Crashes with CONFIG_SLAB_FREELIST_RANDOM

linux-riscv.lists.infradead.org archive mirror
 help / color / mirror / Atom feed

From: Andreas Schwab <schwab@suse.de>
To: linux-riscv@lists.infradead.org
Subject: Crashes with CONFIG_SLAB_FREELIST_RANDOM
Date: Mon, 04 May 2020 13:30:32 +0200	[thread overview]
Message-ID: <mvmh7wwq6nb.fsf@suse.de> (raw)

When enabling CONFIG_SLAB_FREELIST_RANDOM, the kernel frequently crashes
pretty early:

[    0.165922] Unable to handle kernel paging request at virtual address 00000016e1694827
[    0.173081] Oops [#1]
[    0.175308] Modules linked in:
[    0.178353] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.6.6-212-default #1 openSUSE Tumbleweed (unreleased)
[    0.188074] epc: ffffffe00016f40a ra : ffffffe00016f44c sp : ffffffe1f6ae9c90
[    0.195193]  gp : ffffffe0009ae600 tp : ffffffe1f6ae3480 t0 : ffffffe1f6c19c80
[    0.202398]  t1 : 0000000000000000 t2 : 000000000000f8b7 s0 : ffffffe1f6ae9cd0
[    0.209605]  s1 : ffffffe1f6a036c0 a0 : 0000000000000000 a1 : 00000000000002e1
[    0.216811]  a2 : ffffffe000a08c18 a3 : 7fda5816e1694827 a4 : 00000001f7d06000
[    0.224017]  a5 : 00000001f7d06000 a6 : ffffffe1f6c19c00 a7 : 0000000000ff0000
[    0.231224]  s2 : 0000000000000cc0 s3 : ffffffe00043262a s4 : 7fda5816e1694827
[    0.238429]  s5 : ffffffe1f6a1a800 s6 : 0000000000000000 s7 : 0000000000000038
[    0.245636]  s8 : ffffffe00018a674 s9 : ffffffe00018ab60 s10: ffffffe1f6c19c00
[    0.252842]  s11: 000000000000000a t3 : ff633e17173e647f t4 : 000000f600000000
[    0.260047]  t5 : 000000ff00000000 t6 : ffffffe1f6c34258
[    0.265344] status: 0000000200000120 badaddr: 00000016e1694827 cause: 000000000000000d
[    0.273289] ---[ end trace 703a116d0e920a95 ]---

I think that means there is a use-after-free somewhere.

Andreas.

-- 
Andreas Schwab, SUSE Labs, schwab@suse.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE  1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."

next             reply	other threads:[~2020-05-04 11:30 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-05-04 11:30 Andreas Schwab [this message]
2020-05-04 14:47 ` Crashes with CONFIG_SLAB_FREELIST_RANDOM David Abdurachmanov
2020-05-06 21:21   ` Palmer Dabbelt
2020-05-06 21:59     ` Andreas Schwab
2020-05-15 18:57       ` Palmer Dabbelt
2020-05-16 13:33         ` Andreas Schwab
2020-06-04 14:14           ` David Abdurachmanov
2020-06-04 17:15             ` Andreas Schwab

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=mvmh7wwq6nb.fsf@suse.de \
    --to=schwab@suse.de \
    --cc=linux-riscv@lists.infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).