================================================================== BUG: KMSAN: uninit-value in rcu_cblist_dequeue+0x233/0x270 kernel/rcu/rcu_segcblist.c:55 CPU: 0 PID: 14858 Comm: syz-executor0 Not tainted 4.17.0-rc5+ #1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x185/0x1d0 lib/dump_stack.c:113 kmsan_report+0x149/0x260 mm/kmsan/kmsan.c:1084 __msan_warning_32+0x6e/0xc0 mm/kmsan/kmsan_instr.c:685 rcu_cblist_dequeue+0x233/0x270 kernel/rcu/rcu_segcblist.c:55 rcu_do_batch kernel/rcu/tree.c:2672 [inline] invoke_rcu_callbacks kernel/rcu/tree.c:2930 [inline] __rcu_process_callbacks kernel/rcu/tree.c:2897 [inline] rcu_process_callbacks+0x179a/0x2060 kernel/rcu/tree.c:2914 __do_softirq+0x592/0x979 kernel/softirq.c:285 invoke_softirq kernel/softirq.c:365 [inline] irq_exit+0x202/0x240 kernel/softirq.c:405 exiting_irq+0xe/0x10 arch/x86/include/asm/apic.h:525 smp_apic_timer_interrupt+0x64/0x90 arch/x86/kernel/apic/apic.c:1055 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:863 RIP: 0010:native_restore_fl arch/x86/include/asm/irqflags.h:37 [inline] RIP: 0010:arch_local_irq_restore arch/x86/include/asm/irqflags.h:78 [inline] RIP: 0010:kmsan_clear_user_page+0xce/0xf0 mm/kmsan/kmsan.c:860 RSP: 0018:ffff88019c68fa70 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 RAX: 0000000000000000 RBX: ffffea0008169f00 RCX: 0000000000000000 RDX: ffff8801669a8000 RSI: ffff880000000000 RDI: ffff8801669a9000 RBP: ffff88019c68fa98 R08: aaaaaaaaaaaab000 R09: 0000000000000002 R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801b8ef7098 R13: ffffea0008169f00 R14: ffff8801b8ef57c0 R15: 0000000000000246 clear_user_highpage include/linux/highmem.h:141 [inline] clear_huge_page+0x4cb/0xd10 mm/memory.c:4598 __do_huge_pmd_anonymous_page mm/huge_memory.c:570 [inline] do_huge_pmd_anonymous_page+0xf86/0x2540 mm/huge_memory.c:728 create_huge_pmd mm/memory.c:3854 [inline] __handle_mm_fault mm/memory.c:4058 [inline] handle_mm_fault+0x44da/0x7ec0 mm/memory.c:4124 __do_page_fault+0xec6/0x1a10 arch/x86/mm/fault.c:1400 do_page_fault+0xd3/0x260 arch/x86/mm/fault.c:1477 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1160 RIP: 0033:0x40767d RSP: 002b:0000000000a3e940 EFLAGS: 00010246 RAX: 0000000020011fc8 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0e00f70f9e4ac526 RSI: 0000000000000000 RDI: 0000000002678848 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000730088 R10: 0000000000a3e940 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000002 R14: 000000000072bea0 R15: 000000000003ac2d Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:279 [inline] kmsan_save_stack mm/kmsan/kmsan.c:294 [inline] kmsan_internal_chain_origin+0x12b/0x210 mm/kmsan/kmsan.c:685 __msan_chain_origin+0x69/0xc0 mm/kmsan/kmsan_instr.c:529 rcu_segcblist_enqueue+0x24c/0x2d0 kernel/rcu/rcu_segcblist.c:150 __call_rcu+0x227/0xef0 kernel/rcu/tree.c:3057 kfree_call_rcu+0x35/0x40 kernel/rcu/tree.c:3139 sock_destroy_inode+0x71/0xd0 net/socket.c:272 destroy_inode fs/inode.c:266 [inline] evict+0xc82/0xdb0 fs/inode.c:574 iput_final fs/inode.c:1519 [inline] iput+0xb02/0xe50 fs/inode.c:1545 dentry_unlink_inode+0x850/0x8b0 fs/dcache.c:376 __dentry_kill+0x87e/0xd40 fs/dcache.c:568 dentry_kill+0x1a9/0xc70 fs/dcache.c:674 dput+0x277/0x560 fs/dcache.c:850 __fput+0x95d/0xa30 fs/file_table.c:227 ____fput+0x37/0x40 fs/file_table.c:243 task_work_run+0x22e/0x2b0 kernel/task_work.c:113 exit_task_work include/linux/task_work.h:22 [inline] do_exit+0x110e/0x3930 kernel/exit.c:867 do_group_exit+0x1a0/0x360 kernel/exit.c:970 get_signal+0x1405/0x1ec0 kernel/signal.c:2482 do_signal+0xb8/0x1d20 arch/x86/kernel/signal.c:810 exit_to_usermode_loop arch/x86/entry/common.c:162 [inline] prepare_exit_to_usermode+0x271/0x3a0 arch/x86/entry/common.c:196 syscall_return_slowpath+0xe9/0x710 arch/x86/entry/common.c:265 do_syscall_64+0x1ad/0x230 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Uninit was created at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:279 [inline] kmsan_alloc_meta_for_pages+0x161/0x3a0 mm/kmsan/kmsan.c:815 kmsan_alloc_page+0x82/0xe0 mm/kmsan/kmsan.c:885 __alloc_pages_nodemask+0xf7b/0x5cc0 mm/page_alloc.c:4402 alloc_pages_current+0x6b1/0x970 mm/mempolicy.c:2093 alloc_pages include/linux/gfp.h:494 [inline] alloc_slab_page mm/slub.c:1467 [inline] allocate_slab mm/slub.c:1612 [inline] new_slab+0x349/0x1b50 mm/slub.c:1683 new_slab_objects mm/slub.c:2464 [inline] ___slab_alloc+0x1516/0x1f50 mm/slub.c:2616 __slab_alloc mm/slub.c:2656 [inline] slab_alloc_node mm/slub.c:2719 [inline] slab_alloc mm/slub.c:2761 [inline] kmem_cache_alloc+0x997/0xb70 mm/slub.c:2766 sock_alloc_inode+0x5f/0x2b0 net/socket.c:243 alloc_inode fs/inode.c:209 [inline] new_inode_pseudo+0x95/0x430 fs/inode.c:894 sock_alloc net/socket.c:564 [inline] __sock_create+0x392/0xf70 net/socket.c:1249 sock_create net/socket.c:1325 [inline] __sys_socket+0x179/0x640 net/socket.c:1355 __do_sys_socket net/socket.c:1364 [inline] __se_sys_socket net/socket.c:1362 [inline] __x64_sys_socket+0xd8/0x120 net/socket.c:1362 do_syscall_64+0x15b/0x230 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x44/0xa9 ==================================================================