From: byungchul.park@lge.com (Byungchul Park)
Subject: Kernel v4.19-rc4 KASAN complaint
Date: Mon, 8 Oct 2018 15:11:52 +0900 [thread overview]
Message-ID: <20181008061152.GA18836@X58A-UD3R> (raw)
In-Reply-To: <31b80bc0-afc6-6bd9-c722-302f538d3e5b@lge.com>
>On Tue, Sep 25, 2018@08:14:17PM -0700, Paul E. McKenney wrote:
>>I would expect something like this if someone did a double call_srcu()
>>or passed something to call_srcu() but then kept using it (for an example
>>of the latter, failed to make it inaccessible to readers before invoking
>>call_srcu() on it). Yet another way to get here is to have unioned the
>>rcu_head structure with something used by the SRCU readers.
>>
>>The double call_srcu() can be located by building your kernel with
>>CONFIG_DEBUG_OBJECTS_RCU_HEAD=y and rerunning your tests. The other
>>two usually require inspection or bisection.
>>
>>So, the eternal question: Is bisection feasible?
>
>Looks like I misread the lines pointed to by gdb, and it indeed seems
>like a premature free of the nvme_ns_head structure, but I fail to see
>where.
I'm sorry for making a noise if I'm telling something wrong. I'm not
familiar with nvme stuff though, I'm just curious about..
Is it ok to call nvme_mpath_clear_current_path(ns) without holding
any lock in nvme_failover_req(req)? No possible to race with other
rcu_assign_pointer(ns->head->current_path, some_value)?
In other words, has the namespace been serialized when calling
nvme_failover_req(req) so as to guarantee that there's no one doing
rcu_assign_pointer(ns->head->current_path, some_value) somewhere or so?
Sorry again if I miss something but hope it's helpful. Ignore if so.
Thanks,
Byungchul
>I've tried to bring up Barts testcase but failed so far.
>
>Bart, can you help out a bit?
>
>The last commit of the original merge 4.19 nvme merge is:
>
>b369b30cf510fe94d8884837039362e2ec223cec
>
>Can you check if that shows the problem (I suspect it does) and if so
>bisect between that and 9b89bc3857a6c0dfda18ddae2a42c114ecc32753, which
>as the first commit for the merge?
>
>> Thanx, Paul
next parent reply other threads:[~2018-10-08 6:11 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20181006170915.GS2674@linux.ibm.com>
[not found] ` <31b80bc0-afc6-6bd9-c722-302f538d3e5b@lge.com>
2018-10-08 6:11 ` Byungchul Park [this message]
2018-10-08 10:13 ` Kernel v4.19-rc4 KASAN complaint Christoph Hellwig
2018-09-18 21:16 Bart Van Assche
2018-09-20 7:10 ` Christoph Hellwig
2018-09-20 17:24 ` Bart Van Assche
2018-09-25 23:32 ` Christoph Hellwig
2018-09-26 3:14 ` Paul E. McKenney
2018-10-05 7:38 ` Christoph Hellwig
2018-10-17 6:39 ` Christoph Hellwig
2018-10-17 14:38 ` Bart Van Assche
2018-10-17 17:32 ` Bart Van Assche
2018-09-24 4:27 ` Sagi Grimberg
2018-09-24 14:04 ` Bart Van Assche
2018-09-20 17:01 ` Keith Busch
2018-09-20 17:31 ` Bart Van Assche
2018-09-20 17:36 ` Keith Busch
2018-10-05 7:34 ` Christoph Hellwig
2018-09-20 17:36 ` Bart Van Assche
2018-09-20 17:45 ` Keith Busch
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181008061152.GA18836@X58A-UD3R \
--to=byungchul.park@lge.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).