KMSAN: uninit-value in __alloc

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
upstream	BUG: unable to handle kernel paging request in __alloc_skb net				1	527d	527d	22/26	fixed on 2023/06/08 14:41
=====================================================
BUG: KMSAN: uninit-value in ___slab_alloc+0x209/0x1e90 mm/slub.c:2927
 ___slab_alloc+0x209/0x1e90 mm/slub.c:2927
 __slab_alloc mm/slub.c:3126 [inline]
 slab_alloc_node mm/slub.c:3217 [inline]
 kmem_cache_alloc_node+0xb52/0x12e0 mm/slub.c:3287
 __alloc_skb+0x33f/0xf90 net/core/skbuff.c:414
 skb_copy+0x191/0xb90 net/core/skbuff.c:1586
 mac80211_hwsim_tx_frame_no_nl+0x1fcf/0x2c00 drivers/net/wireless/mac80211_hwsim.c:1565
 mac80211_hwsim_tx_frame+0x453/0x4f0 drivers/net/wireless/mac80211_hwsim.c:1784
 mac80211_hwsim_beacon_tx+0x93a/0xd20 drivers/net/wireless/mac80211_hwsim.c:1838
 __iterate_interfaces net/mac80211/util.c:793 [inline]
 ieee80211_iterate_active_interfaces_atomic+0x48b/0x6c0 net/mac80211/util.c:829
 mac80211_hwsim_beacon+0x11d/0x340 drivers/net/wireless/mac80211_hwsim.c:1861
 __run_hrtimer+0x49f/0xc50 kernel/time/hrtimer.c:1685
 __hrtimer_run_queues kernel/time/hrtimer.c:1749 [inline]
 hrtimer_run_softirq+0x4d3/0xe80 kernel/time/hrtimer.c:1766
 __do_softirq+0x1fe/0x7eb kernel/softirq.c:558
 invoke_softirq+0xa4/0x130 kernel/softirq.c:432
 __irq_exit_rcu kernel/softirq.c:636 [inline]
 irq_exit_rcu+0x76/0x130 kernel/softirq.c:648
 sysvec_apic_timer_interrupt+0xa2/0xc0 arch/x86/kernel/apic/apic.c:1097
 asm_sysvec_apic_timer_interrupt+0x12/0x20
 smap_restore arch/x86/include/asm/smap.h:67 [inline]
 get_shadow_origin_ptr mm/kmsan/instrumentation.c:31 [inline]
 __msan_metadata_ptr_for_load_4+0x28/0x30 mm/kmsan/instrumentation.c:65
 unwind_done arch/x86/include/asm/unwind.h:50 [inline]
 arch_stack_walk+0x32f/0x3c0 arch/x86/kernel/stacktrace.c:24
 stack_trace_save+0x117/0x1a0 kernel/stacktrace.c:122
 kmsan_save_stack_with_flags mm/kmsan/core.c:80 [inline]
 kmsan_internal_poison_memory+0x45/0xa0 mm/kmsan/core.c:65
 kmsan_slab_free+0xd5/0x140 mm/kmsan/hooks.c:90
 slab_free_hook mm/slub.c:1710 [inline]
 slab_free_freelist_hook+0x281/0x8e0 mm/slub.c:1766
 slab_free mm/slub.c:3530 [inline]
 kmem_cache_free+0x292/0x910 mm/slub.c:3547
 security_file_free+0x1b4/0x200 security/security.c:1535
 file_free fs/file_table.c:55 [inline]
 __fput+0xd97/0x10a0 fs/file_table.c:298
 ____fput+0x37/0x40 fs/file_table.c:313
 task_work_run+0x173/0x2b0 kernel/task_work.c:164
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 exit_to_user_mode_loop+0x3f0/0x490 kernel/entry/common.c:176
 exit_to_user_mode_prepare kernel/entry/common.c:208 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:290 [inline]
 syscall_exit_to_user_mode+0x7e/0xc0 kernel/entry/common.c:302
 __do_fast_syscall_32+0xa5/0xf0 arch/x86/entry/common.c:183
 do_fast_syscall_32+0x34/0x70 arch/x86/entry/common.c:205
 do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:248
 entry_SYSENTER_compat_after_hwframe+0x4d/0x5c

Local variable regs created at:
 __bpf_prog_run32+0x84/0x180 kernel/bpf/core.c:1795
 bpf_dispatcher_nop_func include/linux/bpf.h:727 [inline]
 __bpf_prog_run include/linux/filter.h:626 [inline]
 bpf_prog_run include/linux/filter.h:633 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:1937 [inline]
 bpf_trace_run1+0xda/0x310 kernel/trace/bpf_trace.c:1973

CPU: 0 PID: 26291 Comm: syz-executor.2 Tainted: G S      W         5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
=====================================================