From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id DD821EB64DA for ; Mon, 10 Jul 2023 07:48:38 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 4F3306B0072; Mon, 10 Jul 2023 03:48:38 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 4A3976B0074; Mon, 10 Jul 2023 03:48:38 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 36BA96B0075; Mon, 10 Jul 2023 03:48:38 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 228E16B0072 for ; Mon, 10 Jul 2023 03:48:38 -0400 (EDT) Received: from smtpin02.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id E0ADB802A4 for ; Mon, 10 Jul 2023 07:48:37 +0000 (UTC) X-FDA: 80994925074.02.A217660 Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29]) by imf18.hostedemail.com (Postfix) with ESMTP id A58431C0003 for ; Mon, 10 Jul 2023 07:48:35 +0000 (UTC) Authentication-Results: imf18.hostedemail.com; dkim=pass header.d=suse.cz header.s=susede2_rsa header.b=ufZzycZC; dkim=pass header.d=suse.cz header.s=susede2_ed25519 header.b="Mwyd/jn0"; spf=pass (imf18.hostedemail.com: domain of vbabka@suse.cz designates 195.135.220.29 as permitted sender) smtp.mailfrom=vbabka@suse.cz; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1688975316; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=fRpvaHVraWSmHTGJgS9clU+E/bcwnLOg/tYUV1kAHRE=; b=QH14PFM3L4oeSMhRTLSoPeGsgMTuzAuBTp4bXYC7J5OejkB2PtmAq4ZbCeOoQHK6DiTeUA tNNwuChCA3sVtvfneWc5cqrJgOwbyNCEouZmKJRjbxLOauzE0zRWz5gQaCC+Ll0Ib56Q7c HrVmvTRtuHeLPZhB2RRA7V3hcXztbE4= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1688975316; a=rsa-sha256; cv=none; b=dUoDbJtxlzXCEia2LE5PofF8IiL06D1ChvPAiBGhRri2XP8NR3hBjV81PKs7zum4UIbED6 H/zA+SwvycFw48ena2sYFNFbpiToN1QTdM2HRed4II0sw75fC3iVfHTHCGdktOcURmCu1m W84Xr7kOEp6jzBLdzu5C7EEXmSGQN7g= ARC-Authentication-Results: i=1; imf18.hostedemail.com; dkim=pass header.d=suse.cz header.s=susede2_rsa header.b=ufZzycZC; dkim=pass header.d=suse.cz header.s=susede2_ed25519 header.b="Mwyd/jn0"; spf=pass (imf18.hostedemail.com: domain of vbabka@suse.cz designates 195.135.220.29 as permitted sender) smtp.mailfrom=vbabka@suse.cz; dmarc=none Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id D2CE41F88C; Mon, 10 Jul 2023 07:48:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1688975313; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=fRpvaHVraWSmHTGJgS9clU+E/bcwnLOg/tYUV1kAHRE=; b=ufZzycZCEkPD2nrQoG4+dtHe8kA8EW77H029j9Xq3LHluFcZYhXXA7ej//80aRMG8s9xKl NQ1upAr5rQTL8Mza6HMyNujpPhCn8pLdHposlI6TZvTMthdpcIhqAzEOOkxH61AJ+h3sNu Kw6b1/rjRjtmOFTogWqqzowAK3o/Ht0= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1688975313; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=fRpvaHVraWSmHTGJgS9clU+E/bcwnLOg/tYUV1kAHRE=; b=Mwyd/jn03BMgejZI9arRq+bB0/xugZ61s1kGZVIDlAfkprKpO+1ahjdebxiVMlKSBY/WwJ LZWt8mKxiz9C2AAQ== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 9940B13A05; Mon, 10 Jul 2023 07:48:33 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id J7DCJNG3q2SRegAAMHmgww (envelope-from ); Mon, 10 Jul 2023 07:48:33 +0000 Message-ID: <81008a82-1012-0b3e-134d-cd4a6502482c@suse.cz> Date: Mon, 10 Jul 2023 09:48:32 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.12.0 Subject: Re: [syzbot] [mm?] [reiserfs?] kernel panic: stack is corrupted in ___slab_alloc To: Dmitry Vyukov , "Lameter, Christopher" Cc: David Rientjes , syzbot , 42.hyeyoo@gmail.com, Andrew Morton , iamjoonsoo.kim@lge.com, keescook@chromium.org, linux-fsdevel@vger.kernel.org, linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, penberg@kernel.org, reiserfs-devel@vger.kernel.org, roman.gushchin@linux.dev, syzkaller-bugs@googlegroups.com, Jan Kara References: <0000000000002373f005ff843b58@google.com> <1bb83e9d-6d7e-3c80-12f6-847bf2dc865e@google.com> <61032955-4200-662b-ace8-bad47d337cdc@os.amperecomputing.com> Content-Language: en-US From: Vlastimil Babka In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: A58431C0003 X-Rspam-User: X-Rspamd-Server: rspam11 X-Stat-Signature: c8j5m147y57n8ueujtwfsx4ypc8k144i X-HE-Tag: 1688975315-510154 X-HE-Meta: U2FsdGVkX18ESm7ribzxceeFYbheV/jviMByjfto55mJiLFsv6ORmWB/6z8N+bhO2ELfHm4PdDNXQmvxw2uFUGz5mWbQf4XD4Y9UcFYIik8AAMqQ1nBZ6gc8WpJuvi6O5Dlt/XBJWBZHIBoH241XkLlAWe9SiPCkFx2/r0BEcBKnCWopc0ufR6BV0kVE9jBdw4jYvotikbYWx0feFOZ7O4mTxJ1wHEF72u8tY2/M1Zyn/cv49JVBs9zY0Yki7H+k1dIzBkYuJHPeA0DznDRvwmG8HK90bui1zg6cIuda4XpY846eLAhkeMhFSlvG1Px/DWztVJq6XtIjHUlgvhGfBEfN854dz7vcBSEtAfwiAWjWG9iIDJusApO4UUJ98m20mtfdUHjOquFCpZVE38/g1qj9L3xNgEHnvsBJMRpn0XdGxZgiUYJoBxEVYAa/IEBhQF/M3uUBZMomJLNOXTvMk0DL68e8fqwvpw+ThFSth4L3w8TfdA2a+OpUWvZdBFkuFhmTh/3Z4zYc9bA0Rs+rEQKtasB0xWQoaHe1eYBEWb0JLeBMbHNeOi0NCAjsLZkj65cnRe26HMHcdpySi3NLo4UAD+IC1y5BhUyoCKl1SY4RwMajX+q8r7ghojcmy7oZwawfKdWR43xFD49hSXV8ZfYFnblZAYf+CFMiYvdTuG99WVfTZVGnB45CUfPpZ9GcS9ZzuvZj5eTZ1h8iFxtmSWwjGS9JCqsdMOzPGRdZrHNokKc++Loy8mXjJZmn0bqtYhu8WPhcUeM+a/v2Jeq4jX6jjMKxqgDHxFbHAM0UPLeZrxkeTs/kx/AE8wt89Ri8dFNRQe5kI5ptYlrGxZFUWPK35JwJO/fckkXXQ8p02Yj+VUlZIIlqyYOYXss+ay2nilDvywwrR6e7A27ZSw+Yin5EoUGh4K0wM+PR6KYXG6GyCyWz6saBT6bO7HaobtuFBS/G9PzItavkOWXIGzc PY/mlPVD sAmwtzykjZKUD7Zr1+2FkP2BQLcYOQzuNVktjCOx7Scw0ZahPxryIDxBNaj8skokZuIazzj04+qn+jXuYPK5TixsjlcQ3R/EUYewMjj2ylrn0vEHMZuMJh4U8IlqUoEfvzqG+Md8LHpjbq3uaciL/5A+Av/GfEM7A0roiIgO91AbfhpKhEiAsf260reFRI/ThnInERei03m+oJ5JYVeze6DH4Fwxot3P813m0V5sCcFB0yzeFt4ylBgfMkqkDZMbr670CY/KWxrejf7GZg7bCaIkd3UrbkbEDVhV9tTV95hABa12CoBi/gInNbqiHMyy+EqVjbqyHO9QnkswzOYhugR6ojWEnyX8wT4jZ2EknNVcVL3BsTUB1LsUUfaj2XTlaik7ES9P96cffAeV04vcdEI7yRhPEccfxDJgEQpNPOJdWFI33W6HpCsUMMnQNaRaRVP6e X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 7/10/23 09:43, Dmitry Vyukov wrote: > On Thu, 6 Jul 2023 at 20:33, Lameter, Christopher > wrote: >> >> On Mon, 3 Jul 2023, Dmitry Vyukov wrote: >> >> >> This is happening during while mounting reiserfs, so I'm inclined to think >> >> it's more of a reisterfs issue than a slab allocator issue :/ >> >> Have you tried to run with the "slub_debug" kernel option to figure out >> what got corrupted? > > Can slub_debug detect anything that KASAN can't? Probably not, KASAN will find out a bad write at the moment it happens, while slub_debug only later from corrupted red zone/poison. > I would assume KASAN can detect more bugs (e.g. stack/globals) and > report way better. And it was already enabled in the config. Anyway this is a stack corruption, not slab layout corruption. It's probably hard to distinguish a legitimate stack write from an overrun so even KASAN could not catch it immediately?