From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 20C6AC47DD9 for ; Fri, 23 Feb 2024 02:28:05 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 5C3896B00B4; Thu, 22 Feb 2024 21:28:04 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 524816B00B5; Thu, 22 Feb 2024 21:28:04 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 3C5E06B00B6; Thu, 22 Feb 2024 21:28:04 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 292EC6B00B4 for ; Thu, 22 Feb 2024 21:28:04 -0500 (EST) Received: from smtpin04.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id BAA741C1315 for ; Fri, 23 Feb 2024 02:28:03 +0000 (UTC) X-FDA: 81821483646.04.EAE3FCB Received: from mail-ua1-f48.google.com (mail-ua1-f48.google.com [209.85.222.48]) by imf27.hostedemail.com (Postfix) with ESMTP id 02EC14001A for ; Fri, 23 Feb 2024 02:28:01 +0000 (UTC) Authentication-Results: imf27.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=pnFqr6ww; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf27.hostedemail.com: domain of yosryahmed@google.com designates 209.85.222.48 as permitted sender) smtp.mailfrom=yosryahmed@google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1708655282; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=G599Re+DX8kwTwv2XQ5CLe3FZcmeYPpxEjeoRcafNNc=; b=wYXcy4vhyTo/KuDVPquH2Jo840kUpg6o/VIhmimg5uoUJz2w4XooYuNAjENj+Q2lz8TIzB iNvGVNhg4UPjdZ6JkJLHsQ3Sl37uM1X/f/gVnZSltFF1FwpaTnCU6MBINDtG5sGixybWkx oCIWjwOMPogB2Qqzlk97eE/14aqRxlc= ARC-Authentication-Results: i=1; imf27.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=pnFqr6ww; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf27.hostedemail.com: domain of yosryahmed@google.com designates 209.85.222.48 as permitted sender) smtp.mailfrom=yosryahmed@google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1708655282; a=rsa-sha256; cv=none; b=r84BwpJIz9TR7q2IeUgvNDow/nU1Cuc6XunQwiZsNQJl1iXzDK6tMvyVkWuo39rsv/ldf/ zlxSbtsquYfvuHwknQREnFD3u7y0B4L4fbmo0Kxa4+LrfbdgMx+m/rs6Mm6rUw1oaDO6tv KAbSlk7u+dpJDUBh2X2WqUAaheK9Rv4= Received: by mail-ua1-f48.google.com with SMTP id a1e0cc1a2514c-7d2a67daa25so231736241.0 for ; Thu, 22 Feb 2024 18:28:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1708655281; x=1709260081; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=G599Re+DX8kwTwv2XQ5CLe3FZcmeYPpxEjeoRcafNNc=; b=pnFqr6ww+hqJ+6m41ountM+vLB0cHk3aVXfK8LI01DMEMCSKpPezHat1Etu44HN8YI bfEpTNBp+j1F/PyjHJCJWfKkQb0Abe6PezP0DO9IiQHWvdBT3UenfK5SCFT5cFAFtTiF GKSIrQMY1bp8lsPQIf57JVVyHD7rjSqO++nGjUglh/DSlirt4RjznkWvQsJ8avIPWXBp tBHIh36xBaJI6l4E+iCG5Ov1fxcfsumLJIDrjdvVBSaH9yXR1YP9ybB/TDYNGcswFSrP Gv/6EhQ7h1imoJEa8aZM/WRjVjmggSm9KnKfVZMwVLoHWekBAZ0Xom5tL3hoQo6DV6on tn4Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708655281; x=1709260081; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=G599Re+DX8kwTwv2XQ5CLe3FZcmeYPpxEjeoRcafNNc=; b=pxFNY/PWhUrIMSdFA/OdtAgDs9HFOvefHgQ0OSSre+Go/jtHsAf9fY9CHt7xqtgl4b QZZfNqvQ4LI/l6N32JQqx+AOWuPQDB43AitxvHmIEwUnf+XvhUgeJbJm1AcQqOwFxI8X j9By3jVkl0RrOG35cCofdEIuikSvwYAp9Ip9DfbP3py3QgiLCbbRaXhSR2Zc5cS2iqP9 BUDRCu714jznEAXYbAXqsJJ11NJS3qM7nQ1TAsvyyjguzQ/wSyC2u8hSVBgUuqOXe7HA bP8G62dzWM0rKMJfJ5OdGa9NS2l5LSk3Eh1VoeZ02qBK8iaH1MgzsiO2vymMQjXoaDmh EFnw== X-Forwarded-Encrypted: i=1; AJvYcCWIclk3Vl7PMP7K8w9Ulbrs05PCrqujfN5YTYnCibeJ7Q0q7vY61AUyJo3ZR4BZDLJM3Oy3zcdmXiQVj9KvMMo17IQ= X-Gm-Message-State: AOJu0Ywi0vz2Ds4mN7JMBF5aeuSJREk4kHT8AkJ6wS1Esr8QraGKtGBm Epy5f3c2IzxMjaF/M/qnxdm9cMuh8sfEMXzI2WoXTzOb3dyT0bvaoBhUwrRfoSQy2EPZ91FXAjF av1bMRPIzc9+Wd/EdzjpJGnB3I7Lk41EmCvI6 X-Google-Smtp-Source: AGHT+IE/zgpJZXARG/mmnXfJYIcfkxqRYqr4q0x5R5khT/IKc2UKBxGSXD8VBk/Qvg75E+Dr1eGV+ideSBXnGU6U/ak= X-Received: by 2002:a05:6102:1274:b0:470:42d2:a678 with SMTP id q20-20020a056102127400b0047042d2a678mr718075vsg.26.1708655280902; Thu, 22 Feb 2024 18:28:00 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Yosry Ahmed Date: Thu, 22 Feb 2024 18:27:22 -0800 Message-ID: Subject: Re: [mm/page_alloc or mm/vmscan or mm/zswap] use-after-free in obj_malloc() To: Tetsuo Handa Cc: Johannes Weiner , Nhat Pham , Minchan Kim , Sergey Senozhatsky , linux-mm Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 02EC14001A X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: 43tcpx5zx49nwrak7toir1oyd3nicn7q X-HE-Tag: 1708655281-315821 X-HE-Meta: U2FsdGVkX1+jbfKaaChVAssWKtVb8KiVDGlsTTHhMYzdzCiKDCC8wk0HvdZX7ur2q7CI0BIwdNC5p8z+84hV+tBzm4YS93rqZdeOnSO1UK79JWmgwg6TGr1+75z4JURCdGGtI4RZKhCmJgnviAjY4gKo9mlDSqcIRiZq+ZdtJ8XPzRq6dq4L2N1ryLKd4wpWLl9aB+/VMJULYcyLfvbDFvIewgcZl0HSJjoF5Zguyug5M4AignJNTkYcLmtEchSSOUKB9C7QEBgDjvIsIQGs4ZvYX3eu9HoY75O6oSnpTeXgEd1/8ZVHZs2AUq/YdaRsNmzPBjQu59vKZDpHG+rOIJED19xhdmGI7AaxksEjsw1FvyL+lnqXrDK8C86DS/p0pWlYTEKQcUu/GBb4NLSMEJBhAZ5XGsKHXx7kwspo6AMSEpUJirHxZueZfO/JZrA824IxqIrQSq0REW6hAeegYfpTLC4aTdHPx/CqzkMA+tNol4kDKIHneD3Lh1GVVNzBq36S0T7a4ycIiXz+o/bJSYyuwpC+t4A8/X/peAKCYFjFa1hrjXGp3seLVq2y+hFZXuZEZ7vahTXqr0eg9Tuyn2CmItIPhhhwOWVV/U1TPvBobKOSD6aZdi6HRj+PEIzLMHE13tlvbFgt57VpgSjzXzIYjRbH61LvW3fnH6RYPfpgB9jQYtcrC+lUTrOIAqFPHly33satJm3Z1Yrgu8QO5KjfL3z1hmvJSeslR2Zf1UcqRWrZATcKtQRK2szpQbc+1CoDQWbDA5nW+3ZKkN6uYpwK5pzJFnJ9EM+ljE6hmIMoNE3JAoEdOg1q6Az8JRkH8ng5GsN6S6gmzdSVHk/IFYZOFObRrMJMirZu6VMfO97BKk0mZXImgr5hLjveaaDftTOlimWXmqXAEYFGPqE/o40rvrMD6BFUcAjsHn32wLNsATsqQF+WhaoXLk+kaYd5U4ZRnL6S9Ph4rAcENBq +AC9RgX3 rrkOT1UCOwcHFLa6JS9/vmtOuK3ddI49c2kxH1VO8Z+ErgtJNvBnM9Laiam8jbp2BBLz0G81MOSlBXWARhkYsiOUc9TUTHiDIqsGclsSeh2c3bGq/rxmmELpj60tlaRbjFOIIVg3sQbU5kbEf5m24UKrbd83OCtKjJmpJ0IDWy2evdKLOCAyih4+ZeA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.021759, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Thu, Feb 22, 2024 at 6:10=E2=80=AFPM Tetsuo Handa wrote: > > I can observe this bug during evict_folios() from 6.7.0 to 6.8.0-rc5-0016= 3-gffd2cb6b718e. > Since I haven't observed with 6.6.0, this bug might be introduced in 6.7 = cycle. I am not familiar with KMSAN bug reports, but it seems like it's reporting a user-after-free for zspage->freeobj. The report says it was created in free_unref_page_prepare() during lruvec reclaim, and I am not sure how that's possible given that zspage is allocated from the slab allocator. Perhaps I am mis-interpreting the report. I also don't see any recent changes in mm/zsmalloc.c that modify this code, so maybe it wasn't introduce in 6.7. I will defer to Minchan and Sergey, I don't think zswap is an active actor in this bug report.