syzbot


KMSAN: kernel-infoleak in copyout (2)

Status: upstream: reported C repro on 2020/03/26 17:19
Reported-by: syzbot+fa5414772d5c445dac3c@syzkaller.appspotmail.com
First crash: 1229d, last: 11h36m
similar bugs (5):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: kernel-infoleak in copyout C 1860 1229d 1229d 0/24 closed as invalid on 2019/05/15 17:57
upstream KASAN: wild-memory-access Read in copyout 726 510d 517d 0/24 auto-closed as invalid on 2021/07/03 03:34
upstream KMSAN: kernel-infoleak in _copy_to_iter (7) C 1010 5h34m 201d 23/24 internal: reported C repro on 2022/03/09 07:32
upstream KMSAN: kernel-infoleak in _copy_to_iter (6) C 748 201d 290d 22/24 fixed on 2022/03/08 16:11
upstream KMSAN: uninit-value in ___bpf_prog_run (3) C 5 163d 165d 23/24 internal: reported C repro on 2022/04/14 08:35

Sample crash report:
=====================================================
BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:121 [inline]
BUG: KMSAN: kernel-infoleak in copyout+0xbc/0x100 lib/iov_iter.c:169
 instrument_copy_to_user include/linux/instrumented.h:121 [inline]
 copyout+0xbc/0x100 lib/iov_iter.c:169
 _copy_to_iter+0x5ce/0x1fe0 lib/iov_iter.c:527
 copy_to_iter include/linux/uio.h:176 [inline]
 simple_copy_to_iter+0x64/0xa0 net/core/datagram.c:513
 __skb_datagram_iter+0x123/0xdc0 net/core/datagram.c:419
 skb_copy_datagram_iter+0x53/0x1d0 net/core/datagram.c:527
 skb_copy_datagram_msg include/linux/skbuff.h:3879 [inline]
 netlink_recvmsg+0x4d1/0x1720 net/netlink/af_netlink.c:1977
 sock_recvmsg_nosec net/socket.c:995 [inline]
 sock_recvmsg net/socket.c:1013 [inline]
 __sys_recvfrom+0x5b8/0x850 net/socket.c:2169
 __do_sys_recvfrom net/socket.c:2187 [inline]
 __se_sys_recvfrom net/socket.c:2183 [inline]
 __x64_sys_recvfrom+0x122/0x1c0 net/socket.c:2183
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Uninit was created at:
 slab_post_alloc_hook mm/slab.h:732 [inline]
 slab_alloc_node mm/slub.c:3258 [inline]
 __kmalloc_node_track_caller+0x814/0x1250 mm/slub.c:4970
 kmalloc_reserve net/core/skbuff.c:358 [inline]
 __alloc_skb+0x346/0xcf0 net/core/skbuff.c:430
 alloc_skb include/linux/skbuff.h:1257 [inline]
 netlink_dump+0x2da/0x1400 net/netlink/af_netlink.c:2248
 __netlink_dump_start+0xa91/0xc60 net/netlink/af_netlink.c:2380
 netlink_dump_start include/linux/netlink.h:245 [inline]
 rtnetlink_rcv_msg+0x13c0/0x1860 net/core/rtnetlink.c:6046
 netlink_rcv_skb+0x3a5/0x6c0 net/netlink/af_netlink.c:2501
 rtnetlink_rcv+0x30/0x40 net/core/rtnetlink.c:6108
 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]
 netlink_unicast+0xf3b/0x1270 net/netlink/af_netlink.c:1345
 netlink_sendmsg+0x1288/0x1440 net/netlink/af_netlink.c:1921
 sock_sendmsg_nosec net/socket.c:714 [inline]
 sock_sendmsg net/socket.c:734 [inline]
 ____sys_sendmsg+0xabc/0xe90 net/socket.c:2482
 ___sys_sendmsg+0x2a1/0x3f0 net/socket.c:2536
 __sys_sendmsg net/socket.c:2565 [inline]
 __do_sys_sendmsg net/socket.c:2574 [inline]
 __se_sys_sendmsg net/socket.c:2572 [inline]
 __x64_sys_sendmsg+0x367/0x540 net/socket.c:2572
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Byte 17 of 560 is uninitialized
Memory access of size 560 starts at ffff88810e6e6000
Data copied to user address 00007fff2e011610

CPU: 0 PID: 3484 Comm: syz-executor350 Not tainted 6.0.0-rc2-syzkaller-47461-gac3859c02d7f #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
=====================================================

Crashes (6401):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kmsan-gce 2022/08/27 18:38 https://github.com/google/kmsan.git master ac3859c02d7f 07177916 .config log report syz C KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce 2020/02/16 03:31 https://github.com/google/kmsan.git master 686a4f77cb0c 5d7b90f1 .config log report syz C
ci-upstream-kmsan-gce 2020/02/10 13:57 https://github.com/google/kmsan.git master 686a4f77cb0c 35f5e45e .config log report syz C
ci-upstream-kmsan-gce 2020/01/10 01:31 https://github.com/google/kmsan.git master 178db004661b 4de4e9f0 .config log report syz C
ci-upstream-kmsan-gce 2019/12/03 04:22 https://github.com/google/kmsan.git master 940694c19feb ab342da3 .config log report syz C
ci-upstream-kmsan-gce 2019/12/01 20:38 https://github.com/google/kmsan.git master e2027b2c33b7 a76bf83f .config log report syz C
ci-upstream-kmsan-gce 2019/11/30 18:47 https://github.com/google/kmsan.git master e2027b2c33b7 3a75be00 .config log report syz C
ci-upstream-kmsan-gce 2019/07/20 00:33 https://github.com/google/kmsan.git master beaab8a31e0d 1656845f .config log report syz C
ci-upstream-kmsan-gce 2019/07/13 03:49 https://github.com/google/kmsan.git master 7280182c67ba baa5258a .config log report syz C
ci-upstream-kmsan-gce 2019/06/28 11:31 https://github.com/google/kmsan.git master 41550654dedf 7509bf36 .config log report syz C
ci-upstream-kmsan-gce 2019/06/18 19:26 https://github.com/google/kmsan.git master aad0f0dd72ab e3f76baa .config log report syz C
ci-upstream-kmsan-gce 2019/06/17 20:04 https://github.com/google/kmsan.git master aad0f0dd72ab 442206d7 .config log report syz C
ci-upstream-kmsan-gce 2019/06/03 15:14 https://github.com/google/kmsan.git master f75e4cfea97f 63bf051f .config log report syz C
ci-upstream-kmsan-gce 2019/09/05 23:13 https://github.com/google/kmsan.git master 040b8306f758 040fda58 .config log report syz
ci-upstream-kmsan-gce 2022/09/25 22:23 https://github.com/google/kmsan.git master 523d2ce66d07 0042f2b4 .config log report info KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce 2022/09/24 00:51 https://github.com/google/kmsan.git master 523d2ce66d07 0042f2b4 .config log report info KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce 2022/09/22 06:10 https://github.com/google/kmsan.git master 523d2ce66d07 60af5050 .config log report info KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce 2022/09/20 01:55 https://github.com/google/kmsan.git master 8f4ae27df775 dd9a85ff .config log report info KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce 2022/09/17 14:43 https://github.com/google/kmsan.git master 8f4ae27df775 dd9a85ff .config log report info KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce 2022/09/17 11:14 https://github.com/google/kmsan.git master 8f4ae27df775 dd9a85ff .config log report info KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce 2022/09/15 03:51 https://github.com/google/kmsan.git master 8f4ae27df775 b884348d .config log report info KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce 2022/08/30 11:49 https://github.com/google/kmsan.git master ac3859c02d7f 5b44472d .config log report info KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce 2022/08/27 17:33 https://github.com/google/kmsan.git master ac3859c02d7f 07177916 .config log report info KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce-386 2022/09/22 11:32 https://github.com/google/kmsan.git master 523d2ce66d07 60af5050 .config log report info KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce-386 2022/09/21 06:40 https://github.com/google/kmsan.git master 523d2ce66d07 c4b8ccfd .config log report info KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce-386 2022/09/21 01:19 https://github.com/google/kmsan.git master 523d2ce66d07 c4b8ccfd .config log report info KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce-386 2022/09/11 10:55 https://github.com/google/kmsan.git master 4367d178d9eb 356d8217 .config log report info KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce-386 2022/09/10 16:08 https://github.com/google/kmsan.git master 4367d178d9eb 356d8217 .config log report info KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce-386 2022/09/10 09:46 https://github.com/google/kmsan.git master 4367d178d9eb 356d8217 .config log report info KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce-386 2022/09/10 07:21 https://github.com/google/kmsan.git master 4367d178d9eb 356d8217 .config log report info KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce-386 2022/09/09 08:41 https://github.com/google/kmsan.git master 4367d178d9eb f3027468 .config log report info KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce-386 2022/09/08 16:01 https://github.com/google/kmsan.git master 4367d178d9eb f3027468 .config log report info KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce-386 2022/09/08 13:36 https://github.com/google/kmsan.git master 4367d178d9eb f3027468 .config log report info KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce-386 2022/09/07 16:22 https://github.com/google/kmsan.git master 4367d178d9eb c5b7bc57 .config log report info KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce-386 2022/08/30 16:35 https://github.com/google/kmsan.git master 669e25866d6c 4a380809 .config log report info KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce-386 2022/08/28 20:57 https://github.com/google/kmsan.git master ac3859c02d7f 07177916 .config log report info KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce-386 2022/08/27 09:28 https://github.com/google/kmsan.git master ac3859c02d7f 07177916 .config log report info KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce 2020/05/10 10:06 https://github.com/google/kmsan.git master a7b0442ddfb0 8742a2b9 .config log report
ci-upstream-kmsan-gce 2020/05/10 07:31 https://github.com/google/kmsan.git master a7b0442ddfb0 8742a2b9 .config log report
ci-upstream-kmsan-gce 2020/05/10 05:44 https://github.com/google/kmsan.git master a7b0442ddfb0 8742a2b9 .config log report
ci-upstream-kmsan-gce 2020/05/10 03:59 https://github.com/google/kmsan.git master a7b0442ddfb0 8742a2b9 .config log report
ci-upstream-kmsan-gce 2020/05/09 23:48 https://github.com/google/kmsan.git master a7b0442ddfb0 88cb3e92 .config log report
ci-upstream-kmsan-gce 2020/05/09 22:45 https://github.com/google/kmsan.git master a7b0442ddfb0 88cb3e92 .config log report
ci-upstream-kmsan-gce 2020/05/09 21:44 https://github.com/google/kmsan.git master a7b0442ddfb0 88cb3e92 .config log report
ci-upstream-kmsan-gce 2020/05/09 17:12 https://github.com/google/kmsan.git master a7b0442ddfb0 88cb3e92 .config log report
ci-upstream-kmsan-gce 2020/05/09 12:24 https://github.com/google/kmsan.git master a7b0442ddfb0 e97b06d3 .config log report
ci-upstream-kmsan-gce 2020/05/09 11:23 https://github.com/google/kmsan.git master a7b0442ddfb0 e97b06d3 .config log report
ci-upstream-kmsan-gce 2020/05/09 06:24 https://github.com/google/kmsan.git master 21c44613a2fe e97b06d3 .config log report
ci-upstream-kmsan-gce 2020/05/09 03:00 https://github.com/google/kmsan.git master 21c44613a2fe e97b06d3 .config log report
ci-upstream-kmsan-gce 2020/05/09 00:08 https://github.com/google/kmsan.git master 21c44613a2fe e97b06d3 .config log report
ci-upstream-kmsan-gce 2019/05/15 23:46 https://github.com/google/kmsan.git master 3b955a409bf3 051c49fe .config log report
ci-upstream-kmsan-gce-386 2020/05/10 08:33 https://github.com/google/kmsan.git master a7b0442ddfb0 8742a2b9 .config log report
ci-upstream-kmsan-gce-386 2020/05/10 00:58 https://github.com/google/kmsan.git master a7b0442ddfb0 88cb3e92 .config log report
ci-upstream-kmsan-gce-386 2020/05/09 17:23 https://github.com/google/kmsan.git master a7b0442ddfb0 88cb3e92 .config log report
ci-upstream-kmsan-gce-386 2020/05/09 15:38 https://github.com/google/kmsan.git master a7b0442ddfb0 88cb3e92 .config log report
ci-upstream-kmsan-gce-386 2020/05/09 05:31 https://github.com/google/kmsan.git master 21c44613a2fe e97b06d3 .config log report
ci-upstream-kmsan-gce-386 2020/05/09 04:21 https://github.com/google/kmsan.git master 21c44613a2fe e97b06d3 .config log report
ci-upstream-kmsan-gce-386 2020/05/09 01:30 https://github.com/google/kmsan.git master 21c44613a2fe e97b06d3 .config log report
ci-upstream-kmsan-gce-386 2020/05/08 20:27 https://github.com/google/kmsan.git master 21c44613a2fe 2b98fdbc .config log report
* Struck through repros no longer work on HEAD.