From c394f2a4df0c6a9ab41adc9bb5b5fe26bcd1b97d Mon Sep 17 00:00:00 2001
From: Breno Leitao <leitao@debian.org>
Date: Thu, 10 Oct 2024 05:36:35 -0700
Subject: [PATCH] mm, slab: Fix infinite loop at _slub_get_freelist()

In some cases, _slub_get_freelist() loops forever when ptr dereferences
to itself.

This causes instructions like the following to loop forever.  (I got
this with a vmcore)

	identify_address(prog, 18446613188003018408)

If I break if the pointer is already in the freelist-set, then, I can
get drgn unstuck:

>>> identify_address(prog, 18446613188003018408)
'slab object: sock_inode_cache+0x2a8'

Signed-off-by: Breno Leitao <leitao@debian.org>
---
 drgn/helpers/linux/slab.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drgn/helpers/linux/slab.py b/drgn/helpers/linux/slab.py
index f1b56dc9f..e88aec5f4 100644
--- a/drgn/helpers/linux/slab.py
+++ b/drgn/helpers/linux/slab.py
@@ -310,6 +310,8 @@ def _try_hardened_freelist_dereference(ptr_addr: int) -> int:
         def _slub_get_freelist(freelist: Object, freelist_set: Set[int]) -> None:
             ptr = freelist.value_()
             while ptr:
+                if ptr in freelist_set:
+                    break
                 freelist_set.add(ptr)
                 ptr = self._freelist_dereference(ptr + freelist_offset)