Bug 19243 - reused_arena can pick an arena on the free list, leading to an assertion failure and reference count corruption
Summary: reused_arena can pick an arena on the free list, leading to an assertion fail...
Status: RESOLVED FIXED
Alias: None
Product: glibc
Classification: Unclassified
Component: malloc (show other bugs)
Version: 2.23
: P1 normal
Target Milestone: 2.23
Assignee: Florian Weimer
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-11-13 20:42 UTC by Florian Weimer
Modified: 2016-11-12 06:46 UTC (History)
1 user (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:
fweimer: security-


Attachments
bug19243.c (1.39 KB, text/plain)
2015-11-16 20:18 UTC, Florian Weimer
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Florian Weimer 2015-11-13 20:42:16 UTC
If reused_arena picks an arena on the free list (which means that arena_get2 did not see it yet, and there was a concurrent thread exit, updating the free list), it will increase the thread reference count of the arena.  At this point, this invariant in get_free_list no longer holds:

821		  /* Arenas on the free list are not attached to any thread.  */
822		  assert (result->attached_threads == 0);

Therefore, the assert is incorrect.  I am not sure if we should simply remove it and not change anything, or if we should change reused_arena to avoid this race condition.
Comment 1 Florian Weimer 2015-11-13 20:43:42 UTC
This was introduced by the fix for bug 19048.
Comment 2 Florian Weimer 2015-11-16 20:18:30 UTC
Created attachment 8787 [details]
bug19243.c

Preliminary test case.

The real one will have to scale the number of threads based on available arenas.  Based on my experiments, the outer thread count should be equal to the maximum number of arenas, the inner thread count should be three, and the timeout can be fairly low (running the test for 5 seconds should suffice).
Comment 3 Florian Weimer 2015-11-17 12:40:18 UTC
It's not just an incorrect assert.  If the bug triggers, the attached threads counter will be incorrect.
Comment 4 Sourceware Commits 2015-12-16 11:46:45 UTC
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  3da825ce483903e3a881a016113b3e59fd4041de (commit)
      from  f1aceee39289f97a420126c58007eba77fb2dd30 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3da825ce483903e3a881a016113b3e59fd4041de

commit 3da825ce483903e3a881a016113b3e59fd4041de
Author: Florian Weimer <fweimer@redhat.com>
Date:   Wed Dec 16 12:39:48 2015 +0100

    malloc: Fix attached thread reference count handling [BZ #19243]
    
    reused_arena can increase the attached thread count of arenas on the
    free list.  This means that the assertion that the reference count is
    zero is incorrect.  In this case, the reference count initialization
    is incorrect as well and could cause arenas to be put on the free
    list too early (while they still have attached threads).
    
    	* malloc/arena.c (get_free_list): Remove assert and adjust
    	reference count handling.  Add comment about reused_arena
    	interaction.
    	(reused_arena): Add comments abount get_free_list interaction.
    	* malloc/tst-malloc-thread-exit.c: New file.
    	* malloc/Makefile (tests): Add tst-malloc-thread-exit.
    	(tst-malloc-thread-exit): Link against libpthread.

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog                       |   11 ++
 malloc/Makefile                 |    4 +-
 malloc/arena.c                  |   12 ++-
 malloc/tst-malloc-thread-exit.c |  217 +++++++++++++++++++++++++++++++++++++++
 4 files changed, 239 insertions(+), 5 deletions(-)
 create mode 100644 malloc/tst-malloc-thread-exit.c
Comment 5 Florian Weimer 2015-12-16 11:47:40 UTC
Fixed for 2.23.
Comment 6 Sourceware Commits 2016-02-18 18:09:58 UTC
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The annotated tag, glibc-2.23 has been created
        at  10ed3a0ffbb43ce0b0739da4addc747733be5e63 (tag)
   tagging  ab30899d880f9741a409cbc0d7a28399bdac21bf (commit)
  replaces  glibc-2.22
 tagged by  Adhemerval Zanella
        on  Thu Feb 18 16:04:58 2016 -0200

- Log -----------------------------------------------------------------
The GNU C Library
=================

The GNU C Library version 2.23 is now available.

The GNU C Library is used as *the* C library in the GNU system and
in GNU/Linux systems, as well as many other systems that use Linux
as the kernel.

The GNU C Library is primarily designed to be a portable
and high performance C library.  It follows all relevant
standards including ISO C11 and POSIX.1-2008.  It is also
internationalized and has one of the most complete
internationalization interfaces known.

The GNU C Library webpage is at http://www.gnu.org/software/libc/

Packages for the 2.23 release may be downloaded from:
        http://ftpmirror.gnu.org/libc/
        http://ftp.gnu.org/gnu/libc/

The mirror list is at http://www.gnu.org/order/ftp.html

NEWS for version 2.23
=====================

* Unicode 8.0.0 Support: Character encoding, character type info, and
  transliteration tables are all updated to Unicode 8.0.0, using new
  and/or improved generator scripts contributed by Mike FABIAN (Red Hat).
  These updates cause user visible changes, such as the fixes for bugs
  89, 16061, and 18568.

* sched_setaffinity, pthread_setaffinity_np no longer attempt to guess the
  kernel-internal CPU set size.  This means that requests that change the
  CPU affinity which failed before (for example, an all-ones CPU mask) will
  now succeed.  Applications that need to determine the effective CPU
  affinities need to call sched_getaffinity or pthread_getaffinity_np after
  setting it because the kernel can adjust it (and the previous size check
  would not detect this in the majority of cases).

* The fts.h header can now be used with -D_FILE_OFFSET_BITS=64.  With LFS
  the following new symbols are used: fts64_children, fts64_close,
  fts64_open, fts64_read and fts64_set.

* getaddrinfo now detects certain invalid responses on an internal netlink
  socket.  If such responses are received, an affected process will
  terminate with an error message of "Unexpected error <number> on netlink
  descriptor <number>" or "Unexpected netlink response of size <number> on
  descriptor <number>".  The most likely cause for these errors is a
  multi-threaded application which erroneously closes and reuses the netlink
  file descriptor while it is used by getaddrinfo.

* A defect in the malloc implementation, present since glibc 2.15 (2012) or
  glibc 2.10 via --enable-experimental-malloc (2009), could result in the
  unnecessary serialization of memory allocation requests across threads.
  The defect is now corrected.  Users should see a substantial increase in
  the concurent throughput of allocation requests for applications which
  trigger this bug.  Affected applications typically create create and
  destroy threads frequently.  (Bug 19048 was reported and analyzed by
  Ericsson.)

* There is now a --disable-timezone-tools configure option for disabling the
  building and installing of the timezone related utilities (zic, zdump, and
  tzselect).  This is useful for people who build the timezone data and code
  independent of the GNU C Library.

* The obsolete header <regexp.h> has been removed.  Programs that require
  this header must be updated to use <regex.h> instead.

* The obsolete functions bdflush, create_module, get_kernel_syms,
  query_module and uselib are no longer available to newly linked binaries;
  the header <sys/kdaemon.h> has been removed.  These functions and header
  were specific to systems using the Linux kernel and could not usefully be
  used with the GNU C Library on systems with version 2.6 or later of the
  Linux kernel.

* Optimized string, wcsmbs and memory functions for IBM z13.
  Implemented by Stefan Liebler.

* Newly linked programs that define a variable called signgam will no longer
  have it set by the lgamma, lgammaf and lgammal functions.  Programs that
  require signgam to be set by those functions must ensure that they use the
  variable provided by the GNU C Library and declared in <math.h>, without
  defining their own copy.

* The minimum GCC version that can be used to build this version of the GNU
  C Library is GCC 4.7.  Older GCC versions, and non-GNU compilers, can
  still be used to compile programs using the GNU C Library.

Security related changes:

* An out-of-bounds value in a broken-out struct tm argument to strftime no
  longer causes a crash.  Reported by Adam Nielsen.  (CVE-2015-8776)

* The LD_POINTER_GUARD environment variable can no longer be used to disable
  the pointer guard feature.  It is always enabled.  Previously,
  LD_POINTER_GUARD could be used to disable security hardening in binaries
  running in privileged AT_SECURE mode.  Reported by Hector Marco-Gisbert.
  (CVE-2015-8777)

* An integer overflow in hcreate and hcreate_r could lead to an
  out-of-bounds memory access.  Reported by Szabolcs Nagy.  (CVE-2015-8778)

* The catopen function no longer has unbounded stack usage.  Reported by
  Max.  (CVE-2015-8779)

* The nan, nanf and nanl functions no longer have unbounded stack usage
  depending on the length of the string passed as an argument to the
  functions.  Reported by Joseph Myers.  (CVE-2014-9761)

* A stack-based buffer overflow was found in libresolv when invoked from
  libnss_dns, allowing specially crafted DNS responses to seize control
  of execution flow in the DNS client.  The buffer overflow occurs in
  the functions send_dg (send datagram) and send_vc (send TCP) for the
  NSS module libnss_dns.so.2 when calling getaddrinfo with AF_UNSPEC
  family.  The use of AF_UNSPEC triggers the low-level resolver code to
  send out two parallel queries for A and AAAA.  A mismanagement of the
  buffers used for those queries could result in the response of a query
  writing beyond the alloca allocated buffer created by
  _nss_dns_gethostbyname4_r.  Buffer management is simplified to remove
  the overflow.  Thanks to the Google Security Team and Red Hat for
  reporting the security impact of this issue, and Robert Holiday of
  Ciena for reporting the related bug 18665. (CVE-2015-7547)

The following bugs are resolved with this release:

  [89] localedata: Locales nb_NO and nn_NO should transliterate æøå
  [887] math: Math library function "logb" and "nextafter" inconsistent
  [2542] math: Incorrect return from float gamma (-0X1.FA471547C2FE5P+1)
  [2543] math: Incorrect return from float gamma (-0X1.9260DCP+1)
  [2558] math: Incorrect return from double gamma (-0X1.FA471547C2FE5P+1)
  [2898] libc: [improve]  warning: the use  of `mktemp' is dangerous, better
    use `mkstemp'
  [4404] localedata: German translation of "Alarm clock" is misleading
  [6799] math: nextafter() and nexttoward() doen't set errno on
    overflow/underflow errors
  [6803] math: scalb(), scalbln(), scalbn() do not set errno on
    overflow/underflow
  [10432] nis: _nss_nis_setnetgrent assertion failure
  [11460] libc: fts has no LFS support
  [12926] network: getaddrinfo()/make_request() may spin forever
  [13065] nptl: Race condition in pthread barriers
  [13690] nptl: pthread_mutex_unlock potentially cause invalid access
  [14341] dynamic-link: Dynamic linker crash when DT_JMPREL and DT_REL{,A}
    are not contiguous
  [14551] math: [ldbl-128ibm] strtold overflow handling for IBM long double
  [14912] libc: Rename non-installed bits/*.h headers
  [15002] libc: Avoid undefined behavior in posix_fallocate overflow check
  [15367] math: Let gcc use __builtin_isinf
  [15384] math: One constant fewer in ieee754/dbl-64/wordsize-64/s_finite.c
  [15421] math: lgamma wrongly sets signgam for ISO C
  [15470] math: [arm] On ARM llrintl() and llroundl() do not raise
    FE_INVALID with argument out of range
  [15491] math: [i386/x86_64] x86 nearbyint implementations wrongly clear
    all exceptions
  [15786] dynamic-link: ifunc resolver functions can smash function
    arguments
  [15918] math: Unnecessary check for equality in hypotf()
  [16061] localedata: Review / update transliteration data
  [16068] math: [i386/x86_64] x86 and x86_64 fesetenv exclude state they
    should include
  [16141] time: strptime %z offset restriction
  [16171] math: drem should be alias of remainder
  [16296] math: fegetround is pure?
  [16347] math: [ldbl-128ibm] ldbl-128/e_lgammal_r.c may not be suitable.
  [16364] libc: sleep may leave SIGCHLD blocked on sync cancellation on
    GNU/Linux
  [16399] math: [mips] lrint / llrint / lround / llround missing exceptions
  [16415] math: Clean up ldbl-128 / ldbl-128ibm expm1l for large positive
    arguments
  [16422] math: [powerpc] math-float, math-double failing llrint tests with
    "Exception "Inexact" set" on ppc32
  [16495] localedata: nl_NL: date_fmt: shuffle year/month around
  [16517] math: Missing underflow exception from tanf/tan/tanl
  [16519] math: Missing underflow exception from sinhf
  [16520] math: Missing underflow exception from tanhf
  [16521] math: Missing underflow exception from exp2
  [16620] math: [ldbl-128ibm] exp10l spurious overflows / bad directed
    rounding results
  [16734] stdio: fopen calls mmap to allocate its buffer
  [16961] math: nan function incorrect handling of bad sequences
  [16962] math: nan function unbounded stack allocation (CVE-2014-9761)
  [16973] localedata: Fix lang_lib/lang_term as per ISO 639-2
  [16985] locale: localedef: confusing error message when opening output
    fails
  [17118] math: ctanh(INFINITY + 2 * I) returns incorrect value
  [17197] locale: Redundant shift character in iconv conversion output at
    block boundary
  [17243] libc: trunk/posix/execl.c:53: va_args problem ?
  [17244] libc: trunk/sysdeps/unix/sysv/linux/semctl.c:116: va_args muxup ?
  [17250] dynamic-link: static linking breaks nss loading
    (getaddrinfo/getpwnam/etc...)
  [17404] libc: atomic_exchange_rel lacking a barrier on MIPS16, GCC before
    4.7?
  [17441] math: isnan() should use __builtin_isnan() in GCC
  [17514] nptl: Assert failure unlocking ERRORCHECK mutex after timedlock
    (related to lock elision)
  [17787] manual: Exponent on page 324 of the PDF ends prematurely
  [17886] time: strptime should be able to parse "Z" as a timezone with %z
  [17887] time: strptime should be able to parse "+01:00" style timezones
  [17905] libc: catopen() Multiple unbounded stack allocations
    (CVE-2015-8779)
  [18084] libc: backtrace (..., 0) dumps core on x86
  [18086] libc: nice() sets errno to 0 on success
  [18240] libc: hcreate, hcreate_r should fail with ENOMEM if element count
    is too large (CVE-2015-8778)
  [18251] dynamic-link: SONAME missing when audit modules provides path
  [18265] libc: add attributes for wchar string and memory functions
  [18370] math: csqrt missing underflows
  [18421] libc: [hppa] read-only segment has dynamic relocations
  [18472] libc: Obsolete syscall wrappers should be compat symbols
  [18480] libc: hppa glibc miscompilation in sched_setaffinity()
  [18491] localedata: Update tr_TR LC_CTYPE as part of Unicode updates
  [18525] localedata: Remove locale timezone information
  [18560] libc: [powerpc] spurious bits/ipc.h definitions
  [18568] localedata: Update locale data to Unicode 8.0
  [18589] locale: sort-test.sh fails at random
  [18595] math: ctan, ctanh missing underflows
  [18604] libc: assert macro-expands its argument
  [18610] math: S390: fetestexcept() reports any exception if DXC-code
    contains a vector instruction exception.
  [18611] math: j1, jn missing errno setting on underflow
  [18618] localedata: sync Chechen locale definitions with other *_RU
    locales
  [18647] math: powf(-0x1.000002p0, 0x1p30) returns 0 instead of +inf
  [18661] libc: Some x86-64 assembly codes don't align stack to 16 bytes
  [18665] network: In send_dg, the recvfrom function is NOT always using the
    buffer size of a newly created buffer (CVE-2015-7547)
  [18674] libc: [i386] trunk/sysdeps/i386/tst-auditmod3b.c:84: possible
    missing break ?
  [18675] libc: fpathconf(_PC_NAME_MAX) fails against large filesystems for
    32bit processes
  [18681] libc: regexp.h is obsolete and buggy, and should be desupported
  [18699] math: tilegx cproj() for various complex infinities does not yield
    infinity
  [18724] libc: Harden put*ent functions against data injection
  [18743] nptl: PowerPC: findutils testcase fails with --enable-lock-elision
  [18755] build: build errors with -DNDEBUG
  [18757] stdio: fmemopen fails to set errno on failure
  [18778] dynamic-link: ld.so crashes if failed dlopen causes libpthread to
    be forced unloaded
  [18781] libc: openat64 lacks O_LARGEFILE
  [18787] libc: [hppa] sysdeps/unix/sysv/linux/hppa/bits/atomic.h:71:6:
    error: can’t find a register in class ‘R1_REGS’ while reloading ‘asm’
  [18789] math: [ldbl-128ibm] sinhl inaccurate near 0
  [18790] math: [ldbl-128ibm] tanhl inaccurate
  [18795] libc: stpncpy fortification misses buffer lengths that are
    statically too large
  [18796] build: build fails for --disable-mathvec
  [18803] math: hypot missing underflows
  [18820] stdio: fmemopen may leak memory on failure
  [18823] math: csqrt spurious underflows
  [18824] math: fma spurious underflows
  [18825] math: pow missing underflows
  [18857] math: [ldbl-128ibm] nearbyintl wrongly uses signaling comparisons
  [18868] nptl: pthread_barrier_init typo has in-theory-undefined behavior
  [18870] build: sem_open.c fails to compile with missing symbol
    FUTEX_SHARED
  [18872] stdio: Fix memory leak in printf_positional
  [18873] libc: posix_fallocate overflow check ineffective
  [18875] math: Excess precision leads incorrect libm
  [18877] libc: arm: mmap offset regression
  [18887] libc: memory corruption when using getmntent on blank lines
  [18918] localedata: hu_HU: change time to HH:MM:SS format
  [18921] libc: Regression: extraneous stat() and fstat() performed by
    opendir()
  [18928] dynamic-link: LD_POINTER_GUARD is not ignored for privileged
    binaries (CVE-2015-8777)
  [18951] math: tgamma missing underflows
  [18952] math: [ldbl-128/ldbl-128ibm] lgammal spurious "invalid", incorrect
    signgam
  [18953] localedata: lt_LT: change currency symbol to the euro
  [18956] math: powf inaccuracy
  [18961] math: [i386] exp missing underflows
  [18966] math: [i386] exp10 missing underflows
  [18967] math: math.h XSI POSIX namespace (gamma, isnan, scalb)
  [18969] build: multiple string test failures due to missing locale
    dependencies
  [18970] libc: Reference of pthread_setcancelstate in libc.a
  [18977] math: float / long double Bessel functions not in XSI POSIX
  [18980] math: i386 libm functions return with excess range and precision
  [18981] math: i386 scalb*, ldexp return with excess range and precision
  [18982] stdio: va_list and vprintf
  [18985] time: Passing out of range data to strftime() causes a segfault
    (CVE-2015-8776)
  [19003] math: [x86_64] fma4 version of pow inappropriate contraction
  [19007] libc: FAIL: elf/check-localplt with -z now and binutils 2.26
  [19012] locale: iconv_open leaks memory on error path
  [19016] math: clog, clog10 inaccuracy
  [19018] nptl: Mangle function pointers in tls_dtor_list
  [19032] math: [i386] acosh (-qNaN) spurious "invalid" exception
  [19046] math: ldbl-128 / ldbl-128ibm lgamma bad overflow handling
  [19048] malloc: malloc: arena free list can become cyclic, increasing
    contention
  [19049] math: [powerpc] erfc incorrect zero sign
  [19050] math: [powerpc] log* incorrect zero sign
  [19058] math: [x86_64] Link fail with -fopenmp and -flto
  [19059] math: nexttoward overflow incorrect in non-default rounding modes
  [19071] math: ldbl-96 lroundl incorrect just below powers of 2
  [19074] network: Data race in _res_hconf_reorder_addrs
  [19076] math: [ldbl-128ibm] log1pl (-1) wrong sign of infinity
  [19077] math: [ldbl-128ibm] logl (1) incorrect sign of zero result
  [19078] math: [ldbl-128ibm] expl overflow incorrect in non-default
    rounding modes
  [19079] math: dbl-64/wordsize-64 lround based on llround incorrect for
    ILP32
  [19085] math: ldbl-128 lrintl, lroundl missing exceptions for 32-bit long
  [19086] manual: posix_fallocate64 documented argument order is wrong.
  [19088] math: lround, llround missing exceptions close to overflow
    threshold
  [19094] math: lrint, llrint missing exceptions close to overflow threshold
  [19095] math: dbl-64 lrint incorrect for 64-bit long
  [19122] dynamic-link: Unnecessary PLT relocations in librtld.os
  [19124] dynamic-link: ld.so failed to build with older assmebler
  [19125] math: [powerpc32] llroundf, llround incorrect exceptions
  [19129] dynamic-link: [arm] Concurrent lazy TLSDESC resolution can crash
  [19134] math: [powerpc32] lround, lroundf spurious exceptions
  [19137] libc: i386/epoll_pwait.S doesn't support cancellation
  [19143] nptl: Remove CPU set size checking from sched_setaffinity,
    pthread_setaffinity_np
  [19156] math: [ldbl-128] j0l spurious underflows
  [19164] nptl: tst-getcpu fails with many possible CPUs
  [19168] math: math/test-ildoubl and math/test-ldouble failure
  [19174] nptl: PowerPC: TLE enabled pthread mutex performs poorly.
  [19178] dynamic-link: ELF_RTYPE_CLASS_EXTERN_PROTECTED_DATA confuses
    prelink
  [19181] math: [i386/x86_64] fesetenv (FE_DFL_ENV), fesetenv
    (FE_NOMASK_ENV) do not clear SSE exceptions
  [19182] malloc: malloc deadlock between ptmalloc_lock_all and
    _int_new_arena/reused_arena
  [19189] math: [ldbl-128] log1pl (-qNaN) spurious "invalid" exception
  [19201] math: dbl-64 remainder incorrect sign of zero result
  [19205] math: bits/math-finite.h conditions do not match math.h and
    bits/mathcalls.h
  [19209] math: bits/math-finite.h wrongly maps ldexp to scalbn
  [19211] math: lgamma functions do not set signgam for -ffinite-math-only
    for C99-based standards
  [19212] libc: features.h not -Wundef clean
  [19213] math: [i386/x86_64] log* (1) incorrect zero sign for -ffinite-
    math-only
  [19214] libc: Family and model identification for AMD CPU's are incorrect.
  [19219] libc: GLIBC build fails for ia64 with missing __nearbyintl
  [19228] math: [powerpc] nearbyint wrongly clears "inexact", leaves traps
    disabled
  [19235] math: [powerpc64] lround, lroundf, llround, llroundf spurious
    "inexact" exceptions
  [19238] math: [powerpc] round, roundf spurious "inexact" for integer
    arguments
  [19242] libc: strtol incorrect in Turkish locales
  [19243] malloc: reused_arena can pick an arena on the free list, leading
    to an assertion failure and reference count corruption
  [19253] time: tzset() ineffective when temporary TZ did not include DST
    rules
  [19266] math: strtod ("NAN(I)") incorrect in Turkish locales
  [19270] math: [hppa] Shared libm missing __isnanl
  [19285] libc: [hppa] sysdeps/unix/sysv/linux/hppa/bits/mman.h: missing
    MAP_HUGETLB and MAP_STACK defines
  [19313] nptl: Wrong __cpu_mask for x32
  [19347] libc: grantpt: try to force a specific gid even without pt_chown
  [19349] math: [ldbl-128ibm] tanhl inaccurate for small arguments
  [19350] math: [ldbl-128ibm] sinhl spurious overflows
  [19351] math: [ldbl-128ibm] logl inaccurate near 1
  [19363] time: x32: times() return value wrongly truncates/sign extends
    from 32bit
  [19367] dynamic-link: Improve branch prediction on Silvermont
  [19369] network: Default domain name not reset by res_ninit when "search"
    / "domain" entry is removed from resolv.conf
  [19375] math: powerpc: incorrect results for POWER7 logb with negative
    subnormals
  [19385] localedata: bg_BG: time separator should be colon, not comma
  [19408] libc: linux personality syscall wrapper may erroneously return an
    error on 32-bit architectures
  [19415] libc: dladdr returns wrong names on hppa
  [19432] libc: iconv rejects redundant escape sequences in IBM900, IBM903,
    IBM905, IBM907, and IBM909
  [19439] math: Unix98 isinf and isnan functions conflict with C++11
  [19443] build: build failures with -DDEBUG
  [19451] build: Make check fails on test-double-vlen2
  [19462] libc: Glibc failed to build with -Os
  [19465] math: Wrong code with -Os
  [19466] time: time/tst-mktime2.c is compiled into an infinite loop with
    -Os
  [19467] string: Fast_Unaligned_Load needs to be enabled for Excavator core
    CPU's.
  [19475] libc: Glibc 2.22 doesn't build on sparc [PATCH]
  [19486] math: S390: Math tests fail with "Exception Inexact set".
  [19529] libc: [ARM]: FAIL: stdlib/tst-makecontext
  [19550] libc: [mips] mmap negative offset handling inconsistent with other
    architectures
  [19590] math: Fail to build shared objects that use libmvec.so functions.

Contributors
============

This release was made possible by the contributions of many people.
The maintainers are grateful to everyone who has contributed
changes or bug reports.  These include:

Adhemerval Zanella
Alan Modra
Amit Pawar
Andreas Schwab
Andrew Bennett
Andrew Senkevich
Andrew Stubbs
Anton Blanchard
Arjun Shankar
Arslanbek Astemirov
Aurelien Jarno
Brett Neumeier
Carlos Eduardo Seo
Carlos O'Donell
Chris Metcalf
Chung-Lin Tang
Damyan Ivanov
Daniel Marjamäki
David Kastrup
David Lamparter
David S. Miller
Dmitry V. Levin
Egmont Koblinger
Evert
Flavio Cruz
Florian Weimer
Gabriel F. T. Gomes
Geoffrey Thomas
Gleb Fotengauer-Malinovskiy
Gunnar Hjalmarsson
H.J. Lu
Helge Deller
James Perkins
John David Anglin
Joseph Myers
Justus Winter
Khem Raj
Ludovic Courtès
Maciej W. Rozycki
Manolis Ragkousis
Marcin Kościelnicki
Mark Wielaard
Marko Myllynen
Martin Sebor
Maxim Ostapenko
Mike FABIAN
Mike Frysinger
Namhyung Kim
Ondrej Bilka
Ondřej Bílka
Paul E. Murphy
Paul Eggert
Paul Murphy
Paul Pluzhnikov
Petar Jovanovic
Phil Blundell
Rajalakshmi Srinivasaraghavan
Rasmus Villemoes
Richard Henderson
Rob Wu
Roland McGrath
Samuel Thibault
Siddhesh Poyarekar
Stan Shebs
Stefan Liebler
Steve Ellcey
Szabolcs Nagy
Thomas Schwinge
Torvald Riegel
Tulio Magno Quites Machado Filho
Vincent Bernat
Wilco Dijkstra
Zack Weinberg
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAABCAAGBQJWxgfKAAoJEPpQRMoru+a1Hj0P/0urXX1af98BQBApibOYj0E9
j1hQT0+WFrCSY45kjZY8uHwhbW0IkR5zztnUVMJ0dFM67tnIiKArxF6hS6qSef/c
7q1xeVdiEj4RpiZYeiYB2OKEXr09FAMC91Htn9pFQXeiePkcIDSXZ4WNsOSbJwAI
8eWh4/Q5MZMEreFIKJxI3LJQQAzBjXtpT7WNp0yawMDajX3mqAc011Xqq0aNL8a3
Uh5Y7dw7LfyvNHdEOaXnOX9CPdflKK86vHLBEWIksMN8Igd+2fAs9nIGw0gPJ+25
gLxnss4jvb2svS0hnsneFsR1E+Ro3f81DBEf9I96kH+uhsquoUts34HvBIZPsqNZ
emdWLxwjUKv27cNeK86H2RvRMUKf10UayIOaYBB8cUMfq/FRvqSH6GwTMBtKUeEC
Pgs/wclmyg1ZFHPdHppNYAF8p4HCkkwNduTA6xUpOjL72Tn7yh4nwK3hX9nu9osU
yh1F7UqAnm/yJAeGcQZSa9PMg2fuGWc1YycCkYDAMDl2qTNXG5xMlut5HySxDysE
SPCmi+JzgP8JCOb4NZ+31vNUR60t+FXACmTCqFp9bs6xoUZnY9RMNAEBStFXWrev
w+8WlHC8dYjSJnjcHyGyx0CSqLfCodT0gW1zg8+EDv7EXnAwvWLGKdcKvl2tpkwg
J46W6DhHwprOjfQQ0dyn
=Zx43
-----END PGP SIGNATURE-----

Adhemerval Zanella (18):
      arm: Assembly implementation cleanup
      powerpc: Fix strstr/power7 build
      powerpc: Fix strnlen/power7 build
      powerpc: Use default strcpy optimization for POWER7
      powerpc: Fix PPC64/POWER7 conform tests
      Fix wordsize-32 mmap offset for negative value (BZ#18877)
      Mark lseek/llseek as non-cancellable
      nptl: Add NPTL cases for cancellation failures cases
      Cleanup sync_file_range implementation
      Fix nearbyintl linkage for ia64 (bug 19219)
      Remove signal handling for nanosleep (bug 16364)
      nptl: Fix racy pipe closing in tst-cancel{20,21}
      Fix POWER7 logb results for negative subnormals (bug 19375)
      Fix SYSCALL_CANCEL for empty argumetns
      powerpc: Regenerate libm-test-ulps
      Fix isinf/isnan declaration conflict with C++11
      Update NEWS with fixed bugs for 2.23 release
      Update version.h and include/features.h for 2.23 release

Alan Modra (1):
      hppa: start.S: rework references to fix PIE TEXTRELs [BZ #18421]

Amit Pawar (1):
      Set index_Fast_Unaligned_Load for Excavator family CPUs

Andreas Schwab (17):
      Properly terminate FDE in makecontext for m68k (bug 18635)
      Remove unused variables from timezone/Makefile
      Readd O_LARGEFILE flag for openat64 (bug 18781)
      Remove unused definition of __openat(64)_nocancel
      Add version set GLIBC_2.19 for linux/powerpc
      Remove __ASSUME_IPC64
      Terminate FDE before return trampoline in makecontext for powerpc (bug 18635)
      Add missing va_end calls (bug 17243)
      Remove extra va_start/va_end calls (bug 17244)
      Restore sparc64 implementation of semctl
      Add dependencies on needed locales in each subdir tests (bug 18969)
      Add bug reference
      Always use INTERNAL_SYSCALL_ERRNO with INTERNAL_SYSCALL
      Don't emit invalid extra shift character at block boundary by iconv (bug 17197)
      Force rereading TZDEFRULES after it was used to set DST rules only (bug #19253)
      Don't do lock elision on an error checking mutex (bug 17514)
      Remove unused variables

Andrew Bennett (1):
      MIPS: Only use .set mips* assembler directives when necessary

Andrew Senkevich (10):
      [BZ #18796]
      Mention BZ #18796 fix in NEWS.
      Better workaround for aliases of *_finite symbols in vector math library.
      Corrected path to installed libmvec_nonshared.a
      Utilize x86_64 vector math functions w/o -fopenmp.
      Added memset optimized with AVX512 for KNL hardware.
      Added memcpy/memmove family optimized with AVX512 for KNL hardware.
      Fixed typos in __memcpy_chk.
      Fixed build with assembler w/o AVX-512 support.
      Use PIC relocation in ALIAS_IMPL

Andrew Stubbs (1):
      longlong: add SH FDPIC support

Anton Blanchard (1):
      Eliminate redundant sign extensions in pow()

Arjun Shankar (1):
      Modify several tests to use test-skeleton.c

Arslanbek Astemirov (1):
      locales/ce_RU: sync with other *_RU locales

Aurelien Jarno (6):
      Fix grantpt basename namespace bug
      mips: fix testsuite build for O32 FPXX ABI on pre-R2 CPU
      grantpt: trust the kernel about pty group and permission mode
      Cleanup ARM ioperm implementation
      i386: move ULPs to i686/multiarch and regenerate new ones for i386
      Cleanup ARM ioperm implementation (step 2)

Brett Neumeier (1):
      Fix non-v9 32-bit sparc build.

Carlos Eduardo Seo (11):
      powerpc: Add missing hwcap strings.
      powerpc: make memchr use memchr-power7.
      powerpc: Fix memchr for powerpc32.
      powerpc: Sync hwcap.h with kernel
      powerpc: Fix compiler warning in some syscalls.
      Add AT_PLATFORM to _dl_aux_init ()
      powerpc: Provide __tls_get_addr () in static libc
      powerpc: Add hwcap/hwcap2/platform data to TCB.
      powerpc: Add basic support for POWER9 sans hwcap.
      powerpc: Export __parse_hwcap_and_convert_at_platform to libc.a.
      powerpc: Add hwcap2 bits for POWER9.

Carlos O'Donell (22):
      Open development for 2.23.
      Prevent check-local-headers.sh hang.
      Use ALIGN_DOWN in systrim.
      Use ALIGN_* macros in _dl_map_object_from_fd.
      Fix error messages in elf/tst-dlmopen1.c.
      Files open O_WRONLY not supported in fallocate emulation.
      Fix manual argument order for posix_fallocate64 (Bug 19086).
      malloc: Consistently apply trim_threshold to all heaps (Bug 17195)
      Add BZ#19086 to NEWS.
      strcoll: Remove incorrect STRDIFF-based optimization (Bug 18589).
      strcoll: Add bug-strcoll2 to testsuite (Bug 18589).
      Fix typo in bug-strcoll2 (Bug 18589)
      include/stap-probe.h: Fix formatting.
      Rename localedir to complocaledir (bug 14259).
      Comment on IBM930, IBM933, IBM935, IBM937, IBM939.
      Regenerate locale/C-translit.h.
      Update transliteration support to Unicode 7.0.0.
      Document best practice for disconnected NSS modules.
      Use $(PYTHON) to run benchtests python files.
      Ensure isinff, isinfl, isnanf, and isnanl are defined (Bug 19439)
      Update INSTALL with latest versions tested to work.
      CVE-2015-7547: getaddrinfo() stack-based buffer overflow (Bug 18665).

Chris Metcalf (7):
      tile: avoid preprocessor redefinition warnings
      tile: regenerate libm-test-ulps
      Update NEWS to mention drive-by fix for bug 18699.
      tile: define __NO_LONG_DOUBLE_MATH
      misc/tst-tsearch.c: bump up TIMEOUT to 10 seconds.
      math: add LDBL_CLASSIFY_COMPAT support
      Silence some false positive warnings for gcc 4.7

Chung-Lin Tang (1):
      Maintainence patch for nios2: update ULPS file and localplt.data changes.

Damyan Ivanov (1):
      localedata: bg_BG: use colon as time separator [BZ #19385]

Daniel Marjamäki (1):
      Updated __nonnull annotations for wcscat, wcsncat, wcscmp and wcsncmp [BZ #18265]

David Kastrup (1):
      Don't macro-expand failed assertion expression [BZ #18604]

David Lamparter (1):
      arm: setjmp/longjmp: fix PIC vs SHARED thinkos

David S. Miller (5):
      Update sparc ULPS.
      Fix missing __sqrtl_finite symbol in libm on sparc 32-bit.
      Adjust sparc 32-bit __sqrtl_finite version tag.
      Define __sqrtl_finite on sparc 32-bit with correct symbol version.
      Update localplt.data for 32-bit sparc.

Dmitry V. Levin (2):
      Fix getaddrinfo bug number in ChangeLog and NEWS files
      Fix linux personality syscall wrapper

Egmont Koblinger (1):
      hu_HU: change time separator to colon [BZ #18918]

Evert (1):
      localedata: nl_NL: date_fmt: rewrite to match standards [BZ #16495]

Flavio Cruz (1):
      Fix O_DIRECTORY lookup on trivial translators

Florian Weimer (42):
      nptl: Document crash due to incorrect use of locks
      Amend ChangeLog to reflect deletion of elf/tst-znodelete-zlib.cc
      Add test case for bug 18287
      Test in commit e07aabba73ea62e7dfa0512507c92efb851fbdbe is for bug 17079
      Fix inconsistent passwd compensation in nss/bug17079.c
      Harden putpwent, putgrent, putspent, putspent against injection [BZ #18724]
      Harden tls_dtor_list with pointer mangling [BZ #19018]
      nss_nis: Do not call malloc_usable_size [BZ #10432]
      Add a test case for C++11 thread_local support
      iconvdata: Add missing const to lookup table definitions
      Fix double-checked locking in _res_hconf_reorder_addrs [BZ #19074]
      Always enable pointer guard [BZ #18928]
      vfscanf: Use struct scratch_buffer instead of extend_alloca
      The va_list pointer is unspecified after a call to vfprintf [BZ #18982]
      Assume that SOCK_CLOEXEC is available and works
      vfprintf: Rewrite printf_positional to use struct scratch_buffer
      malloc: Rewrite with explicit TLS access using __thread
      sunrpc: Rewrite with explicit TLS access using __thread
      Use the CXX compiler only if it can create dynamic and static programs
      x86_64: Regenerate ulps [BZ #19168]
      malloc: Prevent arena free_list from turning cyclic [BZ #19048]
      _dl_fini: Rewrite to use VLA instead of extend_alloca
      Add bug 18604 to NEWS
      Remove a spurious attribution
      Add bug 18604 to the correct section
      Simplify the abilist format
      Terminate process on invalid netlink response from kernel [BZ #12926]
      ld.so: Add original DSO name if overridden by audit module [BZ #18251]
      Work around conflicting declarations of math functions
      Replace MUTEX_INITIALIZER with _LIBC_LOCK_INITIALIZER in generic code
      Implement "make update-all-abi"
      Remove CPU set size checking from affinity functions [BZ #19143]
      tst-res_hconf_reorder: Set RESOLV_REORDER environment variable
      Revert "tst-res_hconf_reorder: Set RESOLV_REORDER environment variable"
      Fix aliasing violation in tst-rec-dlopen
      malloc: Fix attached thread reference count handling [BZ #19243]
      malloc: Fix list_lock/arena lock deadlock [BZ #19182]
      malloc: Update comment for list_lock
      malloc: Test various special cases related to allocation failures
      Improve check against integer wraparound in hcreate_r [BZ #18240]
      hsearch_r: Apply VM size limit in test case
      NEWS: List additional fixed security bugs

Gabriel F. T. Gomes (3):
      PowerPC: Extend Program Priority Register support
      PowerPC: Fix operand prefixes
      PowerPC: Add comments to optimized strncpy

Geoffrey Thomas (1):
      pt_chown: Clear any signal mask inherited from the parent process.

Gleb Fotengauer-Malinovskiy (2):
      Mention mkdtemp as another secure alternative to mktemp
      malloc: remove redundant getenv call

Gunnar Hjalmarsson (1):
      lt_LT: change currency symbol to the euro [BZ #18953]

H.J. Lu (95):
      Also check dead->data[category] != NULL
      Compile {memcpy,strcmp}-sse2-unaligned.S only for libc
      Align stack to 16 bytes when calling __setcontext
      Align stack to 16 bytes when calling __gettimeofday
      Align stack to 16 bytes when calling __errno_location
      Add a missing break in tst-auditmod3b.c
      Add _dl_x86_cpu_features to rtld_global
      Update x86_64 multiarch functions for <cpu-features.h>
      Update i686 multiarch functions for <cpu-features.h>
      Update libmvec multiarch functions for <cpu-features.h>
      Update x86 elision-conf.c for <cpu-features.h>
      Don't include <cpuid.h> in elision-conf.h
      Check if cpuid is available in init_cpu_features
      Define HAS_CPUID/HAS_I586/HAS_I686 from -march=
      Also check __i586__/__i686__ for HAS_I586/HAS_I686
      Use x86-64 cacheinfo.c and sysconf.c for x86
      Call __setcontext with HIDDEN_JUMPTARGET
      Mark __xstatXX_conv as hidden
      Add BZ #14341 to NEWS
      Remove x86 init-arch.c
      Move x86_64 init-arch.h to sysdeps/x86/init-arch.h
      Remove the unused IFUNC files
      Add missing ChangeLog entry for the last commit
      Add INLINE_SYSCALL_RETURN/INLINE_SYSCALL_ERROR_RETURN
      Fix a typo in linux lxstat.c
      Revert "Fix a typo in linux lxstat.c"
      Revert "Add INLINE_SYSCALL_RETURN/INLINE_SYSCALL_ERROR_RETURN"
      Save and restore vector registers in x86-64 ld.so
      Replace %xmm8 with %xmm0
      Remove x86-64 rtld-xxx.c and rtld-xxx.S
      Replace %xmm[8-12] with %xmm[0-4]
      Don't run tst-getpid2 with LD_BIND_NOW=1
      Use SSE2 optimized strcmp in x86-64 ld.so
      Don't disable SSE in x86-64 ld.so
      Replace MEMPCPY_P/PIC with USE_AS_MEMPCPY/SHARED
      Replace BZERO_P/PIC with USE_AS_BZERO/SHARED
      Remove sysdeps/i386/i486/Versions
      Move i486/bits/atomic.h to bits/atomic.h
      Move i486/htonl.S to htonl.S
      Move i486/string-inlines.c to string-inlines.c
      Move i486/pthread_spin_trylock.S to pthread_spin_trylock.S
      Move i486/strcat.S to strcat.S
      Move i486/strlen.S to strlen.S
      Remove i486 subdirectory
      Add i386 memset and memcpy assembly functions
      Detect and select i586/i686 implementation at run-time
      Mention 15786 in NEWS
      Use __pthread_setcancelstate in libc.a
      Use __libc_ptf_call in _longjmp_unwind
      Remove ignored symbols from nptl/Versions
      Move sysdeps/unix/sysv/linux/i386/i486/*.? to i386
      Update lrint/lrintf/lrintl for x32
      Support x86-64 assmebler without AVX512
      Add INLINE_SYSCALL_ERROR_RETURN_VALUE
      Use INLINE_SYSCALL_ERROR_RETURN_VALUE
      Use INTERNAL_SYSCALL and INLINE_SYSCALL_ERROR_RETURN_VALUE
      Support PLT and GOT references in local PIC check
      Avoid PLT when calling __sched_getaffinity_new
      i386: Remove syscall assembly codes with 6 arguments
      Optimize i386 syscall inlining for GCC 5
      Remove i386/epoll_pwait.S
      Add comments for GCC 5 requirement
      Mark x86 _dl_unmap/_dl_make_tlsdesc_dynamic hidden
      Mark _wordcopy_XXX functions hidden
      Mark internal _dl_XXX functions hidden
      Mark internal _itoa functions hidden
      Mark _dl_catch_error hidden
      Mark internal dirent functions hidden
      Mark internal fcntl functions hidden
      Mark ld.so internel __profile_frequency hidden
      Mark internal setjmp functions hidden
      Mark ld.so internel sigaction functions hidden
      Mark ld.so internel stdlib functions hidden
      Mark ld.so internel string functions hidden
      Mark ld.so internel __uname hidden
      Mark ld.so internel __fxstatat64 hidden
      Apply -fomit-frame-pointer only to .o/.os files
      Disable GCC 5 optimization when PROF is defined
      Build i386 __libc_do_syscall when PROF is defined
      Keep only ELF_RTYPE_CLASS_{PLT|COPY} bits for prelink
      Add a test for prelink output
      Run tst-prelink test for GLOB_DAT reloc
      Update family and model detection for AMD CPUs
      Add __CPU_MASK_TYPE for __cpu_mask
      Enable Silvermont optimizations for Knights Landing
      Add Prefer_MAP_32BIT_EXEC to map executable pages with MAP_32BIT
      Add missing ChangeLog entries
      Add REGISTERS_CLOBBERED_BY_SYSCALL for x86-64
      Provide x32 times
      Mark ld.so internal mmap functions hidden in ld.so
      Mark internal unistd functions hidden in ld.so
      Update copyright dates committed in 2016
      Use TIME_T_MAX and TIME_T_MIN in tst-mktime2.c
      Call math_opt_barrier inside if
      Add _STRING_INLINE_unaligned and string_private.h

Helge Deller (1):
      hppa: Add MAP_HUGETLB and MAP_STACK defines [BZ #19285]

James Perkins (2):
      strptime %z: fix rounding, extend range to +/-9959 [BZ #16141]
      time/tst-strptime2.c: test full input range +/- 0-9999

John David Anglin (5):
      hppa: Fix reload error with atomic code [BZ #18787]
      hppa: Fix miscompilation of sched_setaffinity() [BZ #18480]
      hppa: Define __NO_LONG_DOUBLE_MATH so headers are consistent with libm build [BZ #19270]
      hppa: fix pthread spinlock
      hppa: fix dladdr [BZ #19415]

Joseph Myers (212):
      Fix powf (close to -1, large) (bug 18647).
      Fix sinh missing underflows (bug 16519).
      Fix tan missing underflows (bug 16517).
      Resort bug numbers in NEWS into ascending order.
      Fix ldbl-128ibm sinhl inaccuracy near 0 (bug 18789).
      Fix ldbl-128ibm tanhl inaccuracy (bug 18790).
      Add more tests of various libm functions.
      Fix tanh missing underflows (bug 16520).
      Add more random libm-test inputs.
      Fix fma spurious underflows (bug 18824).
      Fix csqrt spurious underflows (bug 18823).
      Fix MIPS -Wundef warnings for __mips_isa_rev.
      Fix -Wundef warnings in login/tst-utmp.c.
      Fix -Wundef warnings in elf/tst-execstack.c.
      Fix csqrt missing underflows (bug 18370).
      Fix uninitialized variable use in ldbl-128ibm nearbyintl.
      Don't use -Wno-uninitialized in math/.
      Don't use -Wno-error=undef.
      Don't use -Wno-strict-prototypes in timezone/.
      Note bug 10882 as having been fixed in 2.16.
      Note bug 14941 as having been fixed in 2.18.
      Add more TCP_* values to netinet/tcp.h.
      Add netinet/in.h values from Linux 4.2.
      Don't include <bits/stdio-lock.h> from installed <libio.h>.
      Don't install bits/libc-lock.h or bits/stdio-lock.h.
      Rename bits/libc-tsd.h to libc-tsd.h (bug 14912).
      Rename bits/m68k-vdso.h to m68k-vdso.h (bug 14912).
      Rename bits/stdio-lock.h to stdio-lock.h (bug 14912).
      Rename bits/linkmap.h to linkmap.h (bug 14912).
      Move bits/libc-lock.h and bits/libc-lockP.h out of bits/ (bug 14912).
      Fix lgamma (negative) inaccuracy (bug 2542, bug 2543, bug 2558).
      Add more randomly-generated libm tests.
      Fix ldbl-128/ldbl-128ibm lgamma spurious "invalid", incorrect signgam (bug 18952).
      Update libm-test-ulps for MIPS.
      Move bits/atomic.h to atomic-machine.h (bug 14912).
      Add more random libm test inputs (mainly for ldbl-128).
      Fix exp2 missing underflows (bug 16521).
      Fix i386 exp missing underflows (bug 18961).
      Fix i386 exp10 missing underflows (bug 18966).
      Simplify hypotf infinity handling (bug 15918).
      Fix ctan, ctanh missing underflows (bug 18595).
      Mark fegetround pure (bug 16296).
      Fix ldbl-128ibm nearbyintl use of signaling comparisons on NaNs (bug 18857).
      Fix math.h, tgmath.h XSI POSIX namespace (gamma, isnan, scalb) (bug 18967).
      Clean up ldbl-128 / ldbl-128ibm expm1l dead code (bug 16415).
      Update de.po from Translation Project (bug 4404).
      Make scalbn set errno (bug 6803).
      Don't declare float / long double Bessel functions for XSI POSIX (bug 18977).
      Fix tgamma missing underflows (bug 18951).
      Reduce number of constants in __finite* (bug 15384).
      Fix sign of zero part from ctan / ctanh when argument infinite (bug 17118).
      Test for weak undefined symbols in linknamespace.pl.
      Avoid excess range overflowing results from cosh, sinh, lgamma (bug 18980).
      Avoid excess range in results from i386 scalb functions (bug 18981).
      Avoid excess range in results from i386 exp, hypot, pow functions (bug 18980).
      Revert timezone/Makefile change.
      Use math_narrow_eval more consistently.
      Refactor code forcing underflow exceptions.
      Don't use volatile in exp2f.
      Fix x86_64 fma4 pow inappropriate contraction (bug 19003).
      Refactor i386 libm code forcing underflow exceptions.
      Use LOAD_PIC_REG in i386 atanh.
      Refactor x86_64 libm code forcing underflow exceptions.
      Fix hypot missing underflows (bug 18803).
      Use soft-fp fma for MicroBlaze (bug 13304).
      Use soft-fp fma for no-FPU ColdFire (bug 13304).
      Fix pow missing underflows (bug 18825).
      Fix powf inaccuracy (bug 18956).
      Fix clog, clog10 inaccuracy (bug 19016).
      Refine errno / "inexact" expectations in libm-test.inc.
      Improve test coverage of real libm functions [a-e]*.
      Fix i386 acosh (-qNaN) spurious "invalid" exception.
      Fix ldbl-128ibm exp10l spurious overflows (bug 16620).
      Use type-specific precision when printing results in libm-test.inc.
      Fix ldbl-128 / ldbl-128ibm lgamma overflow handling (bug 16347, bug 19046).
      Fix i386 build after put*ent hardening changes.
      Fix nexttoward overflow in non-default rounding modes (bug 19059).
      Work around powerpc32 integer 0 converting to -0 (bug 887, bug 19049, bug 19050).
      Don't list bug 887 as fixed for glibc 2.16.
      Fix ldbl-96 lroundl just below powers of 2 (bug 19071).
      Fix ldbl-128ibm log1pl (-1) sign of infinity (bug 19076).
      Fix ldbl-128ibm logl (1) sign of zero result (bug 19077).
      Add more scalb test expectations for "inexact" exception.
      Fix ldbl-128ibm expl overflow in non-default rounding modes (bug 19078).
      Remove scripts/rpm2dynsym.sh.
      Remove configure tests for SSE4 support.
      Use same test inputs for lrint and llrint.
      Add more tests of lrint, llrint, lround, llround.
      Don't use dbl-64/wordsize-64 lround based on llround for ILP32 (bug 19079).
      Use dbl-64/wordsize-64 for MIPS64.
      Fix ldbl-128 lrintl, lroundl missing exceptions for 32-bit long (bug 19085).
      Fix lround, llround missing exceptions close to overflow threshold (bug 19088).
      Remove configure tests for AVX support.
      Correct "inexact" expectations in lround, llround tests.
      Fix lrint, llrint missing exceptions close to overflow threshold (bug 19094).
      Fix dbl-64 lrint for 64-bit long (bug 19095).
      Remove configure tests for FMA4 support.
      Remove configure tests for -mno-vzeroupper support.
      Fix lrint, llrint, lround, llround missing exceptions for MIPS (bug 16399).
      Fix llrint, llround missing exceptions for ARM (bug 15470).
      Regenerate ARM libm-test-ulps.
      Regenerate MIPS libm-test-ulps.
      Fix powerpc32 llrint, llrintf bad exceptions (bug 16422).
      Move powerpc llround implementations to powerpc32 directory.
      Fix powerpc32 llround, llroundf exceptions (bug 19125).
      Fix powerpc32 lround, lroundf spurious exceptions (bug 19134).
      Remove stddef.h configure test.
      Remove -static-libgcc configure test.
      Remove .previous, .popsection configure tests.
      Remove assembler -mtune=i686 configure test.
      Do not leave files behind in /tmp from testing.
      Remove -fexceptions configure test.
      Remove sizeof (long double) configure test.
      Remove -Bgroup configure test.
      Remove NPTL configure errors based on top-level configure tests.
      Fix i386 build for lll_unlock_elision change.
      Convert 703 function definitions to prototype style.
      Add more tests for ceil, floor, round, trunc.
      Add more libm tests (fabs, fdim, fma, fmax, fmin, fmod).
      Convert 231 sysdeps function definitions to prototype style.
      Remove .weak, .weakext configure tests.
      Remove -fgnu89-inline configure test.
      Convert 69 more function definitions to prototype style (line wrap cases).
      Do not use -Wno-strict-prototypes.
      Remove gnu_unique_object configure test.
      Convert 24 more function definitions to prototype style (array parameters).
      Convert 29 more function definitions to prototype style (multiple parameters in one K&R parameter declaration).
      Convert 113 more function definitions to prototype style (files with assertions).
      Convert miscellaneous function definitions to prototype style.
      Add more libm tests (fmod, fpclassify, frexp, hypot, ilogb, j0, j1, jn, log, log10, log2).
      Convert a few more function definitions to prototype style.
      Use -Wold-style-definition.
      Fix ldbl-128 j0l spurious underflows (bug 19156).
      Make io/ftwtest-sh remove temporary files on early exit.
      Move io/tst-fcntl temporary file creation to do_prepare.
      Fix i386 / x86_64 nearbyint exception clearing (bug 15491).
      Fix j1, jn missing errno setting on underflow (bug 18611).
      Add more libm tests (ilogb, is*, j0, j1, jn, lgamma, log*).
      Remove libm-test.inc special-casing of errors up to 0.5 ulp.
      Remove configure test for assembler .text directive.
      Remove support for removing glibc 2.0 headers.
      Remove configure test for needing -P for .S files.
      Remove TLS configure tests.
      Require GCC 4.7 or later to build glibc.
      Use -std=c11 for C11 conform/ tests.
      Remove pre-GCC-4.7 conform/ test XFAILs.
      Remove sysdeps/nptl/configure.ac.
      Use -std=gnu11 instead of -std=gnu99.
      Add -std=gnu11 and -std=c11 NPTL initializers tests.
      Remove GCC version conditionals on -Wmaybe-uninitialized pragmas.
      Remove MIPS16 atomics using __sync_* (bug 17404).
      Remove configure test for ARM TLS descriptors support.
      Remove -mavx2 configure tests.
      Use C11 *_DECIMAL_DIG macros in libm-test.inc.
      Fix i386/x86_64 fesetenv SSE exception clearing (bug 19181).
      Use C11 *_TRUE_MIN macros where applicable.
      Use C11 CMPLX* macros in libm tests.
      Handle more state in i386/x86_64 fesetenv (bug 16068).
      Use max_align_t from <stddef.h>.
      Remove configure tests for visibility support.
      Remove cpuid.h configure tests.
      Make drem an alias of remainder (bug 16171).
      Do not test sign of zero result from infinite argument to Bessel functions.
      Fix ldbl-128 log1pl (-qNaN) spurious "invalid" exception (bug 19189).
      Remove init_array / fini_array configure test.
      Make nextafter, nexttoward set errno (bug 6799).
      Fix dbl-64 remainder sign of zero result (bug 19201).
      Add more libm tests (modf, nearbyint, nextafter, nexttoward, pow, remainder, remquo, rint).
      Remove --no-whole-archive configure test.
      Add more libm tests (scalb*, signbit, sin, sincos, sinh, sqrt, tan, tanh, tgamma, y0, y1, yn, significand).
      Refactor libm-test inline tests disabling.
      Remove miscellaneous GCC >= 4.7 version conditionals.
      Make bits/math-finite.h conditions match other headers (bug 19205).
      Don't redirect ldexp to scalbn in bits/math-finite.h (bug 19209).
      Fix features.h for -Wundef (bug 19212).
      Fix finite-math-only lgamma functions signgam setting (bug 19211).
      Fix i386/x86_64 log* (1) zero sign for -ffinite-math-only (bug 19213).
      Add script to list fixed bugs for the NEWS file.
      Run libm-test tests for finite-math-only functions.
      Remove configure tests for some linker -z options.
      Fix typo in signgam test messages.
      Add more tests of pow.
      Fix powerpc nearbyint wrongly clearing "inexact" and leaving traps disabled (bug 19228).
      Fix powerpc64 lround, lroundf, llround, llroundf spurious "inexact" exceptions (bug 19235).
      Fix powerpc round, roundf spurious "inexact" (bug 19238).
      Fix ldbl-128ibm strtold overflow handling (bug 14551).
      Fix lgamma setting signgam for ISO C (bug 15421).
      Fix math_private.h multiple include guards.
      Fix strtol in Turkish locales (bug 19242).
      Update <netpacket/packet.h> for Linux 4.3.
      Update <sys/ptrace.h> for Linux 4.3.
      Fix strtod ("NAN(I)") in Turkish locales (bug 19266).
      Refactor strtod parsing of NaN payloads.
      Use hex float constants in sysdeps/ieee754/dbl-64/e_sqrt.c.
      Fix nan functions handling of payload strings (bug 16961, bug 16962).
      Use direct socket syscalls for new kernels on i386, m68k, microblaze, sh.
      Fix ldbl-128ibm tanhl inaccuracy for small arguments (bug 19349).
      Fix ldbl-128ibm sinhl spurious overflows (bug 19350).
      Fix ldbl-128ibm logl inaccuracy near 1 (bug 19351).
      Automate LC_CTYPE generation for tr_TR, update to Unicode 8.0.0 (bug 18491).
      Make obsolete syscall wrappers into compat symbols (bug 18472).
      Update copyright dates with scripts/update-copyrights.
      Update copyright dates not handled by scripts/update-copyrights.
      Update miscellaneous files from upstream sources.
      Add new header definitions from Linux 4.4 (plus older ptrace definitions).
      Regenerate ARM libm-test-ulps.
      Regenerate powerpc-nofpu libm-test-ulps.
      Regenerate MIPS libm-test-ulps.
      Fix ulps regeneration for *-finite tests.
      Update localplt.data for powerpc-nofpu.
      Fix __finitel libm compat symbol version.
      Fix MIPS mmap negative offset handling for consistency (bug 19550).

Justus Winter (1):
      Cache the host port like we cache the task port

Khem Raj (1):
      argp: Use fwrite_unlocked instead of __fxprintf when !_LIBC

Ludovic Courtès (2):
      Gracefully handle incompatible locale data
      Use shell's builtin pwd.

Maciej W. Rozycki (3):
      [BZ #17250] Fix static dlopen default library search path
      MIPS: Wire FCSR.ABS2008 to FCSR.NAN2008
      MIPS: Set the required Linux kernel version to 4.5.0 for 2008 NaN

Manolis Ragkousis (1):
      Check sysheaders when looking for Mach and Hurd headers

Marcin Kościelnicki (1):
      Add __private_ss to s390 struct tcbhead.

Mark Wielaard (3):
      Add LFS support for fts functions (bug 11460)
      elf/elf.h: Add new 386 and X86_64 relocations from binutils.
      Revert "elf/elf.h: Add new 386 and X86_64 relocations from binutils."

Marko Myllynen (4):
      localedata: remove timezone information [BZ #18525]
      Fix lang_lib/lang_term as per ISO 639-2 [BZ #16973]
      Make shebang interpreter directives consistent
      Make shebang interpreter directives consistent

Martin Sebor (4):
      Let 'make check subdirs=string' succeed even when it's invoked
      Fix build errors with -DNDEBUG.
      Fix build failures with -DDEBUG.
      Have iconv accept redundant escape sequences in IBM900, IBM903, IBM905,

Maxim Ostapenko (1):
      Clear DF_1_NODELETE flag only for failed to load library.

Mike FABIAN (3):
      Generic updates to transliterations.
      Update da, nb, nn, and sv locales (Bug 89)
      Update to Unicode 8.0.0.

Mike Frysinger (44):
      nptl: fix set-but-unused warning w/_STACK_GROWS_UP
      mmap64: fix undef warnings
      test-skeleton: add usage information
      fix missing ctype.h include
      hppa: _dl_symbol_address: add missing hidden def
      microblaze: include unix/sysdep.h
      hppa: put custom madvise defines behind __USE_MISC
      fix non-portable `echo -n` usage
      gawk: fix gensub usage
      stpncpy: fix bug number [BZ #18795]
      hppa: assume TLS everywhere
      hppa: drop __ASSUME_LWS_CAS define
      hppa: shm.h: add SHM_EXEC
      hppa: sigaction.h: update define export based on __USE_XOPEN2K8
      hppa: epoll.h: move to common sys/epoll.h
      hppa: eventfd.h: move to common sys/eventfd.h
      hppa: inotify.h: move to common sys/inotify.h
      hppa: signalfd.h: move to common sys/signalfd.h
      hppa: timerfd.h: move to common sys/timerfd.h
      NEWS: note fixed bug
      relocate localedata ChangeLog entries
      manual: skip build when perl is unavailable
      mips: siginfo.h: add SIGSYS details [BZ #18863]
      de.po: fix SIGALRM typo [BZ #4404]
      getmntent: fix memory corruption w/blank lines [BZ #18887]
      NEWS: add #18887
      localedef: improve error message [BZ #16985]
      alpha: drop __ASSUME_FDATASYNC
      timezone: fix parallel check failures
      timezone: add a configure flag to disable program install
      timezone: document new --disable-timezone-tools option
      timezone: polish grammar a bit in documentation
      use -fstack-protector-strong when available
      pylintrc: disable reports
      ia64: fpu: fix gammaf typo [BZ #15421]
      list-fixed-bugs: use argparse for the commandline
      localedata: nl_NL@euro: copy measurement from nl_NL [BZ #19198]
      ia64: fpu: fix gamma definition handling [BZ #15421]
      xstat: only check to see if __ASSUME_ST_INO_64_BIT is defined
      longlong: fix sh -Wundef builds
      sparc: mman.h: fix bad comment insertion
      configure: make the unsupported error message less hostile
      localedata: convert all files to utf-8
      Revert "ChangeLogs: convert to utf-8"

Namhyung Kim (1):
      manual/argp.texi (Specifying Argp Parsers): Fix typo.

Ondrej Bilka (1):
      powerpc: Fix stpcpy performance for power8

Ondřej Bílka (4):
      Fix exponents in manual.
      Fix strcpy_chk and stpcpy_chk performance.
      Handle overflow in __hcreate_r
      add bug 18240 to news.

Paul E. Murphy (6):
      powerpc: Fix tabort usage in syscalls
      powerpc: Revert to default atomic ops in elision code
      Fix race in tst-mqueue5
      powerpc: Fix macro usage of htm builtins
      Fix nptl/tst-setuid3.c
      Cleanup ppc bits/ipc.h

Paul Eggert (8):
      Port the 0x7efe...feff pattern to GCC 6.
      Fix broken overflow check in posix_fallocate [BZ 18873]
      Consistency about byte vs character in string.texi
      Fix typo in strncat, wcsncat manual entries
      Split large string section; add truncation advice
      Update timezone code from tzcode 2015g.
      Fix doc quoting problems with Texinfo 5
      ChangeLogs: convert to utf-8

Paul Murphy (6):
      nptl: Add adapt_count parameter to lll_unlock_elision
      powerpc: Optimize lock elision for pthread_mutex_t
      powerpc: Fix usage of elision transient failure adapt param
      Shuffle includes in ldbl-128ibm/mpn2ldl.c
      powerpc: More elision improvements
      powerpc: Spinlock optimization and cleanup

Paul Pluzhnikov (19):
      Add #include <unistd.h> to libio/oldfileops.c for write.
      Fix BZ #17905
      Fix trailing space.
      In preparation for fixing BZ#16734, fix failure in misc/tst-error1-mem
      Fix BZ #18086 -- nice resets errno to 0.
      Fix BZ #16734 -- fopen calls mmap to allocate its buffer
      Fix BZ #18820 -- fmemopen may leak memory on failure.
      Regenerated sysdeps/x86_64/fpu/libm-test-ulps with AVX2.
      Fix BZ #18084 -- backtrace (..., 0) dumps core on x86.
      Filter out NULL entries.
      Fix BZ #18757.
      To fix BZ #18675, use __fstatvfs64 in __fpathconf.
      Fix BZ #18872 -- memory leak in printf_positional.
      Fix BZ #18985 -- out of range data to strftime() causes a segfault
      sysdeps/x86_64/fpu/libm-test-ulps: Regenerated on Haswell.
      Fix BZ #19012 -- iconv_open leaks memory on error path.
      stdio-common/tst-printf-bz18872.sh: Use attribute optimize instead of
      [BZ #19451]
      2016-01-20  Paul Pluzhnikov  <ppluzhnikov@google.com>

Petar Jovanovic (1):
      Fix dynamic linker issue with bind-now

Phil Blundell (1):
      ChangeLog: Fix incorrect email address

Rajalakshmi Srinivasaraghavan (3):
      powerpc: Handle worstcase behavior in strstr() for POWER7
      Call direct system calls for socket operations
      powerpc: Regenerate libm-test-ulps

Rasmus Villemoes (1):
      linux/getsysstats.c: use sysinfo() instead of parsing /proc/meminfo

Richard Henderson (2):
      longlong.h: Disable alpha umul_ppmm for old g++
      Update Alpha libm-test-ulps

Rob Wu (1):
      resolv: Reset defdname before use in __res_vinit [BZ #19369]

Roland McGrath (12):
      NaCl: Call __nacl_main in preference to main.
      Meaningless ChangeLog cleanup to trigger buildbot.
      Mark elf/tst-protected1[ab] as XFAIL.
      BZ#18921: Fix opendir inverted o_directory_works test.
      BZ#18921: Mark fixed in NEWS.
      NaCl: Do not install <sys/mtio.h>.
      Use HOST_NAME_MAX for MAXHOSTNAMELEN in <sys/param.h>.
      BZ#18872: Don't conditionalize build rules for test program.
      Fix some stub prototypes missing ... after K&R conversion
      NaCl: Use open_resource API for shared objects
      NaCl: Use allocate_code_data after dyncode_create
      NaCl: Fix unused variable errors in lowlevellock-futex.h macros.

Samuel Thibault (20):
      Fix gcrt0.o compilation
      Fix sysdeps/i386/fpu/s_scalbn.S build
      Fix rules generating headers in hurd/ and mach/
      Fix parallel build of before-compile targets.
      Fix typo
      Fix typo
      Really fix sysdeps/i386/fpu/s_scalbn.S build
      Fix vm_page_size visibility
      Add missing __mach_host_self_ symbol in Versions
      Add task_notify to mach_interface_list
      Make _hurd_raise_signal return errors
      Make _hurd_raise_signal directly return the error
      Remove unusued variable
      Fix RPC breakage when longjumping from signal handler
      Fix hurd build with hidden support
      Revert not defining NO_HIDDEN on hurd
      Do not add relro attribute to __libc_stack_end
      hurd: Initialize __libc_stack_end for hidden support
      hurd: Make mmap64 use vm_offset_t for overflow check
      Harmonize generic stdio-lock support with nptl

Siddhesh Poyarekar (12):
      Remove incorrect register mov in floorf/nearbyint on x86_64
      Drop unused first argument from arena_get2
      Don't use the main arena in retry path if it is corrupt
      benchtests: Mark output variables as used
      Remove redundant else clauses in s_sin.c
      Include s_sin.c in s_sincos.c
      benchtests: Add inputs from sin and cos to sincos
      benchtests: ffs and ffsll are string functions, not math
      Fix up ChangeLog
      Consolidate range reduction in sincos for x > 281474976710656
      Consolidate sin and cos code for 105414350 <|x|< 281474976710656
      Consolidate sincos computation for 2.426265 < |x| < 105414350

Stan Shebs (1):
      Disable uninitialized warning with GCC 4.8

Stefan Liebler (37):
      S390: Fix handling of DXC-byte in FPC-register.
      S390: Refactor ifunc implementations and enable ifunc-test-framework.
      S390: Add hwcaps value for vector facility.
      S390: Add new s390 platform.
      S390: configure check for vector instruction support in assembler.
      S390: Ifunc resolver macro for vector instructions.
      S390: Optimize strlen and wcslen.
      S390: Optimize strnlen and wcsnlen.
      S390: Optimize strcpy and wcscpy.
      S390: Optimize stpcpy and wcpcpy.
      S390: Optimize strncpy and wcsncpy.
      S390: Optimize stpncpy and wcpncpy.
      S390: Optimize strcat and wcscat.
      S390: Optimize strncat wcsncat.
      S390: Optimize strcmp and wcscmp.
      S390: Optimize strncmp and wcsncmp.
      S390: Optimize strchr and wcschr.
      S390: Optimize strchrnul and wcschrnul.
      S390: Optimize strrchr and wcsrchr.
      S390: Optimize strspn and wcsspn.
      S390: Optimize strpbrk and wcspbrk.
      S390: Optimize strcspn and wcscspn.
      S390: Optimize memchr, rawmemchr and wmemchr.
      S390: Optimize memccpy.
      S390: Optimize wmemset.
      S390: Optimize wmemcmp.
      S390: Optimize memrchr.
      S390: Optimize string, wcsmbs and memory functions.
      S390: Fix build error with gcc6 in utf8_utf16-z9.c.
      Adjust _Unwind_Word in unwind.h to version in libgcc.
      S390: Call direct system calls for socket operations.
      S390: Clean setjmp, longjmp, getcontext symbols.
      S390: Use __asm__ instead of asm.
      S/390: Do not raise inexact exception in lrint/lround. [BZ #19486]
      S390: Regenerate ULPs
      S390: Fix build error in iconvdata/bug-iconv11.c.
      S390: Fix build failure in test string/tst-endian.c with gcc 6.

Steve Ellcey (9):
      Fix undefined warning messages in GCC 6.
      Add unused attribute to declaration for mips16 builds.
      Add missing ChangeLog entry.
      Update timezone/Makefile to use -Wno-unused-variable
      Make performance improvement to MIPS memcpy for small copies.
      Fix indentation.
      Fix indentation.
      Fix indentation.
      Fix MIPS64 memcpy regression.

Szabolcs Nagy (4):
      Regenerate aarch64 libm-test-ulps
      [BZ #19129][ARM] Fix _dl_tlsdesc_resolve_hold to save r0
      [AArch64] Regenerate libm-test-ulps
      [ARM] add missing -funwind-tables to test case (bug 19529)

Thomas Schwinge (1):
      hurd: install correct number of send rights on fork

Torvald Riegel (5):
      Remove unused variable in math/atest-exp2.c.
      Do not violate mutex destruction requirements.
      New pthread_barrier algorithm to fulfill barrier destruction requirements.
      Fix pthread_barrier_init typo.
      nptl: Add first-line description for barrier tests.

Tulio Magno Quites Machado Filho (3):
      PowerPC: Fix a race condition when eliding a lock
      tst-backtrace4: fix a warning message
      powerpc: Enforce compiler barriers on hardware transactions

Vincent Bernat (2):
      time: in strptime(), make %z accept Z as a time zone [BZ #17886]
      time: in strptime(), make %z accept [+-]HH:MM tz [BZ #17887]

Wilco Dijkstra (17):
      Improve fesetenv performance by avoiding unnecessary FPSR/FPCR reads/writes.
      Improve feenableexcept performance - avoid an unnecessary FPCR read in case
      This patch improves strncpy performance by using strnlen/memcpy rather than a byte loop. Performance
      Improve memccpy performance by using memchr/memcpy/mempcpy rather than
      Improve performance of mempcpy by inlining and using memcpy. Enable
      Improve stpncpy performance by using __strnlen/memcpy/memset rather than a
      2015-08-24  Wilco Dijkstra  <wdijkstr@arm.com>
      2015-08-24  Wilco Dijkstra  <wdijkstr@arm.com>
      Add a new benchmark for isinf/isnan/isnormal/isfinite/fpclassify. The test uses 2 arrays with 1024 doubles, one with 99% finite FP numbers (10% zeroes, 10% negative) and 1% inf/NaN, the other with 50% inf, and 50% Nan.
      Add inlining of the C99 math functions isinf/isnan/signbit/isfinite/isnormal/fpclassify using GCC
      Use the GCC builtin functions for the non-inlined signbit implementations.
      Fix several build failures with GCC6 due to unused static variables.
      Since we now inline isinf, isnan and isfinite in math.h, replace uses of __isinf_ns(l/f)
      Cleanup a few cases where isinf is used to get the signbit to improve the readability and maintainability and allow inlining.
      Undo build error fixes to timezone/private.h, change makefile instead to
      Remove __signbit* from localplt.data as they are no longer called from within GLIBC.
      Enable _STRING_ARCH_unaligned on AArch64.

Zack Weinberg (4):
      Correct comments about the history of <regexp.h>
      stpncpy: fix size checking [BZ #18975]
      Desupport regexp.h (bug 18681)
      regexp.h: update Versions to match file usage [BZ #18681]

-----------------------------------------------------------------------
Comment 7 Nick Alcock 2016-02-29 19:47:07 UTC
I still see aborts of tst-malloc-thread-exit in 2.23 after this fix, with less-than-useful stacks (on x86-64, compiled with a GCC 4.9.4 prerelease). This may be this bug or, I suppose, may be something else:

(gdb) bt
#0  0x00007ffff7a6d1b7 in raise () from /usr/src/glibc/x86_64-mutilate/libc.so.6
#1  0x00007ffff7a6e60a in __GI_abort () at abort.c:89
#2  0x0000000000401d5b in ?? ()
#3  0x0000000000000000 in ?? ()
(gdb) info threads
  Id   Target Id         Frame
* 2    LWP 28644 "ld-linux-x86-64" 0x00007ffff7a6d1b7 in raise () from /usr/src/glibc/x86_64-mutilate/libc.so.6
  1    LWP 28600 "ld-linux-x86-64" 0x00007ffff7de3da6 in pthread_create@@GLIBC_2.2.5 () from /usr/src/glibc/x86_64-mutilate/nptl/libpthread.so.0
(gdb) thread 1
[Switching to thread 1 (LWP 28600)]
#0  0x00007ffff7de3da6 in pthread_create@@GLIBC_2.2.5 () from /usr/src/glibc/x86_64-mutilate/nptl/libpthread.so.0
(gdb) bt
#0  0x00007ffff7de3da6 in pthread_create@@GLIBC_2.2.5 () from /usr/src/glibc/x86_64-mutilate/nptl/libpthread.so.0
#1  0x0000000000401b09 in ?? ()
#2  0x00007ffff7dd8970 in _IO_stdfile_2_lock () from /usr/src/glibc/x86_64-mutilate/libc.so.6
#3  0x00007fffffffdab0 in ?? ()
#4  0x0000000000000000 in ?? ()
Comment 8 Florian Weimer 2016-02-29 19:52:21 UTC
(In reply to Nick Alcock from comment #7)
> I still see aborts of tst-malloc-thread-exit in 2.23 after this fix, with
> less-than-useful stacks (on x86-64, compiled with a GCC 4.9.4 prerelease).
> This may be this bug or, I suppose, may be something else:
> 
> (gdb) bt
> #0  0x00007ffff7a6d1b7 in raise () from
> /usr/src/glibc/x86_64-mutilate/libc.so.6
> #1  0x00007ffff7a6e60a in __GI_abort () at abort.c:89

Is there a message printed before that?  What's the actual failure?

If there is no message, you might get a better backtrace if you compile the test case with -O1 (or -fno-optimize-sibling-calls, I think).

The abort isn't in malloc itself, I think, so it's better to file a new bug for this.
Comment 9 Nick Alcock 2016-03-02 15:34:15 UTC
The failure is a simple abort (if run with a boosted timeout so it doesn't just time out):

error: pthread_create: Resource temporarily unavailable
Didn't expect signal from child: got `Aborted'

When compiled with lower optimization, as you suggest, there is unfortunately no change: GDB shows massive numbers of thread creations, we start getting 'resource temporarily unavailable' errors, and then boom.

However... I think this may be a ulimit-related failure. My autobuilder normally runs with soft RLIMIT_AS and RLIMIT_DATA of 7680000, to prevent maddened builds or broken tests running the machines out of memory. If I lift those to unlimited, the test passes and there are no longer any errors from pthread_create() -- and of course a test like this will allocate a lot of vsz in thread stacks for all those threads: I guess the real problem lies in pthread_create()'s behaviour if its attempt to allocate a thread stack is blocked by ulimits.

I'll file a new bug (and lift those ulimits for the glibc testsuite from now on).
Comment 10 Florian Weimer 2016-03-02 15:37:39 UTC
Nick, please double-check if you have this follow-up commit:

commit 2a38688932243b5b16fb12d84c7ac1138ce50363
Author: Florian Weimer <fweimer@redhat.com>
Date:   Fri Feb 19 14:11:32 2016 +0100

    tst-malloc-thread-exit: Use fewer system resources

It should address the resource exhaustion issue with this test.
Comment 11 Nick Alcock 2016-03-02 15:54:45 UTC
Ah. That's not on the 2.23 branch, so I don't have it. I'll retest with that cherry-picked in and report back.

If the abort is still worth following up nonetheless, I reported it just now under bug 19754.
Comment 12 Nick Alcock 2016-03-02 16:41:09 UTC
I can confirm that that cherry-pick makes the problem go away -- but if I drop the RLIMIT_AS still further (admittedly, a *lot* further), it comes back:

mutilate 7 /usr/src/glibc/x86_64-mutilate% ulimit -v 500000
mutilate 8 /usr/src/glibc/x86_64-mutilate% env GCONV_PATH=/usr/src/glibc/x86_64-mutilate/iconvdata LOCPATH=/usr/src/glibc/x86_64-mutilate/localedata LC_ALL=C   /usr/src/glibc/x86_64-mutilate/elf/ld-linux-x86-64.so.2 --library-path /usr/src/glibc/x86_64-mutilate:/usr/src/glibc/x86_64-mutilate/math:/usr/src/glibc/x86_64-mutilate/elf:/usr/src/glibc/x86_64-mutilate/dlfcn:/usr/src/glibc/x86_64-mutilate/nss:/usr/src/glibc/x86_64-mutilate/nis:/usr/src/glibc/x86_64-mutilate/rt:/usr/src/glibc/x86_64-mutilate/resolv:/usr/src/glibc/x86_64-mutilate/crypt:/usr/src/glibc/x86_64-mutilate/mathvec:/usr/src/glibc/x86_64-mutilate/nptl /usr/src/glibc/x86_64-mutilate/malloc/tst-malloc-thread-exit
error: pthread_create: Resource temporarily unavailable
Didn't expect signal from child: got `Aborted'

So that patch only works around the problem in this one test :(
Comment 13 Sourceware Commits 2016-04-13 19:27:45 UTC
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, release/2.22/master has been updated
       via  f95984beb2d3d61c71c14c10cdc5ab8fda321dec (commit)
       via  13a601a0dfb468552c1eebf5c225392260f0bda2 (commit)
       via  eb8c932bac2e6c1273107b8a2721f382575b002a (commit)
       via  00cd4dad175f648783f808aef681d16c10fc34fa (commit)
       via  c252c193e2583e4506b141d052df29a0987ac290 (commit)
      from  f664b663118642490b8776dcf4f30524a646dcbc (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f95984beb2d3d61c71c14c10cdc5ab8fda321dec

commit f95984beb2d3d61c71c14c10cdc5ab8fda321dec
Author: Florian Weimer <fweimer@redhat.com>
Date:   Wed Apr 13 14:11:42 2016 -0500

    malloc: Update comment for list_lock
    
    (cherry picked from commit 7962541a32eff5597bc4207e781cfac8d1bb0d87)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=13a601a0dfb468552c1eebf5c225392260f0bda2

commit 13a601a0dfb468552c1eebf5c225392260f0bda2
Author: Florian Weimer <fweimer@redhat.com>
Date:   Wed Apr 13 14:11:27 2016 -0500

    tst-malloc-thread-exit: Use fewer system resources
    
    (cherry picked from commit 2a38688932243b5b16fb12d84c7ac1138ce50363)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eb8c932bac2e6c1273107b8a2721f382575b002a

commit eb8c932bac2e6c1273107b8a2721f382575b002a
Author: Florian Weimer <fweimer@redhat.com>
Date:   Wed Apr 13 14:10:49 2016 -0500

    malloc: Fix list_lock/arena lock deadlock [BZ #19182]
    
    	* malloc/arena.c (list_lock): Document lock ordering requirements.
    	(free_list_lock): New lock.
    	(ptmalloc_lock_all): Comment on free_list_lock.
    	(ptmalloc_unlock_all2): Reinitialize free_list_lock.
    	(detach_arena): Update comment.  free_list_lock is now needed.
    	(_int_new_arena): Use free_list_lock around detach_arena call.
    	Acquire arena lock after list_lock.  Add comment, including FIXME
    	about incorrect synchronization.
    	(get_free_list): Switch to free_list_lock.
    	(reused_arena): Acquire free_list_lock around detach_arena call
    	and attached threads counter update.  Add two FIXMEs about
    	incorrect synchronization.
    	(arena_thread_freeres): Switch to free_list_lock.
    	* malloc/malloc.c (struct malloc_state): Update comments to
    	mention free_list_lock.
    
    (cherry picked from commit 90c400bd4904b0240a148f0b357a5cbc36179239)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=00cd4dad175f648783f808aef681d16c10fc34fa

commit 00cd4dad175f648783f808aef681d16c10fc34fa
Author: Florian Weimer <fweimer@redhat.com>
Date:   Wed Apr 13 14:08:24 2016 -0500

    malloc: Fix attached thread reference count handling [BZ #19243]
    
    reused_arena can increase the attached thread count of arenas on the
    free list.  This means that the assertion that the reference count is
    zero is incorrect.  In this case, the reference count initialization
    is incorrect as well and could cause arenas to be put on the free
    list too early (while they still have attached threads).
    
    	* malloc/arena.c (get_free_list): Remove assert and adjust
    	reference count handling.  Add comment about reused_arena
    	interaction.
    	(reused_arena): Add comments abount get_free_list interaction.
    	* malloc/tst-malloc-thread-exit.c: New file.
    	* malloc/Makefile (tests): Add tst-malloc-thread-exit.
    	(tst-malloc-thread-exit): Link against libpthread.
    
    (cherry picked from commit 3da825ce483903e3a881a016113b3e59fd4041de)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c252c193e2583e4506b141d052df29a0987ac290

commit c252c193e2583e4506b141d052df29a0987ac290
Author: Florian Weimer <fweimer@redhat.com>
Date:   Wed Apr 13 14:07:58 2016 -0500

    malloc: Prevent arena free_list from turning cyclic [BZ #19048]
    
    	[BZ# 19048]
    	* malloc/malloc.c (struct malloc_state): Update comment.  Add
    	attached_threads member.
    	(main_arena): Initialize attached_threads.
    	* malloc/arena.c (list_lock): Update comment.
    	(ptmalloc_lock_all, ptmalloc_unlock_all): Likewise.
    	(ptmalloc_unlock_all2): Reinitialize arena reference counts.
    	(deattach_arena): New function.
    	(_int_new_arena): Initialize arena reference count and deattach
    	replaced arena.
    	(get_free_list, reused_arena): Update reference count and deattach
    	replaced arena.
    	(arena_thread_freeres): Update arena reference count and only put
    	unreferenced arenas on the free list.
    
    (cherry picked from commit a62719ba90e2fa1728890ae7dc8df9e32a622e7b)

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog                       |   58 ++++++++++
 NEWS                            |   13 ++-
 malloc/Makefile                 |    4 +-
 malloc/arena.c                  |  129 +++++++++++++++++++++--
 malloc/malloc.c                 |   11 ++-
 malloc/tst-malloc-thread-exit.c |  218 +++++++++++++++++++++++++++++++++++++++
 6 files changed, 418 insertions(+), 15 deletions(-)
 create mode 100644 malloc/tst-malloc-thread-exit.c
Comment 14 Sourceware Commits 2016-08-02 10:41:12 UTC
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  f88aab5d508c13ae4a88124e65773d7d827cd47b (commit)
      from  b74d259fe793499134eb743222cd8dd7c74a31ce (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f88aab5d508c13ae4a88124e65773d7d827cd47b

commit f88aab5d508c13ae4a88124e65773d7d827cd47b
Author: Florian Weimer <fweimer@redhat.com>
Date:   Tue Aug 2 12:24:50 2016 +0200

    malloc: Preserve arena free list/thread count invariant [BZ #20370]
    
    It is necessary to preserve the invariant that if an arena is
    on the free list, it has thread attach count zero.  Otherwise,
    when arena_thread_freeres sees the zero attach count, it will
    add it, and without the invariant, an arena could get pushed
    to the list twice, resulting in a cycle.
    
    One possible execution trace looks like this:
    
    Thread 1 examines free list and observes it as empty.
    Thread 2 exits and adds its arena to the free list,
      with attached_threads == 0).
    Thread 1 selects this arena in reused_arena (not from the free list).
    Thread 1 increments attached_threads and attaches itself.
      (The arena remains on the free list.)
    Thread 1 exits, decrements attached_threads,
      and adds the arena to the free list.
    
    The final step creates a cycle in the usual way (by overwriting the
    next_free member with the former list head, while there is another
    list item pointing to the arena structure).
    
    tst-malloc-thread-exit exhibits this issue, but it was only visible
    with a debugger because the incorrect fix in bug 19243 removed
    the assert from get_free_list.

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog      |    8 ++++++++
 malloc/arena.c |   41 ++++++++++++++++++++++++++++++++++++-----
 2 files changed, 44 insertions(+), 5 deletions(-)
Comment 15 Sourceware Commits 2016-08-04 09:51:45 UTC
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, release/2.24/master has been updated
       via  96cd434f66849f0d250869c0da846920b6081425 (commit)
      from  d39c4a5ec099548f4f7864f29873e15f5ceb93e7 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=96cd434f66849f0d250869c0da846920b6081425

commit 96cd434f66849f0d250869c0da846920b6081425
Author: Florian Weimer <fweimer@redhat.com>
Date:   Tue Aug 2 12:24:50 2016 +0200

    malloc: Preserve arena free list/thread count invariant [BZ #20370]
    
    It is necessary to preserve the invariant that if an arena is
    on the free list, it has thread attach count zero.  Otherwise,
    when arena_thread_freeres sees the zero attach count, it will
    add it, and without the invariant, an arena could get pushed
    to the list twice, resulting in a cycle.
    
    One possible execution trace looks like this:
    
    Thread 1 examines free list and observes it as empty.
    Thread 2 exits and adds its arena to the free list,
      with attached_threads == 0).
    Thread 1 selects this arena in reused_arena (not from the free list).
    Thread 1 increments attached_threads and attaches itself.
      (The arena remains on the free list.)
    Thread 1 exits, decrements attached_threads,
      and adds the arena to the free list.
    
    The final step creates a cycle in the usual way (by overwriting the
    next_free member with the former list head, while there is another
    list item pointing to the arena structure).
    
    tst-malloc-thread-exit exhibits this issue, but it was only visible
    with a debugger because the incorrect fix in bug 19243 removed
    the assert from get_free_list.
    
    (cherry picked from commit f88aab5d508c13ae4a88124e65773d7d827cd47b)

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog      |    8 ++++++++
 malloc/arena.c |   41 ++++++++++++++++++++++++++++++++++++-----
 2 files changed, 44 insertions(+), 5 deletions(-)
Comment 16 Sourceware Commits 2016-08-04 09:58:03 UTC
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, release/2.23/master has been updated
       via  026671037948fd31009243a2173278dfa0ac9b25 (commit)
      from  e3e0bedf697c8c5858cd7ad1a541a179a20a6320 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=026671037948fd31009243a2173278dfa0ac9b25

commit 026671037948fd31009243a2173278dfa0ac9b25
Author: Florian Weimer <fweimer@redhat.com>
Date:   Tue Aug 2 12:24:50 2016 +0200

    malloc: Preserve arena free list/thread count invariant [BZ #20370]
    
    It is necessary to preserve the invariant that if an arena is
    on the free list, it has thread attach count zero.  Otherwise,
    when arena_thread_freeres sees the zero attach count, it will
    add it, and without the invariant, an arena could get pushed
    to the list twice, resulting in a cycle.
    
    One possible execution trace looks like this:
    
    Thread 1 examines free list and observes it as empty.
    Thread 2 exits and adds its arena to the free list,
      with attached_threads == 0).
    Thread 1 selects this arena in reused_arena (not from the free list).
    Thread 1 increments attached_threads and attaches itself.
      (The arena remains on the free list.)
    Thread 1 exits, decrements attached_threads,
      and adds the arena to the free list.
    
    The final step creates a cycle in the usual way (by overwriting the
    next_free member with the former list head, while there is another
    list item pointing to the arena structure).
    
    tst-malloc-thread-exit exhibits this issue, but it was only visible
    with a debugger because the incorrect fix in bug 19243 removed
    the assert from get_free_list.
    
    (cherry picked from commit f88aab5d508c13ae4a88124e65773d7d827cd47b)

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog      |    8 ++++++++
 malloc/arena.c |   41 ++++++++++++++++++++++++++++++++++++-----
 2 files changed, 44 insertions(+), 5 deletions(-)
Comment 17 Sourceware Commits 2016-08-04 10:29:27 UTC
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, release/2.22/master has been updated
       via  b2c32b05c698b421081e1f9319603341956f2887 (commit)
      from  4b59550eadd3692e4d327363328a41aa5da89af1 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b2c32b05c698b421081e1f9319603341956f2887

commit b2c32b05c698b421081e1f9319603341956f2887
Author: Florian Weimer <fweimer@redhat.com>
Date:   Tue Aug 2 12:24:50 2016 +0200

    malloc: Preserve arena free list/thread count invariant [BZ #20370]
    
    It is necessary to preserve the invariant that if an arena is
    on the free list, it has thread attach count zero.  Otherwise,
    when arena_thread_freeres sees the zero attach count, it will
    add it, and without the invariant, an arena could get pushed
    to the list twice, resulting in a cycle.
    
    One possible execution trace looks like this:
    
    Thread 1 examines free list and observes it as empty.
    Thread 2 exits and adds its arena to the free list,
      with attached_threads == 0).
    Thread 1 selects this arena in reused_arena (not from the free list).
    Thread 1 increments attached_threads and attaches itself.
      (The arena remains on the free list.)
    Thread 1 exits, decrements attached_threads,
      and adds the arena to the free list.
    
    The final step creates a cycle in the usual way (by overwriting the
    next_free member with the former list head, while there is another
    list item pointing to the arena structure).
    
    tst-malloc-thread-exit exhibits this issue, but it was only visible
    with a debugger because the incorrect fix in bug 19243 removed
    the assert from get_free_list.
    
    (cherry picked from commit f88aab5d508c13ae4a88124e65773d7d827cd47b)

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog      |    8 ++++++++
 malloc/arena.c |   41 ++++++++++++++++++++++++++++++++++++-----
 2 files changed, 44 insertions(+), 5 deletions(-)
Comment 18 Sourceware Commits 2016-10-22 16:53:24 UTC
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, linaro/2.23/master has been updated
       via  e124685d6140c870fd2de18545a58bd0b8d91177 (commit)
       via  810c1eaf41061d745d73edd1b5f423093efe7438 (commit)
       via  52f47e52a671d6f147739d65b063f19a96342e1c (commit)
       via  24d5e1f7a72461a0fd3dd879f20118cdca73658a (commit)
       via  311b5e3144fe36030286e56b57fc000f87d53ef3 (commit)
       via  5b676a963e238f66c29adf0c81dbb0ae1d11006a (commit)
       via  88227449533116f025c75d1d5f26f554797bfadc (commit)
       via  679988f02255d3d70eaffbb0e02c052a8b322656 (commit)
       via  41f8b8f92e667e490d9eaa427a4a2412d6f1ede4 (commit)
       via  4a1fd9645df4be7dbf275053ce5086eeec0df7d8 (commit)
       via  6a7831994efd0215138082ff065c7583ef8acaa7 (commit)
       via  ae4ff739eaecc1b15fabf8f23356574257894907 (commit)
       via  1436096a43d2246344e234467eb8be4a82c20dbe (commit)
       via  9dc6f738aec4b33a2e1667204923fe47d1a31496 (commit)
       via  ddce84f1c0aa11eabfc5f18eef66ec757a415d28 (commit)
       via  ac5625f7c93926ede2c61d720e922830bdcfe719 (commit)
       via  6def9198c39b3fbfd282bf70e6a192dc18f04beb (commit)
       via  45ce3f30e3e8b4c091cea319ccb71ae565d11267 (commit)
       via  0fb14a3850787dff765bbba70e74b5a4fa567726 (commit)
       via  cf70de63627f8805702ba21648609730aaca5df0 (commit)
      from  bb433427a5de00b74d308532c27dc18cc348e03f (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e124685d6140c870fd2de18545a58bd0b8d91177

commit e124685d6140c870fd2de18545a58bd0b8d91177
Author: Andrew Senkevich <andrew.senkevich@intel.com>
Date:   Mon Oct 17 19:01:32 2016 +0300

    Don't compile do_test with -mavx/-mavx2/-mavx512.
    
    Don't compile do_test (in sincos ABI tests) with -mavx, -mavx2
    nor -mavx512 since they won't run on non-AVX machines.
    
    (cherry-picked from commit fe0cf8614836e2b08b802eb1f55abca75d558545)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=810c1eaf41061d745d73edd1b5f423093efe7438

commit 810c1eaf41061d745d73edd1b5f423093efe7438
Author: Andrew Senkevich <andrew.senkevich@intel.com>
Date:   Mon Oct 17 17:55:28 2016 +0300

    Fixed x86_64 vector sincos/sincosf ABI.
    
    Fixed wrong vector sincos/sincosf ABI to have it compatible with
    current vector function declaration "#pragma omp declare simd notinbranch",
    according to which vector sincos should have vector of pointers for second and
    third parameters. It is fixed with implementation as wrapper to version
    having second and third parameters as pointers.
    
    (cherry-picked from commit ee2196bb6766ca7e63a1ba22ebb7619a3266776a)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=52f47e52a671d6f147739d65b063f19a96342e1c

commit 52f47e52a671d6f147739d65b063f19a96342e1c
Author: Tulio Magno Quites Machado Filho <tuliom@linux.vnet.ibm.com>
Date:   Fri Sep 16 17:31:58 2016 -0300

    powerpc: Fix POWER9 implies
    
    Fix multiarch build for POWER9 by correcting the order of the
    directories listed at sysnames configure variable.
    
    (cherry picked from commit 1850ce5a2ea3b908b26165e7e951cd4334129f07)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=24d5e1f7a72461a0fd3dd879f20118cdca73658a

commit 24d5e1f7a72461a0fd3dd879f20118cdca73658a
Author: Florian Weimer <fweimer@redhat.com>
Date:   Wed Aug 17 16:14:02 2016 +0200

    nptl/tst-once5: Reduce time to expected failure
    
    (cherry picked from commit 1f645571d2db9008b3cd3d5acb9ff93357864283)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=311b5e3144fe36030286e56b57fc000f87d53ef3

commit 311b5e3144fe36030286e56b57fc000f87d53ef3
Author: Florian Weimer <fweimer@redhat.com>
Date:   Thu Aug 18 11:15:42 2016 +0200

    argp: Do not override GCC keywords with macros [BZ #16907]
    
    glibc provides fallback definitions already.  It is not necessary to
    suppress warnings for unknown attributes because GCC does this
    automatically for system headers.
    
    This commit does not sync with gnulib because gnulib has started to use
    _GL_* macros in the header file, which are arguably in the gnulib
    implementation space and not suitable for an installed glibc header
    file.
    
    (cherry picked from commit 2c820533c61fed175390bc6058afbbe42d2edc37)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5b676a963e238f66c29adf0c81dbb0ae1d11006a

commit 5b676a963e238f66c29adf0c81dbb0ae1d11006a
Author: Florian Weimer <fweimer@redhat.com>
Date:   Sat Jun 11 12:07:14 2016 +0200

    fopencookie: Mangle function pointers stored on the heap [BZ #20222]
    
    (cherry picked from commit 983fd5c41ab7e5a5c33922259ca1ac99b3b413f8)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=88227449533116f025c75d1d5f26f554797bfadc

commit 88227449533116f025c75d1d5f26f554797bfadc
Author: Florian Weimer <fweimer@redhat.com>
Date:   Sat Jun 11 12:12:56 2016 +0200

    nss_db: Fix initialization of iteration position [BZ #20237]
    
    When get*ent is called without a preceding set*ent, we need
    to set the initial iteration position in get*ent.
    
    Reproducer: Add “services: db files” to /etc/nsswitch.conf, then run
    “perl -e getservent”.  It will segfault before this change, and exit
    silently after it.
    
    (cherry picked from commit 31d0a4fa646db8b8c97ce24e0ec0a7b73de4fca1)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=679988f02255d3d70eaffbb0e02c052a8b322656

commit 679988f02255d3d70eaffbb0e02c052a8b322656
Author: Andreas Schwab <schwab@suse.de>
Date:   Thu Jun 16 12:44:29 2016 +0200

    Return proper status from _nss_nis_initgroups_dyn (bug 20262)
    
    (cherry picked from commit 73fb56a4d51fd4437e4cde6dd3c8077a610f88a8)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=41f8b8f92e667e490d9eaa427a4a2412d6f1ede4

commit 41f8b8f92e667e490d9eaa427a4a2412d6f1ede4
Author: Florian Weimer <fweimer@redhat.com>
Date:   Tue Jun 21 21:29:21 2016 +0200

    malloc: Avoid premature fallback to mmap [BZ #20284]
    
    Before this change, the while loop in reused_arena which avoids
    returning a corrupt arena would never execute its body if the selected
    arena were not corrupt.  As a result, result == begin after the loop,
    and the function returns NULL, triggering fallback to mmap.
    
    (cherry picked from commit a3b473373ee43a292f5ec68a7fda6b9cfb26a9b0)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4a1fd9645df4be7dbf275053ce5086eeec0df7d8

commit 4a1fd9645df4be7dbf275053ce5086eeec0df7d8
Author: Andreas Schwab <schwab@suse.de>
Date:   Thu Aug 18 11:38:28 2016 +0200

    arm: mark __startcontext as .cantunwind (bug 20435)
    
    __startcontext marks the bottom of the call stack of the contexts created
    by makecontext.
    
    (cherry picked from commit 9e2ff6c9cc54c0b4402b8d49e4abe7000fde7617)
    
    Also includes the NEWS update, cherry-picked from commits
    056dd72af83f5459ce6d545a49dea6dba7d635dc and
    4d047efdbc55b0d68947cde682e5363d16a66294.

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6a7831994efd0215138082ff065c7583ef8acaa7

commit 6a7831994efd0215138082ff065c7583ef8acaa7
Author: Florian Weimer <fweimer@redhat.com>
Date:   Wed Aug 17 14:57:00 2016 +0200

    Do not override objects in libc.a in other static libraries [BZ #20452]
    
    With this change, we no longer add sysdep.o and similar objects which
    are present in libc.a to other static libraries.
    
    (cherry picked from commit d9067fca40b8aac156d73cfa44d6875813555a6c)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ae4ff739eaecc1b15fabf8f23356574257894907

commit ae4ff739eaecc1b15fabf8f23356574257894907
Author: Florian Weimer <fweimer@redhat.com>
Date:   Tue Aug 2 12:24:50 2016 +0200

    malloc: Preserve arena free list/thread count invariant [BZ #20370]
    
    It is necessary to preserve the invariant that if an arena is
    on the free list, it has thread attach count zero.  Otherwise,
    when arena_thread_freeres sees the zero attach count, it will
    add it, and without the invariant, an arena could get pushed
    to the list twice, resulting in a cycle.
    
    One possible execution trace looks like this:
    
    Thread 1 examines free list and observes it as empty.
    Thread 2 exits and adds its arena to the free list,
      with attached_threads == 0).
    Thread 1 selects this arena in reused_arena (not from the free list).
    Thread 1 increments attached_threads and attaches itself.
      (The arena remains on the free list.)
    Thread 1 exits, decrements attached_threads,
      and adds the arena to the free list.
    
    The final step creates a cycle in the usual way (by overwriting the
    next_free member with the former list head, while there is another
    list item pointing to the arena structure).
    
    tst-malloc-thread-exit exhibits this issue, but it was only visible
    with a debugger because the incorrect fix in bug 19243 removed
    the assert from get_free_list.
    
    (cherry picked from commit f88aab5d508c13ae4a88124e65773d7d827cd47b)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1436096a43d2246344e234467eb8be4a82c20dbe

commit 1436096a43d2246344e234467eb8be4a82c20dbe
Author: Florian Weimer <fweimer@redhat.com>
Date:   Thu Aug 4 11:10:57 2016 +0200

    x86: Use sysdep.o from libc.a in static libraries
    
    Static libraries can use the sysdep.o copy in libc.a without
    a performance penalty.  This results in a visible difference
    if libpthread.a is relinked into a single object file (which
    is needed to support libraries which check for the presence
    of certain symbols to enable threading support, which generally
    fails with static linking unless libpthread.a is relinked).
    
    (cherry picked from commit e67330ab57bfd0f964539576ae7dcc658c456724)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9dc6f738aec4b33a2e1667204923fe47d1a31496

commit 9dc6f738aec4b33a2e1667204923fe47d1a31496
Author: Aurelien Jarno <aurelien@aurel32.net>
Date:   Thu Jun 30 16:06:10 2016 +0200

    SPARC64: update localplt.data
    
    Commits d81f90cc and 89faa0340 replaced called to __isnan and __isinf
    by the corresponding GCC builtins. In turns GCC emits calls to _Qp_cmp.
    We should therefore add _Qp_cmp to localplt.data as otherwise the
    elf/check-localplt test fails with:
    
       Extra PLT reference: libc.so: _Qp_cmp
    
    A similar change has already been done for SPARC32 in commit 6ef1cb95.
    
    Changelog:
    	* sysdeps/unix/sysv/linux/sparc/sparc64/localplt.data: Add _Qp_cmp.
    
    (cherry picked from commit fd1cf1dc3b2d90c2a61332363feb1043f6916564)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ddce84f1c0aa11eabfc5f18eef66ec757a415d28

commit ddce84f1c0aa11eabfc5f18eef66ec757a415d28
Author: John David Anglin <dave.anglin@bell.net>
Date:   Tue Jun 21 18:35:22 2016 -0400

    hppa: fix loading of global pointer in _start [BZ #20277]
    
    The patched change fixes a regression for executables compiled with the
    -p option and linked with gcrt1.o.  The executables crash on startup.
    
    This regression was introduced in 2.22 and was noticed in the gcc testsuite.
    
    (cherry picked from commit 9765ffa71030efd8bb4f2ea4ed6e020fcb4bb714)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ac5625f7c93926ede2c61d720e922830bdcfe719

commit ac5625f7c93926ede2c61d720e922830bdcfe719
Author: Aurelien Jarno <aurelien@aurel32.net>
Date:   Thu Jun 30 00:31:11 2016 +0200

    i686/multiarch: Regenerate ulps
    
    This comes from running “make regen-ulps” on AMD Opteron 6272 CPUs.
    
    Changelog:
    	* sysdeps/i386/i686/fpu/multiarch/libm-test-ulps: Regenerated.
    
    (cherry picked from commit 6a40d8df0c269a953726a432c50702372b86c500)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6def9198c39b3fbfd282bf70e6a192dc18f04beb

commit 6def9198c39b3fbfd282bf70e6a192dc18f04beb
Author: Stefan Liebler <stli@linux.vnet.ibm.com>
Date:   Tue May 17 10:45:48 2016 +0200

    Fix tst-cancel17/tst-cancelx17, which sometimes segfaults while exiting.
    
    The testcase tst-cancel[x]17 ends sometimes with a segmentation fault.
    This happens in one of 10000 cases. Then the real testcase has already
    exited with success and returned from do_test(). The segmentation fault
    occurs after returning from main in _dl_fini().
    
    In those cases, the aio_read(&a) was not canceled because the read
    request was already in progress. In the meanwhile aio_write(ap) wrote
    something to the pipe and the read request is able to read the
    requested byte.
    The read request hasn't finished before returning from do_test().
    After it finishes, it writes the return value and error code from the
    read syscall to the struct aiocb a, which lies on the stack of do_test.
    The stack of the subsequent function call of _dl_fini or _dl_sort_fini,
    which is inlined in _dl_fini is corrupted.
    
    In case of S390, it reads a zero and decrements it by 1:
    unsigned int k = nmaps - 1;
    struct link_map **runp = maps[k]->l_initfini;
    The load from unmapped memory leads to the segmentation fault.
    The stack corruption also happens on other architectures.
    I saw them e.g. on x86 and ppc, too.
    
    This patch adds an aio_suspend call to ensure, that the read request
    is finished before returning from do_test().
    
    ChangeLog:
    
    	* nptl/tst-cancel17.c (do_test): Wait for finishing aio_read(&a).
    
    (cherry picked from commit b3a810d0d3d5c6ce7ddfb61321cd7971808ca703)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=45ce3f30e3e8b4c091cea319ccb71ae565d11267

commit 45ce3f30e3e8b4c091cea319ccb71ae565d11267
Author: Aurelien Jarno <aurelien@aurel32.net>
Date:   Mon Jun 27 16:45:45 2016 +0200

    MIPS: run tst-mode-switch-{1,2,3}.c using test-skeleton.c
    
    For some reasons I have not investigated yet, tst-mode-switch-1 hangs on
    a MIPS UTM-8 machine running an o32 userland and a 3.6.1 kernel.
    
    This patch changes the test so that it runs under the test-skeleton
    framework, causing the test to fail after a timeout instead of hanging
    the whole testsuite. At the same time, also change the tst-mode-switch-2
    and tst-mode-switch-3 tests.
    
    Changelog:
    	* sysdeps/mips/tst-mode-switch-1.c (main): Converted to ...
    	(do_test): ... this.
    	(TEST_FUNCTION): New macro.
    	 Include test-skeleton.c.
    	* sysdeps/mips/tst-mode-switch-2.c (main): Likewise.
    	* sysdeps/mips/tst-mode-switch-3.c (main): Likewise.
    
    (cherry picked from commit 0cdaef4dac5a885af9848e158e77cc347ee781bb)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0fb14a3850787dff765bbba70e74b5a4fa567726

commit 0fb14a3850787dff765bbba70e74b5a4fa567726
Author: Aurelien Jarno <aurelien@aurel32.net>
Date:   Tue Jun 21 23:59:37 2016 +0200

    MIPS, SPARC: more fixes to the vfork aliases in libpthread.so
    
    Commit 43c29487 tried to fix the vfork aliases in libpthread.so on MIPS
    and SPARC, but failed to do it correctly, introducing an ABI change.
    
    This patch does the remaining changes needed to align the MIPS and SPARC
    vfork implementations with the other architectures. That way the the
    alpha version of pt-vfork.S works correctly for MIPS and SPARC. The
    changes for alpha were done in 82aab97c.
    
    Changelog:
    	* sysdeps/unix/sysv/linux/mips/vfork.S (__vfork): Rename into
    	__libc_vfork.
    	(__vfork) [IS_IN (libc)]: Remove alias.
    	(__libc_vfork) [IS_IN (libc)]: Define as an alias.
    	* sysdeps/unix/sysv/linux/sparc/sparc32/vfork.S: Likewise.
    	* sysdeps/unix/sysv/linux/sparc/sparc64/vfork.S: Likewise.
    
    (cherry picked from commit b87c1ec3fa398646f042a68f0ce0f7d09c1348c7)

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=cf70de63627f8805702ba21648609730aaca5df0

commit cf70de63627f8805702ba21648609730aaca5df0
Author: Aurelien Jarno <aurelien@aurel32.net>
Date:   Sat Jun 18 19:11:23 2016 +0200

    MIPS, SPARC: fix wrong vfork aliases in libpthread.so
    
    With recent binutils versions the GNU libc fails to build on at least
    MISP and SPARC, with this kind of error:
    
      /home/aurel32/glibc/glibc-build/nptl/libpthread.so:(*IND*+0x0): multiple definition of `vfork@GLIBC_2.0'
      /home/aurel32/glibc/glibc-build/nptl/libpthread.so::(.text+0xee50): first defined here
    
    It appears that on these architectures pt-vfork.S includes vfork.S
    (through the alpha version of pt-vfork.S) and that the __vfork aliases
    are not conditionalized on IS_IN (libc) like on other architectures.
    Therefore the aliases are also wrongly included in libpthread.so.
    
    Fix this by properly conditionalizing the aliases like on other
    architectures.
    
    Changelog:
    	* sysdeps/unix/sysv/linux/mips/vfork.S (__vfork): Conditionalize
    	hidden_def, weak_alias and strong_alias on [IS_IN (libc)].
    	* sysdeps/unix/sysv/linux/sparc/sparc32/vfork.S: Likewise.
    	* sysdeps/unix/sysv/linux/sparc/sparc64/vfork.S: Likewise.
    
    (cherry picked from commit 43c2948756bb6e144c7b871e827bba37d61ad3a3)

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog                                          |  252 +++++++++++++++
 NEWS                                               |    7 +
 argp/argp-fmtstream.h                              |   19 +-
 argp/argp.h                                        |   42 +---
 libio/iofopncook.c                                 |   49 ++-
 malloc/arena.c                                     |   51 +++-
 nis/nss_nis/nis-initgroups.c                       |   16 +-
 nptl/tst-cancel17.c                                |   16 +
 nptl/tst-once5.cc                                  |    2 +
 nss/nss_db/db-XXX.c                                |    8 +-
 sysdeps/hppa/start.S                               |    2 +
 sysdeps/i386/i686/fpu/multiarch/libm-test-ulps     |   16 +-
 sysdeps/ia64/nptl/Makefile                         |    1 +
 sysdeps/mips/Makefile                              |    1 +
 sysdeps/mips/nptl/Makefile                         |    1 +
 sysdeps/mips/tst-mode-switch-1.c                   |    7 +-
 sysdeps/mips/tst-mode-switch-2.c                   |    7 +-
 sysdeps/mips/tst-mode-switch-3.c                   |    7 +-
 sysdeps/powerpc/powerpc32/power9/multiarch/Implies |    2 +-
 sysdeps/powerpc/powerpc64/power9/fpu/Implies       |    1 -
 sysdeps/s390/nptl/Makefile                         |    1 +
 sysdeps/unix/alpha/Makefile                        |    1 +
 sysdeps/unix/sysv/linux/alpha/Makefile             |    1 +
 sysdeps/unix/sysv/linux/arm/setcontext.S           |    7 +
 sysdeps/unix/sysv/linux/i386/Makefile              |    3 +
 sysdeps/unix/sysv/linux/ia64/Makefile              |    1 +
 sysdeps/unix/sysv/linux/microblaze/Makefile        |    3 +-
 sysdeps/unix/sysv/linux/mips/vfork.S               |   14 +-
 sysdeps/unix/sysv/linux/powerpc/Makefile           |    2 +
 sysdeps/unix/sysv/linux/s390/Makefile              |    1 +
 sysdeps/unix/sysv/linux/sparc/Makefile             |    2 +
 sysdeps/unix/sysv/linux/sparc/sparc32/vfork.S      |   10 +-
 .../unix/sysv/linux/sparc/sparc64/localplt.data    |    1 +
 sysdeps/unix/sysv/linux/sparc/sparc64/vfork.S      |   10 +-
 sysdeps/unix/sysv/linux/tile/Makefile              |    1 +
 sysdeps/x86/fpu/test-math-vector-sincos.h          |   98 ++++++
 sysdeps/x86_64/fpu/Makefile                        |   53 +++
 .../fpu/multiarch/svml_d_sincos2_core_sse4.S       |   56 ++++-
 .../fpu/multiarch/svml_d_sincos4_core_avx2.S       |   98 ++++++-
 .../fpu/multiarch/svml_d_sincos8_core_avx512.S     |  180 ++++++++++-
 .../fpu/multiarch/svml_s_sincosf16_core_avx512.S   |  310 ++++++++++++++++++-
 .../fpu/multiarch/svml_s_sincosf4_core_sse4.S      |   80 +++++-
 .../fpu/multiarch/svml_s_sincosf8_core_avx2.S      |  152 +++++++++-
 sysdeps/x86_64/fpu/svml_d_sincos2_core.S           |   83 +++++-
 sysdeps/x86_64/fpu/svml_d_sincos4_core.S           |  125 +++++++-
 sysdeps/x86_64/fpu/svml_d_sincos4_core_avx.S       |  120 +++++++-
 sysdeps/x86_64/fpu/svml_d_sincos8_core.S           |  201 ++++++++++++-
 sysdeps/x86_64/fpu/svml_s_sincosf16_core.S         |  335 +++++++++++++++++++-
 sysdeps/x86_64/fpu/svml_s_sincosf4_core.S          |  126 +++++++-
 sysdeps/x86_64/fpu/svml_s_sincosf8_core.S          |  173 ++++++++++-
 sysdeps/x86_64/fpu/svml_s_sincosf8_core_avx.S      |  179 ++++++++++-
 .../fpu/test-double-libmvec-sincos-avx-main.c      |    1 +
 .../x86_64/fpu/test-double-libmvec-sincos-avx.c    |    1 +
 .../fpu/test-double-libmvec-sincos-avx2-main.c     |    1 +
 .../x86_64/fpu/test-double-libmvec-sincos-avx2.c   |    1 +
 .../fpu/test-double-libmvec-sincos-avx512-main.c   |    1 +
 .../x86_64/fpu/test-double-libmvec-sincos-avx512.c |    1 +
 .../x86_64/fpu/test-double-libmvec-sincos-main.c   |   43 +++
 sysdeps/x86_64/fpu/test-double-libmvec-sincos.c    |   44 +++
 sysdeps/x86_64/fpu/test-double-vlen2-wrappers.c    |    6 +-
 .../x86_64/fpu/test-double-vlen4-avx2-wrappers.c   |   10 +-
 sysdeps/x86_64/fpu/test-double-vlen4-wrappers.c    |   10 +-
 sysdeps/x86_64/fpu/test-double-vlen8-wrappers.c    |   10 +-
 .../fpu/test-float-libmvec-sincosf-avx-main.c      |    1 +
 .../x86_64/fpu/test-float-libmvec-sincosf-avx.c    |    1 +
 .../fpu/test-float-libmvec-sincosf-avx2-main.c     |    1 +
 .../x86_64/fpu/test-float-libmvec-sincosf-avx2.c   |    1 +
 .../fpu/test-float-libmvec-sincosf-avx512-main.c   |    1 +
 .../x86_64/fpu/test-float-libmvec-sincosf-avx512.c |    1 +
 .../x86_64/fpu/test-float-libmvec-sincosf-main.c   |   42 +++
 sysdeps/x86_64/fpu/test-float-libmvec-sincosf.c    |   44 +++
 sysdeps/x86_64/fpu/test-float-vlen16-wrappers.c    |   10 +-
 sysdeps/x86_64/fpu/test-float-vlen4-wrappers.c     |   10 +-
 .../x86_64/fpu/test-float-vlen8-avx2-wrappers.c    |   13 +-
 sysdeps/x86_64/fpu/test-float-vlen8-wrappers.c     |   10 +-
 75 files changed, 3048 insertions(+), 150 deletions(-)
 create mode 100644 sysdeps/x86/fpu/test-math-vector-sincos.h
 create mode 100644 sysdeps/x86_64/fpu/test-double-libmvec-sincos-avx-main.c
 create mode 100644 sysdeps/x86_64/fpu/test-double-libmvec-sincos-avx.c
 create mode 100644 sysdeps/x86_64/fpu/test-double-libmvec-sincos-avx2-main.c
 create mode 100644 sysdeps/x86_64/fpu/test-double-libmvec-sincos-avx2.c
 create mode 100644 sysdeps/x86_64/fpu/test-double-libmvec-sincos-avx512-main.c
 create mode 100644 sysdeps/x86_64/fpu/test-double-libmvec-sincos-avx512.c
 create mode 100644 sysdeps/x86_64/fpu/test-double-libmvec-sincos-main.c
 create mode 100644 sysdeps/x86_64/fpu/test-double-libmvec-sincos.c
 create mode 100644 sysdeps/x86_64/fpu/test-float-libmvec-sincosf-avx-main.c
 create mode 100644 sysdeps/x86_64/fpu/test-float-libmvec-sincosf-avx.c
 create mode 100644 sysdeps/x86_64/fpu/test-float-libmvec-sincosf-avx2-main.c
 create mode 100644 sysdeps/x86_64/fpu/test-float-libmvec-sincosf-avx2.c
 create mode 100644 sysdeps/x86_64/fpu/test-float-libmvec-sincosf-avx512-main.c
 create mode 100644 sysdeps/x86_64/fpu/test-float-libmvec-sincosf-avx512.c
 create mode 100644 sysdeps/x86_64/fpu/test-float-libmvec-sincosf-main.c
 create mode 100644 sysdeps/x86_64/fpu/test-float-libmvec-sincosf.c
Comment 19 Sourceware Commits 2016-11-12 06:46:31 UTC
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, gentoo/2.23 has been updated
       via  82b0c63dad2c34183ad26f35891a05a6a1c09462 (commit)
      from  f6de5fee42f7698eab06e2ffb551680f4fb41258 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=82b0c63dad2c34183ad26f35891a05a6a1c09462

commit 82b0c63dad2c34183ad26f35891a05a6a1c09462
Author: Florian Weimer <fweimer@redhat.com>
Date:   Tue Aug 2 12:24:50 2016 +0200

    malloc: Preserve arena free list/thread count invariant [BZ #20370]
    
    It is necessary to preserve the invariant that if an arena is
    on the free list, it has thread attach count zero.  Otherwise,
    when arena_thread_freeres sees the zero attach count, it will
    add it, and without the invariant, an arena could get pushed
    to the list twice, resulting in a cycle.
    
    One possible execution trace looks like this:
    
    Thread 1 examines free list and observes it as empty.
    Thread 2 exits and adds its arena to the free list,
      with attached_threads == 0).
    Thread 1 selects this arena in reused_arena (not from the free list).
    Thread 1 increments attached_threads and attaches itself.
      (The arena remains on the free list.)
    Thread 1 exits, decrements attached_threads,
      and adds the arena to the free list.
    
    The final step creates a cycle in the usual way (by overwriting the
    next_free member with the former list head, while there is another
    list item pointing to the arena structure).
    
    tst-malloc-thread-exit exhibits this issue, but it was only visible
    with a debugger because the incorrect fix in bug 19243 removed
    the assert from get_free_list.
    
    (cherry picked from commit f88aab5d508c13ae4a88124e65773d7d827cd47b)
    (cherry picked from commit 026671037948fd31009243a2173278dfa0ac9b25)

-----------------------------------------------------------------------

Summary of changes:
 malloc/arena.c |   41 ++++++++++++++++++++++++++++++++++++-----
 1 files changed, 36 insertions(+), 5 deletions(-)