From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7A653CD37AA for ; Tue, 3 Sep 2024 18:13:23 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 0F6908D01C3; Tue, 3 Sep 2024 14:13:23 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 0A6438D016E; Tue, 3 Sep 2024 14:13:23 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id EAFDA8D01C3; Tue, 3 Sep 2024 14:13:22 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id CF3BD8D016E for ; Tue, 3 Sep 2024 14:13:22 -0400 (EDT) Received: from smtpin20.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 7AEE51C423A for ; Tue, 3 Sep 2024 18:13:22 +0000 (UTC) X-FDA: 82524224244.20.9BCA670 Received: from mail-wm1-f50.google.com (mail-wm1-f50.google.com [209.85.128.50]) by imf28.hostedemail.com (Postfix) with ESMTP id 80613C001E for ; Tue, 3 Sep 2024 18:13:20 +0000 (UTC) Authentication-Results: imf28.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=iJAXdIEx; spf=pass (imf28.hostedemail.com: domain of yosryahmed@google.com designates 209.85.128.50 as permitted sender) smtp.mailfrom=yosryahmed@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1725387152; a=rsa-sha256; cv=none; b=xVyApMJ5Zkmor+V5wu4IWr8YEauIxG3oB4mv2tntVWYTv4fQ6w451ZEXvPKgEXmUvV4V00 LfE4WACXOyxRY14LMyerZ/g7xhKiF4riDbGaSSaZaavu5qciDhofdNgFXhqJGYSdPF4645 Jo6JQLao6xNkkU/8AI7nzrmCIfRT5cg= ARC-Authentication-Results: i=1; imf28.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=iJAXdIEx; spf=pass (imf28.hostedemail.com: domain of yosryahmed@google.com designates 209.85.128.50 as permitted sender) smtp.mailfrom=yosryahmed@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1725387152; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=R6Kj0hnp8VinFY3kEwN8XqdDQPi7VXjSoFZ3cN4dg5M=; b=ivDIm+iYG20NFq4ParK6mS324NSNvEIl0ZwMZH9+2T2u9IdMbZLUzS5OHftZ6AbWiz7JNU GQ5n1vlRchjwyk/Jvr/cB94HXS8w+u9yDNY8yd0Wat9SzKaVSBD7WZ8LqQJM63klgNoq4D LinKrd8oFSIrWfpH9udroCIALk226VY= Received: by mail-wm1-f50.google.com with SMTP id 5b1f17b1804b1-42c7bc97423so36031355e9.0 for ; Tue, 03 Sep 2024 11:13:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1725387199; x=1725991999; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=R6Kj0hnp8VinFY3kEwN8XqdDQPi7VXjSoFZ3cN4dg5M=; b=iJAXdIExLM/zLQjObRBvZhwjA3dZoh9/LO8iUOuOtGM02caMDuzaaUy9rxqw/4MXbr 6hFd6Ve89D8wDdGzNIaTTfMvjtK7wAvjQ1rQOmU0oQuUYJYrjsKoGXyol7bG9FBwb5Mf EEvtscDpACUTnSVcHOdYb4Jvi0gHpMnq8eRDp5w9uLPYeyJ/SpaMTtSriXiwBuVmxY5t ZTn9nlnn0MLi16Uvq9w7Np0aVVouGF2pWIV0hvIztBJ7hrzD4cfWdd1XGK+Vs2Va/qKI oA9zY/rQDg3hR6OdtWgqGVUxhPrEtRSnKIc1pGct0efTWDY4G6fNmVig6t+ZiWFHcIMM 7v6g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1725387199; x=1725991999; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=R6Kj0hnp8VinFY3kEwN8XqdDQPi7VXjSoFZ3cN4dg5M=; b=T+V7u+HqD5zSKTu48mv/009RLr1fiGlVZGM/WccuYSlS/SXBbm/cNC71/AEuxoqEp0 mOx4oKH06HK3B8M3WCddoo/9LGoE6CEU51Ila7ZkJuNr/7EUg9dPt2UHm5+Lojpo4nIi OC4kssaRdqyalcjbIey2CNkBgcEj5Vx/JLZPol8GpsYdG7iBusyDy1fjNgaHBxYOniZo yem5WXMyllY8Mc4+Kjr06A9vsygL1y7f7ZGFV0Tzklt4lxnEKqf7M7ybnv0S2Nlnl1u0 Y7vyjccXlZRp4MYRs8zplaTklia2Kd6AVMfizUP0DgOZ+YxrWULoA54q0PTAns9HiDM+ HtLw== X-Forwarded-Encrypted: i=1; AJvYcCV3MDcCtA4nzugTafcX6h0GaIw1nt3cRzesDwdOF8Uo4MwpSnAfkAP3HJkmZDtnyT2Cx8OtS3vHiQ==@kvack.org X-Gm-Message-State: AOJu0Yx1bVB5m9HoBcyEzZXgxyEZbLWMt3o1r7RE1TtaJmqIkyBnAOD6 Exy27b+v6PjwGEldiGlbVBAHjulATtqjwvRWm90mB2KN9Ovf1PstjTgXNU8CGM2jaa18t8KB9ya i+wMwaAi+RC9F9jI+hA3s7iIdqRSWngEFz9kd X-Google-Smtp-Source: AGHT+IEU4CeR00snJrOwa16VF5YVHMG9EStu32g7dxShERgkayk/B0FHEcEOCaqXkOdcTOJMsSeOg1DIfPC7EdG5wco= X-Received: by 2002:a05:6000:b82:b0:374:bb28:2c29 with SMTP id ffacd0b85a97d-374bb282d0emr9611076f8f.0.1725387198266; Tue, 03 Sep 2024 11:13:18 -0700 (PDT) MIME-Version: 1.0 References: <0000000000002d4c5e0620ffb2f5@google.com> In-Reply-To: <0000000000002d4c5e0620ffb2f5@google.com> From: Yosry Ahmed Date: Tue, 3 Sep 2024 11:12:42 -0700 Message-ID: Subject: Re: [syzbot] [mm?] KMSAN: uninit-value in zswap_store (2) To: syzbot Cc: akpm@linux-foundation.org, chengming.zhou@linux.dev, hannes@cmpxchg.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, nphamcs@gmail.com, syzkaller-bugs@googlegroups.com, Chris Mason , Josef Bacik , David Sterba , linux-btrfs@vger.kernel.org, Hugh Dickins Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Stat-Signature: u99nuyd7hs6k9xbndszgr4sssgdukdjs X-Rspamd-Queue-Id: 80613C001E X-Rspam-User: X-Rspamd-Server: rspam10 X-HE-Tag: 1725387200-92087 X-HE-Meta: U2FsdGVkX196UY75cnWCfmb65BSyFZ33Z69yeiztWlbWuEJx4iUrj5RGbXNy1y1HjSZ/LDcLT1gvyHqWcZa0yhnHk6DIIS/W9ue4waeXzP8xvvCc4bw5vUlWiiKG1tI2VL8qjadeRtVSd/b+m5/9A6zps3u+HssvFhTpX6+Kz3TBVovZXadBNAOt/rtbvwcWoKvy+zWJqRcB1MEy/skP4Vq/AZbisUonJIkS50M+1pcduMdFmVaqDiVMza/ewtmZy8GsvJKDYq/dHDp5jGNMgpsuqZnuBMxQ1IfviMrvm4TkC/PZ+1Uv8x3pPtjTdUt3C+XNpB55f2IkEisMdGVy8oGwUbTRup6SauoKTMqo92Hbdp3bDf50A1NZxq/KTQxELSxwKfcFqSPDyLxJp2HlodoKEViOl7y/jX9P00via5akd+qP57fpz1Djo6hCDdFuqxfpw4FEp0X801iRlcnLjOU0x9w0ZBa/af9AcBAJChSGwqPFgwYiR7dU0fkAGQRQM0yTWpOpG21mvWRbxJDlkbn98BgjwRUlcuD7AjsLzKOrBFNvgi+fsLBR1YPmoBOwoAHoBtdsWYHPYMoZyi26vfpMkuWTPX6s6BpLyq1TmLLEq9ih0rDNOOgT+Ba1nE7KsFIlMS7purK+yv89+YhKUmtfi+6dY3XaRkqk6ZF/pMcUr2opKHGqnWDoDODHNzCWeRAyQs51suP4cvStXOR+4iW7B0zBBYxjyk+uMLLSygLtval9FboWdqQvVfVvJPzmp6yCBFaOie8KY8AYop+CqGPj2EKqZeG2lSPT4yXi0vV+CEXampkYlYRq2gKIM4sO5ik/fgqZ3NHPzwxathaAv4jlHJX1REh1mvGYEM9uEEjAp5d2/tWrf/mUsg1rlyORs16mkAQ0oc/sWvhYbVgwA2BBOvBbYsbhVeMKqmrZx3ZUg4slaabCOF4LGjsN6uYAt0Z34FMTSGE4mUXtAr7 xebcYbSL wVc6T4BpM40wZ47GwMet6qvgmCYn2sBCOcKwW2S+bXF53uWbttAHoj86zG0adp4aWalH3fjx+Eo8PvdY6sAWubGxb4E4f2LTnjxVOHIBvx4+ENrxRtKp2rmGfcV7edwtO4KQP6N9kyUaDPgu5OxIiJrqHEn7onR4GKNdQaCaOtu+LpwX6SRi5Jq61UxixfQdufvNRSrO9SNv7P/Vn1f8y38dK3oIS0cVo+PAoFxU01tz+ITCrjoCdPVWMTUu2nqazfdUuaFZ4fBOg+La1m/1ykV5fhFEMsk5goPhzR1E2qOJ5/13L4T5BpeprgvqurlSeKOe9LhY1Zx/EuQVerqle1cUClgKi2+yYIdfvuAOfctyvg38ckDvoEpAZdAYy1oD71AvoZub3w0G4ji8JhI6/1CM7od5TGAhL75/7jydnlgDGMZRVLUPHvi+WcUrHk16biuLtN7uBgYFvHPKsQurvgCofsYTVuAMUBaFG+t0HkE0XQE/BHcfV2a5pGOnkrWMeREXZEFSiBCTBj1ozxex0doYByQouRT02NHK5WSARbObUJWaTviyDgaQRO1gPlOqYjtnYXUoSRKOAZ9BogCb8kd2UVXHDauFXNO5yQMBAmWcZ4dqrRfdqzSayBpDwG41DuFKUuv9s/0Ujlsx61ZubZHhmGtggRJZrNPsp8LvvrL+AC8L4M/cCdzX85gGX5nifSTnQXShDVcsPDoynvaXSgUm/uEkwH9LLsxR+TVXi3japEy+bhJQaAH22H5juNcNOHErXh+65ndij0FLsU5+X5svKxVzlcOWcRmL/13qcMnCh+HDQFsTee+7svHFiIuU8uzX1ahaIk3l9n2z5A//YWicZXyKtBDcN01bTZZoqn/IQxlY/J7XS8jVPofTbSAIUt5PlRW8nCHXNDN3FKhDgG3522dgV8Pq/yGlvegW1fyZ+e7tCjua0gmcvdDdQFpLJqW3upJmVh0EjzRlEutYLcUJOqDjZ SOL9LTDY huKxi/HvlxPhUh4pOzWwmHcpUqkOiqKu4t+xSHtIWrRfRg1XVxdmHCKsLJySoUHmZRttt+R0W+GC6+4oPtYq26j+H4bWoHKse8tkz5V26MhkljhJC2qji2Y/w4sniCm3S21ASWOFc0U= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Sat, Aug 31, 2024 at 12:27=E2=80=AFPM syzbot wrote: > > Hello, > > syzbot found the following issue on: > > HEAD commit: 3e9bff3bbe13 Merge tag 'vfs-6.11-rc6.fixes' of gitolite.k= e.. > git tree: upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=3D11e9fb8d98000= 0 > kernel config: https://syzkaller.appspot.com/x/.config?x=3D522060455c43d= 52e > dashboard link: https://syzkaller.appspot.com/bug?extid=3Dd13dc01606d396f= 1a66e > compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Deb= ian) 2.40 > > Unfortunately, I don't have any reproducer for this issue yet. > > Downloadable assets: > disk image: https://storage.googleapis.com/syzbot-assets/2143e6626450/dis= k-3e9bff3b.raw.xz > vmlinux: https://storage.googleapis.com/syzbot-assets/20b63281b398/vmlinu= x-3e9bff3b.xz > kernel image: https://storage.googleapis.com/syzbot-assets/d0aef7b01715/b= zImage-3e9bff3b.xz > > IMPORTANT: if you fix the issue, please add the following tag to the comm= it: > Reported-by: syzbot+d13dc01606d396f1a66e@syzkaller.appspotmail.com > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > BUG: KMSAN: uninit-value in zswap_is_folio_same_filled mm/zswap.c:1371 [i= nline] > BUG: KMSAN: uninit-value in zswap_store+0x13e7/0x2dd0 mm/zswap.c:1438 > zswap_is_folio_same_filled mm/zswap.c:1371 [inline] > zswap_store+0x13e7/0x2dd0 mm/zswap.c:1438 > swap_writepage+0x11f/0x470 mm/page_io.c:198 > shmem_writepage+0x1a75/0x1f70 mm/shmem.c:1536 > pageout mm/vmscan.c:680 [inline] > shrink_folio_list+0x577f/0x7cb0 mm/vmscan.c:1360 > evict_folios+0x9bce/0xbc80 mm/vmscan.c:4580 > try_to_shrink_lruvec+0x13a3/0x1750 mm/vmscan.c:4775 > shrink_one+0x646/0xd20 mm/vmscan.c:4813 > shrink_many mm/vmscan.c:4876 [inline] > lru_gen_shrink_node mm/vmscan.c:4954 [inline] > shrink_node+0x451a/0x50f0 mm/vmscan.c:5934 > kswapd_shrink_node mm/vmscan.c:6762 [inline] > balance_pgdat mm/vmscan.c:6954 [inline] > kswapd+0x257e/0x4290 mm/vmscan.c:7223 > kthread+0x3dd/0x540 kernel/kthread.c:389 > ret_from_fork+0x6d/0x90 arch/x86/kernel/process.c:147 > ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 > > Uninit was stored to memory at: > memcpy_from_iter lib/iov_iter.c:73 [inline] > iterate_bvec include/linux/iov_iter.h:122 [inline] > iterate_and_advance2 include/linux/iov_iter.h:249 [inline] > iterate_and_advance include/linux/iov_iter.h:271 [inline] > __copy_from_iter lib/iov_iter.c:249 [inline] > copy_page_from_iter_atomic+0x12bb/0x2ae0 lib/iov_iter.c:481 > copy_folio_from_iter_atomic include/linux/uio.h:186 [inline] > generic_perform_write+0x896/0x12e0 mm/filemap.c:4032 > shmem_file_write_iter+0x2bd/0x2f0 mm/shmem.c:3074 > do_iter_readv_writev+0x8a1/0xa40 > vfs_iter_write+0x459/0xd50 fs/read_write.c:895 > lo_write_bvec drivers/block/loop.c:243 [inline] > lo_write_simple drivers/block/loop.c:264 [inline] > do_req_filebacked drivers/block/loop.c:511 [inline] > loop_handle_cmd drivers/block/loop.c:1910 [inline] > loop_process_work+0x15ec/0x3750 drivers/block/loop.c:1945 > loop_workfn+0x48/0x60 drivers/block/loop.c:1969 > process_one_work kernel/workqueue.c:3231 [inline] > process_scheduled_works+0xae0/0x1c40 kernel/workqueue.c:3312 > worker_thread+0xea7/0x14d0 kernel/workqueue.c:3389 > kthread+0x3dd/0x540 kernel/kthread.c:389 > ret_from_fork+0x6d/0x90 arch/x86/kernel/process.c:147 > ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 > > Uninit was created at: > __alloc_pages_noprof+0x9d6/0xe70 mm/page_alloc.c:4718 > alloc_pages_bulk_noprof+0x19e/0x21e0 mm/page_alloc.c:4643 > btrfs_alloc_page_array fs/btrfs/extent_io.c:704 [inline] > alloc_eb_folio_array+0x19c/0x750 fs/btrfs/extent_io.c:728 > alloc_extent_buffer+0x75a/0x3ba0 fs/btrfs/extent_io.c:3109 > btrfs_find_create_tree_block+0x46/0x60 fs/btrfs/disk-io.c:614 > btrfs_init_new_buffer fs/btrfs/extent-tree.c:5026 [inline] > btrfs_alloc_tree_block+0x415/0x1990 fs/btrfs/extent-tree.c:5139 > btrfs_alloc_log_tree_node fs/btrfs/disk-io.c:951 [inline] > btrfs_add_log_tree+0x1b7/0x7a0 fs/btrfs/disk-io.c:999 > start_log_trans fs/btrfs/tree-log.c:227 [inline] > btrfs_log_inode_parent+0xa87/0x1c30 fs/btrfs/tree-log.c:7102 > btrfs_log_dentry_safe+0x9a/0x100 fs/btrfs/tree-log.c:7207 > btrfs_sync_file+0x15d9/0x2170 fs/btrfs/file.c:1773 > vfs_fsync_range+0x20d/0x270 fs/sync.c:188 > generic_write_sync include/linux/fs.h:2821 [inline] > btrfs_do_write_iter+0xa17/0xb60 fs/btrfs/file.c:1515 > btrfs_file_write_iter+0x38/0x50 fs/btrfs/file.c:1525 > new_sync_write fs/read_write.c:497 [inline] > vfs_write+0xb2f/0x1550 fs/read_write.c:590 > ksys_write+0x20f/0x4c0 fs/read_write.c:643 > __do_sys_write fs/read_write.c:655 [inline] > __se_sys_write fs/read_write.c:652 [inline] > __x64_sys_write+0x93/0xe0 fs/read_write.c:652 > x64_sys_call+0x306a/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:= 2 > do_syscall_x64 arch/x86/entry/common.c:52 [inline] > do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83 > entry_SYSCALL_64_after_hwframe+0x77/0x7f This looks like a similar problem to [1], but with btrfs instead of ext4 this time. As Hugh figured out last time, apparently we have a btrfs file system on a loop device on a tmpfs file. It seems like btrfs creates and writes back a non-fully initialized block (for logs?). Shmem copies the memory into its pagecache and later tries to swap it out through zswap. At which point zswap reads the uninitialized memory to figure out if it's same-filled. I suspect we want something similar to what ext4 did in commit 65121eff3e4c ("ext4: avoid writing unitialized memory to disk in EA inodes") for btrfs. Adding btrfs folks here. Side-note: apparently the same-filled check in zswap (which is now being moved to core swap code [2]) is a good way to detect filesystems writing uninitialized data to disk when the file systems are on a loop device on a tmpfs file and reclaim kicks in. [1]https://lore.kernel.org/lkml/000000000000d0f165061a6754c3@google.com/ [2]https://lore.kernel.org/lkml/20240823190545.979059-1-usamaarif642@gmail.= com/ > > CPU: 0 UID: 0 PID: 80 Comm: kswapd0 Tainted: G W 6.11.0-r= c5-syzkaller-00015-g3e9bff3bbe13 #0 > Tainted: [W]=3DWARN > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS G= oogle 08/06/2024 > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > > > --- > This report is generated by a bot. It may contain errors. > See https://goo.gl/tpsmEJ for more information about syzbot. > syzbot engineers can be reached at syzkaller@googlegroups.com. > > syzbot will keep track of this issue. See: > https://goo.gl/tpsmEJ#status for how to communicate with syzbot. > > If the report is already addressed, let syzbot know by replying with: > #syz fix: exact-commit-title > > If you want to overwrite report's subsystems, reply with: > #syz set subsystems: new-subsystem > (See the list of subsystem names on the web dashboard) > > If the report is a duplicate of another one, reply with: > #syz dup: exact-subject-of-another-report > > If you want to undo deduplication, reply with: > #syz undup