Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp35020501rwd; Mon, 10 Jul 2023 01:06:42 -0700 (PDT) X-Google-Smtp-Source: APBJJlFnuNQjPZw2ulJowd2RyxCQkRnppzCIr3QIPhsb19ll/NfR41GoF4fDC9QTaqHbZRg978U/ X-Received: by 2002:a17:903:230b:b0:1b8:1636:b26 with SMTP id d11-20020a170903230b00b001b816360b26mr23475687plh.3.1688976402528; Mon, 10 Jul 2023 01:06:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688976402; cv=none; d=google.com; s=arc-20160816; b=L3nMFn5JvppHuVN0a4a9G0KCVWMqa3gPpgS2D4vd3TUVQ4sMoHjyCCrsfT5aF8UjgE BZhIvHCwLTmad1MDSsuWCB6iQdQigN4zfV/qQfKUwSeTDpnLxHxu22nPiEA2ub5zIXhP yGzidJn651cSaguqrDjQQR52qKnwz1xorcxdAwnXHzCuU2/jeK9TmE/EngiPqMOX/304 XtMBRph8rY/P2J6Xzu9dCB0H13XWP5gkvqzKwg+i7BSBcl4LdNERHoJlGVCK4OAeiyMt V9s/TI6EWRaerlhod+S4TNim0zn9iDb+5CoiFw5H3+ggmbmMuwy1g2SjIMOoX9jugCZl 5OEQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :content-language:references:cc:to:subject:user-agent:mime-version :date:message-id:dkim-signature:dkim-signature; bh=fRpvaHVraWSmHTGJgS9clU+E/bcwnLOg/tYUV1kAHRE=; fh=1Iu/4oLFB3QQix2kiA32anAHOgsO7PRKvxLDA2xFDsQ=; b=JRe474GAeNbz7+F/YZOA+LU2J/12Ni/khogOdiMsNd031A9aKUKT3oKbQWWMyLmL4W eTD3hPuoiCLISrlNCmhiT03yiZabxuBe2g5X2X3Qh3oBNzMh8ckW4tICCReDytl0fvSq tjiRXDe5ndT5PxIqeiVMq8MS7mgqIjKPRXSPJtSibLfxAB9nAsoF3VjYbxguI2Xq49t3 p4RODpL24gFnAZymCuiGlr/Y5rgua0Ma4EGP0VDOccSv8Rw+A4ogResVQFrxlOTQnRC/ fb+QYL37LbR9NHpHhTu8WeXvA1nnssbBo0EP2CLGok9aicyCkvl2eWqF9008SzVq62CD 7E7A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.cz header.s=susede2_rsa header.b=ufZzycZC; dkim=neutral (no key) header.i=@suse.cz header.s=susede2_ed25519 header.b="Mwyd/jn0"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id p18-20020a170902ebd200b001b9d2982365si3782054plg.34.2023.07.10.01.06.30; Mon, 10 Jul 2023 01:06:42 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.cz header.s=susede2_rsa header.b=ufZzycZC; dkim=neutral (no key) header.i=@suse.cz header.s=susede2_ed25519 header.b="Mwyd/jn0"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232350AbjGJHuX (ORCPT + 99 others); Mon, 10 Jul 2023 03:50:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51116 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231637AbjGJHtq (ORCPT ); Mon, 10 Jul 2023 03:49:46 -0400 Received: from smtp-out2.suse.de (smtp-out2.suse.de [IPv6:2001:67c:2178:6::1d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 58C78137; Mon, 10 Jul 2023 00:48:35 -0700 (PDT) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id D2CE41F88C; Mon, 10 Jul 2023 07:48:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1688975313; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=fRpvaHVraWSmHTGJgS9clU+E/bcwnLOg/tYUV1kAHRE=; b=ufZzycZCEkPD2nrQoG4+dtHe8kA8EW77H029j9Xq3LHluFcZYhXXA7ej//80aRMG8s9xKl NQ1upAr5rQTL8Mza6HMyNujpPhCn8pLdHposlI6TZvTMthdpcIhqAzEOOkxH61AJ+h3sNu Kw6b1/rjRjtmOFTogWqqzowAK3o/Ht0= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1688975313; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=fRpvaHVraWSmHTGJgS9clU+E/bcwnLOg/tYUV1kAHRE=; b=Mwyd/jn03BMgejZI9arRq+bB0/xugZ61s1kGZVIDlAfkprKpO+1ahjdebxiVMlKSBY/WwJ LZWt8mKxiz9C2AAQ== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 9940B13A05; Mon, 10 Jul 2023 07:48:33 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id J7DCJNG3q2SRegAAMHmgww (envelope-from ); Mon, 10 Jul 2023 07:48:33 +0000 Message-ID: <81008a82-1012-0b3e-134d-cd4a6502482c@suse.cz> Date: Mon, 10 Jul 2023 09:48:32 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.12.0 Subject: Re: [syzbot] [mm?] [reiserfs?] kernel panic: stack is corrupted in ___slab_alloc To: Dmitry Vyukov , "Lameter, Christopher" Cc: David Rientjes , syzbot , 42.hyeyoo@gmail.com, Andrew Morton , iamjoonsoo.kim@lge.com, keescook@chromium.org, linux-fsdevel@vger.kernel.org, linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, penberg@kernel.org, reiserfs-devel@vger.kernel.org, roman.gushchin@linux.dev, syzkaller-bugs@googlegroups.com, Jan Kara References: <0000000000002373f005ff843b58@google.com> <1bb83e9d-6d7e-3c80-12f6-847bf2dc865e@google.com> <61032955-4200-662b-ace8-bad47d337cdc@os.amperecomputing.com> Content-Language: en-US From: Vlastimil Babka In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-1.5 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_SOFTFAIL,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 7/10/23 09:43, Dmitry Vyukov wrote: > On Thu, 6 Jul 2023 at 20:33, Lameter, Christopher > wrote: >> >> On Mon, 3 Jul 2023, Dmitry Vyukov wrote: >> >> >> This is happening during while mounting reiserfs, so I'm inclined to think >> >> it's more of a reisterfs issue than a slab allocator issue :/ >> >> Have you tried to run with the "slub_debug" kernel option to figure out >> what got corrupted? > > Can slub_debug detect anything that KASAN can't? Probably not, KASAN will find out a bad write at the moment it happens, while slub_debug only later from corrupted red zone/poison. > I would assume KASAN can detect more bugs (e.g. stack/globals) and > report way better. And it was already enabled in the config. Anyway this is a stack corruption, not slab layout corruption. It's probably hard to distinguish a legitimate stack write from an overrun so even KASAN could not catch it immediately?