Received: by 2002:a05:7412:b995:b0:f9:9502:5bb8 with SMTP id it21csp239976rdb; Thu, 21 Dec 2023 07:57:25 -0800 (PST) X-Google-Smtp-Source: AGHT+IEu5X8ZtcLXFW8vtnYak/KkwJxopxlve75XFamZfkqj2eAZHwzRND0WIgO401MTsnTbNLr8 X-Received: by 2002:a2e:6e05:0:b0:2cc:856c:5bd1 with SMTP id j5-20020a2e6e05000000b002cc856c5bd1mr2199995ljc.32.1703174245344; Thu, 21 Dec 2023 07:57:25 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1703174245; cv=none; d=google.com; s=arc-20160816; b=uGPAPg6j5C0F7+g9H+YvqINQR+bEekN42bZl1JaApjXyWfdtNpzMfpNjVKsPU9o+Y+ ye2zKZmt2z4KqNWXxAljJElw19pIJB1p+gg1n3Vv0nXtfsbMLD6DxuBEsiLXJtwJQrEB oRS1N6Ie3eYaU6dZNw22mNRkH10wVdhkg4KPHZpJJ9XqSfbOjtm8eTN1g0Cm+NXQeWfg THkPM2gOYYkcDtZVsKlk9jdV4Q9KQR6r5lcwFyAE8lkMi6QXdt+yY0i59rWX/iAckvGt qb8C3WyE8uI/D61HxSH69hxyW0v8AB6jdLEwm5AO5gT4Im6HzOPG5S7TiyzvnRfW/7sX YbTQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:date:message-id:dkim-signature; bh=1Lh0BKtyrN6yro9u80s5vCgpZBYXmKXJHEdT+0k/Q74=; fh=Scdo/OUcd+/zKXud9+GRj0qOXCHIt/0Ix90gOxSJEFY=; b=QBzyOYazi+skKfl1vEX68CyitSzmUXi4irfAvN+KQAkhN0Stgg3/euEanCuP13y7qV xxvBfl8FCQGLvizZdTb/UsHmi9U7/Mhhfo05rFH17SeIC43bcTAbSO+gZ3egLfHO4ZB7 ds4TDYor3Er4iT6CMjM0dnYYlgnaXg7plrmwYCSLOZQefo5Vwi11yDSWfJhXKgiFrEnE Bu9VuvC9SGHQrc9PngoVp+NwPPuYqEXOiBM65BMVbmN9d5aCrp/tV+AmGqFRNrqyxStP KGMWSbWCPCuyeFO3jolyuFzRZ8qC5wD0WOzOpnHgohZ/hlzn2Z96+OEIoOPjrzYxHD6d bgdg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel-dk.20230601.gappssmtp.com header.s=20230601 header.b=FDr8+EXO; spf=pass (google.com: domain of linux-kernel+bounces-8701-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8701-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id cn20-20020a0564020cb400b0055386ca9e0bsi969410edb.286.2023.12.21.07.57.25 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 07:57:25 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-8701-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel-dk.20230601.gappssmtp.com header.s=20230601 header.b=FDr8+EXO; spf=pass (google.com: domain of linux-kernel+bounces-8701-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-8701-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 0371A1F28FE5 for ; Thu, 21 Dec 2023 15:46:57 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 8506D53A18; Thu, 21 Dec 2023 15:46:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel-dk.20230601.gappssmtp.com header.i=@kernel-dk.20230601.gappssmtp.com header.b="FDr8+EXO" X-Original-To: linux-kernel@vger.kernel.org Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com [209.85.214.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3E3EC539FD for ; Thu, 21 Dec 2023 15:46:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=kernel.dk Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=kernel.dk Received: by mail-pl1-f173.google.com with SMTP id d9443c01a7336-1d3d3f0afc4so2362305ad.1 for ; Thu, 21 Dec 2023 07:46:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel-dk.20230601.gappssmtp.com; s=20230601; t=1703173592; x=1703778392; darn=vger.kernel.org; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=1Lh0BKtyrN6yro9u80s5vCgpZBYXmKXJHEdT+0k/Q74=; b=FDr8+EXO9DzACRVq9DLbzrnmCMNMI58h9+3DztlZjs9++HEKGqUcCzoRjMsbTZEQXD +LkHEP189HUbtFaeScq4wZRZv4FMI/yi0+JHV7ptTfufOIG23V9JxP45P7CLTSZQi0RJ K32/0kdCSe/kllBQlJW+RZz40vHoCHRjYpfP9yZBy0YMSJAmsHS48svKo+DDY9G4WsDj L5dcBRUui3BQKQCtqITkRF4aGtyy89Xdwfei7RDJ5ZaUHWdiHYUzYluEk87bp3eobJn/ YtomhUz5O1s8m+WZGd9nHMlj+S4cOd2Xcjlq6XbjvcEf+WYUIhhTg2DqqfzwyBAKs2yZ 5+QQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703173592; x=1703778392; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=1Lh0BKtyrN6yro9u80s5vCgpZBYXmKXJHEdT+0k/Q74=; b=iK/NTRHySjXrdKK2zvl6nFXBGvHvmrr1o80aAt11GTagDHtX1dJ9F+rgvThjR1LWT2 yJjfH3DDr+dXWwPGB+bdwGqBJPux8W/7X7vWAvdCAbw7x8HfQ3klPOq5TPMRYWwqqGjm 2N6jhBiN9qyYXcxwUy/FxWp9RzvFRgfhLzMl0TgzVI8HKxYXtYMVoi8fXF4dTIkrvK6Y +bRMUOwNlcfKo1/IWqZTVUfc1AdH8JUTIxa5tJ5ywZlxLNMMNvG6/9mgqty1W6rh/IYS 9pPURH51ECgYsiyxkW3m4Gbc7HUlBaFythI06XhJ2Nq+jHt1cZaHeGX+grdDcf0m49Dx 1Cbw== X-Gm-Message-State: AOJu0Yz5DR76ZYi7aE9W4YDI/nEcsstMNAk1keq5ssGI2leuE3Lj2iUE Oodu8NBLGa3eIU4lTqkqKL5JvA== X-Received: by 2002:a17:902:e88c:b0:1d3:f2df:da26 with SMTP id w12-20020a170902e88c00b001d3f2dfda26mr4798309plg.1.1703173592555; Thu, 21 Dec 2023 07:46:32 -0800 (PST) Received: from [192.168.1.150] ([198.8.77.194]) by smtp.gmail.com with ESMTPSA id be10-20020a170902aa0a00b001d3c3d486bfsm1784959plb.163.2023.12.21.07.46.31 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 21 Dec 2023 07:46:32 -0800 (PST) Message-ID: Date: Thu, 21 Dec 2023 08:46:30 -0700 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: KMSAN: uninit-value in io_rw_fail Content-Language: en-US To: xingwei lee , syzbot+12dde80bf174ac8ae285@syzkaller.appspotmail.com Cc: asml.silence@gmail.com, io-uring@vger.kernel.org, linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com, glider@google.com References: From: Jens Axboe In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit On 12/21/23 3:58 AM, xingwei lee wrote: > Hello I found a bug in io_uring and comfirmed at the latest upstream > mainine linux. > TITLE: KMSAN: uninit-value in io_rw_fail > and I find this bug maybe existed in the > https://syzkaller.appspot.com/bug?extid=12dde80bf174ac8ae285 but do > not have a stable reproducer. > However, I generate a stable reproducer and comfirmed in the latest mainline. I took a look at that one and can't see anything wrong, is that one still triggering? In any case, this one is different, as it's the writev path. Can you try the below? diff --git a/io_uring/rw.c b/io_uring/rw.c index 4943d683508b..0c856726b15d 100644 --- a/io_uring/rw.c +++ b/io_uring/rw.c @@ -589,15 +589,19 @@ static inline int io_rw_prep_async(struct io_kiocb *req, int rw) struct iovec *iov; int ret; + iorw->bytes_done = 0; + iorw->free_iovec = NULL; + /* submission path, ->uring_lock should already be taken */ ret = io_import_iovec(rw, req, &iov, &iorw->s, 0); if (unlikely(ret < 0)) return ret; - iorw->bytes_done = 0; - iorw->free_iovec = iov; - if (iov) + if (iov) { + iorw->free_iovec = iov; req->flags |= REQ_F_NEED_CLEANUP; + } + return 0; } -- Jens Axboe