From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 70930C54E5D for ; Mon, 18 Mar 2024 20:50:46 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A71E76B009A; Mon, 18 Mar 2024 16:50:45 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id A22816B009B; Mon, 18 Mar 2024 16:50:45 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 8C2946B009C; Mon, 18 Mar 2024 16:50:45 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 764766B009A for ; Mon, 18 Mar 2024 16:50:45 -0400 (EDT) Received: from smtpin17.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 136FB1408A8 for ; Mon, 18 Mar 2024 20:50:45 +0000 (UTC) X-FDA: 81911353650.17.B912E5A Received: from mail-vs1-f48.google.com (mail-vs1-f48.google.com [209.85.217.48]) by imf26.hostedemail.com (Postfix) with ESMTP id 5AAC3140007 for ; Mon, 18 Mar 2024 20:50:43 +0000 (UTC) Authentication-Results: imf26.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=VBvRVBGp; spf=pass (imf26.hostedemail.com: domain of 21cnbao@gmail.com designates 209.85.217.48 as permitted sender) smtp.mailfrom=21cnbao@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1710795043; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=aInPZU8ZCi7iEM6SQv8qrjNGFrnU4zLmzqDSDyV+MFA=; b=r0UFVV2AqgfyNh7g/8ZhWwm1Kl0oOjAtZAnfHz/ElnB4Jl1FeeQYc14fEkAPk9B8LzmqXE X+cweyMN/mRmez8ogvoZ/9B6+E2wUlb2Of+KWcOya6J0ya8BJUpNUZ25yIpGBXa9ityfzA Hcvy2Lzx0xNnBp6fxCrqRFy8u2CPELI= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1710795043; a=rsa-sha256; cv=none; b=Npw7xXYzby2azuxRmLrYoUMd5MtMErXP7E3usxgmKFPwIzCYdDxGPBxQn2fGx2IlX2psv8 dIjdN6J/qtmL+M/RVwi1DUlPkiLL4jA9K9jkq45Rj9kQb8zk9ZbU0r2EGWcwg33F+1wj8Z HZLq7+5sD96hb0siaYZ1edRlRRjXPss= ARC-Authentication-Results: i=1; imf26.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=VBvRVBGp; spf=pass (imf26.hostedemail.com: domain of 21cnbao@gmail.com designates 209.85.217.48 as permitted sender) smtp.mailfrom=21cnbao@gmail.com; dmarc=pass (policy=none) header.from=gmail.com Received: by mail-vs1-f48.google.com with SMTP id ada2fe7eead31-47679ac2798so424489137.2 for ; Mon, 18 Mar 2024 13:50:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1710795042; x=1711399842; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=aInPZU8ZCi7iEM6SQv8qrjNGFrnU4zLmzqDSDyV+MFA=; b=VBvRVBGp8coili6s03EzCpWuHdHg1v0gxRNG7k4EWAF/WWtgojut7F8w9HdZ4wQ2cP lBX8JgVvhmIGaFNJTlrQ99MAPl86UYnIBy2PugT0LM177hpCiHNw21EFJYotARhsPrAX 1tHauw2N3WGJL6QWDHWEbwXfDMnqDoi+BVLdZlWbImcCT25GDpKiMl4y3X5S+CMEJAjc VzBR8gJ3xB5VV5xS5bIXI6LoVRlapz66o1/GkZ24ryUJz8ljUUkTCs0XOtWDIJkfHxsJ jlD6evE5hcHY/kMiZN2SJCMRsIui1wAG+L1ptpp3RlxskPTB6/MVhh1nTb1RiWxXG/Kb lTOg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710795042; x=1711399842; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=aInPZU8ZCi7iEM6SQv8qrjNGFrnU4zLmzqDSDyV+MFA=; b=lSjSjhWK38qeaRpjh+FLHeliEP/8jBH1yRk/89OprgQ9ihQRC+JqAYBxm6sR9WGV30 9Cma29a0hBl5sxB2/GhvOP6/QLpk2ahX3NZGFCx4agnR6TRxG9a0MFIumm8Xj7w78NNh E4pWtyOg7d8w7KDR9aDrXb9b78l7frgPcduRjAGtzVCgtGD6yQIgC8rBUGZ6pfuO+yFk 4YzTOKBema2N50w21ibgZCCNI3AfziIF3Hc/jYuv3NSU4jK50bGOODKM0DhHhAtS/hqp 0sYnXMM3yh2wKjVvdoKgbEIqI/N4pN1BevAeYw1WVkrLVGgJ/pbKYnZc8lrSYNovWj3D +GLg== X-Forwarded-Encrypted: i=1; AJvYcCXySAnFAD1j3eaQ6rHxM3bTtYLC5oS0FC54bYSGd7i5CAPsJcIQGZa98M/l6A4oOpTx+Rg1I55HpqheB9sMOtkJKXI= X-Gm-Message-State: AOJu0Yxc2py4Fl72SoQdJbtsmJtGx2vsvktcy1I6592VseHaC1l9W7Gd HekDqXpNaoOS/q+RKpN6D47LWmA2o8cwjVKzu8Upku63TCk4LyRjQSRjEcRAGoziWDp9WQN+rK9 +0O2juNnywtACqjAAaYiueQveNcxu+9XQB0Y= X-Google-Smtp-Source: AGHT+IHuwhlb3WMYSXhaIbOIWC+yG/5k7grmB2tJmYrBhwE3kWR4pf2Jiy5Afwn0tuPVWmVaR1s9PQpgpG768jKocwk= X-Received: by 2002:a67:fc81:0:b0:476:9b54:506b with SMTP id x1-20020a67fc81000000b004769b54506bmr510050vsp.5.1710795042387; Mon, 18 Mar 2024 13:50:42 -0700 (PDT) MIME-Version: 1.0 References: <000000000000bbb3d80613f243a6@google.com> In-Reply-To: From: Barry Song <21cnbao@gmail.com> Date: Tue, 19 Mar 2024 09:50:30 +1300 Message-ID: Subject: Re: [syzbot] [mm?] kernel BUG in sg_init_one To: Yosry Ahmed Cc: Nhat Pham , syzbot , akpm@linux-foundation.org, chengming.zhou@linux.dev, hannes@cmpxchg.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, syzkaller-bugs@googlegroups.com, Barry Song Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 5AAC3140007 X-Rspam-User: X-Rspamd-Server: rspam11 X-Stat-Signature: e73kwjggcnag999w381ijdzy7s38f1tj X-HE-Tag: 1710795043-58701 X-HE-Meta: U2FsdGVkX18ahsnxKbrut3sZrxDbtchFMcoxKDa4e9Ln8bDHz/aLpM0ZyrvHIyg+fmVRe2nLF7bx8QnxCb+X38iY8GiYOwdd6aBdF1gE7qG+pTi8yLshaYpEvAXP4zI4QsH8bm7aYoEvVDj1kxGmzhdGEOhz/ZCOvj3RdhFh6/s6zddKYkM4Nddl3q9HooMKd7jNA4G5HgMetw/+dNQGOAt6ndlh9CyJx9tgCklVAbisGXlxUOIvftgy1u8k2AHH4e1S79G9e5xHXXVM9geXN9X5fcy/0e8H449LD8kdx49u7DBIWjKaxiLxr28IdN3tmWbY9tqp/sSkqtSt1xbB+0HHDFIPTNpscHztiwn487Pj7ZMPkGd6/AczPlBomiZr1YsRi9qe+FZyTcIhfrS0mIfuZ/HfTusjRuU004ec5ZexZZQ504UG6iJYBzY0JZwOUkvj3MEI+YgFVe+GMVCFLkp+aBproMNHimCLkFnMz4HGYoykQ9S4snIDOiCikM+b6MgBOoxQ17vi7iUwO+9HtYL4i5qhMxabBRCfmHcxjiPLgkWrZYTY5u2Q9omkX+KFSykSPOalw4+YAwCIgfvpNWnAjBkr70sMsY+x082U0p7wzvaogmcN31qlY88os0Zz6e6bJ6LAJ88a9yViTbg8J0flgGoAn0wYtqAAy8HxpNw4YPNk6RdYxe6MPQ6e7LF0H6jt/xIDu6MQt2rZjaFGPqsNhT6XZ6WNb2EffBXZ7UpNu5tLoj5VogTxm80K9wTuT/0QgStRVUhZ1t0+sTPs+0YJSwbGRkW8LgITTJ/DG/ez4d6A90drPumigHwNjBc/vXdf+VYP4bsxgKevEn6eDt8Clbx3H7gJR3Ye+yQOkLUjNk2/Zyh8Zpozo/EjhKxh9xY1IBfN2Gjs7XUsUL0mZCnfx47z1AjrrHa9bqCs7ENctNjd9Xix9untmnqR7ZBqrDvLyZyP1+2TLBAFeEO BHJnfN8k zS2RkHsVDCXWXDUWhiDqiv7DpPmAicUuRhMOL+G1MP5TxVPiP9/XeyVdGjee+Q4ljnVXFwe/28IKxUtxdZuvbf7vOza1hfkIK8b5JEZpMQZduC/FQaAmeS4feCLQqCv7i/L4ozZdlX0VUNAfZgIaGLaVnZZZz9voDj23S+nw93YktzuPEF+UG/r0CFwY4sp7qqO4Xw+neqFa83ZDOQbPlH6BGzB5/GRvDyKG5ye+gUOjDmA+KHjQ/ZVxmiNu/uipJ+IpVfBDrzMeNS9Wv4IuOAb+1nku9b0Zsi5NGAXnmcF1ytnfY2u/mLEIkk+elwbMuXNjwUWTpE0EnohawZIkvuM2LyA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Tue, Mar 19, 2024 at 9:35=E2=80=AFAM Yosry Ahmed = wrote: > > On Mon, Mar 18, 2024 at 1:25=E2=80=AFPM Barry Song <21cnbao@gmail.com> wr= ote: > > > > On Tue, Mar 19, 2024 at 7:00=E2=80=AFAM Nhat Pham w= rote: > > > > > > On Mon, Mar 18, 2024 at 9:58=E2=80=AFAM syzbot > > > wrote: > > > > > > > > Hello, > > > > > > > > syzbot found the following issue on: > > > > > > > > HEAD commit: e5eb28f6d1af Merge tag 'mm-nonmm-stable-2024-03-14-= 09-36' .. > > > > git tree: upstream > > > > console output: https://syzkaller.appspot.com/x/log.txt?x=3D13043ab= e180000 > > > > kernel config: https://syzkaller.appspot.com/x/.config?x=3D19bb57c= 23dffc38e > > > > dashboard link: https://syzkaller.appspot.com/bug?extid=3Dadbc983a1= 588b7805de3 > > > > compiler: arm-linux-gnueabi-gcc (Debian 12.2.0-14) 12.2.0, GN= U ld (GNU Binutils for Debian) 2.40 > > > > userspace arch: arm > > > > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=3D1706d= 231180000 > > > > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=3D13ba795= 9180000 > > > > > > > > Downloadable assets: > > > > disk image (non-bootable): https://storage.googleapis.com/syzbot-as= sets/8ead8862021c/non_bootable_disk-e5eb28f6.raw.xz > > > > vmlinux: https://storage.googleapis.com/syzbot-assets/0a7371c63ff2/= vmlinux-e5eb28f6.xz > > > > kernel image: https://storage.googleapis.com/syzbot-assets/7539441b= 4add/zImage-e5eb28f6.xz > > > > > > > > IMPORTANT: if you fix the issue, please add the following tag to th= e commit: > > > > Reported-by: syzbot+adbc983a1588b7805de3@syzkaller.appspotmail.com > > > > > > > > ------------[ cut here ]------------ > > > > kernel BUG at include/linux/scatterlist.h:187! > > > > > > Looks like the provided buffer is invalid: > > > > > > #ifdef CONFIG_DEBUG_SG > > > BUG_ON(!virt_addr_valid(buf)); > > > #endif > > > > > > which is "src" from: > > > > > > sg_init_one(&input, src, entry->length); > > > > > > Looking at the surrounding code and recent history, there's this > > > commit that stands out: > > > > > > mm/zswap: remove the memcpy if acomp is not sleepable > > > (sha: 270700dd06ca41a4779c19eb46608f076bb7d40e) > > > > > > which has the effect of, IIUC, using the zpool mapped memory directly > > > as src, instead of acomp_ctx->buffer (which was previously the case, > > > as zsmalloc was not sleepable). > > > > > > This might not necessarily be a bug with that commit itself, but migh= t > > > have revealed another bug elsewhere. > > > > > > Anyway, cc-ing the author, Barry Song, to fact check me :) Will take = a > > > closer look later. > > > > I guess that is because on arm32 , we have highmem but > > sg_init_one supports lowmem only. the below should be > > able to fix? > > > > diff --git a/mm/zswap.c b/mm/zswap.c > > index 9dec853647c8..47c0386caba2 100644 > > --- a/mm/zswap.c > > +++ b/mm/zswap.c > > @@ -1086,7 +1086,8 @@ static void zswap_decompress(struct zswap_entry > > *entry, struct page *page) > > zpool_unmap_handle(zpool, entry->handle); > > } > > > > - sg_init_one(&input, src, entry->length); > > + sg_init_table(&input, 1); > > + sg_set_page(&input, kmap_to_page(src), entry->length, > > offset_in_page(src)); > > Is this working around the debug check in sg_init_one()? IIUC, only I wouldn't characterize it as a workaround; it's more of a solution. > lowmem pages are supported. We may be passing in a highmem page to > sg_set_page() now, right? we can pass highmem to sg_set_page(). This is perfectly fine. > > Also, it seems like if src is a lowmem address kmap_to_page() will be > doing unnecessary checks (assuming it's working correctly)? In practice, we consistently use kmap and kunmap even on systems with low memory. However, it's worth noting that for low memory scenarios, kmap essentially returns page_to_virt(page_address). Thus, the overhead of kmap_to_page shouldn't be significant on low memory systems, especially considering that it simplifie= s to virt_to_page(). Another approach is to consistently employ page_to_virt() for low memory situations and reserve kmap for high memory scenarios. However, since we always utilize kmap regardless of whether the page is low or high memory, we don't need to conc= ern ourselves with this distinction > > Would it be more robust to just use the temporary buffer if src is a > kmap address? I don't think so because we will need a memcpy then. > > Also FWIW, I think you can use "#sys test" to check if a diff fixes the p= roblem. > > > sg_init_table(&output, 1); > > sg_set_page(&output, page, PAGE_SIZE, 0); > > acomp_request_set_params(acomp_ctx->req, &input, &output, > > entry->length, PAGE_SIZE); > > > > > > Thanks Barry