syzbot

 sign-in | mailing list | source | docs
🐞 Open [1443]
Subsystems
🐞 Fixed [6891]
🐞 Invalid [17907]
Missing Backports [224]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KMSAN: uninit-value in pfn_reader_next

Status: upstream: reported C repro on 2026/01/24 06:45
Subsystems: iommu
[Documentation on labels]
Reported-by: syzbot+df28076a30d726933015@syzkaller.appspotmail.com
First crash: 8d08h, last: 5h06m
Duplicate bugs (1)
Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
KMSAN: uninit-value in iopt_pages_unfill_xarray iommu 7 C 171 3d08h 4d07h 0/29 closed as dup on 2026/01/28 16:50
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [iommu?] KMSAN: uninit-value in pfn_reader_next 0 (4) 2026/01/24 12:46
Last patch testing requests (3)
Created Duration User Patch Repo Result
2026/01/24 12:46 30m kartikey406@gmail.com patch upstream OK log
2026/01/24 11:24 38m kartikey406@gmail.com patch upstream OK log
2026/01/24 09:07 1h05m kartikey406@gmail.com patch upstream report log

Sample crash report:
iommufd_mock iommufd_mock0: Adding to iommu group 0
=====================================================
BUG: KMSAN: uninit-value in batch_add_pfn_num drivers/iommu/iommufd/pages.c:365 [inline]
BUG: KMSAN: uninit-value in batch_add_pfn drivers/iommu/iommufd/pages.c:398 [inline]
BUG: KMSAN: uninit-value in batch_from_pages drivers/iommu/iommufd/pages.c:658 [inline]
BUG: KMSAN: uninit-value in pfn_reader_fill_span drivers/iommu/iommufd/pages.c:1220 [inline]
BUG: KMSAN: uninit-value in pfn_reader_next+0x1d5a/0x3e50 drivers/iommu/iommufd/pages.c:1247
 batch_add_pfn_num drivers/iommu/iommufd/pages.c:365 [inline]
 batch_add_pfn drivers/iommu/iommufd/pages.c:398 [inline]
 batch_from_pages drivers/iommu/iommufd/pages.c:658 [inline]
 pfn_reader_fill_span drivers/iommu/iommufd/pages.c:1220 [inline]
 pfn_reader_next+0x1d5a/0x3e50 drivers/iommu/iommufd/pages.c:1247
 pfn_reader_first+0xbcf/0xee0 drivers/iommu/iommufd/pages.c:1354
 iopt_area_fill_domains+0x202/0x1590 drivers/iommu/iommufd/pages.c:1917
 iopt_fill_domains_pages drivers/iommu/iommufd/io_pagetable.c:359 [inline]
 iopt_map_pages+0x1ba5/0x2130 drivers/iommu/iommufd/io_pagetable.c:387
 iopt_map_common+0x224/0x610 drivers/iommu/iommufd/io_pagetable.c:425
 iopt_map_user_pages+0x148/0x1c0 drivers/iommu/iommufd/io_pagetable.c:466
 iommufd_ioas_map+0x6a2/0x9b0 drivers/iommu/iommufd/ioas.c:270
 iommufd_fops_ioctl+0x82a/0x9e0 drivers/iommu/iommufd/main.c:533
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:597 [inline]
 __se_sys_ioctl+0x23c/0x400 fs/ioctl.c:583
 __x64_sys_ioctl+0x97/0xe0 fs/ioctl.c:583
 x64_sys_call+0x18a7/0x3e70 arch/x86/include/generated/asm/syscalls_64.h:17
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xc9/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Local variable pfns created at:
 iopt_area_fill_domains+0x5c/0x1590 drivers/iommu/iommufd/pages.c:1900
 iopt_fill_domains_pages drivers/iommu/iommufd/io_pagetable.c:359 [inline]
 iopt_map_pages+0x1ba5/0x2130 drivers/iommu/iommufd/io_pagetable.c:387

CPU: 0 UID: 0 PID: 6065 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
=====================================================

Crashes (320):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/01/23 21:51 upstream c072629f05d7 3181850c .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/23 20:09 upstream c072629f05d7 3181850c .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/23 18:34 upstream c072629f05d7 3181850c .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/29 08:02 upstream 8dfce8991b95 b78a7341 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/29 06:06 upstream 8dfce8991b95 b78a7341 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/29 04:48 upstream 8dfce8991b95 b78a7341 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/29 03:14 upstream 8dfce8991b95 b78a7341 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/29 03:14 upstream 8dfce8991b95 b78a7341 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/28 23:12 upstream 1f97d9dcf536 004c195c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/28 19:21 upstream 1f97d9dcf536 004c195c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/28 16:44 upstream 1f97d9dcf536 004c195c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/28 15:09 upstream 1f97d9dcf536 004c195c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/28 13:40 upstream 1f97d9dcf536 004c195c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/28 10:57 upstream 1f97d9dcf536 3029c699 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/28 10:57 upstream 1f97d9dcf536 3029c699 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/28 04:48 upstream 1f97d9dcf536 3029c699 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/28 01:38 upstream 1f97d9dcf536 3029c699 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/27 19:49 upstream fcb70a56f4d8 9a514c2f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/27 16:29 upstream fcb70a56f4d8 9a514c2f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/27 15:14 upstream fcb70a56f4d8 9a514c2f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/27 08:26 upstream fcb70a56f4d8 efb3e894 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/27 08:26 upstream fcb70a56f4d8 efb3e894 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/27 05:19 upstream fcb70a56f4d8 efb3e894 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/26 20:03 upstream 63804fed149a a4c52dd6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/26 18:57 upstream 63804fed149a a4c52dd6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/26 17:39 upstream 63804fed149a a4c52dd6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/26 07:22 upstream 0a6dce0a5c66 55756628 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/26 07:21 upstream 0a6dce0a5c66 55756628 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/26 04:23 upstream 0a6dce0a5c66 55756628 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/26 03:02 upstream 0a6dce0a5c66 55756628 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/26 00:28 upstream 0a6dce0a5c66 55756628 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/25 23:23 upstream 0a6dce0a5c66 55756628 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/25 15:19 upstream d91a46d6805a 40acda8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/25 15:19 upstream d91a46d6805a 40acda8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/25 14:11 upstream d91a46d6805a 40acda8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/25 12:09 upstream d91a46d6805a 40acda8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/25 08:38 upstream d91a46d6805a 40acda8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/25 04:11 upstream 62085877ae65 40acda8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/25 03:15 upstream 62085877ae65 40acda8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/24 23:41 upstream 62085877ae65 40acda8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/24 21:50 upstream 62085877ae65 40acda8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/24 08:46 upstream c133687c2eae 4f25b9b4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/24 08:46 upstream c133687c2eae 4f25b9b4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/24 07:15 upstream c133687c2eae 4f25b9b4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/24 05:01 upstream c133687c2eae 4f25b9b4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/24 03:33 upstream c133687c2eae 4f25b9b4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/23 16:53 upstream c072629f05d7 3181850c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
2026/01/23 14:48 upstream c072629f05d7 3181850c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pfn_reader_next
* Struck through repros no longer work on HEAD.