syzbot

 sign-in | mailing list | source | docs
🐞 Open [1452]
Subsystems
🐞 Fixed [6881]
🐞 Invalid [17879]
Missing Backports [224]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KMSAN: uninit-value in pfn_reader_next

Status: upstream: reported C repro on 2026/01/24 06:45
Subsystems: iommu
[Documentation on labels]
Reported-by: syzbot+df28076a30d726933015@syzkaller.appspotmail.com
First crash: 4d21h, last: 1h46m
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [iommu?] KMSAN: uninit-value in pfn_reader_next 0 (4) 2026/01/24 12:46
Last patch testing requests (3)
Created Duration User Patch Repo Result
2026/01/24 12:46 30m kartikey406@gmail.com patch upstream OK log
2026/01/24 11:24 38m kartikey406@gmail.com patch upstream OK log
2026/01/24 09:07 1h05m kartikey406@gmail.com patch upstream report log

Sample crash report:
iommufd_mock iommufd_mock0: Adding to iommu group 0
=====================================================
BUG: KMSAN: uninit-value in batch_add_pfn_num drivers/iommu/iommufd/pages.c:365 [inline]
BUG: KMSAN: uninit-value in batch_add_pfn drivers/iommu/iommufd/pages.c:398 [inline]
BUG: KMSAN: uninit-value in batch_from_pages drivers/iommu/iommufd/pages.c:658 [inline]
BUG: KMSAN: uninit-value in pfn_reader_fill_span drivers/iommu/iommufd/pages.c:1220 [inline]
BUG: KMSAN: uninit-value in pfn_reader_next+0x1d5a/0x3e50 drivers/iommu/iommufd/pages.c:1247
 batch_add_pfn_num drivers/iommu/iommufd/pages.c:365 [inline]
 batch_add_pfn drivers/iommu/iommufd/pages.c:398 [inline]
 batch_from_pages drivers/iommu/iommufd/pages.c:658 [inline]
 pfn_reader_fill_span drivers/iommu/iommufd/pages.c:1220 [inline]
 pfn_reader_next+0x1d5a/0x3e50 drivers/iommu/iommufd/pages.c:1247
 pfn_reader_first+0xbcf/0xee0 drivers/iommu/iommufd/pages.c:1354
 iopt_area_fill_domains+0x202/0x1590 drivers/iommu/iommufd/pages.c:1917
 iopt_fill_domains_pages drivers/iommu/iommufd/io_pagetable.c:359 [inline]
 iopt_map_pages+0x1ba5/0x2130 drivers/iommu/iommufd/io_pagetable.c:387
 iopt_map_common+0x224/0x610 drivers/iommu/iommufd/io_pagetable.c:425
 iopt_map_user_pages+0x148/0x1c0 drivers/iommu/iommufd/io_pagetable.c:466
 iommufd_ioas_map+0x6a2/0x9b0 drivers/iommu/iommufd/ioas.c:270
 iommufd_fops_ioctl+0x82a/0x9e0 drivers/iommu/iommufd/main.c:533
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:597 [inline]
 __se_sys_ioctl+0x23c/0x400 fs/ioctl.c:583
 __x64_sys_ioctl+0x97/0xe0 fs/ioctl.c:583
 x64_sys_call+0x18a7/0x3e70 arch/x86/include/generated/asm/syscalls_64.h:17
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xc9/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Local variable pfns created at:
 iopt_area_fill_domains+0x5c/0x1590 drivers/iommu/iommufd/pages.c:1900
 iopt_fill_domains_pages drivers/iommu/iommufd/io_pagetable.c:359 [inline]
 iopt_map_pages+0x1ba5/0x2130 drivers/iommu/iommufd/io_pagetable.c:387

CPU: 0 UID: 0 PID: 6065 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
=====================================================

Crashes (224):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/01/23 21:51 upstream c072629f05d7 3181850c .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/23 20:09 upstream c072629f05d7 3181850c .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/23 18:34 upstream c072629f05d7 3181850c .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/26 00:28 upstream 0a6dce0a5c66 55756628 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/25 23:23 upstream 0a6dce0a5c66 55756628 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/25 15:19 upstream d91a46d6805a 40acda8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/25 15:19 upstream d91a46d6805a 40acda8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/25 14:11 upstream d91a46d6805a 40acda8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/25 12:09 upstream d91a46d6805a 40acda8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/25 08:38 upstream d91a46d6805a 40acda8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/25 04:11 upstream 62085877ae65 40acda8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/25 03:15 upstream 62085877ae65 40acda8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/24 23:41 upstream 62085877ae65 40acda8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/24 21:50 upstream 62085877ae65 40acda8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/24 08:46 upstream c133687c2eae 4f25b9b4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/24 08:46 upstream c133687c2eae 4f25b9b4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/24 07:15 upstream c133687c2eae 4f25b9b4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/24 05:01 upstream c133687c2eae 4f25b9b4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/24 03:33 upstream c133687c2eae 4f25b9b4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/23 16:53 upstream c072629f05d7 3181850c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/23 14:48 upstream c072629f05d7 3181850c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/23 14:35 upstream c072629f05d7 3181850c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/23 10:41 upstream c072629f05d7 82c9c083 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/23 02:41 upstream a66191c590b3 82c9c083 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/23 02:37 upstream a66191c590b3 82c9c083 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/22 22:22 upstream a66191c590b3 2367ed1e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/22 20:31 upstream a66191c590b3 2367ed1e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/22 20:10 upstream a66191c590b3 2367ed1e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/22 18:37 upstream a66191c590b3 2367ed1e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/22 17:10 upstream a66191c590b3 2367ed1e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/22 08:41 upstream cf38b2340c0e 101dad69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/22 08:08 upstream cf38b2340c0e 101dad69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/22 07:46 upstream cf38b2340c0e 101dad69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/22 06:38 upstream cf38b2340c0e 101dad69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/21 21:24 upstream 6c790212c588 6f1aa2f9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/21 20:44 upstream 6c790212c588 6f1aa2f9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/21 18:48 upstream 6c790212c588 6f1aa2f9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/21 18:48 upstream 6c790212c588 6f1aa2f9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/21 18:44 upstream 6c790212c588 6f1aa2f9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/21 18:44 upstream 6c790212c588 6f1aa2f9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/21 18:41 upstream 6c790212c588 6f1aa2f9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/21 18:40 upstream 6c790212c588 6f1aa2f9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/21 18:36 upstream 6c790212c588 6f1aa2f9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/21 18:36 upstream 6c790212c588 6f1aa2f9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/21 18:05 upstream 6c790212c588 6f1aa2f9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/21 17:56 upstream 6c790212c588 6f1aa2f9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/21 17:55 upstream 6c790212c588 6f1aa2f9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
* Struck through repros no longer work on HEAD.