================================================================== BUG: KMSAN: uninit-value in rcu_cblist_dequeue+0x1f1/0x270 kernel/rcu/rcu_segcblist.c:54 CPU: 1 PID: 4534 Comm: syz-executor1 Not tainted 4.17.0-rc5+ #103 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x185/0x1d0 lib/dump_stack.c:113 kmsan_report+0x149/0x260 mm/kmsan/kmsan.c:1084 __msan_warning_32+0x6e/0xc0 mm/kmsan/kmsan_instr.c:686 rcu_cblist_dequeue+0x1f1/0x270 kernel/rcu/rcu_segcblist.c:54 rcu_do_batch kernel/rcu/tree.c:2673 [inline] invoke_rcu_callbacks kernel/rcu/tree.c:2930 [inline] __rcu_process_callbacks kernel/rcu/tree.c:2897 [inline] rcu_process_callbacks+0x1981/0x2000 kernel/rcu/tree.c:2914 __do_softirq+0x56d/0x93d kernel/softirq.c:285 invoke_softirq kernel/softirq.c:365 [inline] irq_exit+0x202/0x240 kernel/softirq.c:405 exiting_irq+0xe/0x10 arch/x86/include/asm/apic.h:525 smp_apic_timer_interrupt+0x64/0x90 arch/x86/kernel/apic/apic.c:1055 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:863 RIP: 0010:finish_lock_switch+0x38/0x50 kernel/sched/core.c:2609 RSP: 0018:ffff88013b31fc20 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 RAX: ffff88021f2dac40 RBX: 0000000000000000 RCX: ffff880000000000 RDX: ffff88021f2dbc40 RSI: aaaaaaaaaaaab000 RDI: ffffea0000000000 RBP: ffff88013b31fc38 R08: 0000000001080020 R09: 0000000000000002 R10: ffffffff7fffffff R11: 0000000000000000 R12: ffff88021fd3ec40 R13: ffff880140c1c358 R14: 0000000000000000 R15: ffff88021f2dac40 finish_task_switch+0xde/0x270 kernel/sched/core.c:2708 context_switch kernel/sched/core.c:2866 [inline] __schedule+0x688/0x730 kernel/sched/core.c:3507 schedule+0x1cc/0x2f0 kernel/sched/core.c:3551 freezable_schedule include/linux/freezer.h:172 [inline] do_nanosleep+0x2c3/0x9b0 kernel/time/hrtimer.c:1689 hrtimer_nanosleep kernel/time/hrtimer.c:1743 [inline] __do_sys_nanosleep kernel/time/hrtimer.c:1775 [inline] __se_sys_nanosleep+0x4b3/0x6a0 kernel/time/hrtimer.c:1762 __x64_sys_nanosleep+0x92/0xc0 kernel/time/hrtimer.c:1762 do_syscall_64+0x152/0x230 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x481110 RSP: 002b:0000000000a3ea98 EFLAGS: 00000246 ORIG_RAX: 0000000000000023 RAX: ffffffffffffffda RBX: 0000000000000018 RCX: 0000000000481110 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000a3eaa0 RBP: 000000000001c5cb R08: 0000000000000001 R09: 0000000002890940 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000005 R14: 0000000000000144 R15: 000000000001c5ab Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:279 [inline] kmsan_save_stack mm/kmsan/kmsan.c:294 [inline] kmsan_internal_chain_origin+0x12b/0x210 mm/kmsan/kmsan.c:685 __msan_chain_origin+0x69/0xc0 mm/kmsan/kmsan_instr.c:529 rcu_cblist_dequeue+0x216/0x270 kernel/rcu/rcu_segcblist.c:54 rcu_do_batch kernel/rcu/tree.c:2673 [inline] invoke_rcu_callbacks kernel/rcu/tree.c:2930 [inline] __rcu_process_callbacks kernel/rcu/tree.c:2897 [inline] rcu_process_callbacks+0x1981/0x2000 kernel/rcu/tree.c:2914 __do_softirq+0x56d/0x93d kernel/softirq.c:285 Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:279 [inline] kmsan_save_stack mm/kmsan/kmsan.c:294 [inline] kmsan_internal_chain_origin+0x12b/0x210 mm/kmsan/kmsan.c:685 __msan_chain_origin+0x69/0xc0 mm/kmsan/kmsan_instr.c:529 rcu_segcblist_enqueue+0x24c/0x2d0 kernel/rcu/rcu_segcblist.c:150 __call_rcu+0x227/0xef0 kernel/rcu/tree.c:3057 kfree_call_rcu+0x35/0x40 kernel/rcu/tree.c:3139 sock_destroy_inode+0x71/0xd0 net/socket.c:272 destroy_inode fs/inode.c:266 [inline] evict+0xc76/0xda0 fs/inode.c:574 iput_final fs/inode.c:1519 [inline] iput+0xa9f/0xe30 fs/inode.c:1545 dentry_unlink_inode+0x84b/0x8a0 fs/dcache.c:376 __dentry_kill+0x86e/0xd20 fs/dcache.c:568 dentry_kill+0x1a9/0xc70 fs/dcache.c:674 dput+0x277/0x560 fs/dcache.c:850 __fput+0x931/0xa10 fs/file_table.c:227 ____fput+0x37/0x40 fs/file_table.c:243 task_work_run+0x243/0x2c0 kernel/task_work.c:113 exit_task_work include/linux/task_work.h:22 [inline] do_exit+0x10e1/0x38d0 kernel/exit.c:867 do_group_exit+0x1a0/0x360 kernel/exit.c:970 get_signal+0xfcb/0x1f40 kernel/signal.c:2482 do_signal+0xb8/0x1cf0 arch/x86/kernel/signal.c:810 exit_to_usermode_loop arch/x86/entry/common.c:162 [inline] prepare_exit_to_usermode+0x271/0x3a0 arch/x86/entry/common.c:196 syscall_return_slowpath+0xe9/0x700 arch/x86/entry/common.c:265 do_syscall_64+0x1af/0x230 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Uninit was created at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:279 [inline] kmsan_alloc_meta_for_pages+0x161/0x3a0 mm/kmsan/kmsan.c:815 kmsan_alloc_page+0x82/0xe0 mm/kmsan/kmsan.c:885 __alloc_pages_nodemask+0xfc0/0x5dc0 mm/page_alloc.c:4402 alloc_pages_current+0x6b1/0x970 mm/mempolicy.c:2093 alloc_pages include/linux/gfp.h:494 [inline] alloc_slab_page mm/slub.c:1467 [inline] allocate_slab mm/slub.c:1612 [inline] new_slab+0x349/0x1b50 mm/slub.c:1683 new_slab_objects mm/slub.c:2464 [inline] ___slab_alloc+0x1516/0x1f50 mm/slub.c:2616 __slab_alloc mm/slub.c:2656 [inline] slab_alloc_node mm/slub.c:2719 [inline] slab_alloc mm/slub.c:2761 [inline] kmem_cache_alloc+0x648/0xb90 mm/slub.c:2766 sock_alloc_inode+0x5f/0x2b0 net/socket.c:243 alloc_inode fs/inode.c:209 [inline] new_inode_pseudo+0x8a/0x430 fs/inode.c:894 sock_alloc net/socket.c:564 [inline] __sock_create+0x392/0xf60 net/socket.c:1249 sock_create net/socket.c:1325 [inline] __sys_socket+0x179/0x640 net/socket.c:1355 __do_sys_socket net/socket.c:1364 [inline] __se_sys_socket net/socket.c:1362 [inline] __x64_sys_socket+0xd8/0x120 net/socket.c:1362 do_syscall_64+0x152/0x230 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x44/0xa9 ==================================================================