On 3/16/24 6:42 AM, Edward Adam Davis wrote: > diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c > index cd9a137ad6ce..3db59fd6f676 100644 > --- a/io_uring/io_uring.c > +++ b/io_uring/io_uring.c > @@ -1066,6 +1066,7 @@ static void io_preinit_req(struct io_kiocb *req, struct io_ring_ctx *ctx) > /* not necessary, but safer to zero */ > memset(&req->cqe, 0, sizeof(req->cqe)); > memset(&req->big_cqe, 0, sizeof(req->big_cqe)); > + memset(&req->cmd, 0, sizeof(req->cmd)); > } > > static void io_flush_cached_locked_reqs(struct io_ring_ctx *ctx, This will just silence the syzbot report, as the memory is initialized upfront. But it's not the real fix, as ->done_io could still be recycled from a previous issue. -- Jens Axboe
