On Tue, Nov 05, 2019 at 11:19:08AM +0100, Alexander Potapenko wrote:
> On Tue, Nov 5, 2019 at 9:06 AM Thibaut Sautereau
> <thibaut.sautereau@clip-os.org> wrote:
> >
> > On Mon, Nov 04, 2019 at 09:33:18AM -0800, Eric Dumazet wrote:
> > >
> > >
> > > On 11/4/19 9:03 AM, Thibaut Sautereau wrote:
> > > >
> > > > We first encountered this issue under huge network traffic (system image
> > > > download), and I was able to reproduce by simply sending a big packet
> > > > with `ping -s 65507 <ip>`, which crashes the kernel every single time.
> > > >
> > >
> > > Since you have a repro, could you start a bisection ?
> >
> > From my previous email:
> >
> >         "Bisection points to the following commit: 1b7e816fc80e ("mm: slub:
> >         Fix slab walking for init_on_free"), and indeed the BUG is not
> >         triggered when init_on_free is disabled."
> >
> > Or are you meaning something else?
> Could you please give more specific reproduction steps?
> I've checked out v5.3.8 from
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git, ran
> `make defconfig` and added CONFIG_SLUB_DEBUG_ON=y.
> Then I've built the kernel, ran it on QEMU with slub_debug=F and
> init_on_free=1, SSHed into the machine and executed `ping -s 65507
> 127.0.0.1`
> This however didn't trigger any crashes.
> Am I missing something?

I cannot reproduce either when pinging the loopback interface. Please
try pinging another machine.

I also attached the kernel configuration I use in a QEMU VM to reproduce
the bug, as well as the VM's settings.

Loaded modules listed in the kernel panic trace are:
	virtio_scsi virtio_net net_failover failover virtio_mmio
	virtio_input virtio_gpu virtio_crypto crypto_engine virtio_console
	virtio_balloon uhci_hcd uas usb_storage rtc_cmos qxl qemu_fw_cfg
	psmouse mousedev ehci_pci ehci_hcd button bochs_drm drm_vram_helper
	ttm virtio_rng

Hope this helps,

-- 
Thibaut Sautereau
CLIP OS developer