public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
* [syzbot] [kernel?] KMSAN: uninit-value in irqentry_exit_to_kernel_mode_preempt
@ 2026-04-19 15:01 syzbot
  2026-05-03 13:01 ` syzbot
                   ` (3 more replies)
  0 siblings, 4 replies; 8+ messages in thread
From: syzbot @ 2026-04-19 15:01 UTC (permalink / raw)
  To: linux-kernel, luto, peterz, syzkaller-bugs, tglx

Hello,

syzbot found the following issue on:

HEAD commit:    faeab166167f Merge tag 'pinctrl-v7.1-1' of git://git.kerne..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=13728836580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=916f2f67e70d1263
dashboard link: https://syzkaller.appspot.com/bug?extid=23d7fcd204e3837866ff
compiler:       Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8

Unfortunately, I don't have any reproducer for this issue yet.

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/fe08f489aa35/disk-faeab166.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/aef0d8ac5a5a/vmlinux-faeab166.xz
kernel image: https://storage.googleapis.com/syzbot-assets/35d09c9dfe78/bzImage-faeab166.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+23d7fcd204e3837866ff@syzkaller.appspotmail.com

=====================================================
BUG: KMSAN: uninit-value in irqentry_exit_to_kernel_mode_preempt+0xb0/0xc0 include/linux/irq-entry-common.h:472
 irqentry_exit_to_kernel_mode_preempt+0xb0/0xc0 include/linux/irq-entry-common.h:472
 irqentry_exit_to_kernel_mode include/linux/irq-entry-common.h:547 [inline]
 irqentry_exit+0x7b/0x760 kernel/entry/common.c:164
 sysvec_apic_timer_interrupt+0x52/0x90 arch/x86/kernel/apic/apic.c:1061
 asm_sysvec_apic_timer_interrupt+0x1f/0x30 arch/x86/include/asm/idtentry.h:697
 write_comp_data kernel/kcov.c:270 [inline]
 __sanitizer_cov_trace_cmp4+0x86/0x90 kernel/kcov.c:288
 do_csum lib/checksum.c:68 [inline]
 ip_fast_csum+0x24b/0x3f0 lib/checksum.c:99
 nsim_dev_trap_skb_build drivers/net/netdevsim/dev.c:842 [inline]
 nsim_dev_trap_report drivers/net/netdevsim/dev.c:876 [inline]
 nsim_dev_trap_report_work+0x8c0/0x1430 drivers/net/netdevsim/dev.c:922
 process_one_work kernel/workqueue.c:3302 [inline]
 process_scheduled_works+0xb65/0x1e40 kernel/workqueue.c:3385
 worker_thread+0xee4/0x1590 kernel/workqueue.c:3466
 kthread+0x53f/0x600 kernel/kthread.c:436
 ret_from_fork+0x20f/0x8d0 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

Uninit was created at:
 slab_post_alloc_hook mm/slub.c:4576 [inline]
 slab_alloc_node mm/slub.c:4898 [inline]
 __do_kmalloc_node mm/slub.c:5294 [inline]
 __kmalloc_node_track_caller_noprof+0x4f6/0x1750 mm/slub.c:5403
 kmalloc_reserve net/core/skbuff.c:635 [inline]
 __alloc_skb+0x90d/0x1190 net/core/skbuff.c:713
 alloc_skb include/linux/skbuff.h:1383 [inline]
 nsim_dev_trap_skb_build drivers/net/netdevsim/dev.c:819 [inline]
 nsim_dev_trap_report drivers/net/netdevsim/dev.c:876 [inline]
 nsim_dev_trap_report_work+0x3f2/0x1430 drivers/net/netdevsim/dev.c:922
 process_one_work kernel/workqueue.c:3302 [inline]
 process_scheduled_works+0xb65/0x1e40 kernel/workqueue.c:3385
 worker_thread+0xee4/0x1590 kernel/workqueue.c:3466
 kthread+0x53f/0x600 kernel/kthread.c:436
 ret_from_fork+0x20f/0x8d0 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

CPU: 0 UID: 0 PID: 55 Comm: kworker/u8:3 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
Workqueue: events_unbound nsim_dev_trap_report_work
=====================================================


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup

^ permalink raw reply	[flat|nested] 8+ messages in thread
[parent not found: <CAESLoqogDqVUO6oiw8iRAN0PXD_tGUWxRv8iYz3PSu1DuEeOUg@mail.gmail.com>]
[parent not found: <CAESLoqqDdz9SZUSyYRWrQF3T1KM4MzBMm3-v9rXKcUJqaehN0w@mail.gmail.com>]
[parent not found: <CAESLoqpJEtny0jC9=DQrCZQ7AHyZRCC+y2OW5F9sc94B+cqS4Q@mail.gmail.com>]
end of thread, other threads:[~2026-05-04 14:51 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-04-19 15:01 [syzbot] [kernel?] KMSAN: uninit-value in irqentry_exit_to_kernel_mode_preempt syzbot
2026-05-03 13:01 ` syzbot
2026-05-03 16:52 ` Forwarded: " syzbot
2026-05-03 22:02 ` Forwarded: Re: [PATCH] security/keys/encrypted: encrypted_key_alloc(): fix KMSAN uninit-value on dlen syzbot
2026-05-04 14:16 ` syzbot
     [not found] <CAESLoqogDqVUO6oiw8iRAN0PXD_tGUWxRv8iYz3PSu1DuEeOUg@mail.gmail.com>
2026-05-03 19:49 ` [syzbot] [kernel?] KMSAN: uninit-value in irqentry_exit_to_kernel_mode_preempt syzbot
     [not found] <CAESLoqqDdz9SZUSyYRWrQF3T1KM4MzBMm3-v9rXKcUJqaehN0w@mail.gmail.com>
2026-05-03 22:36 ` syzbot
     [not found] <CAESLoqpJEtny0jC9=DQrCZQ7AHyZRCC+y2OW5F9sc94B+cqS4Q@mail.gmail.com>
2026-05-04 14:51 ` syzbot

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox