From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1Vi3tF-0005uc-7t for user-mode-linux-devel@lists.sourceforge.net; Sun, 17 Nov 2013 15:03:57 +0000 Received: from mout.gmx.net ([212.227.17.20]) by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:AES128-SHA:128) (Exim 4.76) id 1Vi3tB-0003cN-HK for user-mode-linux-devel@lists.sourceforge.net; Sun, 17 Nov 2013 15:03:57 +0000 Received: from [192.168.178.21] ([85.177.123.247]) by mail.gmx.com (mrgmx002) with ESMTPSA (Nemesis) id 0MhRI2-1W4WPp06La-00Me1F for ; Sun, 17 Nov 2013 16:03:47 +0100 Message-ID: <5288DAD0.5020306@gmx.de> Date: Sun, 17 Nov 2013 16:03:44 +0100 From: =?UTF-8?B?VG9yYWxmIEbDtnJzdGVy?= MIME-Version: 1.0 References: <526696BF.6050909@gmx.de> <5266A698.10400@gmx.de> <5266B60A.1000005@nod.at> <52715AD1.7000703@gmx.de> <527AB23D.2060305@gmx.de> <527AB51B.1020005@nod.at> In-Reply-To: <527AB51B.1020005@nod.at> List-Id: The user-mode Linux development list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: user-mode-linux-devel-bounces@lists.sourceforge.net Subject: Re: [uml-devel] fuzz tested 32 bit user mode linux image hangs in radix_tree_next_chunk() To: Richard Weinberger Cc: linux-fsdevel , "linux-mm@kvack.org" , UML devel , Linux Kernel , Konstantin Khlebnikov T24gMTEvMDYvMjAxMyAxMDozMSBQTSwgUmljaGFyZCBXZWluYmVyZ2VyIHdyb3RlOgo+IEFtIDA2 LjExLjIwMTMgMjI6MTgsIHNjaHJpZWIgVG9yYWxmIEbDtnJzdGVyOgo+PiBPbiAxMS8wNi8yMDEz IDA1OjA2IFBNLCBLb25zdGFudGluIEtobGVibmlrb3Ygd3JvdGU6Cj4+PiBJbiB0aGlzIGNhc2Ug aXQgbXVzdCBzdG9wIGFmdGVyIHNjYW5uaW5nIHdob2xlIHRyZWUgaW4gbGluZToKPj4+IC8qIE92 ZXJmbG93IGFmdGVyIH4wVUwgKi8KPj4+IGlmICghaW5kZXgpCj4+PiAgIHJldHVybiBOVUxMOwo+ Pj4KPj4KPj4gQSBmcmVzaCBjdXJyZW50IGV4YW1wbGUgd2l0aCBsYXRlc3QgZ2l0IHRyZWUgc2hv d3MgdGhhdCBsaW5lcyA3NjkgYW5kIDc3MCBkbyBhbHRlcm5hdGUgOgo+IAo+IENhbiB5b3UgcGxl YXNlIGFzayBnZGIgZm9yIHRoZSB2YWx1ZSBvZiBvZmZzZXQ/Cj4gCj4gVGhhbmtzLAo+IC8vcmlj aGFyZAo+IAoKSW4gdGhlIG1lYW4gd2hpbGUgSSB0aGluayB0aGF0IGl0IGlzIG5vdCB0aGUgcmFk aXgtdHJlZSBpdHNlbGYgd2hlcmUgdGhlIGhhbmcgaXMgcmVsYXRlZCB0by4gV2l0aCB0aGlzIHBh dGNoIDoKCmRpZmYgLS1naXQgYS9tbS90cnVuY2F0ZS5jIGIvbW0vdHJ1bmNhdGUuYwppbmRleCAz NTNiNjgzLi4yMmE1OTI2IDEwMDY0NAotLS0gYS9tbS90cnVuY2F0ZS5jCisrKyBiL21tL3RydW5j YXRlLmMKQEAgLTM1NSw2ICszNTUsOCBAQCBFWFBPUlRfU1lNQk9MKHRydW5jYXRlX2lub2RlX3Bh Z2VzX3JhbmdlKTsKICAqLwogdm9pZCB0cnVuY2F0ZV9pbm9kZV9wYWdlcyhzdHJ1Y3QgYWRkcmVz c19zcGFjZSAqbWFwcGluZywgbG9mZl90IGxzdGFydCkKIHsKKyAgICAgICBpZiAobHN0YXJ0ID4g MCkKKyAgICAgICAgICAgICAgIHByaW50ayAoImxzdGFydD0lbGxkXG4iLCBsc3RhcnQpOwogICAg ICAgIHRydW5jYXRlX2lub2RlX3BhZ2VzX3JhbmdlKG1hcHBpbmcsIGxzdGFydCwgKGxvZmZfdCkt MSk7CiB9CiBFWFBPUlRfU1lNQk9MKHRydW5jYXRlX2lub2RlX3BhZ2VzKTsKCgphZ2FpbnN0IHYz LjEyLTEwMDg3LWcxMjEzOTU5IEkgZ2V0IGluIHRoZSBzeXNsb2cgZW50aXJlcyBsaWtlIDoKCgpO b3YgMTcgMTQ6MDc6MTIgdHJpbml0eSB0Zm9lcnN0ZTogTT0vbW50L25mc3Y0Ck5vdiAxNyAxNDow NzoyNyB0cmluaXR5IGtlcm5lbDogbHN0YXJ0PTIxNDc0MTgxMTEKTm92IDE3IDE0OjA3OjMwIHRy aW5pdHkga2VybmVsOiBsc3RhcnQ9MTQ1MzE1ODEKTm92IDE3IDE0OjA3OjMwIHRyaW5pdHkga2Vy bmVsOiBsc3RhcnQ9ODM4ODYwNwpOb3YgMTcgMTQ6MDc6MzAgdHJpbml0eSBrZXJuZWw6IGxzdGFy dD0xODcKTm92IDE3IDE0OjA3OjMyIHRyaW5pdHkga2VybmVsOiBsc3RhcnQ9MjA0OApOb3YgMTcg MTQ6MDg6MDAgdHJpbml0eSBrZXJuZWw6IGxzdGFydD0xMTI2NApOb3YgMTcgMTQ6MDg6MDAgdHJp bml0eSBrZXJuZWw6IGxzdGFydD00NDI5NwpOb3YgMTcgMTQ6MDg6MDUgdHJpbml0eSBrZXJuZWw6 IGxzdGFydD0zMQpOb3YgMTcgMTQ6MDg6MzQgdHJpbml0eSBrZXJuZWw6IGxzdGFydD0xNTQyCk5v diAxNyAxNDowODozNSB0cmluaXR5IGtlcm5lbDogbHN0YXJ0PTMwCk5vdiAxNyAxNDowODozNSB0 cmluaXR5IGtlcm5lbDogbHN0YXJ0PTIwODg4MDkKTm92IDE3IDE0OjA4OjM3IHRyaW5pdHkga2Vy bmVsOiBsc3RhcnQ9MjA4Ck5vdiAxNyAxNDowODozNyB0cmluaXR5IGtlcm5lbDogbHN0YXJ0PTcy NzY4MDYKTm92IDE3IDE0OjA4OjM3IHRyaW5pdHkga2VybmVsOiBsc3RhcnQ9MTkxCi4uLgpOb3Yg MTcgMTQ6MTE6MjIgdHJpbml0eSB0Zm9lcnN0ZTogTT0vbW50L25mc3Y0Ck5vdiAxNyAxNDoxMToz NiB0cmluaXR5IGtlcm5lbDogbHN0YXJ0PTI1NQpOb3YgMTcgMTQ6MTE6MzYgdHJpbml0eSBrZXJu ZWw6IGxzdGFydD01MDA2NzY0NDQKTm92IDE3IDE0OjExOjM3IHRyaW5pdHkga2VybmVsOiBsc3Rh cnQ9MTAyNApOb3YgMTcgMTQ6MTE6MzcgdHJpbml0eSBrZXJuZWw6IGxzdGFydD0xMjc4Njc3NQpO b3YgMTcgMTQ6MTE6MzcgdHJpbml0eSBrZXJuZWw6IGxzdGFydD0xNjcyODM4NQpOb3YgMTcgMTQ6 MTE6MzcgdHJpbml0eSBrZXJuZWw6IGxzdGFydD00NApOb3YgMTcgMTQ6MTE6MzcgdHJpbml0eSBr ZXJuZWw6IGxzdGFydD01MTYKTm92IDE3IDE0OjExOjM4IHRyaW5pdHkga2VybmVsOiBsc3RhcnQ9 MTc0MDcKTm92IDE3IDE0OjExOjM4IHRyaW5pdHkga2VybmVsOiBsc3RhcnQ9MzEKTm92IDE3IDE0 OjExOjM4IHRyaW5pdHkga2VybmVsOiBsc3RhcnQ9NjU1MzQKTm92IDE3IDE0OjExOjM5IHRyaW5p dHkga2VybmVsOiBsc3RhcnQ9NDMwMjMwNDI3MQpOb3YgMTcgMTQ6MTE6NDAgdHJpbml0eSBrZXJu ZWw6IGxzdGFydD02NTUzNgpOb3YgMTcgMTQ6MTE6NDAgdHJpbml0eSBrZXJuZWw6IGxzdGFydD02 Nzg2MjUwODcKTm92IDE3IDE0OjExOjQwIHRyaW5pdHkga2VybmVsOiBsc3RhcnQ9MTkwNDY0MjYy Ck5vdiAxNyAxNDoxMTo0MSB0cmluaXR5IGtlcm5lbDogbHN0YXJ0PTI2ODQzNTM0MwpOb3YgMTcg MTQ6MTE6NDIgdHJpbml0eSBrZXJuZWw6IGxzdGFydD0xMDkKTm92IDE3IDE0OjExOjQyIHRyaW5p dHkga2VybmVsOiBsc3RhcnQ9MjA4ODk2MApOb3YgMTcgMTQ6MTE6NDIgdHJpbml0eSBrZXJuZWw6 IGxzdGFydD05ODk1ODI4MzgKTm92IDE3IDE0OjExOjQyIHRyaW5pdHkga2VybmVsOiBsc3RhcnQ9 MzgzOApOb3YgMTcgMTQ6MTE6NDIgdHJpbml0eSBrZXJuZWw6IGxzdGFydD0zMjcKTm92IDE3IDE0 OjExOjQzIHRyaW5pdHkga2VybmVsOiBsc3RhcnQ9MTE5Ck5vdiAxNyAxNDoxMjoxNCB0cmluaXR5 IGtlcm5lbDogbHN0YXJ0PTk5NDkKTm92IDE3IDE0OjEyOjE0IHRyaW5pdHkga2VybmVsOiBsc3Rh cnQ9NDA5NgpOb3YgMTcgMTQ6MTI6MTUgdHJpbml0eSBrZXJuZWw6IGxzdGFydD0zCk5vdiAxNyAx NDoxMjoxOCB0cmluaXR5IHNzaGRbOTYzNl06IHBhbV91bml4KHNzaGQ6c2Vzc2lvbik6IHNlc3Np b24gY2xvc2VkIGZvciB1c2VyIHRmb2Vyc3RlCi4uLgoKRG9lcyB0aGlzIGhlbHBzID8KCj4+Cj4+ IHRmb2Vyc3RlQG4yMiB+L2RldmVsL2xpbnV4ICQgc3VkbyBnZGIgL3Vzci9sb2NhbC9iaW4vbGlu dXgtdjMuMTItNDgtZ2JlNDA4Y2QgMTY2MTkgLW4gLWJhdGNoIC1leCBidAo+PiAweDA4Mjk2YThj IGluIHJhZGl4X3RyZWVfbmV4dF9jaHVuayAocm9vdD0weDI1LCBpdGVyPTB4NDYyZTdjNjQsIGZs YWdzPTEyKSBhdCBsaWIvcmFkaXgtdHJlZS5jOjc3MAo+PiA3NzAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICBpZiAobm9kZS0+c2xvdHNbb2Zmc2V0XSkKPj4gIzAg IDB4MDgyOTZhOGMgaW4gcmFkaXhfdHJlZV9uZXh0X2NodW5rIChyb290PTB4MjUsIGl0ZXI9MHg0 NjJlN2M2NCwgZmxhZ3M9MTIpIGF0IGxpYi9yYWRpeC10cmVlLmM6NzcwCj4+ICMxICAweDA4MGNj MWZlIGluIGZpbmRfZ2V0X3BhZ2VzIChtYXBwaW5nPTB4NDYyYWQ0NzAsIHN0YXJ0PTAsIG5yX3Bh Z2VzPTE0LCBwYWdlcz0weGMpIGF0IG1tL2ZpbGVtYXAuYzo4NDQKPj4gIzIgIDB4MDgwZDVkNmEg aW4gcGFnZXZlY19sb29rdXAgKHB2ZWM9MHg0NjJlN2NjOCwgbWFwcGluZz0weDI1LCBzdGFydD0z NywgbnJfcGFnZXM9MzcpIGF0IG1tL3N3YXAuYzo5MTQKPj4gIzMgIDB4MDgwZDYxNWEgaW4gdHJ1 bmNhdGVfaW5vZGVfcGFnZXNfcmFuZ2UgKG1hcHBpbmc9MHg0NjJhZDQ3MCwgbHN0YXJ0PTAsIGxl bmQ9LTEpIGF0IG1tL3RydW5jYXRlLmM6MjQxCj4+ICM0ICAweDA4MGQ2NGZmIGluIHRydW5jYXRl X2lub2RlX3BhZ2VzIChtYXBwaW5nPTB4MjUsIGxzdGFydD01MTUzOTYwNzU4OSkgYXQgbW0vdHJ1 bmNhdGUuYzozNTgKPj4KPj4KPj4KPj4KPj4gdGZvZXJzdGVAbjIyIH4vZGV2ZWwvbGludXggJCBz dWRvIGdkYiAvdXNyL2xvY2FsL2Jpbi9saW51eC12My4xMi00OC1nYmU0MDhjZCAxNjYxOSAtbiAt YmF0Y2ggLWV4IGJ0Cj4+IHJhZGl4X3RyZWVfbmV4dF9jaHVuayAocm9vdD0weDI4LCBpdGVyPTB4 NDYyZTdjNjQsIGZsYWdzPTE4KSBhdCBsaWIvcmFkaXgtdHJlZS5jOjc2OQo+PiA3NjkgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2hpbGUgKCsrb2Zmc2V0IDwgUkFESVhfVFJF RV9NQVBfU0laRSkgewo+PiAjMCAgcmFkaXhfdHJlZV9uZXh0X2NodW5rIChyb290PTB4MjgsIGl0 ZXI9MHg0NjJlN2M2NCwgZmxhZ3M9MTgpIGF0IGxpYi9yYWRpeC10cmVlLmM6NzY5Cj4+ICMxICAw eDA4MGNjMWZlIGluIGZpbmRfZ2V0X3BhZ2VzIChtYXBwaW5nPTB4NDYyYWQ0NzAsIHN0YXJ0PTAs IG5yX3BhZ2VzPTE0LCBwYWdlcz0weDEyKSBhdCBtbS9maWxlbWFwLmM6ODQ0Cj4+ICMyICAweDA4 MGQ1ZDZhIGluIHBhZ2V2ZWNfbG9va3VwIChwdmVjPTB4NDYyZTdjYzgsIG1hcHBpbmc9MHgyOCwg c3RhcnQ9NDAsIG5yX3BhZ2VzPTQwKSBhdCBtbS9zd2FwLmM6OTE0Cj4+ICMzICAweDA4MGQ2MTVh IGluIHRydW5jYXRlX2lub2RlX3BhZ2VzX3JhbmdlIChtYXBwaW5nPTB4NDYyYWQ0NzAsIGxzdGFy dD0wLCBsZW5kPS0xKSBhdCBtbS90cnVuY2F0ZS5jOjI0MQo+PiAjNCAgMHgwODBkNjRmZiBpbiB0 cnVuY2F0ZV9pbm9kZV9wYWdlcyAobWFwcGluZz0weDI4LCBsc3RhcnQ9NzczMDk0MTEzNjgpIGF0 IG1tL3RydW5jYXRlLmM6MzU4Cj4+ICM1ICAweDA4MjVlMzg4IGluIGhvc3Rmc19ldmljdF9pbm9k ZSAoaW5vZGU9MHg0NjJhZDNiOCkgYXQgZnMvaG9zdGZzL2hvc3Rmc19rZXJuLmM6MjQyCj4+ICM2 ICAweDA4MTFhOGRmIGluIGV2aWN0IChpbm9kZT0weDQ2MmFkM2I4KSBhdCBmcy9pbm9kZS5jOjU0 OQo+Pgo+Pgo+IAo+IAoKCi0tIApNZkcvU2luY2VyZWx5ClRvcmFsZiBGw7Zyc3RlcgpwZ3AgZmlu Z2VyIHByaW50OiA3QjFBIDA3RjQgRUM4MiAwRjkwIEQ0QzIgODkzNiA4NzJBIEU1MDggN0RCNiA5 REEzCgotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KRHJlYW1GYWN0b3J5IC0gT3BlbiBTb3VyY2UgUkVT VCAmIEpTT04gU2VydmljZXMgZm9yIEhUTUw1ICYgTmF0aXZlIEFwcHMKT0F1dGgsIFVzZXJzLCBS b2xlcywgU1FMLCBOb1NRTCwgQkxPQiBTdG9yYWdlIGFuZCBFeHRlcm5hbCBBUEkgQWNjZXNzCkZy ZWUgYXBwIGhvc3RpbmcuIE9yIGluc3RhbGwgdGhlIG9wZW4gc291cmNlIHBhY2thZ2Ugb24gYW55 IExBTVAgc2VydmVyLgpTaWduIHVwIGFuZCBzZWUgZXhhbXBsZXMgZm9yIEFuZ3VsYXJKUywgalF1 ZXJ5LCBTZW5jaGEgVG91Y2ggYW5kIE5hdGl2ZSEKaHR0cDovL3B1YmFkcy5nLmRvdWJsZWNsaWNr Lm5ldC9nYW1wYWQvY2xrP2lkPTYzNDY5NDcxJml1PS80MTQwL29zdGcuY2xrdHJrCl9fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fClVzZXItbW9kZS1saW51eC1k ZXZlbCBtYWlsaW5nIGxpc3QKVXNlci1tb2RlLWxpbnV4LWRldmVsQGxpc3RzLnNvdXJjZWZvcmdl Lm5ldApodHRwczovL2xpc3RzLnNvdXJjZWZvcmdlLm5ldC9saXN0cy9saXN0aW5mby91c2VyLW1v ZGUtbGludXgtZGV2ZWwK From mboxrd@z Thu Jan 1 00:00:00 1970 From: =?UTF-8?B?VG9yYWxmIEbDtnJzdGVy?= Subject: Re: [uml-devel] fuzz tested 32 bit user mode linux image hangs in radix_tree_next_chunk() Date: Sun, 17 Nov 2013 16:03:44 +0100 Message-ID: <5288DAD0.5020306@gmx.de> References: <526696BF.6050909@gmx.de> <5266A698.10400@gmx.de> <5266B60A.1000005@nod.at> <52715AD1.7000703@gmx.de> <527AB23D.2060305@gmx.de> <527AB51B.1020005@nod.at> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: Konstantin Khlebnikov , Linux Kernel , linux-fsdevel , "linux-mm@kvack.org" , UML devel To: Richard Weinberger Return-path: In-Reply-To: <527AB51B.1020005@nod.at> Sender: owner-linux-mm@kvack.org List-Id: linux-fsdevel.vger.kernel.org On 11/06/2013 10:31 PM, Richard Weinberger wrote: > Am 06.11.2013 22:18, schrieb Toralf F=C3=B6rster: >> On 11/06/2013 05:06 PM, Konstantin Khlebnikov wrote: >>> In this case it must stop after scanning whole tree in line: >>> /* Overflow after ~0UL */ >>> if (!index) >>> return NULL; >>> >> >> A fresh current example with latest git tree shows that lines 769 and = 770 do alternate : >=20 > Can you please ask gdb for the value of offset? >=20 > Thanks, > //richard >=20 In the mean while I think that it is not the radix-tree itself where the = hang is related to. With this patch : diff --git a/mm/truncate.c b/mm/truncate.c index 353b683..22a5926 100644 --- a/mm/truncate.c +++ b/mm/truncate.c @@ -355,6 +355,8 @@ EXPORT_SYMBOL(truncate_inode_pages_range); */ void truncate_inode_pages(struct address_space *mapping, loff_t lstart) { + if (lstart > 0) + printk ("lstart=3D%lld\n", lstart); truncate_inode_pages_range(mapping, lstart, (loff_t)-1); } EXPORT_SYMBOL(truncate_inode_pages); against v3.12-10087-g1213959 I get in the syslog entires like : Nov 17 14:07:12 trinity tfoerste: M=3D/mnt/nfsv4 Nov 17 14:07:27 trinity kernel: lstart=3D2147418111 Nov 17 14:07:30 trinity kernel: lstart=3D14531581 Nov 17 14:07:30 trinity kernel: lstart=3D8388607 Nov 17 14:07:30 trinity kernel: lstart=3D187 Nov 17 14:07:32 trinity kernel: lstart=3D2048 Nov 17 14:08:00 trinity kernel: lstart=3D11264 Nov 17 14:08:00 trinity kernel: lstart=3D44297 Nov 17 14:08:05 trinity kernel: lstart=3D31 Nov 17 14:08:34 trinity kernel: lstart=3D1542 Nov 17 14:08:35 trinity kernel: lstart=3D30 Nov 17 14:08:35 trinity kernel: lstart=3D2088809 Nov 17 14:08:37 trinity kernel: lstart=3D208 Nov 17 14:08:37 trinity kernel: lstart=3D7276806 Nov 17 14:08:37 trinity kernel: lstart=3D191 ... Nov 17 14:11:22 trinity tfoerste: M=3D/mnt/nfsv4 Nov 17 14:11:36 trinity kernel: lstart=3D255 Nov 17 14:11:36 trinity kernel: lstart=3D500676444 Nov 17 14:11:37 trinity kernel: lstart=3D1024 Nov 17 14:11:37 trinity kernel: lstart=3D12786775 Nov 17 14:11:37 trinity kernel: lstart=3D16728385 Nov 17 14:11:37 trinity kernel: lstart=3D44 Nov 17 14:11:37 trinity kernel: lstart=3D516 Nov 17 14:11:38 trinity kernel: lstart=3D17407 Nov 17 14:11:38 trinity kernel: lstart=3D31 Nov 17 14:11:38 trinity kernel: lstart=3D65534 Nov 17 14:11:39 trinity kernel: lstart=3D4302304271 Nov 17 14:11:40 trinity kernel: lstart=3D65536 Nov 17 14:11:40 trinity kernel: lstart=3D678625087 Nov 17 14:11:40 trinity kernel: lstart=3D190464262 Nov 17 14:11:41 trinity kernel: lstart=3D268435343 Nov 17 14:11:42 trinity kernel: lstart=3D109 Nov 17 14:11:42 trinity kernel: lstart=3D2088960 Nov 17 14:11:42 trinity kernel: lstart=3D989582838 Nov 17 14:11:42 trinity kernel: lstart=3D3838 Nov 17 14:11:42 trinity kernel: lstart=3D327 Nov 17 14:11:43 trinity kernel: lstart=3D119 Nov 17 14:12:14 trinity kernel: lstart=3D9949 Nov 17 14:12:14 trinity kernel: lstart=3D4096 Nov 17 14:12:15 trinity kernel: lstart=3D3 Nov 17 14:12:18 trinity sshd[9636]: pam_unix(sshd:session): session close= d for user tfoerste ... Does this helps ? >> >> tfoerste@n22 ~/devel/linux $ sudo gdb /usr/local/bin/linux-v3.12-48-gb= e408cd 16619 -n -batch -ex bt >> 0x08296a8c in radix_tree_next_chunk (root=3D0x25, iter=3D0x462e7c64, f= lags=3D12) at lib/radix-tree.c:770 >> 770 if (node->slots[offset= ]) >> #0 0x08296a8c in radix_tree_next_chunk (root=3D0x25, iter=3D0x462e7c6= 4, flags=3D12) at lib/radix-tree.c:770 >> #1 0x080cc1fe in find_get_pages (mapping=3D0x462ad470, start=3D0, nr_= pages=3D14, pages=3D0xc) at mm/filemap.c:844 >> #2 0x080d5d6a in pagevec_lookup (pvec=3D0x462e7cc8, mapping=3D0x25, s= tart=3D37, nr_pages=3D37) at mm/swap.c:914 >> #3 0x080d615a in truncate_inode_pages_range (mapping=3D0x462ad470, ls= tart=3D0, lend=3D-1) at mm/truncate.c:241 >> #4 0x080d64ff in truncate_inode_pages (mapping=3D0x25, lstart=3D51539= 607589) at mm/truncate.c:358 >> >> >> >> >> tfoerste@n22 ~/devel/linux $ sudo gdb /usr/local/bin/linux-v3.12-48-gb= e408cd 16619 -n -batch -ex bt >> radix_tree_next_chunk (root=3D0x28, iter=3D0x462e7c64, flags=3D18) at = lib/radix-tree.c:769 >> 769 while (++offset < RADIX_TREE_M= AP_SIZE) { >> #0 radix_tree_next_chunk (root=3D0x28, iter=3D0x462e7c64, flags=3D18)= at lib/radix-tree.c:769 >> #1 0x080cc1fe in find_get_pages (mapping=3D0x462ad470, start=3D0, nr_= pages=3D14, pages=3D0x12) at mm/filemap.c:844 >> #2 0x080d5d6a in pagevec_lookup (pvec=3D0x462e7cc8, mapping=3D0x28, s= tart=3D40, nr_pages=3D40) at mm/swap.c:914 >> #3 0x080d615a in truncate_inode_pages_range (mapping=3D0x462ad470, ls= tart=3D0, lend=3D-1) at mm/truncate.c:241 >> #4 0x080d64ff in truncate_inode_pages (mapping=3D0x28, lstart=3D77309= 411368) at mm/truncate.c:358 >> #5 0x0825e388 in hostfs_evict_inode (inode=3D0x462ad3b8) at fs/hostfs= /hostfs_kern.c:242 >> #6 0x0811a8df in evict (inode=3D0x462ad3b8) at fs/inode.c:549 >> >> >=20 >=20 --=20 MfG/Sincerely Toralf F=C3=B6rster pgp finger print: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 7DB6 9DA3 -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pd0-f177.google.com (mail-pd0-f177.google.com [209.85.192.177]) by kanga.kvack.org (Postfix) with ESMTP id 81FCE6B0031 for ; Sun, 17 Nov 2013 10:03:51 -0500 (EST) Received: by mail-pd0-f177.google.com with SMTP id q10so294748pdj.36 for ; Sun, 17 Nov 2013 07:03:51 -0800 (PST) Received: from psmtp.com ([74.125.245.203]) by mx.google.com with SMTP id sn7si7324076pab.51.2013.11.17.07.03.48 for ; Sun, 17 Nov 2013 07:03:50 -0800 (PST) Received: from [192.168.178.21] ([85.177.123.247]) by mail.gmx.com (mrgmx002) with ESMTPSA (Nemesis) id 0MTTKZ-1WALzB3tdn-00SRQm for ; Sun, 17 Nov 2013 16:03:47 +0100 Message-ID: <5288DAD0.5020306@gmx.de> Date: Sun, 17 Nov 2013 16:03:44 +0100 From: =?UTF-8?B?VG9yYWxmIEbDtnJzdGVy?= MIME-Version: 1.0 Subject: Re: [uml-devel] fuzz tested 32 bit user mode linux image hangs in radix_tree_next_chunk() References: <526696BF.6050909@gmx.de> <5266A698.10400@gmx.de> <5266B60A.1000005@nod.at> <52715AD1.7000703@gmx.de> <527AB23D.2060305@gmx.de> <527AB51B.1020005@nod.at> In-Reply-To: <527AB51B.1020005@nod.at> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: owner-linux-mm@kvack.org List-ID: To: Richard Weinberger Cc: Konstantin Khlebnikov , Linux Kernel , linux-fsdevel , "linux-mm@kvack.org" , UML devel On 11/06/2013 10:31 PM, Richard Weinberger wrote: > Am 06.11.2013 22:18, schrieb Toralf FA?rster: >> On 11/06/2013 05:06 PM, Konstantin Khlebnikov wrote: >>> In this case it must stop after scanning whole tree in line: >>> /* Overflow after ~0UL */ >>> if (!index) >>> return NULL; >>> >> >> A fresh current example with latest git tree shows that lines 769 and 770 do alternate : > > Can you please ask gdb for the value of offset? > > Thanks, > //richard > In the mean while I think that it is not the radix-tree itself where the hang is related to. With this patch : diff --git a/mm/truncate.c b/mm/truncate.c index 353b683..22a5926 100644 --- a/mm/truncate.c +++ b/mm/truncate.c @@ -355,6 +355,8 @@ EXPORT_SYMBOL(truncate_inode_pages_range); */ void truncate_inode_pages(struct address_space *mapping, loff_t lstart) { + if (lstart > 0) + printk ("lstart=%lld\n", lstart); truncate_inode_pages_range(mapping, lstart, (loff_t)-1); } EXPORT_SYMBOL(truncate_inode_pages); against v3.12-10087-g1213959 I get in the syslog entires like : Nov 17 14:07:12 trinity tfoerste: M=/mnt/nfsv4 Nov 17 14:07:27 trinity kernel: lstart=2147418111 Nov 17 14:07:30 trinity kernel: lstart=14531581 Nov 17 14:07:30 trinity kernel: lstart=8388607 Nov 17 14:07:30 trinity kernel: lstart=187 Nov 17 14:07:32 trinity kernel: lstart=2048 Nov 17 14:08:00 trinity kernel: lstart=11264 Nov 17 14:08:00 trinity kernel: lstart=44297 Nov 17 14:08:05 trinity kernel: lstart=31 Nov 17 14:08:34 trinity kernel: lstart=1542 Nov 17 14:08:35 trinity kernel: lstart=30 Nov 17 14:08:35 trinity kernel: lstart=2088809 Nov 17 14:08:37 trinity kernel: lstart=208 Nov 17 14:08:37 trinity kernel: lstart=7276806 Nov 17 14:08:37 trinity kernel: lstart=191 ... Nov 17 14:11:22 trinity tfoerste: M=/mnt/nfsv4 Nov 17 14:11:36 trinity kernel: lstart=255 Nov 17 14:11:36 trinity kernel: lstart=500676444 Nov 17 14:11:37 trinity kernel: lstart=1024 Nov 17 14:11:37 trinity kernel: lstart=12786775 Nov 17 14:11:37 trinity kernel: lstart=16728385 Nov 17 14:11:37 trinity kernel: lstart=44 Nov 17 14:11:37 trinity kernel: lstart=516 Nov 17 14:11:38 trinity kernel: lstart=17407 Nov 17 14:11:38 trinity kernel: lstart=31 Nov 17 14:11:38 trinity kernel: lstart=65534 Nov 17 14:11:39 trinity kernel: lstart=4302304271 Nov 17 14:11:40 trinity kernel: lstart=65536 Nov 17 14:11:40 trinity kernel: lstart=678625087 Nov 17 14:11:40 trinity kernel: lstart=190464262 Nov 17 14:11:41 trinity kernel: lstart=268435343 Nov 17 14:11:42 trinity kernel: lstart=109 Nov 17 14:11:42 trinity kernel: lstart=2088960 Nov 17 14:11:42 trinity kernel: lstart=989582838 Nov 17 14:11:42 trinity kernel: lstart=3838 Nov 17 14:11:42 trinity kernel: lstart=327 Nov 17 14:11:43 trinity kernel: lstart=119 Nov 17 14:12:14 trinity kernel: lstart=9949 Nov 17 14:12:14 trinity kernel: lstart=4096 Nov 17 14:12:15 trinity kernel: lstart=3 Nov 17 14:12:18 trinity sshd[9636]: pam_unix(sshd:session): session closed for user tfoerste ... Does this helps ? >> >> tfoerste@n22 ~/devel/linux $ sudo gdb /usr/local/bin/linux-v3.12-48-gbe408cd 16619 -n -batch -ex bt >> 0x08296a8c in radix_tree_next_chunk (root=0x25, iter=0x462e7c64, flags=12) at lib/radix-tree.c:770 >> 770 if (node->slots[offset]) >> #0 0x08296a8c in radix_tree_next_chunk (root=0x25, iter=0x462e7c64, flags=12) at lib/radix-tree.c:770 >> #1 0x080cc1fe in find_get_pages (mapping=0x462ad470, start=0, nr_pages=14, pages=0xc) at mm/filemap.c:844 >> #2 0x080d5d6a in pagevec_lookup (pvec=0x462e7cc8, mapping=0x25, start=37, nr_pages=37) at mm/swap.c:914 >> #3 0x080d615a in truncate_inode_pages_range (mapping=0x462ad470, lstart=0, lend=-1) at mm/truncate.c:241 >> #4 0x080d64ff in truncate_inode_pages (mapping=0x25, lstart=51539607589) at mm/truncate.c:358 >> >> >> >> >> tfoerste@n22 ~/devel/linux $ sudo gdb /usr/local/bin/linux-v3.12-48-gbe408cd 16619 -n -batch -ex bt >> radix_tree_next_chunk (root=0x28, iter=0x462e7c64, flags=18) at lib/radix-tree.c:769 >> 769 while (++offset < RADIX_TREE_MAP_SIZE) { >> #0 radix_tree_next_chunk (root=0x28, iter=0x462e7c64, flags=18) at lib/radix-tree.c:769 >> #1 0x080cc1fe in find_get_pages (mapping=0x462ad470, start=0, nr_pages=14, pages=0x12) at mm/filemap.c:844 >> #2 0x080d5d6a in pagevec_lookup (pvec=0x462e7cc8, mapping=0x28, start=40, nr_pages=40) at mm/swap.c:914 >> #3 0x080d615a in truncate_inode_pages_range (mapping=0x462ad470, lstart=0, lend=-1) at mm/truncate.c:241 >> #4 0x080d64ff in truncate_inode_pages (mapping=0x28, lstart=77309411368) at mm/truncate.c:358 >> #5 0x0825e388 in hostfs_evict_inode (inode=0x462ad3b8) at fs/hostfs/hostfs_kern.c:242 >> #6 0x0811a8df in evict (inode=0x462ad3b8) at fs/inode.c:549 >> >> > > -- MfG/Sincerely Toralf FA?rster pgp finger print: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 7DB6 9DA3 -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752223Ab3KQPDz (ORCPT ); Sun, 17 Nov 2013 10:03:55 -0500 Received: from mout.gmx.net ([212.227.17.21]:62804 "EHLO mout.gmx.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751324Ab3KQPDs (ORCPT ); Sun, 17 Nov 2013 10:03:48 -0500 Message-ID: <5288DAD0.5020306@gmx.de> Date: Sun, 17 Nov 2013 16:03:44 +0100 From: =?UTF-8?B?VG9yYWxmIEbDtnJzdGVy?= User-Agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 MIME-Version: 1.0 To: Richard Weinberger CC: Konstantin Khlebnikov , Linux Kernel , linux-fsdevel , "linux-mm@kvack.org" , UML devel Subject: Re: [uml-devel] fuzz tested 32 bit user mode linux image hangs in radix_tree_next_chunk() References: <526696BF.6050909@gmx.de> <5266A698.10400@gmx.de> <5266B60A.1000005@nod.at> <52715AD1.7000703@gmx.de> <527AB23D.2060305@gmx.de> <527AB51B.1020005@nod.at> In-Reply-To: <527AB51B.1020005@nod.at> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Provags-ID: V03:K0:NbvAl88gg7om7E54ghi9PnrBv2/phwy9GiiOyoyhPRJ765CXA2e VfTRA1oUfv6Tahdx5Ho2jq6X4Szb/JRRdltmZCboy3IhtwnRWNuOxZgBLGUrGR49hFfb6si 3EeQCRqIU41eDMbW0paF0NfmFVlHWm5Z13q9h57628EuP75FlpEhm0AxNB/GrMHhCAFuUCn 9jBSOWPMwdGxy7MbCutsw== Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 11/06/2013 10:31 PM, Richard Weinberger wrote: > Am 06.11.2013 22:18, schrieb Toralf Förster: >> On 11/06/2013 05:06 PM, Konstantin Khlebnikov wrote: >>> In this case it must stop after scanning whole tree in line: >>> /* Overflow after ~0UL */ >>> if (!index) >>> return NULL; >>> >> >> A fresh current example with latest git tree shows that lines 769 and 770 do alternate : > > Can you please ask gdb for the value of offset? > > Thanks, > //richard > In the mean while I think that it is not the radix-tree itself where the hang is related to. With this patch : diff --git a/mm/truncate.c b/mm/truncate.c index 353b683..22a5926 100644 --- a/mm/truncate.c +++ b/mm/truncate.c @@ -355,6 +355,8 @@ EXPORT_SYMBOL(truncate_inode_pages_range); */ void truncate_inode_pages(struct address_space *mapping, loff_t lstart) { + if (lstart > 0) + printk ("lstart=%lld\n", lstart); truncate_inode_pages_range(mapping, lstart, (loff_t)-1); } EXPORT_SYMBOL(truncate_inode_pages); against v3.12-10087-g1213959 I get in the syslog entires like : Nov 17 14:07:12 trinity tfoerste: M=/mnt/nfsv4 Nov 17 14:07:27 trinity kernel: lstart=2147418111 Nov 17 14:07:30 trinity kernel: lstart=14531581 Nov 17 14:07:30 trinity kernel: lstart=8388607 Nov 17 14:07:30 trinity kernel: lstart=187 Nov 17 14:07:32 trinity kernel: lstart=2048 Nov 17 14:08:00 trinity kernel: lstart=11264 Nov 17 14:08:00 trinity kernel: lstart=44297 Nov 17 14:08:05 trinity kernel: lstart=31 Nov 17 14:08:34 trinity kernel: lstart=1542 Nov 17 14:08:35 trinity kernel: lstart=30 Nov 17 14:08:35 trinity kernel: lstart=2088809 Nov 17 14:08:37 trinity kernel: lstart=208 Nov 17 14:08:37 trinity kernel: lstart=7276806 Nov 17 14:08:37 trinity kernel: lstart=191 ... Nov 17 14:11:22 trinity tfoerste: M=/mnt/nfsv4 Nov 17 14:11:36 trinity kernel: lstart=255 Nov 17 14:11:36 trinity kernel: lstart=500676444 Nov 17 14:11:37 trinity kernel: lstart=1024 Nov 17 14:11:37 trinity kernel: lstart=12786775 Nov 17 14:11:37 trinity kernel: lstart=16728385 Nov 17 14:11:37 trinity kernel: lstart=44 Nov 17 14:11:37 trinity kernel: lstart=516 Nov 17 14:11:38 trinity kernel: lstart=17407 Nov 17 14:11:38 trinity kernel: lstart=31 Nov 17 14:11:38 trinity kernel: lstart=65534 Nov 17 14:11:39 trinity kernel: lstart=4302304271 Nov 17 14:11:40 trinity kernel: lstart=65536 Nov 17 14:11:40 trinity kernel: lstart=678625087 Nov 17 14:11:40 trinity kernel: lstart=190464262 Nov 17 14:11:41 trinity kernel: lstart=268435343 Nov 17 14:11:42 trinity kernel: lstart=109 Nov 17 14:11:42 trinity kernel: lstart=2088960 Nov 17 14:11:42 trinity kernel: lstart=989582838 Nov 17 14:11:42 trinity kernel: lstart=3838 Nov 17 14:11:42 trinity kernel: lstart=327 Nov 17 14:11:43 trinity kernel: lstart=119 Nov 17 14:12:14 trinity kernel: lstart=9949 Nov 17 14:12:14 trinity kernel: lstart=4096 Nov 17 14:12:15 trinity kernel: lstart=3 Nov 17 14:12:18 trinity sshd[9636]: pam_unix(sshd:session): session closed for user tfoerste ... Does this helps ? >> >> tfoerste@n22 ~/devel/linux $ sudo gdb /usr/local/bin/linux-v3.12-48-gbe408cd 16619 -n -batch -ex bt >> 0x08296a8c in radix_tree_next_chunk (root=0x25, iter=0x462e7c64, flags=12) at lib/radix-tree.c:770 >> 770 if (node->slots[offset]) >> #0 0x08296a8c in radix_tree_next_chunk (root=0x25, iter=0x462e7c64, flags=12) at lib/radix-tree.c:770 >> #1 0x080cc1fe in find_get_pages (mapping=0x462ad470, start=0, nr_pages=14, pages=0xc) at mm/filemap.c:844 >> #2 0x080d5d6a in pagevec_lookup (pvec=0x462e7cc8, mapping=0x25, start=37, nr_pages=37) at mm/swap.c:914 >> #3 0x080d615a in truncate_inode_pages_range (mapping=0x462ad470, lstart=0, lend=-1) at mm/truncate.c:241 >> #4 0x080d64ff in truncate_inode_pages (mapping=0x25, lstart=51539607589) at mm/truncate.c:358 >> >> >> >> >> tfoerste@n22 ~/devel/linux $ sudo gdb /usr/local/bin/linux-v3.12-48-gbe408cd 16619 -n -batch -ex bt >> radix_tree_next_chunk (root=0x28, iter=0x462e7c64, flags=18) at lib/radix-tree.c:769 >> 769 while (++offset < RADIX_TREE_MAP_SIZE) { >> #0 radix_tree_next_chunk (root=0x28, iter=0x462e7c64, flags=18) at lib/radix-tree.c:769 >> #1 0x080cc1fe in find_get_pages (mapping=0x462ad470, start=0, nr_pages=14, pages=0x12) at mm/filemap.c:844 >> #2 0x080d5d6a in pagevec_lookup (pvec=0x462e7cc8, mapping=0x28, start=40, nr_pages=40) at mm/swap.c:914 >> #3 0x080d615a in truncate_inode_pages_range (mapping=0x462ad470, lstart=0, lend=-1) at mm/truncate.c:241 >> #4 0x080d64ff in truncate_inode_pages (mapping=0x28, lstart=77309411368) at mm/truncate.c:358 >> #5 0x0825e388 in hostfs_evict_inode (inode=0x462ad3b8) at fs/hostfs/hostfs_kern.c:242 >> #6 0x0811a8df in evict (inode=0x462ad3b8) at fs/inode.c:549 >> >> > > -- MfG/Sincerely Toralf Förster pgp finger print: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 7DB6 9DA3