From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 058C0C02183 for ; Fri, 17 Jan 2025 02:13:36 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 720376B0082; Thu, 16 Jan 2025 21:13:36 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 6D0206B0085; Thu, 16 Jan 2025 21:13:36 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 596EF6B0088; Thu, 16 Jan 2025 21:13:36 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 3B57A6B0082 for ; Thu, 16 Jan 2025 21:13:36 -0500 (EST) Received: from smtpin09.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id DA12A46635 for ; Fri, 17 Jan 2025 02:13:35 +0000 (UTC) X-FDA: 83015322390.09.328E822 Received: from smtpbguseast3.qq.com (smtpbguseast3.qq.com [54.243.244.52]) by imf11.hostedemail.com (Postfix) with ESMTP id 4CFB240003 for ; Fri, 17 Jan 2025 02:13:30 +0000 (UTC) Authentication-Results: imf11.hostedemail.com; dkim=pass header.d=m.fudan.edu.cn header.s=sorc2401 header.b="jmZ/MAk2"; dmarc=pass (policy=reject) header.from=m.fudan.edu.cn; spf=pass (imf11.hostedemail.com: domain of huk23@m.fudan.edu.cn designates 54.243.244.52 as permitted sender) smtp.mailfrom=huk23@m.fudan.edu.cn ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1737080012; a=rsa-sha256; cv=none; b=CslIqTy0fvQzps6eOGGcVG3eRYp8N+cH2FGpxk0eO1DAlBnwtYt3VOhf2mi2puwUPYjkT2 QoZ7WlJnDoGPR3PZnrb3zcBBtyFdLC+5zTGbWry3nDzDDr045lYkyvDCKV76q3R6hG1hRZ PkpadpSpmepPpF7lK3pgDcjIoyR0y1M= ARC-Authentication-Results: i=1; imf11.hostedemail.com; dkim=pass header.d=m.fudan.edu.cn header.s=sorc2401 header.b="jmZ/MAk2"; dmarc=pass (policy=reject) header.from=m.fudan.edu.cn; spf=pass (imf11.hostedemail.com: domain of huk23@m.fudan.edu.cn designates 54.243.244.52 as permitted sender) smtp.mailfrom=huk23@m.fudan.edu.cn ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1737080012; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=bhmx9YcUgVx37WzHiaWSNUrGsKLahdRBi0UhS84Bhls=; b=bFJ5d4uLAs6sGNzZ+cINNyIiJqJysKpwKpeu39sKqNfHjBcfYFbrCCAlS39o4E4Coq9J8O j9pwUKTovNjCJ6E5YtW2fzgHO8z3mPj2T0DcTdl1LiZ8o5x/8hukIWREPD5ungBeJv9nm0 gRtNp2w3Y5C9FOhC0vLfDWz2/r929qY= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=m.fudan.edu.cn; s=sorc2401; t=1737079999; bh=bhmx9YcUgVx37WzHiaWSNUrGsKLahdRBi0UhS84Bhls=; h=From:Mime-Version:Subject:Date:Message-Id:To; b=jmZ/MAk2peYMeCX102GEgkphq3hN7m/qL3zDuTcLUs1tAnCoRlvI9eYVQyiDJr+KE RuZJbrLRg8BFDP1bUv3MWfLRtklFcxms7zlHOB/TjlAUNn0I5dRmWRskuFbwwJi0Ez +ugfDMEVPXbytaNLAJ09Exq7B5t383VvTOqvPwbA= X-QQ-mid: bizesmtpsz8t1737079997tfwdrzg X-QQ-Originating-IP: m0/ALNPqX3+4vZZBAyr148p7ZoAJv1p7Nw8DQpjkqWc= Received: from smtpclient.apple ( [223.160.206.125]) by bizesmtp.qq.com (ESMTP) with id ; Fri, 17 Jan 2025 10:13:15 +0800 (CST) X-QQ-SSF: 0000000000000000000000000000000 X-QQ-GoodBg: 0 X-BIZMAIL-ID: 11761302335823016136 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable From: Fudam Mime-Version: 1.0 (1.0) Subject: Re: [syzbot] [mm?] KASAN: slab-use-after-free Read in __mmap_region Date: Fri, 17 Jan 2025 10:13:04 +0800 Message-Id: <76FC6EA6-CB17-4E3B-B1E5-D7FC13B6E3CA@m.fudan.edu.cn> References: Cc: akpm@linux-foundation.org, lorenzo.stoakes@oracle.com, vbabka@suse.cz, jannh@google.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org, jjtan24@m.fudan.edu.cn In-Reply-To: To: "Liam R. Howlett" X-Mailer: iPhone Mail (22C152) X-QQ-SENDSIZE: 520 Feedback-ID: bizesmtpsz:m.fudan.edu.cn:qybglogicsvrgz:qybglogicsvrgz8a-1 X-QQ-XMAILINFO: NXGlhOToSFNjib2YP+x9Bg2GWNCguhfJiyW+CdRZAXrSVM685q2LWkcZ 0pVoKRua44XjVOamgpQonLpRotHgo+D0/d1JkYNFvOCTC60uTqc9RXaxHDtswRLde85DDZ5 dhfoqfj8ZObrgfI4ZSgv2K5rX+trdo4YwP3YJN3rYVJeqSzkyyoipwLL8WbfEGX4rIaDszo vhUC7LEDfgygF6rMmK1ebLSDVE41nb4u6zjtleopRBHMCv8tftviT91mMI0vBa8IBnPGV1x 6ewc8t5H+itu8R6Rrtm+ShG2P7ft9d20Hdj3+G0kFFUjCXmvO1EWEq1HAatsG47a5v7zv0a 3OP3NzBC58IVpu0GPuSYMaykwhn09FAKw1Gje56Rtdf+VNwwyqFQzCs1tM20/oCullu2I7U ZeWQ0TDO+XUiM3PS42pWJfpz5ojAJ0GVqxbbuN6xFOWpYfJyqPEY4wkoxjQGXXhJClKR/6A /maTjT9pynHSzp+UxDkHhXU98sp46/LAxaKN4BitZ0Flny2GPr2dp8RM3GkyFAEwpjKcTdH YposyLBJlrRWTsrACeCuezwXZsUBT7EzvQJTI+s8hLjbXHXEoi4Uyh/e1pjnr+6BMs0dq4h zWTJtQd9h6zLJVt7dAIPsXk/x1w3CpB0kVJrkJKFudAe7nigNajOlpYGeRBw3T7gjmSKGHr c1YqZ6ZyM3H7LWt/sOG/EP2wmKPKWcHBg2d7UUB+Z0NsOxscfuLN8zfVuX2F1TqN7cn5lvJ FRXeVX+GgT1qo5cNy2rzfNmAz5IuYVsXNzC5dLnc1sPFcmblmTpuyW4iMETeciIya8c9t1j G4sLOckjo9X/6G95nkevv4MlUyF2/0F1WoUsDZsRTkdXVOyNOZzRD2QQp+L/imjMnYY/PL3 PpV2OSW9z/EPw+i6izRIy+rlBkEtiMKP7K3aQVZso51LWeXvi0BpRDuWpX6jXFDpp5lbSpZ qAym0Dv8jlpfFx6Cc05LCRQLbu6ko5Z7z0V4= X-QQ-XMRINFO: Mp0Kj//9VHAxr69bL5MkOOs= X-QQ-RECHKSPAM: 0 X-Rspam-User: X-Rspamd-Server: rspam01 X-Rspamd-Queue-Id: 4CFB240003 X-Stat-Signature: 8rgq8dnrrf6ubakbf5chy9kynqtz8fke X-HE-Tag: 1737080010-615353 X-HE-Meta: U2FsdGVkX1+t+jqfcP3P4EEyPi5D658uhSsgNhITwT+88SH3tiZfFyV9YwyxeG49m6OJG7yJ0t1V6FWv7dCTF7LRPDansIUkNFP6V8GA+O9V7/Jp5CAf26f96ixMzlYlPWhO+V2VWtQo/EBxLK9LT6HBjK9lS7/bWJyVaMesq9We5LmB3k4pGC+cH77YrvJSJY2CTtTwyaqKij5qD2dBp80osMLT3yBmm2JeurWe6k8l9W4jYFMeBTPLxSsz/gaMg2JwxJpZ2wqmWCFThWXafnmPWFWtwDqu9MxVbe+n6uY/uvrfGvrAUflLo6x58qyN8Qt/ZUkiNwR8codh31bHe45dKGT/40iGzrPO3gganh7+WVlJjIL7hsGSdwz9bpcHGykl7CQwQRCVK8WIQOC2NWcfIBGDzbzdcZJFzaa51O3e45LW/hQzyZNzrwLd6npbL9iYhEEn6hw/VNyUyNQm6spzrQoJnjo5BHS6tA76IAox1H0yNMbt17IJJD2CFMwc7mt/9h+ANnswZE7mzifdvR/9H5s7AcHgtuKhU8Wm77Vmt7ITqukyn+M7oFqoDPooa4HOLh7DbB2wF+cPzYERSTOU1wBjyzOOuq9kcBNxTQilqZty/dOLu7+aIUkLku5T0FMxNspSzcn0GFCZq8uyuYx2vTfGws4ACGOnK+BR8/uZFpOAM1clpuGGCmcDfpg/9ftxMuvmCB7pSbHP6zKNexQvm1tIkop9wPm1qDNapj80uQtQsmtBmB7YPJcVJNEHx2XcF9AN9QLUM0fmafXqc2nu3FeWv2uv6hXj5NikkDsXesLG5cVz4+cOwy+7r9DRiwpL7QqV3YosRSO85kXuuoXwqcFYWXFSvO4SAHbAkISDtEU4FNO24gRNr2IxFw97/n1JCk+OseTpcLPxnwgYI1L64b956xL2Wc2uBILlhi3pbUlwjbdpeoZAPePjPIXDzP5SQgV3nHFm6OLfUgJ 0Xa0Fbye yka3v2h/spkpTJn8iVcH3SDtT1CCuwUzBCFraplK4MztwW9vQmedLayoSzUyAer2qVzYN/CD9v+I7rRT6nx+CE36xG9GBbaOoaBVUe7uy50OSAhvvf9EtCZtbi1Lan+eEkJj4G1FoQ4fsh7QfPrfccj02vW8HER3IX8qG1yYNx9CwYDQkjBn9TchOS2KC94DnkP7PZ6hcsdOnP1DB4m+dNAwEeSVQBDKj04lGARnywntWV/cXhtLpLy/zlFgyZiiWhMWx/Mv0+zLKGnQVHZSiwKqXTykWa3lDpvwvuEy4VMw/R1v3v2THXTa9qXcRqU4AKUHnulTKhSant2AK/wy+S4tGLpgZ2g3FGu/ZOt5IwyYUwps69+rpm0oFlsCkVrcPun4Qhvpi0XDl/6FGWZ/DKL2BUEQcHgYXFEk9E2OEBrgQbAuQgsQ0cbbV8DbwClzzUN/0kUcAO3iqReb8LWbWmXVGfjh35iYz6hyrk4w5zshcGaB2dpW+LEy9unPfZQ/1IWuUA84UC4FRCZJq2pGIAUpcu5sXvvGjMh4ydQaBYcXKiJPH+w/4zOXeNyO45LqgZRxOfc7o3hfddjEVuyDOJEW6EscQ/NcbImM6 X-Bogosity: Ham, tests=bogofilter, spamicity=0.305543, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: > =E5=9C=A8 2025=E5=B9=B41=E6=9C=8817=E6=97=A5=EF=BC=8C03:29=EF=BC=8CLiam R.= Howlett =E5=86=99=E9=81=93=EF=BC=9A >=20 > =EF=BB=BF* Liam R. Howlett [241224 11:35]: >> * Kun Hu [241224 07:13]: >>> Hello, >>>=20 >>> When using fuzzer tool to fuzz the latest Linux kernel, the following cr= ash >>> was triggered. >>>=20 >>> HEAD commit: 78d4f34e2115b517bcbfe7ec0d018bbbb6f9b0b8 >>> git tree: upstream >>> Console output: https://drive.google.com/file/d/1_GxT_B3JkCE8Q6r6PGgG27u= Nn5cgzZm3/view?usp=3Dsharing >>> Kernel config: https://drive.google.com/file/d/1RhT5dFTs6Vx1U71PbpenN7TP= tnPoa3NI/view?usp=3Dsharing >>> C reproducer: https://drive.google.com/file/d/1zyZSM-hp1UInnE-AA9J3NXmMC= V7DCqgf/view?usp=3Dsharing >>> Syzlang reproducer: https://drive.google.com/file/d/1W0yvbKYi6GaAaG0YNeD= VacN3eEa8rxot/view?usp=3Dsharing >>>=20 >>> We are triggering the same issue and I hope this information is useful t= o you. If you fix this issue, please let me know. >>=20 >> The fix is on its way upstream. [1] >>=20 >> It is on the dashboard page of the syzbot report you are responding >> to... >>=20 >> It specifies the closes and reported-by in the commit. >>=20 >> Are you saying it happens with this fix or did you not test the fix? >=20 > Anything? Sorry for late, we=E2=80=99ve tested this issue for multiple rounds on v6.13= -rc7 and failed to reproduce the crash we reported. =E2=80=94=E2=80=94=E2=80=94=E2=80=94 Thanks, Kun=20 >=20 >>=20 >> Thanks, >> Liam >>=20 >> [1] https://lore.kernel.org/all/20241206215229.244413-1-lorenzo.stoakes@o= racle.com/T/ >=20