syzbot

 sign-in | mailing list | source | docs
🐞 Open [994] Subsystems 🐞 Fixed [5244] 🐞 Invalid [12516] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KMSAN: uninit-value in io_sendrecv_fail

Status: fixed on 2024/04/10 03:59
Subsystems: io-uring
[Documentation on labels]
Reported-by: syzbot+f8e9a371388aa62ecab4@syzkaller.appspotmail.com
Fix commit: e21e1c45e1fe io_uring: clear opcode specific data for an early failure
First crash: 46d, last: 35d
Discussions (8)
Title Replies (including bot) Last reply
[PATCH AUTOSEL 6.1 13/15] io_uring: clear opcode specific data for an early failure 1 (1) 2024/04/03 17:18
[PATCH AUTOSEL 6.6 15/20] io_uring: clear opcode specific data for an early failure 1 (1) 2024/04/03 17:17
[PATCH AUTOSEL 6.8 22/28] io_uring: clear opcode specific data for an early failure 1 (1) 2024/04/03 17:16
[PATCH 2/2] io_uring: clear opcode specific data for an early failure 1 (1) 2024/03/16 17:29
[syzbot] [io-uring?] KMSAN: uninit-value in io_sendrecv_fail 8 (15) 2024/03/16 17:18
[PATCH] io_uring: fix uninit-value in io_sendrecv_fail 2 (2) 2024/03/16 13:11
[PATCH v2] io_uring/net: ensure async prep handlers always initialize ->done_io 1 (1) 2024/03/15 22:48
[PATCH] io_uring/net: ensure async prep handlers always initialize ->done_io 1 (1) 2024/03/15 22:39
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KASAN: use-after-free Write in io_sendrecv_fail io-uring C 75 558d 581d 22/26 fixed on 2023/02/24 13:50
Last patch testing requests (6)
Created Duration User Patch Repo Result
2024/03/16 16:36 26m axboe@kernel.dk git://git.kernel.dk/linux.git io_uring-6.9 OK log
2024/03/16 16:01 24m axboe@kernel.dk git://git.kernel.dk/linux.git io_uring-6.9 report log
2024/03/16 14:42 26m axboe@kernel.dk git://git.kernel.dk/linux.git io_uring-6.9 OK log
2024/03/16 13:13 19m axboe@kernel.dk git://git.kernel.dk/linux.git io_uring-6.9 report log
2024/03/16 03:48 2h47m eadavis@qq.com patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master OK log
2024/03/15 22:38 5h40m axboe@kernel.dk git://git.kernel.dk/linux.git io_uring-6.0 error OK

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in io_sendrecv_fail+0x91/0x1e0 io_uring/net.c:1334
 io_sendrecv_fail+0x91/0x1e0 io_uring/net.c:1334
 io_req_defer_failed+0x3bd/0x610 io_uring/io_uring.c:1050
 io_queue_sqe_fallback+0x1e3/0x280 io_uring/io_uring.c:2126
 io_submit_fail_init+0x4e1/0x790 io_uring/io_uring.c:2304
 io_submit_sqes+0x19cd/0x2fb0 io_uring/io_uring.c:2480
 __do_sys_io_uring_enter io_uring/io_uring.c:3656 [inline]
 __se_sys_io_uring_enter+0x409/0x43e0 io_uring/io_uring.c:3591
 __x64_sys_io_uring_enter+0x11b/0x1a0 io_uring/io_uring.c:3591
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x63/0x6b

Uninit was created at:
 __alloc_pages+0x9a6/0xe00 mm/page_alloc.c:4592
 __alloc_pages_node include/linux/gfp.h:238 [inline]
 alloc_pages_node include/linux/gfp.h:261 [inline]
 alloc_slab_page mm/slub.c:2190 [inline]
 allocate_slab mm/slub.c:2354 [inline]
 new_slab+0x2d7/0x1400 mm/slub.c:2407
 ___slab_alloc+0x16b5/0x3970 mm/slub.c:3540
 __kmem_cache_alloc_bulk mm/slub.c:4574 [inline]
 kmem_cache_alloc_bulk+0x52a/0x1440 mm/slub.c:4648
 __io_alloc_req_refill+0x248/0x780 io_uring/io_uring.c:1101
 io_alloc_req io_uring/io_uring.h:405 [inline]
 io_submit_sqes+0xaa1/0x2fb0 io_uring/io_uring.c:2469
 __do_sys_io_uring_enter io_uring/io_uring.c:3656 [inline]
 __se_sys_io_uring_enter+0x409/0x43e0 io_uring/io_uring.c:3591
 __x64_sys_io_uring_enter+0x11b/0x1a0 io_uring/io_uring.c:3591
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x63/0x6b

CPU: 1 PID: 5021 Comm: syz-executor425 Not tainted 6.8.0-syzkaller-00648-g8ede842f669b #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
=====================================================

Crashes (29):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/03/12 01:03 upstream 8ede842f669b 6ee49f2e .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in io_sendrecv_fail
2024/03/23 03:56 upstream 4f55aa85a874 0ea90952 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in io_sendrecv_fail
2024/03/21 15:10 upstream 23956900041d 6753db5c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in io_sendrecv_fail
2024/03/19 18:47 upstream b3603fcb79b1 baa80228 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in io_sendrecv_fail
2024/03/19 13:17 upstream b3603fcb79b1 baa80228 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in io_sendrecv_fail
2024/03/16 00:42 upstream e5eb28f6d1af d615901c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in io_sendrecv_fail
2024/03/16 00:41 upstream e5eb28f6d1af d615901c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in io_sendrecv_fail
2024/03/16 00:25 upstream e5eb28f6d1af d615901c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in io_sendrecv_fail
2024/03/15 10:16 upstream fe46a7dd189e d615901c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in io_sendrecv_fail
2024/03/14 23:16 upstream fe46a7dd189e d615901c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in io_sendrecv_fail
2024/03/14 20:22 upstream 480e035fc4c7 d615901c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in io_sendrecv_fail
2024/03/14 03:23 upstream 61387b8dcf1d f919f202 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in io_sendrecv_fail
2024/03/13 14:40 upstream 9187210eee7d db5b7ff0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in io_sendrecv_fail
2024/03/13 10:59 upstream 9187210eee7d db5b7ff0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in io_sendrecv_fail
2024/03/11 22:54 upstream 8ede842f669b 6ee49f2e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in io_sendrecv_fail
2024/03/11 22:17 upstream 8ede842f669b 6ee49f2e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in io_sendrecv_fail
2024/03/23 01:33 upstream 4f55aa85a874 7a239ce7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in io_sendrecv_fail
2024/03/22 21:43 upstream 241590e5a1d1 7a239ce7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in io_sendrecv_fail
2024/03/21 15:39 upstream 23956900041d 6753db5c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in io_sendrecv_fail
2024/03/19 11:37 upstream b3603fcb79b1 baa80228 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in io_sendrecv_fail
2024/03/19 11:35 upstream b3603fcb79b1 baa80228 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in io_sendrecv_fail
2024/03/19 11:08 upstream b3603fcb79b1 baa80228 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in io_sendrecv_fail
2024/03/14 03:08 upstream 61387b8dcf1d f919f202 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in io_sendrecv_fail
2024/03/13 22:06 upstream 61387b8dcf1d f919f202 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in io_sendrecv_fail
2024/03/13 15:21 upstream 9187210eee7d db5b7ff0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in io_sendrecv_fail
2024/03/13 14:39 upstream 9187210eee7d db5b7ff0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in io_sendrecv_fail
2024/03/12 14:31 upstream 855684c7d938 c35c26ec .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in io_sendrecv_fail
2024/03/12 01:23 upstream 8ede842f669b 6ee49f2e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in io_sendrecv_fail
2024/03/11 22:51 upstream 8ede842f669b 6ee49f2e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in io_sendrecv_fail
* Struck through repros no longer work on HEAD.