From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Message-ID: <527AB23D.2060305@gmx.de> Date: Wed, 06 Nov 2013 22:18:53 +0100 From: =?UTF-8?B?VG9yYWxmIEbDtnJzdGVy?= MIME-Version: 1.0 References: <526696BF.6050909@gmx.de> <5266A698.10400@gmx.de> <5266B60A.1000005@nod.at> <52715AD1.7000703@gmx.de> In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: QUOTED-PRINTABLE Sender: linux-kernel-owner@vger.kernel.org Subject: Re: [uml-devel] fuzz tested 32 bit user mode linux image hangs in radix_tree_next_chunk() To: Konstantin Khlebnikov Cc: Richard Weinberger , Richard Weinberger , Linux Kernel , linux-fsdevel , "linux-mm@kvack.org" , UML devel List-ID: On 11/06/2013 05:06 PM, Konstantin Khlebnikov wrote: > In this case it must stop after scanning whole tree in line: > /* Overflow after ~0UL */ > if (!index) > return NULL; >=20 A fresh current example with latest git tree shows that lines 769 and 7= 70 do alternate : tfoerste@n22 ~/devel/linux $ sudo gdb /usr/local/bin/linux-v3.12-48-gbe= 408cd 16619 -n -batch -ex bt 0x08296a8c in radix_tree_next_chunk (root=3D0x25, iter=3D0x462e7c64, fl= ags=3D12) at lib/radix-tree.c:770 770 if (node->slots[offset]= ) #0 0x08296a8c in radix_tree_next_chunk (root=3D0x25, iter=3D0x462e7c64= , flags=3D12) at lib/radix-tree.c:770 #1 0x080cc1fe in find_get_pages (mapping=3D0x462ad470, start=3D0, nr_p= ages=3D14, pages=3D0xc) at mm/filemap.c:844 #2 0x080d5d6a in pagevec_lookup (pvec=3D0x462e7cc8, mapping=3D0x25, st= art=3D37, nr_pages=3D37) at mm/swap.c:914 #3 0x080d615a in truncate_inode_pages_range (mapping=3D0x462ad470, lst= art=3D0, lend=3D-1) at mm/truncate.c:241 #4 0x080d64ff in truncate_inode_pages (mapping=3D0x25, lstart=3D515396= 07589) at mm/truncate.c:358 tfoerste@n22 ~/devel/linux $ sudo gdb /usr/local/bin/linux-v3.12-48-gbe= 408cd 16619 -n -batch -ex bt radix_tree_next_chunk (root=3D0x28, iter=3D0x462e7c64, flags=3D18) at l= ib/radix-tree.c:769 769 while (++offset < RADIX_TREE_MA= P_SIZE) { #0 radix_tree_next_chunk (root=3D0x28, iter=3D0x462e7c64, flags=3D18) = at lib/radix-tree.c:769 #1 0x080cc1fe in find_get_pages (mapping=3D0x462ad470, start=3D0, nr_p= ages=3D14, pages=3D0x12) at mm/filemap.c:844 #2 0x080d5d6a in pagevec_lookup (pvec=3D0x462e7cc8, mapping=3D0x28, st= art=3D40, nr_pages=3D40) at mm/swap.c:914 #3 0x080d615a in truncate_inode_pages_range (mapping=3D0x462ad470, lst= art=3D0, lend=3D-1) at mm/truncate.c:241 #4 0x080d64ff in truncate_inode_pages (mapping=3D0x28, lstart=3D773094= 11368) at mm/truncate.c:358 #5 0x0825e388 in hostfs_evict_inode (inode=3D0x462ad3b8) at fs/hostfs/= hostfs_kern.c:242 #6 0x0811a8df in evict (inode=3D0x462ad3b8) at fs/inode.c:549 --=20 MfG/Sincerely Toralf F=C3=B6rster pgp finger print: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 7DB6 9DA3 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel"= in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/ From mboxrd@z Thu Jan 1 00:00:00 1970 From: =?UTF-8?B?VG9yYWxmIEbDtnJzdGVy?= Subject: Re: [uml-devel] fuzz tested 32 bit user mode linux image hangs in radix_tree_next_chunk() Date: Wed, 06 Nov 2013 22:18:53 +0100 Message-ID: <527AB23D.2060305@gmx.de> References: <526696BF.6050909@gmx.de> <5266A698.10400@gmx.de> <5266B60A.1000005@nod.at> <52715AD1.7000703@gmx.de> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: Richard Weinberger , Richard Weinberger , Linux Kernel , linux-fsdevel , "linux-mm@kvack.org" , UML devel To: Konstantin Khlebnikov Return-path: In-Reply-To: Sender: owner-linux-mm@kvack.org List-Id: linux-fsdevel.vger.kernel.org On 11/06/2013 05:06 PM, Konstantin Khlebnikov wrote: > In this case it must stop after scanning whole tree in line: > /* Overflow after ~0UL */ > if (!index) > return NULL; >=20 A fresh current example with latest git tree shows that lines 769 and 770= do alternate : tfoerste@n22 ~/devel/linux $ sudo gdb /usr/local/bin/linux-v3.12-48-gbe40= 8cd 16619 -n -batch -ex bt 0x08296a8c in radix_tree_next_chunk (root=3D0x25, iter=3D0x462e7c64, flag= s=3D12) at lib/radix-tree.c:770 770 if (node->slots[offset]) #0 0x08296a8c in radix_tree_next_chunk (root=3D0x25, iter=3D0x462e7c64, = flags=3D12) at lib/radix-tree.c:770 #1 0x080cc1fe in find_get_pages (mapping=3D0x462ad470, start=3D0, nr_pag= es=3D14, pages=3D0xc) at mm/filemap.c:844 #2 0x080d5d6a in pagevec_lookup (pvec=3D0x462e7cc8, mapping=3D0x25, star= t=3D37, nr_pages=3D37) at mm/swap.c:914 #3 0x080d615a in truncate_inode_pages_range (mapping=3D0x462ad470, lstar= t=3D0, lend=3D-1) at mm/truncate.c:241 #4 0x080d64ff in truncate_inode_pages (mapping=3D0x25, lstart=3D51539607= 589) at mm/truncate.c:358 tfoerste@n22 ~/devel/linux $ sudo gdb /usr/local/bin/linux-v3.12-48-gbe40= 8cd 16619 -n -batch -ex bt radix_tree_next_chunk (root=3D0x28, iter=3D0x462e7c64, flags=3D18) at lib= /radix-tree.c:769 769 while (++offset < RADIX_TREE_MAP_= SIZE) { #0 radix_tree_next_chunk (root=3D0x28, iter=3D0x462e7c64, flags=3D18) at= lib/radix-tree.c:769 #1 0x080cc1fe in find_get_pages (mapping=3D0x462ad470, start=3D0, nr_pag= es=3D14, pages=3D0x12) at mm/filemap.c:844 #2 0x080d5d6a in pagevec_lookup (pvec=3D0x462e7cc8, mapping=3D0x28, star= t=3D40, nr_pages=3D40) at mm/swap.c:914 #3 0x080d615a in truncate_inode_pages_range (mapping=3D0x462ad470, lstar= t=3D0, lend=3D-1) at mm/truncate.c:241 #4 0x080d64ff in truncate_inode_pages (mapping=3D0x28, lstart=3D77309411= 368) at mm/truncate.c:358 #5 0x0825e388 in hostfs_evict_inode (inode=3D0x462ad3b8) at fs/hostfs/ho= stfs_kern.c:242 #6 0x0811a8df in evict (inode=3D0x462ad3b8) at fs/inode.c:549 --=20 MfG/Sincerely Toralf F=C3=B6rster pgp finger print: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 7DB6 9DA3 -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pb0-f50.google.com (mail-pb0-f50.google.com [209.85.160.50]) by kanga.kvack.org (Postfix) with ESMTP id 4A6C66B0104 for ; Wed, 6 Nov 2013 16:18:59 -0500 (EST) Received: by mail-pb0-f50.google.com with SMTP id uo15so78179pbc.23 for ; Wed, 06 Nov 2013 13:18:58 -0800 (PST) Received: from psmtp.com ([74.125.245.185]) by mx.google.com with SMTP id yj4si458598pac.137.2013.11.06.13.18.56 for ; Wed, 06 Nov 2013 13:18:57 -0800 (PST) Received: from [192.168.178.21] ([78.54.129.126]) by mail.gmx.com (mrgmx003) with ESMTPSA (Nemesis) id 0LyVpm-1Vj05g2igg-015stH for ; Wed, 06 Nov 2013 22:18:54 +0100 Message-ID: <527AB23D.2060305@gmx.de> Date: Wed, 06 Nov 2013 22:18:53 +0100 From: =?UTF-8?B?VG9yYWxmIEbDtnJzdGVy?= MIME-Version: 1.0 Subject: Re: [uml-devel] fuzz tested 32 bit user mode linux image hangs in radix_tree_next_chunk() References: <526696BF.6050909@gmx.de> <5266A698.10400@gmx.de> <5266B60A.1000005@nod.at> <52715AD1.7000703@gmx.de> In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: owner-linux-mm@kvack.org List-ID: To: Konstantin Khlebnikov Cc: Richard Weinberger , Richard Weinberger , Linux Kernel , linux-fsdevel , "linux-mm@kvack.org" , UML devel On 11/06/2013 05:06 PM, Konstantin Khlebnikov wrote: > In this case it must stop after scanning whole tree in line: > /* Overflow after ~0UL */ > if (!index) > return NULL; > A fresh current example with latest git tree shows that lines 769 and 770 do alternate : tfoerste@n22 ~/devel/linux $ sudo gdb /usr/local/bin/linux-v3.12-48-gbe408cd 16619 -n -batch -ex bt 0x08296a8c in radix_tree_next_chunk (root=0x25, iter=0x462e7c64, flags=12) at lib/radix-tree.c:770 770 if (node->slots[offset]) #0 0x08296a8c in radix_tree_next_chunk (root=0x25, iter=0x462e7c64, flags=12) at lib/radix-tree.c:770 #1 0x080cc1fe in find_get_pages (mapping=0x462ad470, start=0, nr_pages=14, pages=0xc) at mm/filemap.c:844 #2 0x080d5d6a in pagevec_lookup (pvec=0x462e7cc8, mapping=0x25, start=37, nr_pages=37) at mm/swap.c:914 #3 0x080d615a in truncate_inode_pages_range (mapping=0x462ad470, lstart=0, lend=-1) at mm/truncate.c:241 #4 0x080d64ff in truncate_inode_pages (mapping=0x25, lstart=51539607589) at mm/truncate.c:358 tfoerste@n22 ~/devel/linux $ sudo gdb /usr/local/bin/linux-v3.12-48-gbe408cd 16619 -n -batch -ex bt radix_tree_next_chunk (root=0x28, iter=0x462e7c64, flags=18) at lib/radix-tree.c:769 769 while (++offset < RADIX_TREE_MAP_SIZE) { #0 radix_tree_next_chunk (root=0x28, iter=0x462e7c64, flags=18) at lib/radix-tree.c:769 #1 0x080cc1fe in find_get_pages (mapping=0x462ad470, start=0, nr_pages=14, pages=0x12) at mm/filemap.c:844 #2 0x080d5d6a in pagevec_lookup (pvec=0x462e7cc8, mapping=0x28, start=40, nr_pages=40) at mm/swap.c:914 #3 0x080d615a in truncate_inode_pages_range (mapping=0x462ad470, lstart=0, lend=-1) at mm/truncate.c:241 #4 0x080d64ff in truncate_inode_pages (mapping=0x28, lstart=77309411368) at mm/truncate.c:358 #5 0x0825e388 in hostfs_evict_inode (inode=0x462ad3b8) at fs/hostfs/hostfs_kern.c:242 #6 0x0811a8df in evict (inode=0x462ad3b8) at fs/inode.c:549 -- MfG/Sincerely Toralf FA?rster pgp finger print: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 7DB6 9DA3 -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932308Ab3KFVS5 (ORCPT ); Wed, 6 Nov 2013 16:18:57 -0500 Received: from mout.gmx.net ([212.227.17.22]:62083 "EHLO mout.gmx.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932090Ab3KFVS4 (ORCPT ); Wed, 6 Nov 2013 16:18:56 -0500 Message-ID: <527AB23D.2060305@gmx.de> Date: Wed, 06 Nov 2013 22:18:53 +0100 From: =?UTF-8?B?VG9yYWxmIEbDtnJzdGVy?= User-Agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 MIME-Version: 1.0 To: Konstantin Khlebnikov CC: Richard Weinberger , Richard Weinberger , Linux Kernel , linux-fsdevel , "linux-mm@kvack.org" , UML devel Subject: Re: [uml-devel] fuzz tested 32 bit user mode linux image hangs in radix_tree_next_chunk() References: <526696BF.6050909@gmx.de> <5266A698.10400@gmx.de> <5266B60A.1000005@nod.at> <52715AD1.7000703@gmx.de> In-Reply-To: X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Provags-ID: V03:K0:87yiw3IOy6kOuwDw+iwNIj+SG06x+O9r0r6lD5MgjDu1rR4f6LD W7F4n33fSlaBa+mi3fYaLkzRUd4BcbTvTrCpfQSyXjzuIVYCjnQvN+PXJbXrmsjcWe3DokW KkhrwHw2lKucN0ZpGTsNALn8sNgobvMP6NTnb+uq3WFMt98Iyym5QdcTssQ/8OuSUFwSfGD 7dP0F37lSFVWRW5eW5WJA== Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 11/06/2013 05:06 PM, Konstantin Khlebnikov wrote: > In this case it must stop after scanning whole tree in line: > /* Overflow after ~0UL */ > if (!index) > return NULL; > A fresh current example with latest git tree shows that lines 769 and 770 do alternate : tfoerste@n22 ~/devel/linux $ sudo gdb /usr/local/bin/linux-v3.12-48-gbe408cd 16619 -n -batch -ex bt 0x08296a8c in radix_tree_next_chunk (root=0x25, iter=0x462e7c64, flags=12) at lib/radix-tree.c:770 770 if (node->slots[offset]) #0 0x08296a8c in radix_tree_next_chunk (root=0x25, iter=0x462e7c64, flags=12) at lib/radix-tree.c:770 #1 0x080cc1fe in find_get_pages (mapping=0x462ad470, start=0, nr_pages=14, pages=0xc) at mm/filemap.c:844 #2 0x080d5d6a in pagevec_lookup (pvec=0x462e7cc8, mapping=0x25, start=37, nr_pages=37) at mm/swap.c:914 #3 0x080d615a in truncate_inode_pages_range (mapping=0x462ad470, lstart=0, lend=-1) at mm/truncate.c:241 #4 0x080d64ff in truncate_inode_pages (mapping=0x25, lstart=51539607589) at mm/truncate.c:358 tfoerste@n22 ~/devel/linux $ sudo gdb /usr/local/bin/linux-v3.12-48-gbe408cd 16619 -n -batch -ex bt radix_tree_next_chunk (root=0x28, iter=0x462e7c64, flags=18) at lib/radix-tree.c:769 769 while (++offset < RADIX_TREE_MAP_SIZE) { #0 radix_tree_next_chunk (root=0x28, iter=0x462e7c64, flags=18) at lib/radix-tree.c:769 #1 0x080cc1fe in find_get_pages (mapping=0x462ad470, start=0, nr_pages=14, pages=0x12) at mm/filemap.c:844 #2 0x080d5d6a in pagevec_lookup (pvec=0x462e7cc8, mapping=0x28, start=40, nr_pages=40) at mm/swap.c:914 #3 0x080d615a in truncate_inode_pages_range (mapping=0x462ad470, lstart=0, lend=-1) at mm/truncate.c:241 #4 0x080d64ff in truncate_inode_pages (mapping=0x28, lstart=77309411368) at mm/truncate.c:358 #5 0x0825e388 in hostfs_evict_inode (inode=0x462ad3b8) at fs/hostfs/hostfs_kern.c:242 #6 0x0811a8df in evict (inode=0x462ad3b8) at fs/inode.c:549 -- MfG/Sincerely Toralf Förster pgp finger print: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 7DB6 9DA3