syzbot

 sign-in | mailing list | source | docs
🐞 Open [106] 🐞 Fixed [1] 🐞 Invalid [166] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

BUG: bad usercopy in bpf_test_finish

Status: public: reported C repro on 2019/04/11 00:00
Reported-by: syzbot+e66c653e09028663e541@syzkaller.appspotmail.com
First crash: 2073d, last: 1692d

Sample crash report:
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
usercopy: kernel memory exposure attempt detected from ffff8801c01ffff2 (mm_struct) (57692 bytes)
------------[ cut here ]------------
kernel BUG at mm/usercopy.c:72!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI
Dumping ftrace buffer:
   (ftrace buffer empty)
Modules linked in:
CPU: 1 PID: 1967 Comm: syz-executor898 Not tainted 4.14.67+ #1
task: ffff8801c0088000 task.stack: ffff8801c02d0000
RIP: 0010:report_usercopy mm/usercopy.c:64 [inline]
RIP: 0010:__check_object_size+0x311/0x3a2 mm/usercopy.c:264
RSP: 0018:ffff8801c02d7b58 EFLAGS: 00010282
RAX: 0000000000000061 RBX: 000000000000e15c RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff9ca69c00 RDI: ffffffff9e5ce3a0
RBP: ffff8801c01ffff2 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff9cabfbe0
R13: 0000000000000001 R14: ffffffff9cabfba0 R15: ffffea0007007e00
FS:  0000000001d2a880(0000) GS:ffff8801dbb00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055957da85470 CR3: 00000001c44de003 CR4: 00000000001606a0
Call Trace:
 check_object_size include/linux/thread_info.h:108 [inline]
 check_copy_size include/linux/thread_info.h:139 [inline]
 copy_to_user include/linux/uaccess.h:154 [inline]
 bpf_test_finish.isra.0+0xba/0x190 net/bpf/test_run.c:59
 bpf_prog_test_run_skb+0x4d0/0x8c0 net/bpf/test_run.c:144
 bpf_prog_test_run kernel/bpf/syscall.c:1330 [inline]
 SYSC_bpf kernel/bpf/syscall.c:1602 [inline]
 SyS_bpf+0x79d/0x3640 kernel/bpf/syscall.c:1547
 do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x440259
RSP: 002b:00007fffaf77e3e8 EFLAGS: 00000213 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440259
RDX: 0000000000000028 RSI: 00000000200001c0 RDI: 000000000000000a
RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
R10: 0000000000000000 R11: 0000000000000213 R12: 0000000000401ae0
R13: 0000000000401b70 R14: 0000000000000000 R15: 0000000000000000
Code: fb ab 9c 4c 0f 45 e2 e8 be d6 db ff 48 8b 04 24 49 89 d9 48 89 e9 4c 89 f2 4c 89 e6 48 c7 c7 20 fc ab 9c 49 89 c0 e8 5a 1b cd ff <0f> 0b 4c 89 ff e8 55 cf fd ff e9 09 fe ff ff 4c 89 ff e8 48 cf 
RIP: report_usercopy mm/usercopy.c:64 [inline] RSP: ffff8801c02d7b58
RIP: __check_object_size+0x311/0x3a2 mm/usercopy.c:264 RSP: ffff8801c02d7b58
---[ end trace a8a7bbaf3c5ad891 ]---

Crashes (341):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/09/01 05:01 android-4.14 47350a9f13c6 a4718693 .config console log report syz C ci-android-414-kasan-gce-root
2018/08/30 13:51 android-4.14 47350a9f13c6 938220fd .config console log report syz C ci-android-414-kasan-gce-root
2019/09/15 06:00 android-4.14 f02af7b02c26 32d59357 .config console log report ci-android-414-kasan-gce-root
2019/09/08 13:30 android-4.14 4eccd8013349 a60cb4cd .config console log report ci-android-414-kasan-gce-root
2019/09/07 21:49 android-4.14 4eccd8013349 a60cb4cd .config console log report ci-android-414-kasan-gce-root
2019/09/05 04:51 android-4.14 38733badc0e6 040fda58 .config console log report ci-android-414-kasan-gce-root
2019/08/29 08:09 android-4.14 987732fcbbe3 fd37b39e .config console log report ci-android-414-kasan-gce-root
2019/08/26 07:38 android-4.14 f5189d4af2b5 d21c5d9d .config console log report ci-android-414-kasan-gce-root
2019/08/25 01:43 android-4.14 a48da8903efa d21c5d9d .config console log report ci-android-414-kasan-gce-root
2019/08/23 21:48 android-4.14 a48da8903efa 78ded196 .config console log report ci-android-414-kasan-gce-root
2019/08/21 05:45 android-4.14 e204fa49a029 4ea67ff8 .config console log report ci-android-414-kasan-gce-root
2019/08/19 21:24 android-4.14 5d8bfdf81cde ee12860b .config console log report ci-android-414-kasan-gce-root
2019/08/19 19:17 android-4.14 5d8bfdf81cde ee12860b .config console log report ci-android-414-kasan-gce-root
2019/08/19 09:09 android-4.14 5d8bfdf81cde b8ceabfc .config console log report ci-android-414-kasan-gce-root
2019/08/07 12:40 android-4.14 b9cd593b1ba7 cdde7486 .config console log report ci-android-414-kasan-gce-root
2019/08/06 06:20 android-4.14 889977e308d1 6affd8e8 .config console log report ci-android-414-kasan-gce-root
2019/08/05 03:43 android-4.14 20c71e6d5a16 6affd8e8 .config console log report ci-android-414-kasan-gce-root
2019/07/28 14:42 android-4.14 54fa720a6f32 c85e1c5b .config console log report ci-android-414-kasan-gce-root
2018/12/15 20:37 android-4.14 4ee7197c44f6 def91db3 .config console log report ci-android-414-kasan-gce-root
2018/12/14 22:38 android-4.14 4ee7197c44f6 7624ddd6 .config console log report ci-android-414-kasan-gce-root
2018/11/25 15:04 android-4.14 ea91d158d712 3d3ec907 .config console log report ci-android-414-kasan-gce-root
2018/11/24 14:30 android-4.14 ea91d158d712 ecc7c870 .config console log report ci-android-414-kasan-gce-root
2018/11/24 02:40 android-4.14 ea91d158d712 eb9ed731 .config console log report ci-android-414-kasan-gce-root
2018/11/24 00:55 android-4.14 ea91d158d712 eb9ed731 .config console log report ci-android-414-kasan-gce-root
2018/11/22 18:59 android-4.14 d8dce63b0484 2ee77802 .config console log report ci-android-414-kasan-gce-root
2018/11/21 04:30 android-4.14 4e76528bd48d 9aca6b52 .config console log report ci-android-414-kasan-gce-root
2018/11/20 21:30 android-4.14 4e76528bd48d 9aca6b52 .config console log report ci-android-414-kasan-gce-root
2018/11/20 14:26 android-4.14 4e76528bd48d 9bc2a903 .config console log report ci-android-414-kasan-gce-root
2018/11/20 13:25 android-4.14 4e76528bd48d 9bc2a903 .config console log report ci-android-414-kasan-gce-root
2018/11/20 11:41 android-4.14 4e76528bd48d 9bc2a903 .config console log report ci-android-414-kasan-gce-root
2018/11/18 20:57 android-4.14 4e76528bd48d adf636a8 .config console log report ci-android-414-kasan-gce-root
2018/11/18 19:31 android-4.14 4e76528bd48d adf636a8 .config console log report ci-android-414-kasan-gce-root
2018/11/18 07:51 android-4.14 4e76528bd48d adf636a8 .config console log report ci-android-414-kasan-gce-root
2018/11/18 06:35 android-4.14 4e76528bd48d adf636a8 .config console log report ci-android-414-kasan-gce-root
2018/11/17 14:49 android-4.14 4e76528bd48d b08ee62a .config console log report ci-android-414-kasan-gce-root
2018/11/17 12:17 android-4.14 4e76528bd48d b08ee62a .config console log report ci-android-414-kasan-gce-root
2018/11/17 04:57 android-4.14 4e76528bd48d b08ee62a .config console log report ci-android-414-kasan-gce-root
2018/11/16 08:36 android-4.14 4e76528bd48d f5e275d1 .config console log report ci-android-414-kasan-gce-root
2018/11/16 03:59 android-4.14 4e76528bd48d 3a41052e .config console log report ci-android-414-kasan-gce-root
2018/11/15 23:10 android-4.14 4e76528bd48d 3a41052e .config console log report ci-android-414-kasan-gce-root
2018/11/15 19:53 android-4.14 4e76528bd48d 3a41052e .config console log report ci-android-414-kasan-gce-root
2018/11/15 15:44 android-4.14 4e76528bd48d 5f5f6d14 .config console log report ci-android-414-kasan-gce-root
2018/11/15 13:51 android-4.14 4e76528bd48d 5f5f6d14 .config console log report ci-android-414-kasan-gce-root
2018/08/30 03:28 android-4.14 47350a9f13c6 6c7e9d3d .config console log report ci-android-414-kasan-gce-root
* Struck through repros no longer work on HEAD.