syzbot

 sign-in | mailing list | source | docs
🐞 Open [954] 🐞 Fixed [4037] 🐞 Invalid [8979] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

KMSAN: uninit-value in io_fallback_req_func

Status: auto-obsoleted due to no activity on 2022/09/28 20:35
Reported-by: syzbot+5ca552d10251920ab7e2@syzkaller.appspotmail.com
First crash: 356d, last: 164d
similar bugs (3):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream general protection fault in io_issue_sqe C done unreliable 502 38d 396d 0/24 upstream: reported C repro on 2021/09/02 17:34
upstream KMSAN: uninit-value in io_req_caches_free C 6 220d 296d 0/24 auto-closed as invalid on 2022/09/27 16:29
upstream KASAN: use-after-free Read in tctx_task_work (2) C unreliable 353 97d 410d 0/24 upstream: reported C repro on 2021/08/19 08:10
Patch testing requests:
Created Duration User Patch Repo Result
2022/09/28 18:30 22m https://github.com/google/kmsan.git master OK log
2022/07/03 05:58 21m gautammenghani201@gmail.com https://github.com/google/kmsan.git master OK log

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in io_fallback_req_func+0x218/0x5f7 fs/io_uring.c:1399
 io_fallback_req_func+0x218/0x5f7 fs/io_uring.c:1399
 process_one_work+0xdb6/0x1820 kernel/workqueue.c:2307
 worker_thread+0x10b3/0x21e0 kernel/workqueue.c:2454
 kthread+0x3c7/0x500 kernel/kthread.c:377
 ret_from_fork+0x1f/0x30

Uninit was created at:
 slab_post_alloc_hook mm/slab.h:737 [inline]
 kmem_cache_alloc_bulk+0xe98/0x1530 mm/slub.c:3744
 __io_alloc_req_refill+0x482/0x867 fs/io_uring.c:2072
 io_alloc_req_refill fs/io_uring.c:2098 [inline]
 io_submit_sqes+0x7d4/0x1a00 fs/io_uring.c:7441
 __do_sys_io_uring_enter fs/io_uring.c:10162 [inline]
 __se_sys_io_uring_enter+0x62f/0x23a0 fs/io_uring.c:10104
 __x64_sys_io_uring_enter+0x19d/0x200 fs/io_uring.c:10104
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x44/0xae

CPU: 0 PID: 3552 Comm: kworker/0:4 Not tainted 5.17.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Comput

Crashes (8):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kmsan-gce 2022/04/22 08:53 https://github.com/google/kmsan.git master 33d9269ef6e0 2738b391 .config log report syz C KMSAN: uninit-value in io_fallback_req_func
ci-upstream-kmsan-gce 2022/04/22 07:31 https://github.com/google/kmsan.git master 33d9269ef6e0 2738b391 .config log report info KMSAN: uninit-value in io_fallback_req_func
ci-upstream-kmsan-gce 2022/03/27 10:12 https://github.com/google/kmsan.git master 97c7732c2bb6 89bc8608 .config log report info KMSAN: uninit-value in io_fallback_req_func
ci-upstream-kmsan-gce 2022/01/02 05:34 https://github.com/google/kmsan.git master 81c325bbf94e e1768e9c .config log report info KMSAN: uninit-value in io_fallback_req_func
ci-upstream-kmsan-gce 2021/11/16 12:44 https://github.com/google/kmsan.git master 386004877847 600426bd .config log report info KMSAN: uninit-value in io_fallback_req_func
ci-upstream-kmsan-gce 2021/10/29 18:14 https://github.com/google/kmsan.git master 45859661869b 2353a3ec .config log report info KMSAN: uninit-value in io_fallback_req_func
ci-upstream-kmsan-gce 2021/10/28 21:12 https://github.com/google/kmsan.git master 1e128e535256 be531bb4 .config log report info KMSAN: uninit-value in io_fallback_req_func
ci-upstream-kmsan-gce 2021/10/12 11:58 https://github.com/google/kmsan.git master c7f84f4e1147 838e7e2c .config log report info KMSAN: uninit-value in io_fallback_req_func
* Struck through repros no longer work on HEAD.