From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E8AEAC4345F for ; Tue, 30 Apr 2024 08:33:13 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id D55C76B007B; Tue, 30 Apr 2024 04:33:12 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id D05976B0083; Tue, 30 Apr 2024 04:33:12 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id BA5336B0085; Tue, 30 Apr 2024 04:33:12 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 9D0BF6B007B for ; Tue, 30 Apr 2024 04:33:12 -0400 (EDT) Received: from smtpin04.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 3166D1C0BFE for ; Tue, 30 Apr 2024 08:33:12 +0000 (UTC) X-FDA: 82065533424.04.9A2D676 Received: from mail-ej1-f44.google.com (mail-ej1-f44.google.com [209.85.218.44]) by imf01.hostedemail.com (Postfix) with ESMTP id 47DFF40009 for ; Tue, 30 Apr 2024 08:33:10 +0000 (UTC) Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=cIeh7HYW; spf=pass (imf01.hostedemail.com: domain of yosryahmed@google.com designates 209.85.218.44 as permitted sender) smtp.mailfrom=yosryahmed@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1714465990; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=cPkVFP7Lh42TFOUAbrSl+hJmc87Aue0/QUNIQ8XD5Q0=; b=ibanW//yAEdEtA1oitcNUhRcBljZdVNtXktT0lQlvOV5033NJHaramWK8ypStYwfyUpR+p Gy/ddwTA+Lex0pKnwJM+1EXmOnye1FRFu+CAM6CwyR9TBzWujPBKmhrVHlAiYNBvPApM1i q1Qlf3OaoCON6FeHD0OP4zM1uQCc/AI= ARC-Authentication-Results: i=1; imf01.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=cIeh7HYW; spf=pass (imf01.hostedemail.com: domain of yosryahmed@google.com designates 209.85.218.44 as permitted sender) smtp.mailfrom=yosryahmed@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1714465990; a=rsa-sha256; cv=none; b=f+t47Cip3C+YWulSHcOrKF0L3TQkSjoNLQulfFrx74f9BKnHTazUltgLpx8/EuH3f5h8lo h7igvknOZK37+LLsz0KbjXIgZUBKfNXo7uVhfHiETAj74s+xlJVfVsOaBHkbwKKfY0yt2F cZiElrpk4SdgGXu7R5U15mtbgsezU/Y= Received: by mail-ej1-f44.google.com with SMTP id a640c23a62f3a-a4702457ccbso714677866b.3 for ; Tue, 30 Apr 2024 01:33:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1714465988; x=1715070788; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=cPkVFP7Lh42TFOUAbrSl+hJmc87Aue0/QUNIQ8XD5Q0=; b=cIeh7HYWTPW51/diSDrZK4Ct5BzcZrrNLqMqZYIyIKCxQN+UMD5n3FaNKTU7fm9/6w GwPLWsYaOXXU4Fbv6teXEQbIioYzSOabq1BFHcqapldlOlHZnDQgvDlmZAxuOr1mxmfj mJQ72p4zihrGCjNszIO74gmFAXbFviVwXTtkT5theN8IoBVmWg/ouHa3/k4Gq3MWZtUL t26fDHmxqkiS7kE9OJn8N7Fyi49TOoCyJ9V2LEaNzkGus0H/ngdNkbcqjw3MMfEjU+tO kor0KOu82WFA4fOD3OQVIP9WBuL+lVUo4KHmLjASi9f96r5E0DjQZ/QZEQkqEC4SO/X+ gLBg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714465988; x=1715070788; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=cPkVFP7Lh42TFOUAbrSl+hJmc87Aue0/QUNIQ8XD5Q0=; b=vw0U6HWFjeZHqloy+fum/rhVx53/Ku8vyLBE5cbSFHO7m1xkBueo8o8le+nYMlS5aI tTgoYVNdocg9/Na8ZWP741PXASEyt1eTbDXIFM4EUVYimNBYkRByOuayraP0J7IFM/il iCXkCSJBJ1LdETG0KesOPphyFpENJPlMYHbHVCMLYYVSY/eDHjoJD4VBNaGiqVIBsYs1 o3iV/9heDWKajeRmawrg+GOzbqKWbtIB56SSu29XhNAj2Lz1D2oESr4pQOjwmXwD7i4F jc8PLQ5Qq7pA6X99lapkr4CWrGEcPT2hBt7Tt3L6ki9o6aQ8uEZcoTHgfn0uX41Zvsx3 6+oQ== X-Forwarded-Encrypted: i=1; AJvYcCXz+0VkBP6WctiMOZP3RIOsHFvgZU3hpI+jWYjRQ8fFOD+4fTTLxR+ecgkpjMkW6DF066CasH20YUOshGsLHVASXmI= X-Gm-Message-State: AOJu0YxSwNTkaTAZyg2yiFdmMwG3eU/HX4Lg6LzcI91fnUkUmJbNYUdD OaHq3cEZBaU7VPf/zca0GouKrYTH60iM1H1JurducS+VAof4f1a+PCjs5EVq88MlEjOWmwaIxO+ Nl8VOtfdwLG4uSTqWaMbrRBFBIPlb4QbUig40 X-Google-Smtp-Source: AGHT+IEPhiQHehjJBW+klsUM22MQCZFXx0ThaEn6Qq/yxxtdIPTrErrC2XqydQUnCNSM8OgbWyEQjR+3aViK6Pq1OaI= X-Received: by 2002:a17:906:f20e:b0:a58:fabc:4a02 with SMTP id gt14-20020a170906f20e00b00a58fabc4a02mr4671803ejb.39.1714465988245; Tue, 30 Apr 2024 01:33:08 -0700 (PDT) MIME-Version: 1.0 References: <0000000000002ecbdb06174a1d9a@google.com> In-Reply-To: <0000000000002ecbdb06174a1d9a@google.com> From: Yosry Ahmed Date: Tue, 30 Apr 2024 01:32:30 -0700 Message-ID: Subject: Re: [syzbot] [mm?] KMSAN: uninit-value in zswap_rb_insert To: syzbot Cc: akpm@linux-foundation.org, chengming.zhou@linux.dev, hannes@cmpxchg.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, nphamcs@gmail.com, syzkaller-bugs@googlegroups.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 47DFF40009 X-Rspam-User: X-Rspamd-Server: rspam04 X-Stat-Signature: 3kqasz54cz7tmhq3sceop7hsdkcb9u47 X-HE-Tag: 1714465990-519650 X-HE-Meta: U2FsdGVkX18QM+YJuHCYDvueqw6s+kvbxB0t7ovwEStdhl6SSMIUtLCoLqtqbI0/mRRZZCIOAv1mR+b6lMq8/m07lgFTyrM444ttPjbVz/KGr36HDqYB8J3eRevYuqfnPuHOAht+uUnMaJdauc70Ku/llrEVrr+W74/RYZMp2agA11kfjuqyT5ogfwo1rU6lIK5RvUFe6E4wIooiigNhJK5lmvXrt9nC/UUivyfSKLi8SxNJ1ckXwPoJRVaCk5BPvGg/v7dwssNFeyis+97MpAAeRboaEQQMNwBVzW95AVXbAnfauUIkEJ+vDvRCS3d3tcrrS5USHiN6vBvAuywmHguaLTr0RNxjLK8Rs2orjI+X7/up143c0pRldw2T4VETuuyHVg4qdyH4Hnm48kei0K7rg7RAzJNnMP7clbi41MfozCT/XrtGP8oTZQjWx3uVDh5RLB2Dej2l/JZBFgeoWxBKp3OMLsjHh4F5qah0Qkw15Iq52vBTHS4HK7f0KHVoJTbcNxEKGC64xhUwpShEv3T3VTKhIpWph6R9/6K+LWRzOggcCIauddOSnb1e0yzcMgLZAsD/wFhV9IN9dlBkq24YjE+e3BpbhIbHPAkP3q4dUoOlsXCE4LHLtBfHMLfw66GfBfzqBSFevLJuxJR1IqaK55BeXWVigQFeIaV/x5TG18bxNCj80MDn25ZIeRvQoLkQJEEaFTeFXsQ1TkjMxFcP+f026kn9nA5jk4BbfJrbSFQjAfRNrZRfanW97hqEbsYlh0GuIk8HDJCrMpxU02IxruZOIB5iCKs4wPu0MQWF/FKhlGGXbLb7MgtGnqiOhtbvf5oQ7taIuBj4fQJCQK5His21gYUYBo/u1E1GxSn3GTc5+eyrTHh+Fi1DjbtuqjeUPDUqZibFUSKxGgZuNTs5v4QT7PAUtYRGMla/MVMHx52HlwPE57H8Yob9RnZeuPcQ5/Fowz1kx77HNXr R46iZRL7 i9Aemu31y40nqEApm+v3i6SU6bCzqQuhMsUcGlHYCcgu91QDfA+lssEzmknQhVuHmqQbYgZEc75uwqJzu5ofqliYdYNaECPnI/BZeerso3M9qel1dNXsIWkYX3kfr3DbdfV+JzrFh+lZTdp7Wxvnyh8iUmIGV30nxsOwKUcP8726AKJQzW8ifwF+QEMadVVfj4T4PoI7Y3yr4R4n13AwzGMGkBFJ/VbRRi2b69udDax7F+K6VFTJFunfjlnw8UZM4hHCZRsPgFas3Fmk+fCNsDepbxxHsY85j0+YUdGYB89sibQWQTp9icYeDKGWjcBdOX6DXGhByxQiG4jDNV5L0bgiCCLPw/v7FvbR1KZm+ulem6OgtyLTdDt23moLjITXufg1qebjM6YR3lV2w6eVQ5cxuqpDAuhSX/HFBb1dCtPWcxCsee70c4PW2c5BXsR+581zCM5NwQ06ubKLSJhC5tpVpzVuKK8aCaacmc8+9I7l968UfkSXdYqXES2ckQRs0gXAtQne+rslwk+cE+Xf6VEOdbp6b9UwimIiRsjFhYLTSKyiv7J+sjtGPJJc9RNoZB7IWXGqldLtr+R/YmuY2hcVMVVa6gTGSnkU7Gv/HUFLWruIYxqDIUyTYlNGEHWuR/sK5hpbeIJCFyVoex9bvfiCzlxHuWhrHicsjQCDA8x0Ud7/kpGGn5ggmBmzNpIqT3rtrvuoETgAQnpmIW9XZQ+Vz+DQ/GBp2mNJ5+uwcPjWhCJ0tgv0PFoPztczMr5T4FOmS0WZORlDM1+FE1GIYriq9nPfm+nGGgHznB+THmRuInZEg9X6AdEvpWh37rJiVf9gi/3PO6y+BDNjbr98N27177QV8iJIUwqPHQM71BHZgNUnWbq7THsfj+wrgRTmmsVXa4jaFIhnKYqZ1cfy1p+0auCgzbiRw4/2QHB7UFNGd1bGaFqaWxg5qHxZp/DBqOw7TyvPGkg7YbdbUcOlw+XTNEKnW mz0BSnpZ 2Qw2BwvtcgG7o5etkZZG+w== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Mon, Apr 29, 2024 at 11:02=E2=80=AFPM syzbot wrote: > > Hello, > > syzbot found the following issue on: > > HEAD commit: e33c4963bf53 Merge tag 'nfsd-6.9-5' of git://git.kernel.o= r.. > git tree: upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=3D123d5a0f18000= 0 > kernel config: https://syzkaller.appspot.com/x/.config?x=3D776c05250f36d= 55c > dashboard link: https://syzkaller.appspot.com/bug?extid=3D9c9d60f1b20b22c= e218a > compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Deb= ian) 2.40 > > Unfortunately, I don't have any reproducer for this issue yet. > > Downloadable assets: > disk image: https://storage.googleapis.com/syzbot-assets/a10175188ebb/dis= k-e33c4963.raw.xz > vmlinux: https://storage.googleapis.com/syzbot-assets/abe743417d16/vmlinu= x-e33c4963.xz > kernel image: https://storage.googleapis.com/syzbot-assets/fb10cccc9909/b= zImage-e33c4963.xz > > IMPORTANT: if you fix the issue, please add the following tag to the comm= it: > Reported-by: syzbot+9c9d60f1b20b22ce218a@syzkaller.appspotmail.com > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > BUG: KMSAN: uninit-value in zswap_rb_insert+0x1e9/0x330 mm/zswap.c:842 I am not sure how this could happen. The report is complaining about the access in the loop condition AFAICT: while (*link) { /* here */ .. } *link should start as root->rb_node (which should be NULL as it is static data), then be updated to point at a zswap_entry->rbnode as entries get added. *link should keep then be updated to values at zswap_entry->rbnode->{left/right}. Although entry->rbnode->{left/right} are not initialized when allocated by zswap_entry_cache_alloc() as the report mentions, they are initialized in zswap_rb_insert()->rb_link_node() when they are added to the tree. Also, this code is removed with the xarray conversion anyway. > zswap_rb_insert+0x1e9/0x330 mm/zswap.c:842 > zswap_store+0x22f2/0x2ca0 mm/zswap.c:1591 > swap_writepage+0x126/0x4c0 mm/page_io.c:198 > pageout mm/vmscan.c:660 [inline] > shrink_folio_list+0x4a55/0x7910 mm/vmscan.c:1323 > evict_folios+0x9d7f/0xcc20 mm/vmscan.c:4537 > try_to_shrink_lruvec+0x160e/0x1a50 mm/vmscan.c:4733 > shrink_one+0x66f/0xd40 mm/vmscan.c:4772 > shrink_many mm/vmscan.c:4835 [inline] > lru_gen_shrink_node mm/vmscan.c:4935 [inline] > shrink_node+0x4856/0x55f0 mm/vmscan.c:5894 > shrink_zones mm/vmscan.c:6152 [inline] > do_try_to_free_pages+0x820/0x2570 mm/vmscan.c:6214 > try_to_free_pages+0xb7b/0x1820 mm/vmscan.c:6449 > __perform_reclaim mm/page_alloc.c:3774 [inline] > __alloc_pages_direct_reclaim mm/page_alloc.c:3796 [inline] > __alloc_pages_slowpath+0x1035/0x31a0 mm/page_alloc.c:4202 > __alloc_pages+0xacf/0xe70 mm/page_alloc.c:4588 > alloc_pages_mpol+0x299/0x990 mm/mempolicy.c:2264 > vma_alloc_folio+0x418/0x680 mm/mempolicy.c:2303 > do_cow_fault mm/memory.c:4918 [inline] > do_fault mm/memory.c:5026 [inline] > do_pte_missing mm/memory.c:3880 [inline] > handle_pte_fault mm/memory.c:5300 [inline] > __handle_mm_fault mm/memory.c:5441 [inline] > handle_mm_fault+0x4f2f/0xce00 mm/memory.c:5606 > do_user_addr_fault arch/x86/mm/fault.c:1413 [inline] > handle_page_fault arch/x86/mm/fault.c:1505 [inline] > exc_page_fault+0x2a0/0x730 arch/x86/mm/fault.c:1563 > asm_exc_page_fault+0x2b/0x30 arch/x86/include/asm/idtentry.h:623 > rep_stos_alternative+0x40/0x80 arch/x86/lib/clear_page_64.S:92 > load_elf_binary+0x212e/0x4d30 fs/binfmt_elf.c:1132 > search_binary_handler fs/exec.c:1778 [inline] > exec_binprm fs/exec.c:1820 [inline] > bprm_execve+0xc57/0x21c0 fs/exec.c:1872 > do_execveat_common+0xceb/0xd70 fs/exec.c:1979 > do_execve fs/exec.c:2053 [inline] > __do_sys_execve fs/exec.c:2129 [inline] > __se_sys_execve fs/exec.c:2124 [inline] > __x64_sys_execve+0xf4/0x130 fs/exec.c:2124 > x64_sys_call+0x1612/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:= 60 > do_syscall_x64 arch/x86/entry/common.c:52 [inline] > do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 > entry_SYSCALL_64_after_hwframe+0x77/0x7f > > Uninit was created at: > __alloc_pages+0x9d6/0xe70 mm/page_alloc.c:4598 > __alloc_pages_node include/linux/gfp.h:238 [inline] > alloc_pages_node include/linux/gfp.h:261 [inline] > alloc_slab_page mm/slub.c:2175 [inline] > allocate_slab mm/slub.c:2338 [inline] > new_slab+0x2de/0x1400 mm/slub.c:2391 > ___slab_alloc+0x1184/0x33d0 mm/slub.c:3525 > __slab_alloc mm/slub.c:3610 [inline] > __slab_alloc_node mm/slub.c:3663 [inline] > slab_alloc_node mm/slub.c:3835 [inline] > kmem_cache_alloc_node+0x6ea/0xc50 mm/slub.c:3888 > zswap_entry_cache_alloc mm/zswap.c:874 [inline] > zswap_store+0xb26/0x2ca0 mm/zswap.c:1535 > swap_writepage+0x126/0x4c0 mm/page_io.c:198 > pageout mm/vmscan.c:660 [inline] > shrink_folio_list+0x4a55/0x7910 mm/vmscan.c:1323 > evict_folios+0x9d7f/0xcc20 mm/vmscan.c:4537 > try_to_shrink_lruvec+0x160e/0x1a50 mm/vmscan.c:4733 > shrink_one+0x66f/0xd40 mm/vmscan.c:4772 > shrink_many mm/vmscan.c:4835 [inline] > lru_gen_shrink_node mm/vmscan.c:4935 [inline] > shrink_node+0x4856/0x55f0 mm/vmscan.c:5894 > shrink_zones mm/vmscan.c:6152 [inline] > do_try_to_free_pages+0x820/0x2570 mm/vmscan.c:6214 > try_to_free_pages+0xb7b/0x1820 mm/vmscan.c:6449 > __perform_reclaim mm/page_alloc.c:3774 [inline] > __alloc_pages_direct_reclaim mm/page_alloc.c:3796 [inline] > __alloc_pages_slowpath+0x1035/0x31a0 mm/page_alloc.c:4202 > __alloc_pages+0xacf/0xe70 mm/page_alloc.c:4588 > alloc_pages_mpol+0x299/0x990 mm/mempolicy.c:2264 > alloc_pages+0x1bf/0x1e0 mm/mempolicy.c:2335 > vm_area_alloc_pages mm/vmalloc.c:3561 [inline] > __vmalloc_area_node mm/vmalloc.c:3637 [inline] > __vmalloc_node_range+0x100a/0x28b0 mm/vmalloc.c:3818 > vmalloc_user+0x90/0xb0 mm/vmalloc.c:3972 > kcov_ioctl+0x5d/0x660 kernel/kcov.c:704 > vfs_ioctl fs/ioctl.c:51 [inline] > __do_sys_ioctl fs/ioctl.c:904 [inline] > __se_sys_ioctl+0x261/0x450 fs/ioctl.c:890 > __x64_sys_ioctl+0x96/0xe0 fs/ioctl.c:890 > x64_sys_call+0x1883/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:= 17 > do_syscall_x64 arch/x86/entry/common.c:52 [inline] > do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 > entry_SYSCALL_64_after_hwframe+0x77/0x7f > > CPU: 0 PID: 5281 Comm: dhcpcd-run-hook Not tainted 6.9.0-rc5-syzkaller-00= 053-ge33c4963bf53 #0 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS G= oogle 03/27/2024 > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > > > --- > This report is generated by a bot. It may contain errors. > See https://goo.gl/tpsmEJ for more information about syzbot. > syzbot engineers can be reached at syzkaller@googlegroups.com. > > syzbot will keep track of this issue. See: > https://goo.gl/tpsmEJ#status for how to communicate with syzbot. > > If the report is already addressed, let syzbot know by replying with: > #syz fix: exact-commit-title > > If you want to overwrite report's subsystems, reply with: > #syz set subsystems: new-subsystem > (See the list of subsystem names on the web dashboard) > > If the report is a duplicate of another one, reply with: > #syz dup: exact-subject-of-another-report > > If you want to undo deduplication, reply with: > #syz undup