From: Wei Yang <richard.weiyang@gmail.com>
To: Matthew Wilcox <willy@infradead.org>
Cc: Wei Yang <richard.weiyang@gmail.com>,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 5/9] XArray: entry in last level is not expected to be a node
Date: Sun, 5 Apr 2020 11:07:43 +0000 [thread overview]
Message-ID: <20200405110743.bzpvz4jzwr4kharr@master> (raw)
In-Reply-To: <20200401222000.GK21484@bombadil.infradead.org>
On Wed, Apr 01, 2020 at 03:20:00PM -0700, Matthew Wilcox wrote:
>On Wed, Apr 01, 2020 at 10:10:21PM +0000, Wei Yang wrote:
>> On Tue, Mar 31, 2020 at 04:59:12PM -0700, Matthew Wilcox wrote:
>> >On Tue, Mar 31, 2020 at 10:04:40PM +0000, Wei Yang wrote:
>> >> cc -I. -I../../include -g -Og -Wall -D_LGPL_SOURCE -fsanitize=address -fsanitize=undefined -c -o main.o main.c
>> >> In file included from ./linux/../../../../include/linux/radix-tree.h:15,
>> >> from ./linux/radix-tree.h:5,
>> >> from main.c:10:
>> >> ./linux/rcupdate.h:5:10: fatal error: urcu.h: No such file or directory
>> >> 5 | #include <urcu.h>
>> >> | ^~~~~~~~
>> >> compilation terminated.
>> >> make: *** [<builtin>: main.o] Error 1
>> >
>> >Oh, you need liburcu installed. On Debian, that's liburcu-dev ... probably
>> >liburcu-devel on Red Hat style distros.
>>
>> The bad news is I didn't find the package on Fedora.
>
>Really? https://www.google.com/search?q=fedora+liburcu has the -devel
>package as the second hit from https://pkgs.org/search/?q=liburcu
Occasionally, I see this error message without my change on 5.6.
random seed 1586068185
running tests
XArray: 21151201 of 21151201 tests passed
=================================================================
==6040==ERROR: AddressSanitizer: heap-use-after-free on address 0x60c0031bce81 at pc 0x00000040b4b3 bp 0x7f95e87f9bb0 sp 0x7f95e87f9ba0
READ of size 1 at 0x60c0031bce81 thread T11
#0 0x40b4b2 in xas_find_marked ../../../lib/xarray.c:1182
#1 0x45318e in tagged_iteration_fn /root/git/linux/tools/testing/radix-tree/iteration_check.c:77
#2 0x7f95ef2464e1 in start_thread (/lib64/libpthread.so.0+0x94e1)
#3 0x7f95ee8026d2 in clone (/lib64/libc.so.6+0x1016d2)
0x60c0031bce81 is located 1 bytes inside of 128-byte region [0x60c0031bce80,0x60c0031bcf00)
freed by thread T1 here:
#0 0x7f95ef36c91f in __interceptor_free (/lib64/libasan.so.5+0x10d91f)
#1 0x43e4ba in kmem_cache_free /root/git/linux/tools/testing/radix-tree/linux.c:64
previously allocated by thread T13 here:
#0 0x7f95ef36cd18 in __interceptor_malloc (/lib64/libasan.so.5+0x10dd18)
#1 0x43e1af in kmem_cache_alloc /root/git/linux/tools/testing/radix-tree/linux.c:44
Thread T11 created by T0 here:
#0 0x7f95ef299955 in pthread_create (/lib64/libasan.so.5+0x3a955)
#1 0x454862 in iteration_test /root/git/linux/tools/testing/radix-tree/iteration_check.c:178
Thread T1 created by T0 here:
#0 0x7f95ef299955 in pthread_create (/lib64/libasan.so.5+0x3a955)
#1 0x7f95ef235b89 (/lib64/liburcu.so.6+0x3b89)
Thread T13 created by T0 here:
#0 0x7f95ef299955 in pthread_create (/lib64/libasan.so.5+0x3a955)
#1 0x4548a4 in iteration_test /root/git/linux/tools/testing/radix-tree/iteration_check.c:186
SUMMARY: AddressSanitizer: heap-use-after-free ../../../lib/xarray.c:1182 in xas_find_marked
Shadow bytes around the buggy address:
0x0c188062f980: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c188062f990: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa
0x0c188062f9a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c188062f9b0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x0c188062f9c0: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
=>0x0c188062f9d0:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c188062f9e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c188062f9f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c188062fa00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c188062fa10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c188062fa20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==6040==ABORTING
This is not always like this. Didn't figure out the reason yet. Hope you many
have some point.
--
Wei Yang
Help you, Help me
next prev parent reply other threads:[~2020-04-05 11:07 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-30 12:36 [PATCH 0/9] XArray: several cleanups Wei Yang
2020-03-30 12:36 ` [PATCH 1/9] XArray: fix comment on Zero/Retry entry Wei Yang
2020-03-30 12:46 ` Matthew Wilcox
2020-03-30 13:42 ` Wei Yang
2020-03-30 12:36 ` [PATCH 2/9] XArray: simplify the calculation of shift Wei Yang
2020-03-30 13:20 ` Matthew Wilcox
2020-03-30 14:07 ` Wei Yang
2020-03-30 12:36 ` [PATCH 3/9] XArray: handle a NULL head by itself Wei Yang
2020-03-30 12:36 ` [PATCH 4/9] XArray: don't expect to have more nr_values than count Wei Yang
2020-03-30 12:36 ` [PATCH 5/9] XArray: entry in last level is not expected to be a node Wei Yang
2020-03-30 12:48 ` Matthew Wilcox
2020-03-30 14:15 ` Wei Yang
2020-03-30 14:28 ` Matthew Wilcox
2020-03-30 22:10 ` Wei Yang
2020-03-31 13:42 ` Wei Yang
2020-03-31 16:42 ` Matthew Wilcox
2020-03-31 22:04 ` Wei Yang
2020-03-31 23:59 ` Matthew Wilcox
2020-04-01 22:10 ` Wei Yang
2020-04-01 22:20 ` Matthew Wilcox
2020-04-02 12:36 ` Wei Yang
2020-04-03 22:39 ` Wei Yang
2020-04-04 15:37 ` Matthew Wilcox
2020-04-05 11:07 ` Wei Yang [this message]
2020-04-05 21:56 ` Matthew Wilcox
2020-04-06 1:14 ` Wei Yang
2020-04-06 1:24 ` Wei Yang
2020-04-11 13:56 ` Wei Yang
2020-04-28 21:24 ` Wei Yang
2020-03-30 12:36 ` [PATCH 6/9] XArray: internal node is a xa_node when it is bigger than XA_ZERO_ENTRY Wei Yang
2020-03-30 12:50 ` Matthew Wilcox
2020-03-30 13:45 ` Wei Yang
2020-03-30 13:49 ` Matthew Wilcox
2020-03-30 14:13 ` Wei Yang
2020-03-30 14:27 ` Matthew Wilcox
2020-03-30 22:20 ` Wei Yang
2020-03-31 0:06 ` Matthew Wilcox
2020-03-31 13:40 ` Wei Yang
2020-03-30 12:36 ` [PATCH 7/9] XArray: the NULL xa_node condition is handled in xas_top Wei Yang
2020-03-30 12:36 ` [PATCH 8/9] XArray: take xas_error() handling for clearer logic Wei Yang
2020-03-30 12:36 ` [PATCH 9/9] XArray: adjust xa_offset till it gets the correct node Wei Yang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200405110743.bzpvz4jzwr4kharr@master \
--to=richard.weiyang@gmail.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.