Actions
Bug #9705
closedFix hash table slot use after grow
Start date:
06/13/2019
Due date:
% Done:
0%
Estimated time:
Detected in build:
svn
Platform:
Published in build:
Description
All relevant files are attached to the issue, but I can't reproduce it myself.
Log:
CIF: NORMAL: Debug level is set to 'DEBUG'.
CIF: DEBUG: Options '--debug ALL --in /home/shchepetkov/work/run/clade/linux-5.0-allmodconfig-nightly-new/clade/Storage/home/shchepetkov/work/run/clade/linux-5.0-allmodconfig/linux-5.0/drivers/usb/gadget/udc/udc-xilinx.c --aspect /home/shchepetkov/work/git/clade/clade/extensions/info/info.aspect --back-end src --stage instrumentation --out /tmp/tmpxucvdywp/30308/udc-xilinx.c.o' were passed to script through command-line.
CIF: DEBUG: Options '"-nostdinc" "-isystem" "/home/shchepetkov/work/run/clade/linux-5.0-allmodconfig-nightly-new/clade/Storage/usr/lib/gcc/x86_64-linux-gnu/8/include" "-I./arch/x86/include" "-I./arch/x86/include/generated" "-I./include" "-I./arch/x86/include/uapi" "-I./arch/x86/include/generated/uapi" "-I./include/uapi" "-I./include/generated/uapi" "-include" "./include/linux/kconfig.h" "-include" "./include/linux/compiler_types.h" "-D__KERNEL__" "-DCONFIG_X86_X32_ABI" "-DCONFIG_AS_CFI=1" "-DCONFIG_AS_CFI_SIGNAL_FRAME=1" "-DCONFIG_AS_CFI_SECTIONS=1" "-DCONFIG_AS_FXSAVEQ=1" "-DCONFIG_AS_SSSE3=1" "-DCONFIG_AS_AVX=1" "-DCONFIG_AS_AVX2=1" "-DCONFIG_AS_AVX512=1" "-DCONFIG_AS_SHA1_NI=1" "-DCONFIG_AS_SHA256_NI=1" "-O2" "-DCC_USING_FENTRY" "-DDEBUG" "-DVERBOSE_DEBUG" "-DMODULE" "-DKBUILD_BASENAME=\"udc_xilinx\"" "-DKBUILD_MODNAME=\"udc_xilinx\"" "-Dvector_size(x)="' will be passed to aspectator as is (note that these options are processed by your interpreter before passing to CIF, so don't forget about proper escaping).
CIF: DEBUG: CIF will perform all stages up to 'instrumentation' stage.
CIF: DEBUG: File '/home/shchepetkov/work/run/clade/linux-5.0-allmodconfig-nightly-new/clade/Storage/home/shchepetkov/work/run/clade/linux-5.0-allmodconfig/linux-5.0/drivers/usb/gadget/udc/udc-xilinx.c' will be instrumented or passed through C-backend.
CIF: DEBUG: Aspect file '/home/shchepetkov/work/git/clade/clade/extensions/info/info.aspect' will be used for instrumentation.
CIF: DEBUG: Output will be put to file '/tmp/tmpxucvdywp/30308/udc-xilinx.c.o' at 'compilation' stage.
CIF: DEBUG: Default aspectator '/home/shchepetkov/work/inst/cif/bin/aspectator' will be used.
CIF: DEBUG: ********* aspect preprocessing *********
CIF: DEBUG: Execute 'LDV_STAGE=0 LDV_ASPECT_FILE="/home/shchepetkov/work/git/clade/clade/extensions/info/info.aspect" /home/shchepetkov/work/inst/cif/bin/aspectator -fno-builtin -E -undef -nostdinc -C -x c "/home/shchepetkov/work/git/clade/clade/extensions/info/info.aspect" -o "/tmp/tmpxucvdywp/30308/udc-xilinx.c.o.info.aspect.i"'.
CIF: DEBUG: Execute 'sed -i.bak 's/@/#/g' "/tmp/tmpxucvdywp/30308/udc-xilinx.c.o.info.aspect.i"'.
CIF: DEBUG: ********* file preparation *********
CIF: DEBUG: Execute 'LDV_STAGE=1 LDV_ASPECT_FILE="/tmp/tmpxucvdywp/30308/udc-xilinx.c.o.info.aspect.i" /home/shchepetkov/work/inst/cif/bin/aspectator "-nostdinc" "-isystem" "/home/shchepetkov/work/run/clade/linux-5.0-allmodconfig-nightly-new/clade/Storage/usr/lib/gcc/x86_64-linux-gnu/8/include" "-I./arch/x86/include" "-I./arch/x86/include/generated" "-I./include" "-I./arch/x86/include/uapi" "-I./arch/x86/include/generated/uapi" "-I./include/uapi" "-I./include/generated/uapi" "-include" "./include/linux/kconfig.h" "-include" "./include/linux/compiler_types.h" "-D__KERNEL__" "-DCONFIG_X86_X32_ABI" "-DCONFIG_AS_CFI=1" "-DCONFIG_AS_CFI_SIGNAL_FRAME=1" "-DCONFIG_AS_CFI_SECTIONS=1" "-DCONFIG_AS_FXSAVEQ=1" "-DCONFIG_AS_SSSE3=1" "-DCONFIG_AS_AVX=1" "-DCONFIG_AS_AVX2=1" "-DCONFIG_AS_AVX512=1" "-DCONFIG_AS_SHA1_NI=1" "-DCONFIG_AS_SHA256_NI=1" "-O2" "-DCC_USING_FENTRY" "-DDEBUG" "-DVERBOSE_DEBUG" "-DMODULE" "-DKBUILD_BASENAME=\"udc_xilinx\"" "-DKBUILD_MODNAME=\"udc_xilinx\"" "-Dvector_size(x)=" -fno-builtin -E -x c "/home/shchepetkov/work/run/clade/linux-5.0-allmodconfig-nightly-new/clade/Storage/home/shchepetkov/work/run/clade/linux-5.0-allmodconfig/linux-5.0/drivers/usb/gadget/udc/udc-xilinx.c" -o "/tmp/tmpxucvdywp/30308/udc-xilinx.c.o.prepared"'.
CIF: DEBUG: ********* macro instrumentation *********
CIF: DEBUG: Execute 'LDV_STAGE=2 LDV_ASPECT_FILE="/tmp/tmpxucvdywp/30308/udc-xilinx.c.o.info.aspect.i" /home/shchepetkov/work/inst/cif/bin/aspectator -I "/home/shchepetkov/work/run/clade/linux-5.0-allmodconfig-nightly-new/clade/Storage/home/shchepetkov/work/run/clade/linux-5.0-allmodconfig/linux-5.0/drivers/usb/gadget/udc" "-nostdinc" "-isystem" "/home/shchepetkov/work/run/clade/linux-5.0-allmodconfig-nightly-new/clade/Storage/usr/lib/gcc/x86_64-linux-gnu/8/include" "-I./arch/x86/include" "-I./arch/x86/include/generated" "-I./include" "-I./arch/x86/include/uapi" "-I./arch/x86/include/generated/uapi" "-I./include/uapi" "-I./include/generated/uapi" "-include" "./include/linux/kconfig.h" "-include" "./include/linux/compiler_types.h" "-D__KERNEL__" "-DCONFIG_X86_X32_ABI" "-DCONFIG_AS_CFI=1" "-DCONFIG_AS_CFI_SIGNAL_FRAME=1" "-DCONFIG_AS_CFI_SECTIONS=1" "-DCONFIG_AS_FXSAVEQ=1" "-DCONFIG_AS_SSSE3=1" "-DCONFIG_AS_AVX=1" "-DCONFIG_AS_AVX2=1" "-DCONFIG_AS_AVX512=1" "-DCONFIG_AS_SHA1_NI=1" "-DCONFIG_AS_SHA256_NI=1" "-O2" "-DCC_USING_FENTRY" "-DDEBUG" "-DVERBOSE_DEBUG" "-DMODULE" "-DKBUILD_BASENAME=\"udc_xilinx\"" "-DKBUILD_MODNAME=\"udc_xilinx\"" "-Dvector_size(x)=" -fno-builtin -E -x c "/tmp/tmpxucvdywp/30308/udc-xilinx.c.o.prepared" -o "/tmp/tmpxucvdywp/30308/udc-xilinx.c.o.macroinstrumented"'.
CIF: DEBUG: ********* instrumentation *********
CIF: DEBUG: Execute 'LDV_STAGE=3 LDV_ASPECT_FILE="/tmp/tmpxucvdywp/30308/udc-xilinx.c.o.info.aspect.i" LDV_OUT="/tmp/tmpxucvdywp/30308/udc-xilinx.c.o.instrumented" /home/shchepetkov/work/inst/cif/bin/aspectator "-nostdinc" "-isystem" "/home/shchepetkov/work/run/clade/linux-5.0-allmodconfig-nightly-new/clade/Storage/usr/lib/gcc/x86_64-linux-gnu/8/include" "-I./arch/x86/include" "-I./arch/x86/include/generated" "-I./include" "-I./arch/x86/include/uapi" "-I./arch/x86/include/generated/uapi" "-I./include/uapi" "-I./include/generated/uapi" "-include" "./include/linux/kconfig.h" "-include" "./include/linux/compiler_types.h" "-D__KERNEL__" "-DCONFIG_X86_X32_ABI" "-DCONFIG_AS_CFI=1" "-DCONFIG_AS_CFI_SIGNAL_FRAME=1" "-DCONFIG_AS_CFI_SECTIONS=1" "-DCONFIG_AS_FXSAVEQ=1" "-DCONFIG_AS_SSSE3=1" "-DCONFIG_AS_AVX=1" "-DCONFIG_AS_AVX2=1" "-DCONFIG_AS_AVX512=1" "-DCONFIG_AS_SHA1_NI=1" "-DCONFIG_AS_SHA256_NI=1" "-O2" "-DCC_USING_FENTRY" "-DDEBUG" "-DVERBOSE_DEBUG" "-DMODULE" "-DKBUILD_BASENAME=\"udc_xilinx\"" "-DKBUILD_MODNAME=\"udc_xilinx\"" "-Dvector_size(x)=" -fno-builtin -fsyntax-only -x cpp-output "/tmp/tmpxucvdywp/30308/udc-xilinx.c.o.macroinstrumented" -o "/tmp/tmpxucvdywp/30308/udc-xilinx.c.o.instrumented"'.
In file included from ./arch/x86/include/asm/msr.h:246:0,
from ./arch/x86/include/asm/processor.h:21,
from ./include/linux/mutex.h:19,
from ./include/linux/kernfs.h:13,
from ./include/linux/sysfs.h:16,
from ./include/linux/kobject.h:20,
from ./include/linux/device.h:16,
from /home/shchepetkov/work/run/clade/linux-5.0-allmodconfig-nightly-new/clade/Storage/home/shchepetkov/work/run/clade/linux-5.0-allmodconfig/linux-5.0/drivers/usb/gadget/udc/udc-xilinx.c:15:
./arch/x86/include/asm/paravirt.h: In function ‘paravirt_steal_clock’:
./arch/x86/include/asm/paravirt.h:36:2190: internal compiler error: Segmentation fault
return PVOP_CALL1(u64, time.steal_clock, cpu);
^
0xa545ff crash_signal
../../aspectator/gcc/toplev.c:350
0xa44e57 resolve_asm_operand_names(tree_node*, tree_node*, tree_node*, tree_node*)
../../aspectator/gcc/stmt.c:660
0x617955 build_asm_expr(unsigned int, tree_node*, tree_node*, tree_node*, tree_node*, tree_node*, bool)
../../aspectator/gcc/c/c-typeck.c:9700
0x636d29 c_parser_asm_statement
../../aspectator/gcc/c/c-parser.c:6368
0x636d29 c_parser_statement_after_labels
../../aspectator/gcc/c/c-parser.c:5466
0x6372a4 c_parser_compound_statement_nostart
../../aspectator/gcc/c/c-parser.c:5068
0x6379be c_parser_compound_statement
../../aspectator/gcc/c/c-parser.c:4901
0x63573a c_parser_statement_after_labels
../../aspectator/gcc/c/c-parser.c:5377
0x6368d3 c_parser_else_body
../../aspectator/gcc/c/c-parser.c:5689
0x6368d3 c_parser_if_statement
../../aspectator/gcc/c/c-parser.c:5801
0x6368d3 c_parser_statement_after_labels
../../aspectator/gcc/c/c-parser.c:5383
0x6372a4 c_parser_compound_statement_nostart
../../aspectator/gcc/c/c-parser.c:5068
0x63ac94 c_parser_postfix_expression
../../aspectator/gcc/c/c-parser.c:7827
0x62900a c_parser_unary_expression
../../aspectator/gcc/c/c-parser.c:7210
0x629ce7 c_parser_cast_expression
../../aspectator/gcc/c/c-parser.c:7042
0x629ef2 c_parser_binary_expression
../../aspectator/gcc/c/c-parser.c:6851
0x62a9a5 c_parser_conditional_expression
../../aspectator/gcc/c/c-parser.c:6619
0x62aea0 c_parser_expr_no_commas
../../aspectator/gcc/c/c-parser.c:6536
0x62b102 c_parser_expression
../../aspectator/gcc/c/c-parser.c:8737
0x62c729 c_parser_expression_conv
../../aspectator/gcc/c/c-parser.c:8770
Please submit a full bug report,
with preprocessed source if appropriate.
Please include the complete backtrace with any bug report.
See <https://gcc.gnu.org/bugs/> for instructions.
Aspectator failed at '3' stage.
CIF: DEBUG: Remove intermediate files.
Launch command:
CIF_INFO_DIR=/home/shchepetkov/work/run/clade/linux-5.0-allmodconfig-nightly-new/clade/Info/output C_FILE=/home/shchepetkov/work/run/clade/linux-5.0-allmodconfig/linux-5.0/drivers/usb/gadget/udc/udc-xilinx.c LDV_STAGE=3 LDV_ASPECT_FILE="/tmp/tmpxucvdywp/30308/udc-xilinx.c.o.info.aspect.i" LDV_OUT="/tmp/tmpxucvdywp/30308/udc-xilinx.c.o.instrumented" /home/shchepetkov/work/inst/cif/bin/aspectator "-nostdinc" "-isystem" "/home/shchepetkov/work/run/clade/linux-5.0-allmodconfig-nightly-new/clade/Storage/usr/lib/gcc/x86_64-linux-gnu/8/include" "-I./arch/x86/include" "-I./arch/x86/include/generated" "-I./include" "-I./arch/x86/include/uapi" "-I./arch/x86/include/generated/uapi" "-I./include/uapi" "-I./include/generated/uapi" "-include" "./include/linux/kconfig.h" "-include" "./include/linux/compiler_types.h" "-D__KERNEL__" "-DCONFIG_X86_X32_ABI" "-DCONFIG_AS_CFI=1" "-DCONFIG_AS_CFI_SIGNAL_FRAME=1" "-DCONFIG_AS_CFI_SECTIONS=1" "-DCONFIG_AS_FXSAVEQ=1" "-DCONFIG_AS_SSSE3=1" "-DCONFIG_AS_AVX=1" "-DCONFIG_AS_AVX2=1" "-DCONFIG_AS_AVX512=1" "-DCONFIG_AS_SHA1_NI=1" "-DCONFIG_AS_SHA256_NI=1" "-O2" "-DCC_USING_FENTRY" "-DDEBUG" "-DVERBOSE_DEBUG" "-DMODULE" "-DKBUILD_BASENAME=\"udc_xilinx\"" "-DKBUILD_MODNAME=\"udc_xilinx\"" "-Dvector_size(x)=" -fno-builtin -fsyntax-only -x cpp-output "/tmp/tmpxucvdywp/30308/udc-xilinx.c.o.macroinstrumented" -o "/tmp/tmpxucvdywp/30308/udc-xilinx.c.o.instrumented"
Files
Updated by Ilya Shchepetkov almost 5 years ago
- Priority changed from Normal to Urgent
The priority should be higher, or Evgeny will do nothing about the issue.
Updated by Ilya Shchepetkov almost 5 years ago
After adding -fshort-wchar option all such segmentation faults are inexplicably gone. Please reject this issue since I cannot do it myself.
Updated by Evgeny Novikov almost 5 years ago
I will try to catch the issue under debugger and valgrind. Nondeterministic segmentation faults are the worst things to ignore.
Updated by Evgeny Novikov almost 5 years ago
- Subject changed from Nondeterministic segmentation fault on Linux 5.0 to Fix hash table slot use after grow
- Status changed from New to Closed
I fixed the issue in 8b4749e. Thank you for revealing it and providing data. For it Valgrind deterministically demonstrated different errors depending on using option "-fshort-wchar". So, this option does not help actually but it may workaround the issue surprisingly.
The reason of this issue was rather tricky. First a slot in a hash table was found. Then a new element was added into the hash table and a value from the first slot was assigned to the new one. Indeed, after adding a new slot a hash table may grow that causes its refilling, so that information on the first slot becomes irrelevant. Corresponding failures seem like use after free (very strange failures with unclear reasons). "Fortunately" the issue didn't appear often since the specified sequence of operations takes place just for some specific strings of inline Assembler and it was necessary to catch a hash table grow.
Updated by Ilya Shchepetkov almost 5 years ago
Can confirm that the issue is fixed.
Actions