[syzbot] [kernel?] KMSAN: uninit-value in hrtimer_wakeup
16 views
Skip to first unread message
syzbot
Jul 24, 2025, 6:44:31 AM7/24/25
to anna-...@linutronix.de, fred...@kernel.org, linux-...@vger.kernel.org, syzkall...@googlegroups.com, tg...@linutronix.de
Hello,
syzbot found the following issue on:
HEAD commit: bf61759db409 Merge tag 'sched_ext-for-6.16-rc6-fixes' of g..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1693938c580000
kernel config: https://syzkaller.appspot.com/x/.config?x=5227c65742122bdd
dashboard link: https://syzkaller.appspot.com/bug?extid=e84a763987edd173d82f
compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/c9e297bb553f/disk-bf61759d.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7f2d1bf53414/vmlinux-bf61759d.xz
kernel image: https://storage.googleapis.com/syzbot-assets/9a4f67426eab/bzImage-bf61759d.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+e84a76...@syzkaller.appspotmail.com
=====================================================
BUG: KMSAN: uninit-value in hrtimer_wakeup+0xcb/0xd0 kernel/time/hrtimer.c:1997
hrtimer_wakeup+0xcb/0xd0 kernel/time/hrtimer.c:1997
__run_hrtimer kernel/time/hrtimer.c:1761 [inline]
__hrtimer_run_queues+0x556/0xd80 kernel/time/hrtimer.c:1825
hrtimer_interrupt+0x456/0xb80 kernel/time/hrtimer.c:1887
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1039 [inline]
__sysvec_apic_timer_interrupt+0xa7/0x420 arch/x86/kernel/apic/apic.c:1056
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]
sysvec_apic_timer_interrupt+0x7f/0x90 arch/x86/kernel/apic/apic.c:1050
asm_sysvec_apic_timer_interrupt+0x1f/0x30 arch/x86/include/asm/idtentry.h:702
memmove+0x28/0x1b0 arch/x86/lib/memmove_64.S:45
ext4_xattr_set_entry+0x1928/0x3440 fs/ext4/xattr.c:1773
ext4_xattr_block_set+0xc82/0x5010 fs/ext4/xattr.c:2020
ext4_xattr_set_handle+0x2a44/0x2c00 fs/ext4/xattr.c:2447
ext4_xattr_set+0x2ff/0x5b0 fs/ext4/xattr.c:2549
ext4_xattr_trusted_set+0x51/0x70 fs/ext4/xattr_trusted.c:38
__vfs_setxattr+0x742/0x850 fs/xattr.c:200
__vfs_setxattr_noperm+0x224/0xad0 fs/xattr.c:234
__vfs_setxattr_locked+0x448/0x490 fs/xattr.c:295
vfs_setxattr+0x27f/0x640 fs/xattr.c:321
do_setxattr fs/xattr.c:636 [inline]
filename_setxattr+0x3a4/0xcc0 fs/xattr.c:665
path_setxattrat+0x734/0x820 fs/xattr.c:713
__do_sys_lsetxattr fs/xattr.c:754 [inline]
__se_sys_lsetxattr fs/xattr.c:750 [inline]
__x64_sys_lsetxattr+0x103/0x1c0 fs/xattr.c:750
x64_sys_call+0x2464/0x3db0 arch/x86/include/generated/asm/syscalls_64.h:190
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Local variable t created at:
hrtimer_nanosleep+0x48/0x480 kernel/time/hrtimer.c:2142
common_nsleep+0x118/0x160 kernel/time/posix-timers.c:1353
CPU: 0 UID: 0 PID: 17784 Comm: syz.6.3366 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(none)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
=====================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: bf61759db409 Merge tag 'sched_ext-for-6.16-rc6-fixes' of g..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1693938c580000
kernel config: https://syzkaller.appspot.com/x/.config?x=5227c65742122bdd
dashboard link: https://syzkaller.appspot.com/bug?extid=e84a763987edd173d82f
compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/c9e297bb553f/disk-bf61759d.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7f2d1bf53414/vmlinux-bf61759d.xz
kernel image: https://storage.googleapis.com/syzbot-assets/9a4f67426eab/bzImage-bf61759d.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+e84a76...@syzkaller.appspotmail.com
=====================================================
BUG: KMSAN: uninit-value in hrtimer_wakeup+0xcb/0xd0 kernel/time/hrtimer.c:1997
hrtimer_wakeup+0xcb/0xd0 kernel/time/hrtimer.c:1997
__run_hrtimer kernel/time/hrtimer.c:1761 [inline]
__hrtimer_run_queues+0x556/0xd80 kernel/time/hrtimer.c:1825
hrtimer_interrupt+0x456/0xb80 kernel/time/hrtimer.c:1887
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1039 [inline]
__sysvec_apic_timer_interrupt+0xa7/0x420 arch/x86/kernel/apic/apic.c:1056
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]
sysvec_apic_timer_interrupt+0x7f/0x90 arch/x86/kernel/apic/apic.c:1050
asm_sysvec_apic_timer_interrupt+0x1f/0x30 arch/x86/include/asm/idtentry.h:702
memmove+0x28/0x1b0 arch/x86/lib/memmove_64.S:45
ext4_xattr_set_entry+0x1928/0x3440 fs/ext4/xattr.c:1773
ext4_xattr_block_set+0xc82/0x5010 fs/ext4/xattr.c:2020
ext4_xattr_set_handle+0x2a44/0x2c00 fs/ext4/xattr.c:2447
ext4_xattr_set+0x2ff/0x5b0 fs/ext4/xattr.c:2549
ext4_xattr_trusted_set+0x51/0x70 fs/ext4/xattr_trusted.c:38
__vfs_setxattr+0x742/0x850 fs/xattr.c:200
__vfs_setxattr_noperm+0x224/0xad0 fs/xattr.c:234
__vfs_setxattr_locked+0x448/0x490 fs/xattr.c:295
vfs_setxattr+0x27f/0x640 fs/xattr.c:321
do_setxattr fs/xattr.c:636 [inline]
filename_setxattr+0x3a4/0xcc0 fs/xattr.c:665
path_setxattrat+0x734/0x820 fs/xattr.c:713
__do_sys_lsetxattr fs/xattr.c:754 [inline]
__se_sys_lsetxattr fs/xattr.c:750 [inline]
__x64_sys_lsetxattr+0x103/0x1c0 fs/xattr.c:750
x64_sys_call+0x2464/0x3db0 arch/x86/include/generated/asm/syscalls_64.h:190
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Local variable t created at:
hrtimer_nanosleep+0x48/0x480 kernel/time/hrtimer.c:2142
common_nsleep+0x118/0x160 kernel/time/posix-timers.c:1353
CPU: 0 UID: 0 PID: 17784 Comm: syz.6.3366 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(none)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
=====================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Thomas Gleixner
Jul 24, 2025, 11:31:39 AM7/24/25
to syzbot, anna-...@linutronix.de, fred...@kernel.org, linux-...@vger.kernel.org, syzkall...@googlegroups.com, Alexander Potapenko, Marco Elver, Dmitry Vyukov
On Thu, Jul 24 2025 at 03:44, syzbot wrote:
> HEAD commit: bf61759db409 Merge tag 'sched_ext-for-6.16-rc6-fixes' of g..
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=1693938c580000
> kernel config: https://syzkaller.appspot.com/x/.config?x=5227c65742122bdd
> dashboard link: https://syzkaller.appspot.com/bug?extid=e84a763987edd173d82f
> compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7
>
> Unfortunately, I don't have any reproducer for this issue yet.
>
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/c9e297bb553f/disk-bf61759d.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/7f2d1bf53414/vmlinux-bf61759d.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/9a4f67426eab/bzImage-bf61759d.xz
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+e84a76...@syzkaller.appspotmail.com
>
> =====================================================
> BUG: KMSAN: uninit-value in hrtimer_wakeup+0xcb/0xd0 kernel/time/hrtimer.c:1997
> hrtimer_wakeup+0xcb/0xd0 kernel/time/hrtimer.c:1997
...
> HEAD commit: bf61759db409 Merge tag 'sched_ext-for-6.16-rc6-fixes' of g..
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=1693938c580000
> kernel config: https://syzkaller.appspot.com/x/.config?x=5227c65742122bdd
> dashboard link: https://syzkaller.appspot.com/bug?extid=e84a763987edd173d82f
> compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7
>
> Unfortunately, I don't have any reproducer for this issue yet.
>
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/c9e297bb553f/disk-bf61759d.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/7f2d1bf53414/vmlinux-bf61759d.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/9a4f67426eab/bzImage-bf61759d.xz
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+e84a76...@syzkaller.appspotmail.com
>
> =====================================================
> BUG: KMSAN: uninit-value in hrtimer_wakeup+0xcb/0xd0 kernel/time/hrtimer.c:1997
> hrtimer_wakeup+0xcb/0xd0 kernel/time/hrtimer.c:1997
> Local variable t created at:
> hrtimer_nanosleep+0x48/0x480 kernel/time/hrtimer.c:2142
> common_nsleep+0x118/0x160 kernel/time/posix-timers.c:1353
local variable
struct hrtimer_sleeper t;
in two steps:
hrtimer_setup_sleeper_on_stack(&t, clockid, mode);
hrtimer_set_expires_range_ns(&t.timer, rqtp, current->timer_slack_ns);
and the complaint in hrtimer_wakeup() is:
1989 static enum hrtimer_restart hrtimer_wakeup(struct hrtimer *timer)
1990 {
1991 struct hrtimer_sleeper *t =
1992 container_of(timer, struct hrtimer_sleeper, timer);
1993 struct task_struct *task = t->task;
1994
1995 t->task = NULL;
1996 if (task)
1997 wake_up_process(task); <---- here
1998
1999 return HRTIMER_NORESTART;
2000 }
t->task was initialized:
2027 static void __hrtimer_setup_sleeper(struct hrtimer_sleeper *sl,
2028 clockid_t clock_id, enum hrtimer_mode mode)
2029 {
...
2054 __hrtimer_setup(&sl->timer, hrtimer_wakeup, clock_id, mode);
2055 sl->task = current; <---- here
2056 }
This code hasn't changed in a very long time. Looks like KMSAN is confused...
syzbot
Oct 28, 2025, 6:40:17 AM10/28/25
to syzkall...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages