syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1323]
Subsystems
🐞 Fixed [7152]
🐞 Invalid [18909]
Missing Backports [220]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

KMSAN: uninit-value in __flush_smp_call_function_queue

Status: upstream: reported C repro on 2026/02/15 08:48
Subsystems: kernel
Labels: prio:high
[Documentation on labels]
Reported-by: syzbot+4b1bd55fba6260160779@syzkaller.appspotmail.com
First crash: 121d, last: 1h49m
✨ AI Jobs (1)
ID Workflow Result Correct Ext Bug ID Bug Created Started Finished Revision Error
bbebf6d3-a605-431d-a98e-d8c1f8cb54ef assessment-security DenialOfService: ✅ Exploitable: ✅ FilesystemTrigger: ❌ NetworkTrigger: ❌ PeripheralTrigger: ❌ RemoteTrigger: ❌ Unprivileged: ✅ UserNamespace: ✅ VMGuestTrigger: ❌ VMHostTrigger: ❌ KMSAN: uninit-value in __flush_smp_call_function_queue 2026/05/26 03:21 2026/05/26 03:21 2026/05/26 04:08 c69befb30ac10e158cc9d1557b508ee3f0eca1de
Discussions (2)
Title Replies (including bot) Last reply
[PATCH] sched/psi: initialize *flags in psi_memstall_enter when PSI is disabled 5 (5) 2026/04/08 16:58
[syzbot] [kernel?] KMSAN: uninit-value in __flush_smp_call_function_queue 1 (4) 2026/03/10 07:17
Last patch testing requests (5)
Created Duration User Patch Repo Result
2026/04/29 17:23 46m retest repro upstream report log
2026/04/29 17:23 30m retest repro upstream report log
2026/04/29 17:23 38m retest repro upstream report log
2026/04/29 17:23 40m retest repro upstream report log
2026/03/10 06:48 27m wangqing7171@gmail.com patch upstream report log

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in __flush_smp_call_function_queue+0x362/0x18e0 kernel/smp.c:535
 __flush_smp_call_function_queue+0x362/0x18e0 kernel/smp.c:535
 generic_smp_call_function_single_interrupt+0x1c/0x30 kernel/smp.c:463
 __sysvec_call_function_single+0x4b/0x3e0 arch/x86/kernel/smp.c:271
 instr_sysvec_call_function_single arch/x86/kernel/smp.c:266 [inline]
 sysvec_call_function_single+0x7c/0x90 arch/x86/kernel/smp.c:266
 asm_sysvec_call_function_single+0x1f/0x30 arch/x86/include/asm/idtentry.h:704
 smap_save mm/kmsan/instrumentation.c:94 [inline]
 get_shadow_origin_ptr mm/kmsan/instrumentation.c:35 [inline]
 __msan_metadata_ptr_for_load_8+0x14/0x40 mm/kmsan/instrumentation.c:94
 find_next_bit include/linux/find.h:69 [inline]
 __for_each_wrap include/linux/find.h:477 [inline]
 steal_cookie_task kernel/sched/core.c:6305 [inline]
 sched_core_balance+0x17f2/0x2010 kernel/sched/core.c:6333
 do_balance_callbacks kernel/sched/core.c:4929 [inline]
 __balance_callbacks kernel/sched/core.c:4985 [inline]
 finish_lock_switch kernel/sched/core.c:5034 [inline]
 finish_task_switch+0x3e4/0x8b0 kernel/sched/core.c:5153
 context_switch kernel/sched/core.c:5301 [inline]
 __schedule+0x2607/0x8640 kernel/sched/core.c:6911
 schedule_idle+0x5a/0x90 kernel/sched/core.c:7034
 do_idle+0x859/0x870 kernel/sched/idle.c:369
 cpu_startup_entry+0x5f/0x80 kernel/sched/idle.c:439
 rest_init+0x1df/0x260 init/main.c:760
 start_kernel+0x6d1/0x8b0 init/main.c:1210
 x86_64_start_reservations+0x28/0x30 arch/x86/kernel/head64.c:310
 x86_64_start_kernel+0x139/0x140 arch/x86/kernel/head64.c:291
 common_startup_64+0x13e/0x147

Local variable pflags created at:
 try_charge_memcg+0x63/0x1c20 mm/memcontrol.c:2367
 try_charge mm/memcontrol.c:2556 [inline]
 charge_memcg mm/memcontrol.c:4744 [inline]
 __mem_cgroup_charge+0x114/0x5c0 mm/memcontrol.c:4761

CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
=====================================================

Crashes (954):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/03/20 05:41 upstream 8a30aeb0d1b4 bd6dcb30 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __flush_smp_call_function_queue
2026/03/20 03:49 upstream 8a30aeb0d1b4 bd6dcb30 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __flush_smp_call_function_queue
2026/03/20 02:18 upstream 8a30aeb0d1b4 bd6dcb30 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __flush_smp_call_function_queue
2026/02/15 19:04 upstream ca4ee40bf13d 1e62d198 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __flush_smp_call_function_queue
2026/06/12 08:58 upstream 2b414a95b8f7 e93da63e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __flush_smp_call_function_queue
2026/06/12 07:49 upstream 2b414a95b8f7 e93da63e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __flush_smp_call_function_queue
2026/06/11 17:11 upstream 9716c086c8e8 d93a6ab6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __flush_smp_call_function_queue
2026/06/09 14:56 upstream 2d3090a8aeb5 c36c07f6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __flush_smp_call_function_queue
2026/06/09 09:24 upstream 4549871118cf 656e94c6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __flush_smp_call_function_queue
2026/06/08 08:53 upstream c68691dc1dca cc095639 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __flush_smp_call_function_queue
2026/06/08 06:36 upstream c68691dc1dca cc095639 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __flush_smp_call_function_queue
2026/06/08 03:56 upstream c68691dc1dca cc095639 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __flush_smp_call_function_queue
2026/06/07 22:13 upstream 979c294509f9 cc095639 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __flush_smp_call_function_queue
2026/06/07 15:18 upstream 979c294509f9 cc095639 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __flush_smp_call_function_queue
2026/06/05 20:17 upstream ddd664bbff63 48b6c3fa .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __flush_smp_call_function_queue
2026/06/05 08:38 upstream 9154c4af7829 197909be .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __flush_smp_call_function_queue
2026/06/05 08:20 upstream 9154c4af7829 197909be .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __flush_smp_call_function_queue
2026/06/03 19:43 upstream ba3e43a9e601 234057e5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __flush_smp_call_function_queue
2026/06/02 20:00 upstream 6f3ed7fec72f 62fe1528 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __flush_smp_call_function_queue
2026/06/02 17:08 upstream 6f3ed7fec72f 62fe1528 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __flush_smp_call_function_queue
2026/06/01 17:37 upstream e43ffb69e043 8d8eeb3a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __flush_smp_call_function_queue
2026/06/01 16:29 upstream e43ffb69e043 8d8eeb3a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __flush_smp_call_function_queue
2026/06/01 03:54 upstream 8d9c51eac648 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __flush_smp_call_function_queue
2026/06/01 01:57 upstream 8d9c51eac648 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __flush_smp_call_function_queue
2026/05/31 12:36 upstream 174914ea5513 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __flush_smp_call_function_queue
2026/05/31 12:35 upstream 174914ea5513 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __flush_smp_call_function_queue
2026/05/31 04:06 upstream 670b77dfebe7 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __flush_smp_call_function_queue
2026/05/31 02:00 upstream 670b77dfebe7 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __flush_smp_call_function_queue
2026/05/30 23:59 upstream 670b77dfebe7 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __flush_smp_call_function_queue
2026/05/30 16:34 upstream 9215e74f228f 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __flush_smp_call_function_queue
2026/05/30 03:42 upstream 9215e74f228f 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __flush_smp_call_function_queue
2026/05/29 06:08 upstream 8fde5d1d47f6 4624854e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __flush_smp_call_function_queue
2026/05/28 20:04 upstream eb3f4b7426cf 9a5a7e5e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __flush_smp_call_function_queue
2026/05/28 17:11 upstream eb3f4b7426cf 9a5a7e5e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __flush_smp_call_function_queue
2026/05/27 21:30 upstream eb3f4b7426cf 769cbc61 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __flush_smp_call_function_queue
2026/05/27 19:11 upstream eb3f4b7426cf 769cbc61 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __flush_smp_call_function_queue
2026/02/15 07:56 upstream ca4ee40bf13d 1e62d198 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __flush_smp_call_function_queue
2026/02/11 08:40 upstream dc855b77719f 441e25b7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __flush_smp_call_function_queue
2026/06/11 07:24 upstream 9716c086c8e8 b754d2d8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in __flush_smp_call_function_queue
2026/06/11 05:49 upstream 9716c086c8e8 b754d2d8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in __flush_smp_call_function_queue
2026/06/10 17:05 upstream acb7500801e9 f79bac11 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in __flush_smp_call_function_queue
2026/06/09 10:37 upstream 2d3090a8aeb5 656e94c6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in __flush_smp_call_function_queue
2026/06/07 13:23 upstream 979c294509f9 cc095639 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in __flush_smp_call_function_queue
2026/06/07 11:04 upstream 979c294509f9 cc095639 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in __flush_smp_call_function_queue
2026/06/06 22:04 upstream 8e65320d91cd cc095639 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in __flush_smp_call_function_queue
2026/06/05 23:28 upstream ddd664bbff63 48b6c3fa .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in __flush_smp_call_function_queue
2026/06/03 22:59 upstream 6f3ed7fec72f 234057e5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in __flush_smp_call_function_queue
2026/06/01 18:43 upstream e43ffb69e043 8d8eeb3a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in __flush_smp_call_function_queue
2026/05/31 11:02 upstream 174914ea5513 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in __flush_smp_call_function_queue
2026/05/31 09:18 upstream 174914ea5513 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in __flush_smp_call_function_queue
2026/05/28 21:33 upstream eb3f4b7426cf 9a5a7e5e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in __flush_smp_call_function_queue
2026/05/28 09:25 upstream eb3f4b7426cf 4c36e7e5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in __flush_smp_call_function_queue
* Struck through repros no longer work on HEAD.