syzbot

 sign-in | mailing list | source | docs
🐞 Open [1227]
Subsystems
🐞 Fixed [5670]
🐞 Invalid [13820]
Missing Backports [101]
Kernel Health Bugs/Month Bug Lifetimes Fuzzing Crashes
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KMSAN: uninit-value in io_req_caches_free

Status: auto-closed as invalid on 2022/09/27 16:29
Subsystems: fs io-uring
[Documentation on labels]
First crash: 1022d, last: 946d
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KASAN: use-after-free Read in io_req_caches_free io-uring 1 625d 625d 0/28 auto-obsoleted due to no activity on 2023/03/13 09:57
upstream KMSAN: uninit-value in io_fallback_req_func fs io-uring C 8 890d 890d 0/28 auto-obsoleted due to no activity on 2022/09/28 20:35
upstream general protection fault in io_issue_sqe io-uring fs C done unreliable 502 765d 1122d 0/28 auto-obsoleted due to no activity on 2023/04/19 14:13
Last patch testing requests (2)
Created Duration User Patch Repo Result
2022/09/27 14:30 22m retest repro https://github.com/google/kmsan.git master OK log
2022/09/27 10:30 22m retest repro https://github.com/google/kmsan.git master OK log

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in wq_list_splice fs/io-wq.h:103 [inline]
BUG: KMSAN: uninit-value in io_flush_cached_locked_reqs fs/io_uring.c:1977 [inline]
BUG: KMSAN: uninit-value in io_req_caches_free+0x416/0x640 fs/io_uring.c:9312
 wq_list_splice fs/io-wq.h:103 [inline]
 io_flush_cached_locked_reqs fs/io_uring.c:1977 [inline]
 io_req_caches_free+0x416/0x640 fs/io_uring.c:9312
 io_ring_exit_work+0x242/0xce2 fs/io_uring.c:9496
 process_one_work+0xdb9/0x1820 kernel/workqueue.c:2298
 worker_thread+0x10bc/0x21f0 kernel/workqueue.c:2445
 kthread+0x721/0x850 kernel/kthread.c:327
 ret_from_fork+0x1f/0x30

Uninit was stored to memory at:
 wq_list_add_head fs/io-wq.h:74 [inline]
 __io_free_req+0x564/0x971 fs/io_uring.c:2078
 io_free_req fs/io_uring.c:2356 [inline]
 io_put_req fs/io_uring.c:2440 [inline]
 io_req_task_link_timeout+0x30b/0x660 fs/io_uring.c:6932
 tctx_task_work+0x71c/0xd50 fs/io_uring.c:2245
 task_work_run+0x154/0x290 kernel/task_work.c:164
 exit_task_work include/linux/task_work.h:32 [inline]
 do_exit+0x1332/0x4430 kernel/exit.c:834
 do_group_exit+0x21b/0x450 kernel/exit.c:931
 __do_sys_exit_group kernel/exit.c:942 [inline]
 __se_sys_exit_group kernel/exit.c:940 [inline]
 __x64_sys_exit_group+0x4a/0x60 kernel/exit.c:940
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x44/0xae

Uninit was created at:
 slab_post_alloc_hook mm/slab.h:524 [inline]
 kmem_cache_alloc_bulk+0xec5/0x1560 mm/slub.c:3747
 __io_alloc_req_refill+0x482/0x867 fs/io_uring.c:2015
 io_alloc_req_refill fs/io_uring.c:2041 [inline]
 io_submit_sqes+0x88c/0x1040 fs/io_uring.c:7356
 __do_sys_io_uring_enter fs/io_uring.c:10072 [inline]
 __se_sys_io_uring_enter+0x62f/0x23a0 fs/io_uring.c:10014
 __x64_sys_io_uring_enter+0x19d/0x200 fs/io_uring.c:10014
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x44/0xae

CPU: 1 PID: 41 Comm: kworker/u4:1 Not tainted 5.16.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events_unbound io_ring_exit_work
=====================================================

Crashes (6):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/01/23 19:42 https://github.com/google/kmsan.git master 85cfd6e539bd 214351e1 .config console log report syz C ci-upstream-kmsan-gce KMSAN: uninit-value in io_req_caches_free
2021/12/23 08:51 https://github.com/google/kmsan.git master 81c325bbf94e 6caa12e4 .config console log report syz C ci-upstream-kmsan-gce KMSAN: uninit-value in io_req_caches_free
2022/02/25 13:48 https://github.com/google/kmsan.git master 724946410067 7c337266 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in io_req_caches_free
2022/02/13 17:45 https://github.com/google/kmsan.git master 85cfd6e539bd 8b9ca619 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in io_req_caches_free
2021/12/23 07:47 https://github.com/google/kmsan.git master 81c325bbf94e 6caa12e4 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in io_req_caches_free
2021/12/11 06:16 https://github.com/google/kmsan.git master 8b936c96768e 49ca1f59 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in io_req_caches_free
* Struck through repros no longer work on HEAD.