syzbot

 sign-in | mailing list | source | docs
🐞 Open [964] 🐞 Fixed [3807] 🐞 Invalid [8182] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

KMSAN: uninit-value in io_fallback_req_func
Status: upstream: reported C repro on 2022/04/22 09:35
Reported-by: syzbot+5ca552d10251920ab7e2@syzkaller.appspotmail.com
First crash: 227d, last: 35d
similar bugs (2):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream general protection fault in io_issue_sqe C done unreliable 46 9d22h 267d 0/22 upstream: reported C repro on 2021/09/02 17:34
upstream KASAN: use-after-free Read in tctx_task_work (2) C unreliable 333 4d07h 281d 0/22 upstream: reported C repro on 2021/08/19 08:10

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in io_fallback_req_func+0x218/0x5f7 fs/io_uring.c:1399
 io_fallback_req_func+0x218/0x5f7 fs/io_uring.c:1399
 process_one_work+0xdb6/0x1820 kernel/workqueue.c:2307
 worker_thread+0x10b3/0x21e0 kernel/workqueue.c:2454
 kthread+0x3c7/0x500 kernel/kthread.c:377
 ret_from_fork+0x1f/0x30

Uninit was created at:
 slab_post_alloc_hook mm/slab.h:737 [inline]
 kmem_cache_alloc_bulk+0xe98/0x1530 mm/slub.c:3744
 __io_alloc_req_refill+0x482/0x867 fs/io_uring.c:2072
 io_alloc_req_refill fs/io_uring.c:2098 [inline]
 io_submit_sqes+0x7d4/0x1a00 fs/io_uring.c:7441
 __do_sys_io_uring_enter fs/io_uring.c:10162 [inline]
 __se_sys_io_uring_enter+0x62f/0x23a0 fs/io_uring.c:10104
 __x64_sys_io_uring_enter+0x19d/0x200 fs/io_uring.c:10104
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x44/0xae

CPU: 0 PID: 3552 Comm: kworker/0:4 Not tainted 5.17.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Comput

Crashes (8):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kmsan-gce 2022/04/22 08:53 https://github.com/google/kmsan.git master 33d9269ef6e0 2738b391 .config log report syz C KMSAN: uninit-value in io_fallback_req_func
ci-upstream-kmsan-gce 2022/04/22 07:31 https://github.com/google/kmsan.git master 33d9269ef6e0 2738b391 .config log report info KMSAN: uninit-value in io_fallback_req_func
ci-upstream-kmsan-gce 2022/03/27 10:12 https://github.com/google/kmsan.git master 97c7732c2bb6 89bc8608 .config log report info KMSAN: uninit-value in io_fallback_req_func
ci-upstream-kmsan-gce 2022/01/02 05:34 https://github.com/google/kmsan.git master 81c325bbf94e e1768e9c .config log report info KMSAN: uninit-value in io_fallback_req_func
ci-upstream-kmsan-gce 2021/11/16 12:44 https://github.com/google/kmsan.git master 386004877847 600426bd .config log report info KMSAN: uninit-value in io_fallback_req_func
ci-upstream-kmsan-gce 2021/10/29 18:14 https://github.com/google/kmsan.git master 45859661869b 2353a3ec .config log report info KMSAN: uninit-value in io_fallback_req_func
ci-upstream-kmsan-gce 2021/10/28 21:12 https://github.com/google/kmsan.git master 1e128e535256 be531bb4 .config log report info KMSAN: uninit-value in io_fallback_req_func
ci-upstream-kmsan-gce 2021/10/12 11:58 https://github.com/google/kmsan.git master c7f84f4e1147 838e7e2c .config log report info KMSAN: uninit-value in io_fallback_req_func