From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id C853DC27C55 for ; Mon, 10 Jun 2024 19:01:58 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 2F5E56B0096; Mon, 10 Jun 2024 15:01:58 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 2A6EB6B0098; Mon, 10 Jun 2024 15:01:58 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 146556B009A; Mon, 10 Jun 2024 15:01:58 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id EC3566B0096 for ; Mon, 10 Jun 2024 15:01:57 -0400 (EDT) Received: from smtpin29.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 6EFEE1C0B93 for ; Mon, 10 Jun 2024 19:01:57 +0000 (UTC) X-FDA: 82215898674.29.18DCA4A Received: from mail-ej1-f42.google.com (mail-ej1-f42.google.com [209.85.218.42]) by imf17.hostedemail.com (Postfix) with ESMTP id 87EC140017 for ; Mon, 10 Jun 2024 19:01:54 +0000 (UTC) Authentication-Results: imf17.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=EnOXXIC1; spf=pass (imf17.hostedemail.com: domain of yosryahmed@google.com designates 209.85.218.42 as permitted sender) smtp.mailfrom=yosryahmed@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1718046114; a=rsa-sha256; cv=none; b=sDxQ6Y7+nhIQrdmdTwTLBGOwdFuYKMBkmVMFy3vVXA81S15dCMto+kDMakZIIYIxCck8av Q3aAnxZ53GrhnBHd2tWBmHTsWiLqg4mKm+RxQS5CGIlpqFN9usCakPRow0vScBnN7p8P+M gVbGKrpWNdqB4PVQctaDSKJQavrpLzc= ARC-Authentication-Results: i=1; imf17.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=EnOXXIC1; spf=pass (imf17.hostedemail.com: domain of yosryahmed@google.com designates 209.85.218.42 as permitted sender) smtp.mailfrom=yosryahmed@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1718046114; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=/UHCkPwIMsb0VT2uipUlmlmb8ieguO9zcIjSFxcvYyo=; b=Uq7XWBj+RgBxFmI7yPopp/cDbxs3l+Fhvbe/60lJXr78j3qo1ycMtuAJsfy9dGGw8VzLhr EO3zeWZZr36G5LrREUJawxbvTvvvYDk+DmR44xZONIcEaUIfOV50JpktZNWOG/AXbz8aMP eJ0RB+z/2l/m4iFTDFBonOnj54BzrTA= Received: by mail-ej1-f42.google.com with SMTP id a640c23a62f3a-a6f176c5c10so28261966b.2 for ; Mon, 10 Jun 2024 12:01:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1718046113; x=1718650913; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=/UHCkPwIMsb0VT2uipUlmlmb8ieguO9zcIjSFxcvYyo=; b=EnOXXIC1NZwwzLcsW1t1A7tIIxUOrDv3ClIFRnPZbijhB5dDhoY8AXsRNwQ0tuoxjI BdGV8cCJEApe5QTvYuHOAaKboMeEDtsDx5sbvoua1rScp8ecB63TLGsafObozTWXKeAl klUWjOBF+ysKP1VQkapHx5FELIXtIb4zkzaQqRJFki7FiiVog0J9GBMq5yEzkIMFGKJz KOV2+81DfcwlccCqlcHvVnaIWPJ7vJ5LypdSKu5dZ+ppG3UKPJ584wA44eb2s35awDZH oPoHtKPqrmRQYKuWJ070h7cyG2M5uAKm/D/VNToJft0GgUtv5WnsvHHSFdfm+851I+01 C1NA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1718046113; x=1718650913; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=/UHCkPwIMsb0VT2uipUlmlmb8ieguO9zcIjSFxcvYyo=; b=uv7DO09+AaSX1q5Fy+E/pDO2/Tc9B4zCdLzS4cXAD4cn7+30wLvufJi0X6C760MTHx KSfDFfi8dBQZNSFcGb/liCQun39tom14epTXeYRH3/CavlpqHKo5XSQcHMoePx65l/kX dtw3it8BpYHH9/yb4hcV8//mLAlE+/EEss00gxK65pWsNqUoreyyhp4hDR0df8qm1eUB A9J+/ogU4JDunHB/4vINrHt9b4UzDSOETMgdbO1Gf1LVTXQOlIfPlij2ZBs0zZtCukE8 6tJe79zq93OfpaPMEX7kuIB4WMfObS1wUdyLLuD1tKONG9KiRy8/GcdXDOZtAO/kEZ02 W6oQ== X-Forwarded-Encrypted: i=1; AJvYcCU7Pwu+eC4sI7XMgadPpwbRKH7VBCC5EC7XcajpenB0REtxWSclqKNNExBNahpAHcN7KNf0KSkIlAnVbMHyTnA0FQw= X-Gm-Message-State: AOJu0YxNAoVmZH+Pdxr/y4RQARmvs7VZSDUQ1OHwTLCw2fXl1Y+fddoz LoqNzGhTLGPGPYwLAq1IsQolY4FW7n7VEfRdrw3dTfCVYp8Ie1cJWjdEheEV0pRXJEQ8l8sn2an djSrf5blRc5INKiyy1HxzVLGGJT3Ys77OGM04 X-Google-Smtp-Source: AGHT+IFd5L5hIgAV6LuspYCVT5fWMIBJh+SUsm/uSV5DeRtg9tTXvTrElJwyf3PfdESujtw0I5PVonK+QvudETo7bKs= X-Received: by 2002:a17:906:f8c8:b0:a6f:1ad7:6875 with SMTP id a640c23a62f3a-a6f1ad76903mr283294366b.69.1718046112462; Mon, 10 Jun 2024 12:01:52 -0700 (PDT) MIME-Version: 1.0 References: <000000000000d0f165061a6754c3@google.com> In-Reply-To: <000000000000d0f165061a6754c3@google.com> From: Yosry Ahmed Date: Mon, 10 Jun 2024 12:01:14 -0700 Message-ID: Subject: Re: [syzbot] [mm?] KMSAN: uninit-value in zswap_store To: syzbot Cc: akpm@linux-foundation.org, chengming.zhou@linux.dev, hannes@cmpxchg.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, nphamcs@gmail.com, syzkaller-bugs@googlegroups.com, Hugh Dickins Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 87EC140017 X-Rspam-User: X-Rspamd-Server: rspam12 X-Stat-Signature: yt18d6zb7uum84d1919pomiw9smi9gnx X-HE-Tag: 1718046114-927780 X-HE-Meta: U2FsdGVkX1/bUkfy9lj7KiNFyvQNZslJVqaOzg558258GtQ2MmLVtQAsE6MwwJCcMMZcs0Oy4vQ7ZgZ0yIVEgH0RdXzKU8GqYoLav5iq9D45ZVK1kClam60RaPzWf2VPwdpJSsie8nXOivQmzMNHU6Z5FhtdF4fbTcOF7Y/HWHJazj8MNdSjPUe2DXEwMhvCigcW5rgzWybvi7adiKGoZkVbSckh7f2BXs2tav0CB/ugF1TkdNO61ZL6lXcTlQ5fPUsyXdFuSkL/qI5n08coqIknjKcey8DU1itbyQ79ygZ8b73dyys5VIxB6MGQk4zL57B1Lk4mQD5pPIyoqAA9MThgYV/KOV6g0WBPYddh47EUHcZ7X8UfVg9BfdSVkfMXfZPwBTbo4vFAEXtJbQsYl5mRgeMltAPP4AJu1sHrBgUN6EQW9TDpFYt9q3HJODUqhBcEfKAYRy57u/MV4vWuP20AaMRVqzz54Ou89S6My8XRPfSG5tpUxLkXjFD4uBziUo3oNoZ3fnxh9a1r5udSbicpAj09ToevLyZKFmIE6DW4HoZfW3Jm+K/e0t/IZRtYkaNqFdG9pLNqlAf5bw26mpZZTG8pG3+Pk7+X1DEkRQcZ/DzieDNYnB7oWV2LjfUFh56kqgxyD4B8XQ2zhRHJ8gEY0NMSXE13nqzDpHmpjj61VBtpekRmGM8M7+Bv07nnQOWe70HmD++rRY//LLA+BxiqdPtRPCqN0PThc18glRCZS4Qgwb8Xd5NUQN4XimwhPeSI0tso9j9qMiqy6VsP/hstu6SVJMn+r0UGQVi9iBFT3KuMfE88eXul0EmtbATSIcqtFAZjhR4hrSPZAACjDJIpncKdv2/GPhd3ihfwIv7SrwT/4cZziJwCepUCGdwv6I8UyY4XoDbIPefY++GlkJCFGbwDEQ6S5f9j9CBz8x20aI72tLHASBvZihBXbMdAiBSOOHT7IJPnDX6IaOX Rcb/9J+r zcNkz7TAp7eWJxXECLkiJ6LJ2came/0xmY4pRsfqNORTJlmp779HTGcOXYn36V/V4iNbF1MgQo382zrhteHO6h0CVW3RWmnURjQu7eLHANZ2Ao4f7oW/8fLHqYvkCmSpALSGfARl+/29uLuLJ1IqmziCoYhRv4SsCv+qAgh6lSXYh3VfMOB6Yu55fzTZpYl1OOJP95Ch/bTX4TmboEkKbmblGHtOAQ0ENmvki0Q+drk3c7ySDqjXffss4qXww72OgTNu+OWiMsGQzdxJDXi+uAYcajPuTZ1hI7D43u9513VPNS4SfVba64votnGtUPG9KU3wK1TkW1pBkTtODL78RuSe+SBkzT6UdhxiimIKKOBnkDsfZGkCD9K2kPZgAi1UOYeGI93+JlGDWkOzE+etsn2CAvHArAyGPmswAYQNcLIEL3La0ImMn02WiQDIlUKLHftZWEWV5m43vzW1aHdfRo3sG43kpZj5HcXecfLpzfKjxA9BD1KqIoWDJ5+AOuguALl4Uc0x4Us8PFcsCTgjt0Oin9XIeP9aoYKx3NoyLiQRBQvvynrOfSWf0RY5yqCJzjz2rq57olViGm6fiTECyBqlj6KkcbvJ4jLmXLi9ONrQU8SqsVCSBKSBgHAx6AwqETcsfrudmnuN/dSaKmh+lrujCG9anufvKpzZwQSaW0mj23pkTmYz0Yp178YfISs26MBqJqvJOiMhhAWFJoS4ZXFlaWCxPqMAUy9Qj1pl385Efg9FVQ1CiQNfApn/65Op5ycp4fOlPDxLY5dnK6K46AWnRZ7ePayR6fAFXzSDakYh8rl0xPe44WMH/hfv69v8O8ZFWapYxUZ/zVZQwOzAwcafezn0bg4/ebScIta5WJQao6s8UQKoah452UmUUAWrl/AX0k5sKsMKHsk50mOkOf9gvc9Ysnmp3y3Cm5g4Rh0LM/0k7LaTbxwhshXxplUJw+XyX4IZBOnPaIXx73A0nA+CeZFF3 v0sTbtIp ECrXbzd3QBKgLGJu4nDZkg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.001451, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Sat, Jun 8, 2024 at 2:09=E2=80=AFPM syzbot wrote: > > Hello, > > syzbot found the following issue on: > > HEAD commit: 614da38e2f7a Merge tag 'hid-for-linus-2024051401' of git:= /.. > git tree: upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=3D113f3fd698000= 0 > kernel config: https://syzkaller.appspot.com/x/.config?x=3Df5d2cbf33633f= 507 > dashboard link: https://syzkaller.appspot.com/bug?extid=3D9c1fe13fcb51574= b249b > compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Deb= ian) 2.40 > > Unfortunately, I don't have any reproducer for this issue yet. > > Downloadable assets: > disk image: https://storage.googleapis.com/syzbot-assets/89eafb874b71/dis= k-614da38e.raw.xz > vmlinux: https://storage.googleapis.com/syzbot-assets/356000512ad9/vmlinu= x-614da38e.xz > kernel image: https://storage.googleapis.com/syzbot-assets/839c73939115/b= zImage-614da38e.xz > > IMPORTANT: if you fix the issue, please add the following tag to the comm= it: > Reported-by: syzbot+9c1fe13fcb51574b249b@syzkaller.appspotmail.com This doesn't look like a zswap bug, and perhaps not a bug at all but I am not sure. Zswap is reading the data in a folio to check if it is filled with a repeated pattern, and it is encountering uninitialized data. I am not sure if this is expected behavior or not. Could it just be that the size of the data written by syzbot is not divisible by PAGE_SIZE, so part of the final page is left uninitialized? Do we keep the unwritten parts of a shmem page uninitialized by any chance? Hugh, do you mind taking a quick look at whether this is a real bug? If this is expected behavior, perhaps there is some annotation we can use in zswap that it is fine to encounter uninitialized data when reading the folio. > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > BUG: KMSAN: uninit-value in zswap_is_page_same_filled mm/zswap.c:1481 [in= line] > BUG: KMSAN: uninit-value in zswap_store+0x1008/0x2ca0 mm/zswap.c:1553 > zswap_is_page_same_filled mm/zswap.c:1481 [inline] > zswap_store+0x1008/0x2ca0 mm/zswap.c:1553 > swap_writepage+0x126/0x4c0 mm/page_io.c:198 > shmem_writepage+0x1826/0x1f70 mm/shmem.c:1518 > pageout mm/vmscan.c:660 [inline] > shrink_folio_list+0x4a55/0x7910 mm/vmscan.c:1323 > evict_folios+0x9d7f/0xcc20 mm/vmscan.c:4537 > try_to_shrink_lruvec+0x160e/0x1a50 mm/vmscan.c:4733 > shrink_one+0x66f/0xd40 mm/vmscan.c:4772 > shrink_many mm/vmscan.c:4835 [inline] > lru_gen_shrink_node mm/vmscan.c:4935 [inline] > shrink_node+0x4856/0x55f0 mm/vmscan.c:5894 > kswapd_shrink_node mm/vmscan.c:6704 [inline] > balance_pgdat mm/vmscan.c:6895 [inline] > kswapd+0x1eba/0x4460 mm/vmscan.c:7164 > kthread+0x3e2/0x540 kernel/kthread.c:389 > ret_from_fork+0x6d/0x90 arch/x86/kernel/process.c:147 > ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 > > Uninit was stored to memory at: > memcpy_from_iter lib/iov_iter.c:73 [inline] > iterate_bvec include/linux/iov_iter.h:122 [inline] > iterate_and_advance2 include/linux/iov_iter.h:249 [inline] > iterate_and_advance include/linux/iov_iter.h:271 [inline] > __copy_from_iter lib/iov_iter.c:249 [inline] > copy_page_from_iter_atomic+0x12b7/0x2ae0 lib/iov_iter.c:481 > generic_perform_write+0x4c1/0xc60 mm/filemap.c:3982 > shmem_file_write_iter+0x2bd/0x2f0 mm/shmem.c:2920 > do_iter_readv_writev+0x7e6/0x960 > vfs_iter_write+0x459/0xd00 fs/read_write.c:895 > lo_write_bvec drivers/block/loop.c:246 [inline] > lo_write_simple drivers/block/loop.c:267 [inline] > do_req_filebacked drivers/block/loop.c:491 [inline] > loop_handle_cmd drivers/block/loop.c:1907 [inline] > loop_process_work+0x1502/0x3440 drivers/block/loop.c:1942 > loop_rootcg_workfn+0x2b/0x40 drivers/block/loop.c:1973 > process_one_work kernel/workqueue.c:3267 [inline] > process_scheduled_works+0xa81/0x1bd0 kernel/workqueue.c:3348 > worker_thread+0xea5/0x1560 kernel/workqueue.c:3429 > kthread+0x3e2/0x540 kernel/kthread.c:389 > ret_from_fork+0x6d/0x90 arch/x86/kernel/process.c:147 > ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 > > Uninit was created at: > __alloc_pages+0x9d6/0xe70 mm/page_alloc.c:4598 > alloc_pages_mpol+0x299/0x990 mm/mempolicy.c:2264 > alloc_pages mm/mempolicy.c:2335 [inline] > folio_alloc+0x1d0/0x230 mm/mempolicy.c:2342 > filemap_alloc_folio+0xa6/0x440 mm/filemap.c:984 > __filemap_get_folio+0xa10/0x14b0 mm/filemap.c:1926 > grow_dev_folio fs/buffer.c:1042 [inline] > grow_buffers fs/buffer.c:1108 [inline] > __getblk_slow fs/buffer.c:1134 [inline] > bdev_getblk+0x39b/0xc80 fs/buffer.c:1429 > __getblk include/linux/buffer_head.h:355 [inline] > sb_getblk include/linux/buffer_head.h:361 [inline] > ext4_getblk+0x3da/0xe00 fs/ext4/inode.c:843 > ext4_xattr_inode_write fs/ext4/xattr.c:1421 [inline] > ext4_xattr_inode_lookup_create fs/ext4/xattr.c:1596 [inline] > ext4_xattr_set_entry+0x574d/0x6880 fs/ext4/xattr.c:1718 > ext4_xattr_block_set+0xb94/0x4fb0 fs/ext4/xattr.c:2037 > ext4_xattr_move_to_block fs/ext4/xattr.c:2654 [inline] > ext4_xattr_make_inode_space fs/ext4/xattr.c:2729 [inline] > ext4_expand_extra_isize_ea+0x20bd/0x3560 fs/ext4/xattr.c:2821 > __ext4_expand_extra_isize+0x5dc/0x680 fs/ext4/inode.c:5789 > ext4_try_to_expand_extra_isize fs/ext4/inode.c:5832 [inline] > __ext4_mark_inode_dirty+0x70d/0xa10 fs/ext4/inode.c:5910 > ext4_delete_inline_entry+0x650/0x7d0 fs/ext4/inline.c:1753 > ext4_delete_entry+0x13f/0x7d0 fs/ext4/namei.c:2719 > __ext4_unlink+0x9b8/0x11b0 fs/ext4/namei.c:3273 > ext4_unlink+0x226/0x630 fs/ext4/namei.c:3321 > vfs_unlink+0x676/0xa30 fs/namei.c:4343 > do_unlinkat+0x823/0xe10 fs/namei.c:4407 > __do_sys_unlinkat fs/namei.c:4450 [inline] > __se_sys_unlinkat fs/namei.c:4443 [inline] > __x64_sys_unlinkat+0x17c/0x230 fs/namei.c:4443 > x64_sys_call+0x846/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:2= 64 > do_syscall_x64 arch/x86/entry/common.c:52 [inline] > do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 > entry_SYSCALL_64_after_hwframe+0x77/0x7f > > CPU: 1 PID: 88 Comm: kswapd1 Not tainted 6.9.0-syzkaller-02707-g614da38e2= f7a #0 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS G= oogle 04/02/2024 > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > > > --- > This report is generated by a bot. It may contain errors. > See https://goo.gl/tpsmEJ for more information about syzbot. > syzbot engineers can be reached at syzkaller@googlegroups.com. > > syzbot will keep track of this issue. See: > https://goo.gl/tpsmEJ#status for how to communicate with syzbot. > > If the report is already addressed, let syzbot know by replying with: > #syz fix: exact-commit-title > > If you want to overwrite report's subsystems, reply with: > #syz set subsystems: new-subsystem > (See the list of subsystem names on the web dashboard) > > If the report is a duplicate of another one, reply with: > #syz dup: exact-subject-of-another-report > > If you want to undo deduplication, reply with: > #syz undup