syzbot


KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user (2)

Status: upstream: reported C repro on 2023/10/21 18:49
Subsystems: kernel
[Documentation on labels]
Reported-by: syzbot+cfc08744435c4cf94a40@syzkaller.appspotmail.com
First crash: 362d, last: 3h33m
Discussions (3)
Title Replies (including bot) Last reply
[syzbot] [kernel?] KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user (2) 1 (5) 2024/03/24 09:13
[PATCH] ptrace: fix kernel-infoleak-after-free in copy_siginfo_to_user 1 (1) 2023/12/31 02:41
Re: [syzbot] [kernel?] KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user (2) 1 (1) 2023/12/25 07:16
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user kernel 6 787d 830d 0/28 auto-obsoleted due to no activity on 2022/11/12 22:39
upstream KMSAN: kernel-infoleak in copy_siginfo_to_user (2) kernel C 15 1947d 1977d 12/28 fixed on 2019/07/10 21:40
upstream KMSAN: kernel-infoleak in copy_siginfo_to_user kernel C 779 1989d 2284d 0/28 closed as invalid on 2019/05/03 14:05
Last patch testing requests (11)
Created Duration User Patch Repo Result
2024/07/05 06:13 22m retest repro upstream error
2024/07/05 06:13 22m retest repro upstream error
2024/07/05 06:13 22m retest repro upstream error
2024/07/05 06:13 22m retest repro upstream error
2024/07/05 06:13 22m retest repro upstream error
2024/07/04 05:43 23m retest repro upstream error
2024/07/04 05:43 24m retest repro upstream error
2024/07/04 05:43 23m retest repro upstream error
2024/07/04 05:43 25m retest repro upstream error
2024/07/04 05:43 23m retest repro upstream error
2023/12/31 01:51 22m eadavis@qq.com patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 861deac3b092 OK log

Sample crash report:
=====================================================
BUG: KMSAN: kernel-infoleak-after-free in instrument_copy_to_user include/linux/instrumented.h:114 [inline]
BUG: KMSAN: kernel-infoleak-after-free in _copy_to_user+0xbc/0x110 lib/usercopy.c:40
 instrument_copy_to_user include/linux/instrumented.h:114 [inline]
 _copy_to_user+0xbc/0x110 lib/usercopy.c:40
 copy_to_user include/linux/uaccess.h:191 [inline]
 copy_siginfo_to_user+0x40/0x130 kernel/signal.c:3380
 ptrace_request+0xfa7/0x36e0 kernel/ptrace.c:1046
 arch_ptrace+0x43b/0x680 arch/x86/kernel/ptrace.c:848
 __do_sys_ptrace kernel/ptrace.c:1285 [inline]
 __se_sys_ptrace+0x2d8/0x760 kernel/ptrace.c:1258
 __x64_sys_ptrace+0xbd/0x110 kernel/ptrace.c:1258
 do_syscall_64+0xd5/0x1f0
 entry_SYSCALL_64_after_hwframe+0x6d/0x75

Uninit was stored to memory at:
 copy_siginfo include/linux/signal.h:18 [inline]
 ptrace_getsiginfo kernel/ptrace.c:685 [inline]
 ptrace_request+0xf33/0x36e0 kernel/ptrace.c:1044
 arch_ptrace+0x43b/0x680 arch/x86/kernel/ptrace.c:848
 __do_sys_ptrace kernel/ptrace.c:1285 [inline]
 __se_sys_ptrace+0x2d8/0x760 kernel/ptrace.c:1258
 __x64_sys_ptrace+0xbd/0x110 kernel/ptrace.c:1258
 do_syscall_64+0xd5/0x1f0
 entry_SYSCALL_64_after_hwframe+0x6d/0x75

Uninit was stored to memory at:
 copy_siginfo include/linux/signal.h:18 [inline]
 collect_signal kernel/signal.c:587 [inline]
 __dequeue_signal+0x501/0xad0 kernel/signal.c:616
 dequeue_signal+0x14b/0xb20 kernel/signal.c:639
 get_signal+0xb46/0x2d00 kernel/signal.c:2790
 arch_do_signal_or_restart+0x53/0xcb0 arch/x86/kernel/signal.c:310
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x5d/0x160 kernel/entry/common.c:218
 do_syscall_64+0xe4/0x1f0 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x6d/0x75

Uninit was created at:
 slab_free_hook mm/slub.c:2073 [inline]
 slab_free mm/slub.c:4280 [inline]
 kmem_cache_free+0x257/0xa80 mm/slub.c:4344
 __sigqueue_free kernel/signal.c:451 [inline]
 collect_signal kernel/signal.c:594 [inline]
 __dequeue_signal+0xa58/0xad0 kernel/signal.c:616
 dequeue_signal+0x14b/0xb20 kernel/signal.c:639
 get_signal+0xb46/0x2d00 kernel/signal.c:2790
 arch_do_signal_or_restart+0x53/0xcb0 arch/x86/kernel/signal.c:310
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x5d/0x160 kernel/entry/common.c:218
 do_syscall_64+0xe4/0x1f0 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x6d/0x75

Bytes 12-15 of 48 are uninitialized
Memory access of size 48 starts at ffff8881240cfc60
Data copied to user address 0000000014dcf540

CPU: 1 PID: 5012 Comm: strace-static-x Not tainted 6.8.0-syzkaller-13213-g70293240c5ce #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
=====================================================

Crashes (2207):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/03/24 09:12 upstream 70293240c5ce 0ea90952 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/06/04 02:31 upstream 614da38e2f7a 0aba2352 .config console log report syz / log [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/04/25 18:06 upstream e88c4cfcb7b8 8bdc0f22 .config strace log report syz [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/03/21 00:20 upstream a4145ce1e7bc 5b7d42ae .config strace log report syz [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/03/16 20:25 upstream 66a27abac311 d615901c .config strace log report syz [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/03/12 04:02 upstream 8ede842f669b 6ee49f2e .config strace log report syz [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/03/11 15:10 upstream e8f897f4afef 6ee49f2e .config strace log report syz [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/02/25 06:07 upstream f2e367d6ad3b 8d446f15 .config strace log report syz [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/01/22 18:22 upstream 9f8413c4a66f 9bd8dcda .config strace log report syz [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/01/16 01:26 upstream 9f8413c4a66f 2a7bcc7f .config strace log report syz [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/01/11 20:22 upstream 9f8413c4a66f 00f3cc59 .config strace log report syz [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/01/10 11:25 upstream 9f8413c4a66f b438bd66 .config strace log report syz [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/01/08 05:03 upstream 0dd3ee311255 d0304e9c .config strace log report syz [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/01/05 18:06 upstream 1f874787ed9a 28c42cff .config strace log report syz [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/01/03 14:13 upstream 610a9b8f49fb fb427a07 .config strace log report syz [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/01/03 00:51 upstream 610a9b8f49fb fb427a07 .config strace log report syz [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/01/02 16:13 upstream 610a9b8f49fb fb427a07 .config strace log report syz [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2023/12/28 00:59 upstream fbafc3e621c3 fb427a07 .config strace log report syz [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2023/12/27 16:54 upstream fbafc3e621c3 fb427a07 .config strace log report syz [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2023/12/25 22:15 upstream 861deac3b092 fb427a07 .config strace log report syz [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/03/11 17:52 upstream e8f897f4afef 6ee49f2e .config console log report syz [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/01/30 11:52 upstream 9f8413c4a66f 991a98f4 .config console log report syz [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/10/09 20:02 upstream 75b607fab38d 0278d004 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/10/08 07:06 upstream 87d6aab2389e 402f1df0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/10/07 21:50 upstream 87d6aab2389e d7906eff .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/10/05 21:04 upstream 27cc6fdf7201 d7906eff .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/10/05 16:23 upstream 27cc6fdf7201 d7906eff .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/10/05 12:07 upstream 27cc6fdf7201 d7906eff .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/10/05 05:10 upstream 360c1f1f24c6 d7906eff .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/10/01 10:10 upstream e32cde8d2bd7 bbd4e0a4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/09/26 13:56 upstream aa486552a110 0d19f247 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/09/23 22:46 upstream de5cb0dcb74c 89298aad .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/09/20 10:21 upstream 2004cef11ea0 6f888b75 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/09/20 03:30 upstream 839c4f596f89 6f888b75 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/09/20 01:08 upstream 839c4f596f89 6f888b75 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/09/15 14:07 upstream 0babf683783d 08d8a733 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/09/13 23:36 upstream e936e7d4a83b 158f4851 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/09/12 08:15 upstream 7c6a3a65ace7 d94c83d8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/09/12 03:44 upstream 7c6a3a65ace7 d94c83d8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/09/08 15:00 upstream d1f2d51b711a 9750182a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/09/08 09:15 upstream d1f2d51b711a 9750182a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/09/07 11:25 upstream b31c44928842 9750182a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/09/07 07:46 upstream b31c44928842 9750182a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/09/04 06:07 upstream 88fac17500f4 9d47f20a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/08/29 15:23 upstream 928f79a188aa ef3de9e8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/08/27 02:01 upstream 5be63fc19fca 9aee4e0b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/08/25 07:59 upstream 48fb4b3d9b43 d7d32352 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/08/25 01:14 upstream d2bafcf224f3 d7d32352 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/08/24 11:40 upstream d2bafcf224f3 d7d32352 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/08/19 03:14 upstream c3f2d783a459 dbc93b08 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/08/16 01:28 upstream e724918b3786 e4bacdaf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/08/14 23:58 upstream 9d5906799f7d e4bacdaf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/08/13 22:05 upstream 6b4aa469f049 f21a18ca .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/08/13 14:51 upstream d74da846046a f21a18ca .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/08/13 05:32 upstream d74da846046a 7b0f4b46 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/08/12 11:52 upstream 7c626ce4bae1 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/08/12 06:58 upstream 7006fe2f7f78 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/08/11 19:59 upstream 5189dafa4cf9 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/08/11 02:35 upstream 34ac1e82e5a7 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/08/10 22:11 upstream 34ac1e82e5a7 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/08/09 02:15 upstream cf6d429eb656 61405512 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/08/08 00:52 upstream d4560686726f 7b2f2f35 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/08/06 21:56 upstream eb5e56d14912 e1bdb00a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/06/14 13:10 upstream 101b7a97143a a9616ff5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2023/12/19 21:48 upstream 2cf4f94d8e86 3ad490ea .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2023/10/19 22:11 upstream dd72f9c7e512 42e1d524 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2023/10/13 09:10 upstream ce583d5fb9d3 6388bc36 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
2024/09/11 09:58 upstream 8d8d276ba2fb 9326a104 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in copy_siginfo_to_user
2024/09/08 21:09 upstream 5dadc1be8fc5 9750182a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in copy_siginfo_to_user
2024/08/12 07:08 upstream 7006fe2f7f78 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in copy_siginfo_to_user
2024/08/09 11:23 upstream ee9a43b7cfe2 61405512 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in copy_siginfo_to_user
2024/08/09 04:05 upstream cf6d429eb656 61405512 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in copy_siginfo_to_user
* Struck through repros no longer work on HEAD.