From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 1D9F8C5478C
	for <linux-mm@archiver.kernel.org>; Fri, 23 Feb 2024 05:23:30 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 90F516B0071; Fri, 23 Feb 2024 00:23:29 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 8BC6B6B0085; Fri, 23 Feb 2024 00:23:29 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 7AA4F6B0089; Fri, 23 Feb 2024 00:23:29 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11])
	by kanga.kvack.org (Postfix) with ESMTP id 68DEB6B0071
	for <linux-mm@kvack.org>; Fri, 23 Feb 2024 00:23:29 -0500 (EST)
Received: from smtpin30.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay03.hostedemail.com (Postfix) with ESMTP id 3AAE0A0ECF
	for <linux-mm@kvack.org>; Fri, 23 Feb 2024 05:23:29 +0000 (UTC)
X-FDA: 81821925738.30.C6F8443
Received: from out-181.mta0.migadu.com (out-181.mta0.migadu.com [91.218.175.181])
	by imf13.hostedemail.com (Postfix) with ESMTP id 648BF2000C
	for <linux-mm@kvack.org>; Fri, 23 Feb 2024 05:23:27 +0000 (UTC)
Authentication-Results: imf13.hostedemail.com;
	dkim=pass header.d=linux.dev header.s=key1 header.b=FWv3r+km;
	dmarc=pass (policy=none) header.from=linux.dev;
	spf=pass (imf13.hostedemail.com: domain of chengming.zhou@linux.dev designates 91.218.175.181 as permitted sender) smtp.mailfrom=chengming.zhou@linux.dev
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1708665807;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=S+O6GnGwfKEyujhGVEiygFjs5ThpHuCakCaC97nHKS8=;
	b=fGzTQ192x/JIYfaQAvmnD/Rnja1bkT1PdkJZnr+D/UlvjoeQmlzcUbTXv16yxDUR+kzeha
	gkMJSnSJ49Vdv9cL/EOjVFtq98PGEmJJKJ3YrO/vaa5Jc+sx9bYc0PDq9FHokZDyShtP9V
	c6CneV6KUrgKtDQZh9+Io3fkwWjYrLk=
ARC-Authentication-Results: i=1;
	imf13.hostedemail.com;
	dkim=pass header.d=linux.dev header.s=key1 header.b=FWv3r+km;
	dmarc=pass (policy=none) header.from=linux.dev;
	spf=pass (imf13.hostedemail.com: domain of chengming.zhou@linux.dev designates 91.218.175.181 as permitted sender) smtp.mailfrom=chengming.zhou@linux.dev
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1708665807; a=rsa-sha256;
	cv=none;
	b=4aunLbJ5huk3q4WJWJnjZIRz+uagw8ySP2PChb8ucGTlFvkD96IOLzhWjp9xkZCKuYJo17
	TxwNry6Fsih4cICuqLXtD4AC65xkRIWe7Uw5J/uk1MhrqyBA9EoVEeESwOAbyyPCroUIAe
	W1hRB/0q29yLEV6WArjOOCxCvBONjug=
Message-ID: <bc699b2a-f460-4884-8db7-2dcc3a007ecc@linux.dev>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1;
	t=1708665805;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=S+O6GnGwfKEyujhGVEiygFjs5ThpHuCakCaC97nHKS8=;
	b=FWv3r+kmlK+x3QVhhte1PPWXSudsIlgRbmfG2aJwsMpoqJmQ9m186iuDDI3gkHE5C3mV89
	8TjcH+01eZ0Ye8NnezuqvNPq6Z0HcdPS6540JkkYh1KEul6/Dwe6hKmIJaQ83dgNWdJw9w
	WK5gDcNHXghCej9QxxBMhdyJka9y1F0=
Date: Fri, 23 Feb 2024 13:23:11 +0800
MIME-Version: 1.0
Subject: Re: [mm/page_alloc or mm/vmscan or mm/zswap] use-after-free in
 obj_malloc()
Content-Language: en-US
To: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>,
 Sergey Senozhatsky <senozhatsky@chromium.org>,
 Yosry Ahmed <yosryahmed@google.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>, Nhat Pham <nphamcs@gmail.com>,
 Minchan Kim <minchan@kernel.org>, linux-mm <linux-mm@kvack.org>
References: <d041ca52-8e0b-48b3-9606-314ac2a53408@I-love.SAKURA.ne.jp>
 <CAJD7tkZZ+eU0M9GPcWmx2NmxRuJ0ZN9yM=Yi2URUaAxUd-YUcg@mail.gmail.com>
 <20240223044808.GK11472@google.com>
X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers.
From: Chengming Zhou <chengming.zhou@linux.dev>
In-Reply-To: <20240223044808.GK11472@google.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Migadu-Flow: FLOW_OUT
X-Rspamd-Queue-Id: 648BF2000C
X-Rspam-User: 
X-Rspamd-Server: rspam04
X-Stat-Signature: zra9rzcdyynb6p8fdh73n7o6mugtborw
X-HE-Tag: 1708665807-664498
X-HE-Meta: U2FsdGVkX19T7n4CTmIYCRF+51m5GY6c9zVWosf/7Q6E4QfCbBGU3fpAzmvfQvxdiFaRladQVh8K9e2Wy/ISNtg1jES4C6Lnm+ixTM56CubhOAlYzV9DFz9WQc+MZ4SSLtKecfNgnWP5YpIlcn5YZZpWTv99fUJEmnOCFPiQ1wZqhObGbITZezDsY2+SbdJCcajmcVDkiBYV55HzsrtCeGrOw6lLzhAckr9wtjnaBqRk0uFIdTNKWycjRKDlybdvcjEBQwaySOo6Sf30t0Aw8o69dqJx6jUZQdCZDCyRYi2pSjl0RtvxpTXeTMdV06UgvMAmVHcxZCz3M/Lx0sCtMXbP7RwM25zAMEFQ8qckMx11c2/6SnSQPAZwAVZ0vyTS+f/M2/iZJFNxwRW9oqADC240o4hRzjld2KLcT48usri6snWXs0wY4edkkTNKt9cVHfLTwdnVz6m3AzHbuFeUKCcq1Oyl4X9tAuSJ7bcpvhW6ukCkK3JTc81aH7ZsyeL5ljSgu2gtekjZp40mxppotzJDaKq40ITcMrlQq1IhJSo5UiEbwaw5AFnvpgypk/GBLESs18O2p90XRqM61tcyvREiykIk3P02fqimySCGYLpoKWA7yJfnivL24jvgb6KCoF6sqXLTv2YC7Bprmkah8JK+462vo7MmV4rAJx4gKA6PORvBwyAjzGXMWVMFIQFm32H8BRgyHg1qsRQ3Jm+EL8si9FlIhJXEn/hzrs6jenzmVjQwVJLYzQPt1fH9h366zOT9XdzCLx0prl55U5WKHSJcOCl7qmdpgomQ0u2zg931hJQa3uujXxw4IBQMF4Pw4fRfSUapOhu59Yeklv86sC5OApctAXmR
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

On 2024/2/23 12:48, Sergey Senozhatsky wrote:
> On (24/02/22 18:27), Yosry Ahmed wrote:
>> I also don't see any recent changes in mm/zsmalloc.c that modify this
>> code, so maybe it wasn't introduce in 6.7. I will defer to Minchan and
>> Sergey, I don't think zswap is an active actor in this bug report.
> 
> Yeah. [1] are the only recent zsmalloc patches I can recall, and those
> patches touch zsmalloc locking (zspages migration/compaction).
> 
> https://lore.kernel.org/lkml/20240219-b4-szmalloc-migrate-v1-0-34cd49c6545b@bytedance.com/
> 

I think these patches can't go into 6.8.0-rc5, right? So it maybe a bug
with the current code of zsmalloc (maybe zswap? I don't know).

Tetsuo, could you please check if the config has CONFIG_COMPACTION enabled?

Since the first patch of that series did fix a locking bug of migration:
(mm/zsmalloc: fix migrate_write_lock() when !CONFIG_COMPACTION)

Thanks.