Crashes with CONFIG_SLAB_FREELIST_RANDOM

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Andreas Schwab <schwab@suse.de>
To: linux-riscv@lists.infradead.org
Subject: Crashes with CONFIG_SLAB_FREELIST_RANDOM
Date: Mon, 04 May 2020 13:30:32 +0200	[thread overview]
Message-ID: <mvmh7wwq6nb.fsf@suse.de> (raw)

When enabling CONFIG_SLAB_FREELIST_RANDOM, the kernel frequently crashes
pretty early:

[    0.165922] Unable to handle kernel paging request at virtual address 00000016e1694827
[    0.173081] Oops [#1]
[    0.175308] Modules linked in:
[    0.178353] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.6.6-212-default #1 openSUSE Tumbleweed (unreleased)
[    0.188074] epc: ffffffe00016f40a ra : ffffffe00016f44c sp : ffffffe1f6ae9c90
[    0.195193]  gp : ffffffe0009ae600 tp : ffffffe1f6ae3480 t0 : ffffffe1f6c19c80
[    0.202398]  t1 : 0000000000000000 t2 : 000000000000f8b7 s0 : ffffffe1f6ae9cd0
[    0.209605]  s1 : ffffffe1f6a036c0 a0 : 0000000000000000 a1 : 00000000000002e1
[    0.216811]  a2 : ffffffe000a08c18 a3 : 7fda5816e1694827 a4 : 00000001f7d06000
[    0.224017]  a5 : 00000001f7d06000 a6 : ffffffe1f6c19c00 a7 : 0000000000ff0000
[    0.231224]  s2 : 0000000000000cc0 s3 : ffffffe00043262a s4 : 7fda5816e1694827
[    0.238429]  s5 : ffffffe1f6a1a800 s6 : 0000000000000000 s7 : 0000000000000038
[    0.245636]  s8 : ffffffe00018a674 s9 : ffffffe00018ab60 s10: ffffffe1f6c19c00
[    0.252842]  s11: 000000000000000a t3 : ff633e17173e647f t4 : 000000f600000000
[    0.260047]  t5 : 000000ff00000000 t6 : ffffffe1f6c34258
[    0.265344] status: 0000000200000120 badaddr: 00000016e1694827 cause: 000000000000000d
[    0.273289] ---[ end trace 703a116d0e920a95 ]---

I think that means there is a use-after-free somewhere.

Andreas.

-- 
Andreas Schwab, SUSE Labs, schwab@suse.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE  1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."

next             reply	other threads:[~2020-05-04 11:30 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-05-04 11:30 Andreas Schwab [this message]
2020-05-04 14:47 ` Crashes with CONFIG_SLAB_FREELIST_RANDOM David Abdurachmanov
2020-05-06 21:21   ` Palmer Dabbelt
2020-05-06 21:59     ` Andreas Schwab
2020-05-15 18:57       ` Palmer Dabbelt
2020-05-16 13:33         ` Andreas Schwab
2020-06-04 14:14           ` David Abdurachmanov
2020-06-04 17:15             ` Andreas Schwab

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=mvmh7wwq6nb.fsf@suse.de \
    --to=schwab@suse.de \
    --cc=linux-riscv@lists.infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.