From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 84D50C433FE
	for <linux-mm@archiver.kernel.org>; Wed, 12 Oct 2022 21:07:30 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id CD4FA6B0071; Wed, 12 Oct 2022 17:07:29 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id C836A6B0073; Wed, 12 Oct 2022 17:07:29 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id B252D6B0074; Wed, 12 Oct 2022 17:07:29 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14])
	by kanga.kvack.org (Postfix) with ESMTP id 9FF1D6B0071
	for <linux-mm@kvack.org>; Wed, 12 Oct 2022 17:07:29 -0400 (EDT)
Received: from smtpin20.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay03.hostedemail.com (Postfix) with ESMTP id 6909BA1215
	for <linux-mm@kvack.org>; Wed, 12 Oct 2022 21:07:29 +0000 (UTC)
X-FDA: 80013533418.20.BEB91D8
Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75])
	by imf14.hostedemail.com (Postfix) with ESMTP id E6ACE10001C
	for <linux-mm@kvack.org>; Wed, 12 Oct 2022 21:07:27 +0000 (UTC)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ams.source.kernel.org (Postfix) with ESMTPS id D088BB8161D;
	Wed, 12 Oct 2022 21:07:25 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 75151C433D6;
	Wed, 12 Oct 2022 21:07:24 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linux-foundation.org;
	s=korg; t=1665608844;
	bh=biag1swUwokIN/xIvjLt3+O1PtANgMFTYQBZrYP2aLc=;
	h=Date:From:To:Cc:Subject:In-Reply-To:References:From;
	b=2Hw3VeMk1ybU0L/TQJL7kvLFcdLYeXPSin997VWQ+kJsqKRoTZSi7JR/ZZNSosTXd
	 oM7E9YX4d8MmIrkPm+wpd2ZxLI3Rucacww5MUZM+XRDVOvL4vPrOUjP1VlIodP86bS
	 fRHFWwX6mg4dGRn7DRAu9YESCd0PasLqUHpc5IC4=
Date: Wed, 12 Oct 2022 14:07:23 -0700
From: Andrew Morton <akpm@linux-foundation.org>
To: syzbot <syzbot+12320e263831dd4ddb91@syzkaller.appspotmail.com>
Cc: linux-kernel@vger.kernel.org, linux-mm@kvack.org,
 netdev@vger.kernel.org, syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] KASAN: use-after-free Read in register_shrinker
Message-Id: <20221012140723.8aa014105efab04c5206e072@linux-foundation.org>
In-Reply-To: <0000000000004655fa05ead5c9f6@google.com>
References: <0000000000004655fa05ead5c9f6@google.com>
X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.33; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1665608848;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=xI4iTVNHplZIkKTJauGI9e9/ILqx7uz1LSK7y/hJsbc=;
	b=k0Ws1y0Au/xamezshVkv1sYORAmMcGqWyYr/EXI5gYPiibyMSkAjwbDGDoWnAC/s1nXgMo
	UbVxpCCMFO4+2eBpuwslVSuGshjtxaCrR2W9XCVuRQIlYpUQQCCorEThYjg0YZUDah11UJ
	RrgOntL9bQA+27XEENMp9H7GU9qP/g0=
ARC-Authentication-Results: i=1;
	imf14.hostedemail.com;
	dkim=pass header.d=linux-foundation.org header.s=korg header.b=2Hw3VeMk;
	spf=pass (imf14.hostedemail.com: domain of akpm@linux-foundation.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=akpm@linux-foundation.org;
	dmarc=none
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1665608848; a=rsa-sha256;
	cv=none;
	b=MA25+lCcd/yXlZxj+UHHL4px9puekRmXNryoXtcxd/ZW2fGrDaioYjcENSFCwLHpdeMt3L
	uNFVpa76xMxFAd/GpGfRPjNFfoH7yYf4PSv+W6hpk3wJZhQVz8S5XBD78c4K1Db1VMpekv
	aDU5Gur9nvFcTfRNgNArR3nLbl0GCas=
X-Rspam-User: 
X-Rspamd-Queue-Id: E6ACE10001C
X-Stat-Signature: 89tou5dn3j8ujt3ugzt4suixqqqs5ayh
Authentication-Results: imf14.hostedemail.com;
	dkim=pass header.d=linux-foundation.org header.s=korg header.b=2Hw3VeMk;
	spf=pass (imf14.hostedemail.com: domain of akpm@linux-foundation.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=akpm@linux-foundation.org;
	dmarc=none
X-Rspamd-Server: rspam10
X-HE-Tag: 1665608847-330700
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Wed, 12 Oct 2022 05:46:49 -0700 syzbot <syzbot+12320e263831dd4ddb91@syzkaller.appspotmail.com> wrote:

> Hello,
> 
> syzbot found the following issue on:
> 
> HEAD commit:    2e30960097f6 bpf, x64: Remove unnecessary check on existen..
> git tree:       bpf-next
> console output: https://syzkaller.appspot.com/x/log.txt?x=15934fbc880000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=796b7c2847a6866a
> dashboard link: https://syzkaller.appspot.com/bug?extid=12320e263831dd4ddb91
> compiler:       gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=1055b15c880000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=1018112a880000
> 
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/f0f073bdb6eb/disk-2e309600.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/6062312f63fe/vmlinux-2e309600.xz
> 
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+12320e263831dd4ddb91@syzkaller.appspotmail.com
> 
> ==================================================================
> BUG: KASAN: use-after-free in __list_add_valid+0xa5/0xb0 lib/list_debug.c:30
> Read of size 8 at addr ffff8880775905c8 by task syz-executor328/3786
> 
> CPU: 1 PID: 3786 Comm: syz-executor328 Not tainted 6.0.0-syzkaller-02744-g2e30960097f6 #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
> Call Trace:
>  <TASK>
>  __dump_stack lib/dump_stack.c:88 [inline]
>  dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
>  print_address_description mm/kasan/report.c:317 [inline]
>  print_report.cold+0x2ba/0x719 mm/kasan/report.c:433
>  kasan_report+0xb1/0x1e0 mm/kasan/report.c:495
>  __list_add_valid+0xa5/0xb0 lib/list_debug.c:30
>  __list_add include/linux/list.h:69 [inline]
>  list_add_tail include/linux/list.h:102 [inline]
>  register_shrinker_prepared mm/vmscan.c:684 [inline]

I trust that tree didn't have this fix?

commit bd86c69dae65de30f6d47249418ba7889809e31a
Author: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Date:   Mon Oct 10 14:59:02 2022 +0900

    NFSD: unregister shrinker when nfsd_init_net() fails