Re: [syzbot] [io-uring?] KMSAN: uninit-value in io_issue_sqe
From: Jens Axboe
Date: Thu May 30 2024 - 16:07:37 EST
On 5/27/24 7:22 AM, syzbot wrote:
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: 614da38e2f7a Merge tag 'hid-for-linus-2024051401' of git:/..
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=11b9b972980000
> kernel config: https://syzkaller.appspot.com/x/.config?x=f5d2cbf33633f507
> dashboard link: https://syzkaller.appspot.com/bug?extid=b1647099e82b3b349fbf
> compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
>
> Unfortunately, I don't have any reproducer for this issue yet.
>
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/89eafb874b71/disk-614da38e.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/356000512ad9/vmlinux-614da38e.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/839c73939115/bzImage-614da38e.xz
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+b1647099e82b3b349fbf@xxxxxxxxxxxxxxxxxxxxxxxxx
>
> =====================================================
> BUG: KMSAN: uninit-value in io_req_cqe_overflow io_uring/io_uring.c:810 [inline]
> BUG: KMSAN: uninit-value in io_req_complete_post io_uring/io_uring.c:937 [inline]
> BUG: KMSAN: uninit-value in io_issue_sqe+0x1f1b/0x22c0 io_uring/io_uring.c:1763
Should be fixed by:
https://lore.kernel.org/io-uring/c52d9b19-7fd7-4fb1-b396-632b9f0f612d@xxxxxxxxx/
#syz fix: io_uring/net: assign kmsg inq/flags before buffer selection
--
Jens Axboe