From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 12A88C2BD09 for ; Mon, 1 Jul 2024 15:10:54 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 959D66B008C; Mon, 1 Jul 2024 11:10:53 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 907956B0092; Mon, 1 Jul 2024 11:10:53 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 7F6136B0093; Mon, 1 Jul 2024 11:10:53 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 60C4D6B008C for ; Mon, 1 Jul 2024 11:10:53 -0400 (EDT) Received: from smtpin19.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id D45BDA1C90 for ; Mon, 1 Jul 2024 15:10:52 +0000 (UTC) X-FDA: 82291521144.19.6EBF915 Received: from mail-wr1-f48.google.com (mail-wr1-f48.google.com [209.85.221.48]) by imf29.hostedemail.com (Postfix) with ESMTP id 5CD4D120008 for ; Mon, 1 Jul 2024 15:10:48 +0000 (UTC) Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=WKbW1RnE; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf29.hostedemail.com: domain of andreyknvl@gmail.com designates 209.85.221.48 as permitted sender) smtp.mailfrom=andreyknvl@gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1719846633; a=rsa-sha256; cv=none; b=GHwMXQBljZxmLv1P6JLkDGrPNs2w8BsIGumjRtIwmkGr4yo+ntuhLE+jMACbQeWDBZQVro 5yxGhsNDJtSY0qY8/IHPtz7RmRqdPWNgDwM/VaE3+aOYhF+/XIaLBaKDRfyR0k4XpRjCIj f3llQXBCvpmDwbi/gjlibSx7LXOoBOM= ARC-Authentication-Results: i=1; imf29.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=WKbW1RnE; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf29.hostedemail.com: domain of andreyknvl@gmail.com designates 209.85.221.48 as permitted sender) smtp.mailfrom=andreyknvl@gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1719846633; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=+uoqJDE8Nxw1jtvx0c3KsBxMhbzIR8G4P8HBgB5+rOM=; b=DUuIDybyNiHT0znWziD5NZR29LH3SmmjUgLtCNRae5ynSwc532OM6/j4jPEtHyzCmLzGb2 CTw6BjnCrVuHkdaaq/YwoFw/6cI9pm+GPPWM0iF7emJe2YEyd3gBwxY2PTWS/P+K+61zmZ WswfYZfIl+LUxO9n7jjuTyKgixeUjsw= Received: by mail-wr1-f48.google.com with SMTP id ffacd0b85a97d-362bc731810so2528212f8f.1 for ; Mon, 01 Jul 2024 08:10:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1719846648; x=1720451448; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=+uoqJDE8Nxw1jtvx0c3KsBxMhbzIR8G4P8HBgB5+rOM=; b=WKbW1RnEMqLU3R1FpyHhfeeO+MtzhLb0cYnFEmVPGTuAVRAI6k7FXqkDIjp7J/5AOM +hCYI4ndXWxiFriD8QI7TWwAlTxV+mw7tqN/R7rwjDTWsCPmpcmZ9U8vmq7mHwIY4N87 U1J1mMn/qVO7J8PvnHsYBMdMjzechaFEUKxxNN//aIy9phsww+7txrMtcfDk08tpK+0o e1yxxDyDvEKF831Y3x34PRfQL3nAdVTT5WvRrcHIDFYQ17Fs6Dw6UG8SVaZKR3z+MkD5 nvD7TqlLs/4awTyyHpuQzYRIzoH575YDDslstrAX5kpTH7xXKC1B24mDk4JELsnwuXT0 yBJg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1719846648; x=1720451448; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=+uoqJDE8Nxw1jtvx0c3KsBxMhbzIR8G4P8HBgB5+rOM=; b=iXN2OGUH2PVbN3YNwUbwcjkIndLvyzfb+c8SvLCfrwg/0E2Felvs1hfqbCRZIPvgS3 rf5swtw6lESkEvqM5bavTpuVi5IoXkIgC3TVLKdti0GF0CRAdn3i2yrtZxj9H1KF68hv qA6qmOj8IrV4gFzHgcGW0xA2Ebbxc0oZq31qL2rk+eLxJgHSHG1Sp8E8snaXl2mDL5e9 GBxhExDtV+RNUkMdsC+WqiHFlH0p86fVkwTTU9+QKCFStzCsV0cWlxKHEwoWOROEVi3Z VLAX9IOQxbYOdVckMEOJMQrjSrTEJ5xPrG1umog8wq+NSMu1dsSOsPhTpsu3BddRc+kf OPkQ== X-Forwarded-Encrypted: i=1; AJvYcCVrI4KCtw9pekrUqnL27sIDBo8HHKXKPRLCXVypKTjHABH7GF10/gDgm45T9bxu6tJTCJz6tNauOKxO3d1FHr+sjNI= X-Gm-Message-State: AOJu0YzzK4Emw7C8QJvmt1jqehI8eDaBze2kW2ND0sFpKxXHY7DGIBg/ YTJIMryQUNJ0/+RtDQpFAAfvKeii4AhPlGDRGwammSe0u/pXkj97GMGQOEi7KWwmkjUx3+ICEHB 0Ad/6uwZ0/daee18/7YMkU1Us6pU= X-Google-Smtp-Source: AGHT+IGc72XD55WEl/AAXhjjPb5Fe8Oc4tulGp5x6JseNK/GEV+axbzxLrfzaoTk40G738LiOZMa7egHbSVz/yhpWzo= X-Received: by 2002:a5d:598a:0:b0:367:434f:cab8 with SMTP id ffacd0b85a97d-36775724938mr6201368f8f.43.1719846647160; Mon, 01 Jul 2024 08:10:47 -0700 (PDT) MIME-Version: 1.0 References: <000000000000a8c856061ae85e20@google.com> <82cf2f25-fd3b-40a2-8d2b-a6385a585601@I-love.SAKURA.ne.jp> In-Reply-To: From: Andrey Konovalov Date: Mon, 1 Jul 2024 17:10:36 +0200 Message-ID: Subject: Re: [syzbot] [kernel?] KASAN: stack-out-of-bounds Read in __show_regs (2) To: Tetsuo Handa Cc: syzbot , linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com, kasan-dev , linux-mm , bp@alien8.de, dave.hansen@linux.intel.com, hpa@zytor.com, mingo@redhat.com, tglx@linutronix.de, x86@kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 5CD4D120008 X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: 7udg5mrod3fupy4nkriicdjxksmt8af3 X-HE-Tag: 1719846648-852861 X-HE-Meta: U2FsdGVkX1+32EtkzMzrk2Qni8s1iv81CwA7x60CRE/gDJegJz/4XfB9EjpBq9hpl8EWtvkEW1m3w5VfxXrPD65ct8VtdFwa2HiawBToUzap7qKAofFBPFSALSCz5N2Qtp3hGyaHzSSQ3PSC6iqUZCKiNlpJFV6QJ1qYwVXNM7sEALm3i/JiVZaH8ClSYNmwidC0PPr10g523otafXvvHbw4vj+Qc82vcKdIedNWSQbDHe6mr9QS3ncJxpJL1GwbH4cHJREyvkor6jYoDK7vUgTuRrFsAuiEDuMvwk9HGsbiQSFG5kKXNSu3qQAoKukcwS9p+SX7Msddgw2yPqriQlRnDsaORswuG9ccMmiOaPiFYZJgxLm7uo48KstxvHO3ifYMjn3V3ebnZVdBUncekosEjh2ZtGzomJst/tVnLnRmDCHqdwX6/d3nZ+Q0xEEYQn8rFC2dtkoyUx0V59xHxiTEyzStPnotSeo5MREncjrmyahVwgJH6V8OFZ/rr7C6Wwucg3cJbtOI3U5XWhCpDtUk+6koIL+iF3UQRnI0PZBnRuehvXkd3HEg2Z6d9qm+YfNA4OEHr+e800q7V3XW0YzJdiH3WSCCKOp1t8QlUqh+2hM/kiRJnoVBrnVjwBqsZoopx+5enN1hLD/3FhE2yq++PtJmpj5zgIIp988Qp2scUfA99vMEW92iU7Lzt3BKvkkRk8vqcLZHEB4z4pj1q7fBn09cvET/cHso+fwMXUYWU7FhEp1awGnzosb+DyDJKznrSB/wXBEcNbVIMa9NLRi900zsK8gQfBF70tZ5tWHwXdbnLSh0t6m0XyQLf6rxI9qwOL+MTzh9c3Y+YDzm0I2SStOhYFwti7V+/uVL0l1Wqr3dW9YP223QpA1xXMpeQHKvgeCuWZVLJ5ATWObug96dgLyrD4Qn4wRtbmNI8S3gNiiRZbFNOY96+yI6ec6Em7k9iRNlz2PRg2JzfjH DavEaIyk BFeFo7Ngp3/0WFvKa6/oxN3kcOYQzKwbw4+xtWzAw3+I/U4ANLqp02gJOKOJRNrZ+Fi7cnlgeMBW4lvG3kD+6GQ3tcBW08wXPt5sywVEcvlQJni4Yfh0nWz0tEgz7BfjCcg3l+y5Sa8nkys1mDDuilEVnFsR2MwUFWkXbHIi5oIN129Q/YIir4tQNGVcTy5alsUTEx105u8OhYL62yfZeM774LDKH3sBnDBvZmcq0zlKv6jfnpVWEvUAkHUUwbg5x7cPoPwmZ5UpNQF1P0SHblopONpi5JdEGGtc6PYaiCWg0rw7+PVk2muquFYFOrGIT76CV5OPl66FdapgI0iPwaX09lf8NKE9QLhGCerkfHtNoQQcXBY5AhdXnSKbSi3nBJgi+RWPvNcuOZksbcbpTjuxzrlPkXR7rhhajCYszOYkmRahGzB9o0ioWwup1wmOhKvuuPzyl+bd8JyWATxszWXiG4xcdN7wu8UdVtfYxUpXpO3/Tq11PZejw6pbcaWfbHa/y X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Mon, Jul 1, 2024 at 2:43=E2=80=AFPM Tetsuo Handa wrote: > > Hello, KASAN people. > > I suspect that KASAN's metadata for kernel stack memory got out of sync f= or > unknown reason, for the stack trace of PID=3D7558 was successfully printe= d for > two times before KASAN complains upon trying to print for the the third t= ime. > Would you decode what is this KASAN message saying? > > Quoting from https://syzkaller.appspot.com/text?tag=3DCrashLog&x=3D119fd0= 81980000 : [...] > [ 229.319713][ C0] =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > [ 229.327779][ C0] BUG: KASAN: stack-out-of-bounds in __show_regs+0x1= 72/0x610 > [ 229.335174][ C0] Read of size 8 at addr ffffc90003c4f798 by task kw= orker/u8:5/234 [...] > [ 230.044183][ C0] Memory state around the buggy address: > [ 230.049816][ C0] ffffc90003c4f680: f2 f2 f2 f2 00 00 00 00 00 f3 f= 3 f3 f3 f3 f3 f3 > [ 230.057889][ C0] ffffc90003c4f700: 00 00 00 00 00 00 00 00 00 00 0= 0 00 f1 f1 f1 f1 > [ 230.065961][ C0] >ffffc90003c4f780: 00 f2 f2 f2 00 f3 f3 f3 00 00 0= 0 00 00 00 00 00 > [ 230.074059][ C0] ^ > [ 230.078915][ C0] ffffc90003c4f800: 00 00 00 00 00 00 00 00 f1 f1 f= 1 f1 00 f2 f2 f2 > [ 230.086983][ C0] ffffc90003c4f880: 00 f3 f3 f3 00 00 00 00 00 00 0= 0 00 00 00 00 00 > [ 230.095056][ C0] =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D I checked some of the other syzbot reports for this bug, and this memory state part in some of them looks different. Specifically, for https://syzkaller.appspot.com/text?tag=3DCrashLog&x=3D14293f0e980000: [ 1558.929174][ C1] Memory state around the buggy address: [ 1558.934796][ C1] ffffc9000b8bf400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1558.942852][ C1] ffffc9000b8bf480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1558.950897][ C1] >ffffc9000b8bf500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1558.958943][ C1] ^ [ 1558.964569][ C1] ffffc9000b8bf580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1558.972613][ C1] ffffc9000b8bf600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 This is weird, because if the metadata is 00, then the memory should be accessible and there should be no KASAN report. Which makes me believe you have some kind of a race in your patch (or there's a race in the kernel that your patch somehow exposes). At least between the moment KASAN detected the issue and the moment the reporting procedure got to printing the memory state, the memory state changed. As this is stack memory that comes from a vmalloc allocation, I suspect the task whose stack had been at that location died, and something else got mapped there. This is my best guess, I hope it's helpful.