[PATCH] mm/vmalloc: fix KMSAN uninit-value warning in decay_va_pool_node()

[Qing Wang]

KMSAN reported an uninit-value warning when accessing vmap_area->list
in decay_va_pool_node():

  BUG: KMSAN: uninit-value in __list_del_entry_valid include/linux/list.h:-1 [inline]
  BUG: KMSAN: uninit-value in __list_del_entry include/linux/list.h:223 [inline]
  BUG: KMSAN: uninit-value in list_del_init include/linux/list.h:295 [inline]
  BUG: KMSAN: uninit-value in decay_va_pool_node+0xf78/0x1dd0 mm/vmalloc.c:2255

  Uninit was created at:
   kmem_cache_alloc_node_noprof+0x3cd/0x12d0 mm/slub.c:4918
   alloc_vmap_area+0x327/0x2e30 mm/vmalloc.c:2065

The root cause is that if node_alloc() fail and the va is allocated via
kmem_cache_alloc_node() by alloc_vmap_area(), va->list will be uninitialized.

Fix this by explicitly initializing va->list after allocation.

Reported-by: syzbot+37b7f6cd519f7fb8d32a@xxxxxxxxxxxxxxxxxxxxxxxxx
Closes: https://syzkaller.appspot.com/bug?extid=37b7f6cd519f7fb8d32a
Signed-off-by: Qing Wang <wangqing7171@xxxxxxxxx>
---
 mm/vmalloc.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/mm/vmalloc.c b/mm/vmalloc.c
index 61caa55a4402..8aebbb51e178 100644
--- a/mm/vmalloc.c
+++ b/mm/vmalloc.c
@@ -2071,6 +2071,7 @@ static struct vmap_area *alloc_vmap_area(unsigned long size,
 		 * to avoid false negatives.
 		 */
 		kmemleak_scan_area(&va->rb_node, SIZE_MAX, gfp_mask);
+		INIT_LIST_HEAD(&va->list);
 	}
 
 retry:
-- 
2.34.1