syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1352]
Subsystems
🐞 Fixed [7124]
🐞 Invalid [18848]
Missing Backports [220]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

KMSAN: uninit-value in __arg_track_join

Status: upstream: reported on 2026/05/29 20:02
Subsystems: bpf
Labels: prio:low
[Documentation on labels]
Reported-by: syzbot+0098eed2cc898cdd672f@syzkaller.appspotmail.com
First crash: 4d15h, last: 4d15h
✨ AI Jobs (1)
ID Workflow Result Correct Bug Created Started Finished Revision Error
4728500e-04cc-4835-99a7-81703b09d8bb assessment-security DenialOfService: ✅ Exploitable: ❌ FilesystemTrigger: ❌ NetworkTrigger: ❌ PeripheralTrigger: ❌ RemoteTrigger: ❌ Unprivileged: ❌ UserNamespace: ❌ VMGuestTrigger: ❌ VMHostTrigger: ❌ KMSAN: uninit-value in __arg_track_join 2026/05/29 21:33 2026/05/29 21:33 2026/05/29 22:11 6b4a844333e83556da95d61d7f207e7ef5cd4bc6
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [bpf?] KMSAN: uninit-value in __arg_track_join 0 (1) 2026/05/29 20:02

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in __arg_track_join+0x15a/0x810 kernel/bpf/liveness.c:743
 __arg_track_join+0x15a/0x810 kernel/bpf/liveness.c:743
 arg_track_join+0x186/0x870 kernel/bpf/liveness.c:784
 compute_subprog_args kernel/bpf/liveness.c:1623 [inline]
 analyze_subprog+0x3eb0/0xff30 kernel/bpf/liveness.c:1799
 bpf_compute_subprog_arg_access+0x3ee/0x2370 kernel/bpf/liveness.c:1937
 bpf_compute_live_registers+0xfdb/0x3090 kernel/bpf/liveness.c:2149
 bpf_check+0x5bcb/0x9360 kernel/bpf/verifier.c:20065
 bpf_prog_load+0x28d2/0x2d00 kernel/bpf/syscall.c:3082
 __sys_bpf+0x8e0/0xee0 kernel/bpf/syscall.c:6274
 __do_sys_bpf kernel/bpf/syscall.c:6387 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:6385 [inline]
 __ia32_sys_bpf+0xa4/0xf0 kernel/bpf/syscall.c:6385
 ia32_sys_call+0x33e7/0x4360 arch/x86/include/generated/asm/syscalls_32.h:358
 do_syscall_32_irqs_on arch/x86/entry/syscall_32.c:83 [inline]
 __do_fast_syscall_32+0x195/0x470 arch/x86/entry/syscall_32.c:307
 do_fast_syscall_32+0x37/0x80 arch/x86/entry/syscall_32.c:332
 do_SYSENTER_32+0x1f/0x30 arch/x86/entry/syscall_32.c:370
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e

Local variable old created at:
 arg_track_join+0x86/0x870 kernel/bpf/liveness.c:783
 compute_subprog_args kernel/bpf/liveness.c:1623 [inline]
 analyze_subprog+0x3eb0/0xff30 kernel/bpf/liveness.c:1799

CPU: 0 UID: 0 PID: 18676 Comm: syz.0.5880 Tainted: G        W           syzkaller #0 PREEMPT(lazy) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
=====================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/05/26 23:33 upstream d60ec36cab33 2b01f00e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in __arg_track_join
* Struck through repros no longer work on HEAD.