From nobody Sun Feb 8 02:56:19 2026 Received: from mail-pf1-f174.google.com (mail-pf1-f174.google.com [209.85.210.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4E6763346A2 for ; Wed, 24 Dec 2025 09:40:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.174 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1766569242; cv=none; b=SnR5ZEg+6cfsCm5ddA1QaPBGhOqQmcBHH2HKjqoQbLTJzSsc3KVlY1qYRThY+AVS4M3ePliEZNsw7hdKYY4z2UOVdlB7wIBnEPvWxeDouxrsGLEQKXddmeBqwIJ/D+rbz81sPq8Ot127OH4/PhUZ1hHew4PUhRP9ni//rYb81UU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1766569242; c=relaxed/simple; bh=RJeP5Rq6h/4KJmZKeah4dpaQckcK1fvLaaspFsXzLiI=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=UH0dStNogihBrTRgXEf6YbWfM5uebhbbP82oZgeTwkkymkvBzS5C0a9mFcOkWL6MR1f1pJwDQZUEzd/4C38gVX+H2ECwxEvKMY6uqXegCfSX6sUzXLVuxdF+neyBk9a6IQF8pi38ubHAmXlQIVX8S6NvJBBYik/BMfmmMJY1coc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=RqmMqAfn; arc=none smtp.client-ip=209.85.210.174 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="RqmMqAfn" Received: by mail-pf1-f174.google.com with SMTP id d2e1a72fcca58-7b9215e55e6so3723592b3a.2 for ; Wed, 24 Dec 2025 01:40:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1766569240; x=1767174040; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=rtje64B8REUkBwAnUKiU5bZPGFWW+pcKFR0S+7/ei6s=; b=RqmMqAfnWc/ff2YQ4/qVT99V1TZpH01CaaaDuZzta7j2J+HYm9b9kmNvBwlIceo7JR K3A3IAnFyJhsfs4/Zqqrwh638kZmg+cDw3AZjduckK6H5nSd6E/G/Ew1PCOWBRuSItS+ MGQYxgs2fbPfvZo3RPuICGHkgOxL+uyiwwEgjszwKzSM/eK5fXcwgAjCA9Y8F19ToNcb yTtpNpAH1yjDnWHSlRTvIqMhDji+OxlQfiatXBc1CkILQIT+VMBhK1SYgMqgeiNQJDze oJ8Gl7FmDnEFP20KTxbmEIEFM14adjVN083UsKNmk4OYLA55yO8sqZbjC0Fb9Mr/joIT KCnw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1766569240; x=1767174040; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=rtje64B8REUkBwAnUKiU5bZPGFWW+pcKFR0S+7/ei6s=; b=QgIzqttVgV/IxvvmW+3X66Jy8tIaRMSstOerWjNFt6ypuw5IS2YkXtt0NfAe67EEX3 HuiHIyxVoeCfLaEbZiFTdeOAQ7DORnRRsyLVdEZbO/aYEOQOdWj3zTchGoAquvacbb0q E9ZKjDBvmEkNdz71Tw6M3WVpCwWY8odVq0TTeeNQhVR/pcgOFvolrVIeTxOucVtXaP2V J6fXSuXseZHpvTlCz7nDQ4hEiQjNzRIGuEY2KPo6/tDmcZijQzHp1kzDJ2nTe13ZFGac 2dXAzTRaR/o+jflf+8m5GtGEeUCPECxI1Kq3R2WwcBHK7wdYJR82UR1CTHdxLi2KCWCl tXCQ== X-Gm-Message-State: AOJu0YzxAlA5OhTxZMGnl6s1yyKog4z0eB9BlZjjT2vWgdjI/OC8w9is jfJ24kJQ1HJTY7QnYu2km8mH09x9sC08VWaBpSYYca2UvBuyt/5BCwgj X-Gm-Gg: AY/fxX7pfkv7hDrl+kpuuHKhmB+2F+PIbjcVhVSPZiY9pMIBTOJQhBi7tM9vNGSDP7X 3rEZIE9xlvMrD5Mu7mnFzcUlVsjI2MZBqLovTIkmCpp1Itu+jB6GNaWc99pVDqG7xj7JJIcenQt BqzfsfWbMstj4sYClAguHA1ACx+77uSA7MVZbXvlVcDNVQlAQFYM4ZWBVUCDuHxXGL3UGulNFVX kXg8GNYltsa6iaExlBnowAB6vj/MgaR/yqg6W+MQKpWQKSSfF2uUwC6TUXv/xQTJMtlq+kYxzC6 DnN0F0EfqTG8czqa8kO5SmRXOdcWAQLaP6vpL0qJf8Xb3BKTlCnhno0RLe1KffGCNkbqNqRoHaC MFHh6PhOSclAiQqV3W+6js/g2L+FCIyoFf5HqGkgCOI7BRUjxwv/kDvJaWGVJOr0r+/Jhjb1VFw STG72znY3h3K7g X-Google-Smtp-Source: AGHT+IGTL5C/TlFNw5zmbZzif2bezBrpTzak8omc06WNGTfpuquPZmLQA9UJMGr+cM/rWITHDxVmTw== X-Received: by 2002:a05:6a00:3004:b0:781:17ee:602 with SMTP id d2e1a72fcca58-7ff64dcdf56mr15326546b3a.28.1766569240270; Wed, 24 Dec 2025 01:40:40 -0800 (PST) Received: from barry-desktop.hub ([47.72.129.29]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7ff7dfab841sm16228959b3a.35.2025.12.24.01.40.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Dec 2025 01:40:39 -0800 (PST) From: Barry Song <21cnbao@gmail.com> To: akpm@linux-foundation.org, linux-mm@kvack.org Cc: linux-kernel@vger.kernel.org, Barry Song , Hugh Dickins , Baolin Wang , syzbot+178fff6149127421c2cc@syzkaller.appspotmail.com Subject: [PATCH] mm/shmem: fix uninitialized folio in shmem_symlink Date: Wed, 24 Dec 2025 22:40:27 +1300 Message-ID: <20251224094027.65842-1-21cnbao@gmail.com> X-Mailer: git-send-email 2.48.1 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Barry Song Uninitialized folio allocated in shmem_symlink() may be accessed during swap-out, causing KMSAN BUG: BUG: KMSAN: uninit-value in is_folio_zero_filled mm/page_io.c:188 [inline] BUG: KMSAN: uninit-value in swap_writeout+0x468/0x1390 mm/page_io.c:263 is_folio_zero_filled mm/page_io.c:188 [inline] swap_writeout+0x468/0x1390 mm/page_io.c:263 shmem_writeout+0x1abb/0x1f60 mm/shmem.c:1662 writeout mm/vmscan.c:649 [inline] pageout mm/vmscan.c:698 [inline] shrink_folio_list+0x5920/0x7fc0 mm/vmscan.c:1418 evict_folios+0x999d/0xbf30 mm/vmscan.c:4711 try_to_shrink_lruvec+0x12b6/0x17e0 mm/vmscan.c:4874 lru_gen_shrink_lruvec mm/vmscan.c:5023 [inline] shrink_lruvec+0x46f/0x4f10 mm/vmscan.c:5784 shrink_node_memcgs mm/vmscan.c:6020 [inline] This patch clears the remaining part to zero for the portion not covered by memcpy from symname. Cc: Hugh Dickins Cc: Baolin Wang Reported-by: syzbot+178fff6149127421c2cc@syzkaller.appspotmail.com Closes: https://lore.kernel.org/lkml/6949370f.050a0220.1b4e0c.0038.GAE@goog= le.com/ Signed-off-by: Barry Song Reviewed-by: Baolin Wang --- mm/shmem.c | 1 + 1 file changed, 1 insertion(+) diff --git a/mm/shmem.c b/mm/shmem.c index ec6c01378e9d..835900a08f51 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -4131,6 +4131,7 @@ static int shmem_symlink(struct mnt_idmap *idmap, str= uct inode *dir, goto out_remove_offset; inode->i_op =3D &shmem_symlink_inode_operations; memcpy(folio_address(folio), symname, len); + folio_zero_range(folio, len, folio_size(folio) - len); folio_mark_uptodate(folio); folio_mark_dirty(folio); folio_unlock(folio); --=20 2.43.0