[syzbot] [kernel?] KMSAN: uninit-value in flush_tlb_mm_range

[syzbot <syzbot+7b7cbaa9efbaa5cf0771@syzkaller.appspotmail.com>]

Hello,

syzbot found the following issue on:

HEAD commit:    e04c78d86a96 Linux 6.16-rc2
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=123415d4580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=db26f33438d76de9
dashboard link: https://syzkaller.appspot.com/bug?extid=7b7cbaa9efbaa5cf0771
compiler:       Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6

Unfortunately, I don't have any reproducer for this issue yet.

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/c0f064a5f302/disk-e04c78d8.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/b71205c143e3/vmlinux-e04c78d8.xz
kernel image: https://storage.googleapis.com/syzbot-assets/2abdee22b79e/bzImage-e04c78d8.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+7b7cbaa9efbaa5cf0771@syzkaller.appspotmail.com

=====================================================
BUG: KMSAN: uninit-value in find_next_bit include/linux/find.h:68 [inline]
BUG: KMSAN: uninit-value in cpumask_any_but include/linux/cpumask.h:460 [inline]
BUG: KMSAN: uninit-value in flush_tlb_mm_range+0x786/0x1590 arch/x86/mm/tlb.c:1449
 find_next_bit include/linux/find.h:68 [inline]
 cpumask_any_but include/linux/cpumask.h:460 [inline]
 flush_tlb_mm_range+0x786/0x1590 arch/x86/mm/tlb.c:1449
 flush_tlb_page arch/x86/include/asm/tlbflush.h:324 [inline]
 ptep_clear_flush+0x161/0x1d0 mm/pgtable-generic.c:101
 wp_page_copy mm/memory.c:3635 [inline]
 do_wp_page+0x411c/0x80b0 mm/memory.c:4030
 handle_pte_fault mm/memory.c:6105 [inline]
 __handle_mm_fault mm/memory.c:6232 [inline]
 handle_mm_fault+0x4929/0xe5e0 mm/memory.c:6401
 do_user_addr_fault+0xfe1/0x2560 arch/x86/mm/fault.c:1387
 handle_page_fault arch/x86/mm/fault.c:1476 [inline]
 exc_page_fault+0x68/0xb0 arch/x86/mm/fault.c:1532
 asm_exc_page_fault+0x2b/0x30 arch/x86/include/asm/idtentry.h:623
 __put_user_4+0xd/0x20 arch/x86/lib/putuser.S:92
 ret_from_fork+0x37/0x310 arch/x86/kernel/process.c:144
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

Uninit was created at:
 slab_post_alloc_hook mm/slub.c:4154 [inline]
 slab_alloc_node mm/slub.c:4197 [inline]
 kmem_cache_alloc_noprof+0x81b/0xec0 mm/slub.c:4204
 dup_mm kernel/fork.c:1467 [inline]
 copy_mm+0x124/0x9d0 kernel/fork.c:1529
 copy_process+0x27ed/0x5e70 kernel/fork.c:2169
 kernel_clone+0x416/0x1070 kernel/fork.c:2599
 __do_sys_clone kernel/fork.c:2742 [inline]
 __se_sys_clone kernel/fork.c:2726 [inline]
 __x64_sys_clone+0x253/0x360 kernel/fork.c:2726
 x64_sys_call+0x37e7/0x3db0 arch/x86/include/generated/asm/syscalls_64.h:57
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

CPU: 0 UID: 0 PID: 16686 Comm: syz-executor Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(undef) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
=====================================================


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup