From nobody Sun Jun 21 07:35:04 2026 Received: from mout-y-209.mailbox.org (mout-y-209.mailbox.org [91.198.250.237]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A20902BEFFD for ; Sun, 5 Apr 2026 05:51:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=91.198.250.237 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775368282; cv=none; b=JPC6KdFRPuhxuNAnFSRERlvlu8R0rrR4Dn4oZaqrS71d5IqNwg6tqxGIAqJA2TDhCQbANTexlRcYkuQAtChnSzPGVZLnAMbT2++0G6JjWiEJOn9Y5s6VB0/UjaRCSQBhhE1R0xHLcMeyRkD+/Ns4zd3po72oWFzDBur76wm6iz8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775368282; c=relaxed/simple; bh=WlROU0VvOeFSyBLLQBlozSHyL73q+PUfhcK7R+SOeSE=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=M247YxVmiPtNblvUkSbOmKmbArlGTUfoFtfjP52OTKDDNUjdEBWjc+03HYfD6YFCbMUOT6q/11ctpqE0FjI9WFNwtC8ylc74ne4p7VFPo2/KCPdJAaPUXFuUMl/nWxUQ9NrkqI1jgW0Q2hAB1FZsIP70eSizE5BSJ7vGSXw+ZuQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=mailbox.org; spf=pass smtp.mailfrom=mailbox.org; dkim=pass (2048-bit key) header.d=mailbox.org header.i=@mailbox.org header.b=w32JQJ4A; dkim=pass (2048-bit key) header.d=mailbox.org header.i=@mailbox.org header.b=DJSPYoBM; arc=none smtp.client-ip=91.198.250.237 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=mailbox.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=mailbox.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=mailbox.org header.i=@mailbox.org header.b="w32JQJ4A"; dkim=pass (2048-bit key) header.d=mailbox.org header.i=@mailbox.org header.b="DJSPYoBM" Received: from smtp202.mailbox.org (smtp202.mailbox.org [10.196.197.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-y-209.mailbox.org (Postfix) with ESMTPS id 4fpM5X0t1TzB12J; Sun, 5 Apr 2026 07:51:12 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mailbox.org; s=mail20150812; t=1775368272; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=sTfQU8RXcoe9ewdpIzu0VZVglXSNlb3VqBu9Vwxh+Hw=; b=w32JQJ4AcnPwzn+vrmJ2Of252KK/aJieYve/BF4oQItt9WT59vEe2bCdNIHNPNDmZcd74Z BinyVREhiqSU2wKAEeko49f3Q0G2XzHHl2pM0agLygh15p9vuXeSKSqHNhuAWl+MgA0KQs YOSWALcQEWbmcQv3L7cusESwZwtRWOxoH80ELd5PDn3AdYE+Ka1UW8zOoYEue/UugVR57t UfCRfDuT1BZgC1iM4uLtnzlOGjt0/OxV3oYRo9NXv8kB1urMcy8gREWKZmLJWLgqWOg30A 109SGAXIYc32Zg6+iQGagPjwjnO9X6PF/QfdsH1HsjVM68L7LYq5IdO4JJiCWA== From: Mashiro Chen DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mailbox.org; s=mail20150812; t=1775368269; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=sTfQU8RXcoe9ewdpIzu0VZVglXSNlb3VqBu9Vwxh+Hw=; b=DJSPYoBM0x/2SrQ/BREdCip+Bb0PUmoag2MMerEHkoVgw7DR+eh9XYZeBo3ZT026GaN3eD 5uH2x1jd3BAuodSsLo/whWCResSIFxeI0Phb207IUTyPsrZ492Qd6DQPZVkdkYMVyASXVc HzTqw1SJYmBy7ITw+BaGC+Qg/4+l0zOQzOGtCBYSCOq6mfnr3rvtHwuZYHRirhVB2+CeRQ XdlLwE6pfN6ddb0HaNmNviqHRc81DSrWwxfVMs1hbkc6zGU3PXcW4+a8hF3VtDiv3ISOyf I4D9ZCXcgEXgAqfE7NK3r4lPK4Us7FzP2vSY+3wgNZuT3Oxw/W1wQGk00d6Qog== To: hannes@cmpxchg.org, surenb@google.com Cc: peterz@infradead.org, mingo@redhat.com, juri.lelli@redhat.com, vincent.guittot@linaro.org, dietmar.eggemann@arm.com, rostedt@goodmis.org, bsegall@google.com, mgorman@suse.de, vschneid@redhat.com, akpm@linux-foundation.org, linux-kernel@vger.kernel.org, syzbot+4b1bd55fba6260160779@syzkaller.appspotmail.com, Mashiro Chen Subject: [PATCH] sched/psi: initialize *flags in psi_memstall_enter when PSI is disabled Date: Sun, 5 Apr 2026 13:50:44 +0800 Message-ID: <20260405055044.554243-1-mashiro.chen@mailbox.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-MBO-RS-META: iu8krgjcw976t9prdh9hqa8ha9gcoker X-MBO-RS-ID: 2517601cd2ed8724a8f Content-Type: text/plain; charset="utf-8" When PSI is disabled, psi_memstall_enter() returns early without writing to *flags, leaving the caller's local variable uninitialized. psi_memstall_leave() also returns early when PSI is disabled and does not read *flags, so the uninitialized value is never used functionally. However, KMSAN tracks the shadow and origin metadata per physical address. When a kernel stack page is subsequently reused, a new object at the same address inherits the stale KMSAN shadow from the old uninitialized pflags, causing spurious uninit-value reports in unrelated code paths such as __flush_smp_call_function_queue(). Initialize *flags to 0 in the psi_disabled early-return path to prevent the stale shadow from escaping the callers' stack frames. Fixes: eb414681d5a0 ("psi: pressure stall information for CPU, memory, and = IO") Reported-by: syzbot+4b1bd55fba6260160779@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=3D4b1bd55fba6260160779 Link: https://lore.kernel.org/all/6991885b.050a0220.340abe.02ef.GAE@google.= com/ Signed-off-by: Mashiro Chen --- kernel/sched/psi.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/kernel/sched/psi.c b/kernel/sched/psi.c index d9c9d9480a45b..32d3a180fc03b 100644 --- a/kernel/sched/psi.c +++ b/kernel/sched/psi.c @@ -1058,8 +1058,10 @@ void psi_memstall_enter(unsigned long *flags) struct rq_flags rf; struct rq *rq; =20 - if (static_branch_likely(&psi_disabled)) + if (static_branch_likely(&psi_disabled)) { + *flags =3D 0; return; + } =20 *flags =3D current->in_memstall; if (*flags) --=20 2.53.0