syzbot

 sign-in | mailing list | source | docs
🐞 Open [1633]
Subsystems
🐞 Fixed [6115]
🐞 Invalid [15342]
Missing Backports [170]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KMSAN: uninit-value in timerqueue_del

Status: upstream: reported on 2025/03/27 10:11
Subsystems: kernel
[Documentation on labels]
Reported-by: syzbot+d5e61dcfda08821a226d@syzkaller.appspotmail.com
First crash: 3d16h, last: 3d16h
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [kernel?] KMSAN: uninit-value in timerqueue_del 0 (1) 2025/03/27 10:11
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream general protection fault in timerqueue_del (2) kernel C done done 3 466d 607d 25/28 fixed on 2024/01/31 13:17
upstream general protection fault in timerqueue_del kernel 1 706d 702d 0/28 auto-obsoleted due to no activity on 2023/07/23 15:07
upstream BUG: unable to handle kernel paging request in timerqueue_del kernel 1 1307d 1301d 0/28 auto-closed as invalid on 2021/12/29 14:44

Sample crash report:
ffff88813fc04fc0: ffff88813115aac8 (0xffff88813115aac8)
ffff88813fc04fc8: 0000000000000000 ...
ffff88813fc04fe8: ffff88813115aab8 (0xffff88813115aab8)
ffff88813fc04ff0: ffffffff904ecdee (instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline])
ffff88813fc04ff0: ffffffff904ecdee (sysvec_apic_timer_interrupt+0x7e/0x90 arch/x86/kernel/apic/apic.c:1049)
ffff88813fc04ff8: ffff88813115aaa8 (0xffff88813115aaa8)
BUG: KMSAN: uninit-value in rb_next+0x200/0x210 lib/rbtree.c:505
 rb_next+0x200/0x210 lib/rbtree.c:505
 rb_erase_cached include/linux/rbtree.h:124 [inline]
 timerqueue_del+0xee/0x1a0 lib/timerqueue.c:57
 __remove_hrtimer kernel/time/hrtimer.c:1123 [inline]
 __run_hrtimer kernel/time/hrtimer.c:1771 [inline]
 __hrtimer_run_queues+0x3b7/0xe40 kernel/time/hrtimer.c:1855
 hrtimer_interrupt+0x41b/0xb10 kernel/time/hrtimer.c:1917
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1038 [inline]
 __sysvec_apic_timer_interrupt+0xa7/0x420 arch/x86/kernel/apic/apic.c:1055
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
 sysvec_apic_timer_interrupt+0x7e/0x90 arch/x86/kernel/apic/apic.c:1049

Local variable set_tid.i created at:
 __do_sys_clone3 kernel/fork.c:3098 [inline]
 __se_sys_clone3+0x60/0x590 kernel/fork.c:3093
 __ia32_sys_clone3+0x6b/0xa0 kernel/fork.c:3093

CPU: 0 UID: 0 PID: 13379 Comm: syz.1.2969 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(undef) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
=====================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/03/27 09:23 upstream 1e1ba8d23dae 20510e88 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in timerqueue_del
* Struck through repros no longer work on HEAD.