Re: [syzbot] [kernel?] KMSAN: uninit-value in __flush_smp_call_function_queue

All of lore.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+4b1bd55fba6260160779@syzkaller.appspotmail.com>
To: linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com,
	 wangqing7171@gmail.com
Subject: Re: [syzbot] [kernel?] KMSAN: uninit-value in __flush_smp_call_function_queue
Date: Tue, 10 Mar 2026 00:17:02 -0700	[thread overview]
Message-ID: <69afc56e.a00a0220.d013.0003.GAE@google.com> (raw)
In-Reply-To: <20260310064845.3659772-1-wangqing7171@gmail.com>

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
KMSAN: uninit-value in __flush_smp_call_function_queue

=====================================================
BUG: KMSAN: uninit-value in __flush_smp_call_function_queue+0x362/0x18e0 kernel/smp.c:535
 __flush_smp_call_function_queue+0x362/0x18e0 kernel/smp.c:535
 generic_smp_call_function_single_interrupt+0x1c/0x30 kernel/smp.c:463
 __sysvec_call_function_single+0x4b/0x3e0 arch/x86/kernel/smp.c:271
 instr_sysvec_call_function_single arch/x86/kernel/smp.c:266 [inline]
 sysvec_call_function_single+0x7c/0x90 arch/x86/kernel/smp.c:266
 asm_sysvec_call_function_single+0x1f/0x30 arch/x86/include/asm/idtentry.h:704
 native_irq_enable arch/x86/include/asm/irqflags.h:42 [inline]
 arch_local_irq_enable arch/x86/include/asm/irqflags.h:119 [inline]
 raw_spin_rq_unlock_irq kernel/sched/sched.h:1629 [inline]
 finish_lock_switch kernel/sched/core.c:5032 [inline]
 finish_task_switch+0x11b/0x8b0 kernel/sched/core.c:5150
 context_switch kernel/sched/core.c:5298 [inline]
 __schedule+0x2607/0x8640 kernel/sched/core.c:6908
 preempt_schedule_common+0x33/0x80 kernel/sched/core.c:7092
 preempt_schedule+0x30/0x40 kernel/sched/core.c:7116
 preempt_schedule_thunk+0x16/0x30 arch/x86/entry/thunk.S:12
 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:179 [inline]
 _raw_spin_unlock_irqrestore+0x57/0x60 kernel/locking/spinlock.c:194
 unlock_hrtimer_base kernel/time/hrtimer.c:1021 [inline]
 hrtimer_try_to_cancel+0x8b0/0xae0 kernel/time/hrtimer.c:1368
 hrtimer_cancel+0x33/0xf0 kernel/time/hrtimer.c:1489
 schedule_hrtimeout_range_clock+0x16d/0x2f0 kernel/time/sleep_timeout.c:218
 schedule_hrtimeout_range+0x42/0x50 kernel/time/sleep_timeout.c:263
 poll_schedule_timeout fs/select.c:241 [inline]
 do_select+0x282b/0x2aa0 fs/select.c:603
 core_sys_select+0xa5a/0x10e0 fs/select.c:677
 do_pselect fs/select.c:759 [inline]
 __do_sys_pselect6 fs/select.c:798 [inline]
 __se_sys_pselect6+0x554/0x6b0 fs/select.c:789
 __x64_sys_pselect6+0x114/0x1a0 fs/select.c:789
 x64_sys_call+0xa5d/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:271
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x134/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Local variable mmap_event created at:
 perf_event_mmap+0x47/0x2fe0 kernel/events/core.c:9894
 __mmap_complete mm/vma.c:2585 [inline]
 __mmap_region mm/vma.c:2768 [inline]
 mmap_region+0x4a79/0x6220 mm/vma.c:2837

CPU: 1 UID: 0 PID: 6279 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
=====================================================


Tested on:

commit:         1f318b96 Linux 7.0-rc3
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=14d4694a580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=242f02fcd3fbc8f3
dashboard link: https://syzkaller.appspot.com/bug?extid=4b1bd55fba6260160779
compiler:       Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
patch:          https://syzkaller.appspot.com/x/patch.diff?x=1227175a580000

     prev parent reply	other threads:[~2026-03-10  7:17 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-02-15  8:48 [syzbot] [kernel?] KMSAN: uninit-value in __flush_smp_call_function_queue syzbot
2026-02-15 19:05 ` syzbot
2026-03-10  6:48   ` Qing Wang
2026-03-10  7:17     ` syzbot [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=69afc56e.a00a0220.d013.0003.GAE@google.com \
    --to=syzbot+4b1bd55fba6260160779@syzkaller.appspotmail.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=syzkaller-bugs@googlegroups.com \
    --cc=wangqing7171@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.