KMSAN: uninit-value in timerqueue

Title	Replies (including bot)	Last reply
[RFC PATCH RESEND] timerqueue: Complete rb_node initialization within timerqueue_init	2 (2)	2025/04/06 11:46
[RFC PATCH] timerqueue: Complete rb_node initialization within timerqueue_init	1 (1)	2025/04/05 08:03
[syzbot] [kernel?] KMSAN: uninit-value in timerqueue_del	0 (1)	2025/03/27 10:11

Title

Replies (including bot)

Last reply

[RFC PATCH RESEND] timerqueue: Complete rb_node initialization within timerqueue_init

2 (2)

2025/04/06 11:46

[RFC PATCH] timerqueue: Complete rb_node initialization within timerqueue_init

1 (1)

2025/04/05 08:03

[syzbot] [kernel?] KMSAN: uninit-value in timerqueue_del

0 (1)

2025/03/27 10:11

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
upstream	general protection fault in timerqueue_del (2) kernel	C	done	done	3	490d	631d	25/28	fixed on 2024/01/31 13:17
upstream	general protection fault in timerqueue_del kernel				1	730d	726d	0/28	auto-obsoleted due to no activity on 2023/07/23 15:07
upstream	BUG: unable to handle kernel paging request in timerqueue_del kernel				1	1331d	1325d	0/28	auto-closed as invalid on 2021/12/29 14:44

ffff88813fc04fc0: ffff88813115aac8 (0xffff88813115aac8) ffff88813fc04fc8: 0000000000000000 ... ffff88813fc04fe8: ffff88813115aab8 (0xffff88813115aab8) ffff88813fc04ff0: ffffffff904ecdee (instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]) ffff88813fc04ff0: ffffffff904ecdee (sysvec_apic_timer_interrupt+0x7e/0x90 arch/x86/kernel/apic/apic.c:1049) ffff88813fc04ff8: ffff88813115aaa8 (0xffff88813115aaa8) BUG: KMSAN: uninit-value in rb_next+0x200/0x210 lib/rbtree.c:505 rb_next+0x200/0x210 lib/rbtree.c:505 rb_erase_cached include/linux/rbtree.h:124 [inline] timerqueue_del+0xee/0x1a0 lib/timerqueue.c:57 __remove_hrtimer kernel/time/hrtimer.c:1123 [inline] __run_hrtimer kernel/time/hrtimer.c:1771 [inline] __hrtimer_run_queues+0x3b7/0xe40 kernel/time/hrtimer.c:1855 hrtimer_interrupt+0x41b/0xb10 kernel/time/hrtimer.c:1917 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1038 [inline] __sysvec_apic_timer_interrupt+0xa7/0x420 arch/x86/kernel/apic/apic.c:1055 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline] sysvec_apic_timer_interrupt+0x7e/0x90 arch/x86/kernel/apic/apic.c:1049 Local variable set_tid.i created at: __do_sys_clone3 kernel/fork.c:3098 [inline] __se_sys_clone3+0x60/0x590 kernel/fork.c:3093 __ia32_sys_clone3+0x6b/0xa0 kernel/fork.c:3093 CPU: 0 UID: 0 PID: 13379 Comm: syz.1.2969 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(undef) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 =====================================================

Crashes (1):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2025/03/27 09:23	upstream	1e1ba8d23dae	20510e88	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kmsan-gce-386-root	KMSAN: uninit-value in timerqueue_del

Crashes (1):

Assets (help?)