syzbot


KMSAN: kernel-infoleak in do_syslog

Status: auto-closed as invalid on 2022/09/07 23:45
Reported-by: syzbot+@syzkaller.appspotmail.com
First crash: 1343d, last: 1135d
Patch testing requests:
Created Duration User Patch Repo Result
2022/09/07 21:27 21m https://github.com/google/kmsan.git master OK log
2022/09/07 18:27 18m https://github.com/google/kmsan.git master OK log
2022/09/07 15:27 18m https://github.com/google/kmsan.git master OK log
2022/09/07 09:27 19m https://github.com/google/kmsan.git master OK log
2022/09/07 06:27 19m https://github.com/google/kmsan.git master OK log
2022/09/07 03:27 18m https://github.com/google/kmsan.git master OK log
2022/09/07 00:27 18m https://github.com/google/kmsan.git master OK log
2022/09/06 19:27 21m https://github.com/google/kmsan.git master OK log
2022/09/06 16:27 19m https://github.com/google/kmsan.git master OK log
2022/09/06 13:27 18m https://github.com/google/kmsan.git master OK log

Sample crash report:
=====================================================
BUG: KMSAN: kernel-infoleak in _copy_to_user+0x16b/0x1f0 lib/usercopy.c:32
CPU: 0 PID: 10954 Comm: rsyslogd Not tainted 5.3.0-rc7+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x191/0x1f0 lib/dump_stack.c:113
 kmsan_report+0x13a/0x2b0 mm/kmsan/kmsan_report.c:108
 kmsan_internal_check_memory+0x187/0x4c0 mm/kmsan/kmsan.c:431
 kmsan_copy_to_user+0xa9/0xb0 mm/kmsan/kmsan_hooks.c:267
 _copy_to_user+0x16b/0x1f0 lib/usercopy.c:32
 copy_to_user include/linux/uaccess.h:174 [inline]
 syslog_print kernel/printk/printk.c:1406 [inline]
 do_syslog+0x2e62/0x3160 kernel/printk/printk.c:1531
 kmsg_read+0x142/0x1a0 fs/proc/kmsg.c:40
 proc_reg_read+0x25f/0x360 fs/proc/inode.c:223
 __vfs_read+0x1a9/0xc90 fs/read_write.c:425
 vfs_read+0x359/0x6f0 fs/read_write.c:461
 ksys_read+0x265/0x430 fs/read_write.c:587
 __do_sys_read fs/read_write.c:597 [inline]
 __se_sys_read+0x92/0xb0 fs/read_write.c:595
 __x64_sys_read+0x4a/0x70 fs/read_write.c:595
 do_syscall_64+0xbc/0xf0 arch/x86/entry/common.c:297
 entry_SYSCALL_64_after_hwframe+0x63/0xe7
RIP: 0033:0x7f27c58021fd
Code: d1 20 00 00 75 10 b8 00 00 00 00 0f 05 48 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e fa ff ff 48 89 04 24 b8 00 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 a7 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01
RSP: 002b:00007f27c2da1e30 EFLAGS: 00000293 ORIG_RAX: 0000000000000000
RAX: ffffffffffffffda RBX: 00000000022f84b0 RCX: 00007f27c58021fd
RDX: 0000000000000fff RSI: 00007f27c45d65a0 RDI: 0000000000000004
RBP: 0000000000000000 R08: 00000000022e3260 R09: 0000000004000001
R10: 0000000000000001 R11: 0000000000000293 R12: 000000000065e420
R13: 00007f27c2da29c0 R14: 00007f27c5e47040 R15: 0000000000000003

Uninit was created at:
 kmsan_save_stack_with_flags mm/kmsan/kmsan.c:150 [inline]
 kmsan_internal_poison_shadow+0x53/0x100 mm/kmsan/kmsan.c:134
 kmsan_slab_alloc+0xaa/0x120 mm/kmsan/kmsan_hooks.c:103
 slab_alloc_node mm/slub.c:2790 [inline]
 slab_alloc mm/slub.c:2799 [inline]
 kmem_cache_alloc_trace+0x8c5/0xd20 mm/slub.c:2816
 kmalloc include/linux/slab.h:552 [inline]
 syslog_print kernel/printk/printk.c:1358 [inline]
 do_syslog+0x263b/0x3160 kernel/printk/printk.c:1531
 kmsg_read+0x142/0x1a0 fs/proc/kmsg.c:40
 proc_reg_read+0x25f/0x360 fs/proc/inode.c:223
 __vfs_read+0x1a9/0xc90 fs/read_write.c:425
 vfs_read+0x359/0x6f0 fs/read_write.c:461
 ksys_read+0x265/0x430 fs/read_write.c:587
 __do_sys_read fs/read_write.c:597 [inline]
 __se_sys_read+0x92/0xb0 fs/read_write.c:595
 __x64_sys_read+0x4a/0x70 fs/read_write.c:595
 do_syscall_64+0xbc/0xf0 arch/x86/entry/common.c:297
 entry_SYSCALL_64_after_hwframe+0x63/0xe7

Byte 113 of 115 is uninitialized
Memory access of size 115 starts at ffff88810e446c00
Data copied to user address 00007f27c45d65a0
=====================================================

Crashes (48):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kmsan-gce 2019/09/29 22:07 https://github.com/google/kmsan.git master 124037e07586 c1ad5441 .config log report syz C
ci-upstream-kmsan-gce 2019/09/21 20:02 https://github.com/google/kmsan.git master cebbfdbcf2b7 d96e88f3 .config log report syz C
ci-upstream-kmsan-gce 2019/08/26 01:23 https://github.com/google/kmsan.git master 61ccdad1fcdf d21c5d9d .config log report syz C
ci-upstream-kmsan-gce 2019/08/05 00:08 https://github.com/google/kmsan.git master beaab8a31e0d 6affd8e8 .config log report syz C
ci-upstream-kmsan-gce 2019/07/29 09:28 https://github.com/google/kmsan.git master beaab8a31e0d c85e1c5b .config log report syz C
ci-upstream-kmsan-gce 2019/07/29 07:58 https://github.com/google/kmsan.git master beaab8a31e0d c85e1c5b .config log report syz C
ci-upstream-kmsan-gce 2019/07/28 20:41 https://github.com/google/kmsan.git master beaab8a31e0d c85e1c5b .config log report syz C
ci-upstream-kmsan-gce 2019/07/28 18:19 https://github.com/google/kmsan.git master beaab8a31e0d c85e1c5b .config log report syz C
ci-upstream-kmsan-gce 2019/07/26 22:30 https://github.com/google/kmsan.git master beaab8a31e0d 3e5d1beb .config log report syz C
ci-upstream-kmsan-gce 2019/07/26 07:28 https://github.com/google/kmsan.git master beaab8a31e0d 732bc5a0 .config log report syz C
ci-upstream-kmsan-gce 2019/10/20 04:54 https://github.com/google/kmsan.git master 3c8ca70889aa 8c88c9c1 .config log report
ci-upstream-kmsan-gce 2019/10/18 10:06 https://github.com/google/kmsan.git master 3c8ca70889aa 8c88c9c1 .config log report
ci-upstream-kmsan-gce 2019/10/18 02:28 https://github.com/google/kmsan.git master 3c8ca70889aa 8c88c9c1 .config log report
ci-upstream-kmsan-gce 2019/10/13 11:53 https://github.com/google/kmsan.git master fa1690255288 2f661ec4 .config log report
ci-upstream-kmsan-gce 2019/10/11 05:19 https://github.com/google/kmsan.git master c38191cb7026 1a3bad90 .config log report
ci-upstream-kmsan-gce 2019/10/10 04:00 https://github.com/google/kmsan.git master dc327ecad3b0 c4b9981b .config log report
ci-upstream-kmsan-gce 2019/10/04 08:10 https://github.com/google/kmsan.git master 1e76a3e537c3 fc17ba49 .config log report
ci-upstream-kmsan-gce 2019/10/03 17:22 https://github.com/google/kmsan.git master 1e76a3e537c3 fc17ba49 .config log report
ci-upstream-kmsan-gce 2019/10/02 18:25 https://github.com/google/kmsan.git master 1e76a3e537c3 2e29b534 .config log report
ci-upstream-kmsan-gce 2019/10/02 14:03 https://github.com/google/kmsan.git master 1e76a3e537c3 2e29b534 .config log report
ci-upstream-kmsan-gce 2019/09/17 02:25 https://github.com/google/kmsan.git master cebbfdbcf2b7 51ca0454 .config log report
ci-upstream-kmsan-gce 2019/09/16 16:30 https://github.com/google/kmsan.git master cebbfdbcf2b7 cb936299 .config log report
ci-upstream-kmsan-gce 2019/09/16 11:56 https://github.com/google/kmsan.git master cebbfdbcf2b7 cb936299 .config log report
ci-upstream-kmsan-gce 2019/09/11 21:56 https://github.com/google/kmsan.git master 014077b5cd62 f4e53c10 .config log report
ci-upstream-kmsan-gce 2019/09/11 21:13 https://github.com/google/kmsan.git master 014077b5cd62 f4e53c10 .config log report
ci-upstream-kmsan-gce 2019/09/10 16:55 https://github.com/google/kmsan.git master 014077b5cd62 a60cb4cd .config log report
ci-upstream-kmsan-gce 2019/09/10 14:33 https://github.com/google/kmsan.git master 014077b5cd62 a60cb4cd .config log report
ci-upstream-kmsan-gce 2019/09/10 09:47 https://github.com/google/kmsan.git master 014077b5cd62 a60cb4cd .config log report
ci-upstream-kmsan-gce 2019/09/10 05:51 https://github.com/google/kmsan.git master 014077b5cd62 a60cb4cd .config log report
ci-upstream-kmsan-gce 2019/09/10 01:16 https://github.com/google/kmsan.git master 014077b5cd62 a60cb4cd .config log report
ci-upstream-kmsan-gce 2019/09/09 23:20 https://github.com/google/kmsan.git master 014077b5cd62 a60cb4cd .config log report
ci-upstream-kmsan-gce 2019/09/09 22:27 https://github.com/google/kmsan.git master 014077b5cd62 a60cb4cd .config log report
ci-upstream-kmsan-gce 2019/09/09 18:54 https://github.com/google/kmsan.git master 014077b5cd62 a60cb4cd .config log report
ci-upstream-kmsan-gce 2019/09/09 18:17 https://github.com/google/kmsan.git master 014077b5cd62 a60cb4cd .config log report
ci-upstream-kmsan-gce 2019/09/09 18:17 https://github.com/google/kmsan.git master 014077b5cd62 a60cb4cd .config log report
ci-upstream-kmsan-gce 2019/09/03 17:19 https://github.com/google/kmsan.git master f8fb621b6c16 48448e71 .config log report
ci-upstream-kmsan-gce 2019/08/29 13:36 https://github.com/google/kmsan.git master 77d232b6aa76 fd37b39e .config log report
ci-upstream-kmsan-gce 2019/08/29 12:24 https://github.com/google/kmsan.git master 77d232b6aa76 fd37b39e .config log report
ci-upstream-kmsan-gce 2019/08/29 01:59 https://github.com/google/kmsan.git master 77d232b6aa76 fd37b39e .config log report
ci-upstream-kmsan-gce 2019/08/25 19:46 https://github.com/google/kmsan.git master 61ccdad1fcdf d21c5d9d .config log report
ci-upstream-kmsan-gce 2019/08/24 01:51 https://github.com/google/kmsan.git master 61ccdad1fcdf 78ded196 .config log report
ci-upstream-kmsan-gce 2019/08/22 02:49 https://github.com/google/kmsan.git master 61ccdad1fcdf 984250d5 .config log report
ci-upstream-kmsan-gce 2019/08/18 12:07 https://github.com/google/kmsan.git master 61ccdad1fcdf 55bf8926 .config log report
ci-upstream-kmsan-gce 2019/08/06 05:24 https://github.com/google/kmsan.git master ae0c578a3cdf 6affd8e8 .config log report
ci-upstream-kmsan-gce 2019/08/06 04:54 https://github.com/google/kmsan.git master ae0c578a3cdf 6affd8e8 .config log report
ci-upstream-kmsan-gce 2019/08/05 23:53 https://github.com/google/kmsan.git master ae0c578a3cdf 6affd8e8 .config log report
ci-upstream-kmsan-gce 2019/08/03 14:06 https://github.com/google/kmsan.git master beaab8a31e0d 6affd8e8 .config log report
ci-upstream-kmsan-gce 2019/03/25 20:16 https://github.com/google/kmsan.git master c10a026b8dee 2c86e0a5 .config log report
* Struck through repros no longer work on HEAD.