From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-lf1-f47.google.com (mail-lf1-f47.google.com [209.85.167.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8549C2E266C for ; Thu, 2 Apr 2026 15:45:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.167.47 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775144751; cv=none; b=Wi2rolZShmMqf3Jgtt1OBYlrsrdEFS33jSeXVbkj1HzcxIMirvWf5h1kC4PbXIrZmzRmBJ+0PcKkGSVjyz526gUYIaId7QURJOKvYXV4lw6rMeppaTiLzHG6OKNafWZQ42+zyC5U3kslHnonewZOKaolnM2lSyRcJrZ4drvx5zM= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775144751; c=relaxed/simple; bh=PxNcFAwbnY5OFUUNDd1oypJ1D7LotulLC0G5E3KaP0w=; h=From:Date:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=Ss4HGvVoDwpI7oBin+NxXGZWw9bLfzNm9BKFIEB5FO5TnXGKZ4KPJoY/3R2pTt+MpmTPEnENw3gij7xbvoqD9alt+o2sRDfv6Qw0PRQrdUpULm3+MILXYl4IyAACSKE3ZcHhmsCkeo/enL54W29Kzkt3VIw9Y0u9VN9/NvHKKKY= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=K6s8/GOI; arc=none smtp.client-ip=209.85.167.47 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="K6s8/GOI" Received: by mail-lf1-f47.google.com with SMTP id 2adb3069b0e04-5a2b542cbaaso1199799e87.0 for ; Thu, 02 Apr 2026 08:45:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775144748; x=1775749548; darn=vger.kernel.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:date:from:from:to:cc:subject:date:message-id:reply-to; bh=Kn9LhZDdj5iuA1v5q5IVdjZeWxdxeXHN8k2hwKy76Io=; b=K6s8/GOIt17LMOkFpk9KjlhxA4ipQH80HchoJc9k//himfkvJeb+AiwBFg/2ukEpxU FHcBuyFXV+P43H8aIrgc04f8j/Kj8zbLFvIf/ul710YBcNOZ2vB4hZyyB+uu8xpAN6cE 2UifMGxBxZHQb8FIrirIIxAxure2qsNr95iniZR8uVXyxzCI+K9k3bH6LMIZfMYY7XBw BVgiGAE6h0LoZ78+U0c4+jvCG2cTEoU/wvfYJfE8Rf6onrH+ZU2WkAapCQW2q9D3HVI/ BFK/8ImsCHRGxPH0tfhpITkcId6w+DzsS5gzRBI3sIorRrvf+ti3pnDnXqpF2ksUt+E8 cL2g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775144748; x=1775749548; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:date:from:x-gm-gg:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Kn9LhZDdj5iuA1v5q5IVdjZeWxdxeXHN8k2hwKy76Io=; b=oVPkRsjQ07UAuVV2q0R49KI58xJolFTjA01cdb1Ql94hf5Xmj1szUhsluB2k7ss0nC 6S1iwSHTtqnk7oDtBAbe5Djw0l5L6wdy8I++XmUD6LsdB0bp7RjiIbjpR5ynQDcnYDQ3 z2nKcfK20DCb6bd56bgvf3Ypx77rKnuFFexo5qJ7aWtiIjpzmXF4JoVIdDcpx5N4oULh +4TEZT37NNe1PkBSg+r2nCP1RrwfShfyIJrynF0kjhTpYrOktrO613e+U6hGeAYwLlVB +2hmx+EYPm90MZnVTAk+fK1zF3JOG35/feWULHVJFKVBuWAXb3/PI3Ecfhbf8tqg7bzl JyIw== X-Forwarded-Encrypted: i=1; AJvYcCXqvhP+uOTUY89+OfDxYqDy92j4FFNTcGrHx2Gub6lSe/SraGuSr49XAZjraFYejw0LevgrFjdoEHgZQxQ=@vger.kernel.org X-Gm-Message-State: AOJu0YwO6Rk1dnP7UeNRVsqkoxfm4E8wxsC8s+S8xX2jqBB8BrZwYdfT qwT6QvmeXzeIZDGvjw+Ts8vdYjutVfTeR28AVWS8UOkPTBrynB9AZ/vzAq208gEfgXw= X-Gm-Gg: ATEYQzwXGza2TT4YUQgIHq0IFJR3uwi17G3deB3jik3R86oYdDFmVabDBJJ9FI+kLJZ glkv3op0G94hXd4cYDg3+C1IBDeLhVwH3ar4b0HJ8lN+10zXOzvA0K8AeGwlyTjjPA/Rpnw+iGv ZUF3aTYWmXUJrGQn+sNZKzDPyYQQw7rYXItZYclEz88cYrRt1EF+OYz04VDk3yf0tAfZtrhPjZG Sy0ckOdJMi1hbItxVm5ahHaxvaEZShSM7y8N6FoEctJPLObyrSGU9Q2tHVMqaxWhlkrhe+ZTeNZ 3SQxenyz3nKpHK5ByIlVEFA/y09i03aGHin5aB1on+X1+igc6awv58iykJQDJfNNt4KagFHZX/u +dUW0+f4VYBjpBs420jB0C9pJxRFis85XHtqjypv9fUqgs7MF5af29CME8GfMi92d X-Received: by 2002:ac2:5f1a:0:b0:5a2:a97a:4b5d with SMTP id 2adb3069b0e04-5a2c1f344a1mr2471856e87.35.1775144747272; Thu, 02 Apr 2026 08:45:47 -0700 (PDT) Received: from milan ([2001:9b1:d5a0:a500::24b]) by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-5a2c6c951a6sm750289e87.10.2026.04.02.08.45.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 02 Apr 2026 08:45:46 -0700 (PDT) From: Uladzislau Rezki X-Google-Original-From: Uladzislau Rezki Date: Thu, 2 Apr 2026 17:45:44 +0200 To: Qing Wang Cc: Andrew Morton , Uladzislau Rezki , linux-mm@kvack.org, linux-kernel@vger.kernel.org, syzbot+37b7f6cd519f7fb8d32a@syzkaller.appspotmail.com Subject: Re: [PATCH] mm/vmalloc: fix KMSAN uninit-value warning in decay_va_pool_node() Message-ID: References: <20260402081413.1896640-1-wangqing7171@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20260402081413.1896640-1-wangqing7171@gmail.com> On Thu, Apr 02, 2026 at 04:14:13PM +0800, Qing Wang wrote: > KMSAN reported an uninit-value warning when accessing vmap_area->list > in decay_va_pool_node(): > > BUG: KMSAN: uninit-value in __list_del_entry_valid include/linux/list.h:-1 [inline] > BUG: KMSAN: uninit-value in __list_del_entry include/linux/list.h:223 [inline] > BUG: KMSAN: uninit-value in list_del_init include/linux/list.h:295 [inline] > BUG: KMSAN: uninit-value in decay_va_pool_node+0xf78/0x1dd0 mm/vmalloc.c:2255 > > Uninit was created at: > kmem_cache_alloc_node_noprof+0x3cd/0x12d0 mm/slub.c:4918 > alloc_vmap_area+0x327/0x2e30 mm/vmalloc.c:2065 > > The root cause is that if node_alloc() fail and the va is allocated via > kmem_cache_alloc_node() by alloc_vmap_area(), va->list will be uninitialized. > > Fix this by explicitly initializing va->list after allocation. > > Reported-by: syzbot+37b7f6cd519f7fb8d32a@syzkaller.appspotmail.com > Closes: https://syzkaller.appspot.com/bug?extid=37b7f6cd519f7fb8d32a > I can not access two above links. Are they valid? I would like to have a look at report. > Signed-off-by: Qing Wang > --- > mm/vmalloc.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/mm/vmalloc.c b/mm/vmalloc.c > index 61caa55a4402..8aebbb51e178 100644 > --- a/mm/vmalloc.c > +++ b/mm/vmalloc.c > @@ -2071,6 +2071,7 @@ static struct vmap_area *alloc_vmap_area(unsigned long size, > * to avoid false negatives. > */ > kmemleak_scan_area(&va->rb_node, SIZE_MAX, gfp_mask); > + INIT_LIST_HEAD(&va->list); > } > va->list does not require to be initialized. Because: spin_lock(&vn->busy.lock); insert_vmap_area(va, &vn->busy.root, &vn->busy.head); spin_unlock(&vn->busy.lock); when a node is inserted into list_head, its next/prev pointers are properly set by the list_add(). Or, am i missing something? -- Uladzislau Rezki