syzbot


KMSAN: kernel-infoleak in sys_name_to_handle_at (3)

Status: closed as invalid on 2023/12/22 15:49
Subsystems: nfs
[Documentation on labels]
First crash: 285d, last: 285d
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: kernel-infoleak in sys_name_to_handle_at (2) nfs 3 415d 476d 0/27 auto-obsoleted due to no activity on 2023/09/11 04:32
upstream KMSAN: kernel-infoleak in sys_name_to_handle_at nfs 2 583d 577d 0/27 auto-obsoleted due to no activity on 2023/03/17 17:26
upstream KMSAN: kernel-infoleak in sys_name_to_handle_at (4) nfs C 7 141d 190d 26/27 fixed on 2024/04/10 03:59

Sample crash report:
=====================================================
BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]
BUG: KMSAN: kernel-infoleak in _copy_to_user+0xbc/0x100 lib/usercopy.c:40
 instrument_copy_to_user include/linux/instrumented.h:114 [inline]
 _copy_to_user+0xbc/0x100 lib/usercopy.c:40
 copy_to_user include/linux/uaccess.h:191 [inline]
 do_sys_name_to_handle fs/fhandle.c:77 [inline]
 __do_sys_name_to_handle_at fs/fhandle.c:116 [inline]
 __se_sys_name_to_handle_at+0x932/0xb10 fs/fhandle.c:98
 __ia32_sys_name_to_handle_at+0xe3/0x150 fs/fhandle.c:98
 do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]
 __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178
 do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203
 do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246
 entry_SYSENTER_compat_after_hwframe+0x70/0x82

Uninit was created at:
 slab_post_alloc_hook+0x12f/0xb70 mm/slab.h:767
 slab_alloc_node mm/slub.c:3478 [inline]
 __kmem_cache_alloc_node+0x536/0x8d0 mm/slub.c:3517
 __do_kmalloc_node mm/slab_common.c:1022 [inline]
 __kmalloc+0x121/0x3c0 mm/slab_common.c:1036
 kmalloc include/linux/slab.h:603 [inline]
 do_sys_name_to_handle fs/fhandle.c:43 [inline]
 __do_sys_name_to_handle_at fs/fhandle.c:116 [inline]
 __se_sys_name_to_handle_at+0x412/0xb10 fs/fhandle.c:98
 __ia32_sys_name_to_handle_at+0xe3/0x150 fs/fhandle.c:98
 do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]
 __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178
 do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203
 do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246
 entry_SYSENTER_compat_after_hwframe+0x70/0x82

Bytes 18-19 of 20 are uninitialized
Memory access of size 20 starts at ffff8880a3d4ab60
Data copied to user address 0000000020000b00

CPU: 0 PID: 5940 Comm: syz-executor.1 Not tainted 6.6.0-rc5-syzkaller-00055-g1c8b86a3799f #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
=====================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/10/11 15:41 upstream 1c8b86a3799f 83165b57 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in sys_name_to_handle_at
* Struck through repros no longer work on HEAD.