreq raciness
      powerpc: Fix ifuncmain6pie failure with GCC 4.9
      powerpc: Fix powerpc64 build failure with binutils 2.22
      powerpc: Fix fsqrt build in libm [BZ#16576]
      powerpc: Fix fesetexceptflag [BZ#17885]

Alan Hayward (1):
      [AArch64] Add ipc.h.

Alexandre Oliva (6):
      Require check-safety.sh to pass; wish for check that all fns are documented
      manual: cuserid is mtasurace if not passed a string
      ctermid: return string literal, document MT-Safety pitfall
      BZ#14498: fix infinite loop in nss_db_getservbyname
      BZ#16469: don't drop trailing dot in res_nquerydomain(..., name, NULL, ...)
      BZ#16469: resolv: skip leading dot in domain to search

Allan McRae (5):
      Open development for 2.21
      Update Russian translation
      Update French translation
      stdio-common/Makefile: readd bug26 testcase
      Label CVE-2014-9402 in NEWS

Anders Kaseorg (2):
      manual: Remove incorrect claim that qsort() can be stabilized
      manual: Correct guarantee about pointers compared by qsort()

Andreas Krebbel (2):
      stdlib/longlong.h: Add __udiv_w_sdiv prototype.
      iconv: Suppress array out of bounds warning.

Andreas Schwab (20):
      Handle zero prefix length in getifaddrs (BZ #17371)
      Fix misdetected Slow_SSE4_2 cpu feature bit (bug 17501)
      Don't error out writing a multibyte character to an unbuffered stream (bug 17522)
      Remove unused include
      m68k: don't expect PLT reference to __tls_get_addr
      Don't touch user-controlled stdio locks in forked child (bug 12847)
      Update NEWS
      Remove duplication from gconv-modules
      Properly handle forced elision in pthread_mutex_trylock (bug 16657)
      Remove obsolete comment
      Constify string parameters
      Fix printf format error
      Fix changelog typo
      m68k: remove @PLTPC from _dl_init call
      Remove 17581 from NEWS
      m68k: force inlining bswap functions
      m68k: fix missing definition of __feraiseexcept
      m68k/coldfire: avoid warning about volatile register variables
      ia64: avoid set-but-not-used warning
      Include <signal.h> in sysdeps/nptl/allocrtsig.c

Andrew Pinski (1):
      AArch64: Reformat inline-asm in elf_machine_load_address

Andrew Senkevich (4):
      Update minimal required bunutils version to 2.22
      i386: memcpy functions with SSE2 unaligned load/store
      i386: Fix build by GCC 5.0
      Remove duplicated -frounding-math

Anton Blanchard (1):
      powerpc: Fix __arch_compare_and_exchange_bool_64_rel

Arjun Shankar (6):
      New test for ftime
      Write errors to stdout and not stderr in nptl/tst-setuid3.c
      Modify several tests to use test-skeleton.c
      Modify stdio-common/tst-fseek.c to use test-skeleton.c
      Modify stdlib/tst-bsearch.c to use test-skeleton.c
      Modify libio/tst-fopenloc.c to use test-skeleton.c

Aurelien Jarno (2):
      resolv: improve comments about nserv and nservall
      resolv: fix rotate option

Bram (1):
      Fix segmentation fault when LD_LIBRARY_PATH contains only non-existings paths

Brooks Moses (1):
      sysdeps/x86_64/start.S doesn't have a .size elf directive for _start.

Carlos O'Donell (22):
      HPPA: Transition to new non-addon NPTL.
      HPPA: Add c++-types.data.
      Correctly size profiling reloc table (bug 17411)
      hppa: Make __SIGRTMIN 32 (ABI break).
      elf/dl-load.c: Use __strdup.
      manual/llio.texi: Add Linux-specific comments for write().
      Run check-localpltk/textrel/execstack over ld.so.
      manual/llio.texi: Comment on write atomicity.
      CVE-2014-7817: wordexp fails to honour WRDE_NOCMD.
      Expand comments in elf/ldconfig.c (search_dir)
      Use ALIGN_UP in nptl/nptl-init.c
      Fix indenting in bits/ioctl-types.h.
      Update libc.pot:
      Regenerate INSTALL.
      Fix semaphore destruction (bug 12674).
      Fix recursive dlopen.
      tst-getpw: Rewrite.
      Update copyright year to 2015 for new files.
      hppa: Remove warnings and fix conformance errors.
      glibc 2.21 pre-release update.
      hppa: Sync with pthread.h.
      Update version.h and include/features.h for 2.21 release

Chris Metcalf (32):
      tile: remove linux lowlevellock.h
      tilegx: optimize string copy_byte() internal function
      tilegx: provide optimized strnlen, strstr, and strcasestr
      tile: add support for _SC_LEVEL*CACHE* sysconf() queries
      tile: optimize memcmp
      tile: make the prolog of clone() more conformant
      tile: add clock_gettime support via vDSO
      tile: fix copyright header blocks in just-committed files
      tile: add inhibit_loop_to_libcall to string functions
      math: increase timeout for math/atest-*.c
      iconvdata/tst-loading: bump up timeout to 10s
      tilegx: fix strstr to build and link better
      tile: provide localplt.data with __tls_get_addr optional
      tile: remove localplt.data and use generic one again.
      tile: separate ffsll from ffs
      Update NEWS and ChangeLog with two tile bug fixes.
      tilegx: remove implicit boolean conversion in strstr.
      Fix namespace conformance issue with Bessel functions.
      NEWS: mention bug fix for 17747.
      tilegx: enable wordsize-64 support for ieee745 dbl-64.
      tilegx32: avoid a a -Werror warning from unwinding
      tilegx: fix sysdep.h to avoid a redefinition warning
      linux/clock_settime: remove unnecessary vDSO definitions
      tile: add no-op fe*() routines for libc internal use
      posix/Makefile: use $(objpfx) for files in before-compile.
      tile: prefer inlines to macros in math_private.h.
      Fix a couple of -Wundef warnings.
      Fix some warnings in the absence of FP round/exception support
      lround: provide cast for wordsize-64 version if needed
      tile: check error properly for vDSO calls
      posix/regcomp: initialize union structure tag to avoid warning
      tilegx32: set __HAVE_64B_ATOMICS to 0

Chung-Lin Tang (4):
      Add Nios II definitions to elf/elf.h.
      Remove divide from _ELF_DYNAMIC_DO_RELOC in elf/dynamic-link.h.
      Commit nios2 port to master.
      Function name typo error in non-PIC case, fixed in this patch.

David Holsgrove (3):
      MicroBlaze: Fix integer-pointer conversion warning
      MicroBlaze: Fix volatile-register-var warning in READ_THREAD_POINTER
      MicroBlaze: Avoid pointer to integer conversion warning

David S. Miller (6):
      Fix sparc build.
      Fix array bounds warnings in elf_get_dyanmic_info() on sparc with gcc-4.6
      Fix soft-fp build warning on sparc about strict aliasing.
      Fix scanf15.c testsuite build on sparc.
      Fix sparc semaphore implementation after recent changes.
      Fix two bugs in sparc atomics.

Eric Biggers (1):
      setenv fix memory leak when setting large, duplicate string (BZ #17658)

Florian Weimer (6):
      Turn on -Werror=implicit-function-declaration
      malloc: additional unlink hardening for non-small bins [BZ #17344]
      Complete the removal of __gconv_translit_find
      Update NEWS for bug 17608
      Avoid infinite loop in nss_dns getnetbyname [BZ #17630]
      iconvdata/run-iconv-test.sh: Actually test iconv modules

Gratian Crisan (1):
      arm: Re-enable PI futex support for ARM kernels >= 3.14.3

H.J. Lu (27):
      Require autoconf 2.69
      Resize DTV if the current DTV isn't big enough
      Mention fix for PR 13862
      Replace 1L with (mp_limb_t) 1
      Compile s_llround.c with -Wno-error for x32 build
      Replace -Wno-error with -fno-builtin-lround
      Remove @PLT from "call _dl_init@PLT" in _dl_start_user
      Add hidden __tls_get_addr/___tls_get_addr alias
      Replace %ld with %jd and cast to intmax_t
      Replace %ld with %jd and cast to intmax_t
      Replace %ld with %jd and cast to intmax_t
      Replace %ld with %jd and cast to intmax_t
      Replace %ld/%lu with %jd/%ju and cast to intmax_t/uintmax_t
      Replace %ld with %jd and cast to intmax_t
      Replace %ld with %jd and cast to intmax_t
      Replace %ld with %jd and cast to intmax_t
      Replace %ld with %jd and cast to intmax_t
      Mention fix for BZ #17732
      Mention i386 memcpy with SSE2 unaligned load/store
      Don't check PI_STATIC_AND_HIDDEN in i386 dl-machine.h
      Define CLOCKS_PER_SEC type to the type clock_t
      Mention bug fix for BZ #17806
      Use uint64_t and (uint64_t) 1 for 64-bit int
      Also use uint64_t in __new_sem_wait_fast
      Treat model numbers 0x4a/0x4d as Silvermont
      Also treat model numbers 0x5a/0x5d as Silvermont
      Use AVX unaligned memcpy only if AVX2 is available

J. Brown (1):
      Recognize recent x86 CPUs in string.h

James Lemke (2):
      Fix for test "malloc_usable_size: expected 7 but got 11"
      Fix for test "malloc_usable_size: expected 7 but got 11"

Jeff Law (1):
      CVE-2012-3406: Stack overflow in vfprintf [BZ #16617]

Jose E. Marchesi (1):
      Fix sparc struct fpu definition.

Joseph Myers (141):
      Add new Linux 3.16 constants to netinet/udp.h.
      Move architecture-specific shlib-versions entries to sysdeps files.
      Move OS-specific shlib-versions entries to sysdeps files.
      Use %ifdef in sysdeps/unix/sysv/linux/powerpc/powerpc64/shlib-versions.
      Remove configuration name patterns from shlib-versions.
      Remove bitrotten --enable-oldest-abi (bug 6652).
      soft-fp: Correct _FP_TO_INT formatting.
      soft-fp: Fix comment formatting.
      Move some setrlimit definitions to syscalls.list (bug 14138).
      Clean up gnu/lib-names.h generation (bug 14171).
      Remove shlib-versions entries redundant with DEFAULT entries.
      Run tst-ld-sse-use.sh with bash.
      Move some *at definitions to syscalls.list (bug 14138).
      Move execve to syscalls.list (bug 14138).
      Move some chown / lchown / fchown definitions to syscalls.list (bug 14138).
      Support and use mixed compat/non-compat aliases in syscalls.list.
      Don't use INTUSE with __adjtimex (bug 14132).
      soft-fp: Remove FP_CLEAR_EXCEPTIONS.
      soft-fp: Make extensions of subnormals from XFmode to TFmode signal underflow if traps enabled.
      soft-fp: Refactor exception handling for comparisons.
      soft-fp: Fix _FP_TO_INT latent bug in overflow handling.
      soft-fp: Add FP_DENORM_ZERO.
      Remove stray *_internal aliases (bug 14132).
      Don't use INTDEF/INTUSE with __cxa_atexit (bug 14132).
      soft-fp: Support more precise "invalid" exceptions.
      soft-fp: Support rsigned == 2 in _FP_TO_INT.
      soft-fp: Use parentheses around macro arguments.
      Don't use INTVARDEF/INTUSE with __libc_enable_secure (bug 14132).
      conformtest: clean up POSIX expections for sys/utsname.h, sys/wait.h.
      Move readv and writev definitions to syscalls.list (bug 14138).
      Don't use INTDEF with __ldexpf (bug 14132).
      Don't use INTDEF for powerpc32 compat symbols (bug 14132).
      Move some chown / lchown / fchown definitions to syscalls.list (bug 14138).
      Move get*id and getgroups definitions to syscalls.list (bug 14138).
      Move setfsgid/setfsuid definitions to syscalls.list (bug 14138).
      Don't use INTDEF/INTUSE in unwind-dw2-fde.c (bug 14132).
      Remove __libc_creat function name.
      Remove __libc_readv and __libc_writev function names.
      Move powerpc64 pread/pwrite definitions to syscalls.list (bug 14138).
      Add bug 15215 to NEWS; move bug 17344 to correct version's list in NEWS.
      Remove __libc_pselect alias.
      Update autoconf version requirement in install.texi.
      Make aclocal.m4 comment mention updating install.texi for autoconf version.
      Remove __libc_nanosleep function name.
      soft-fp: Add _FP_TO_INT_ROUND.
      Don't use INTDEF/INTUSE with _dl_argv (bug 14132).
      Don't use INTDEF/INTUSE with _dl_init (bug 14132).
      Don't use INTDEF/INTUSE with _dl_mcount (bug 14132).
      Remove INTDEF / INTUSE / INTVARDEF (bug 14132).
      Remove __libc_waitpid function name.
      Fix tzfile.c namespace (bug 17583).
      Fix __getcwd rewinddir namespace (bug 17584).
      Fix malloc_info namespace (bug 17570).
      Fix qsort_r namespace (bug 17571).
      Fix x86_64 rawmemchr namespace (bug 17572).
      Fix stpcpy / mempcpy namespace (bug 17573).
      Fix __printf_fp wmemset namespace (bug 17574).
      Fix __get_nprocs fgets_unlocked namespace (bug 17582).
      Fix locale memmem namespace (bug 17585).
      Fix localealias.c fgets_unlocked namespace (bug 17589).
      Add tests for namespace for static linking.
      Fix strtoll / strtoull namespace for 32-bit (bug 17594).
      Use prototype definition for __strtol.
      Fix build of C mempcpy and stpcpy.
      Require GCC 4.6 or later to build glibc.
      Only declare __sigpause in installed signal.h when necessary.
      Remove ARM __GNUC_PREREQ(4,4) conditionals.
      Remove x86_64 __GNUC_PREREQ (4, 6) conditional.
      Fix libm mpone, mptwo namespace (bug 17616).
      Fix perror fileno namespace (bug 17633).
      Fix warning in posix/bug-regex31.c.
      Fix warning in stdio-common/tst-printf-round.c.
      Fix warning in setjmp/jmpbug.c.
      Fix test-strchr.c warnings for wide string testing.
      Remove TEST_IFUNC, tests-ifunc and *-ifunc.c tests.
      Fix warnings in fwscanf / rewind tests.
      FIx ldbl-128ibm frexpl for 32-bit systems (bug 16619, bug 16740).
      Fix sysdeps/unix/sysv/linux/arm/libc-do-syscall.S warning.
      Fix nptl/tst-cancel-self-cancelstate.c warning.
      Fix sysdeps/mips/__longjmp.c warning.
      Avoid warnings for unused results in nscd/connections.c.
      Fix nss/tst-nss-test1.c format warning.
      Fix stdio-common/tst-fmemopen.c format warnings.
      Fix dlfcn/failtestmod.c warning.
      Fix libio/bug-ungetwc1.c warning.
      Avoid deprecated sigblock in misc/tst-pselect.c.
      Make linknamespace tests check only relevant libraries.
      Fix elf/tst-unique4lib.cc warning.
      Fix fgets_unlocked namespace issues (bug 17664).
      Remove excess declarations from unistd.h for XPG3/XPG4 (bug 17665).
      Fix warning in posix/tst-getopt_long1.c.
      Fix -Waddress warnings in nptl/tst-mutex1.c.
      Fix warning in nptl/tst-stack4.c.
      Fix getifaddrs, freeifaddrs namespace (bug 17668).
      Remove some linknamespace test XFAILs.
      Fix linknamespace getdate_err handling.
      Fix linknamespace h_errno handling.
      Fix pthreads getrlimit, gettimeofday namespace (bug 17682).
      Add macros for diagnostic control, use for scanf %a tests.
      Disable -Wdiv-by-zero for some tests in stdio-common/tst-unlockedio.c.
      Disable -Wdeprecated-declarations for register_printf_function calls in tst-printfsz.c.
      Use -Werror by default, add --disable-werror.
      Fix tst-ftell-active-handler.c warning.
      Fix strftime wcschr namespace (bug 17634).
      Fix MIPS sigaction build.
      Fix MIPS waitid build.
      Clean up localedata tests printf formats, don't use -Wno-format.
      Add more headers to include/ for conform tests.
      Move semaphore.h to sysdeps/pthread/.
      Remove some semaphore.h linknamespace XFAILs.
      Fix resolver if_* namespace (bug 17717).
      Fix x86_64 memrchr namespace (bug 17719).
      Fix resolver inet_* namespace (bug 17722).
      Fix profil_counter namespace (bug 17725).
      Fix resolver bind, getsockname namespace (bug 17733).
      Split __kernel_standard* functions (fixes bug 17724).
      Make __ASSUME_UTIMES hppa-specific.
      Fix libm feraiseexcept namespace (bug 17723).
      Clean up powerpc fegetround / __fegetround inlines.
      Fix libm fegetenv namespace (bug 17748).
      Update copyright dates with scripts/update-copyrights.
      Update copyright dates not handled by scripts/update-copyrights.
      Use single year in copyright notice in banner in ntpl/version.c.
      Fix MIPS bits/fcntl.h namespace (bug 17780).
      Fix MIPS sa_flags type (bug 17781).
      Fix MIPS TIOCSER_TEMT namespace (bug 17782).
      Fix libm fegetround namespace (bug 17748).
      Fix wordsize-64 posix_fadvise64, posix_fallocate64 namespace (bug 17777).
      Fix isblank / isascii / toascii namespace (bug 17635).
      Fix ARM posix_fadvise64 namespace (bug 17793).
      Fix MIPS n64 posix_fadvise namespace (bug 17796).
      Fix libm feholdexcept namespace (bug 17748).
      Fix libm fesetenv namespace (bug 17748).
      Fix libm fesetround namespace (bug 17748).
      Fix libm feupdateenv namespace (bug 17748).
      Fix ldbl-96 scalblnl for subnormal arguments (bug 17834).
      Fix ldbl-96 scalblnl underflowing results (bug 17803).
      Fix powerpc-nofpu fesetenv namespace (bug 17748).
      soft-fp: Use __label__ for all labels within macros.
      Disable 64-bit atomics for MIPS n32.

Kaz Kojima (1):
      * Fix SH specific compiler warnings which are for integer-pointer

Kostya Serebryany (3):
      remove nested function hack_digit
      remove nested functions from elf/dl-deps.c
      remove nested functions from elf/dl-load.c

Leonhard Holz (4):
      strcoll: improve performance by removing the cache (#15884)
      Fix tst-strcoll-overflow returning before timeout (BZ #17506)
      Speed up strcoll by inlining
      Fix memory handling in strxfrm_l [BZ #16009]

Ma Shimiao (1):
      manual: fix addmntent's MT-Safety race annotation

Maciej W. Rozycki (1):
      MIPS: Avoid a dangling `vfork@GLIBC_2.0' reference

Marcus Shawcroft (1):
      Fix ChangeLog formatting of previous commit.

Marek Polacek (1):
      Fix tst_wcscpy.c test.

Martin Sebor (1):
      Clarify math/README.libm-test. Add "How to read the test output."

Matthew Fortune (5):
      Add a hook to enable load-time inspection of program headers
      Add support for MIPS O32 FPXX and .MIPS.abiflags
      Fix MIPS variable PAGE_SIZE bug (16191)
      NEWS for MIPS ABIs
      MicroBlaze: Fix BZ17791 - Remove fixed page size macros and others

Mike Frysinger (1):
      arm: drop EABI check

Ondřej Bílka (8):
      Sync recvmmsg prototype with kernel usage.
      Fix typo in changelog.
      Return allocated array instead of unallocated.
      Simplify strncat.
      Clean up check_pf allocation pattern. addresses
      Add changelog
      Suppress warning in string/tester.c for gcc 4.9
      Revert "Suppress warning in string/tester.c for gcc 4.9"

Paul Eggert (1):
      fnmatch: work around GCC compiler warning bug with uninit var

Paul Pluzhnikov (1):
      CVE-2015-1472: wscanf allocates too little memory

Petar Jovanovic (1):
      mips: Do not use jal to reach __libc_start_main

Pravin Satpute (2):
      New locale ce_RU (BZ #17192)
      New locale raj_IN (#16857)

Rajalakshmi Srinivasaraghavan (3):
      powerpc: strtok{_r} optimization for powerpc64
      powerpc: POWER7 strcpy optimization for unaligned strings
      powerpc: Optimize POWER7 strcmp trailing checks

Rasmus Villemoes (1):
      Fix prototype of eventfd.

Renlin Li (1):
      [AArch64] End frame record chain correctly.

Richard Earnshaw (5):
      [AArch64] Add optimized strchrnul.
      [AArch64] Fix strchrnul clobbering v15
      * string/stpcpy.c (__stpcpy): Rewrite using strlen and memcpy.
      AArch64 optimized implementation of strrchr.
      AArch64: Optimized implementations of strcpy and stpcpy.

Richard Henderson (2):
      alpha: Fix soft-fp breakage
      Add -Wno-trampolines as needed

Roland McGrath (62):
      Move findidx nested functions to top-level.
      Don't use a nested function in rpmatch.
      Minor cleanup in ld-ctype.c
      Minor cleanup in locale.c
      Remove unnecessarily nested function in do_lookup_unique.
      BZ#17460: Fix buffer overrun in nscd --help.
      Remove sysdeps/arm/soft-fp directory.
      Fix NPTL build error when missing __NR_set_robust_list.
      NPTL: Conditionalize more uses of SIGCANCEL and SIGSETXID.
      NPTL: Conditionalize direct futex syscall uses.
      NPTL: Clean up THREAD_SYSINFO macros.
      Remove obsolete TLS_DEFINE_INIT_TP fallback.
      Make internal lock-init macros return void.
      NPTL: Add some missing #include's
      NPTL: Clean up gratuitous Linuxism in libpthread.so entry point.
      Tiny refactoring in fts to eliminate a warning.
      Avoid local PLT reference in __nptl_main.
      ARM: Use movw/movt more when available
      Rework some nscd code not to use variable-length struct types.
      Prototypify htonl and htons definitions.
      Rework compiler version check in configure.
      Clean up wchar_t conversion code in iconv program.
      Clean up internal ctype.h header.
      BZ#17496: Fix gnu/lib-names.h dependency.
      NPTL: Move __libc_multiple_threads_ptr defn to nptl-init.c
      Remove sigvec.
      NPTL: Refactor createthread.c
      NPTL: Move Linux-specific createthread.c to sysdeps.
      NPTL: Add stub createthread.c
      Test that pthread_create diagnoses invalid scheduling parameters.
      NPTL: Don't (re)validate sched_priority in pthread_create.
      NPTL: Refactor scheduler setup in pthread_create.
      NPTL: Conditionalize asynchronous cancellation support on [SIGCANCEL].
      NPTL: Use __libc_fatal in unwind.c.
      NPTL: Fix pthread_create regression from default-sched.h refactoring.
      De-warning a few stubs.
      Fix -Wformat-security warnings in posix/regexbug1.c
      Eliminate -Wno-format from printf/scanf tests.
      Suppress -Wformat-security in tst-error1.c.
      Refactor shm_{open,unlink} code to separate Linux-specific directory choice from POSIX-generic code.
      Fix NPTL build for !__ASSUME_SET_ROBUST_LIST case.
      NPTL: Add stubs for Linux-only extension functions.
      NPTL: Refactor named semaphore code to use shm-directory.h
      Use pragmas rather than makefiles for necessary options for unwind code.
      Revert "Use pragmas rather than makefiles for necessary options for unwind code."
      Use PTR_MANGLE on libgcc unwinder function pointers.
      Remove explicit inline on malloc perturb functions.
      Fix stub __if_freenameindex build error.
      NPTL: Remove gratuitous Linuxisms from gai_misc.h.
      NPTL: Move fork state variables to initializer files.
      ARM: Consolidate with generic unwinder wrapper code
      NPTL: Refactor cpu_set_t validation to be sysdeps-controlled
      Add stub sys/procfs.h file
      NPTL: Fixed missed conditionalization of setxid hooey.
      NPTL: Fix generic pthread_sigmask.
      Fix copyright year on new stub sys/procfs.h file.
      Clean up allocrtsig code.
      Some #include cleanup in aio/timer code.
      Fix shm-directory.h #include.
      Remove some references to bcopy/bcmp/bzero.
      Add missing libc_hidden_def to stub getrlimit64.
      Add missing libc_hidden_weak to stub if_nameindex, if_freenameindex.

Ryan Cumming (1):
      Define CLOCK_TAI on Linux (bug 17608)

Samuel Thibault (1):
      hurd: Fix dlopening libraries from static programs

Siddhesh Poyarekar (53):
      Return failure in getnetgrent only when all netgroups have been searched (#17363)
      Enhance tst-xmmymm.sh to detect zmm register usage in ld.so (BZ #16194)
      Fix typo in macro names in sysconf.c
      Add correct variable names for _POSIX_IPV6 and _POSIX_RAW_SOCKETS
      Revert to defining __extern_inline only for gcc-4.3+ (BZ #17266)
      Add NEWS entry for previous commit
      Fix memory leak in error path of do_ftell_wide (BZ #17370)
      Make __extern_always_inline usable on clang++ again
      Assume that all _[PS]C_* and _CS_* macros are always defined
      Include .interp section only for libc.so
      Remove CFLAGS for interp.c
      Fix infinite loop in check_pf (BZ #12926)
      Fix up incorrect formatting in last commit
      Fix stack alignment when loader is invoked directly
      Use GOT instead of GOT12 all over
      Add new macro IN_MODULE to identify module in which source is built
      Fix -Wundef warning in SHLIB_COMPAT
      Auto-generate libc-modules.h
      Use MODULE_NAME in stap-probe instead of IN_LIB
      Remove IN_LIB
      Define IN_MODULE for translation units that define NOT_IN_libc
      Remove IS_IN_libc
      Remove IS_IN_ldconfig
      Remove IS_IN_nscd
      Remove IS_IN_libdl
      Remove IS_IN_librt
      Remove IS_IN_libpthread
      Remove IS_IN_libm
      Remove IS_IN_rtld
      Remove last place for definition of IS_IN_* macros
      Remove NOT_IN_libc
      Use IS_IN internally only
      Don't use __warn_memset_zero_len for gcc-5.0 or newer
      Update NEWS for previous two commits
      ftell: seek to end only when there are unflushed bytes (BZ #17647)
      tst-ftell-active-handler: Open file with O_TRUNC for w modes
      Reset cached offset when reading to end of stream (BZ #17653)
      Fix up function definition style
      Fix date in ChangeLog
      Fix another typo in the ChangeLog
      Fix 'array subscript is above array bounds' warning in res_send.c
      Fix the 'array subscript is above array bounds' warning correctly
      Remove Wundef warnings for specification macros
      Add _POSIX namespace SYSCONF macros to posix-conf-vars.list
      Use posix-conf-vars.list to generate spec array
      Make type for spec variable size as size_t
      Use one-dimension arrays in gen-posix-conf-vars.awk
      Remove uses of sprintf in gen-posix-conf-vars.awk
      Fix typo in ChangeLog
      [s390] Define a __tls_get_addr macro to avoid declaring it again
      Initialize nscd stats data [BZ #17892]
      Fix up ChangeLog formatting

Stefan Liebler (13):
      S/390: Get rid of warning: the comparision will always evaluate as false.
      S/390: Get rid of warning unused variable in dl-machine.h.
      S/390: Add SystemTap probes to longjmp and setjmp.
      S/390: dl-machine.h: Use numbered labels in inline assembly.
      Add missing include of libc-internal.h.
      S/390: Get rid of assembler warning value truncated.
      Get rid of warning inlining failed in call to maybe_swap_uint32
      Get rid of warning comparision will always evaluate as true
      resolv: Suppress maybe uninitialized warning
      Get rid of format warning in tst-widetext.c.
      Get rid of format warning in bug-vfprintf-nargs.c.
      S390: Get rid of linknamespace failures for string functions.
      S390: Get rid of linknamespace failures for utmp functions.

Steve Ellcey (19):
      Modify ABI tests in MIPS preconfigure.
      Put mips preconfigure code inside mips* case statement.
      * sysdeps/mips/strcmp.S: New.
      Remove extra whitespace from end of line.
      2014-12-10  Steve Ellcey  <sellcey@imgtec.com>
      2014-12-11  Steve Ellcey  <sellcey@imgtec.com>
      * sysdeps/mips/dl-trampoline.c: Modify switch expression to have
      2014-12-17  Steve Ellcey  <sellcey@imgtec.com>
      2014-12-19  Steve Ellcey  <sellcey@imgtec.com>
      2014-12-19  Steve Ellcey  <sellcey@imgtec.com>
      Remove trailing white space.
      Add missing ChangeLog entries from Friday (Dec 19, 2014).
      Remove trailing whitespace.
      2014-12-22  Steve Ellcey  <sellcey@imgtec.com>
      Fix preprocessor indentation in sysdeps/mips/memcpy.S.
      2015-01-05  Steve Ellcey  <sellcey@imgtec.com>
      2015-01-05  Steve Ellcey  <sellcey@imgtec.com>
      2015-01-05  Steve Ellcey  <sellcey@imgtec.com>
      Merge branch 'master' of ssh://sourceware.org/git/glibc

Tatiana Udalova (1):
      New Bhilodi and Tulu locales (BZ #17475)

Tim Lammens (1):
      Fix memory leak in libio/wfileops.c do_ftell_wide [BZ #17370]

Tom de Vries (1):
      Fix crossreference to nonexistent node BSD Handler

Torvald Riegel (24):
      pthread_once: Clean up constants.
      pthread_once: Add fast path and remove x86 variants.
      Fix SPARC atomic_write_barrier.
      powerpc: Change atomic_write_barrier to have release semantics.
      Add arch-specific configuration for C11 atomics support.
      Add atomic operations similar to those provided by C11.
      Add tests for C11-like atomic operations.
      Use C11 atomics in pthread_once.
      microblaze: 64b atomic operations are not supported.
      Fix synchronization of TPP min/max priorities.
      Remove custom pthread_once implementation on sh.
      Remove custom pthread_once implementation on s390.
      Fix nptl/tst-mutex5.c: Do not skip tests if elision is enabled.
      Fix nptl/tst-sem4: always start with a fresh semaphore.
      Add comments for the generic lowlevellock implementation.
      Fix warning in elf/tst-unique4lib.cc.
      Fix warning in misc/tst-mntent2.c.
      Ignore warning in string/tester.c.
      sh: Remove custom lowlevellock, barrier, condvar, and rwlock implementations.
      Use generic lowlevellock-futex.h in x86_64 lowlevellock.h.
      i386: Move futex functions from lowlevellock.h to lowlevellock-futex.h.
      MicroBlaze: Remove custom pthread_once implementation on microblaze.
      MicroBlaze: Remove custom lowlevellock.h.
      Fix wake-up in sysdeps/nptl/fork.c.

Vladimir A. Nazarenko (1):
      Fix incorrect mount table entry parsing in __getmntent_r

Wilco Dijkstra (18):
      Remove spaces.
      Remove an unused include.
      Cleanup fesetexceptflag to use the same logic as the ARM version. No functional changes.
      Cleanup feclearexcept to use the same logic as the ARM version. No functional changes.
      Cleanup fedisableexcept to use the same logic as the ARM version. No functional changes.
      Cleanup feenableexcept to use the same logic as the ARM version. No functional changes.
      Call get_rounding_mode rather than duplicating functionality.
      Call libc_feholdexcept_aarch64 from math_private.h rather than duplicating functionality.
      Call libc_fetestexcept_aarch64 from math_private.h rather than duplicating functionality.
      This patch improves strcat performance by using strlen and strcpy. Strlen has a fast C
      This patch improves strncat performance by using strlen. Strlen has a fast C implementation, so
      Improve strcpy performance.
      Improve performance of strncpy.
      Fix typo.
      Call libc_fesetround_aarch64.
      Call libc_fetestexcept_aarch64.
      Optimize to reduce FPCR/FPSR accesses.
      Optimize to avoid an unnecessary FPCR read.

Will Newton (10):
      ARM: Don't define _SYS_AUXV_H in sysdep.h
      Allow cross-building of tests
      stdlib/tst-strtod-round.c: Fix build on ARM
      benchtests: Add malloc microbenchmark
      AArch64: Update relocations for ILP32
      AArch64: Use ELF macros rather than Elf64 throughout
      intl: Merge with gettext version 0.19.3
      Bump required version of texinfo to 4.7
      Require bison 2.7 or newer for regenerating intl/plural.y
      ARM: Remove configure check for binutils 2.21 for ARMv7

Comment 7 fengtiantian 2015-05-27 09:54:49 UTC
I met the same error when I use python programs, and a thread spinning here:
#0  0x00007ff4ae826dd0 in __recvmsg_nocancel () from /lib64/libc.so.6
#1  0x00007ff4ae848891 in make_request () from /lib64/libc.so.6
#2  0x00007ff4ae848daa in __check_pf () from /lib64/libc.so.6
#3  0x00007ff4ae811a23 in getaddrinfo () from /lib64/libc.so.6
#4  0x00007ff4ad919fd1 in setipaddr () from /usr/lib64/python2.6/lib-dynload/_socket.so
#5  0x00007ff4ad91abdf in getsockaddrarg () from /usr/lib64/python2.6/lib-dynload/_socket.so
#6  0x00007ff4ad91b086 in sock_sendto () from /usr/lib64/python2.6/lib-dynload/_socket.so

the OS is suse 11 SP3 ,kernel 3.0.93.and the glibc version is glibc-2.11.3-17.82.11, which have emerge the patch make-request-loop.patch

  1 2014-10-14  Paul Pluzhnikov  <ppluzhnikov@google.com>
  3     [BZ #12926]
  4     * sysdeps/unix/sysv/linux/check_pf.c (make_request): Avoid
  5     infinite loop when __recvmsg returns 0.
  7 Index: glibc-2.11.3/sysdeps/unix/sysv/linux/check_pf.c
  8 ===================================================================
  9 --- glibc-2.11.3.orig/sysdeps/unix/sysv/linux/check_pf.c
 10 +++ glibc-2.11.3/sysdeps/unix/sysv/linux/check_pf.c
 11 @@ -219,7 +219,7 @@ make_request (int fd, pid_t pid, bool *s
 12     };
 14        ssize_t read_len = TEMP_FAILURE_RETRY (__recvmsg (fd, &msg, 0));
 15 -      if (read_len < 0)
 16 +      if (read_len <= 0)
 17     goto out_fail;
 19        if (msg.msg_flags & MSG_TRUN 

So I think the patch do not fix my bug.

I do not understand ,in make_request function, while it use the (__recvmsg (fd, &msg, 0),the blocking mode , and do not set the timeout. If the kernel not send the NLMSG_DONE message, the __recvmsg will hung a long time.

I am not sur this is a kernel bug or glibc bug,if glibc think the kernel not send the NLMSG_DONE message is a bug ?  I see in kernel source, some exception branch is will not send the NLMSG_DONE .

can glibc  use the MSG_DONTWAIT flag to receive the message? If not receive the message, return false?
Comment 8 James E. King, III 2015-05-27 11:29:03 UTC
So we originally believed that we had seen this as well which is why I found and re-posted this patch.  This patch is still correct, if you examine the man page for recv a zero response is possible and was not properly handled.  Recommend you examine https://sourceware.org/bugzilla/show_bug.cgi?id=15946 and see if that is the root cause of your issue.  In that defect a file descriptor is not handled properly by glibc and that turned out to be the root cause of the issue.  Since we pulled in that specific patch we have not seed the check_pf hang again and we were able to reproduce it rather easily before.  If the other issue resolves this, please post here letting us know so we can re-resolve this.
Comment 9 Florian Weimer 2015-10-16 20:35:30 UTC
There are several other places which use < 0 instead of <= 0, so commit fda389c8f0311dd5786be91a7b54b9f935fcafa1 may be incomplete.  I will also get clarification if netlink responses from the kernel can get lost.

We might also simplify the netlink processing logic a bit because kernel messages can no longer be spoofed due to this kernel fix:

Comment 10 Florian Weimer 2015-10-19 11:46:53 UTC
(In reply to James E. King, III from comment #8)
> If the other issue resolves this, please post here letting us know
> so we can re-resolve this.

Netlink is a best-effort transport just like UDP, so messages can get lost.  We need to add timeout-and-retry loops to the Netlink interfaces (and consolidate them to a single implementation).
Comment 11 Carlos O'Donell 2015-10-21 14:11:30 UTC
(In reply to Florian Weimer from comment #9)
> There are several other places which use < 0 instead of <= 0, so commit
> fda389c8f0311dd5786be91a7b54b9f935fcafa1 may be incomplete.  I will also get
> clarification if netlink responses from the kernel can get lost.
> We might also simplify the netlink processing logic a bit because kernel
> messages can no longer be spoofed due to this kernel fix:
> http://marc.info/?l=linux-netdev&m=134572386125610

How can we assume all supported kernels from 2.6.32 and up are not vulnerable? AFAIK glibc has to be defensive in this case.
Comment 12 James E. King, III 2015-10-21 14:17:41 UTC
The issue I originally experienced was causes by defect 15946, however I still believe that since the interface documentation for "recvmsg" clearly states that 0 is a valid return for a disconnection then the glibc code must honor that even if the kernel is not expected to use it.  The kernel might change because the interface documentation says that it can, and a future kernel change might then break things in glibc, where glibc would enter an infinite loop.  So even if we never expect 0 to come back from recvmsg on the NETLINK socket, we still need to code for it because it is a valid response.
Comment 13 Florian Weimer 2015-10-21 14:21:54 UTC
(In reply to Carlos O'Donell from comment #11)

> How can we assume all supported kernels from 2.6.32 and up are not
> vulnerable? AFAIK glibc has to be defensive in this case.

We could probably make an exception here.  In general, I really dislike the idea of working around kernel security bugs, but this might be an exception.  (Although there are likely corner cases the libc check won't cover.)
Comment 14 Carlos O'Donell 2015-10-21 15:28:05 UTC
(In reply to Florian Weimer from comment #13)
> (In reply to Carlos O'Donell from comment #11)
> > How can we assume all supported kernels from 2.6.32 and up are not
> > vulnerable? AFAIK glibc has to be defensive in this case.
> We could probably make an exception here.  In general, I really dislike the
> idea of working around kernel security bugs, but this might be an exception.
> (Although there are likely corner cases the libc check won't cover.)

We can conditionlize the code on upstream kernel version with the fix, similar to the way we conditionalize with interface availability and eventually remove the code when the minimum kernel version is new enough.

I don't like it either, but it is a fact of developing on a library with a wide range of supported kernel versions.
Comment 15 jsm-csl@polyomino.org.uk 2015-10-21 16:01:23 UTC
Note that when 2.6.32 ceases to be maintained 
(<https://www.kernel.org/category/releases.html> still says "Mid-2015") I 
intend to propose moving to 3.2 as minimum kernel version, though it seems 
that still predates the kernel fix in question.
Comment 16 Florian Weimer 2015-10-23 20:08:26 UTC
Revised patch posted: https://sourceware.org/ml/libc-alpha/2015-10/msg00865.html
Comment 17 Sourceware Commits 2015-11-09 11:50:09 UTC
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  2eecc8afd02d8c65cf098cbae4de87f332dc21bd (commit)
      from  f3d18efb8a720121066dc3401e822043beb98cde (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------

commit 2eecc8afd02d8c65cf098cbae4de87f332dc21bd
Author: Florian Weimer <fweimer@redhat.com>
Date:   Mon Nov 9 12:48:41 2015 +0100

    Terminate process on invalid netlink response from kernel [BZ #12926]
    The recvmsg system calls for netlink sockets have been particularly
    prone to picking up unrelated data after a file descriptor race
    (where the descriptor is closed and reopened concurrently in a
    multi-threaded process, as the result of a file descriptor
    management issue elsewhere).  This commit adds additional error
    checking and aborts the process if a datagram of unexpected length
    (without the netlink header) is received, or an error code which
    cannot happen due to the way the netlink socket is used.
    	[BZ #12926]
    	Terminate process on invalid netlink response.
    	* sysdeps/unix/sysv/linux/netlinkaccess.h
    	(__netlink_assert_response): Declare.
    	* sysdeps/unix/sysv/linux/netlink_assert_response.c: New file.
    	* sysdeps/unix/sysv/linux/Makefile [$(subdir) == inet]
    	(sysdep_routines): Add netlink_assert_response.
    	* sysdeps/unix/sysv/linux/check_native.c (__check_native): Call
    	* sysdeps/unix/sysv/linux/check_pf.c (make_request): Likewise.
    	* sysdeps/unix/sysv/linux/ifaddrs.c (__netlink_request): Likewise.
    	* sysdeps/unix/sysv/linux/Versions (GLIBC_PRIVATE): Add


Summary of changes:
 ChangeLog                                         |   16 +++
 NEWS                                              |    8 ++
 sysdeps/unix/sysv/linux/Makefile                  |    1 +
 sysdeps/unix/sysv/linux/Versions                  |    2 +
 sysdeps/unix/sysv/linux/check_native.c            |    2 +
 sysdeps/unix/sysv/linux/check_pf.c                |    4 +-
 sysdeps/unix/sysv/linux/ifaddrs.c                 |    1 +
 sysdeps/unix/sysv/linux/netlink_assert_response.c |  106 +++++++++++++++++++++
 sysdeps/unix/sysv/linux/netlinkaccess.h           |    6 +
 9 files changed, 145 insertions(+), 1 deletions(-)
 create mode 100644 sysdeps/unix/sysv/linux/netlink_assert_response.c
Comment 18 Florian Weimer 2015-11-09 11:53:55 UTC
“Fixed” again for 2.23.  The fix just adds better diagnostics.

This is not a security bug because it is not really a glibc bug, and we do not have evidence of a kernel bug.  It is either an application bug (see comment #1) or another glibc bug already treated as a security bug (see comment #12).
Comment 19 Sourceware Commits 2016-02-18 18:10:27 UTC
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The annotated tag, glibc-2.23 has been created
        at  10ed3a0ffbb43ce0b0739da4addc747733be5e63 (tag)
   tagging  ab30899d880f9741a409cbc0d7a28399bdac21bf (commit)
  replaces  glibc-2.22
 tagged by  Adhemerval Zanella
        on  Thu Feb 18 16:04:58 2016 -0200

- Log -----------------------------------------------------------------
The GNU C Library

The GNU C Library version 2.23 is now available.

The GNU C Library is used as *the* C library in the GNU system and
in GNU/Linux systems, as well as many other systems that use Linux
as the kernel.

The GNU C Library is primarily designed to be a portable
and high performance C library.  It follows all relevant
standards including ISO C11 and POSIX.1-2008.  It is also
internationalized and has one of the most complete
internationalization interfaces known.

The GNU C Library webpage is at http://www.gnu.org/software/libc/

Packages for the 2.23 release may be downloaded from:

The mirror list is at http://www.gnu.org/order/ftp.html

NEWS for version 2.23

* Unicode 8.0.0 Support: Character encoding, character type info, and
  transliteration tables are all updated to Unicode 8.0.0, using new
  and/or improved generator scripts contributed by Mike FABIAN (Red Hat).
  These updates cause user visible changes, such as the fixes for bugs
  89, 16061, and 18568.

* sched_setaffinity, pthread_setaffinity_np no longer attempt to guess the
  kernel-internal CPU set size.  This means that requests that change the
  CPU affinity which failed before (for example, an all-ones CPU mask) will
  now succeed.  Applications that need to determine the effective CPU
  affinities need to call sched_getaffinity or pthread_getaffinity_np after
  setting it because the kernel can adjust it (and the previous size check
  would not detect this in the majority of cases).

* The fts.h header can now be used with -D_FILE_OFFSET_BITS=64.  With LFS
  the following new symbols are used: fts64_children, fts64_close,
  fts64_open, fts64_read and fts64_set.

* getaddrinfo now detects certain invalid responses on an internal netlink
  socket.  If such responses are received, an affected process will
  terminate with an error message of "Unexpected error <number> on netlink
  descriptor <number>" or "Unexpected netlink response of size <number> on
  descriptor <number>".  The most likely cause for these errors is a
  multi-threaded application which erroneously closes and reuses the netlink
  file descriptor while it is used by getaddrinfo.

* A defect in the malloc implementation, present since glibc 2.15 (2012) or
  glibc 2.10 via --enable-experimental-malloc (2009), could result in the
  unnecessary serialization of memory allocation requests across threads.
  The defect is now corrected.  Users should see a substantial increase in
  the concurent throughput of allocation requests for applications which
  trigger this bug.  Affected applications typically create create and
  destroy threads frequently.  (Bug 19048 was reported and analyzed by

* There is now a --disable-timezone-tools configure option for disabling the
  building and installing of the timezone related utilities (zic, zdump, and
  tzselect).  This is useful for people who build the timezone data and code
  independent of the GNU C Library.

* The obsolete header <regexp.h> has been removed.  Programs that require
  this header must be updated to use <regex.h> instead.

* The obsolete functions bdflush, create_module, get_kernel_syms,
  query_module and uselib are no longer available to newly linked binaries;
  the header <sys/kdaemon.h> has been removed.  These functions and header
  were specific to systems using the Linux kernel and could not usefully be
  used with the GNU C Library on systems with version 2.6 or later of the
  Linux kernel.

* Optimized string, wcsmbs and memory functions for IBM z13.
  Implemented by Stefan Liebler.

* Newly linked programs that define a variable called signgam will no longer
  have it set by the lgamma, lgammaf and lgammal functions.  Programs that
  require signgam to be set by those functions must ensure that they use the
  variable provided by the GNU C Library and declared in <math.h>, without
  defining their own copy.

* The minimum GCC version that can be used to build this version of the GNU
  C Library is GCC 4.7.  Older GCC versions, and non-GNU compilers, can
  still be used to compile programs using the GNU C Library.

Security related changes:

* An out-of-bounds value in a broken-out struct tm argument to strftime no
  longer causes a crash.  Reported by Adam Nielsen.  (CVE-2015-8776)

* The LD_POINTER_GUARD environment variable can no longer be used to disable
  the pointer guard feature.  It is always enabled.  Previously,
  LD_POINTER_GUARD could be used to disable security hardening in binaries
  running in privileged AT_SECURE mode.  Reported by Hector Marco-Gisbert.

* An integer overflow in hcreate and hcreate_r could lead to an
  out-of-bounds memory access.  Reported by Szabolcs Nagy.  (CVE-2015-8778)

* The catopen function no longer has unbounded stack usage.  Reported by
  Max.  (CVE-2015-8779)

* The nan, nanf and nanl functions no longer have unbounded stack usage
  depending on the length of the string passed as an argument to the
  functions.  Reported by Joseph Myers.  (CVE-2014-9761)

* A stack-based buffer overflow was found in libresolv when invoked from
  libnss_dns, allowing specially crafted DNS responses to seize control
  of execution flow in the DNS client.  The buffer overflow occurs in
  the functions send_dg (send datagram) and send_vc (send TCP) for the
  NSS module libnss_dns.so.2 when calling getaddrinfo with AF_UNSPEC
  family.  The use of AF_UNSPEC triggers the low-level resolver code to
  send out two parallel queries for A and AAAA.  A mismanagement of the
  buffers used for those queries could result in the response of a query
  writing beyond the alloca allocated buffer created by
  _nss_dns_gethostbyname4_r.  Buffer management is simplified to remove
  the overflow.  Thanks to the Google Security Team and Red Hat for
  reporting the security impact of this issue, and Robert Holiday of
  Ciena for reporting the related bug 18665. (CVE-2015-7547)

The following bugs are resolved with this release:

  [89] localedata: Locales nb_NO and nn_NO should transliterate æøå
  [887] math: Math library function "logb" and "nextafter" inconsistent
  [2542] math: Incorrect return from float gamma (-0X1.FA471547C2FE5P+1)
  [2543] math: Incorrect return from float gamma (-0X1.9260DCP+1)
  [2558] math: Incorrect return from double gamma (-0X1.FA471547C2FE5P+1)
  [2898] libc: [improve]  warning: the use  of `mktemp' is dangerous, better
    use `mkstemp'
  [4404] localedata: German translation of "Alarm clock" is misleading
  [6799] math: nextafter() and nexttoward() doen't set errno on
    overflow/underflow errors
  [6803] math: scalb(), scalbln(), scalbn() do not set errno on
  [10432] nis: _nss_nis_setnetgrent assertion failure
  [11460] libc: fts has no LFS support
  [12926] network: getaddrinfo()/make_request() may spin forever
  [13065] nptl: Race condition in pthread barriers
  [13690] nptl: pthread_mutex_unlock potentially cause invalid access
  [14341] dynamic-link: Dynamic linker crash when DT_JMPREL and DT_REL{,A}
    are not contiguous
  [14551] math: [ldbl-128ibm] strtold overflow handling for IBM long double
  [14912] libc: Rename non-installed bits/*.h headers
  [15002] libc: Avoid undefined behavior in posix_fallocate overflow check
  [15367] math: Let gcc use __builtin_isinf
  [15384] math: One constant fewer in ieee754/dbl-64/wordsize-64/s_finite.c
  [15421] math: lgamma wrongly sets signgam for ISO C
  [15470] math: [arm] On ARM llrintl() and llroundl() do not raise
    FE_INVALID with argument out of range
  [15491] math: [i386/x86_64] x86 nearbyint implementations wrongly clear
    all exceptions
  [15786] dynamic-link: ifunc resolver functions can smash function
  [15918] math: Unnecessary check for equality in hypotf()
  [16061] localedata: Review / update transliteration data
  [16068] math: [i386/x86_64] x86 and x86_64 fesetenv exclude state they
    should include
  [16141] time: strptime %z offset restriction
  [16171] math: drem should be alias of remainder
  [16296] math: fegetround is pure?
  [16347] math: [ldbl-128ibm] ldbl-128/e_lgammal_r.c may not be suitable.
  [16364] libc: sleep may leave SIGCHLD blocked on sync cancellation on
  [16399] math: [mips] lrint / llrint / lround / llround missing exceptions
  [16415] math: Clean up ldbl-128 / ldbl-128ibm expm1l for large positive
  [16422] math: [powerpc] math-float, math-double failing llrint tests with
    "Exception "Inexact" set" on ppc32
  [16495] localedata: nl_NL: date_fmt: shuffle year/month around
  [16517] math: Missing underflow exception from tanf/tan/tanl
  [16519] math: Missing underflow exception from sinhf
  [16520] math: Missing underflow exception from tanhf
  [16521] math: Missing underflow exception from exp2
  [16620] math: [ldbl-128ibm] exp10l spurious overflows / bad directed
    rounding results
  [16734] stdio: fopen calls mmap to allocate its buffer
  [16961] math: nan function incorrect handling of bad sequences
  [16962] math: nan function unbounded stack allocation (CVE-2014-9761)
  [16973] localedata: Fix lang_lib/lang_term as per ISO 639-2
  [16985] locale: localedef: confusing error message when opening output
  [17118] math: ctanh(INFINITY + 2 * I) returns incorrect value
  [17197] locale: Redundant shift character in iconv conversion output at
    block boundary
  [17243] libc: trunk/posix/execl.c:53: va_args problem ?
  [17244] libc: trunk/sysdeps/unix/sysv/linux/semctl.c:116: va_args muxup ?
  [17250] dynamic-link: static linking breaks nss loading
  [17404] libc: atomic_exchange_rel lacking a barrier on MIPS16, GCC before
  [17441] math: isnan() should use __builtin_isnan() in GCC
  [17514] nptl: Assert failure unlocking ERRORCHECK mutex after timedlock
    (related to lock elision)
  [17787] manual: Exponent on page 324 of the PDF ends prematurely
  [17886] time: strptime should be able to parse "Z" as a timezone with %z
  [17887] time: strptime should be able to parse "+01:00" style timezones
  [17905] libc: catopen() Multiple unbounded stack allocations
  [18084] libc: backtrace (..., 0) dumps core on x86
  [18086] libc: nice() sets errno to 0 on success
  [18240] libc: hcreate, hcreate_r should fail with ENOMEM if element count
    is too large (CVE-2015-8778)
  [18251] dynamic-link: SONAME missing when audit modules provides path
  [18265] libc: add attributes for wchar string and memory functions
  [18370] math: csqrt missing underflows
  [18421] libc: [hppa] read-only segment has dynamic relocations
  [18472] libc: Obsolete syscall wrappers should be compat symbols
  [18480] libc: hppa glibc miscompilation in sched_setaffinity()
  [18491] localedata: Update tr_TR LC_CTYPE as part of Unicode updates
  [18525] localedata: Remove locale timezone information
  [18560] libc: [powerpc] spurious bits/ipc.h definitions
  [18568] localedata: Update locale data to Unicode 8.0
  [18589] locale: sort-test.sh fails at random
  [18595] math: ctan, ctanh missing underflows
  [18604] libc: assert macro-expands its argument
  [18610] math: S390: fetestexcept() reports any exception if DXC-code
    contains a vector instruction exception.
  [18611] math: j1, jn missing errno setting on underflow
  [18618] localedata: sync Chechen locale definitions with other *_RU
  [18647] math: powf(-0x1.000002p0, 0x1p30) returns 0 instead of +inf
  [18661] libc: Some x86-64 assembly codes don't align stack to 16 bytes
  [18665] network: In send_dg, the recvfrom function is NOT always using the
    buffer size of a newly created buffer (CVE-2015-7547)
  [18674] libc: [i386] trunk/sysdeps/i386/tst-auditmod3b.c:84: possible
    missing break ?
  [18675] libc: fpathconf(_PC_NAME_MAX) fails against large filesystems for
    32bit processes
  [18681] libc: regexp.h is obsolete and buggy, and should be desupported
  [18699] math: tilegx cproj() for various complex infinities does not yield
  [18724] libc: Harden put*ent functions against data injection
  [18743] nptl: PowerPC: findutils testcase fails with --enable-lock-elision
  [18755] build: build errors with -DNDEBUG
  [18757] stdio: fmemopen fails to set errno on failure
  [18778] dynamic-link: ld.so crashes if failed dlopen causes libpthread to
    be forced unloaded
  [18781] libc: openat64 lacks O_LARGEFILE
  [18787] libc: [hppa] sysdeps/unix/sysv/linux/hppa/bits/atomic.h:71:6:
    error: can’t find a register in class ‘R1_REGS’ while reloading ‘asm’
  [18789] math: [ldbl-128ibm] sinhl inaccurate near 0
  [18790] math: [ldbl-128ibm] tanhl inaccurate
  [18795] libc: stpncpy fortification misses buffer lengths that are
    statically too large
  [18796] build: build fails for --disable-mathvec
  [18803] math: hypot missing underflows
  [18820] stdio: fmemopen may leak memory on failure
  [18823] math: csqrt spurious underflows
  [18824] math: fma spurious underflows
  [18825] math: pow missing underflows
  [18857] math: [ldbl-128ibm] nearbyintl wrongly uses signaling comparisons
  [18868] nptl: pthread_barrier_init typo has in-theory-undefined behavior
  [18870] build: sem_open.c fails to compile with missing symbol
  [18872] stdio: Fix memory leak in printf_positional
  [18873] libc: posix_fallocate overflow check ineffective
  [18875] math: Excess precision leads incorrect libm
  [18877] libc: arm: mmap offset regression
  [18887] libc: memory corruption when using getmntent on blank lines
  [18918] localedata: hu_HU: change time to HH:MM:SS format
  [18921] libc: Regression: extraneous stat() and fstat() performed by
  [18928] dynamic-link: LD_POINTER_GUARD is not ignored for privileged
    binaries (CVE-2015-8777)
  [18951] math: tgamma missing underflows
  [18952] math: [ldbl-128/ldbl-128ibm] lgammal spurious "invalid", incorrect
  [18953] localedata: lt_LT: change currency symbol to the euro
  [18956] math: powf inaccuracy
  [18961] math: [i386] exp missing underflows
  [18966] math: [i386] exp10 missing underflows
  [18967] math: math.h XSI POSIX namespace (gamma, isnan, scalb)
  [18969] build: multiple string test failures due to missing locale
  [18970] libc: Reference of pthread_setcancelstate in libc.a
  [18977] math: float / long double Bessel functions not in XSI POSIX
  [18980] math: i386 libm functions return with excess range and precision
  [18981] math: i386 scalb*, ldexp return with excess range and precision
  [18982] stdio: va_list and vprintf
  [18985] time: Passing out of range data to strftime() causes a segfault
  [19003] math: [x86_64] fma4 version of pow inappropriate contraction
  [19007] libc: FAIL: elf/check-localplt with -z now and binutils 2.26
  [19012] locale: iconv_open leaks memory on error path
  [19016] math: clog, clog10 inaccuracy
  [19018] nptl: Mangle function pointers in tls_dtor_list
  [19032] math: [i386] acosh (-qNaN) spurious "invalid" exception
  [19046] math: ldbl-128 / ldbl-128ibm lgamma bad overflow handling
  [19048] malloc: malloc: arena free list can become cyclic, increasing
  [19049] math: [powerpc] erfc incorrect zero sign
  [19050] math: [powerpc] log* incorrect zero sign
  [19058] math: [x86_64] Link fail with -fopenmp and -flto
  [19059] math: nexttoward overflow incorrect in non-default rounding modes
  [19071] math: ldbl-96 lroundl incorrect just below powers of 2
  [19074] network: Data race in _res_hconf_reorder_addrs
  [19076] math: [ldbl-128ibm] log1pl (-1) wrong sign of infinity
  [19077] math: [ldbl-128ibm] logl (1) incorrect sign of zero result
  [19078] math: [ldbl-128ibm] expl overflow incorrect in non-default
    rounding modes
  [19079] math: dbl-64/wordsize-64 lround based on llround incorrect for
  [19085] math: ldbl-128 lrintl, lroundl missing exceptions for 32-bit long
  [19086] manual: posix_fallocate64 documented argument order is wrong.
  [19088] math: lround, llround missing exceptions close to overflow
  [19094] math: lrint, llrint missing exceptions close to overflow threshold
  [19095] math: dbl-64 lrint incorrect for 64-bit long
  [19122] dynamic-link: Unnecessary PLT relocations in librtld.os
  [19124] dynamic-link: ld.so failed to build with older assmebler
  [19125] math: [powerpc32] llroundf, llround incorrect exceptions
  [19129] dynamic-link: [arm] Concurrent lazy TLSDESC resolution can crash
  [19134] math: [powerpc32] lround, lroundf spurious exceptions
  [19137] libc: i386/epoll_pwait.S doesn't support cancellation
  [19143] nptl: Remove CPU set size checking from sched_setaffinity,
  [19156] math: [ldbl-128] j0l spurious underflows
  [19164] nptl: tst-getcpu fails with many possible CPUs
  [19168] math: math/test-ildoubl and math/test-ldouble failure
  [19174] nptl: PowerPC: TLE enabled pthread mutex performs poorly.
  [19178] dynamic-link: ELF_RTYPE_CLASS_EXTERN_PROTECTED_DATA confuses
  [19181] math: [i386/x86_64] fesetenv (FE_DFL_ENV), fesetenv
    (FE_NOMASK_ENV) do not clear SSE exceptions
  [19182] malloc: malloc deadlock between ptmalloc_lock_all and
  [19189] math: [ldbl-128] log1pl (-qNaN) spurious "invalid" exception
  [19201] math: dbl-64 remainder incorrect sign of zero result
  [19205] math: bits/math-finite.h conditions do not match math.h and
  [19209] math: bits/math-finite.h wrongly maps ldexp to scalbn
  [19211] math: lgamma functions do not set signgam for -ffinite-math-only
    for C99-based standards
  [19212] libc: features.h not -Wundef clean
  [19213] math: [i386/x86_64] log* (1) incorrect zero sign for -ffinite-
  [19214] libc: Family and model identification for AMD CPU's are incorrect.
  [19219] libc: GLIBC build fails for ia64 with missing __nearbyintl
  [19228] math: [powerpc] nearbyint wrongly clears "inexact", leaves traps
  [19235] math: [powerpc64] lround, lroundf, llround, llroundf spurious
    "inexact" exceptions
  [19238] math: [powerpc] round, roundf spurious "inexact" for integer
  [19242] libc: strtol incorrect in Turkish locales
  [19243] malloc: reused_arena can pick an arena on the free list, leading
    to an assertion failure and reference count corruption
  [19253] time: tzset() ineffective when temporary TZ did not include DST
  [19266] math: strtod ("NAN(I)") incorrect in Turkish locales
  [19270] math: [hppa] Shared libm missing __isnanl
  [19285] libc: [hppa] sysdeps/unix/sysv/linux/hppa/bits/mman.h: missing
    MAP_HUGETLB and MAP_STACK defines
  [19313] nptl: Wrong __cpu_mask for x32
  [19347] libc: grantpt: try to force a specific gid even without pt_chown
  [19349] math: [ldbl-128ibm] tanhl inaccurate for small arguments
  [19350] math: [ldbl-128ibm] sinhl spurious overflows
  [19351] math: [ldbl-128ibm] logl inaccurate near 1
  [19363] time: x32: times() return value wrongly truncates/sign extends
    from 32bit
  [19367] dynamic-link: Improve branch prediction on Silvermont
  [19369] network: Default domain name not reset by res_ninit when "search"
    / "domain" entry is removed from resolv.conf
  [19375] math: powerpc: incorrect results for POWER7 logb with negative
  [19385] localedata: bg_BG: time separator should be colon, not comma
  [19408] libc: linux personality syscall wrapper may erroneously return an
    error on 32-bit architectures
  [19415] libc: dladdr returns wrong names on hppa
  [19432] libc: iconv rejects redundant escape sequences in IBM900, IBM903,
    IBM905, IBM907, and IBM909
  [19439] math: Unix98 isinf and isnan functions conflict with C++11
  [19443] build: build failures with -DDEBUG
  [19451] build: Make check fails on test-double-vlen2
  [19462] libc: Glibc failed to build with -Os
  [19465] math: Wrong code with -Os
  [19466] time: time/tst-mktime2.c is compiled into an infinite loop with
  [19467] string: Fast_Unaligned_Load needs to be enabled for Excavator core
  [19475] libc: Glibc 2.22 doesn't build on sparc [PATCH]
  [19486] math: S390: Math tests fail with "Exception Inexact set".
  [19529] libc: [ARM]: FAIL: stdlib/tst-makecontext
  [19550] libc: [mips] mmap negative offset handling inconsistent with other
  [19590] math: Fail to build shared objects that use libmvec.so functions.


This release was made possible by the contributions of many people.
The maintainers are grateful to everyone who has contributed
changes or bug reports.  These include:

Adhemerval Zanella
Alan Modra
Amit Pawar
Andreas Schwab
Andrew Bennett
Andrew Senkevich
Andrew Stubbs
Anton Blanchard
Arjun Shankar
Arslanbek Astemirov
Aurelien Jarno
Brett Neumeier
Carlos Eduardo Seo
Carlos O'Donell
Chris Metcalf
Chung-Lin Tang
Damyan Ivanov
Daniel Marjamäki
David Kastrup
David Lamparter
David S. Miller
Dmitry V. Levin
Egmont Koblinger
Flavio Cruz
Florian Weimer
Gabriel F. T. Gomes
Geoffrey Thomas
Gleb Fotengauer-Malinovskiy
Gunnar Hjalmarsson
H.J. Lu
Helge Deller
James Perkins
John David Anglin
Joseph Myers
Justus Winter
Khem Raj
Ludovic Courtès
Maciej W. Rozycki
Manolis Ragkousis
Marcin Kościelnicki
Mark Wielaard
Marko Myllynen
Martin Sebor
Maxim Ostapenko
Mike Frysinger
Namhyung Kim
Ondrej Bilka
Ondřej Bílka
Paul E. Murphy
Paul Eggert
Paul Murphy
Paul Pluzhnikov
Petar Jovanovic
Phil Blundell
Rajalakshmi Srinivasaraghavan
Rasmus Villemoes
Richard Henderson
Rob Wu
Roland McGrath
Samuel Thibault
Siddhesh Poyarekar
Stan Shebs
Stefan Liebler
Steve Ellcey
Szabolcs Nagy
Thomas Schwinge
Torvald Riegel
Tulio Magno Quites Machado Filho
Vincent Bernat
Wilco Dijkstra
Zack Weinberg
Version: GnuPG v1


Adhemerval Zanella (18):
      arm: Assembly implementation cleanup
      powerpc: Fix strstr/power7 build
      powerpc: Fix strnlen/power7 build
      powerpc: Use default strcpy optimization for POWER7
      powerpc: Fix PPC64/POWER7 conform tests
      Fix wordsize-32 mmap offset for negative value (BZ#18877)
      Mark lseek/llseek as non-cancellable
      nptl: Add NPTL cases for cancellation failures cases
      Cleanup sync_file_range implementation
      Fix nearbyintl linkage for ia64 (bug 19219)
      Remove signal handling for nanosleep (bug 16364)
      nptl: Fix racy pipe closing in tst-cancel{20,21}
      Fix POWER7 logb results for negative subnormals (bug 19375)
      Fix SYSCALL_CANCEL for empty argumetns
      powerpc: Regenerate libm-test-ulps
      Fix isinf/isnan declaration conflict with C++11
      Update NEWS with fixed bugs for 2.23 release
      Update version.h and include/features.h for 2.23 release

Alan Modra (1):
      hppa: start.S: rework references to fix PIE TEXTRELs [BZ #18421]

Amit Pawar (1):
      Set index_Fast_Unaligned_Load for Excavator family CPUs

Andreas Schwab (17):
      Properly terminate FDE in makecontext for m68k (bug 18635)
      Remove unused variables from timezone/Makefile
      Readd O_LARGEFILE flag for openat64 (bug 18781)
      Remove unused definition of __openat(64)_nocancel
      Add version set GLIBC_2.19 for linux/powerpc
      Remove __ASSUME_IPC64
      Terminate FDE before return trampoline in makecontext for powerpc (bug 18635)
      Add missing va_end calls (bug 17243)
      Remove extra va_start/va_end calls (bug 17244)
      Restore sparc64 implementation of semctl
      Add dependencies on needed locales in each subdir tests (bug 18969)
      Add bug reference
      Don't emit invalid extra shift character at block boundary by iconv (bug 17197)
      Force rereading TZDEFRULES after it was used to set DST rules only (bug #19253)
      Don't do lock elision on an error checking mutex (bug 17514)
      Remove unused variables

Andrew Bennett (1):
      MIPS: Only use .set mips* assembler directives when necessary

Andrew Senkevich (10):
      [BZ #18796]
      Mention BZ #18796 fix in NEWS.
      Better workaround for aliases of *_finite symbols in vector math library.
      Corrected path to installed libmvec_nonshared.a
      Utilize x86_64 vector math functions w/o -fopenmp.
      Added memset optimized with AVX512 for KNL hardware.
      Added memcpy/memmove family optimized with AVX512 for KNL hardware.
      Fixed typos in __memcpy_chk.
      Fixed build with assembler w/o AVX-512 support.
      Use PIC relocation in ALIAS_IMPL

Andrew Stubbs (1):
      longlong: add SH FDPIC support

Anton Blanchard (1):
      Eliminate redundant sign extensions in pow()

Arjun Shankar (1):
      Modify several tests to use test-skeleton.c

Arslanbek Astemirov (1):
      locales/ce_RU: sync with other *_RU locales

Aurelien Jarno (6):
      Fix grantpt basename namespace bug
      mips: fix testsuite build for O32 FPXX ABI on pre-R2 CPU
      grantpt: trust the kernel about pty group and permission mode
      Cleanup ARM ioperm implementation
      i386: move ULPs to i686/multiarch and regenerate new ones for i386
      Cleanup ARM ioperm implementation (step 2)

Brett Neumeier (1):
      Fix non-v9 32-bit sparc build.

Carlos Eduardo Seo (11):
      powerpc: Add missing hwcap strings.
      powerpc: make memchr use memchr-power7.
      powerpc: Fix memchr for powerpc32.
      powerpc: Sync hwcap.h with kernel
      powerpc: Fix compiler warning in some syscalls.
      Add AT_PLATFORM to _dl_aux_init ()
      powerpc: Provide __tls_get_addr () in static libc
      powerpc: Add hwcap/hwcap2/platform data to TCB.
      powerpc: Add basic support for POWER9 sans hwcap.
      powerpc: Export __parse_hwcap_and_convert_at_platform to libc.a.
      powerpc: Add hwcap2 bits for POWER9.

Carlos O'Donell (22):
      Open development for 2.23.
      Prevent check-local-headers.sh hang.
      Use ALIGN_DOWN in systrim.
      Use ALIGN_* macros in _dl_map_object_from_fd.
      Fix error messages in elf/tst-dlmopen1.c.
      Files open O_WRONLY not supported in fallocate emulation.
      Fix manual argument order for posix_fallocate64 (Bug 19086).
      malloc: Consistently apply trim_threshold to all heaps (Bug 17195)
      Add BZ#19086 to NEWS.
      strcoll: Remove incorrect STRDIFF-based optimization (Bug 18589).
      strcoll: Add bug-strcoll2 to testsuite (Bug 18589).
      Fix typo in bug-strcoll2 (Bug 18589)
      include/stap-probe.h: Fix formatting.
      Rename localedir to complocaledir (bug 14259).
      Comment on IBM930, IBM933, IBM935, IBM937, IBM939.
      Regenerate locale/C-translit.h.
      Update transliteration support to Unicode 7.0.0.
      Document best practice for disconnected NSS modules.
      Use $(PYTHON) to run benchtests python files.
      Ensure isinff, isinfl, isnanf, and isnanl are defined (Bug 19439)
      Update INSTALL with latest versions tested to work.
      CVE-2015-7547: getaddrinfo() stack-based buffer overflow (Bug 18665).

Chris Metcalf (7):
      tile: avoid preprocessor redefinition warnings
      tile: regenerate libm-test-ulps
      Update NEWS to mention drive-by fix for bug 18699.
      tile: define __NO_LONG_DOUBLE_MATH
      misc/tst-tsearch.c: bump up TIMEOUT to 10 seconds.
      math: add LDBL_CLASSIFY_COMPAT support
      Silence some false positive warnings for gcc 4.7

Chung-Lin Tang (1):
      Maintainence patch for nios2: update ULPS file and localplt.data changes.

Damyan Ivanov (1):
      localedata: bg_BG: use colon as time separator [BZ #19385]

Daniel Marjamäki (1):
      Updated __nonnull annotations for wcscat, wcsncat, wcscmp and wcsncmp [BZ #18265]

David Kastrup (1):
      Don't macro-expand failed assertion expression [BZ #18604]

David Lamparter (1):
      arm: setjmp/longjmp: fix PIC vs SHARED thinkos

David S. Miller (5):
      Update sparc ULPS.
      Fix missing __sqrtl_finite symbol in libm on sparc 32-bit.
      Adjust sparc 32-bit __sqrtl_finite version tag.
      Define __sqrtl_finite on sparc 32-bit with correct symbol version.
      Update localplt.data for 32-bit sparc.

Dmitry V. Levin (2):
      Fix getaddrinfo bug number in ChangeLog and NEWS files
      Fix linux personality syscall wrapper

Egmont Koblinger (1):
      hu_HU: change time separator to colon [BZ #18918]

Evert (1):
      localedata: nl_NL: date_fmt: rewrite to match standards [BZ #16495]

Flavio Cruz (1):
      Fix O_DIRECTORY lookup on trivial translators

Florian Weimer (42):
      nptl: Document crash due to incorrect use of locks
      Amend ChangeLog to reflect deletion of elf/tst-znodelete-zlib.cc
      Add test case for bug 18287
      Test in commit e07aabba73ea62e7dfa0512507c92efb851fbdbe is for bug 17079
      Fix inconsistent passwd compensation in nss/bug17079.c
      Harden putpwent, putgrent, putspent, putspent against injection [BZ #18724]
      Harden tls_dtor_list with pointer mangling [BZ #19018]
      nss_nis: Do not call malloc_usable_size [BZ #10432]
      Add a test case for C++11 thread_local support
      iconvdata: Add missing const to lookup table definitions
      Fix double-checked locking in _res_hconf_reorder_addrs [BZ #19074]
      Always enable pointer guard [BZ #18928]
      vfscanf: Use struct scratch_buffer instead of extend_alloca
      The va_list pointer is unspecified after a call to vfprintf [BZ #18982]
      Assume that SOCK_CLOEXEC is available and works
      vfprintf: Rewrite printf_positional to use struct scratch_buffer
      malloc: Rewrite with explicit TLS access using __thread
      sunrpc: Rewrite with explicit TLS access using __thread
      Use the CXX compiler only if it can create dynamic and static programs
      x86_64: Regenerate ulps [BZ #19168]
      malloc: Prevent arena free_list from turning cyclic [BZ #19048]
      _dl_fini: Rewrite to use VLA instead of extend_alloca
      Add bug 18604 to NEWS
      Remove a spurious attribution
      Add bug 18604 to the correct section
      Simplify the abilist format
      Terminate process on invalid netlink response from kernel [BZ #12926]
      ld.so: Add original DSO name if overridden by audit module [BZ #18251]
      Work around conflicting declarations of math functions
      Replace MUTEX_INITIALIZER with _LIBC_LOCK_INITIALIZER in generic code
      Implement "make update-all-abi"
      Remove CPU set size checking from affinity functions [BZ #19143]
      tst-res_hconf_reorder: Set RESOLV_REORDER environment variable
      Revert "tst-res_hconf_reorder: Set RESOLV_REORDER environment variable"
      Fix aliasing violation in tst-rec-dlopen
      malloc: Fix attached thread reference count handling [BZ #19243]
      malloc: Fix list_lock/arena lock deadlock [BZ #19182]
      malloc: Update comment for list_lock
      malloc: Test various special cases related to allocation failures
      Improve check against integer wraparound in hcreate_r [BZ #18240]
      hsearch_r: Apply VM size limit in test case
      NEWS: List additional fixed security bugs

Gabriel F. T. Gomes (3):
      PowerPC: Extend Program Priority Register support
      PowerPC: Fix operand prefixes
      PowerPC: Add comments to optimized strncpy

Geoffrey Thomas (1):
      pt_chown: Clear any signal mask inherited from the parent process.

Gleb Fotengauer-Malinovskiy (2):
      Mention mkdtemp as another secure alternative to mktemp
      malloc: remove redundant getenv call

Gunnar Hjalmarsson (1):
      lt_LT: change currency symbol to the euro [BZ #18953]

H.J. Lu (95):
      Also check dead->data[category] != NULL
      Compile {memcpy,strcmp}-sse2-unaligned.S only for libc
      Align stack to 16 bytes when calling __setcontext
      Align stack to 16 bytes when calling __gettimeofday
      Align stack to 16 bytes when calling __errno_location
      Add a missing break in tst-auditmod3b.c
      Add _dl_x86_cpu_features to rtld_global
      Update x86_64 multiarch functions for <cpu-features.h>
      Update i686 multiarch functions for <cpu-features.h>
      Update libmvec multiarch functions for <cpu-features.h>
      Update x86 elision-conf.c for <cpu-features.h>
      Don't include <cpuid.h> in elision-conf.h
      Check if cpuid is available in init_cpu_features
      Define HAS_CPUID/HAS_I586/HAS_I686 from -march=
      Also check __i586__/__i686__ for HAS_I586/HAS_I686
      Use x86-64 cacheinfo.c and sysconf.c for x86
      Call __setcontext with HIDDEN_JUMPTARGET
      Mark __xstatXX_conv as hidden
      Add BZ #14341 to NEWS
      Remove x86 init-arch.c
      Move x86_64 init-arch.h to sysdeps/x86/init-arch.h
      Remove the unused IFUNC files
      Add missing ChangeLog entry for the last commit
      Fix a typo in linux lxstat.c
      Revert "Fix a typo in linux lxstat.c"
      Save and restore vector registers in x86-64 ld.so
      Replace %xmm8 with %xmm0
      Remove x86-64 rtld-xxx.c and rtld-xxx.S
      Replace %xmm[8-12] with %xmm[0-4]
      Don't run tst-getpid2 with LD_BIND_NOW=1
      Use SSE2 optimized strcmp in x86-64 ld.so
      Don't disable SSE in x86-64 ld.so
      Remove sysdeps/i386/i486/Versions
      Move i486/bits/atomic.h to bits/atomic.h
      Move i486/htonl.S to htonl.S
      Move i486/string-inlines.c to string-inlines.c
      Move i486/pthread_spin_trylock.S to pthread_spin_trylock.S
      Move i486/strcat.S to strcat.S
      Move i486/strlen.S to strlen.S
      Remove i486 subdirectory
      Add i386 memset and memcpy assembly functions
      Detect and select i586/i686 implementation at run-time
      Mention 15786 in NEWS
      Use __pthread_setcancelstate in libc.a
      Use __libc_ptf_call in _longjmp_unwind
      Remove ignored symbols from nptl/Versions
      Move sysdeps/unix/sysv/linux/i386/i486/*.? to i386
      Update lrint/lrintf/lrintl for x32
      Support x86-64 assmebler without AVX512
      Support PLT and GOT references in local PIC check
      Avoid PLT when calling __sched_getaffinity_new
      i386: Remove syscall assembly codes with 6 arguments
      Optimize i386 syscall inlining for GCC 5
      Remove i386/epoll_pwait.S
      Add comments for GCC 5 requirement
      Mark x86 _dl_unmap/_dl_make_tlsdesc_dynamic hidden
      Mark _wordcopy_XXX functions hidden
      Mark internal _dl_XXX functions hidden
      Mark internal _itoa functions hidden
      Mark _dl_catch_error hidden
      Mark internal dirent functions hidden
      Mark internal fcntl functions hidden
      Mark ld.so internel __profile_frequency hidden
      Mark internal setjmp functions hidden
      Mark ld.so internel sigaction functions hidden
      Mark ld.so internel stdlib functions hidden
      Mark ld.so internel string functions hidden
      Mark ld.so internel __uname hidden
      Mark ld.so internel __fxstatat64 hidden
      Apply -fomit-frame-pointer only to .o/.os files
      Disable GCC 5 optimization when PROF is defined
      Build i386 __libc_do_syscall when PROF is defined
      Keep only ELF_RTYPE_CLASS_{PLT|COPY} bits for prelink
      Add a test for prelink output
      Run tst-prelink test for GLOB_DAT reloc
      Update family and model detection for AMD CPUs
      Add __CPU_MASK_TYPE for __cpu_mask
      Enable Silvermont optimizations for Knights Landing
      Add Prefer_MAP_32BIT_EXEC to map executable pages with MAP_32BIT
      Add missing ChangeLog entries
      Provide x32 times
      Mark ld.so internal mmap functions hidden in ld.so
      Mark internal unistd functions hidden in ld.so
      Update copyright dates committed in 2016
      Use TIME_T_MAX and TIME_T_MIN in tst-mktime2.c
      Call math_opt_barrier inside if
      Add _STRING_INLINE_unaligned and string_private.h

Helge Deller (1):
      hppa: Add MAP_HUGETLB and MAP_STACK defines [BZ #19285]

James Perkins (2):
      strptime %z: fix rounding, extend range to +/-9959 [BZ #16141]
      time/tst-strptime2.c: test full input range +/- 0-9999

John David Anglin (5):
      hppa: Fix reload error with atomic code [BZ #18787]
      hppa: Fix miscompilation of sched_setaffinity() [BZ #18480]
      hppa: Define __NO_LONG_DOUBLE_MATH so headers are consistent with libm build [BZ #19270]
      hppa: fix pthread spinlock
      hppa: fix dladdr [BZ #19415]

Joseph Myers (212):
      Fix powf (close to -1, large) (bug 18647).
      Fix sinh missing underflows (bug 16519).
      Fix tan missing underflows (bug 16517).
      Resort bug numbers in NEWS into ascending order.
      Fix ldbl-128ibm sinhl inaccuracy near 0 (bug 18789).
      Fix ldbl-128ibm tanhl inaccuracy (bug 18790).
      Add more tests of various libm functions.
      Fix tanh missing underflows (bug 16520).
      Add more random libm-test inputs.
      Fix fma spurious underflows (bug 18824).
      Fix csqrt spurious underflows (bug 18823).
      Fix MIPS -Wundef warnings for __mips_isa_rev.
      Fix -Wundef warnings in login/tst-utmp.c.
      Fix -Wundef warnings in elf/tst-execstack.c.
      Fix csqrt missing underflows (bug 18370).
      Fix uninitialized variable use in ldbl-128ibm nearbyintl.
      Don't use -Wno-uninitialized in math/.
      Don't use -Wno-error=undef.
      Don't use -Wno-strict-prototypes in timezone/.
      Note bug 10882 as having been fixed in 2.16.
      Note bug 14941 as having been fixed in 2.18.
      Add more TCP_* values to netinet/tcp.h.
      Add netinet/in.h values from Linux 4.2.
      Don't include <bits/stdio-lock.h> from installed <libio.h>.
      Don't install bits/libc-lock.h or bits/stdio-lock.h.
      Rename bits/libc-tsd.h to libc-tsd.h (bug 14912).
      Rename bits/m68k-vdso.h to m68k-vdso.h (bug 14912).
      Rename bits/stdio-lock.h to stdio-lock.h (bug 14912).
      Rename bits/linkmap.h to linkmap.h (bug 14912).
      Move bits/libc-lock.h and bits/libc-lockP.h out of bits/ (bug 14912).
      Fix lgamma (negative) inaccuracy (bug 2542, bug 2543, bug 2558).
      Add more randomly-generated libm tests.
      Fix ldbl-128/ldbl-128ibm lgamma spurious "invalid", incorrect signgam (bug 18952).
      Update libm-test-ulps for MIPS.
      Move bits/atomic.h to atomic-machine.h (bug 14912).
      Add more random libm test inputs (mainly for ldbl-128).
      Fix exp2 missing underflows (bug 16521).
      Fix i386 exp missing underflows (bug 18961).
      Fix i386 exp10 missing underflows (bug 18966).
      Simplify hypotf infinity handling (bug 15918).
      Fix ctan, ctanh missing underflows (bug 18595).
      Mark fegetround pure (bug 16296).
      Fix ldbl-128ibm nearbyintl use of signaling comparisons on NaNs (bug 18857).
      Fix math.h, tgmath.h XSI POSIX namespace (gamma, isnan, scalb) (bug 18967).
      Clean up ldbl-128 / ldbl-128ibm expm1l dead code (bug 16415).
      Update de.po from Translation Project (bug 4404).
      Make scalbn set errno (bug 6803).
      Don't declare float / long double Bessel functions for XSI POSIX (bug 18977).
      Fix tgamma missing underflows (bug 18951).
      Reduce number of constants in __finite* (bug 15384).
      Fix sign of zero part from ctan / ctanh when argument infinite (bug 17118).
      Test for weak undefined symbols in linknamespace.pl.
      Avoid excess range overflowing results from cosh, sinh, lgamma (bug 18980).
      Avoid excess range in results from i386 scalb functions (bug 18981).
      Avoid excess range in results from i386 exp, hypot, pow functions (bug 18980).
      Revert timezone/Makefile change.
      Use math_narrow_eval more consistently.
      Refactor code forcing underflow exceptions.
      Don't use volatile in exp2f.
      Fix x86_64 fma4 pow inappropriate contraction (bug 19003).
      Refactor i386 libm code forcing underflow exceptions.
      Use LOAD_PIC_REG in i386 atanh.
      Refactor x86_64 libm code forcing underflow exceptions.
      Fix hypot missing underflows (bug 18803).
      Use soft-fp fma for MicroBlaze (bug 13304).
      Use soft-fp fma for no-FPU ColdFire (bug 13304).
      Fix pow missing underflows (bug 18825).
      Fix powf inaccuracy (bug 18956).
      Fix clog, clog10 inaccuracy (bug 19016).
      Refine errno / "inexact" expectations in libm-test.inc.
      Improve test coverage of real libm functions [a-e]*.
      Fix i386 acosh (-qNaN) spurious "invalid" exception.
      Fix ldbl-128ibm exp10l spurious overflows (bug 16620).
      Use type-specific precision when printing results in libm-test.inc.
      Fix ldbl-128 / ldbl-128ibm lgamma overflow handling (bug 16347, bug 19046).
      Fix i386 build after put*ent hardening changes.
      Fix nexttoward overflow in non-default rounding modes (bug 19059).
      Work around powerpc32 integer 0 converting to -0 (bug 887, bug 19049, bug 19050).
      Don't list bug 887 as fixed for glibc 2.16.
      Fix ldbl-96 lroundl just below powers of 2 (bug 19071).
      Fix ldbl-128ibm log1pl (-1) sign of infinity (bug 19076).
      Fix ldbl-128ibm logl (1) sign of zero result (bug 19077).
      Add more scalb test expectations for "inexact" exception.
      Fix ldbl-128ibm expl overflow in non-default rounding modes (bug 19078).
      Remove scripts/rpm2dynsym.sh.
      Remove configure tests for SSE4 support.
      Use same test inputs for lrint and llrint.
      Add more tests of lrint, llrint, lround, llround.
      Don't use dbl-64/wordsize-64 lround based on llround for ILP32 (bug 19079).
      Use dbl-64/wordsize-64 for MIPS64.
      Fix ldbl-128 lrintl, lroundl missing exceptions for 32-bit long (bug 19085).
      Fix lround, llround missing exceptions close to overflow threshold (bug 19088).
      Remove configure tests for AVX support.
      Correct "inexact" expectations in lround, llround tests.
      Fix lrint, llrint missing exceptions close to overflow threshold (bug 19094).
      Fix dbl-64 lrint for 64-bit long (bug 19095).
      Remove configure tests for FMA4 support.
      Remove configure tests for -mno-vzeroupper support.
      Fix lrint, llrint, lround, llround missing exceptions for MIPS (bug 16399).
      Fix llrint, llround missing exceptions for ARM (bug 15470).
      Regenerate ARM libm-test-ulps.
      Regenerate MIPS libm-test-ulps.
      Fix powerpc32 llrint, llrintf bad exceptions (bug 16422).
      Move powerpc llround implementations to powerpc32 directory.
      Fix powerpc32 llround, llroundf exceptions (bug 19125).
      Fix powerpc32 lround, lroundf spurious exceptions (bug 19134).
      Remove stddef.h configure test.
      Remove -static-libgcc configure test.
      Remove .previous, .popsection configure tests.
      Remove assembler -mtune=i686 configure test.
      Do not leave files behind in /tmp from testing.
      Remove -fexceptions configure test.
      Remove sizeof (long double) configure test.
      Remove -Bgroup configure test.
      Remove NPTL configure errors based on top-level configure tests.
      Fix i386 build for lll_unlock_elision change.
      Convert 703 function definitions to prototype style.
      Add more tests for ceil, floor, round, trunc.
      Add more libm tests (fabs, fdim, fma, fmax, fmin, fmod).
      Convert 231 sysdeps function definitions to prototype style.
      Remove .weak, .weakext configure tests.
      Remove -fgnu89-inline configure test.
      Convert 69 more function definitions to prototype style (line wrap cases).
      Do not use -Wno-strict-prototypes.
      Remove gnu_unique_object configure test.
      Convert 24 more function definitions to prototype style (array parameters).
      Convert 29 more function definitions to prototype style (multiple parameters in one K&R parameter declaration).
      Convert 113 more function definitions to prototype style (files with assertions).
      Convert miscellaneous function definitions to prototype style.
      Add more libm tests (fmod, fpclassify, frexp, hypot, ilogb, j0, j1, jn, log, log10, log2).
      Convert a few more function definitions to prototype style.
      Use -Wold-style-definition.
      Fix ldbl-128 j0l spurious underflows (bug 19156).
      Make io/ftwtest-sh remove temporary files on early exit.
      Move io/tst-fcntl temporary file creation to do_prepare.
      Fix i386 / x86_64 nearbyint exception clearing (bug 15491).
      Fix j1, jn missing errno setting on underflow (bug 18611).
      Add more libm tests (ilogb, is*, j0, j1, jn, lgamma, log*).
      Remove libm-test.inc special-casing of errors up to 0.5 ulp.
      Remove configure test for assembler .text directive.
      Remove support for removing glibc 2.0 headers.
      Remove configure test for needing -P for .S files.
      Remove TLS configure tests.
      Require GCC 4.7 or later to build glibc.
      Use -std=c11 for C11 conform/ tests.
      Remove pre-GCC-4.7 conform/ test XFAILs.
      Remove sysdeps/nptl/configure.ac.
      Use -std=gnu11 instead of -std=gnu99.
      Add -std=gnu11 and -std=c11 NPTL initializers tests.
      Remove GCC version conditionals on -Wmaybe-uninitialized pragmas.
      Remove MIPS16 atomics using __sync_* (bug 17404).
      Remove configure test for ARM TLS descriptors support.
      Remove -mavx2 configure tests.
      Use C11 *_DECIMAL_DIG macros in libm-test.inc.
      Fix i386/x86_64 fesetenv SSE exception clearing (bug 19181).
      Use C11 *_TRUE_MIN macros where applicable.
      Use C11 CMPLX* macros in libm tests.
      Handle more state in i386/x86_64 fesetenv (bug 16068).
      Use max_align_t from <stddef.h>.
      Remove configure tests for visibility support.
      Remove cpuid.h configure tests.
      Make drem an alias of remainder (bug 16171).
      Do not test sign of zero result from infinite argument to Bessel functions.
      Fix ldbl-128 log1pl (-qNaN) spurious "invalid" exception (bug 19189).
      Remove init_array / fini_array configure test.
      Make nextafter, nexttoward set errno (bug 6799).
      Fix dbl-64 remainder sign of zero result (bug 19201).
      Add more libm tests (modf, nearbyint, nextafter, nexttoward, pow, remainder, remquo, rint).
      Remove --no-whole-archive configure test.
      Add more libm tests (scalb*, signbit, sin, sincos, sinh, sqrt, tan, tanh, tgamma, y0, y1, yn, significand).
      Refactor libm-test inline tests disabling.
      Remove miscellaneous GCC >= 4.7 version conditionals.
      Make bits/math-finite.h conditions match other headers (bug 19205).
      Don't redirect ldexp to scalbn in bits/math-finite.h (bug 19209).
      Fix features.h for -Wundef (bug 19212).
      Fix finite-math-only lgamma functions signgam setting (bug 19211).
      Fix i386/x86_64 log* (1) zero sign for -ffinite-math-only (bug 19213).
      Add script to list fixed bugs for the NEWS file.
      Run libm-test tests for finite-math-only functions.
      Remove configure tests for some linker -z options.
      Fix typo in signgam test messages.
      Add more tests of pow.
      Fix powerpc nearbyint wrongly clearing "inexact" and leaving traps disabled (bug 19228).
      Fix powerpc64 lround, lroundf, llround, llroundf spurious "inexact" exceptions (bug 19235).
      Fix powerpc round, roundf spurious "inexact" (bug 19238).
      Fix ldbl-128ibm strtold overflow handling (bug 14551).
      Fix lgamma setting signgam for ISO C (bug 15421).
      Fix math_private.h multiple include guards.
      Fix strtol in Turkish locales (bug 19242).
      Update <netpacket/packet.h> for Linux 4.3.
      Update <sys/ptrace.h> for Linux 4.3.
      Fix strtod ("NAN(I)") in Turkish locales (bug 19266).
      Refactor strtod parsing of NaN payloads.
      Use hex float constants in sysdeps/ieee754/dbl-64/e_sqrt.c.
      Fix nan functions handling of payload strings (bug 16961, bug 16962).
      Use direct socket syscalls for new kernels on i386, m68k, microblaze, sh.
      Fix ldbl-128ibm tanhl inaccuracy for small arguments (bug 19349).
      Fix ldbl-128ibm sinhl spurious overflows (bug 19350).
      Fix ldbl-128ibm logl inaccuracy near 1 (bug 19351).
      Automate LC_CTYPE generation for tr_TR, update to Unicode 8.0.0 (bug 18491).
      Make obsolete syscall wrappers into compat symbols (bug 18472).
      Update copyright dates with scripts/update-copyrights.
      Update copyright dates not handled by scripts/update-copyrights.
      Update miscellaneous files from upstream sources.
      Add new header definitions from Linux 4.4 (plus older ptrace definitions).
      Regenerate ARM libm-test-ulps.
      Regenerate powerpc-nofpu libm-test-ulps.
      Regenerate MIPS libm-test-ulps.
      Fix ulps regeneration for *-finite tests.
      Update localplt.data for powerpc-nofpu.
      Fix __finitel libm compat symbol version.
      Fix MIPS mmap negative offset handling for consistency (bug 19550).

Justus Winter (1):
      Cache the host port like we cache the task port

Khem Raj (1):
      argp: Use fwrite_unlocked instead of __fxprintf when !_LIBC

Ludovic Courtès (2):
      Gracefully handle incompatible locale data
      Use shell's builtin pwd.

Maciej W. Rozycki (3):
      [BZ #17250] Fix static dlopen default library search path
      MIPS: Wire FCSR.ABS2008 to FCSR.NAN2008
      MIPS: Set the required Linux kernel version to 4.5.0 for 2008 NaN

Manolis Ragkousis (1):
      Check sysheaders when looking for Mach and Hurd headers

Marcin Kościelnicki (1):
      Add __private_ss to s390 struct tcbhead.

Mark Wielaard (3):
      Add LFS support for fts functions (bug 11460)
      elf/elf.h: Add new 386 and X86_64 relocations from binutils.
      Revert "elf/elf.h: Add new 386 and X86_64 relocations from binutils."

Marko Myllynen (4):
      localedata: remove timezone information [BZ #18525]
      Fix lang_lib/lang_term as per ISO 639-2 [BZ #16973]
      Make shebang interpreter directives consistent
      Make shebang interpreter directives consistent

Martin Sebor (4):
      Let 'make check subdirs=string' succeed even when it's invoked
      Fix build errors with -DNDEBUG.
      Fix build failures with -DDEBUG.
      Have iconv accept redundant escape sequences in IBM900, IBM903, IBM905,

Maxim Ostapenko (1):
      Clear DF_1_NODELETE flag only for failed to load library.

Mike FABIAN (3):
      Generic updates to transliterations.
      Update da, nb, nn, and sv locales (Bug 89)
      Update to Unicode 8.0.0.

Mike Frysinger (44):
      nptl: fix set-but-unused warning w/_STACK_GROWS_UP
      mmap64: fix undef warnings
      test-skeleton: add usage information
      fix missing ctype.h include
      hppa: _dl_symbol_address: add missing hidden def
      microblaze: include unix/sysdep.h
      hppa: put custom madvise defines behind __USE_MISC
      fix non-portable `echo -n` usage
      gawk: fix gensub usage
      stpncpy: fix bug number [BZ #18795]
      hppa: assume TLS everywhere
      hppa: drop __ASSUME_LWS_CAS define
      hppa: shm.h: add SHM_EXEC
      hppa: sigaction.h: update define export based on __USE_XOPEN2K8
      hppa: epoll.h: move to common sys/epoll.h
      hppa: eventfd.h: move to common sys/eventfd.h
      hppa: inotify.h: move to common sys/inotify.h
      hppa: signalfd.h: move to common sys/signalfd.h
      hppa: timerfd.h: move to common sys/timerfd.h
      NEWS: note fixed bug
      relocate localedata ChangeLog entries
      manual: skip build when perl is unavailable
      mips: siginfo.h: add SIGSYS details [BZ #18863]
      de.po: fix SIGALRM typo [BZ #4404]
      getmntent: fix memory corruption w/blank lines [BZ #18887]
      NEWS: add #18887
      localedef: improve error message [BZ #16985]
      alpha: drop __ASSUME_FDATASYNC
      timezone: fix parallel check failures
      timezone: add a configure flag to disable program install
      timezone: document new --disable-timezone-tools option
      timezone: polish grammar a bit in documentation
      use -fstack-protector-strong when available
      pylintrc: disable reports
      ia64: fpu: fix gammaf typo [BZ #15421]
      list-fixed-bugs: use argparse for the commandline
      localedata: nl_NL@euro: copy measurement from nl_NL [BZ #19198]
      ia64: fpu: fix gamma definition handling [BZ #15421]
      xstat: only check to see if __ASSUME_ST_INO_64_BIT is defined
      longlong: fix sh -Wundef builds
      sparc: mman.h: fix bad comment insertion
      configure: make the unsupported error message less hostile
      localedata: convert all files to utf-8
      Revert "ChangeLogs: convert to utf-8"

Namhyung Kim (1):
      manual/argp.texi (Specifying Argp Parsers): Fix typo.

Ondrej Bilka (1):
      powerpc: Fix stpcpy performance for power8

Ondřej Bílka (4):
      Fix exponents in manual.
      Fix strcpy_chk and stpcpy_chk performance.
      Handle overflow in __hcreate_r
      add bug 18240 to news.

Paul E. Murphy (6):
      powerpc: Fix tabort usage in syscalls
      powerpc: Revert to default atomic ops in elision code
      Fix race in tst-mqueue5
      powerpc: Fix macro usage of htm builtins
      Fix nptl/tst-setuid3.c
      Cleanup ppc bits/ipc.h

Paul Eggert (8):
      Port the 0x7efe...feff pattern to GCC 6.
      Fix broken overflow check in posix_fallocate [BZ 18873]
      Consistency about byte vs character in string.texi
      Fix typo in strncat, wcsncat manual entries
      Split large string section; add truncation advice
      Update timezone code from tzcode 2015g.
      Fix doc quoting problems with Texinfo 5
      ChangeLogs: convert to utf-8

Paul Murphy (6):
      nptl: Add adapt_count parameter to lll_unlock_elision
      powerpc: Optimize lock elision for pthread_mutex_t
      powerpc: Fix usage of elision transient failure adapt param
      Shuffle includes in ldbl-128ibm/mpn2ldl.c
      powerpc: More elision improvements
      powerpc: Spinlock optimization and cleanup

Paul Pluzhnikov (19):
      Add #include <unistd.h> to libio/oldfileops.c for write.
      Fix BZ #17905
      Fix trailing space.
      In preparation for fixing BZ#16734, fix failure in misc/tst-error1-mem
      Fix BZ #18086 -- nice resets errno to 0.
      Fix BZ #16734 -- fopen calls mmap to allocate its buffer
      Fix BZ #18820 -- fmemopen may leak memory on failure.
      Regenerated sysdeps/x86_64/fpu/libm-test-ulps with AVX2.
      Fix BZ #18084 -- backtrace (..., 0) dumps core on x86.
      Filter out NULL entries.
      Fix BZ #18757.
      To fix BZ #18675, use __fstatvfs64 in __fpathconf.
      Fix BZ #18872 -- memory leak in printf_positional.
      Fix BZ #18985 -- out of range data to strftime() causes a segfault
      sysdeps/x86_64/fpu/libm-test-ulps: Regenerated on Haswell.
      Fix BZ #19012 -- iconv_open leaks memory on error path.
      stdio-common/tst-printf-bz18872.sh: Use attribute optimize instead of
      [BZ #19451]
      2016-01-20  Paul Pluzhnikov  <ppluzhnikov@google.com>

Petar Jovanovic (1):
      Fix dynamic linker issue with bind-now

Phil Blundell (1):
      ChangeLog: Fix incorrect email address

Rajalakshmi Srinivasaraghavan (3):
      powerpc: Handle worstcase behavior in strstr() for POWER7
      Call direct system calls for socket operations
      powerpc: Regenerate libm-test-ulps

Rasmus Villemoes (1):
      linux/getsysstats.c: use sysinfo() instead of parsing /proc/meminfo

Richard Henderson (2):
      longlong.h: Disable alpha umul_ppmm for old g++
      Update Alpha libm-test-ulps

Rob Wu (1):
      resolv: Reset defdname before use in __res_vinit [BZ #19369]

Roland McGrath (12):
      NaCl: Call __nacl_main in preference to main.
      Meaningless ChangeLog cleanup to trigger buildbot.
      Mark elf/tst-protected1[ab] as XFAIL.
      BZ#18921: Fix opendir inverted o_directory_works test.
      BZ#18921: Mark fixed in NEWS.
      NaCl: Do not install <sys/mtio.h>.
      Use HOST_NAME_MAX for MAXHOSTNAMELEN in <sys/param.h>.
      BZ#18872: Don't conditionalize build rules for test program.
      Fix some stub prototypes missing ... after K&R conversion
      NaCl: Use open_resource API for shared objects
      NaCl: Use allocate_code_data after dyncode_create
      NaCl: Fix unused variable errors in lowlevellock-futex.h macros.

Samuel Thibault (20):
      Fix gcrt0.o compilation
      Fix sysdeps/i386/fpu/s_scalbn.S build
      Fix rules generating headers in hurd/ and mach/
      Fix parallel build of before-compile targets.
      Fix typo
      Fix typo
      Really fix sysdeps/i386/fpu/s_scalbn.S build
      Fix vm_page_size visibility
      Add missing __mach_host_self_ symbol in Versions
      Add task_notify to mach_interface_list
      Make _hurd_raise_signal return errors
      Make _hurd_raise_signal directly return the error
      Remove unusued variable
      Fix RPC breakage when longjumping from signal handler
      Fix hurd build with hidden support
      Revert not defining NO_HIDDEN on hurd
      Do not add relro attribute to __libc_stack_end
      hurd: Initialize __libc_stack_end for hidden support
      hurd: Make mmap64 use vm_offset_t for overflow check
      Harmonize generic stdio-lock support with nptl

Siddhesh Poyarekar (12):
      Remove incorrect register mov in floorf/nearbyint on x86_64
      Drop unused first argument from arena_get2
      Don't use the main arena in retry path if it is corrupt
      benchtests: Mark output variables as used
      Remove redundant else clauses in s_sin.c
      Include s_sin.c in s_sincos.c
      benchtests: Add inputs from sin and cos to sincos
      benchtests: ffs and ffsll are string functions, not math
      Fix up ChangeLog
      Consolidate range reduction in sincos for x > 281474976710656
      Consolidate sin and cos code for 105414350 <|x|< 281474976710656
      Consolidate sincos computation for 2.426265 < |x| < 105414350

Stan Shebs (1):
      Disable uninitialized warning with GCC 4.8

Stefan Liebler (37):
      S390: Fix handling of DXC-byte in FPC-register.
      S390: Refactor ifunc implementations and enable ifunc-test-framework.
      S390: Add hwcaps value for vector facility.
      S390: Add new s390 platform.
      S390: configure check for vector instruction support in assembler.
      S390: Ifunc resolver macro for vector instructions.
      S390: Optimize strlen and wcslen.
      S390: Optimize strnlen and wcsnlen.
      S390: Optimize strcpy and wcscpy.
      S390: Optimize stpcpy and wcpcpy.
      S390: Optimize strncpy and wcsncpy.
      S390: Optimize stpncpy and wcpncpy.
      S390: Optimize strcat and wcscat.
      S390: Optimize strncat wcsncat.
      S390: Optimize strcmp and wcscmp.
      S390: Optimize strncmp and wcsncmp.
      S390: Optimize strchr and wcschr.
      S390: Optimize strchrnul and wcschrnul.
      S390: Optimize strrchr and wcsrchr.
      S390: Optimize strspn and wcsspn.
      S390: Optimize strpbrk and wcspbrk.
      S390: Optimize strcspn and wcscspn.
      S390: Optimize memchr, rawmemchr and wmemchr.
      S390: Optimize memccpy.
      S390: Optimize wmemset.
      S390: Optimize wmemcmp.
      S390: Optimize memrchr.
      S390: Optimize string, wcsmbs and memory functions.
      S390: Fix build error with gcc6 in utf8_utf16-z9.c.
      Adjust _Unwind_Word in unwind.h to version in libgcc.
      S390: Call direct system calls for socket operations.
      S390: Clean setjmp, longjmp, getcontext symbols.
      S390: Use __asm__ instead of asm.
      S/390: Do not raise inexact exception in lrint/lround. [BZ #19486]
      S390: Regenerate ULPs
      S390: Fix build error in iconvdata/bug-iconv11.c.
      S390: Fix build failure in test string/tst-endian.c with gcc 6.

Steve Ellcey (9):
      Fix undefined warning messages in GCC 6.
      Add unused attribute to declaration for mips16 builds.
      Add missing ChangeLog entry.
      Update timezone/Makefile to use -Wno-unused-variable
      Make performance improvement to MIPS memcpy for small copies.
      Fix indentation.
      Fix indentation.
      Fix indentation.
      Fix MIPS64 memcpy regression.

Szabolcs Nagy (4):
      Regenerate aarch64 libm-test-ulps
      [BZ #19129][ARM] Fix _dl_tlsdesc_resolve_hold to save r0
      [AArch64] Regenerate libm-test-ulps
      [ARM] add missing -funwind-tables to test case (bug 19529)

Thomas Schwinge (1):
      hurd: install correct number of send rights on fork

Torvald Riegel (5):
      Remove unused variable in math/atest-exp2.c.
      Do not violate mutex destruction requirements.
      New pthread_barrier algorithm to fulfill barrier destruction requirements.
      Fix pthread_barrier_init typo.
      nptl: Add first-line description for barrier tests.

Tulio Magno Quites Machado Filho (3):
      PowerPC: Fix a race condition when eliding a lock
      tst-backtrace4: fix a warning message
      powerpc: Enforce compiler barriers on hardware transactions

Vincent Bernat (2):
      time: in strptime(), make %z accept Z as a time zone [BZ #17886]
      time: in strptime(), make %z accept [+-]HH:MM tz [BZ #17887]

Wilco Dijkstra (17):
      Improve fesetenv performance by avoiding unnecessary FPSR/FPCR reads/writes.
      Improve feenableexcept performance - avoid an unnecessary FPCR read in case
      This patch improves strncpy performance by using strnlen/memcpy rather than a byte loop. Performance
      Improve memccpy performance by using memchr/memcpy/mempcpy rather than
      Improve performance of mempcpy by inlining and using memcpy. Enable
      Improve stpncpy performance by using __strnlen/memcpy/memset rather than a
      2015-08-24  Wilco Dijkstra  <wdijkstr@arm.com>
      2015-08-24  Wilco Dijkstra  <wdijkstr@arm.com>
      Add a new benchmark for isinf/isnan/isnormal/isfinite/fpclassify. The test uses 2 arrays with 1024 doubles, one with 99% finite FP numbers (10% zeroes, 10% negative) and 1% inf/NaN, the other with 50% inf, and 50% Nan.
      Add inlining of the C99 math functions isinf/isnan/signbit/isfinite/isnormal/fpclassify using GCC
      Use the GCC builtin functions for the non-inlined signbit implementations.
      Fix several build failures with GCC6 due to unused static variables.
      Since we now inline isinf, isnan and isfinite in math.h, replace uses of __isinf_ns(l/f)
      Cleanup a few cases where isinf is used to get the signbit to improve the readability and maintainability and allow inlining.
      Undo build error fixes to timezone/private.h, change makefile instead to
      Remove __signbit* from localplt.data as they are no longer called from within GLIBC.
      Enable _STRING_ARCH_unaligned on AArch64.

Zack Weinberg (4):
      Correct comments about the history of <regexp.h>
      stpncpy: fix size checking [BZ #18975]
      Desupport regexp.h (bug 18681)
      regexp.h: update Versions to match file usage [BZ #18681]

Comment 20 wang danny 2019-12-03 04:54:34 UTC
Hi all,

Recently in our product similar deadlock issue triggered, Centos 7.6, glibc 2.17 and 2.23. I will attachment my backtrace.
Could you let me know which release should cover this issue fix?
And how to confirm such deadlock, is there similar test progrom?

Thread 17 (Thread 0x7f03bbfff700 (LWP 2301)):
#0  __lll_lock_wait_private () at ../sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:95
#1  0x00007f03e22e6c02 in __check_pf (seen_ipv4=0x7f03e2582850 <lock>, seen_ipv6=0x7f03bbff8c13, in6ai=0x7f03bbff8c20, in6ailen=0xffffffffffffffff) at ../sysdeps/unix/sysv/linux/check_pf.c:304
#2  0x0000000000000000 in ?? ()
Thread 16 (Thread 0x7f03baae1700 (LWP 2302)):
#0  __lll_lock_wait_private () at ../sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:95
#1  0x00007f03e22e6c02 in __check_pf (seen_ipv4=0x7f03e2582850 <lock>, seen_ipv6=0x7f03baadac13, in6ai=0x7f03baadac20, in6ailen=0xffffffffffffffff) at ../sysdeps/unix/sysv/linux/check_pf.c:304
#2  0x0000000000000000 in ?? ()

Thread 15 (Thread 0x7f9ea316f700 (LWP 5866)):
#0  0x00007f9ecafd521d in recvmsg () at ../sysdeps/unix/syscall-template.S:84
#1  0x00007f9ecafeef1e in make_request (pid=<optimized out>, fd=<optimized out>) at ../sysdeps/unix/sysv/linux/check_pf.c:167
#2  __check_pf (seen_ipv4=seen_ipv4@entry=0x7f9ea3168dd2, seen_ipv6=seen_ipv6@entry=0x7f9ea3168dd3, in6ai=in6ai@entry=0x7f9ea3168de0, in6ailen=in6ailen@entry=0x7f9ea3168de8) at ../sysdeps/unix/sysv/linux/check_pf.c:326
#3  0x00007f9ecafc1931 in __GI_getaddrinfo (name=0x7f9e8c741fe0 "", service=0x7f9ea3168f40 "0", hints=0x7f9ea3168fe0, pai=0x7f9ea3168f60) at ../sysdeps/posix/getaddrinfo.c:2366

Besides recvmsg, other two places also be stuck sometimes.
Thread 17 (Thread 0x7f87e6d62700 (LWP 20022)):
#0  0x00007f880ce25057 in getsockname () at ../sysdeps/unix/syscall-template.S:84
#1  0x00007f880ce3ed7a in __check_pf (seen_ipv4=seen_ipv4@entry=0x7f87e6d5bc12, seen_ipv6=seen_ipv6@entry=0x7f87e6d5bc13, in6ai=in6ai@entry=0x7f87e6d5bc20, in6ailen=in6ailen@entry=0x7f87e6d5bc28) at ../sysdeps/unix/sysv/linux/check_pf.c:324
#2  0x00007f880ce11931 in __GI_getaddrinfo (name=0x7f87d04b3d80 "", service=0x7f87e6d5bd80 "100", hints=0x7f87e6d5be20, pai=0x7f87e6d5bda0) at ../sysdeps/posix/getaddrinfo.c:2366

Thread 13 (Thread 0x7fc423fff700 (LWP 16642)):
#0  0x00007fc450f40427 in socket () at ../sysdeps/unix/syscall-template.S:84
#1  0x00007fc450f59c31 in __check_pf (seen_ipv4=seen_ipv4@entry=0x7fc423ff8c12, seen_ipv6=seen_ipv6@entry=0x7fc423ff8c13, in6ai=in6ai@entry=0x7fc423ff8c20, in6ailen=in6ailen@entry=0x7fc423ff8c28) at ../sysdeps/unix/sysv/linux/check_pf.c:313
#2  0x00007fc450f2c931 in __GI_getaddrinfo (name=0x7fc418295dc0 "", service=0x7fc423ff8d80 "100", hints=0x7fc423ff8e20, pai=0x7fc423ff8da0) at ../sysdeps/posix/getaddrinfo.c:2366

Comment 21 wang danny 2019-12-03 04:58:43 UTC
Created attachment 12099 [details]
check_pk deadlock
Comment 22 wang danny 2019-12-03 04:59:21 UTC
Created attachment 12100 [details]
check_pf deadlock
Comment 23 Florian Weimer 2019-12-03 08:10:33 UTC
(In reply to wang danny from comment #20)
> Recently in our product similar deadlock issue triggered, Centos 7.6, glibc
> 2.17 and 2.23. I will attachment my backtrace.
> Could you let me know which release should cover this issue fix?
> And how to confirm such deadlock, is there similar test progrom?

This is most likely a file descriptor race in your application. The error detection in glibc (which was also backported into Red Hat Enterprise Linux 7) probably does not catch this case because the replacement descriptor is also a socket.
Comment 24 wang danny 2019-12-03 12:43:11 UTC
Hi Weimer,

Thanks for your response!

The backtrace shows the same issue with this ticket. You means the fix may not fix completely?
If it is file description race how to avoid? Our issue can only triggered in high load socket connection request.

Comment 25 Florian Weimer 2019-12-03 12:47:55 UTC
(In reply to wang danny from comment #24)
> Hi Weimer,
> Thanks for your response!
> The backtrace shows the same issue with this ticket. You means the fix may
> not fix completely?

No, even though the symptoms are very similar, yours is likely a different bug.

> If it is file description race how to avoid? Our issue can only triggered in
> high load socket connection request.

You need to find the bug in your application. Typically, it's something that closes the same socket descriptor twice.
Comment 26 wang danny 2019-12-03 13:20:14 UTC
If closes the same socket descriptor twice, check_pf deadlock also triggered, right?
Comment 27 Florian Weimer 2019-12-03 13:34:31 UTC
(In reply to wang danny from comment #26)
> If closes the same socket descriptor twice, check_pf deadlock also
> triggered, right?

Not directly. Something else also has to replace the internal netlink socket used by glibc with another socket. So the sequence looks like this:

  application: closes socket
  glibc: creates netlink socket
  glibc: sends data on the socket
  application: closes the same socket again
  application: creates a new socket (for the same descriptor number)
  glibc: calls recvmsg on the socket

And that call hangs because the socket is not actually a netlink socket and it happens that the other end never sends any data.

(Note that such discussions should really happen on the libc-help list, not on a bug report in Bugzilla.)