syzbot


KMSAN: uninit-value in io_req_cqe_overflow

Status: upstream: reported C repro on 2022/09/06 13:22
Reported-by: syzbot+12dde80bf174ac8ae285@syzkaller.appspotmail.com
First crash: 90d, last: 1d11h
similar bugs (2):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in preempt_count_add C 6657 48d 48d 0/24 closed as invalid on 2022/10/10 13:29
upstream general protection fault in io_issue_sqe C done unreliable 502 93d 450d 0/24 upstream: reported C repro on 2021/09/02 17:34

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in io_req_cqe_overflow+0x1f8/0x220 io_uring/io_uring.c:687
 io_req_cqe_overflow+0x1f8/0x220 io_uring/io_uring.c:687
 __io_fill_cqe_req+0x4ad/0x830 io_uring/io_uring.h:121
 __io_submit_flush_completions io_uring/io_uring.c:1192 [inline]
 io_submit_flush_completions+0x11c/0x390 io_uring/io_uring.c:166
 io_submit_state_end io_uring/io_uring.c:2025 [inline]
 io_submit_sqes+0x7d3/0xd50 io_uring/io_uring.c:2137
 __do_sys_io_uring_enter io_uring/io_uring.c:3053 [inline]
 __se_sys_io_uring_enter+0x597/0x1d30 io_uring/io_uring.c:2983
 __x64_sys_io_uring_enter+0x117/0x190 io_uring/io_uring.c:2983
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Uninit was stored to memory at:
 io_req_set_res io_uring/io_uring.h:156 [inline]
 io_recv_finish io_uring/net.c:537 [inline]
 io_recv+0x18ee/0x1d00 io_uring/net.c:845
 io_issue_sqe+0x3b1/0x11d0 io_uring/io_uring.c:1576
 io_queue_sqe io_uring/io_uring.c:1753 [inline]
 io_submit_sqe+0xb40/0x1be0 io_uring/io_uring.c:2011
 io_submit_sqes+0x542/0xd50 io_uring/io_uring.c:2122
 __do_sys_io_uring_enter io_uring/io_uring.c:3053 [inline]
 __se_sys_io_uring_enter+0x597/0x1d30 io_uring/io_uring.c:2983
 __x64_sys_io_uring_enter+0x117/0x190 io_uring/io_uring.c:2983
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Local variable msg created at:
 io_recv+0x4b/0x1d00 io_uring/net.c:763
 io_issue_sqe+0x3b1/0x11d0 io_uring/io_uring.c:1576

CPU: 0 PID: 3487 Comm: syz-executor126 Not tainted 6.0.0-rc2-syzkaller-47461-gac3859c02d7f #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
=====================================================

Crashes (168):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kmsan-gce 2022/08/28 15:47 https://github.com/google/kmsan.git master ac3859c02d7f 07177916 .config log report syz C KMSAN: uninit-value in io_req_cqe_overflow
ci-upstream-kmsan-gce 2022/10/25 03:04 https://github.com/google/kmsan.git master 968c2729e576 ff2fe65d .config log report info KMSAN: uninit-value in io_req_cqe_overflow
ci-upstream-kmsan-gce 2022/10/25 00:40 https://github.com/google/kmsan.git master 968c2729e576 ff2fe65d .config log report info KMSAN: uninit-value in io_req_cqe_overflow
ci-upstream-kmsan-gce 2022/10/24 14:49 https://github.com/google/kmsan.git master 968c2729e576 23bf86af .config log report info KMSAN: uninit-value in io_req_cqe_overflow
ci-upstream-kmsan-gce 2022/10/23 21:09 https://github.com/google/kmsan.git master 968c2729e576 23bf86af .config log report info KMSAN: uninit-value in io_req_cqe_overflow
ci-upstream-kmsan-gce 2022/10/23 10:33 https://github.com/google/kmsan.git master 968c2729e576 c0b80a55 .config log report info KMSAN: uninit-value in io_req_cqe_overflow
ci-upstream-kmsan-gce 2022/10/23 03:55 https://github.com/google/kmsan.git master 968c2729e576 c0b80a55 .config log report info KMSAN: uninit-value in io_req_cqe_overflow
ci-upstream-kmsan-gce 2022/10/22 14:28 https://github.com/google/kmsan.git master 968c2729e576 c0b80a55 .config log report info KMSAN: uninit-value in io_req_cqe_overflow
ci-upstream-kmsan-gce 2022/10/21 01:01 https://github.com/google/kmsan.git master 968c2729e576 a0fd4dab .config log report info KMSAN: uninit-value in io_req_cqe_overflow
ci-upstream-kmsan-gce 2022/10/20 16:14 https://github.com/google/kmsan.git master 968c2729e576 b31320fc .config log report info KMSAN: uninit-value in io_req_cqe_overflow
ci-upstream-kmsan-gce 2022/10/20 13:36 https://github.com/google/kmsan.git master 968c2729e576 b31320fc .config log report info KMSAN: uninit-value in io_req_cqe_overflow
ci-upstream-kmsan-gce 2022/10/20 08:24 https://github.com/google/kmsan.git master 968c2729e576 b31320fc .config log report info KMSAN: uninit-value in io_req_cqe_overflow
ci-upstream-kmsan-gce 2022/10/20 07:16 https://github.com/google/kmsan.git master 968c2729e576 b31320fc .config log report info KMSAN: uninit-value in io_req_cqe_overflow
ci-upstream-kmsan-gce 2022/10/20 04:56 https://github.com/google/kmsan.git master 968c2729e576 b31320fc .config log report info KMSAN: uninit-value in io_req_cqe_overflow
ci-upstream-kmsan-gce 2022/08/28 14:49 https://github.com/google/kmsan.git master ac3859c02d7f 07177916 .config log report info KMSAN: uninit-value in io_req_cqe_overflow
ci-upstream-kmsan-gce-386 2022/11/02 04:48 https://github.com/google/kmsan.git master be8b0d020631 edac4fd1 .config log report info KMSAN: uninit-value in io_req_cqe_overflow
ci-upstream-kmsan-gce-386 2022/10/24 11:15 https://github.com/google/kmsan.git master 968c2729e576 23bf86af .config log report info KMSAN: uninit-value in io_req_cqe_overflow
ci-upstream-kasan-gce-smack-root 2022/10/17 00:00 upstream 55be6084c8e0 67cb024c .config log report info KASAN: use-after-free Read in __io_uring_show_fdinfo
ci-upstream-kmsan-gce 2022/11/25 13:14 https://github.com/google/kmsan.git master a472f15b3d1e 74a66371 .config log report info KMSAN: uninit-value in io_rw_fail
ci-upstream-kmsan-gce 2022/11/25 00:20 https://github.com/google/kmsan.git master e889f323ec44 62e26685 .config log report info KMSAN: uninit-value in io_rw_fail
ci-upstream-kmsan-gce 2022/11/24 04:17 https://github.com/google/kmsan.git master ddce02aa9c40 12c66417 .config log report info KMSAN: uninit-value in io_rw_fail
ci-upstream-kmsan-gce 2022/11/23 00:13 https://github.com/google/kmsan.git master ddce02aa9c40 9da37ae8 .config log report info KMSAN: uninit-value in io_rw_fail
ci-upstream-kmsan-gce 2022/11/22 07:36 https://github.com/google/kmsan.git master 6b3059a0a074 1c576c23 .config log report info KMSAN: uninit-value in io_rw_fail
ci-upstream-kmsan-gce 2022/11/22 01:09 https://github.com/google/kmsan.git master 6b3059a0a074 1c576c23 .config log report info KMSAN: uninit-value in io_rw_fail
ci-upstream-kmsan-gce 2022/11/21 20:33 https://github.com/google/kmsan.git master 6b3059a0a074 1c576c23 .config log report info KMSAN: uninit-value in io_rw_fail
ci-upstream-kmsan-gce 2022/11/15 17:51 https://github.com/google/kmsan.git master cb231e2f67ec 97de9cfc .config log report info KMSAN: uninit-value in io_rw_fail
ci-upstream-kmsan-gce 2022/11/15 00:28 https://github.com/google/kmsan.git master cb231e2f67ec 943f4cb8 .config log report info KMSAN: uninit-value in io_rw_fail
ci-upstream-kmsan-gce 2022/11/14 04:56 https://github.com/google/kmsan.git master cb231e2f67ec 3ead01ad .config log report info KMSAN: uninit-value in io_rw_fail
ci-upstream-kmsan-gce 2022/11/13 12:57 https://github.com/google/kmsan.git master cb231e2f67ec 3ead01ad .config log report info KMSAN: uninit-value in io_rw_fail
ci-upstream-kmsan-gce 2022/11/11 13:47 https://github.com/google/kmsan.git master cb231e2f67ec 3ead01ad .config log report info KMSAN: uninit-value in io_rw_fail
ci-upstream-kmsan-gce 2022/11/11 01:31 https://github.com/google/kmsan.git master 9b1ac640862d 3ead01ad .config log report info KMSAN: uninit-value in io_rw_fail
ci-upstream-kmsan-gce 2022/11/10 19:00 https://github.com/google/kmsan.git master 9b1ac640862d 3ead01ad .config log report info KMSAN: uninit-value in io_rw_fail
ci-upstream-kmsan-gce 2022/11/09 09:42 https://github.com/google/kmsan.git master b1376a14297d 5fa28208 .config log report info KMSAN: uninit-value in io_rw_fail
ci-upstream-kmsan-gce 2022/11/05 04:34 https://github.com/google/kmsan.git master 53d6b047b069 6d752409 .config log report info KMSAN: uninit-value in io_rw_fail
ci-upstream-kmsan-gce 2022/11/01 21:36 https://github.com/google/kmsan.git master be8b0d020631 edac4fd1 .config log report info KMSAN: uninit-value in io_rw_fail
ci-upstream-kmsan-gce 2022/11/01 03:48 https://github.com/google/kmsan.git master be8b0d020631 a1d8560a .config log report info KMSAN: uninit-value in io_rw_fail
ci-upstream-kmsan-gce 2022/10/31 08:42 https://github.com/google/kmsan.git master be8b0d020631 2a71366b .config log report info KMSAN: uninit-value in io_rw_fail
ci-upstream-kmsan-gce 2022/10/30 22:52 https://github.com/google/kmsan.git master be8b0d020631 2a71366b .config log report info KMSAN: uninit-value in io_rw_fail
ci-upstream-kmsan-gce 2022/10/26 03:27 https://github.com/google/kmsan.git master da7a7c9082c9 1984aebd .config log report info KMSAN: uninit-value in io_rw_fail
ci-upstream-kmsan-gce 2022/10/25 08:25 https://github.com/google/kmsan.git master 4a3e741a3d6a 45645420 .config log report info KMSAN: uninit-value in io_rw_fail
ci-upstream-kmsan-gce 2022/10/25 07:04 https://github.com/google/kmsan.git master 4a3e741a3d6a 45645420 .config log report info KMSAN: uninit-value in io_rw_fail
ci-upstream-kmsan-gce 2022/10/25 05:58 https://github.com/google/kmsan.git master 4a3e741a3d6a 45645420 .config log report info KMSAN: uninit-value in io_rw_fail
ci-upstream-kmsan-gce 2022/10/14 20:42 https://github.com/google/kmsan.git master 968c2729e576 4954e4b2 .config log report info KMSAN: uninit-value in __io_uring_show_fdinfo
ci-upstream-kmsan-gce-386 2022/11/24 22:05 https://github.com/google/kmsan.git master e889f323ec44 62e26685 .config log report info KMSAN: uninit-value in io_rw_fail
ci-upstream-kmsan-gce-386 2022/11/23 01:15 https://github.com/google/kmsan.git master ddce02aa9c40 9da37ae8 .config log report info KMSAN: uninit-value in io_rw_fail
ci-upstream-kmsan-gce-386 2022/11/17 14:42 https://github.com/google/kmsan.git master cb231e2f67ec 3a127a31 .config log report info KMSAN: uninit-value in io_rw_fail
ci-upstream-kmsan-gce-386 2022/11/13 07:33 https://github.com/google/kmsan.git master cb231e2f67ec 3ead01ad .config log report info KMSAN: uninit-value in io_rw_fail
ci-upstream-kmsan-gce-386 2022/11/04 05:07 https://github.com/google/kmsan.git master e5527cb41a93 6d752409 .config log report info KMSAN: uninit-value in io_rw_fail
ci-upstream-kmsan-gce-386 2022/11/02 21:47 https://github.com/google/kmsan.git master f2d7b53c0153 08977f5d .config log report info KMSAN: uninit-value in io_rw_fail
ci-upstream-kmsan-gce-386 2022/10/30 07:27 https://github.com/google/kmsan.git master be8b0d020631 2a71366b .config log report info KMSAN: uninit-value in io_rw_fail
ci-upstream-kmsan-gce-386 2022/10/28 01:25 https://github.com/google/kmsan.git master 1aa4f78e4630 86777b7f .config log report info KMSAN: uninit-value in io_rw_fail
ci-upstream-kmsan-gce-386 2022/10/25 13:33 https://github.com/google/kmsan.git master 4a3e741a3d6a 45645420 .config log report info KMSAN: uninit-value in io_rw_fail
* Struck through repros no longer work on HEAD.