syzbot

 sign-in | mailing list | source | docs
🐞 Open [1430]
Subsystems
🐞 Fixed [6905]
🐞 Invalid [17973]
Missing Backports [223]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KMSAN: uninit-value in swap_writeout

Status: upstream: reported on 2025/12/22 12:18
Subsystems: mm
[Documentation on labels]
Reported-by: syzbot+178fff6149127421c2cc@syzkaller.appspotmail.com
First crash: 52d, last: 3d13h
Discussions (2)
Title Replies (including bot) Last reply
[PATCH] mm/shmem: fix uninitialized folio in shmem_symlink 13 (13) 2026/01/07 01:16
[syzbot] [mm?] KMSAN: uninit-value in swap_writeout 6 (8) 2026/01/05 09:12

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in is_folio_zero_filled mm/page_io.c:188 [inline]
BUG: KMSAN: uninit-value in swap_writeout+0x468/0x1380 mm/page_io.c:263
 is_folio_zero_filled mm/page_io.c:188 [inline]
 swap_writeout+0x468/0x1380 mm/page_io.c:263
 shmem_writeout+0x1ac0/0x1f50 mm/shmem.c:1685
 writeout mm/vmscan.c:649 [inline]
 pageout mm/vmscan.c:698 [inline]
 shrink_folio_list+0x5951/0x7fd0 mm/vmscan.c:1418
 evict_folios+0x9aa3/0xc030 mm/vmscan.c:4711
 try_to_shrink_lruvec+0x1251/0x1750 mm/vmscan.c:4874
 lru_gen_shrink_lruvec mm/vmscan.c:5023 [inline]
 shrink_lruvec+0x505/0x4d80 mm/vmscan.c:5784
 shrink_node_memcgs mm/vmscan.c:6020 [inline]
 shrink_node+0xf09/0x51a0 mm/vmscan.c:6061
 shrink_zones mm/vmscan.c:6300 [inline]
 do_try_to_free_pages+0x956/0x26c0 mm/vmscan.c:6362
 try_to_free_mem_cgroup_pages+0x3ad/0x950 mm/vmscan.c:6690
 try_charge_memcg+0x80b/0x1c20 mm/memcontrol.c:2388
 obj_cgroup_charge_pages+0x69/0x330 mm/memcontrol.c:2823
 __memcg_kmem_charge_page+0x149/0x4c0 mm/memcontrol.c:2867
 __alloc_frozen_pages_noprof+0x680/0xf50 mm/page_alloc.c:5257
 alloc_pages_mpol+0x328/0x860 mm/mempolicy.c:2486
 alloc_frozen_pages_noprof mm/mempolicy.c:2557 [inline]
 alloc_pages_noprof+0x101/0x280 mm/mempolicy.c:2577
 vm_area_alloc_pages mm/vmalloc.c:3718 [inline]
 __vmalloc_area_node mm/vmalloc.c:3863 [inline]
 __vmalloc_node_range_noprof+0x1579/0x2d80 mm/vmalloc.c:4051
 __vmalloc_node_noprof mm/vmalloc.c:4111 [inline]
 __vmalloc_noprof+0x128/0x1f0 mm/vmalloc.c:4127
 do_replace+0x451/0x8b0 net/bridge/netfilter/ebtables.c:1135
 do_ebt_set_ctl+0x24d/0x2230 net/bridge/netfilter/ebtables.c:2527
 nf_setsockopt+0x4fb/0x550 net/netfilter/nf_sockopt.c:101
 ip_setsockopt+0x1f2/0x210 net/ipv4/ip_sockglue.c:1424
 sock_common_setsockopt+0xf5/0x140 net/core/sock.c:3973
 do_sock_setsockopt net/socket.c:2322 [inline]
 __sys_setsockopt+0x43e/0x580 net/socket.c:2347
 __do_sys_setsockopt net/socket.c:2353 [inline]
 __se_sys_setsockopt net/socket.c:2350 [inline]
 __x64_sys_setsockopt+0xf4/0x1a0 net/socket.c:2350
 x64_sys_call+0x28e3/0x3e70 arch/x86/include/generated/asm/syscalls_64.h:55
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xc9/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was created at:
 __alloc_frozen_pages_noprof+0x6df/0xf50 mm/page_alloc.c:5263
 alloc_pages_mpol+0x328/0x860 mm/mempolicy.c:2486
 folio_alloc_mpol_noprof+0x56/0x1d0 mm/mempolicy.c:2505
 shmem_alloc_folio mm/shmem.c:1913 [inline]
 shmem_alloc_and_add_folio+0xc54/0x1bd0 mm/shmem.c:1955
 shmem_get_folio_gfp+0xad3/0x1fc0 mm/shmem.c:2579
 shmem_get_folio mm/shmem.c:2685 [inline]
 shmem_symlink+0x562/0xad0 mm/shmem.c:4152
 vfs_symlink+0x8ea/0x9b0 fs/namei.c:5523
 do_symlinkat+0x2c6/0xbc0 fs/namei.c:5550
 __do_sys_symlinkat fs/namei.c:5571 [inline]
 __se_sys_symlinkat fs/namei.c:5568 [inline]
 __x64_sys_symlinkat+0xf5/0x180 fs/namei.c:5568
 x64_sys_call+0x342f/0x3e70 arch/x86/include/generated/asm/syscalls_64.h:267
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xc9/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

CPU: 1 UID: 0 PID: 19302 Comm: syz.0.3746 Tainted: G        W    L      syzkaller #0 PREEMPT(voluntary) 
Tainted: [W]=WARN, [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
=====================================================

Crashes (8):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/02/05 04:41 upstream 5fd0a1df5d05 ea10c935 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in swap_writeout
2026/01/30 12:19 upstream 4d310797262f bfa73b7b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in swap_writeout
2026/01/29 11:50 upstream 8dfce8991b95 b78a7341 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in swap_writeout
2026/01/20 08:22 upstream 24d479d26b25 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in swap_writeout
2026/01/15 04:22 upstream 944aacb68baf d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in swap_writeout
2025/12/29 07:31 upstream c875a6c32467 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in swap_writeout
2025/12/23 00:16 upstream 9448598b22c5 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in swap_writeout
2025/12/18 12:15 upstream ea1013c15392 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in swap_writeout
* Struck through repros no longer work on HEAD.