KMSAN: uninit-value in enqueue

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
linux-4.19	general protection fault in enqueue_entity				1	987d	987d	0/1	auto-closed as invalid on 2021/12/25 09:45

=====================================================
BUG: KMSAN: uninit-value in __rb_insert lib/rbtree.c:110 [inline]
BUG: KMSAN: uninit-value in rb_insert_color+0x3a8/0x10c0 lib/rbtree.c:436
 __rb_insert lib/rbtree.c:110 [inline]
 rb_insert_color+0x3a8/0x10c0 lib/rbtree.c:436
 rb_insert_color_cached include/linux/rbtree.h:114 [inline]
 rb_add_cached include/linux/rbtree.h:183 [inline]
 __enqueue_entity kernel/sched/fair.c:588 [inline]
 enqueue_entity+0x1bd4/0x34c0 kernel/sched/fair.c:4269
 enqueue_task_fair+0x4af/0x3d10 kernel/sched/fair.c:5588
 enqueue_task kernel/sched/core.c:1999 [inline]
 activate_task+0x1c5/0x5c0 kernel/sched/core.c:2024
 ttwu_do_activate kernel/sched/core.c:3600 [inline]
 ttwu_queue+0x322/0x7b0 kernel/sched/core.c:3796
 try_to_wake_up+0xcee/0x1740 kernel/sched/core.c:4119
 wake_up_process+0x34/0x40 kernel/sched/core.c:4203
 hrtimer_wakeup+0x9d/0xf0 kernel/time/hrtimer.c:1939
 __run_hrtimer+0x49f/0xc50 kernel/time/hrtimer.c:1685
 __hrtimer_run_queues kernel/time/hrtimer.c:1749 [inline]
 hrtimer_interrupt+0x7f7/0x2100 kernel/time/hrtimer.c:1811
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1086 [inline]
 __sysvec_apic_timer_interrupt+0x178/0x5e0 arch/x86/kernel/apic/apic.c:1103
 sysvec_apic_timer_interrupt+0x9d/0xc0 arch/x86/kernel/apic/apic.c:1097
 asm_sysvec_apic_timer_interrupt+0x12/0x20
 smap_restore arch/x86/include/asm/smap.h:67 [inline]
 get_shadow_origin_ptr mm/kmsan/instrumentation.c:31 [inline]
 __msan_metadata_ptr_for_store_8+0x2b/0x40 mm/kmsan/instrumentation.c:66
 update_stack_state+0x859/0xa60 arch/x86/kernel/unwind_frame.c:243
 unwind_next_frame+0x6d0/0xe50 arch/x86/kernel/unwind_frame.c:304
 arch_stack_walk+0x320/0x3c0 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x117/0x1a0 kernel/stacktrace.c:122
 kmsan_save_stack_with_flags mm/kmsan/core.c:80 [inline]
 kmsan_internal_poison_memory+0x45/0xa0 mm/kmsan/core.c:65
 kmsan_slab_free+0xd5/0x140 mm/kmsan/hooks.c:91
 slab_free_hook mm/slub.c:1710 [inline]
 slab_free_freelist_hook+0x27b/0x8e0 mm/slub.c:1766
 slab_free mm/slub.c:3530 [inline]
 kfree+0x2e7/0x9e0 mm/slub.c:4579
 skb_free_head net/core/skbuff.c:655 [inline]
 skb_release_data+0xb30/0xc70 net/core/skbuff.c:677
 skb_release_all net/core/skbuff.c:742 [inline]
 __kfree_skb+0x96/0x330 net/core/skbuff.c:756
 kfree_skb+0xd5/0x2e0 net/core/skbuff.c:774
 ieee80211_iface_work+0x506/0x1990 net/mac80211/iface.c:1524
 process_one_work+0xdb9/0x1820 kernel/workqueue.c:2298
 worker_thread+0x10bc/0x21f0 kernel/workqueue.c:2445
 kthread+0x721/0x850 kernel/kthread.c:327
 ret_from_fork+0x1f/0x30

Local variable object.i.i created at:
 slab_alloc mm/slub.c:3259 [inline]
 kmem_cache_alloc_trace+0x89/0x1140 mm/slub.c:3276
 kmalloc include/linux/slab.h:590 [inline]
 kzalloc include/linux/slab.h:724 [inline]
 __irq_domain_alloc_fwnode+0xbb/0x600 kernel/irq/irqdomain.c:80

CPU: 0 PID: 11873 Comm: kworker/u4:12 Not tainted 5.16.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: phy3 ieee80211_iface_work
=====================================================

Time	Kernel	Commit	Syzkaller	Config	Log	Report	VM info	Manager	Title
2022/01/06 00:21	https://github.com/google/kmsan.git master	81c325bbf94e	6acc789a	.config	console log	report	info	ci-upstream-kmsan-gce	KMSAN: uninit-value in enqueue_entity
2022/02/16 04:38	https://github.com/google/kmsan.git master	85cfd6e539bd	8b9ca619	.config	console log	report	info	ci-upstream-kmsan-gce	KMSAN: uninit-value in pick_next_entity
2022/01/26 07:48	https://github.com/google/kmsan.git master	85cfd6e539bd	2cbffd88	.config	console log	report	info	ci-upstream-kmsan-gce	KMSAN: uninit-value in mntget