syzbot

 sign-in | mailing list | source | docs
🐞 Open [966] Subsystems 🐞 Fixed [4555] 🐞 Invalid [10488] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KMSAN: uninit-value in io_req_cqe_overflow

Status: upstream: reported C repro on 2022/09/06 13:22
Labels: io-uring (incorrect?)
Reported-by: syzbot+12dde80bf174ac8ae285@syzkaller.appspotmail.com
First crash: 274d, last: 20d
Discussions (3)
Title Replies (including bot) Last reply
[syzbot] Monthly io-uring report (Apr 2023) 0 (1) 2023/04/27 17:19
[syzbot] Monthly io-uring report 9 (10) 2023/03/27 20:21
[syzbot] KMSAN: uninit-value in io_req_cqe_overflow 0 (1) 2022/09/06 13:22
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in preempt_count_add C 6657 232d 232d 0/24 closed as invalid on 2022/10/10 13:29
upstream general protection fault in io_issue_sqe io-uring fs C done unreliable 502 277d 634d 0/24 auto-obsoleted due to no activity on 2023/04/19 14:13

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in io_req_cqe_overflow+0x1f8/0x220 io_uring/io_uring.c:687
 io_req_cqe_overflow+0x1f8/0x220 io_uring/io_uring.c:687
 __io_fill_cqe_req+0x4ad/0x830 io_uring/io_uring.h:121
 __io_submit_flush_completions io_uring/io_uring.c:1192 [inline]
 io_submit_flush_completions+0x11c/0x390 io_uring/io_uring.c:166
 io_submit_state_end io_uring/io_uring.c:2025 [inline]
 io_submit_sqes+0x7d3/0xd50 io_uring/io_uring.c:2137
 __do_sys_io_uring_enter io_uring/io_uring.c:3053 [inline]
 __se_sys_io_uring_enter+0x597/0x1d30 io_uring/io_uring.c:2983
 __x64_sys_io_uring_enter+0x117/0x190 io_uring/io_uring.c:2983
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Uninit was stored to memory at:
 io_req_set_res io_uring/io_uring.h:156 [inline]
 io_recv_finish io_uring/net.c:537 [inline]
 io_recv+0x18ee/0x1d00 io_uring/net.c:845
 io_issue_sqe+0x3b1/0x11d0 io_uring/io_uring.c:1576
 io_queue_sqe io_uring/io_uring.c:1753 [inline]
 io_submit_sqe+0xb40/0x1be0 io_uring/io_uring.c:2011
 io_submit_sqes+0x542/0xd50 io_uring/io_uring.c:2122
 __do_sys_io_uring_enter io_uring/io_uring.c:3053 [inline]
 __se_sys_io_uring_enter+0x597/0x1d30 io_uring/io_uring.c:2983
 __x64_sys_io_uring_enter+0x117/0x190 io_uring/io_uring.c:2983
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Local variable msg created at:
 io_recv+0x4b/0x1d00 io_uring/net.c:763
 io_issue_sqe+0x3b1/0x11d0 io_uring/io_uring.c:1576

CPU: 0 PID: 3487 Comm: syz-executor126 Not tainted 6.0.0-rc2-syzkaller-47461-gac3859c02d7f #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
=====================================================

Crashes (604):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Manager Title
2022/08/28 15:47 https://github.com/google/kmsan.git master ac3859c02d7f 07177916 .config strace log report syz C ci-upstream-kmsan-gce KMSAN: uninit-value in io_req_cqe_overflow
2023/03/17 11:30 https://github.com/google/kmsan.git master 34add094f9de 18b58603 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in io_rw_fail
2022/12/07 07:08 https://github.com/google/kmsan.git master 30d2727189c5 d88f3abb .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in io_rw_fail
2023/01/08 23:31 https://github.com/google/kmsan.git master 5c6259d6d19f 1dac8c7a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in io_req_cqe_overflow
2022/08/28 14:49 https://github.com/google/kmsan.git master ac3859c02d7f 07177916 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in io_req_cqe_overflow
2023/02/18 13:25 upstream 38f8ccde04a3 d02e9a70 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in __io_uring_show_fdinfo
2022/10/17 00:00 upstream 55be6084c8e0 67cb024c .config console log report info [disk image] [vmlinux] ci-upstream-kasan-gce-smack-root KASAN: use-after-free Read in __io_uring_show_fdinfo
2023/05/09 07:06 https://github.com/google/kmsan.git master 81af97bdef5e f4168103 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in io_rw_fail
2023/05/08 14:59 https://github.com/google/kmsan.git master 81af97bdef5e 90c93c40 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in io_rw_fail
2023/05/08 12:32 https://github.com/google/kmsan.git master 81af97bdef5e 90c93c40 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in io_submit_flush_completions
2023/05/06 21:17 https://github.com/google/kmsan.git master 81af97bdef5e 90c93c40 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in io_submit_flush_completions
2023/05/05 16:21 https://github.com/google/kmsan.git master 81af97bdef5e 518a39a6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in io_rw_fail
2023/05/05 03:49 https://github.com/google/kmsan.git master 81af97bdef5e 518a39a6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in io_rw_fail
2023/05/03 08:38 https://github.com/google/kmsan.git master 81af97bdef5e 48e0a81d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in io_submit_flush_completions
2023/05/03 00:39 https://github.com/google/kmsan.git master 81af97bdef5e 48e0a81d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in io_rw_fail
2023/05/01 23:39 https://github.com/google/kmsan.git master 81af97bdef5e 62df2017 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in io_submit_flush_completions
2023/05/01 20:40 https://github.com/google/kmsan.git master 81af97bdef5e 62df2017 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in io_submit_flush_completions
2023/05/01 19:33 https://github.com/google/kmsan.git master 81af97bdef5e 62df2017 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in io_rw_fail
2023/05/01 17:05 https://github.com/google/kmsan.git master 81af97bdef5e 62df2017 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in io_submit_flush_completions
2023/05/01 03:43 https://github.com/google/kmsan.git master 81af97bdef5e 62df2017 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in io_submit_flush_completions
2023/04/30 21:28 https://github.com/google/kmsan.git master 81af97bdef5e 62df2017 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in io_submit_flush_completions
2023/04/29 09:27 https://github.com/google/kmsan.git master 81af97bdef5e 62df2017 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in io_submit_flush_completions
2023/04/29 04:53 https://github.com/google/kmsan.git master 81af97bdef5e 62df2017 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in io_rw_fail
2023/04/28 23:59 https://github.com/google/kmsan.git master 81af97bdef5e 62df2017 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in io_rw_fail
2023/04/28 07:15 https://github.com/google/kmsan.git master 81af97bdef5e 70a605de .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in io_rw_fail
2023/04/28 04:18 https://github.com/google/kmsan.git master 81af97bdef5e 70a605de .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in io_submit_flush_completions
2023/04/27 16:49 https://github.com/google/kmsan.git master 81af97bdef5e 6f5b1cc4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in io_submit_flush_completions
2023/04/26 02:08 https://github.com/google/kmsan.git master 81af97bdef5e 7560799c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in io_rw_fail
2023/04/25 20:09 https://github.com/google/kmsan.git master 81af97bdef5e 65320f8e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in __io_uring_show_fdinfo
2023/04/25 05:04 https://github.com/google/kmsan.git master 81af97bdef5e fdc18293 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in io_rw_fail
2023/04/24 16:11 https://github.com/google/kmsan.git master 81af97bdef5e fdc18293 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in io_submit_flush_completions
2023/04/23 22:32 https://github.com/google/kmsan.git master 0255004d2a8e 2b32bd34 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in io_rw_fail
2023/04/23 19:58 https://github.com/google/kmsan.git master 0255004d2a8e 2b32bd34 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in io_submit_flush_completions
2023/04/23 18:06 https://github.com/google/kmsan.git master 0255004d2a8e 2b32bd34 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in io_submit_flush_completions
2023/04/23 14:52 https://github.com/google/kmsan.git master 0255004d2a8e 2b32bd34 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in io_submit_flush_completions
2023/04/23 10:44 https://github.com/google/kmsan.git master 0255004d2a8e 2b32bd34 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in __io_req_complete_post
2023/04/22 23:17 https://github.com/google/kmsan.git master 0255004d2a8e 2b32bd34 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in io_submit_flush_completions
2023/04/22 18:36 https://github.com/google/kmsan.git master 0255004d2a8e 2b32bd34 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in io_rw_fail
2023/04/22 13:47 https://github.com/google/kmsan.git master 0255004d2a8e 2b32bd34 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in io_rw_fail
2023/04/22 12:08 https://github.com/google/kmsan.git master 0255004d2a8e 2b32bd34 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in io_submit_flush_completions
2023/04/21 12:14 https://github.com/google/kmsan.git master 0255004d2a8e 2b32bd34 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in io_submit_flush_completions
2023/04/21 08:01 https://github.com/google/kmsan.git master 0255004d2a8e 2b32bd34 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in __io_req_complete_post
2023/04/21 05:30 https://github.com/google/kmsan.git master 0255004d2a8e 2b32bd34 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in io_submit_flush_completions
2023/04/20 15:56 https://github.com/google/kmsan.git master 0255004d2a8e 2b32bd34 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in io_rw_fail
2023/04/20 07:18 https://github.com/google/kmsan.git master 0255004d2a8e a219f34e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in io_submit_flush_completions
2023/04/27 07:37 https://github.com/google/kmsan.git master 81af97bdef5e 19a3dabe .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in io_rw_fail
2023/04/25 07:32 https://github.com/google/kmsan.git master 81af97bdef5e fdc18293 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in io_rw_fail
2023/04/24 06:19 https://github.com/google/kmsan.git master 0255004d2a8e 2b32bd34 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in io_submit_flush_completions
2023/04/23 13:52 https://github.com/google/kmsan.git master 0255004d2a8e 2b32bd34 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in io_rw_fail
2023/04/23 12:26 https://github.com/google/kmsan.git master 0255004d2a8e 2b32bd34 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in io_rw_fail
2023/04/23 09:25 https://github.com/google/kmsan.git master 0255004d2a8e 2b32bd34 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in io_submit_flush_completions
2023/04/23 06:08 https://github.com/google/kmsan.git master 0255004d2a8e 2b32bd34 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in io_rw_fail
2023/04/22 02:43 https://github.com/google/kmsan.git master 0255004d2a8e 2b32bd34 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in io_rw_fail
2023/04/21 21:01 https://github.com/google/kmsan.git master 0255004d2a8e 2b32bd34 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in io_rw_fail
2023/04/21 15:01 https://github.com/google/kmsan.git master 0255004d2a8e 2b32bd34 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in io_rw_fail
2023/04/20 05:38 https://github.com/google/kmsan.git master 0255004d2a8e a219f34e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in io_submit_flush_completions
* Struck through repros no longer work on HEAD.