syzbot

 sign-in | mailing list | source | docs
🐞 Open [1497]
Subsystems
🐞 Fixed [6528]
🐞 Invalid [16623]
Missing Backports [205]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KMSAN: uninit-value in process_timeout

Status: upstream: reported on 2025/08/15 15:34
Subsystems: kernel
[Documentation on labels]
Reported-by: syzbot+2a895bf937943f1666cc@syzkaller.appspotmail.com
First crash: 9d15h, last: 9d15h
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [kernel?] KMSAN: uninit-value in process_timeout 0 (1) 2025/08/15 15:34

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in process_timeout+0x59/0x60 kernel/time/sleep_timeout.c:27
 process_timeout+0x59/0x60 kernel/time/sleep_timeout.c:27
 call_timer_fn+0x4c/0x520 kernel/time/timer.c:1747
 expire_timers kernel/time/timer.c:1798 [inline]
 __run_timers kernel/time/timer.c:2372 [inline]
 __run_timer_base+0x80f/0xd90 kernel/time/timer.c:2384
 run_timer_base kernel/time/timer.c:2393 [inline]
 run_timer_softirq+0x3a/0x80 kernel/time/timer.c:2403
 handle_softirqs+0x166/0x6e0 kernel/softirq.c:579
 __do_softirq kernel/softirq.c:613 [inline]
 invoke_softirq kernel/softirq.c:453 [inline]
 __irq_exit_rcu+0x66/0x180 kernel/softirq.c:680
 irq_exit_rcu+0x12/0x20 kernel/softirq.c:696
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]
 sysvec_apic_timer_interrupt+0x84/0x90 arch/x86/kernel/apic/apic.c:1050
 asm_sysvec_apic_timer_interrupt+0x1f/0x30 arch/x86/include/asm/idtentry.h:702
 __nr_to_section include/linux/mmzone.h:1937 [inline]
 __pfn_to_section include/linux/mmzone.h:2079 [inline]
 pfn_valid include/linux/mmzone.h:2161 [inline]
 kmsan_virt_addr_valid arch/x86/include/asm/kmsan.h:94 [inline]
 virt_to_page_or_null+0x99/0x180 mm/kmsan/shadow.c:75
 kmsan_get_metadata+0xfb/0x160 mm/kmsan/shadow.c:141
 kmsan_get_shadow_origin_ptr+0x4a/0xb0 mm/kmsan/shadow.c:102
 get_shadow_origin_ptr mm/kmsan/instrumentation.c:38 [inline]
 __msan_metadata_ptr_for_load_8+0x24/0x40 mm/kmsan/instrumentation.c:94
 batadv_nc_purge_orig_hash net/batman-adv/network-coding.c:409 [inline]
 batadv_nc_worker+0x11f/0x1aa0 net/batman-adv/network-coding.c:719
 process_one_work kernel/workqueue.c:3236 [inline]
 process_scheduled_works+0xb91/0x1d80 kernel/workqueue.c:3319
 worker_thread+0xedf/0x1590 kernel/workqueue.c:3400
 kthread+0xd59/0xf00 kernel/kthread.c:463
 ret_from_fork+0x1e3/0x310 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

Local variable timer created at:
 schedule_timeout+0x44/0x240 kernel/time/sleep_timeout.c:63
 kcompactd+0x470/0x2340 mm/compaction.c:3187

CPU: 1 UID: 0 PID: 3876 Comm: kworker/u8:20 Tainted: G        W           6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(none) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Workqueue: bat_events batadv_nc_worker

=====================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/08/14 22:49 upstream 0cc53520e68b dcc075fb .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in process_timeout
* Struck through repros no longer work on HEAD.