← Back to team overview

kernel-packages team mailing list archive

[Bug 1486146] Re: recvfrom SYSCALL infinite loop/deadlock chewing 100% CPU (MSG_PEEK|MSG_WAITALL)

 

This bug was fixed in the package linux-lts-utopic -
3.16.0-50.66~14.04.1

---------------
linux-lts-utopic (3.16.0-50.66~14.04.1) trusty; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1494371

  [ Chris J Arges ]

  * [Config] DEFAULT_IOSCHED="deadline" for ppc64el
    - LP: #1469829

  [ Upstream Kernel Changes ]

  * tcp: fix recv with flags MSG_WAITALL | MSG_PEEK
    - LP: #1486146
  * netfilter: nfnetlink_cthelper: Remove 'const' and '&' to avoid warnings
    - LP: #1490901
  * Bluetooth: ath3k: Add a new ID 0cf3:e006 to ath3k list
    - LP: #1490901
  * Btrfs: use kmem_cache_free when freeing entry in inode cache
    - LP: #1490901
  * Btrfs: fix race between caching kthread and returning inode to inode
    cache
    - LP: #1490901
  * Btrfs: fix fsync data loss after append write
    - LP: #1490901
  * ext4: fix reservation release on invalidatepage for delalloc fs
    - LP: #1490901
  * ext4: be more strict when migrating to non-extent based file
    - LP: #1490901
  * ext4: correctly migrate a file with a hole at the beginning
    - LP: #1490901
  * ext4: replace open coded nofail allocation in ext4_free_blocks()
    - LP: #1490901
  * drm/radeon: Handle irqs only based on irq ring, not irq status regs.
    - LP: #1490901
  * drm/radeon: unpin cursor BOs on suspend and pin them again on resume
    (v2)
    - LP: #1490901
  * hpfs: kstrdup() out of memory handling
    - LP: #1490901
  * hpfs: hpfs_error: Remove static buffer, use vsprintf extension %pV
    instead
    - LP: #1490901
  * 9p: don't leave a half-initialized inode sitting around
    - LP: #1490901
  * MIPS: kernel: traps: Fix broken indentation
    - LP: #1490901
  * thermal: step_wise: fix: Prevent from binary overflow when trend is
    dropping
    - LP: #1490901
  * spi: pl022: Specify 'num-cs' property as required in devicetree binding
    - LP: #1490901
  * iio: twl4030-madc: Pass the IRQF_ONESHOT flag
    - LP: #1490901
  * iio: inv-mpu: Specify the expected format/precision for write channels
    - LP: #1490901
  * iio: DAC: ad5624r_spi: fix bit shift of output data value
    - LP: #1490901
  * iio: adc: at91_adc: allow to use full range of startup time
    - LP: #1490901
  * ALSA: usb-audio: Add MIDI support for Steinberg MI2/MI4
    - LP: #1490901
  * iio: tmp006: Check channel info on write
    - LP: #1490901
  * dm btree remove: fix bug in redistribute3
    - LP: #1490901
  * kbuild: Allow arch Makefiles to override {cpp,ld,c}flags
    - LP: #1490901
  * ARC: Override toplevel default -O2 with -O3
    - LP: #1490901
  * crypto: omap-des - Fix unmapping of dma channels
    - LP: #1490901
  * USB: option: add 2020:4000 ID
    - LP: #1490901
  * USB: cp210x: add ID for Aruba Networks controllers
    - LP: #1490901
  * dm btree: silence lockdep lock inversion in dm_btree_del()
    - LP: #1490901
  * usb: musb: host: rely on port_mode to call musb_start()
    - LP: #1490901
  * usb: f_mass_storage: limit number of reported LUNs
    - LP: #1490901
  * drm: add a check for x/y in drm_mode_setcrtc
    - LP: #1490901
  * bio integrity: do not assume bio_integrity_pool exists if bioset exists
    - LP: #1490901
  * ARM: dts: mx23: fix iio-hwmon support
    - LP: #1490901
  * tracing: Have branch tracer use recursive field of task struct
    - LP: #1490901
  * drivers: net: cpsw: fix crash while accessing second slave ethernet
    interface
    - LP: #1490901
  * USB: serial: Destroy serial_minors IDR on module exit
    - LP: #1490901
  * Btrfs: fix memory leak in the extent_same ioctl
    - LP: #1490901
  * Btrfs: fix list transaction->pending_ordered corruption
    - LP: #1490901
  * can: rcar_can: fix IRQ check
    - LP: #1490901
  * ARC: make sure instruction_pointer() returns unsigned value
    - LP: #1490901
  * Btrfs: fix file corruption after cloning inline extents
    - LP: #1490901
  * st: null pointer dereference panic caused by use after kref_put by
    st_open
    - LP: #1490901
  * drm/radeon: add a dpm quirk for Sapphire Radeon R9 270X 2GB GDDR5
    - LP: #1490901
  * drm/radeon: Don't flush the GART TLB if rdev->gart.ptr == NULL
    - LP: #1490901
  * genirq: Prevent resend to interrupts marked IRQ_NESTED_THREAD
    - LP: #1490901
  * ARM: 8404/1: dma-mapping: fix off-by-one error in bitmap size check
    - LP: #1490901
  * ipv6: Make MLD packets to only be processed locally
    - LP: #1490901
  * bridge: mdb: start delete timer for temp static entries
    - LP: #1490901
  * net: graceful exit from netif_alloc_netdev_queues()
    - LP: #1490901
  * ip_tunnel: fix ipv4 pmtu check to honor inner ip header df
    - LP: #1490901
  * bridge: mdb: zero out the local br_ip variable before use
    - LP: #1490901
  * net: do not process device backlog during unregistration
    - LP: #1490901
  * net: dsa: Test array index before use
    - LP: #1490901
  * net: dsa: Fix off-by-one in switch address parsing
    - LP: #1490901
  * can: rcar_can: print signed IRQ #
    - LP: #1490901
  * perf symbols: Store if there is a filter in place
    - LP: #1490901
  * perf hists browser: Take the --comm, --dsos, etc filters into account
    - LP: #1490901
  * rds: rds_ib_device.refcount overflow
    - LP: #1490901
  * mm: avoid setting up anonymous pages into file mapping
    - LP: #1490901
  * evm: labeling pseudo filesystems exception
    - LP: #1490901
  * USB: usbfs: allow URBs to be reaped after disconnection
    - LP: #1490901
  * sg_start_req(): make sure that there's not too many elements in iovec
    - LP: #1490901
  * HID: cp2112: fix to force single data-report reply
    - LP: #1490901
  * ata: pmp: add quirk for Marvell 4140 SATA PMP
    - LP: #1490901
  * libata: add ATA_HORKAGE_BROKEN_FPDMA_AA quirk for HP 250GB SATA disk
    VB0250EAVER
    - LP: #1490901
  * libata: add ATA_HORKAGE_NOTRIM
    - LP: #1490901
  * libata: force disable trim for SuperSSpeed S238
    - LP: #1490901
  * libata: increase the timeout when setting transfer mode
    - LP: #1490901
  * can: mcp251x: fix resume when device is down
    - LP: #1490901
  * libata: Do not blacklist M510DC
    - LP: #1490901
  * mac80211: clear subdir_stations when removing debugfs
    - LP: #1490901
  * iio: adc: vf610: fix the adc register read fail issue
    - LP: #1490901
  * net: mvneta: fix refilling for Rx DMA buffers
    - LP: #1490901
  * ALSA: hda - Add new GPU codec ID 0x10de007d to snd-hda
    - LP: #1490901
  * xdrm/i915: Use two 32bit reads for select 64bit REG_READ ioctls
    - LP: #1490901
  * usb: dwc3: gadget: return error if command sent to DEPCMD register
    fails
    - LP: #1490901
  * usb: dwc3: Reset the transfer resource index on SET_INTERFACE
    - LP: #1490901
  * usb: xhci: Bugfix for NULL pointer deference in xhci_endpoint_init()
    function
    - LP: #1490901
  * xhci: Calculate old endpoints correctly on device reset
    - LP: #1490901
  * xhci: report U3 when link is in resume state
    - LP: #1490901
  * xhci: prevent bus_suspend if SS port resuming in phase 1
    - LP: #1490901
  * xhci: do not report PLC when link is in internal resume state
    - LP: #1490901
  * usb: core: lpm: set lpm_capable for root hub device
    - LP: #1490901
  * USB: OHCI: Fix race between ED unlink and URB submission
    - LP: #1490901
  * usb-storage: ignore ZTE MF 823 card reader in mode 0x1225
    - LP: #1490901
  * blkcg: fix gendisk reference leak in blkg_conf_prep()
    - LP: #1490901
  * tile: use free_bootmem_late() for initrd
    - LP: #1490901
  * Input: usbtouchscreen - avoid unresponsive TSC-30 touch screen
    - LP: #1490901
  * block: Do a full clone when splitting discard bios
    - LP: #1490901
  * md/raid1: fix test for 'was read error from last working device'.
    - LP: #1490901
  * mmc: omap_hsmmc: Fix DTO and DCRC handling
    - LP: #1490901
  * mtd: nand: Fix NAND_USE_BOUNCE_BUFFER flag conflict
    - LP: #1490901
  * net/xen-netback: off by one in BUG_ON() condition
    - LP: #1490901
  * bridge: mdb: fix double add notification
    - LP: #1490901
  * isdn/gigaset: reset tty->receive_room when attaching ser_gigaset
    - LP: #1490901
  * usb: gadget: mv_udc_core: fix phy_regs I/O memory leak
    - LP: #1490901
  * bonding: fix destruction of bond with devices different from
    arphrd_ether
    - LP: #1490901
  * bonding: correctly handle bonding type change on enslave failure
    - LP: #1490901
  * inet: frags: fix defragmented packet's IP header for af_packet
    - LP: #1490901
  * mmc: block: Add missing mmc_blk_put() in power_ro_lock_show()
    - LP: #1490901
  * mmc: sdhci-esdhc: Make 8BIT bus work
    - LP: #1490901
  * mmc: sdhci-pxav3: fix platform_data is not initialized
    - LP: #1490901
  * freeing unlinked file indefinitely delayed
    - LP: #1490901
  * s390/sclp: clear upper register halves in _sclp_print_early
    - LP: #1490901
  * s390/process: fix sfpc inline assembly
    - LP: #1490901
  * mmc: sdhci: Fix FSL ESDHC reset handling quirk
    - LP: #1490901
  * md: fix a build warning
    - LP: #1490901
  * Linux 3.16.7-ckt16
    - LP: #1490901

 -- Luis Henriques <luis.henriques@xxxxxxxxxxxxx>  Thu, 10 Sep 2015
16:38:21 +0100

** Changed in: linux-lts-utopic (Ubuntu Trusty)
       Status: Fix Committed => Fix Released

** Changed in: linux (Ubuntu Vivid)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1486146

Title:
  recvfrom SYSCALL infinite loop/deadlock chewing 100% CPU
  (MSG_PEEK|MSG_WAITALL)

Status in Linux:
  Unknown
Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Trusty:
  Fix Released
Status in linux-lts-utopic source package in Trusty:
  Fix Released
Status in linux source package in Vivid:
  Fix Released
Status in linux source package in Wily:
  Fix Released

Bug description:
  In a multi-threaded pthreads process running on Ubuntu 14.04 AMD64
  (with over 1000 threads) which uses real time FIFO scheduling, we
  occasionally see calls to recv() with flags (MSG_PEEK | MSG_WAITALL)
  get stuck in an infinte loop or deadlock meaning the threads lock up
  chewing as much CPU as they can (due to FIFO scheduling) while stuck
  inside recv().

  Here's an example gdb back trace:

  [Switching to thread 4 (Thread 0x7f6040546700 (LWP 27251))]
  #0  0x00007f6231d2f7eb in __libc_recv (fd=fd@entry=146, buf=buf@entry=0x7f6040543600, n=n@entry=5, flags=-1, flags@entry=258) at ../sysdeps/unix/sysv/linux/x86_64/recv.c:33
  33      ../sysdeps/unix/sysv/linux/x86_64/recv.c: No such file or directory.
  (gdb) bt
  #0  0x00007f6231d2f7eb in __libc_recv (fd=fd@entry=146, buf=buf@entry=0x7f6040543600, n=n@entry=5, flags=-1, flags@entry=258) at ../sysdeps/unix/sysv/linux/x86_64/recv.c:33
  #1  0x0000000000421945 in recv (__flags=258, __n=5, __buf=0x7f6040543600, __fd=146) at /usr/include/x86_64-linux-gnu/bits/socket2.h:44
  [snip]

  The socket is a TCP socket in blocking mode, the recv() call is inside
  an outer loop with a counter, and I've checked the counter with gdb
  and it's always at 1, meaning that I'm sure that the outer loop isn't
  the problem, the thread is indeed deadlocked inside the recv()
  internals.

  Other nodes:
  * There always seems to be 2 or more threads deadlocked in the same place (same recv() call but with distinct FDs)
  * The threads calling recv() have cancellation disbaled by previously executing: thread_setcancelstate(PTHREAD_CANCEL_DISABLE, NULL);

  I've even tried adding a poll() call for POLLRDNORM on the socket
  before calling recv() with MSG_PEEK | MSG_WAITALL flags to try to make
  sure there's data available on the socket before calling *recv()*, but
  it makes no difference.

  So, I don't know what is wrong here, I've read all the recv()
  documentation and believe that recv() is being used correctly, the
  only conclusion I can come to is that there is a bug in libc recv()
  when using flags MSG_PEEK | MSG_WAITALL with thousands of pthreads
  running.

  ===
  break-fix: - dfbafc995304ebb9a9b03f65083e6e9cea143b20

To manage notifications about this bug go to:
https://bugs.launchpad.net/linux/+bug/1486146/+subscriptions


References