syzbot


KMSAN: kernel-infoleak in __skb_datagram_iter (2)

Status: fixed on 2024/03/25 23:45
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+34ad5fab48f7bf510349@syzkaller.appspotmail.com
Fix commit: 661779e1fcaf netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter
First crash: 193d, last: 20d
Discussions (8)
Title Replies (including bot) Last reply
[PATCH net] netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter 3 (3) 2024/02/23 03:10
Re: [syzbot] [PATCH net] netlink: Fix kernel-infoleak in __skb_datagram_iter() 0 (1) 2024/02/20 12:00
[syzbot] [net?] KMSAN: kernel-infoleak in __skb_datagram_iter (2) 0 (2) 2024/02/20 07:16
Re: [syzbot] [PATCH net] netlink: Fix kernel-infoleak in __skb_datagram_iter() 0 (1) 2024/02/20 04:49
Re: [syzbot] [PATCH net] netlink: Fix kernel-infoleak in __skb_datagram_iter() 0 (1) 2024/02/20 02:42
Re: [syzbot] Re: [PATCH] net: Fix kernel-infoleak in __skb_datagram_iter (2) 0 (1) 2024/02/17 14:51
Re: [syzbot] Re: [PATCH] net: Fix kernel-infoleak in __skb_datagram_iter (2) 0 (1) 2024/02/17 12:40
Re: [syzbot] [PATCH] net: Fix kernel-infoleak in __skb_datagram_iter (2) 0 (1) 2024/02/15 09:27
Similar bugs (5)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: kernel-infoleak in copyout (2) net C 6723 311d 1480d 22/26 fixed on 2023/06/08 14:41
upstream KMSAN: kernel-infoleak in __skb_datagram_iter (3) net C 10 7d22h 18d 23/26 internal: reported C repro on 2024/03/27 05:33
upstream KMSAN: kernel-infoleak in __skb_datagram_iter net 68 201d 306d 23/26 fixed on 2023/09/28 17:51
android-5-15 KASAN: use-after-free Read in __skb_datagram_iter origin:upstream C done 1 123d 153d 0/2 auto-obsoleted due to no activity on 2024/03/22 20:57
upstream KASAN: use-after-free Read in __skb_datagram_iter net 431 1076d 1084d 0/26 auto-closed as invalid on 2021/07/03 04:24
Last patch testing requests (9)
Created Duration User Patch Repo Result
2024/02/20 12:00 23m ryasuoka@redhat.com patch git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 5bd7ef53ffe5ca580e93e74eb8c81ed191ddc4bd OK log
2024/02/20 09:20 23m retest repro upstream OK log
2024/02/20 07:16 24m syoshida@redhat.com patch git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 5bd7ef53ffe5ca580e93e74eb8c81ed191ddc4bd OK log
2024/02/20 04:49 20m ryasuoka@redhat.com patch upstream error OK
2024/02/20 02:42 0m ryasuoka@redhat.com patch git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 5bd7ef53ffe5 error OK
2024/02/17 14:51 0m ryasuoka@redhat.com patch git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 9f8413c4a66f error OK
2024/02/17 12:40 3m ryasuoka@redhat.com patch upstream error OK
2024/02/15 09:27 0m ryasuoka@redhat.com patch upstream error OK
2023/12/05 04:53 25m retest repro upstream OK log

Sample crash report:
=====================================================
BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]
BUG: KMSAN: kernel-infoleak in copy_to_user_iter lib/iov_iter.c:24 [inline]
BUG: KMSAN: kernel-infoleak in iterate_ubuf include/linux/iov_iter.h:29 [inline]
BUG: KMSAN: kernel-infoleak in iterate_and_advance2 include/linux/iov_iter.h:245 [inline]
BUG: KMSAN: kernel-infoleak in iterate_and_advance include/linux/iov_iter.h:271 [inline]
BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x364/0x2520 lib/iov_iter.c:186
 instrument_copy_to_user include/linux/instrumented.h:114 [inline]
 copy_to_user_iter lib/iov_iter.c:24 [inline]
 iterate_ubuf include/linux/iov_iter.h:29 [inline]
 iterate_and_advance2 include/linux/iov_iter.h:245 [inline]
 iterate_and_advance include/linux/iov_iter.h:271 [inline]
 _copy_to_iter+0x364/0x2520 lib/iov_iter.c:186
 copy_to_iter include/linux/uio.h:197 [inline]
 simple_copy_to_iter+0x68/0xa0 net/core/datagram.c:532
 __skb_datagram_iter+0x123/0xdc0 net/core/datagram.c:420
 skb_copy_datagram_iter+0x5c/0x200 net/core/datagram.c:546
 skb_copy_datagram_msg include/linux/skbuff.h:3960 [inline]
 netlink_recvmsg+0x432/0x1600 net/netlink/af_netlink.c:1967
 sock_recvmsg_nosec net/socket.c:1044 [inline]
 sock_recvmsg net/socket.c:1066 [inline]
 __sys_recvfrom+0x505/0x810 net/socket.c:2246
 __do_sys_recvfrom net/socket.c:2264 [inline]
 __se_sys_recvfrom net/socket.c:2260 [inline]
 __x64_sys_recvfrom+0x126/0x1d0 net/socket.c:2260
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x44/0x110 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x63/0x6b

Uninit was created at:
 slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768
 slab_alloc_node mm/slub.c:3478 [inline]
 kmem_cache_alloc_node+0x5e9/0xb10 mm/slub.c:3523
 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:560
 __alloc_skb+0x318/0x740 net/core/skbuff.c:651
 alloc_skb include/linux/skbuff.h:1286 [inline]
 tipc_tlv_alloc net/tipc/netlink_compat.c:156 [inline]
 tipc_get_err_tlv+0x83/0x5a0 net/tipc/netlink_compat.c:170
 tipc_nl_compat_recv+0x1035/0x15f0 net/tipc/netlink_compat.c:1324
 genl_family_rcv_msg_doit net/netlink/genetlink.c:972 [inline]
 genl_family_rcv_msg net/netlink/genetlink.c:1052 [inline]
 genl_rcv_msg+0x11ec/0x1290 net/netlink/genetlink.c:1067
 netlink_rcv_skb+0x371/0x650 net/netlink/af_netlink.c:2545
 genl_rcv+0x40/0x60 net/netlink/genetlink.c:1076
 netlink_unicast_kernel net/netlink/af_netlink.c:1342 [inline]
 netlink_unicast+0xf47/0x1250 net/netlink/af_netlink.c:1368
 netlink_sendmsg+0x1238/0x13d0 net/netlink/af_netlink.c:1910
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg net/socket.c:745 [inline]
 ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2588
 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2642
 __sys_sendmsg net/socket.c:2671 [inline]
 __do_sys_sendmsg net/socket.c:2680 [inline]
 __se_sys_sendmsg net/socket.c:2678 [inline]
 __x64_sys_sendmsg+0x307/0x490 net/socket.c:2678
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x44/0x110 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x63/0x6b

Bytes 34-35 of 36 are uninitialized
Memory access of size 36 starts at ffff8881152e5680
Data copied to user address 00007ffc9a4a12a0

CPU: 0 PID: 5006 Comm: syz-executor286 Not tainted 6.6.0-syzkaller-12401-g8f6f76a6a29f #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
=====================================================

Crashes (126):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/11/04 02:11 upstream 8f6f76a6a29f 500bfdc4 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: kernel-infoleak in __skb_datagram_iter
2023/12/14 13:30 upstream 5bd7ef53ffe5 3222d10c .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: kernel-infoleak-after-free in __skb_datagram_iter
2024/03/20 13:11 upstream 78c3925c048c a485f239 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in __skb_datagram_iter
2024/03/13 00:21 upstream 855684c7d938 c35c26ec .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in __skb_datagram_iter
2024/03/01 19:35 upstream 87adedeba51a 25905f5d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in __skb_datagram_iter
2024/02/01 14:40 upstream 9f8413c4a66f 81024119 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in __skb_datagram_iter
2024/01/18 01:02 upstream 9f8413c4a66f 915053c7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in __skb_datagram_iter
2023/12/06 20:14 upstream bee0e7762ad2 e3299f55 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: kernel-infoleak in __skb_datagram_iter
2023/12/06 07:05 upstream bee0e7762ad2 f819d6f7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: kernel-infoleak in __skb_datagram_iter
2023/11/20 10:15 upstream eb3479bc23fa cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: kernel-infoleak in __skb_datagram_iter
2023/11/19 11:37 upstream 037266a5f723 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: kernel-infoleak in __skb_datagram_iter
2023/11/18 21:40 upstream 23dfa043f6d5 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: kernel-infoleak in __skb_datagram_iter
2023/11/16 11:34 upstream c42d9eeef8e5 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: kernel-infoleak in __skb_datagram_iter
2023/11/16 08:24 upstream c42d9eeef8e5 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: kernel-infoleak in __skb_datagram_iter
2023/11/16 06:31 upstream c42d9eeef8e5 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: kernel-infoleak in __skb_datagram_iter
2023/11/16 04:18 upstream c42d9eeef8e5 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: kernel-infoleak in __skb_datagram_iter
2023/11/16 00:50 upstream c42d9eeef8e5 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: kernel-infoleak in __skb_datagram_iter
2023/11/15 17:10 upstream 86d11b0e20c0 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: kernel-infoleak in __skb_datagram_iter
2023/11/15 14:43 upstream 86d11b0e20c0 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: kernel-infoleak in __skb_datagram_iter
2023/11/15 09:23 upstream 86d11b0e20c0 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: kernel-infoleak in __skb_datagram_iter
2023/11/15 04:54 upstream 9bacdd8996c7 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: kernel-infoleak in __skb_datagram_iter
2023/11/15 00:33 upstream 9bacdd8996c7 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: kernel-infoleak in __skb_datagram_iter
2023/11/14 21:45 upstream 9bacdd8996c7 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: kernel-infoleak in __skb_datagram_iter
2023/11/14 19:56 upstream 9bacdd8996c7 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: kernel-infoleak in __skb_datagram_iter
2023/11/14 18:09 upstream 9bacdd8996c7 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: kernel-infoleak in __skb_datagram_iter
2023/11/14 14:33 upstream 9bacdd8996c7 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: kernel-infoleak in __skb_datagram_iter
2023/11/14 08:20 upstream 9bacdd8996c7 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: kernel-infoleak in __skb_datagram_iter
2023/11/14 05:40 upstream 9bacdd8996c7 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: kernel-infoleak in __skb_datagram_iter
2023/11/14 04:10 upstream 9bacdd8996c7 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: kernel-infoleak in __skb_datagram_iter
2023/11/14 00:28 upstream 9bacdd8996c7 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: kernel-infoleak in __skb_datagram_iter
2023/11/13 11:56 upstream b85ea95d0864 6d6dbf8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: kernel-infoleak in __skb_datagram_iter
2023/11/13 07:37 upstream b57b17e88bf5 6d6dbf8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: kernel-infoleak in __skb_datagram_iter
2023/11/13 03:47 upstream b57b17e88bf5 6d6dbf8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: kernel-infoleak in __skb_datagram_iter
2023/11/13 01:31 upstream b57b17e88bf5 6d6dbf8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: kernel-infoleak in __skb_datagram_iter
2023/11/12 14:37 upstream 1b907d050735 6d6dbf8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: kernel-infoleak in __skb_datagram_iter
2023/11/12 12:53 upstream 1b907d050735 6d6dbf8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: kernel-infoleak in __skb_datagram_iter
2024/03/25 04:19 upstream 5e74df2f8f15 0ea90952 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in __skb_datagram_iter
2024/03/16 21:45 upstream 66a27abac311 d615901c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in __skb_datagram_iter
2024/02/06 01:22 upstream 9f8413c4a66f 4e988e80 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in __skb_datagram_iter
2024/02/03 00:19 upstream 9f8413c4a66f 60bf9982 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in __skb_datagram_iter
2024/01/24 13:05 upstream 9f8413c4a66f 1e153dc8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in __skb_datagram_iter
2024/01/13 21:46 upstream 9f8413c4a66f 551587c1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in __skb_datagram_iter
2024/01/10 04:25 upstream 9f8413c4a66f b438bd66 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in __skb_datagram_iter
2024/01/06 01:06 upstream 6d0dc8559c84 d0304e9c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in __skb_datagram_iter
2024/01/04 19:42 upstream ac865f00af29 28c42cff .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in __skb_datagram_iter
2023/12/25 17:54 upstream 861deac3b092 fb427a07 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in __skb_datagram_iter
2023/12/23 02:47 upstream 5414aea7b750 fb427a07 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in __skb_datagram_iter
2023/12/21 05:34 upstream 1a44b0073b92 4f9530a3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in __skb_datagram_iter
2023/12/19 15:31 upstream 2cf4f94d8e86 3ad490ea .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in __skb_datagram_iter
2023/12/19 14:27 upstream 2cf4f94d8e86 3ad490ea .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in __skb_datagram_iter
2023/11/21 04:29 upstream 98b1cc82c4af cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in __skb_datagram_iter
2023/11/19 16:35 upstream 037266a5f723 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in __skb_datagram_iter
2023/11/16 12:40 upstream c42d9eeef8e5 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in __skb_datagram_iter
2023/12/14 11:26 upstream 5bd7ef53ffe5 3222d10c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: kernel-infoleak-after-free in __skb_datagram_iter
2024/02/05 20:55 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 41bccc98fb79 4e988e80 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in __skb_datagram_iter
* Struck through repros no longer work on HEAD.