From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-oo1-f70.google.com (mail-oo1-f70.google.com [209.85.161.70])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id B1C953BFE2B
	for <linux-kernel@vger.kernel.org>; Tue, 10 Mar 2026 07:17:03 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.161.70
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1773127025; cv=none; b=M6Ty1QaEdLGf+4u5LGP8yyqqZ9oZqtn8PC0WniUzLinLGuypSi7jTta4LT+fkvf7Jz0KvBo3eqOhQ94j1GMpucuOLRtMge4tHrgh7xJwu/hl/LiE9EoGREgVgaR2WEkeayCwvIeiQIpbdNp9QoZ/flqL2IOkt2rKrDIavz+kcrk=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1773127025; c=relaxed/simple;
	bh=70Y4jgwn9R3AX3JzNmPytMWCcQPxiVFWh+zAb+Uwt04=;
	h=MIME-Version:Date:In-Reply-To:Message-ID:Subject:From:To:
	 Content-Type; b=Av5qvicw8UWSfGuFsaPcmPosQopm1kxCKVlVgYCy3bPtbI73wCx1+X2OyrkvELi5FVOGAy435ir33m+wjN1KrunHEuq5I4CUKv3ykHOVpC0VcqHXsl8B7A8L/aa784XrZqySYxgsbmAw2NuPG5Xh5yaRLWa0P07b7Z1OzxJX24E=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com; spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com; arc=none smtp.client-ip=209.85.161.70
Authentication-Results: smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com
Received: by mail-oo1-f70.google.com with SMTP id 006d021491bc7-67bb77eb9f8so20875384eaf.1
        for <linux-kernel@vger.kernel.org>; Tue, 10 Mar 2026 00:17:03 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1773127022; x=1773731822;
        h=to:from:subject:message-id:in-reply-to:date:mime-version
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=Up9bXEe9nQIQJUncsGtJUUV/t3gxmc3o4DQl9brRgsc=;
        b=uq4W0iytaY84I7XiNHLUMjm58Qxz5YicQmbi3hujc1g+dNvFIXUMNDxxWIY4E/EdWF
         Vfdl4c1bTm7OLAw+tJNeXsWJt2n6iO7KBLx2i/Vr0G66kYnuVZfIIrZUyd1Y0jT+lsAI
         u4/Kdhu5dafdCSi8G2Y5syqxiCnfJGg3iuO/BlF406YZkoVsiUtKTKlWFR97jdocqWa1
         aGswGABCimHtyiHGMsiLSt0OYoA8P74TEWr2cVLLKwPwoPTQKLjhxe4Q8UCYx0ifBDhe
         JFr6/L6XKSa4UcgJ6J4NjoH6ptmeqG0FkObMt/Gxdi5+KmEVRFZoNPdxHRYokQZ2Q/DR
         pjsw==
X-Gm-Message-State: AOJu0YxS8nPZMJls1KNG1KpamOvRRZ7VTtLxO8+8RR5OYgFT+yYnV1uS
	RdQcr5ws92+gbPIHmbQ5lp0YcNfPJqC0zXFeln2IxxYiiMcRT33klVUQ0NXtVlwL7d5+htm/BuI
	iWWv5PDBrfeBtjr/Q7tydCDiaa5Yr7kHd+orLlGMGg8PfEPMWyihGgoyqMBw=
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
X-Received: by 2002:a4a:ee17:0:b0:67b:afe9:ef0c with SMTP id
 006d021491bc7-67bafe9f3e2mr4860576eaf.71.1773127022716; Tue, 10 Mar 2026
 00:17:02 -0700 (PDT)
Date: Tue, 10 Mar 2026 00:17:02 -0700
In-Reply-To: <20260310064845.3659772-1-wangqing7171@gmail.com>
X-Google-Appengine-App-Id: s~syzkaller
X-Google-Appengine-App-Id-Alias: syzkaller
Message-ID: <69afc56e.a00a0220.d013.0003.GAE@google.com>
Subject: Re: [syzbot] [kernel?] KMSAN: uninit-value in __flush_smp_call_function_queue
From: syzbot <syzbot+4b1bd55fba6260160779@syzkaller.appspotmail.com>
To: linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com, 
	wangqing7171@gmail.com
Content-Type: text/plain; charset="UTF-8"

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
KMSAN: uninit-value in __flush_smp_call_function_queue

=====================================================
BUG: KMSAN: uninit-value in __flush_smp_call_function_queue+0x362/0x18e0 kernel/smp.c:535
 __flush_smp_call_function_queue+0x362/0x18e0 kernel/smp.c:535
 generic_smp_call_function_single_interrupt+0x1c/0x30 kernel/smp.c:463
 __sysvec_call_function_single+0x4b/0x3e0 arch/x86/kernel/smp.c:271
 instr_sysvec_call_function_single arch/x86/kernel/smp.c:266 [inline]
 sysvec_call_function_single+0x7c/0x90 arch/x86/kernel/smp.c:266
 asm_sysvec_call_function_single+0x1f/0x30 arch/x86/include/asm/idtentry.h:704
 native_irq_enable arch/x86/include/asm/irqflags.h:42 [inline]
 arch_local_irq_enable arch/x86/include/asm/irqflags.h:119 [inline]
 raw_spin_rq_unlock_irq kernel/sched/sched.h:1629 [inline]
 finish_lock_switch kernel/sched/core.c:5032 [inline]
 finish_task_switch+0x11b/0x8b0 kernel/sched/core.c:5150
 context_switch kernel/sched/core.c:5298 [inline]
 __schedule+0x2607/0x8640 kernel/sched/core.c:6908
 preempt_schedule_common+0x33/0x80 kernel/sched/core.c:7092
 preempt_schedule+0x30/0x40 kernel/sched/core.c:7116
 preempt_schedule_thunk+0x16/0x30 arch/x86/entry/thunk.S:12
 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:179 [inline]
 _raw_spin_unlock_irqrestore+0x57/0x60 kernel/locking/spinlock.c:194
 unlock_hrtimer_base kernel/time/hrtimer.c:1021 [inline]
 hrtimer_try_to_cancel+0x8b0/0xae0 kernel/time/hrtimer.c:1368
 hrtimer_cancel+0x33/0xf0 kernel/time/hrtimer.c:1489
 schedule_hrtimeout_range_clock+0x16d/0x2f0 kernel/time/sleep_timeout.c:218
 schedule_hrtimeout_range+0x42/0x50 kernel/time/sleep_timeout.c:263
 poll_schedule_timeout fs/select.c:241 [inline]
 do_select+0x282b/0x2aa0 fs/select.c:603
 core_sys_select+0xa5a/0x10e0 fs/select.c:677
 do_pselect fs/select.c:759 [inline]
 __do_sys_pselect6 fs/select.c:798 [inline]
 __se_sys_pselect6+0x554/0x6b0 fs/select.c:789
 __x64_sys_pselect6+0x114/0x1a0 fs/select.c:789
 x64_sys_call+0xa5d/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:271
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x134/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Local variable mmap_event created at:
 perf_event_mmap+0x47/0x2fe0 kernel/events/core.c:9894
 __mmap_complete mm/vma.c:2585 [inline]
 __mmap_region mm/vma.c:2768 [inline]
 mmap_region+0x4a79/0x6220 mm/vma.c:2837

CPU: 1 UID: 0 PID: 6279 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
=====================================================


Tested on:

commit:         1f318b96 Linux 7.0-rc3
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=14d4694a580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=242f02fcd3fbc8f3
dashboard link: https://syzkaller.appspot.com/bug?extid=4b1bd55fba6260160779
compiler:       Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
patch:          https://syzkaller.appspot.com/x/patch.diff?x=1227175a580000