Re: [syzbot] [mptcp?] KMSAN: uninit-value in mptcp_established_options

Next message: Hyunwoo Kim: "Re: [PATCH] rust_binder: use a u64 stride when cleaning up the offsets array"
Previous message: Wang Zhaolong: "Re: [PATCH v2] serial: 8250: fix use-after-free in IRQ chain handling"
Next in thread: Paolo Abeni: "Re: [syzbot] [mptcp?] KMSAN: uninit-value in mptcp_established_options"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Matthieu Baerts

Date: Thu May 28 2026 - 22:46:21 EST

Hi Paolo,

On 08/05/2026 19:27, Paolo Abeni wrote:
> On 5/7/26 9:44 AM, Matthieu Baerts wrote:
>> Hi Paolo, Kuniyuki,
>>
>> On 04/05/2026 20:20, syzbot wrote:
>>> Hello,
>>>
>>> syzbot has tested the proposed patch but the reproducer is still triggering an issue:
>>> KMSAN: uninit-value in irqentry_exit_to_kernel_mode_preempt
>>
>> It looks like the issue is different now:

(...)

>> Plus I'm not exactly sure to understand the issue here: mp_opt is
>> defined and used only in mptcp_incoming_options(), and I don't see
>> anything using it after the end of this function. Or did I miss something?
>
> I also had hard time understanding the backtrace, I think some frames
> are omitted/missing (it happens sometime, IDK why), specifically the one
> related to mptcp_options_received() - which would be useful to
> understand the issue.

Because the other issue spot by syzbot seems to unrelated, do you plan
to send your patch upstream? Or do you prefer if someone else does it?

Cheers,
Matt
--
Sponsored by the NGI0 Core fund.