From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E8823D0D7BB for ; Fri, 11 Oct 2024 15:29:01 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 67E096B009E; Fri, 11 Oct 2024 11:29:01 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 6065A6B00AE; Fri, 11 Oct 2024 11:29:01 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 480116B00AF; Fri, 11 Oct 2024 11:29:01 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 2207D6B009E for ; Fri, 11 Oct 2024 11:29:01 -0400 (EDT) Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 39AF7A0FC0 for ; Fri, 11 Oct 2024 15:28:52 +0000 (UTC) X-FDA: 82661704398.13.31E8580 Received: from mail-wm1-f41.google.com (mail-wm1-f41.google.com [209.85.128.41]) by imf09.hostedemail.com (Postfix) with ESMTP id 50C94140022 for ; Fri, 11 Oct 2024 15:28:56 +0000 (UTC) Authentication-Results: imf09.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=LwUSTJDX; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf09.hostedemail.com: domain of usamaarif642@gmail.com designates 209.85.128.41 as permitted sender) smtp.mailfrom=usamaarif642@gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1728660493; a=rsa-sha256; cv=none; b=R45bEarYYPWfdu3K1a3sTC+VjEdvE1htCz2rcRrjoJGrd4U9c2NMi8IOUWriHKuTidQTAL n9JrzDC1lOp54Zl5W4D5oUV5ioEiHimRTXwJp7AKaiCtLqqHLKolfEbmlhTRPDrCXaldcy 0dAogAsonrLm72/Wp6eFmWqZANhtU/s= ARC-Authentication-Results: i=1; imf09.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=LwUSTJDX; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf09.hostedemail.com: domain of usamaarif642@gmail.com designates 209.85.128.41 as permitted sender) smtp.mailfrom=usamaarif642@gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1728660493; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=QfeLlDeGoy15GkYfRzwOhf7k1SABlIBrHrFgJUAl1NM=; b=r1LX4aukb9nz2EXI5sa+A7falnWepdbHOnWxC1v5V9aPVsoxAhUB12BQhTxAs9HlE6mpf6 dcFCsaXSLlmwxch9R2Ml4NQ7vadLFp3dp4rRFk00C56mdfn0IZiML42qEhuCoUAYVy1qCr 16YwBdrmMz46jluKbU+i5kkaqewvnwk= Received: by mail-wm1-f41.google.com with SMTP id 5b1f17b1804b1-43117ed8adbso20265695e9.2 for ; Fri, 11 Oct 2024 08:28:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1728660537; x=1729265337; darn=kvack.org; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=QfeLlDeGoy15GkYfRzwOhf7k1SABlIBrHrFgJUAl1NM=; b=LwUSTJDXHbwU97t7VR2TX+YgfP9QJI1q21igAWW/iRs9+Z142oO5jkiffDWyamBBMI YLzrRTZ3xeukPX/Fy20gC6bAvL3khdstSg0BPjL+TYUixU/w2zG+KJblxHuPCBCPcsyK 2o4vD+m+kmIsRjuN5Vph6KefI3KZY//zy1h0Q8ZnXqVhQ3AMMOBembf8lIBq26IHg6y9 xD0lQ4nKLHKXuBFq3EpHTmKPDISObes6hkLXhoSYEiD1vYpaQ+NXsLG0D+VqSfi7Ygdz ggmZIgcpA08iGR64nrPxCh07bIXbb+l1n8SoqNSYcR0zgN6yEx0HjnVQBQT6RFIPvD3S 3D/Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728660537; x=1729265337; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=QfeLlDeGoy15GkYfRzwOhf7k1SABlIBrHrFgJUAl1NM=; b=o13tXT76Sewoj+kwrd3RYtWEijXlILzOwvVd1Ooiw38n+S6UQv0sPDp/8WCZTkN3PG giRKHupVeYk6zMR5FN7KzTIwHGwA5NA7K0LPIht6bJywD6ja5TqO8mx2jVvv6SnsRLJd vhbH3vgZx6NgoUr+9LQlCSXKmDdFDX1bpYUQ5Zj+lxadSxNyAyD5wnXnmIlUbKbVOUMe ptoHBsjyV2AUtfgPqaR5qkFC9d3uPTMtz6xh009Dz2QHYahdCvh7UhJYVbtHB8adN7HC ayib14ih5hGIrMTnVnMFzRkCLdF/VZFLdAHSxGN5Ca+XIiZ+IPZ9nooi2goJuKZEr41y Ztkw== X-Forwarded-Encrypted: i=1; AJvYcCXDB6wI7g29O+ZXLZ6m2SXtkWi9nQ+TbhrKOVmGQyP/7gQrDuTZ2sAmsFk4FXfuDFs5hWcpTDhbBg==@kvack.org X-Gm-Message-State: AOJu0Yzr0zK9teo0Z3B52reU0YLxK6+ruecKgMlFtkBJf99E7YCfE25s Y+k/lPvc400movkZD053igd68ETVUbOkJo0UZ5MvQgR7jK22P+bK X-Google-Smtp-Source: AGHT+IFiYNn0Vu8/fVp3Xcz00kgEobjz4zWGlz2LGaYY+9bFDEr3UCLxma0vWBmncQPG/CG17tmCOw== X-Received: by 2002:a05:600c:202:b0:42f:6878:a683 with SMTP id 5b1f17b1804b1-4311df24e62mr28368455e9.22.1728660536696; Fri, 11 Oct 2024 08:28:56 -0700 (PDT) Received: from ?IPV6:2a02:6b67:d751:7400:c2b:f323:d172:e42a? ([2a02:6b67:d751:7400:c2b:f323:d172:e42a]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-431182ff785sm44995805e9.13.2024.10.11.08.28.56 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 11 Oct 2024 08:28:56 -0700 (PDT) Message-ID: <684ffb0a-2cc0-4ea3-b5f7-b0518ed2e83d@gmail.com> Date: Fri, 11 Oct 2024 16:28:55 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [syzbot] [mm?] KMSAN: uninit-value in swap_writepage To: Andrew Morton , syzbot , Hugh Dickins Cc: linux-kernel@vger.kernel.org, linux-mm@kvack.org, syzkaller-bugs@googlegroups.com, Nhat Pham , Johannes Weiner , Yosry Ahmed , Chengming Zhou References: <670793eb.050a0220.8109b.0003.GAE@google.com> <20241010142355.92225576a955836a67ef746a@linux-foundation.org> Content-Language: en-US From: Usama Arif In-Reply-To: <20241010142355.92225576a955836a67ef746a@linux-foundation.org> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Rspam-User: X-Rspamd-Queue-Id: 50C94140022 X-Rspamd-Server: rspam01 X-Stat-Signature: 5x1ue5q1zmff4gmynnh3ipsrzsn8dns6 X-HE-Tag: 1728660536-27569 X-HE-Meta: U2FsdGVkX18x8LIQ3RrjnJEEuOBMZVaL2Y6IXDvM72NZS+ayCErSf4RkbqRmMVyDO4KBceLFy7lhtZkXPlsv0wm5DrE3whWyMt3HLA21vDHsKCY/wZ9+79VvnI5QMUMCRVJfTDLMYPKVuzB0G5Ejhs//WlUdUMKy0D8IdL9dTbKcc7nNTSWH7JuffQNSFUKvtM+JVHB3GzFKWLL5PLjQhI/GvWSuaF7nm8g4ikxneJa4OiQQfnJ0YiCx27d7CVN/dflduc1nkkkzV4Df/3+I1RtcODCgR8FmXYDWrd+6gPyvKGxT7nOjvIQWRQBp3BRcPPP5I4d+dZPZlS3V0T9M1zRdmLaT0NGk9FaKWNX9zrYqhJZs5r04ydUIy2wC8eIO/zKmruO44uB2Slb3MMIQPB13omPOguxrPAIUTe3KGypiz0lbtcS+NNKBLvFzfjEF/FVeB3cFCA6GbarsEmScz+1/i5W43JdRLV3ca4nrWIpDxLLjbBfkQ8y9MPNhXqAd9dESoa3MmZr+YRQKA2DCRDk0tBe4y63LVKcCFsvoMd8Wrp41ms+Th+XhHU3IXGhGWG9pJ8yZpl4NGmYS41NQwte9owldCcAiil35iFOtuseMQjNAbyyVZkfwBU8JQB1bsn2w21gThgxcU5hgSPOg2kQhdNBpiCNMe8u5cJvHRv5bmSLpA/WF+rdYw9k1ng4gL/MFT7z+BYenvFn7iixF+rwkVAI6x6fe+ZlSuUPgXU5sqBRfmSYAHgMiD47cdwtcc/MzCrP50qZRl/hIp9sQyeltAE/m0jMV1Vcp57uefjBafioAhQhxewLJCpwvrJzHCY8RBcKFpZ94+Jz7WoeTYYXq7U7agdhIJxechAoI6TN635Uq8+aR1l8zENjt8KDF42Y2mw6qcjLEuptUdv0iu0i/SUCSE5SEnMENNKniksRy4N/ZObGikFbRACT/Zc0pP5R95bztlArwCQrqOlG ZTD+ULaA aixaYIqppqJLAK7AK6ah+fNQpQeTd1jejJ3yQvpemOzLwew6FGQErlW5oQZ9HRhb31p5cRGUqLkgETTCvntxHWHHTn54v3nKFlnWQeBhPmgg8jmvzD4/CyQ71YOcAr0k0RvpLPq9Sapmk82da+CJA9ANTMpOEKG1O2h255ENiKN1w8ehQTD6lxPEhPVUfQRkyh+36AIUVsRlFxTVzh9qLJbsPGORNRKB5qN9b+fk0l83MQkPK+zsqN36rlwW3YA+mqBj+YqFsVIb/VS2MvrCdz5wvllcdPmZhZi2C/R21ZH2Us5jT5efsdMOBHq24I996Ihp6g0YFZIy2s3cvb/ku63Ve7zJ9gjTsShmlPVKiQDzVaGmkQk5vTqNX3TD4N6P+6PR8CtmjF1KSR83Z3sWvzjPNC0/6c1ic/hm0+DCV//x0HdP7crlig51A12NvDrG79Y4S6tEI0zxsZ+ua2D0HYBGNnZsFDxQFXFe3n/zZgVReYrLPLciefWz3Gr8gbvvENcfE4lDtj2ygUFCT4GXPN8dauCxhjrwgOjlNN93qBCtjnJw7ZIpknl5CusyN7sgO+AVnGMEEtjNSy3tQ4znaWSuYWnq0XM5Jrcawt2PkqPU6qwdMdzuXHoEhz7XjsF/EYjDHaNfyxOMuR3KYU1XM75q1VUCYBK+HQUJmLc92bI+D4FU8bs0xdFnNboj44joyPKnO+knw8CfyOxZyra1oiJCaB18849bXWp9ZcOqHkt4x6MYtc4fdPdwTICDTnk+XrNoiXHYLg3gv1p+H5ZTPl/YpGFy4o/8ZdP8sXYaFpHPMnv/Pra/mI8Bh52atTralrc6Jv2fjzQMPbFpSUGRHsaDEWgrIunN+dEBWOKwGxjhpa+dvbroHHviwLonheDt67FpOfBIgty4GzoplZqKN7zQ4niQRocEk4i8joYUBZeJ6pzDLl2ft8pHH9cDSvZbfqi3vC50pV0OxNj6f+UbsxGZe7K1A uifW+Rq4 71zCF5wA3xXbGFEI33EdeF9s/Ucf7Hs3pJn8+w4dX6bLrpYWrbTfxwCTsUa1z9fWz20f4dRzgNtlmi42YWMALb8a51Kiu21Goa4P5q7dM5GGD+1UWhO8SnR5XhvVg+38GG+GotXdksllV4JeiyvoVO/98OaG+qqoAbvtuPrNptA7fdsz47/Bu7Nl4g8wJvClUDtjkiBeHz+QgtTslh+t7iYAdRnoAiB6WTPzKEs5WuAphSSjAogaBHsk8IWv6XUknlJATgCC9htYXL/gsJ6qgUkEapSQ/TIit54Ib1HR7ia2q7Hz7DsCOyPR/uX4Sf4ZrhS1AelyU17Oku4bYc07RoBOqkBNjzkOSwrwHLcjXxNxpocgsdxvDeCWXVzK0PJtO6iTQhiH9RU= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On 10/10/2024 22:23, Andrew Morton wrote: > On Thu, 10 Oct 2024 01:44:27 -0700 syzbot wrote: > >> Hello, >> >> syzbot found the following issue on: >> >> HEAD commit: fc20a3e57247 Merge tag 'for-linus-6.12a-rc2-tag' of git://.. >> git tree: upstream >> console output: https://syzkaller.appspot.com/x/log.txt?x=11cdfd27980000 >> kernel config: https://syzkaller.appspot.com/x/.config?x=d302f14701986aa0 >> dashboard link: https://syzkaller.appspot.com/bug?extid=febb2473441bfb8fb380 >> compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 >> >> Unfortunately, I don't have any reproducer for this issue yet. >> >> Downloadable assets: >> disk image: https://storage.googleapis.com/syzbot-assets/5b4b9aca7b75/disk-fc20a3e5.raw.xz >> vmlinux: https://storage.googleapis.com/syzbot-assets/b22e17636ec0/vmlinux-fc20a3e5.xz >> kernel image: https://storage.googleapis.com/syzbot-assets/5266e625be99/bzImage-fc20a3e5.xz >> >> IMPORTANT: if you fix the issue, please add the following tag to the commit: >> Reported-by: syzbot+febb2473441bfb8fb380@syzkaller.appspotmail.com > > Thanks. I'm guessing that shmem symlinks aren't initializing the whole > page (folio) and that has tripped up Usama's "store zero pages to be > swapped out in a bitmap" feature - it's checking the uninitialized part > of the page for zeroness. > This is a very similar bug to the one in https://lore.kernel.org/all/000000000000d0f165061a6754c3@google.com/ (Thanks Nhat for pointing this out!) As Hugh mentioned in that thread, its likely not a bug in (z)swap. Its just working with the folio that was given to it, and it should probably be initialized before swap_writepage is called. I havent worked on shmem code before, but will try to have a look. Hugh mentioned in the other thread that shmem can keep uninitialized data pages around, but should be zeroing what's still uninitialized before it can reach the outside world. Maybeshmem_symlink gets a folio that wasnt initialized? Thanks, Usama > >> ===================================================== >> BUG: KMSAN: uninit-value in is_folio_zero_filled mm/page_io.c:189 [inline] >> BUG: KMSAN: uninit-value in swap_writepage+0x536/0x12b0 mm/page_io.c:259 >> is_folio_zero_filled mm/page_io.c:189 [inline] >> swap_writepage+0x536/0x12b0 mm/page_io.c:259 >> shmem_writepage+0x2117/0x2450 mm/shmem.c:1567 >> pageout mm/vmscan.c:688 [inline] >> shrink_folio_list+0x5e78/0x7dd0 mm/vmscan.c:1366 >> evict_folios+0x9813/0xbaf0 mm/vmscan.c:4583 >> try_to_shrink_lruvec+0x13a3/0x1750 mm/vmscan.c:4778 >> shrink_one+0x646/0xd20 mm/vmscan.c:4816 >> shrink_many mm/vmscan.c:4879 [inline] >> lru_gen_shrink_node mm/vmscan.c:4957 [inline] >> shrink_node+0x451a/0x50f0 mm/vmscan.c:5937 >> kswapd_shrink_node mm/vmscan.c:6765 [inline] >> balance_pgdat mm/vmscan.c:6957 [inline] >> kswapd+0x25e2/0x42f0 mm/vmscan.c:7226 >> kthread+0x3e2/0x540 kernel/kthread.c:389 >> ret_from_fork+0x6d/0x90 arch/x86/kernel/process.c:147 >> ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 >> >> Uninit was created at: >> __alloc_pages_noprof+0x9d6/0xe70 mm/page_alloc.c:4756 >> alloc_pages_mpol_noprof+0x299/0x990 mm/mempolicy.c:2265 >> folio_alloc_mpol_noprof+0x55/0x180 mm/mempolicy.c:2283 >> shmem_alloc_folio mm/shmem.c:1774 [inline] >> shmem_alloc_and_add_folio+0xc33/0x1c30 mm/shmem.c:1813 >> shmem_get_folio_gfp+0xacd/0x1f30 mm/shmem.c:2335 >> shmem_get_folio mm/shmem.c:2441 [inline] >> shmem_symlink+0x528/0xa20 mm/shmem.c:3834 >> vfs_symlink+0x1ed/0x460 fs/namei.c:4615 >> do_symlinkat+0x257/0x8a0 fs/namei.c:4641 >> __do_sys_symlink fs/namei.c:4662 [inline] >> __se_sys_symlink fs/namei.c:4660 [inline] >> __x64_sys_symlink+0xe0/0x140 fs/namei.c:4660 >> x64_sys_call+0x30e8/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:89 >> do_syscall_x64 arch/x86/entry/common.c:52 [inline] >> do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83 >> entry_SYSCALL_64_after_hwframe+0x77/0x7f >> >> CPU: 1 UID: 0 PID: 80 Comm: kswapd0 Tainted: G W 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0 >> Tainted: [W]=WARN >> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 >> ===================================================== >> >> >> --- >> This report is generated by a bot. It may contain errors. >> See https://goo.gl/tpsmEJ for more information about syzbot. >> syzbot engineers can be reached at syzkaller@googlegroups.com. >> >> syzbot will keep track of this issue. See: >> https://goo.gl/tpsmEJ#status for how to communicate with syzbot. >> >> If the report is already addressed, let syzbot know by replying with: >> #syz fix: exact-commit-title >> >> If you want to overwrite report's subsystems, reply with: >> #syz set subsystems: new-subsystem >> (See the list of subsystem names on the web dashboard) >> >> If the report is a duplicate of another one, reply with: >> #syz dup: exact-subject-of-another-report >> >> If you want to undo deduplication, reply with: >> #syz undup