From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 988CAC54E58 for ; Mon, 18 Mar 2024 20:35:33 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id EACA68E0002; Mon, 18 Mar 2024 16:35:32 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id E35ED8E0001; Mon, 18 Mar 2024 16:35:32 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id CAEC28E0002; Mon, 18 Mar 2024 16:35:32 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id B5ABA8E0001 for ; Mon, 18 Mar 2024 16:35:32 -0400 (EDT) Received: from smtpin22.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 8A6C4A0F74 for ; Mon, 18 Mar 2024 20:35:32 +0000 (UTC) X-FDA: 81911315304.22.598C851 Received: from mail-ej1-f41.google.com (mail-ej1-f41.google.com [209.85.218.41]) by imf26.hostedemail.com (Postfix) with ESMTP id DEEA614001A for ; Mon, 18 Mar 2024 20:35:30 +0000 (UTC) Authentication-Results: imf26.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=4Qx78wQr; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf26.hostedemail.com: domain of yosryahmed@google.com designates 209.85.218.41 as permitted sender) smtp.mailfrom=yosryahmed@google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1710794131; a=rsa-sha256; cv=none; b=yNQzJtcEdNnAnfq+q3MvEK6wXvs+npirRDFD5IFxUuJX627ej7Lqzdqob2oexDpc0+0aRG nwHQvZXKMQfSR9/A+f/7wQOSwGNLoOiyc05kxFFLltJewZboQd3xcuev3SeJfj3cnjjDoX 5J8CqYIMnHImagzXIC/VAky8T/Cxs4Y= ARC-Authentication-Results: i=1; imf26.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=4Qx78wQr; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf26.hostedemail.com: domain of yosryahmed@google.com designates 209.85.218.41 as permitted sender) smtp.mailfrom=yosryahmed@google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1710794131; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=x5BUKxjEnp0SlFbo7OxBR2+MgOTG/OdBxN7WM985RJk=; b=6pZK6/+cjyT/tPekKdcn+ZDznxZPoNuXCJAe7pr7Ckj4wTMtXfafVMzb5N/KsVRRFH6qyR uPrvihkS6+pPSDX6uKelQGFcYcVxi+8F0uQLUUv/mkhTIqhbt8yKJ+4NIuECW1f+0vrtWU nA8Y1PD6WGwtU8pzc7H0yDzxQ5giG0Q= Received: by mail-ej1-f41.google.com with SMTP id a640c23a62f3a-a4682272ff6so388048566b.2 for ; Mon, 18 Mar 2024 13:35:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1710794129; x=1711398929; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=x5BUKxjEnp0SlFbo7OxBR2+MgOTG/OdBxN7WM985RJk=; b=4Qx78wQr7VWFd7I0+NvOWu3t0rqLZFUQFZWKQLqWJhVcycKrYMiu6Ccv5VePYTPmDL zOmwtgvnJKGU48ehygjIcenOVSTTqs2gPqHsvn0dgMeOISQQX6c1lKm3Ts20EQpku7q5 R3M9mkTiotVT0/iEr1H0gaO2U4Y2kWssZTVm01ImOeDf3qxGHqpkNjx/PJg7m6ZjJ62O jsh9UJHETNmazfOtny26nm5mpN4YZZAyLi0sYnAClSSP85WR4aCBwV5TS5d7vKujMIif QwWvZoYynSLR7EyTxfGeZnkAZPd+X4hOXbY0+MisCBjzxuTEb4MavZNqvElV5DAKMtD4 J8/A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710794129; x=1711398929; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=x5BUKxjEnp0SlFbo7OxBR2+MgOTG/OdBxN7WM985RJk=; b=W4lPAfAAzlPLzaCBx54mi0QJ4ljC+TBiQbURwM1B3OTygAlLosW0xK8xrmiK3YsY// rS6a17qzOmk5XXHizVQyV6jI1dKKiDyBZ0aGizUfSDZlMS/IPi0wQ+3U79L4DH4VlCzh 2FzMSovYOFCTLV13ip9rDM7X/zWaU/OR1o/q0+mpeYxTYMwXtTRAYADPytgbTVmp5vXX LIVe+yJCyG54l+dNYAcCh2M0A3jT0NFwepCjnCIdzwhh2SOr/OQ6fH5HEX8twJ3BCkug sKZxXvP1ZZm1SyjtJj7CdLC0Zb+SMCl2jDzoECkq9aURVRqBYNnIaaUMJh5ygCOkuo/S pezA== X-Forwarded-Encrypted: i=1; AJvYcCUyy/Eb33ROGe9wyGv0k9a92fgGevzCalL3GRGresGzrXgYiFtznaJcMV+KeFDRj7C956/zxeAf/erouJ2v2BZQGAc= X-Gm-Message-State: AOJu0Yy/snVsqbYpTnQSxEdYAPvBk+r48w6h4Z4jOKrnyJh9+mKzTUzz FbiWXUAX2y1H0cIo63oU9WQKSGmcZ4ybrXgfF0cBXO/isS+VC2HYAO/Va6Dq1nX0HF/JBKdN68V YCB6YcyCcLWj6OLSHyM9oEzSWYi7E3ghPuZW4 X-Google-Smtp-Source: AGHT+IEfA8uNHoyZHC8a5dMsN20mTU0Fb48nkHfeZIdgAvI/ZuuR+1ELW7nIy3FSvWU96PSYY1HHPdrLW5wIatuJ1ao= X-Received: by 2002:a17:907:7a93:b0:a46:74fe:904f with SMTP id mm19-20020a1709077a9300b00a4674fe904fmr9931408ejc.26.1710794129097; Mon, 18 Mar 2024 13:35:29 -0700 (PDT) MIME-Version: 1.0 References: <000000000000bbb3d80613f243a6@google.com> In-Reply-To: From: Yosry Ahmed Date: Mon, 18 Mar 2024 13:34:50 -0700 Message-ID: Subject: Re: [syzbot] [mm?] kernel BUG in sg_init_one To: Barry Song <21cnbao@gmail.com> Cc: Nhat Pham , syzbot , akpm@linux-foundation.org, chengming.zhou@linux.dev, hannes@cmpxchg.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, syzkaller-bugs@googlegroups.com, Barry Song Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspam-User: X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: DEEA614001A X-Stat-Signature: r4ci58dc4gmk7xd3arpe1kyzfgjjcj89 X-HE-Tag: 1710794130-378289 X-HE-Meta: U2FsdGVkX1+P4fcOGtkF6ID4pPqdmlNyuT3Kuk/8M5lm1/KT8nZ8VMkO9w0xsc4Lkezq9lDgupMiwwwWi/eSxxu00glXdpQYNzBHrZwVWcjNbr9A2UQYd3hiyTPqB8gMAe1u470EZeNAhlZo2yLfInzj0i6w4w4OEyvEBUIVG1jaMBvwGDzhDQ+9pFAGrQ5eUZ75wQfDNfEwzbfXQ2qSrVzQwHvFwfBR/8RgWMQk0TuFpvydNVhD4jl/nwTbglGemVx6E3S7b7jYarCWD0lTetoTqzVVl6zNDU1cRtOKp+8BYyYCbNzOX3LGFD7xcfXSxe5D8IGFF5r+68n8jPhe5MvXsiHLD9+yBEwDAIL2PP+CZf6RBoSVfCJvTiRoU7qY/fgoSpitkosvNQqn7VhYgKqv2RU51DGKihSxATXAmFBO/QRDLtynEiPG58RKAUzS/cqoTNmdK1n+wzuKwX5Ni+VWqHFp5D/NTukg4xcG0x5axVVUHHTe3f5b6+1OX3z5RSlaKCMLEGrDwcKP5HGlpwGVlVbjIcIOiBqSASBZSzFqx06zm6XKCv/zTG3Mso4tJUFosPNt+YVZBIQoj6+n3/4rO9GjucqM+om2UlK1v3Jr9WqJnK9bdSMOYVrqHvhtnG9MW5Die3Su2F03DlrM8HCj76DOVePy9yw+XusxqjUgcWpV3TN51wrtIrM+bRBfysA95yZpetFUGvOVYTQzzDWTswuSvmN9RzU3HzjLYr3OAm1n/sUGbdD2DojwKktoSpLA05CauU6pYgp2LNfASYA2UwmoAxzJwokhfNolJhqFMGZodAZRTCdi7ZO1QTeAUAEePpc8zp+nc471oJQTIiCNKnmOHyBIldPgEttw/CO7D8oeVfOJvBnjkUt/RvnKtgcIWieO1bjGfwek+mByWO5hnhwJzW3sHdIHba3WvhqzT3d7pKQjIIBW/eH3pleVKUegDCo4mp5QIjtOj7h FDyE6LxS KlOj/1vyNOziNEBcg+GeDYk2GGzqAjNDanoyTk8rIWk/O2iNy9wcWwMqq0x4s6JNoPifa3jXEvfGdFvuDqv/wAH720a1URTDjzE8HXtFW9DXtzB5HmZfZipU38WKoPWNcn8tTjbXRHXGkBNpAZouTgzSje29hy/GXIpmIyCH/uu0QxPr8prC6zVVZJgoW2kNi1bHZ97LteKmLfTRJ4hPuwc/BkFAUo7vgsojeYf8DOQDJaIZUL0sPdKSlpN47aeFFzwAWI15Wo+qMdYLLXxEpYzqVkq/iL09NX3Pzegy3mb53eyU= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Mon, Mar 18, 2024 at 1:25=E2=80=AFPM Barry Song <21cnbao@gmail.com> wrot= e: > > On Tue, Mar 19, 2024 at 7:00=E2=80=AFAM Nhat Pham wro= te: > > > > On Mon, Mar 18, 2024 at 9:58=E2=80=AFAM syzbot > > wrote: > > > > > > Hello, > > > > > > syzbot found the following issue on: > > > > > > HEAD commit: e5eb28f6d1af Merge tag 'mm-nonmm-stable-2024-03-14-09= -36' .. > > > git tree: upstream > > > console output: https://syzkaller.appspot.com/x/log.txt?x=3D13043abe1= 80000 > > > kernel config: https://syzkaller.appspot.com/x/.config?x=3D19bb57c23= dffc38e > > > dashboard link: https://syzkaller.appspot.com/bug?extid=3Dadbc983a158= 8b7805de3 > > > compiler: arm-linux-gnueabi-gcc (Debian 12.2.0-14) 12.2.0, GNU = ld (GNU Binutils for Debian) 2.40 > > > userspace arch: arm > > > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=3D1706d23= 1180000 > > > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=3D13ba79591= 80000 > > > > > > Downloadable assets: > > > disk image (non-bootable): https://storage.googleapis.com/syzbot-asse= ts/8ead8862021c/non_bootable_disk-e5eb28f6.raw.xz > > > vmlinux: https://storage.googleapis.com/syzbot-assets/0a7371c63ff2/vm= linux-e5eb28f6.xz > > > kernel image: https://storage.googleapis.com/syzbot-assets/7539441b4a= dd/zImage-e5eb28f6.xz > > > > > > IMPORTANT: if you fix the issue, please add the following tag to the = commit: > > > Reported-by: syzbot+adbc983a1588b7805de3@syzkaller.appspotmail.com > > > > > > ------------[ cut here ]------------ > > > kernel BUG at include/linux/scatterlist.h:187! > > > > Looks like the provided buffer is invalid: > > > > #ifdef CONFIG_DEBUG_SG > > BUG_ON(!virt_addr_valid(buf)); > > #endif > > > > which is "src" from: > > > > sg_init_one(&input, src, entry->length); > > > > Looking at the surrounding code and recent history, there's this > > commit that stands out: > > > > mm/zswap: remove the memcpy if acomp is not sleepable > > (sha: 270700dd06ca41a4779c19eb46608f076bb7d40e) > > > > which has the effect of, IIUC, using the zpool mapped memory directly > > as src, instead of acomp_ctx->buffer (which was previously the case, > > as zsmalloc was not sleepable). > > > > This might not necessarily be a bug with that commit itself, but might > > have revealed another bug elsewhere. > > > > Anyway, cc-ing the author, Barry Song, to fact check me :) Will take a > > closer look later. > > I guess that is because on arm32 , we have highmem but > sg_init_one supports lowmem only. the below should be > able to fix? > > diff --git a/mm/zswap.c b/mm/zswap.c > index 9dec853647c8..47c0386caba2 100644 > --- a/mm/zswap.c > +++ b/mm/zswap.c > @@ -1086,7 +1086,8 @@ static void zswap_decompress(struct zswap_entry > *entry, struct page *page) > zpool_unmap_handle(zpool, entry->handle); > } > > - sg_init_one(&input, src, entry->length); > + sg_init_table(&input, 1); > + sg_set_page(&input, kmap_to_page(src), entry->length, > offset_in_page(src)); Is this working around the debug check in sg_init_one()? IIUC, only lowmem pages are supported. We may be passing in a highmem page to sg_set_page() now, right? Also, it seems like if src is a lowmem address kmap_to_page() will be doing unnecessary checks (assuming it's working correctly)? Would it be more robust to just use the temporary buffer if src is a kmap address? Also FWIW, I think you can use "#sys test" to check if a diff fixes the pro= blem. > sg_init_table(&output, 1); > sg_set_page(&output, page, PAGE_SIZE, 0); > acomp_request_set_params(acomp_ctx->req, &input, &output, > entry->length, PAGE_SIZE); > > > > >