syzbot


KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user (2)

Status: upstream: reported C repro on 2023/10/21 18:49
Subsystems: kernel
[Documentation on labels]
Reported-by: syzbot+cfc08744435c4cf94a40@syzkaller.appspotmail.com
First crash: 218d, last: 50m
Discussions (3)
Title Replies (including bot) Last reply
[syzbot] [kernel?] KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user (2) 1 (5) 2024/03/24 09:13
[PATCH] ptrace: fix kernel-infoleak-after-free in copy_siginfo_to_user 1 (1) 2023/12/31 02:41
Re: [syzbot] [kernel?] KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user (2) 1 (1) 2023/12/25 07:16
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user kernel 6 642d 686d 0/26 auto-obsoleted due to no activity on 2022/11/12 22:39
upstream KMSAN: kernel-infoleak in copy_siginfo_to_user (2) kernel C 15 1803d 1833d 12/26 fixed on 2019/07/10 21:40
upstream KMSAN: kernel-infoleak in copy_siginfo_to_user kernel C 779 1845d 2140d 0/26 closed as invalid on 2019/05/03 14:05
Last patch testing requests (1)
Created Duration User Patch Repo Result
2023/12/31 01:51 22m eadavis@qq.com patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 861deac3b092 OK log

Sample crash report:
=====================================================
BUG: KMSAN: kernel-infoleak-after-free in instrument_copy_to_user include/linux/instrumented.h:114 [inline]
BUG: KMSAN: kernel-infoleak-after-free in _copy_to_user+0xbc/0x110 lib/usercopy.c:40
 instrument_copy_to_user include/linux/instrumented.h:114 [inline]
 _copy_to_user+0xbc/0x110 lib/usercopy.c:40
 copy_to_user include/linux/uaccess.h:191 [inline]
 copy_siginfo_to_user+0x40/0x130 kernel/signal.c:3380
 ptrace_request+0xfa7/0x36e0 kernel/ptrace.c:1046
 arch_ptrace+0x43b/0x680 arch/x86/kernel/ptrace.c:848
 __do_sys_ptrace kernel/ptrace.c:1285 [inline]
 __se_sys_ptrace+0x2d8/0x760 kernel/ptrace.c:1258
 __x64_sys_ptrace+0xbd/0x110 kernel/ptrace.c:1258
 do_syscall_64+0xd5/0x1f0
 entry_SYSCALL_64_after_hwframe+0x6d/0x75

Uninit was stored to memory at:
 copy_siginfo include/linux/signal.h:18 [inline]
 ptrace_getsiginfo kernel/ptrace.c:685 [inline]
 ptrace_request+0xf33/0x36e0 kernel/ptrace.c:1044
 arch_ptrace+0x43b/0x680 arch/x86/kernel/ptrace.c:848
 __do_sys_ptrace kernel/ptrace.c:1285 [inline]
 __se_sys_ptrace+0x2d8/0x760 kernel/ptrace.c:1258
 __x64_sys_ptrace+0xbd/0x110 kernel/ptrace.c:1258
 do_syscall_64+0xd5/0x1f0
 entry_SYSCALL_64_after_hwframe+0x6d/0x75

Uninit was stored to memory at:
 copy_siginfo include/linux/signal.h:18 [inline]
 collect_signal kernel/signal.c:587 [inline]
 __dequeue_signal+0x501/0xad0 kernel/signal.c:616
 dequeue_signal+0x14b/0xb20 kernel/signal.c:639
 get_signal+0xb46/0x2d00 kernel/signal.c:2790
 arch_do_signal_or_restart+0x53/0xcb0 arch/x86/kernel/signal.c:310
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x5d/0x160 kernel/entry/common.c:218
 do_syscall_64+0xe4/0x1f0 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x6d/0x75

Uninit was created at:
 slab_free_hook mm/slub.c:2073 [inline]
 slab_free mm/slub.c:4280 [inline]
 kmem_cache_free+0x257/0xa80 mm/slub.c:4344
 __sigqueue_free kernel/signal.c:451 [inline]
 collect_signal kernel/signal.c:594 [inline]
 __dequeue_signal+0xa58/0xad0 kernel/signal.c:616
 dequeue_signal+0x14b/0xb20 kernel/signal.c:639
 get_signal+0xb46/0x2d00 kernel/signal.c:2790
 arch_do_signal_or_restart+0x53/0xcb0 arch/x86/kernel/signal.c:310
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x5d/0x160 kernel/entry/common.c:218
 do_syscall_64+0xe4/0x1f0 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x6d/0x75

Bytes 12-15 of 48 are uninitialized
Memory access of size 48 starts at ffff8881240cfc60
Data copied to user address 0000000014dcf540

CPU: 1 PID: 5012 Comm: strace-static-x Not tainted 6.8.0-syzkaller-13213-g70293240c5ce #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
=====================================================

Crashes (1298):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/03/24 09:12 upstream 70293240c5ce 0ea90952 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/04/25 18:06 upstream e88c4cfcb7b8 8bdc0f22 .config strace log report syz [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/03/21 00:20 upstream a4145ce1e7bc 5b7d42ae .config strace log report syz [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/03/16 20:25 upstream 66a27abac311 d615901c .config strace log report syz [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/03/12 04:02 upstream 8ede842f669b 6ee49f2e .config strace log report syz [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/03/11 15:10 upstream e8f897f4afef 6ee49f2e .config strace log report syz [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/02/25 06:07 upstream f2e367d6ad3b 8d446f15 .config strace log report syz [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/01/22 18:22 upstream 9f8413c4a66f 9bd8dcda .config strace log report syz [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/01/16 01:26 upstream 9f8413c4a66f 2a7bcc7f .config strace log report syz [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/01/11 20:22 upstream 9f8413c4a66f 00f3cc59 .config strace log report syz [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/01/10 11:25 upstream 9f8413c4a66f b438bd66 .config strace log report syz [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/01/08 05:03 upstream 0dd3ee311255 d0304e9c .config strace log report syz [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/01/05 18:06 upstream 1f874787ed9a 28c42cff .config strace log report syz [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/01/03 14:13 upstream 610a9b8f49fb fb427a07 .config strace log report syz [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/01/03 00:51 upstream 610a9b8f49fb fb427a07 .config strace log report syz [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/01/02 16:13 upstream 610a9b8f49fb fb427a07 .config strace log report syz [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2023/12/28 00:59 upstream fbafc3e621c3 fb427a07 .config strace log report syz [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2023/12/27 16:54 upstream fbafc3e621c3 fb427a07 .config strace log report syz [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2023/12/25 22:15 upstream 861deac3b092 fb427a07 .config strace log report syz [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/03/11 17:52 upstream e8f897f4afef 6ee49f2e .config console log report syz [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/01/30 11:52 upstream 9f8413c4a66f 991a98f4 .config console log report syz [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/05/18 19:27 upstream 614da38e2f7a c0f1611a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/05/18 15:48 upstream 614da38e2f7a c0f1611a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/05/18 12:55 upstream 614da38e2f7a c0f1611a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/05/18 12:55 upstream 614da38e2f7a c0f1611a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/05/18 05:32 upstream 614da38e2f7a c0f1611a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/05/17 21:29 upstream 614da38e2f7a a12e99e7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/05/17 07:48 upstream 614da38e2f7a c2e07261 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/05/17 06:23 upstream 614da38e2f7a c2e07261 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/05/17 02:58 upstream 614da38e2f7a c2e07261 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/05/16 21:53 upstream 614da38e2f7a ef5d53ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/05/16 19:38 upstream 614da38e2f7a ef5d53ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/05/16 16:33 upstream 614da38e2f7a ef5d53ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/05/16 11:34 upstream 614da38e2f7a ef5d53ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/05/16 09:14 upstream 614da38e2f7a ef5d53ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/05/16 05:51 upstream 614da38e2f7a ef5d53ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/05/16 03:28 upstream 614da38e2f7a 0b3dad46 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/05/16 01:43 upstream 614da38e2f7a 0b3dad46 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/05/16 00:02 upstream 614da38e2f7a 0b3dad46 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/05/15 22:03 upstream 614da38e2f7a 0b3dad46 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/05/15 05:20 upstream 614da38e2f7a fdb4c10c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/05/14 23:44 upstream 614da38e2f7a fdb4c10c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/05/14 17:35 upstream a5131c3fdf26 fdb4c10c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/05/14 16:16 upstream a5131c3fdf26 fdb4c10c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/05/14 08:42 upstream cd97950cbcab fdb4c10c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/05/14 07:41 upstream cd97950cbcab fdb4c10c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/05/14 05:18 upstream cd97950cbcab fdb4c10c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/05/14 03:06 upstream cd97950cbcab fdb4c10c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/05/14 02:00 upstream cd97950cbcab fdb4c10c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/05/14 00:35 upstream cd97950cbcab fdb4c10c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/05/13 20:55 upstream cd97950cbcab fdb4c10c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/05/13 04:46 upstream ba16c1cf11c9 9026e142 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/05/13 01:16 upstream ba16c1cf11c9 9026e142 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/05/13 00:11 upstream ba16c1cf11c9 9026e142 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/05/12 18:20 upstream ba16c1cf11c9 9026e142 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/05/12 09:38 upstream cf87f46fd34d 9026e142 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/05/18 17:47 upstream 101b7a97143a c0f1611a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/05/18 14:24 upstream 101b7a97143a c0f1611a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/05/17 10:49 upstream 101b7a97143a c2e07261 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/05/16 18:32 upstream 101b7a97143a ef5d53ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/05/16 13:43 upstream 101b7a97143a ef5d53ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/05/15 10:35 upstream 101b7a97143a fdb4c10c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/05/14 22:02 upstream a5131c3fdf26 fdb4c10c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/05/14 19:00 upstream a5131c3fdf26 fdb4c10c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/05/12 12:55 upstream cf87f46fd34d 9026e142 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2023/12/19 21:48 upstream 2cf4f94d8e86 3ad490ea .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2023/10/19 22:11 upstream dd72f9c7e512 42e1d524 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2023/10/13 09:10 upstream ce583d5fb9d3 6388bc36 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/04/28 18:56 upstream 2c8159388952 07b455f9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in copy_siginfo_to_user
* Struck through repros no longer work on HEAD.