From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id AC4F9E77173 for ; Fri, 6 Dec 2024 21:30:20 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 449006B02F5; Fri, 6 Dec 2024 16:30:20 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 3F8B66B02F7; Fri, 6 Dec 2024 16:30:20 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2C0A36B02F9; Fri, 6 Dec 2024 16:30:20 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 0B1D66B02F5 for ; Fri, 6 Dec 2024 16:30:20 -0500 (EST) Received: from smtpin18.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id C50C8160599 for ; Fri, 6 Dec 2024 21:30:19 +0000 (UTC) X-FDA: 82865827380.18.66C01DD Received: from mail-ed1-f44.google.com (mail-ed1-f44.google.com [209.85.208.44]) by imf05.hostedemail.com (Postfix) with ESMTP id D6F53100009 for ; Fri, 6 Dec 2024 21:29:44 +0000 (UTC) Authentication-Results: imf05.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=rCcBcgHk; spf=pass (imf05.hostedemail.com: domain of jannh@google.com designates 209.85.208.44 as permitted sender) smtp.mailfrom=jannh@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1733520601; a=rsa-sha256; cv=none; b=e7sDuMa05HQNdF33a4WNauZ5PWeTqWjEILqzaIzhQJP7wPAFIfUyon7WnLtXfBoicZYZB0 /AU8zy0xIdC1vPmZ5PKai9e9coyjhTYYvZmdM3BbKGBQedF0c1GNfYPvN7LieukRDjya2R CNfNovUuDDYt62KZA7Bue4d7wEKMvg0= ARC-Authentication-Results: i=1; imf05.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=rCcBcgHk; spf=pass (imf05.hostedemail.com: domain of jannh@google.com designates 209.85.208.44 as permitted sender) smtp.mailfrom=jannh@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1733520601; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=3kgpYUosD2lb2XE22vygZ7rHIfhQpNZQ3tk37vvCnIg=; b=enaYVamBBfhbDwvky1iYFVzv0L7Q8U1kUzFG5WiGNdXiwMU1r52mOJzT4u9kJ5IPAVZ4Aw jMInaslibmqEzRK81MmNkb6h2VGdKRYlW+6CP999B85UtrPqxKsKIuCaYCHXJUCzaknlZm dLP5yYlouP7v6DMdS16fHxN6d9iyzFU= Received: by mail-ed1-f44.google.com with SMTP id 4fb4d7f45d1cf-5d1228d66a0so1816a12.1 for ; Fri, 06 Dec 2024 13:30:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1733520616; x=1734125416; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=3kgpYUosD2lb2XE22vygZ7rHIfhQpNZQ3tk37vvCnIg=; b=rCcBcgHkPT1poSC1Z9Wl4kA4nN0D9JzqSK7pXvB7IVBz4PfPXsXgp1bl8pl7kjjrTp Y3eUGWHMwjDuKKj20Jq4wp85fYGAjO9tAlcm1w+NgIRmtIY05g5YLmefWO6Enp+K/qXI sCgBML7eKJkhs+t0vTqgQhc+xS/D9s19BU6VfUmYgoqgCSmhPT5nGM3mn/EW1eV6h0KR Jz/aCgLvF2Yopi8HbPB96pUX5KZ1GjSGqVREcu8NUaj4iZZREEBDSypaWuHMqAMOvtxG htC9mkTB1OVSrfZ4RIEcHpPcmq/Gis97VfnkTzryshc/5RRY+e7pjhc1jLBsJQQyOnf5 7xiA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733520616; x=1734125416; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=3kgpYUosD2lb2XE22vygZ7rHIfhQpNZQ3tk37vvCnIg=; b=oYZKrFYi+19wYq3AcaGVEFkInNieqXdrdDf81cfAdsIFLZqUJXpn8f/dZRCi2eSRAx NIpIBZjk8BKFdbNADEuGGSor3aXHtRoeV3iBLpjpy2i3hvXUonCsyTXMl0rPUpWJ3fOX vNwW9m2XtQzfNLws/tESwbGPDd96vi4UrdncwOlzKnUUfTFrqQbbab53Waxd7ocIvqeJ dHLCwqYckSmTWuF3M3AiflIZmsr2DQwdwDyuqFYgXIRzgVWH96YsxiR9/O8d1hy+oCAO cQNYTBpgkMnomLaKPCFFA4Yp06I6pgyUk/w2vkuTTc3ag82ZjOKyTvLBTbXfnnu4wQM6 Nt9g== X-Forwarded-Encrypted: i=1; AJvYcCXP6WwWR8tin8tacwTU2kNKe90LOuC1sI/U/MDPWfKjAICQX9CSg873N5NKobAvMgcAJQjzgBtA+g==@kvack.org X-Gm-Message-State: AOJu0YzEEmTSdcD6awHmXfVQUst5mVk5TJEsvcQvCfEowafjAAg1AHJq x2hkoYyZExWhtNEcROB6MKOjOGTKZc86kqpU/kwvwulXcOcjW2bz2EHyrGKQqOaG2wZtJ+xfkVM dK8BVBfAhCObpvVuckuvF2mFCokm9vq3h9L4D X-Gm-Gg: ASbGncviJFIxdXplfZ3B9eh7CZ+VJa6Gqh5S1HEBm6yQ5gJAsZmz1V0vt62O7AMVSxI P0uRvzhRMUAHCxHMY9nef+l1EcgPYamk9opVGwLu3fmngjUiv0Eu3MK6UbGw= X-Google-Smtp-Source: AGHT+IFWnDDQmnmvfkO6/SohqfCNYuLCsZUVTQgItdbQlZHAO7yIWKPb1liIghwjfOO3wQE6bHfeZFVP5pCQXBm7tQQ= X-Received: by 2002:aa7:d507:0:b0:5d0:eb21:264d with SMTP id 4fb4d7f45d1cf-5d3db4b972cmr14299a12.1.1733520615774; Fri, 06 Dec 2024 13:30:15 -0800 (PST) MIME-Version: 1.0 References: <67536a25.050a0220.a30f1.0149.GAE@google.com> In-Reply-To: <67536a25.050a0220.a30f1.0149.GAE@google.com> From: Jann Horn Date: Fri, 6 Dec 2024 22:29:39 +0100 Message-ID: Subject: Re: [syzbot] [mm?] KASAN: slab-use-after-free Read in __mmap_region To: syzbot Cc: Liam.Howlett@oracle.com, akpm@linux-foundation.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, lorenzo.stoakes@oracle.com, syzkaller-bugs@googlegroups.com, vbabka@suse.cz Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: D6F53100009 X-Stat-Signature: 37m66q7w4enpiumqqpjx3wa9wghp1bg5 X-Rspam-User: X-Rspamd-Server: rspam09 X-HE-Tag: 1733520584-642115 X-HE-Meta: U2FsdGVkX188YTcOGhLBVXffpdWMfddTH+Un+fW75LlAo/P2nMX4nk6ZzFlN1WeEK+e4ckvzb4idtETl4tDynxQX77u99+TJi8b0nq8h9pcWWFnpS/8pCFdBGFUUCn9c+D951q6KmEJDrfUftJHW5FVDB3lEyjzAv2aqhgdgpxcaVL0DjzOlHiR4l4Z4E/HZZQalxAA8/0lHvGMFdc5YjJwqlfA9erWD0xdGkJqx7McpuEMYWx2xwXWEymKQTsq4Jg45dtzAhWZGWvMeV2J3FUh8TOrkBIXeP/0jNGuaJkWaFt5d6d9fhsrmtDkbWnvd35vKjE8tmVTEeLxTuEPFnYNFoGBaoq5G23ClYm68Cv91fwbcCi2W/zc6lusaGnk/47HdkzCaIoBEVikxcv4r0huZKvfvrsbhKYElwFi5rEBxOdZcaKVNnN/vfoZzvFSX7nZUIWRI0bJ4/eb2UAAlIZJxO796rKHZL1WH8/2RedNEu64rsgPxfrTv1FfyHY3rSkNojvpB+93gX3JgJ2wxrjsjtLdPk2TnBN8h+U0b3Gxyjn7Q8prL2APOWTVegKEgAfAvgeyh847BErmBpz52Sz92O+bXpsHPyjSkFIFpqU5WviszN8NUnmF8VXrkdf/PkA97qhwRhImIM/zqEA1MdAecpD3CB13sh3t5Lc0wQLNZf5Xfw1RcCJ9O45TUPUchOFqWU0BOeB1iMygebaukp+Iis/ro6eqy70LdSJbgXy9hZt1kqqapojfD89eyjuOO2lJ4CNsZHfdPXo/87ata9O0bOMubIQiIuk+RFB3Prhc9f6nADvgdawx/0oJyKijLMjzwhuZQB/UPqdsio1oXg4gQekB/3C/z+CaU02P1VP9f8BNy1aH4Q7FHuvQO4ZBOXy/st5hfBQE5l2RYHxy/731HVDomEt9NgFQLdJg1MmQoD0q1PzeZBG/H6YX8HePgUtM2ltEkeu0Le+1x8s/ jbjx/8tS ZamvVXk6BKZi0XxM1NKmWifZdib0HxsmIkHOLjlYTu8pJmj3b1m2WVQnINtpBgVpcqVkVA5JFGGFPTqIV9XCb5w08OGlChFyZTBcKvoFOHro1L3jLoy51bIqj09w/CyiDDzB/vN47rcGHXaDDbhjf5ecG7QIpy5VaLJ3PMEMRCRSIXvmZmXSaZFjbqy7t24qbKgWiGc4meACTO1o8xA6ikkKggxKr4JI+VUTC/mmfCwEW3Zdka83mnb3R1pNhzOJEc+M+C0WMfuGrpMaFBc+83BjJVv7EzPR4wigkcyw3S7HfAtDwaSizCD9iMbq+mihZvAX4b3NTQApJHjHFvKr2XyR6/EeNiY+s2Qx9V0TKb3MIJ40CcWUhKn+IlwxV5GlmeGqXU6NkYnlXGBIfvNdqq5+Gs44pr8S1FgRFRPZ8446v0kW8Wp1MmLDvtwM0I4/MRzUBTKhJVAPRPoa4ayi2ZB//k4QdyXZKTc4pz9SRHXhmjh2sMGPBEjQwEQQMOVsb5xoDNTOX512CuqHX+mVobfFl8G/SFHgAJ74oklgk92fHOg/C4GiRZqLsQ2O6LO0kK301Xd+MkO8IhyqbjJ6rMlrlckw1lZW4vIIQSTo32LBSkIt29fsxKH9Ekbqrt4wf+WlLSDIqKF475G8KBaSpaMxgtKFeOCCx/SLJM8hwe81MRIPcrAzkdugq+N0eTtpEY23bWjdeBlWhfFmbCBGcqPT/aR8DS1UozBEKOj3lz293kyux7S2+ESEu19PNIgo2m4dTKFZctF3fxTRk48TVRmUdVPeNou12De86xDXOmUxZ6wIh2HpscPGRZ8W49vEaPXV+Q/shqgM4PsVeYCAbOmSQLIXSGH5BUZ+X X-Bogosity: Ham, tests=bogofilter, spamicity=0.000964, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Fri, Dec 6, 2024 at 10:18=E2=80=AFPM syzbot wrote: > > Hello, > > syzbot found the following issue on: > > HEAD commit: e70140ba0d2b Get rid of 'remove_new' relic from platform = d.. > git tree: upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=3D1330033058000= 0 > kernel config: https://syzkaller.appspot.com/x/.config?x=3D50c7a61469ce7= 7e7 > dashboard link: https://syzkaller.appspot.com/bug?extid=3D91cf8da9401355f= 946c3 > compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Deb= ian) 2.40 > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=3D124130df980= 000 > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=3D10a280f858000= 0 > > Downloadable assets: > disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/7= feb34a89c2a/non_bootable_disk-e70140ba.raw.xz > vmlinux: https://storage.googleapis.com/syzbot-assets/91f313d8125b/vmlinu= x-e70140ba.xz > kernel image: https://storage.googleapis.com/syzbot-assets/a9bdf286943a/b= zImage-e70140ba.xz > > IMPORTANT: if you fix the issue, please add the following tag to the comm= it: > Reported-by: syzbot+91cf8da9401355f946c3@syzkaller.appspotmail.com > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > BUG: KASAN: slab-use-after-free in __mmap_complete mm/vma.c:2408 [inline] > BUG: KASAN: slab-use-after-free in __mmap_region+0x1802/0x2cd0 mm/vma.c:2= 469 > Read of size 8 at addr ffff8880403a6118 by task syz-executor239/5461 This looks like it was introduced by commit 5ac87a885aec ("mm: defer second attempt at merge on mmap()"), which went into 6.13-rc1? From a glance it seems like the "vma_merge_existing_range(&vmg)" in __mmap_region() needs a "vma =3D " at the start of the line.