From: Vasily Gorbik <gor@linux.ibm.com>
To: Liam Howlett <liam.howlett@oracle.com>
Cc: "maple-tree@lists.infradead.org" <maple-tree@lists.infradead.org>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
Heiko Carstens <hca@linux.ibm.com>,
Alexander Gordeev <agordeev@linux.ibm.com>
Subject: Re: [PATCH v6 08/71] Maple Tree: Add new data structure
Date: Sun, 27 Feb 2022 13:46:12 +0100 [thread overview]
Message-ID: <your-ad-here.call-01645965972-ext-7155@work.hours> (raw)
In-Reply-To: <your-ad-here.call-01645924312-ext-0398@work.hours>
On Sun, Feb 27, 2022 at 02:11:52AM +0100, Vasily Gorbik wrote:
> Hi Liam,
>
> there is an endianness issue with maple_metadata. This is broken on
> all big endian architectures. Tests are crashing. See potential fixup
> below. Feel free to apply it or fix the issue in your own way. This does
> not resolve all the issues with the patch series though.
Besides this obvious endianness issue there could be synchronization
issue(s) which manifest on s390 with maple tree tests.
I've double checked that:
- userspace-rcu 13.1 I'm using passes unit and regression tests
- maple tree tests are also crashing with asan/ubsan disabled
If I disable check_rcu_simulated() then in most -Og/-O2 asan
enabled/disabled combinations the rest of the tests happen pass for me now.
But otherwise I see "random" crashes not specific to check_rcu_simulated().
I'll try to find time to look into that and isolate issues further.
E.g. with -O2:
==441271==ERROR: AddressSanitizer: heap-use-after-free on address 0x61c00240fd24 at pc 0x000001003c62 bp 0x03ffb58fe8b0 sp 0x03ffb58fe8a8 [0/9325]
READ of size 4 at 0x61c00240fd24 thread T1
#0 0x1003c61 in mas_dead_walk ../../../lib/maple_tree.c:5403
#1 0x101bbcb in mt_free_walk ../../../lib/maple_tree.c:5428
#2 0x3ffb9c841e5 in call_rcu_thread /userspace-rcu/src/urcu-call-rcu-impl.h:369
#3 0x3ffb919cf8b in start_thread pthread_create.c:435
#4 0x3ffb92164fd (/lib64/libc.so.6+0x1164fd)
0x61c00240fd24 is located 1060 bytes inside of 1536-byte region [0x61c00240f900,0x61c00240ff00)
freed by thread T1 here:
#0 0x3ffb9db005b in __interceptor_free ../../../../libsanitizer/asan/asan_malloc_linux.cpp:127
#1 0x10fa17f in kmem_cache_free /devel/src/kernel/tools/testing/radix-tree/linux.c:116
previously allocated by thread T0 here:
#0 0x3ffb9db0f59 in __interceptor_posix_memalign ../../../../libsanitizer/asan/asan_malloc_linux.cpp:226
#1 0x10faa21 in kmem_cache_alloc_bulk /devel/src/kernel/tools/testing/radix-tree/linux.c:162
#2 0x3fffdb7e6af ([stack]+0xc36af)
Thread T1 created by T0 here:
#0 0x3ffb9d5a28f in __interceptor_pthread_create ../../../../libsanitizer/asan/asan_interceptors.cpp:216
#1 0x3ffb9c827d9 in call_rcu_data_init /userspace-rcu/src/urcu-call-rcu-impl.h:434
SUMMARY: AddressSanitizer: heap-use-after-free ../../../lib/maple_tree.c:5403 in mas_dead_walk
Shadow bytes around the buggy address:
0x100c3800481f50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x100c3800481f60: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x100c3800481f70: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x100c3800481f80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x100c3800481f90: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x100c3800481fa0: fd fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd
0x100c3800481fb0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x100c3800481fc0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x100c3800481fd0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x100c3800481fe0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x100c3800481ff0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==441271==ABORTING
Or even stall on rcu_barrier() with default -Og:
Thread 2 (Thread 0x3ffa5bff800 (LWP 439996) "maple"):
#0 futex_wait (private=0, expected=2, futex_word=0x3ffa5bfea40) at ../sysdeps/nptl/futex-internal.h:146
#1 __GI___lll_lock_wait (futex=futex@entry=0x3ffa5bfea40, private=<optimized out>) at lowlevellock.c:50
#2 0x000003ffa94202e8 in lll_mutex_lock_optimized (mutex=0x3ffa5bfea40) at pthread_mutex_lock.c:49
#3 ___pthread_mutex_lock (mutex=0x3ffa5bfea40) at pthread_mutex_lock.c:89
#4 0x000000000102180e in mt_free_walk (head=0x61c00240e908) at ../../../lib/maple_tree.c:5425
#5 0x000003ffa9f041e6 in call_rcu_thread (arg=0x60c000000040) at urcu-call-rcu-impl.h:369
#6 0x000003ffa941cf8c in start_thread (arg=<optimized out>) at pthread_create.c:435
#7 0x000003ffa94964fe in thread_start () at ../sysdeps/unix/sysv/linux/s390/s390-64/clone.S:67
Thread 1 (Thread 0x3ffaaa6f980 (LWP 439995) "maple"):
#0 syscall () at ../sysdeps/unix/sysv/linux/s390/s390-64/syscall.S:37
#1 0x000003ffa9f03c0a in futex (val3=0, uaddr2=0x0, timeout=0x0, val=-1, op=0, uaddr=0x602000000554) at ../include/urcu/futex.h:72
#2 futex_noasync (timeout=0x0, uaddr2=0x0, val3=0, val=-1, op=0, uaddr=0x602000000554) at ../include/urcu/futex.h:81
#3 call_rcu_completion_wait (completion=0x602000000550) at urcu-call-rcu-impl.h:279
#4 urcu_memb_barrier () at urcu-call-rcu-impl.h:895
#5 urcu_memb_barrier () at urcu-call-rcu-impl.h:840
#6 0x00000000010bfc0a in maple_tree_seed () at ../../../lib/test_maple_tree.c:37385
#7 0x00000000010c0280 in maple_tree_tests () at maple.c:47
#8 0x00000000010c02a0 in main () at maple.c:54
next prev parent reply other threads:[~2022-02-27 12:46 UTC|newest]
Thread overview: 101+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-15 14:37 [PATCH v6 00/71] Introducing the Maple Tree Liam Howlett
2022-02-15 14:42 ` [PATCH v6 01/71] binfmt_elf: Take the mmap lock when walking the VMA list Liam Howlett
2022-02-15 14:42 ` [PATCH v6 03/71] radix tree test suite: Add pr_err define Liam Howlett
2022-02-15 14:42 ` [PATCH v6 02/71] xarray: Fix bitmap breakage Liam Howlett
2022-02-15 14:42 ` [PATCH v6 04/71] radix tree test suite: Add kmem_cache_set_non_kernel() Liam Howlett
2022-02-15 14:42 ` [PATCH v6 05/71] radix tree test suite: Add allocation counts and size to kmem_cache Liam Howlett
2022-02-15 14:42 ` [PATCH v6 06/71] radix tree test suite: Add support for slab bulk APIs Liam Howlett
2022-02-15 14:42 ` [PATCH v6 07/71] radix tree test suite: Add lockdep_is_held to header Liam Howlett
2022-02-15 14:43 ` [PATCH v6 08/71] Maple Tree: Add new data structure Liam Howlett
2022-02-16 10:11 ` Mark Hemment
2022-02-16 18:25 ` Liam Howlett
2022-02-27 1:11 ` Vasily Gorbik
2022-02-27 12:46 ` Vasily Gorbik [this message]
2022-02-28 14:36 ` Liam Howlett
2022-03-01 2:01 ` Vasily Gorbik
2022-03-01 20:39 ` Liam Howlett
2022-03-01 22:50 ` Vasily Gorbik
2022-03-01 22:56 ` Vasily Gorbik
2022-03-02 14:08 ` Liam Howlett
2022-02-15 14:43 ` [PATCH v6 09/71] lib/test_maple_tree: Add testing for maple tree Liam Howlett
2022-02-15 14:43 ` [PATCH v6 10/71] mm: Start tracking VMAs with " Liam Howlett
2022-02-15 14:43 ` [PATCH v6 11/71] mm: Add VMA iterator Liam Howlett
2022-02-16 10:50 ` Mark Hemment
2022-02-16 18:32 ` Liam Howlett
2022-02-15 14:43 ` [PATCH v6 12/71] mmap: Use the VMA iterator in count_vma_pages_range() Liam Howlett
2022-02-15 14:43 ` [PATCH v6 13/71] mm/mmap: Use the maple tree in find_vma() instead of the rbtree Liam Howlett
2022-02-15 14:43 ` [PATCH v6 15/71] mm/mmap: Use maple tree for unmapped_area{_topdown} Liam Howlett
2022-02-15 14:43 ` [PATCH v6 16/71] kernel/fork: Use maple tree for dup_mmap() during forking Liam Howlett
2022-02-15 14:43 ` [PATCH v6 14/71] mm/mmap: Use the maple tree for find_vma_prev() instead of the rbtree Liam Howlett
2022-02-15 14:43 ` [PATCH v6 18/71] proc: Remove VMA rbtree use from nommu Liam Howlett
2022-02-15 14:43 ` [PATCH v6 17/71] damon: Convert __damon_va_three_regions to use the VMA iterator Liam Howlett
2022-02-15 14:43 ` [PATCH v6 19/71] mm: Remove rb tree Liam Howlett
2022-02-15 14:43 ` [PATCH v6 20/71] mmap: Change zeroing of maple tree in __vma_adjust() Liam Howlett
2022-02-15 14:43 ` [PATCH v6 23/71] mm/khugepaged: Optimize collapse_pte_mapped_thp() by using vma_lookup() Liam Howlett
2022-02-15 14:43 ` [PATCH v6 21/71] xen: Use vma_lookup() in privcmd_ioctl_mmap() Liam Howlett
2022-02-15 14:43 ` [PATCH v6 22/71] mm: Optimize find_exact_vma() to use vma_lookup() Liam Howlett
2022-02-15 14:43 ` [PATCH v6 25/71] mm: Use maple tree operations for find_vma_intersection() Liam Howlett
2022-02-15 14:43 ` [PATCH v6 24/71] mm/mmap: Change do_brk_flags() to expand existing VMA and add do_brk_munmap() Liam Howlett
2022-02-15 14:43 ` [PATCH v6 26/71] mm/mmap: Use advanced maple tree API for mmap_region() Liam Howlett
2022-02-15 14:43 ` [PATCH v6 27/71] mm: Remove vmacache Liam Howlett
2022-02-15 14:43 ` [PATCH v6 28/71] mm: Convert vma_lookup() to use mtree_load() Liam Howlett
2022-02-15 14:43 ` [PATCH v6 29/71] mm/mmap: Move mmap_region() below do_munmap() Liam Howlett
2022-02-15 14:43 ` [PATCH v6 30/71] mm/mmap: Reorganize munmap to use maple states Liam Howlett
2022-02-15 14:43 ` [PATCH v6 31/71] mm/mmap: Change do_brk_munmap() to use do_mas_align_munmap() Liam Howlett
2022-02-15 14:43 ` [PATCH v6 32/71] arm64: Remove mmap linked list from vdso Liam Howlett
2022-02-15 14:43 ` [PATCH v6 35/71] s390: Remove vma linked list walks Liam Howlett
2022-02-15 14:43 ` [PATCH v6 33/71] parisc: Remove mmap linked list from cache handling Liam Howlett
2022-02-17 20:18 ` Fwd: " Helge Deller
2022-02-15 14:43 ` [PATCH v6 34/71] powerpc: Remove mmap linked list walks Liam Howlett
2022-02-15 14:43 ` [PATCH v6 37/71] xtensa: Remove vma " Liam Howlett
2022-02-15 14:43 ` [PATCH v6 38/71] cxl: Remove vma linked list walk Liam Howlett
2022-02-15 14:43 ` [PATCH v6 36/71] x86: Remove vma linked list walks Liam Howlett
2022-02-15 14:43 ` [PATCH v6 40/71] um: Remove vma linked list walk Liam Howlett
2022-02-15 14:43 ` [PATCH v6 39/71] optee: " Liam Howlett
2022-02-15 14:43 ` [PATCH v6 41/71] binfmt_elf: " Liam Howlett
2022-02-15 14:43 ` [PATCH v6 43/71] exec: Use VMA iterator instead of linked list Liam Howlett
2022-02-15 14:43 ` [PATCH v6 42/71] coredump: Remove vma linked list walk Liam Howlett
2022-02-15 14:43 ` [PATCH v6 45/71] fs/proc/task_mmu: Stop using linked list and highest_vm_end Liam Howlett
2022-02-15 14:43 ` [PATCH v6 44/71] fs/proc/base: Use maple tree iterators in place of linked list Liam Howlett
2022-02-15 14:43 ` [PATCH v6 47/71] ipc/shm: Use VMA iterator instead " Liam Howlett
2022-02-15 14:43 ` [PATCH v6 46/71] userfaultfd: Use maple tree iterator to iterate VMAs Liam Howlett
2022-02-15 14:43 ` [PATCH v6 48/71] acct: Use VMA iterator instead of linked list Liam Howlett
2022-02-15 14:43 ` [PATCH v6 49/71] perf: Use VMA iterator Liam Howlett
2022-02-15 14:43 ` [PATCH v6 50/71] sched: Use maple tree iterator to walk VMAs Liam Howlett
2022-02-15 14:43 ` [PATCH v6 51/71] fork: Use VMA iterator Liam Howlett
2022-02-15 14:43 ` [PATCH v6 52/71] bpf: Remove VMA linked list Liam Howlett
2022-02-15 14:43 ` [PATCH v6 53/71] mm/gup: Use maple tree navigation instead of " Liam Howlett
2022-02-15 14:43 ` [PATCH v6 55/71] mm/ksm: Use vma iterators instead of vma " Liam Howlett
2022-02-15 14:43 ` [PATCH v6 54/71] mm/khugepaged: Stop using " Liam Howlett
2022-02-15 14:43 ` [PATCH v6 57/71] mm/memcontrol: Stop using mm->highest_vm_end Liam Howlett
2022-02-15 14:43 ` [PATCH v6 56/71] mm/madvise: Use vma_find() instead of vma linked list Liam Howlett
2022-02-15 14:43 ` [PATCH v6 58/71] mm/mempolicy: Use vma iterator & maple state " Liam Howlett
2022-02-15 14:43 ` [PATCH v6 61/71] mm/mremap: Use vma_find_intersection() " Liam Howlett
2022-02-15 14:43 ` [PATCH v6 60/71] mm/mprotect: Use maple tree navigation " Liam Howlett
2022-02-15 14:43 ` [PATCH v6 59/71] mm/mlock: Use vma iterator and " Liam Howlett
2022-02-15 14:43 ` [PATCH v6 62/71] mm/msync: Use vma_find() " Liam Howlett
2022-02-15 14:43 ` [PATCH v6 63/71] mm/oom_kill: Use maple tree iterators " Liam Howlett
2022-02-15 14:43 ` [PATCH v6 64/71] mm/pagewalk: Use vma_find() " Liam Howlett
2022-02-15 14:43 ` [PATCH v6 66/71] i915: Use the VMA iterator Liam Howlett
2022-02-15 14:43 ` [PATCH v6 65/71] mm/swapfile: Use vma iterator instead of vma linked list Liam Howlett
2022-02-15 14:43 ` [PATCH v6 68/71] riscv: Use vma iterator for vdso Liam Howlett
2022-02-15 14:43 ` [PATCH v6 69/71] mm: Remove the vma linked list Liam Howlett
2022-02-15 14:43 ` [PATCH v6 67/71] nommu: Remove uses of VMA " Liam Howlett
2022-02-15 14:43 ` [PATCH v6 70/71] mm/mmap: Drop range_has_overlap() function Liam Howlett
2022-02-15 14:43 ` [PATCH v6 71/71] mm/mmap.c: Pass in mapping to __vma_link_file() Liam Howlett
2022-02-16 19:47 ` [PATCH v6 00/71] Introducing the Maple Tree Andrew Morton
2022-02-16 20:24 ` Matthew Wilcox
2022-02-23 16:35 ` Mel Gorman
2022-02-23 16:45 ` Matthew Wilcox
2022-02-25 3:49 ` Qian Cai
2022-02-25 19:08 ` Liam Howlett
2022-02-25 20:23 ` Liam Howlett
2022-02-25 20:46 ` Qian Cai
2022-02-25 23:00 ` Nathan Chancellor
2022-02-26 1:58 ` Liam Howlett
2022-02-26 23:19 ` Hugh Dickins
2022-02-27 18:32 ` Hugh Dickins
2022-02-28 14:26 ` Liam Howlett
2022-02-28 11:56 ` Qian Cai
2022-02-27 2:22 ` Vasily Gorbik
2022-02-28 14:56 ` Liam Howlett
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=your-ad-here.call-01645965972-ext-7155@work.hours \
--to=gor@linux.ibm.com \
--cc=agordeev@linux.ibm.com \
--cc=akpm@linux-foundation.org \
--cc=hca@linux.ibm.com \
--cc=liam.howlett@oracle.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=maple-tree@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.