syzbot

 sign-in | mailing list | source | docs
🐞 Open [1515]
Subsystems
🐞 Fixed [6487]
🐞 Invalid [16475]
Missing Backports [199]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KMSAN: kernel-infoleak in vmci_host_unlocked_ioctl (3)

Status: upstream: reported C repro on 2025/06/19 23:57
Subsystems: kernel
[Documentation on labels]
Reported-by: syzbot+9b9124ae9b12d5af5d95@syzkaller.appspotmail.com
Fix commit: vmci: Prevent the dispatching of uninitialized payloads vmci: Prevent the dispatching of uninitialized payloads
Patched on: [ci-qemu-gce-upstream-auto ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-snapshot-upstream-root ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-leak ci-upstream-kasan-badwrites-root ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kmsan-gce-386-root ci-upstream-kmsan-gce-root ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci-upstream-rust-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce ci2-upstream-usb], missing on: [ci-qemu-native-arm64-kvm ci-qemu2-riscv64 ci-upstream-gce-arm64 ci-upstream-kasan-gce-smack-root]
First crash: 50d, last: 18d
Discussions (2)
Title Replies (including bot) Last reply
[syzbot] [kernel?] KMSAN: kernel-infoleak in vmci_host_unlocked_ioctl (3) 4 (23) 2025/07/03 08:09
[PATCH] vmci: Prevent the dispatching of uninitialized payloads 2 (2) 2025/07/03 07:53
Similar bugs (2)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: kernel-infoleak in vmci_host_unlocked_ioctl (2) kernel 9 C 2 1042d 1041d 22/29 fixed on 2023/02/24 13:50
upstream KMSAN: kernel-infoleak in vmci_host_unlocked_ioctl kernel 9 C 22 1638d 1722d 19/29 fixed on 2021/03/10 01:48
Last patch testing requests (18)
Created Duration User Patch Repo Result
2025/07/03 08:09 33m lizhi.xu@windriver.com patch upstream OK log
2025/06/27 05:13 30m lizhi.xu@windriver.com patch upstream OK log
2025/06/27 03:26 1h02m lizhi.xu@windriver.com patch upstream report log
2025/06/26 02:49 1h10m lizhi.xu@windriver.com patch upstream OK log
2025/06/26 02:17 46m lizhi.xu@windriver.com patch upstream OK log
2025/06/23 12:29 37m eadavis@qq.com patch upstream OK log
2025/06/23 09:45 2h00m lizhi.xu@windriver.com patch upstream report log
2025/06/23 08:50 23m lizhi.xu@windriver.com patch upstream report log
2025/06/23 08:03 31m lizhi.xu@windriver.com patch upstream OK log
2025/06/23 03:03 1h03m lizhi.xu@windriver.com patch upstream report log
2025/06/22 06:29 30m hdanton@sina.com patch upstream OK log
2025/06/22 04:46 31m hdanton@sina.com patch upstream report log
2025/06/22 02:37 23m eadavis@qq.com patch upstream report log
2025/06/20 06:54 1h13m lizhi.xu@windriver.com patch upstream report log
2025/06/20 06:52 1h51m lizhi.xu@windriver.com patch upstream report log
2025/06/20 05:23 34m lizhi.xu@windriver.com patch upstream report log
2025/06/20 04:21 6m lizhi.xu@windriver.com patch upstream error
2025/06/20 01:03 53m lizhi.xu@windriver.com patch upstream report log

Sample crash report:
=====================================================
BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]
BUG: KMSAN: kernel-infoleak in _inline_copy_to_user include/linux/uaccess.h:196 [inline]
BUG: KMSAN: kernel-infoleak in _copy_to_user+0xcc/0x120 lib/usercopy.c:26
 instrument_copy_to_user include/linux/instrumented.h:114 [inline]
 _inline_copy_to_user include/linux/uaccess.h:196 [inline]
 _copy_to_user+0xcc/0x120 lib/usercopy.c:26
 copy_to_user include/linux/uaccess.h:225 [inline]
 vmci_host_do_receive_datagram drivers/misc/vmw_vmci/vmci_host.c:438 [inline]
 vmci_host_unlocked_ioctl+0x1e7e/0x5200 drivers/misc/vmw_vmci/vmci_host.c:932
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:907 [inline]
 __se_sys_ioctl+0x23c/0x400 fs/ioctl.c:893
 __x64_sys_ioctl+0x97/0xe0 fs/ioctl.c:893
 x64_sys_call+0x1ebe/0x3db0 arch/x86/include/generated/asm/syscalls_64.h:17
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Local variable __x.i.i created at:
 set_xfeature_in_sigframe arch/x86/kernel/fpu/xstate.h:81 [inline]
 save_xstate_epilog arch/x86/kernel/fpu/signal.c:140 [inline]
 copy_fpstate_to_sigframe+0x11f2/0x13d0 arch/x86/kernel/fpu/signal.c:232
 get_sigframe+0xc6a/0x1020 arch/x86/kernel/signal.c:163

Bytes 28-31 of 40 are uninitialized
Memory access of size 40 starts at ffff888131f74080
Data copied to user address 000000000000a4bf

CPU: 1 UID: 0 PID: 5798 Comm: syz-executor419 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(undef) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
=====================================================

Crashes (20):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/06/16 06:38 upstream 08215f5486ec 5f4b362d .config strace log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in vmci_host_unlocked_ioctl
2025/07/18 08:14 upstream 6832a9317eee 0d1223f1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in vmci_host_unlocked_ioctl
2025/07/18 08:14 upstream 6832a9317eee 0d1223f1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in vmci_host_unlocked_ioctl
2025/07/17 22:09 upstream e2291551827f 0d1223f1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in vmci_host_unlocked_ioctl
2025/07/17 22:09 upstream e2291551827f 0d1223f1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in vmci_host_unlocked_ioctl
2025/07/17 18:57 upstream e2291551827f 0d1223f1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in vmci_host_unlocked_ioctl
2025/07/17 18:56 upstream e2291551827f 0d1223f1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in vmci_host_unlocked_ioctl
2025/07/17 18:54 upstream e2291551827f 0d1223f1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in vmci_host_unlocked_ioctl
2025/07/11 10:37 upstream bc9ff192a6c9 3cda49cf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in vmci_host_unlocked_ioctl
2025/06/22 15:55 upstream 739a6c93cc75 d6cdfb8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in vmci_host_unlocked_ioctl
2025/06/22 15:55 upstream 739a6c93cc75 d6cdfb8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in vmci_host_unlocked_ioctl
2025/06/21 08:14 upstream 11313e2f7812 d6cdfb8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in vmci_host_unlocked_ioctl
2025/06/21 08:13 upstream 11313e2f7812 d6cdfb8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in vmci_host_unlocked_ioctl
2025/06/15 23:48 upstream 08215f5486ec 5f4b362d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in vmci_host_unlocked_ioctl
2025/07/18 08:42 upstream 6832a9317eee 0d1223f1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in vmci_host_unlocked_ioctl
2025/07/18 01:26 upstream e2291551827f 0d1223f1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in vmci_host_unlocked_ioctl
2025/07/18 01:26 upstream e2291551827f 0d1223f1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in vmci_host_unlocked_ioctl
2025/07/08 06:41 upstream d7b8f8e20813 4f67c4ae .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in vmci_host_unlocked_ioctl
2025/06/16 02:31 upstream 08215f5486ec 5f4b362d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in vmci_host_unlocked_ioctl
2025/06/16 02:30 upstream 08215f5486ec 5f4b362d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in vmci_host_unlocked_ioctl
* Struck through repros no longer work on HEAD.