syzbot

 sign-in | mailing list | source | docs
🐞 Open [1422]
Subsystems
🐞 Fixed [6980]
🐞 Invalid [18197]
Missing Backports [223]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

KMSAN: uninit-value in pfn_reader_next

Status: upstream: reported C repro on 2026/01/24 06:45
Subsystems: iommu
[Documentation on labels]
Reported-by: syzbot+df28076a30d726933015@syzkaller.appspotmail.com
Fix commit: 2724138b2f7f iommufd: Initialize batch->kind in batch_clear()
Patched on: [ci-qemu-gce-upstream-auto ci-qemu-native-arm64-kvm ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-snapshot-upstream-root ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-leak ci-upstream-kasan-badwrites-root ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce-386-root ci-upstream-kmsan-gce-root ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci-upstream-rust-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce ci2-upstream-usb], missing on: [ci-qemu2-riscv64 ci-upstream-gce-arm64]
First crash: 50d, last: 40d
Duplicate bugs (1)
Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
KMSAN: uninit-value in iopt_pages_unfill_xarray iommu 7 C 171 45d 46d 27/29 closed as dup on 2026/01/28 16:50
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [iommu?] KMSAN: uninit-value in pfn_reader_next 0 (4) 2026/01/24 12:46
Last patch testing requests (3)
Created Duration User Patch Repo Result
2026/01/24 12:46 30m kartikey406@gmail.com patch upstream OK log
2026/01/24 11:24 38m kartikey406@gmail.com patch upstream OK log
2026/01/24 09:07 1h05m kartikey406@gmail.com patch upstream report log

Sample crash report:
iommufd_mock iommufd_mock0: Adding to iommu group 0
=====================================================
BUG: KMSAN: uninit-value in batch_add_pfn_num drivers/iommu/iommufd/pages.c:365 [inline]
BUG: KMSAN: uninit-value in batch_add_pfn drivers/iommu/iommufd/pages.c:398 [inline]
BUG: KMSAN: uninit-value in batch_from_pages drivers/iommu/iommufd/pages.c:658 [inline]
BUG: KMSAN: uninit-value in pfn_reader_fill_span drivers/iommu/iommufd/pages.c:1220 [inline]
BUG: KMSAN: uninit-value in pfn_reader_next+0x1d5a/0x3e50 drivers/iommu/iommufd/pages.c:1247
 batch_add_pfn_num drivers/iommu/iommufd/pages.c:365 [inline]
 batch_add_pfn drivers/iommu/iommufd/pages.c:398 [inline]
 batch_from_pages drivers/iommu/iommufd/pages.c:658 [inline]
 pfn_reader_fill_span drivers/iommu/iommufd/pages.c:1220 [inline]
 pfn_reader_next+0x1d5a/0x3e50 drivers/iommu/iommufd/pages.c:1247
 pfn_reader_first+0xbcf/0xee0 drivers/iommu/iommufd/pages.c:1354
 iopt_area_fill_domains+0x202/0x1590 drivers/iommu/iommufd/pages.c:1917
 iopt_fill_domains_pages drivers/iommu/iommufd/io_pagetable.c:359 [inline]
 iopt_map_pages+0x1ba5/0x2130 drivers/iommu/iommufd/io_pagetable.c:387
 iopt_map_common+0x224/0x610 drivers/iommu/iommufd/io_pagetable.c:425
 iopt_map_user_pages+0x148/0x1c0 drivers/iommu/iommufd/io_pagetable.c:466
 iommufd_ioas_map+0x6a2/0x9b0 drivers/iommu/iommufd/ioas.c:270
 iommufd_fops_ioctl+0x82a/0x9e0 drivers/iommu/iommufd/main.c:533
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:597 [inline]
 __se_sys_ioctl+0x23c/0x400 fs/ioctl.c:583
 __x64_sys_ioctl+0x97/0xe0 fs/ioctl.c:583
 x64_sys_call+0x18a7/0x3e70 arch/x86/include/generated/asm/syscalls_64.h:17
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xc9/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Local variable pfns created at:
 iopt_area_fill_domains+0x5c/0x1590 drivers/iommu/iommufd/pages.c:1900
 iopt_fill_domains_pages drivers/iommu/iommufd/io_pagetable.c:359 [inline]
 iopt_map_pages+0x1ba5/0x2130 drivers/iommu/iommufd/io_pagetable.c:387

CPU: 0 UID: 0 PID: 6065 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
=====================================================

Crashes (395):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/01/23 21:51 upstream c072629f05d7 3181850c .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/23 20:09 upstream c072629f05d7 3181850c .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/23 18:34 upstream c072629f05d7 3181850c .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/31 12:53 upstream 283073725700 c75a2f6e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/31 11:48 upstream 283073725700 c75a2f6e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/31 09:35 upstream 283073725700 c75a2f6e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/31 08:19 upstream 283073725700 c75a2f6e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/31 02:12 upstream 4d310797262f e01a0ca6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/31 00:17 upstream 4d310797262f e01a0ca6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/30 21:55 upstream 4d310797262f e01a0ca6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/30 09:35 upstream 4d310797262f bfa73b7b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/30 07:36 upstream 4d310797262f bfa73b7b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/30 07:36 upstream 4d310797262f bfa73b7b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/30 05:15 upstream 4d310797262f bfa73b7b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/30 02:12 upstream 8dfce8991b95 aeb6fdd5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/30 00:30 upstream 8dfce8991b95 aeb6fdd5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/29 23:11 upstream 8dfce8991b95 aeb6fdd5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/29 23:10 upstream 8dfce8991b95 aeb6fdd5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/29 19:39 upstream 8dfce8991b95 aeb6fdd5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/29 18:25 upstream 8dfce8991b95 aeb6fdd5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/29 16:45 upstream 8dfce8991b95 aeb6fdd5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/29 08:02 upstream 8dfce8991b95 b78a7341 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/29 06:06 upstream 8dfce8991b95 b78a7341 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/29 04:48 upstream 8dfce8991b95 b78a7341 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/29 03:14 upstream 8dfce8991b95 b78a7341 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/29 03:14 upstream 8dfce8991b95 b78a7341 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/28 23:12 upstream 1f97d9dcf536 004c195c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/28 19:21 upstream 1f97d9dcf536 004c195c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/28 16:44 upstream 1f97d9dcf536 004c195c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/28 15:09 upstream 1f97d9dcf536 004c195c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/28 13:40 upstream 1f97d9dcf536 004c195c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/28 10:57 upstream 1f97d9dcf536 3029c699 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/28 10:57 upstream 1f97d9dcf536 3029c699 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/28 04:48 upstream 1f97d9dcf536 3029c699 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/28 01:38 upstream 1f97d9dcf536 3029c699 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/27 19:49 upstream fcb70a56f4d8 9a514c2f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/27 16:29 upstream fcb70a56f4d8 9a514c2f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/27 15:14 upstream fcb70a56f4d8 9a514c2f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/27 08:26 upstream fcb70a56f4d8 efb3e894 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/27 08:26 upstream fcb70a56f4d8 efb3e894 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/27 05:19 upstream fcb70a56f4d8 efb3e894 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/26 20:03 upstream 63804fed149a a4c52dd6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/26 18:57 upstream 63804fed149a a4c52dd6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/26 17:39 upstream 63804fed149a a4c52dd6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/26 07:22 upstream 0a6dce0a5c66 55756628 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/26 07:21 upstream 0a6dce0a5c66 55756628 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/26 04:23 upstream 0a6dce0a5c66 55756628 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
* Struck through repros no longer work on HEAD.