===================================================== BUG: KMSAN: uninit-value in __hlist_del include/linux/list.h:839 [inline] BUG: KMSAN: uninit-value in detach_timer kernel/time/timer.c:825 [inline] BUG: KMSAN: uninit-value in expire_timers+0x1be/0x6c0 kernel/time/timer.c:1451 CPU: 0 PID: 14826 Comm: syz-executor.4 Not tainted 5.11.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x21c/0x280 lib/dump_stack.c:120 kmsan_report+0xfb/0x1e0 mm/kmsan/kmsan_report.c:118 __msan_warning+0x5f/0xa0 mm/kmsan/kmsan_instr.c:197 __hlist_del include/linux/list.h:839 [inline] detach_timer kernel/time/timer.c:825 [inline] expire_timers+0x1be/0x6c0 kernel/time/timer.c:1451 __run_timers+0x624/0x9e0 kernel/time/timer.c:1731 run_timer_softirq+0x2d/0x50 kernel/time/timer.c:1744 __do_softirq+0x1b9/0x715 kernel/softirq.c:343 asm_call_irq_on_stack+0xf/0x20 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline] do_softirq_own_stack+0x6e/0x90 arch/x86/kernel/irq_64.c:77 invoke_softirq kernel/softirq.c:226 [inline] __irq_exit_rcu+0x22f/0x280 kernel/softirq.c:420 irq_exit_rcu+0xe/0x10 kernel/softirq.c:432 sysvec_apic_timer_interrupt+0x106/0x130 arch/x86/kernel/apic/apic.c:1100 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:647 RIP: 0010:kmsan_get_shadow_origin_ptr+0x54/0xb0 mm/kmsan/kmsan_shadow.c:144 Code: b8 b0 0f 00 00 00 74 22 48 c7 c0 00 f0 05 92 48 c7 c3 00 00 06 92 45 84 ff 48 0f 45 d8 48 89 da 48 89 d8 5b 41 5e 41 5f 5d c3 <4c> 89 f7 48 89 de 31 d2 e8 4f d6 ff ff 84 c0 74 43 4c 89 f7 31 d2 RSP: 0018:ffff88805b6032d8 EFLAGS: 00000246 RAX: ffff888059110a78 RBX: 0000000000000001 RCX: ffff888059110000 RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8880159b70d6 RBP: ffff88805b6032f0 R08: ffffea000000000f R09: ffff88813fffa000 R10: 0000000000000012 R11: ffff888059110000 R12: 0000000000000000 R13: 000000000000003d R14: ffff8880159b70d6 R15: 0000000000000000 __msan_metadata_ptr_for_load_1+0x10/0x20 mm/kmsan/kmsan_instr.c:52 string_nocheck lib/vsprintf.c:611 [inline] string+0x4eb/0x6d0 lib/vsprintf.c:693 vsnprintf+0x1acd/0x3600 lib/vsprintf.c:2619 snprintf+0x23e/0x290 lib/vsprintf.c:2752 tomoyo_init_log+0x3282/0x3970 security/tomoyo/audit.c:279 tomoyo_supervisor+0x8b9/0x2730 security/tomoyo/common.c:2097 tomoyo_audit_path_number_log security/tomoyo/file.c:235 [inline] tomoyo_path_number_perm+0x88b/0xaf0 security/tomoyo/file.c:734 tomoyo_file_ioctl+0x74/0x90 security/tomoyo/tomoyo.c:329 security_file_ioctl+0x10a/0x210 security/security.c:1482 __do_compat_sys_ioctl fs/ioctl.c:803 [inline] __se_compat_sys_ioctl+0x182/0x1100 fs/ioctl.c:793 __ia32_compat_sys_ioctl+0x4a/0x70 fs/ioctl.c:793 do_syscall_32_irqs_on arch/x86/entry/common.c:79 [inline] __do_fast_syscall_32+0x102/0x160 arch/x86/entry/common.c:141 do_fast_syscall_32+0x6a/0xc0 arch/x86/entry/common.c:166 do_SYSENTER_32+0x73/0x90 arch/x86/entry/common.c:209 entry_SYSENTER_compat_after_hwframe+0x4d/0x5c RIP: 0023:0xf7f38549 Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 RSP: 002b:00000000ffb7dd08 EFLAGS: 00000292 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000008933 RDX: 00000000ffb7dd3c RSI: 0000000000000004 RDI: 00000000ffb7dd3c RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 Uninit was created at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:121 [inline] kmsan_internal_poison_shadow+0x5c/0xf0 mm/kmsan/kmsan.c:104 kmsan_slab_alloc+0x8d/0xe0 mm/kmsan/kmsan_hooks.c:76 slab_alloc_node mm/slub.c:2907 [inline] slab_alloc mm/slub.c:2916 [inline] __kmalloc_track_caller+0x94c/0x11c0 mm/slub.c:4496 kmemdup+0x95/0x140 mm/util.c:128 __addrconf_sysctl_register+0xe1/0x7e0 net/ipv6/addrconf.c:6913 addrconf_sysctl_register+0x323/0x3e0 net/ipv6/addrconf.c:6978 ipv6_add_dev+0x1312/0x1b60 net/ipv6/addrconf.c:443 addrconf_notify+0xd44/0x6540 net/ipv6/addrconf.c:3489 notifier_call_chain kernel/notifier.c:83 [inline] raw_notifier_call_chain+0x123/0x290 kernel/notifier.c:410 call_netdevice_notifiers_info net/core/dev.c:2040 [inline] call_netdevice_notifiers_extack net/core/dev.c:2052 [inline] call_netdevice_notifiers net/core/dev.c:2066 [inline] register_netdevice+0x30fb/0x3a20 net/core/dev.c:10089 veth_newlink+0xb5d/0x15c0 drivers/net/veth.c:1363 __rtnl_newlink net/core/rtnetlink.c:3443 [inline] rtnl_newlink+0x2e8c/0x3d40 net/core/rtnetlink.c:3491 rtnetlink_rcv_msg+0x1442/0x18a0 net/core/rtnetlink.c:5553 netlink_rcv_skb+0x6fa/0x810 net/netlink/af_netlink.c:2494 rtnetlink_rcv+0x50/0x60 net/core/rtnetlink.c:5571 netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline] netlink_unicast+0x11d6/0x14a0 net/netlink/af_netlink.c:1330 netlink_sendmsg+0x1740/0x1840 net/netlink/af_netlink.c:1919 sock_sendmsg_nosec net/socket.c:652 [inline] sock_sendmsg net/socket.c:672 [inline] __sys_sendto+0x9ea/0xc60 net/socket.c:1975 __do_compat_sys_socketcall net/compat.c:476 [inline] __se_compat_sys_socketcall+0xa2c/0x16b0 net/compat.c:424 __ia32_compat_sys_socketcall+0x3e/0x60 net/compat.c:424 do_syscall_32_irqs_on arch/x86/entry/common.c:79 [inline] __do_fast_syscall_32+0x102/0x160 arch/x86/entry/common.c:141 do_fast_syscall_32+0x6a/0xc0 arch/x86/entry/common.c:166 do_SYSENTER_32+0x73/0x90 arch/x86/entry/common.c:209 entry_SYSENTER_compat_after_hwframe+0x4d/0x5c =====================================================