syzbot


KMSAN: kernel-infoleak in copyout (2)

Status: upstream: reported C repro on 2020/03/26 17:19
Reported-by: syzbot+fa5414772d5c445dac3c@syzkaller.appspotmail.com
First crash: 1364d, last: 2d17h
similar bugs (7):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: kernel-infoleak in copyout C 1860 1364d 1364d 0/24 closed as invalid on 2019/05/15 17:57
upstream KASAN: wild-memory-access Read in copyout 726 645d 652d 0/24 auto-closed as invalid on 2021/07/03 03:34
upstream KMSAN: kernel-infoleak in _copy_to_iter (7) btrfs ntfs3 erofs udf C 137496 12m 336d 23/24 internal: reported C repro on 2022/03/09 07:32
upstream KMSAN: kernel-infoleak in _copy_to_iter (6) C 748 336d 425d 22/24 fixed on 2022/03/08 16:11
upstream KMSAN: uninit-value in ___bpf_prog_run (3) C 5 298d 299d 23/24 internal: reported C repro on 2022/04/14 08:35
upstream KMSAN: uninit-value in bcmp ntfs3 C error 907 19d 1340d 0/24 upstream: reported C repro on 2019/06/08 15:03
upstream KMSAN: uninit-value in tipc_sk_lookup 8 370d 424d 0/24 auto-closed as invalid on 2022/05/03 21:09

Sample crash report:
netlink: 28 bytes leftover after parsing attributes in process `syz-executor292'.
=====================================================
BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:121 [inline]
BUG: KMSAN: kernel-infoleak in copyout+0xbc/0x100 lib/iov_iter.c:169
 instrument_copy_to_user include/linux/instrumented.h:121 [inline]
 copyout+0xbc/0x100 lib/iov_iter.c:169
 _copy_to_iter+0x4f4/0x1fb0 lib/iov_iter.c:529
 copy_to_iter include/linux/uio.h:179 [inline]
 simple_copy_to_iter+0x64/0xa0 net/core/datagram.c:513
 __skb_datagram_iter+0x123/0xdc0 net/core/datagram.c:419
 skb_copy_datagram_iter+0x53/0x1d0 net/core/datagram.c:527
 skb_copy_datagram_msg include/linux/skbuff.h:3908 [inline]
 netlink_recvmsg+0x504/0x1650 net/netlink/af_netlink.c:1988
 ____sys_recvmsg+0x2c4/0x810
 ___sys_recvmsg+0x217/0x840 net/socket.c:2737
 do_recvmmsg+0x55a/0x1180 net/socket.c:2831
 __sys_recvmmsg net/socket.c:2910 [inline]
 __do_sys_recvmmsg net/socket.c:2933 [inline]
 __se_sys_recvmmsg net/socket.c:2926 [inline]
 __x64_sys_recvmmsg+0x3a7/0x4b0 net/socket.c:2926
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Uninit was stored to memory at:
 __nla_put lib/nlattr.c:1006 [inline]
 nla_put+0x1c2/0x230 lib/nlattr.c:1064
 copy_to_user_state_extra+0x115e/0x1aa0 net/xfrm/xfrm_user.c:1101
 dump_one_state+0x2c8/0x7c0 net/xfrm/xfrm_user.c:1169
 xfrm_state_walk+0x727/0x1300 net/xfrm/xfrm_state.c:2308
 xfrm_dump_sa+0x1e6/0x6b0 net/xfrm/xfrm_user.c:1240
 netlink_dump+0xb18/0x1560 net/netlink/af_netlink.c:2286
 __netlink_dump_start+0xa6d/0xc40 net/netlink/af_netlink.c:2391
 netlink_dump_start include/linux/netlink.h:294 [inline]
 xfrm_user_rcv_msg+0x828/0xf70 net/xfrm/xfrm_user.c:3091
 netlink_rcv_skb+0x3f1/0x750 net/netlink/af_netlink.c:2564
 xfrm_netlink_rcv+0x72/0xb0 net/xfrm/xfrm_user.c:3128
 netlink_unicast_kernel net/netlink/af_netlink.c:1330 [inline]
 netlink_unicast+0xf3b/0x1270 net/netlink/af_netlink.c:1356
 netlink_sendmsg+0x127d/0x1430 net/netlink/af_netlink.c:1932
 sock_sendmsg_nosec net/socket.c:714 [inline]
 sock_sendmsg net/socket.c:734 [inline]
 ____sys_sendmsg+0xa8e/0xe70 net/socket.c:2476
 ___sys_sendmsg+0x2a1/0x3f0 net/socket.c:2530
 __sys_sendmsg net/socket.c:2559 [inline]
 __do_sys_sendmsg net/socket.c:2568 [inline]
 __se_sys_sendmsg net/socket.c:2566 [inline]
 __x64_sys_sendmsg+0x367/0x540 net/socket.c:2566
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Uninit was created at:
 slab_post_alloc_hook mm/slab.h:766 [inline]
 slab_alloc_node mm/slub.c:3452 [inline]
 __kmem_cache_alloc_node+0x71f/0xce0 mm/slub.c:3491
 kmalloc_trace+0x4d/0x1f0 mm/slab_common.c:1062
 kmalloc include/linux/slab.h:580 [inline]
 pfkey_msg2xfrm_state net/key/af_key.c:1199 [inline]
 pfkey_add+0x3124/0x3b90 net/key/af_key.c:1504
 pfkey_process net/key/af_key.c:2844 [inline]
 pfkey_sendmsg+0x1693/0x1b90 net/key/af_key.c:3695
 sock_sendmsg_nosec net/socket.c:714 [inline]
 sock_sendmsg net/socket.c:734 [inline]
 ____sys_sendmsg+0xa8e/0xe70 net/socket.c:2476
 ___sys_sendmsg+0x2a1/0x3f0 net/socket.c:2530
 __sys_sendmmsg+0x40d/0xa40 net/socket.c:2616
 __do_sys_sendmmsg net/socket.c:2645 [inline]
 __se_sys_sendmmsg net/socket.c:2642 [inline]
 __x64_sys_sendmmsg+0xb8/0x120 net/socket.c:2642
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Bytes 252-311 of 912 are uninitialized
Memory access of size 912 starts at ffff88811c76b000
Data copied to user address 0000000020001580

CPU: 1 PID: 5027 Comm: syz-executor292 Not tainted 6.2.0-rc3-syzkaller-79340-gc9a4e3bf8138 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
=====================================================

Crashes (6489):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci-upstream-kmsan-gce 2023/01/10 13:40 https://github.com/google/kmsan.git master c9a4e3bf8138 1dac8c7a .config strace log report syz C [disk image] [vmlinux] [kernel image] KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce 2022/08/27 18:38 https://github.com/google/kmsan.git master ac3859c02d7f 07177916 .config strace log report syz C KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce 2020/02/16 03:31 https://github.com/google/kmsan.git master 686a4f77cb0c 5d7b90f1 .config console log report syz C
ci-upstream-kmsan-gce 2020/02/10 13:57 https://github.com/google/kmsan.git master 686a4f77cb0c 35f5e45e .config console log report syz C
ci-upstream-kmsan-gce 2020/01/10 01:31 https://github.com/google/kmsan.git master 178db004661b 4de4e9f0 .config console log report syz C
ci-upstream-kmsan-gce 2019/12/03 04:22 https://github.com/google/kmsan.git master 940694c19feb ab342da3 .config console log report syz C
ci-upstream-kmsan-gce 2019/12/01 20:38 https://github.com/google/kmsan.git master e2027b2c33b7 a76bf83f .config console log report syz C
ci-upstream-kmsan-gce 2019/11/30 18:47 https://github.com/google/kmsan.git master e2027b2c33b7 3a75be00 .config console log report syz C
ci-upstream-kmsan-gce 2019/07/20 00:33 https://github.com/google/kmsan.git master beaab8a31e0d 1656845f .config console log report syz C
ci-upstream-kmsan-gce 2019/07/13 03:49 https://github.com/google/kmsan.git master 7280182c67ba baa5258a .config console log report syz C
ci-upstream-kmsan-gce 2019/06/28 11:31 https://github.com/google/kmsan.git master 41550654dedf 7509bf36 .config console log report syz C
ci-upstream-kmsan-gce 2019/06/18 19:26 https://github.com/google/kmsan.git master aad0f0dd72ab e3f76baa .config console log report syz C
ci-upstream-kmsan-gce 2019/06/17 20:04 https://github.com/google/kmsan.git master aad0f0dd72ab 442206d7 .config console log report syz C
ci-upstream-kmsan-gce 2019/06/03 15:14 https://github.com/google/kmsan.git master f75e4cfea97f 63bf051f .config console log report syz C
ci-upstream-kmsan-gce 2019/09/05 23:13 https://github.com/google/kmsan.git master 040b8306f758 040fda58 .config console log report syz
ci-upstream-kmsan-gce 2023/01/19 07:52 https://github.com/google/kmsan.git master e919e2b1bc1c 42660d9e .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce 2023/01/18 14:49 https://github.com/google/kmsan.git master e919e2b1bc1c 42660d9e .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce 2023/01/13 00:26 https://github.com/google/kmsan.git master 219e919e391d 96166539 .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce 2023/01/10 10:46 https://github.com/google/kmsan.git master c9a4e3bf8138 1dac8c7a .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce 2022/11/08 22:22 https://github.com/google/kmsan.git master b1376a14297d 060f945e .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce 2022/10/26 04:12 https://github.com/google/kmsan.git master da7a7c9082c9 1984aebd .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce 2022/10/25 07:27 https://github.com/google/kmsan.git master 4a3e741a3d6a 45645420 .config console log report info [disk image] [vmlinux] KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce 2022/10/24 23:18 https://github.com/google/kmsan.git master 968c2729e576 ff2fe65d .config console log report info [disk image] [vmlinux] KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce 2022/10/24 19:05 https://github.com/google/kmsan.git master 968c2729e576 ff2fe65d .config console log report info [disk image] [vmlinux] KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce 2022/10/22 05:21 https://github.com/google/kmsan.git master 968c2729e576 4bfd3c27 .config console log report info [disk image] [vmlinux] KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce 2022/10/19 18:20 https://github.com/google/kmsan.git master 968c2729e576 b31320fc .config console log report info [disk image] [vmlinux] KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce 2022/10/16 21:35 https://github.com/google/kmsan.git master 968c2729e576 67cb024c .config console log report info [disk image] [vmlinux] KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce 2022/10/14 02:01 https://github.com/google/kmsan.git master 968c2729e576 adf90437 .config console log report info [disk image] [vmlinux] KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce 2022/10/12 03:46 https://github.com/google/kmsan.git master 968c2729e576 16a9c9e0 .config console log report info [disk image] [vmlinux] KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce 2022/10/10 22:52 https://github.com/google/kmsan.git master 968c2729e576 aea5da89 .config console log report info [disk image] [vmlinux] KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce-386 2023/02/05 14:47 https://github.com/google/kmsan.git master eda666ff2276 be607b78 .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce-386 2023/02/02 22:08 https://github.com/google/kmsan.git master eda666ff2276 16d19e30 .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce-386 2023/02/02 00:25 https://github.com/google/kmsan.git master eda666ff2276 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce-386 2023/02/01 22:29 https://github.com/google/kmsan.git master eda666ff2276 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce-386 2023/01/27 00:42 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce-386 2023/01/26 23:23 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce-386 2023/01/24 12:55 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce-386 2023/01/22 05:39 https://github.com/google/kmsan.git master e919e2b1bc1c 559a440a .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce-386 2023/01/18 16:15 https://github.com/google/kmsan.git master e919e2b1bc1c 42660d9e .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce-386 2023/01/16 03:37 https://github.com/google/kmsan.git master e919e2b1bc1c a63719e7 .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce-386 2023/01/15 13:35 https://github.com/google/kmsan.git master e919e2b1bc1c a63719e7 .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce-386 2023/01/15 08:02 https://github.com/google/kmsan.git master e919e2b1bc1c a63719e7 .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce-386 2023/01/13 23:04 https://github.com/google/kmsan.git master e919e2b1bc1c 529798b0 .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce-386 2023/01/11 02:39 https://github.com/google/kmsan.git master c9a4e3bf8138 1dac8c7a .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce-386 2022/12/27 00:26 https://github.com/google/kmsan.git master 5c6259d6d19f 9da18ae8 .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce-386 2022/12/23 22:45 https://github.com/google/kmsan.git master 5c6259d6d19f 9da18ae8 .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce-386 2022/12/18 22:43 https://github.com/google/kmsan.git master 5c6259d6d19f 05494336 .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce-386 2022/12/16 06:48 https://github.com/google/kmsan.git master 5c6259d6d19f 6f9c033e .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce-386 2022/12/16 06:27 https://github.com/google/kmsan.git master 5c6259d6d19f 6f9c033e .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce-386 2022/12/09 05:51 https://github.com/google/kmsan.git master 30d2727189c5 1034e5fa .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce-386 2022/12/02 22:34 https://github.com/google/kmsan.git master 49a9a20768f5 e080de16 .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce-386 2022/12/02 00:43 https://github.com/google/kmsan.git master 49a9a20768f5 e080de16 .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce-386 2022/11/20 13:28 https://github.com/google/kmsan.git master cb231e2f67ec 5bb70014 .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce-386 2022/11/17 04:17 https://github.com/google/kmsan.git master cb231e2f67ec 3a127a31 .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce-386 2022/11/11 13:53 https://github.com/google/kmsan.git master cb231e2f67ec 3ead01ad .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce-386 2022/11/05 16:00 https://github.com/google/kmsan.git master 53d6b047b069 6d752409 .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce-386 2022/10/30 07:04 https://github.com/google/kmsan.git master be8b0d020631 2a71366b .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce-386 2022/10/29 14:06 https://github.com/google/kmsan.git master be8b0d020631 899d812a .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce-386 2022/10/29 00:34 https://github.com/google/kmsan.git master be8b0d020631 ea12ae9b .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce-386 2022/10/24 01:32 https://github.com/google/kmsan.git master 968c2729e576 23bf86af .config console log report info [disk image] [vmlinux] KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce-386 2022/10/22 21:34 https://github.com/google/kmsan.git master 968c2729e576 c0b80a55 .config console log report info [disk image] [vmlinux] KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce-386 2022/10/20 14:59 https://github.com/google/kmsan.git master 968c2729e576 b31320fc .config console log report info [disk image] [vmlinux] KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce-386 2022/10/13 15:35 https://github.com/google/kmsan.git master 968c2729e576 adf90437 .config console log report info [disk image] [vmlinux] KMSAN: kernel-infoleak in copyout
ci-upstream-kmsan-gce 2020/05/10 10:06 https://github.com/google/kmsan.git master a7b0442ddfb0 8742a2b9 .config console log report
ci-upstream-kmsan-gce 2019/05/15 23:46 https://github.com/google/kmsan.git master 3b955a409bf3 051c49fe .config console log report
* Struck through repros no longer work on HEAD.