From nobody Sat Feb  7 06:14:04 2026
Received: from mail-wm1-f46.google.com (mail-wm1-f46.google.com
 [209.85.128.46])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id A96983B95F9
	for <linux-kernel@vger.kernel.org>; Wed,  4 Feb 2026 19:57:58 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.128.46
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1770235079; cv=none;
 b=AarKF0dDp+pE6lZf+yCxa8SAw3cqyWlmkMG/eDUyCrYQQ+5oWGHLNG5W5n5G6REsft8O3bdH8rOrqN6PZdAvuu42NFakmUJKyaQu9rNM2hsyIkHlQYtiLPb+gaUkXKFcSI0SuSw+8XI+RgnCtaz5OCpK9keeebEQTA0cwxKOFPs=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1770235079; c=relaxed/simple;
	bh=F8qVjx8uqcZ8fONdrdtWv22L0TjQ23B34ws+DnNdHpk=;
	h=From:To:Cc:Subject:Date:Message-ID:MIME-Version;
 b=lwtukcbrsIXxxRqExbJzNotE0/F1TuMduwGkHShx1Ad0UCD9F9vQNO4LX0D5lNZj+8B7PNwym4Hx+/b/WIS8VlfgzjuyjP1LCSbbge3q00Q0YIfyBPMZUZktDyuH0sx5i/WRy8PIraG3mrfzYEXT30fMu9kFfQvTIMh0Q4loDi8=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com;
 spf=pass smtp.mailfrom=gmail.com;
 dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b=fXzQf68y; arc=none smtp.client-ip=209.85.128.46
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b="fXzQf68y"
Received: by mail-wm1-f46.google.com with SMTP id
 5b1f17b1804b1-47ee937ecf2so2188245e9.0
        for <linux-kernel@vger.kernel.org>;
 Wed, 04 Feb 2026 11:57:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1770235077; x=1770839877;
 darn=vger.kernel.org;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:from:to:cc:subject:date:message-id:reply-to;
        bh=T3SdKNKQtGHVYu6fTQL1LvKPxizWalb7x6xSf7Uyyd0=;
        b=fXzQf68yAqUJCsxOpdz5WTOrBhAbxFoNi62KZDbI+4WGYrQXoRTwhcXtOfQMmRggyl
         /ld4NiK1fGCQ9a31FLNNac/zMKTpAWJ437eIrwIDodQyWBJkheo+91BmHVPWTcVwXvPW
         eI03AyhOA+orne489CVeL4SehlECAmIk1HqvpmsHK31vPk8XcLdWZ/BPNBtnkh0h7d38
         jog4vpvDuDX7NKT3kktcbzgLiX7XtawBwuVxD3yIgMkO8rFS/FaQ6gF4V+XJmoAxE/I3
         mXOK6nstn+Dyt28Z/HFVdNMjxPSt6YVP/v7RCK3QBDiX5vInRH4q155L0H8EI1RwTD3W
         jIQg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1770235077; x=1770839877;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=T3SdKNKQtGHVYu6fTQL1LvKPxizWalb7x6xSf7Uyyd0=;
        b=KPv1QDE0fzYfzLvSTHb3NdM3grN6WL0Y+CQk4Y/dvpGUMvQp5hAtS9H8n/8ea1jWH2
         QpC/iQAP3+UqdvzHigrSHRwjzxs96uDeAIU1Za8ICR7w2MeltLCZNSFgeFVxD3gye2LN
         +kzOXfhITDnALpScrPBhMWt1AGAjb3Jf8b68bF7k9k68zFJpDLk3ZlXyFVdOUM7y6+LS
         BfhO8pFU0bukveeUonWkRm3t5tEyi3cNJAvk0fi9ZrE//qIESMGqbKNgBcnMa9KxtfIq
         p4idaTGJn4+JwVNP7DU+Q/AVty9vX+pMmI1eSC0BZqN0f7kKvc5eTUx7N7qD6THELHhH
         cdXA==
X-Forwarded-Encrypted: i=1;
 AJvYcCXaBz+3Ke5LiLrk/IeuTY3g63303tC2bA0b+ECcERDVgOkC80zr1UZQiC5lS0EM9bvM0/geZyG47ZV6hkU=@vger.kernel.org
X-Gm-Message-State: AOJu0YwuvGpbCPYr8xyNPVvXSvxAUQvJHRwYxggtDyHoRnP+yLwFhQMX
	TngvyGw1j3XsXPd9OI/FlZoWswkH8HRTZeuKKLWhCvVPozbzg4CDhTaC
X-Gm-Gg: AZuq6aJsFDn74HAChZyQzgAlwsBOCN8oMOT3hjNxloq+B8Zy78vzQxTKomKq0il14Kd
	ZW7fwhxa+qgoIqjyHCEWYRdqlNYzZfaKKNKjW2JL/lTC9mXiaZgLQniCIogEYX54NbXDlh0/7sx
	Nq5lAoZe0KyTO6c+9VeCuSwhJy+SwenXwVw+RY3F0HqXhdO3BO7s7T65v3vwi1ZTfCOw/lyOJdl
	2bMCkbGNgGOM0meVefPv/prFLi7OmRHrkQiwPtBmfEhy7uyuNdj5zyLKoiDWNwJtSuS//+d0VJ3
	i4Pj0YkKnFNVzjS6Pwd03wqMHyDToIin1L+6XmrSkBr84+SBebPn5JgaepMcFzNMoGLvhLKgyh5
	ELRAmAh3f2EOuQfrDtuSdxohXkKlJYEuFf11spDlNHIABr8Inx1URARHJGvXKQm3rS9gPgYwDac
	tACy+CYeTqz61pzQRWeBTV5UJl0GhOmWjH3qDjAKfYhU4=
X-Received: by 2002:a05:600c:21cc:b0:477:3fcf:368c with SMTP id
 5b1f17b1804b1-48317917835mr4537895e9.9.1770235076762;
        Wed, 04 Feb 2026 11:57:56 -0800 (PST)
Received: from osama.. ([102.42.253.8])
        by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-4830ec57bcdsm48704285e9.2.2026.02.04.11.57.54
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 04 Feb 2026 11:57:56 -0800 (PST)
From: Osama Abdelkader <osama.abdelkader@gmail.com>
To: Vlastimil Babka <vbabka@suse.cz>,
	Andrew Morton <akpm@linux-foundation.org>,
	Christoph Lameter <cl@gentwo.org>,
	David Rientjes <rientjes@google.com>,
	Roman Gushchin <roman.gushchin@linux.dev>,
	Harry Yoo <harry.yoo@oracle.com>,
	linux-mm@kvack.org,
	linux-kernel@vger.kernel.org
Cc: Osama Abdelkader <osama.abdelkader@gmail.com>,
	syzbot+6e04171f00f33c0d62fb@syzkaller.appspotmail.com
Subject: [PATCH] mm/slub: zero-initialize slab object extensions to fix KMSAN
Date: Wed,  4 Feb 2026 20:57:51 +0100
Message-ID: <20260204195751.188219-1-osama.abdelkader@gmail.com>
X-Mailer: git-send-email 2.43.0
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

KMSAN reports uninitialized reads in __memcg_slab_free_hook
when freeing sigqueue objects. Although kmalloc_nolock(__GFP_ZERO)
and kcalloc_node normally zero memory, some allocation paths
(fallbacks, early boot, reused slabs, or races) may leave objcg undefined.

Explicitly memset the obj_exts array after allocation to guarantee no
uninitialized reads in __memcg_slab_free_hook and preserve correct memcg
accounting.

Reported-by: syzbot+6e04171f00f33c0d62fb@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=3D6e04171f00f33c0d62fb
Signed-off-by: Osama Abdelkader <osama.abdelkader@gmail.com>
---
 mm/slub.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/mm/slub.c b/mm/slub.c
index f77b7407c51b..e66d17ee7fa8 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -2123,7 +2123,17 @@ int alloc_slab_obj_exts(struct slab *slab, struct km=
em_cache *s,
 		vec =3D kcalloc_node(objects, sizeof(struct slabobj_ext), gfp,
 				   slab_nid(slab));
 	}
-	if (!vec) {
+	/*
+	 * Explicitly zero the obj_exts array to ensure KMSAN recognizes it
+	 * as initialized. Although kmalloc_nolock and kcalloc_node normally
+	 * zero memory, KMSAN may not track this initialization in all cases,
+	 * especially during early boot or with certain allocation paths.
+	 * This explicit memset ensures KMSAN sees the initialization and
+	 * prevents uninitialized value warnings when accessing objcg fields.
+	 */
+	if (vec)
+		memset(vec, 0, objects * sizeof(*vec));
+	else {
 		/*
 		 * Try to mark vectors which failed to allocate.
 		 * If this operation fails, there may be a racing process
--=20
2.43.0