From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0C86CC3DA49 for ; Thu, 18 Jul 2024 16:52:28 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 973E46B0085; Thu, 18 Jul 2024 12:52:27 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 9239E6B0088; Thu, 18 Jul 2024 12:52:27 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 7F62B6B008C; Thu, 18 Jul 2024 12:52:27 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 62E0E6B0085 for ; Thu, 18 Jul 2024 12:52:27 -0400 (EDT) Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id D22EF1C042C for ; Thu, 18 Jul 2024 16:52:26 +0000 (UTC) X-FDA: 82353466692.13.8216D8A Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf17.hostedemail.com (Postfix) with ESMTP id 401704000E for ; Thu, 18 Jul 2024 16:52:23 +0000 (UTC) Authentication-Results: imf17.hostedemail.com; dkim=pass header.d=zx2c4.com header.s=20210105 header.b=Jy+Drlp8; spf=pass (imf17.hostedemail.com: domain of "SRS0=lxjs=OS=zx2c4.com=Jason@kernel.org" designates 145.40.73.55 as permitted sender) smtp.mailfrom="SRS0=lxjs=OS=zx2c4.com=Jason@kernel.org"; dmarc=pass (policy=quarantine) header.from=zx2c4.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1721321503; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=ZnX+WIDhVdVxYVXHFRUIZPNjtj3cNuRGslOGjAQbd4M=; b=FRrekk8B9h8ItBapq1dTaXDbxhJXllaSybIK0oFxswc+Lgr0THVhfHkRHlIyGuiUa1E8K0 UCq6W7LOumCJHTxOBsIRYb4eU3zAH+e7nPUKPJXrCgxb5TzA0sDVFblpjv8VMW+C071u33 ZWRsaBMFmK9lcwJO7usO+Qutv/M0xZM= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1721321503; a=rsa-sha256; cv=none; b=FYdFEt5OzWu62HGPsEt9Lw5YriIg2sFxb5WtP+XmqsFaFF07nVLcj68WGmPL3SOlyPwCVX GZ6M1Zne+4RG+k8zW4Yf5rqrKe0AQdOjSBCaRux9TWpg4sOg5r8lZR7M6w9/MbZj5nvDOu aA87MtP50ZCgRqGlmU7+cwYPzY35/8Q= ARC-Authentication-Results: i=1; imf17.hostedemail.com; dkim=pass header.d=zx2c4.com header.s=20210105 header.b=Jy+Drlp8; spf=pass (imf17.hostedemail.com: domain of "SRS0=lxjs=OS=zx2c4.com=Jason@kernel.org" designates 145.40.73.55 as permitted sender) smtp.mailfrom="SRS0=lxjs=OS=zx2c4.com=Jason@kernel.org"; dmarc=pass (policy=quarantine) header.from=zx2c4.com Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id C2AA4CE1986 for ; Thu, 18 Jul 2024 16:52:19 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 019C8C4AF10 for ; Thu, 18 Jul 2024 16:52:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1721321532; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ZnX+WIDhVdVxYVXHFRUIZPNjtj3cNuRGslOGjAQbd4M=; b=Jy+Drlp8vqhnVyK7eLOwFzw9W2m9y7nQLfasMgjI7wJLcDuRF6IIozSuNW+CWiwUHJWwS8 47C0ZnNcj2p2nfBgIJDqubvOhNtTW+89z1m2GhfHrtmX+xhs7nYmyWJ0XrG4Y7JvyPpwl9 RDEV8Da+4bXEXgcX5MI38RIyif32XyE= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id a0d6485a (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for ; Thu, 18 Jul 2024 16:52:12 +0000 (UTC) Received: by mail-oa1-f48.google.com with SMTP id 586e51a60fabf-25e397c51b2so520978fac.3 for ; Thu, 18 Jul 2024 09:52:11 -0700 (PDT) X-Forwarded-Encrypted: i=1; AJvYcCWZl+fuIxdipY9oAYMIITZX/BtTJsTf90wHANcm7Vs7LeW3MF2ESjpjO9tRNCa4Yt/xCQT9zu6UE2ILdsR02ve3dwQ= X-Gm-Message-State: AOJu0YwqS6qbuDBECPkzHHYbod2Lzo/7QnVN/avE0TpXRYx0sC2vNGTh WxIU6M0hIpHdsofCwBjXvzaY8WhbB7+LL1HH2NZsC1ED5pGCvS0JG+BnqLSmX0j2q9mhEjWpmPI OWgCTWG0FdzEcrDwnLGmMmi4y/dA= X-Google-Smtp-Source: AGHT+IEjjx5WeoBlVvTblOQ5Yroj8xtuhPbFHMfRMdXsd2Iy8to7rONgNEFytjHJi0DWvlUB/MEjgRW29c4x/QEEYs0= X-Received: by 2002:a05:6870:1701:b0:260:fbf6:3221 with SMTP id 586e51a60fabf-260fbf6370fmr1355604fac.35.1721321530793; Thu, 18 Jul 2024 09:52:10 -0700 (PDT) MIME-Version: 1.0 References: <00000000000037cdb0061d5924b3@google.com> <46f44064-255b-4a1e-9317-f4b168706d65@kernel.org> In-Reply-To: From: "Jason A. Donenfeld" Date: Thu, 18 Jul 2024 18:51:59 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [syzbot] [crypto?] KASAN: slab-use-after-free Read in handle_mm_fault To: Suren Baghdasaryan Cc: "Liam R. Howlett" , "Vlastimil Babka (SUSE)" , syzbot , akpm@linux-foundation.org, davem@davemloft.net, herbert@gondor.apana.org.au, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, syzkaller-bugs@googlegroups.com, Lorenzo Stoakes Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Stat-Signature: 1iumghycs494gd84w311rmhk77hukfd7 X-Rspamd-Queue-Id: 401704000E X-Rspam-User: X-Rspamd-Server: rspam08 X-HE-Tag: 1721321543-263547 X-HE-Meta: U2FsdGVkX19/gg8IS0GvUHqvIrzXBhSF1/B2RADfqFQLbcck9DCnEwPoPGrcfdb7pRZ0TyaTAAPAaN4OBiBMUZKn8cKolG3NUTE3jFIJxYzd0D4twjkdj23+CPFBdInDEJATPIW3zdwGZq9fixblLzgmdq+9z9QQOvom/ylv6viJtdxgsWuOyxbznqpnizdgv2ElFj34EjXBV7to4SXXC3hggBgwkQLZEG3b9h6KWfeY1nJxpzo+0jUqSVsKZxkzNOI/YRsl9PVMBaFhX6zVhlz2WZvDgbZ6OZvNWQqVIv7UCHd3H5+P3Yx8TYkmN8qCFWKggJp794QDIYabUtSC2lEbS8LjGCwB8y50nC9e0Fyk2/n2n3h1+iJARNA4r17xkVLLyFfHVW+FqmZ/2DeUgO9JnIh1nc4VIidd90vNHUZyf4t2qH67I3Sfp2YzRaGoI0v4mAhDbYDfFP8jD1CStyIKrBpi1NmGmniIVUSjXSrsEuqkV5l/A08yE/m1PkS2YIOXutj4dWCSh9Hryfu1oTqtvsXNkNW37PJxBVlHg5vpnrVbrrgQqcMdtxvFi3iufr9NzHOKNLCGctEs2yF/ZDKnFZo+BlTlIKKMV9E5TGqWxg84E07J5ED/RysbmxjysPIz7kb4+NEIVZ4kuKyCOF9+go8ffCwIwy9cOMmQhTuMZlJ56xfxOSB2ZYP6M2Ga8ZqwWl9WEe9hgE+bCAzZ6xmUDDQ1asFufP4mxkMwbwxaPdswUgeNH7i5rOh3C2xrbAiTlJz6aiYJD7cq1uRZGx+6P1UhCa0+iVDrtLSHXg7v4obV5pbll1JTbRsQy5u/QKnE4cXobSR5oWC+TTZo/yvyfAKu9MV4QfjQ6PtcDLgElZEvIszSpSoW8XKowJOkAdMhM36t02DQaaSqRC/nma0IAYx4XaNPkiaV1jIFQ9mIUQe2eC1ANooVZuVy/CpQKAg+TJMTNt2Fya2YpkI ScQLIF3o Bti7L/sUa2KFH5qvor0keXk3gxHDxYfo3GJ41Lrir1aOnpksTmKK2GlldqmmrkolatXaex96Hcb4aLToqAl15qqUm/n0EUUZayeq+UIaKqpleiH/y2u3YmLypJjAmQpzG4bJFSKA6jL3jIem2MoHgzRPSCowz45NWijxQUQiqw8T1OycXidlqGO9fBCD50a40vcSGoEmMB6UaZ61ChuqIjtX3z5ypP8kOHuaGK9JPZbAruDRsYDl7BwjFTMsVAT3sPdLR3SGMiO3FRCvYJV0fnvXcT+MpfMdS/s0ntiGhTqkDVhsfZzZqTERTh1Cz+aNCdHik4a3tpWmp9J8FyQH5nhKBg7oR/YKgQkFWsOrD2jwewYXs0vB5k5F/lge0pTHNiNw3VuROWCboTotcwhiocfTWy/Ffx8+VEPKWO5n8dBI08U2MPQNKgcoje686lJHE/aPBacN64kPr1rvxtJL8MA7JLYwMRgi76j+u9De6ypzIZTTL33WkGvPMaz33NDBETwfF2DkltiLHRqDjg4tjM3O6JD5Qh4cU9lNXqy3Q+4I7elEpU3YH5LEptUefskWt+FCSHhP4ph3hiaLZ8bGRYl0uGGP52Oj2I11UhMoM9sMkxA3VMsglX54Xidj3YrUJwpJKpSOpzAlau6w= X-Bogosity: Ham, tests=bogofilter, spamicity=0.065712, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Hi Suren, On Thu, Jul 18, 2024 at 6:49=E2=80=AFPM Suren Baghdasaryan wrote: > > > Warning: It is no longer safe to dereference vma-> after this point, = because mmap_lock is dropped, so vma might be destroyed from underneath us. > > Better but I would change "mmap_lock is dropped" to "mmap_lock might > have been dropped by __handle_mm_fault()" because mmap_lock is not > always dropped by __handle_mm_fault(). Technicality but better be > clear about it. > With that changed feel free to add: > > Reviewed-by: Suren Baghdasaryan Will do. Thanks, Jason