On Thu, Feb 22, 2024 at 6:10 PM Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx> wrote: > > I can observe this bug during evict_folios() from 6.7.0 to 6.8.0-rc5-00163-gffd2cb6b718e. > Since I haven't observed with 6.6.0, this bug might be introduced in 6.7 cycle. I am not familiar with KMSAN bug reports, but it seems like it's reporting a user-after-free for zspage->freeobj. The report says it was created in free_unref_page_prepare() during lruvec reclaim, and I am not sure how that's possible given that zspage is allocated from the slab allocator. Perhaps I am mis-interpreting the report. I also don't see any recent changes in mm/zsmalloc.c that modify this code, so maybe it wasn't introduce in 6.7. I will defer to Minchan and Sergey, I don't think zswap is an active actor in this bug report.
