syzbot


KMSAN: kernel-infoleak in move_addr_to_user (3)

Status: fixed on 2020/09/28 09:09
Reported-by: syzbot+@syzkaller.appspotmail.com
Fix commit: 38ba8b9241f5 can: j1939: fix kernel-infoleak in j1939_sk_sock2sockaddr_can()
First crash: 742d, last: 702d
similar bugs (5):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: kernel-infoleak in move_addr_to_user (2) C 8 1241d 1256d 12/23 fixed on 2019/03/28 12:00
upstream KMSAN: kernel-infoleak in move_addr_to_user (4) C 59 534d 586d 21/23 fixed on 2021/03/10 01:48
upstream KMSAN: kernel-infoleak in move_addr_to_user (5) 3 383d 525d 22/23 fixed on 2021/11/10 00:50
upstream KMSAN: kernel-infoleak in move_addr_to_user 5 1269d 1319d 12/23 fixed on 2019/03/06 07:43
upstream KMSAN: kernel-infoleak in move_addr_to_user (6) C 4 204d 242d 22/23 fixed on 2022/03/08 16:11

Sample crash report:
=====================================================
BUG: KMSAN: kernel-infoleak in kmsan_copy_to_user+0x81/0x90 mm/kmsan/kmsan_hooks.c:253
CPU: 1 PID: 8486 Comm: syz-executor773 Not tainted 5.8.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x21c/0x280 lib/dump_stack.c:118
 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:121
 kmsan_internal_check_memory+0x238/0x3d0 mm/kmsan/kmsan.c:423
 kmsan_copy_to_user+0x81/0x90 mm/kmsan/kmsan_hooks.c:253
 instrument_copy_to_user include/linux/instrumented.h:91 [inline]
 _copy_to_user+0x18e/0x260 lib/usercopy.c:39
 copy_to_user include/linux/uaccess.h:186 [inline]
 move_addr_to_user+0x3de/0x670 net/socket.c:237
 __sys_getsockname+0x407/0x5e0 net/socket.c:1909
 __do_sys_getsockname net/socket.c:1920 [inline]
 __se_sys_getsockname+0x91/0xb0 net/socket.c:1917
 __x64_sys_getsockname+0x4a/0x70 net/socket.c:1917
 do_syscall_64+0xad/0x160 arch/x86/entry/common.c:386
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x440219
Code: Bad RIP value.
RSP: 002b:00007ffd42794658 EFLAGS: 00000246 ORIG_RAX: 0000000000000033
RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440219
RDX: 0000000020000240 RSI: 0000000020000100 RDI: 0000000000000003
RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401a20
R13: 0000000000401ab0 R14: 0000000000000000 R15: 0000000000000000

Local variable ----address@__sys_getsockname created at:
 __sys_getsockname+0x91/0x5e0 net/socket.c:1894
 __sys_getsockname+0x91/0x5e0 net/socket.c:1894

Bytes 2-3 of 24 are uninitialized
Memory access of size 24 starts at ffff8880b95cfde8
Data copied to user address 0000000020000100
=====================================================

Crashes (79):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kmsan-gce 2020/08/21 01:41 https://github.com/google/kmsan.git master ce8056d1f79e 1d75fe45 .config log report syz C
ci-upstream-kmsan-gce 2020/08/13 12:34 https://github.com/google/kmsan.git master ce8056d1f79e bc15f7db .config log report syz C
ci-upstream-kmsan-gce 2020/09/15 22:24 https://github.com/google/kmsan.git master 3b3ea6028136 6989d6f6 .config log report info
ci-upstream-kmsan-gce 2020/09/14 03:59 https://github.com/google/kmsan.git master 3b3ea6028136 2d3cdd63 .config log report
ci-upstream-kmsan-gce 2020/09/12 03:07 https://github.com/google/kmsan.git master 3b3ea6028136 79fb24e2 .config log report
ci-upstream-kmsan-gce 2020/09/11 03:03 https://github.com/google/kmsan.git master 3b3ea6028136 409809d8 .config log report
ci-upstream-kmsan-gce 2020/09/11 01:51 https://github.com/google/kmsan.git master 3b3ea6028136 409809d8 .config log report
ci-upstream-kmsan-gce 2020/09/10 23:21 https://github.com/google/kmsan.git master 3b3ea6028136 409809d8 .config log report
ci-upstream-kmsan-gce 2020/09/10 15:52 https://github.com/google/kmsan.git master 3b3ea6028136 409809d8 .config log report
ci-upstream-kmsan-gce 2020/09/08 22:45 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config log report
ci-upstream-kmsan-gce 2020/09/06 23:02 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config log report
ci-upstream-kmsan-gce 2020/09/05 08:03 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config log report
ci-upstream-kmsan-gce 2020/09/03 09:38 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config log report
ci-upstream-kmsan-gce 2020/08/28 00:03 https://github.com/google/kmsan.git master ce8056d1f79e 816e0689 .config log report
ci-upstream-kmsan-gce 2020/08/27 10:17 https://github.com/google/kmsan.git master ce8056d1f79e 816e0689 .config log report
ci-upstream-kmsan-gce 2020/08/26 18:49 https://github.com/google/kmsan.git master ce8056d1f79e 318430cb .config log report
ci-upstream-kmsan-gce 2020/08/26 10:50 https://github.com/google/kmsan.git master ce8056d1f79e 344da168 .config log report
ci-upstream-kmsan-gce 2020/08/26 07:42 https://github.com/google/kmsan.git master ce8056d1f79e 344da168 .config log report
ci-upstream-kmsan-gce 2020/08/25 11:45 https://github.com/google/kmsan.git master ce8056d1f79e 344da168 .config log report
ci-upstream-kmsan-gce 2020/08/25 10:53 https://github.com/google/kmsan.git master ce8056d1f79e 344da168 .config log report
ci-upstream-kmsan-gce 2020/08/25 09:59 https://github.com/google/kmsan.git master ce8056d1f79e 344da168 .config log report
ci-upstream-kmsan-gce 2020/08/25 01:01 https://github.com/google/kmsan.git master ce8056d1f79e 67b599d1 .config log report
ci-upstream-kmsan-gce 2020/08/22 19:21 https://github.com/google/kmsan.git master ce8056d1f79e 6436ce4b .config log report
ci-upstream-kmsan-gce 2020/08/22 05:40 https://github.com/google/kmsan.git master ce8056d1f79e 6436ce4b .config log report
ci-upstream-kmsan-gce 2020/08/21 21:19 https://github.com/google/kmsan.git master ce8056d1f79e 6436ce4b .config log report
ci-upstream-kmsan-gce 2020/08/19 20:06 https://github.com/google/kmsan.git master ce8056d1f79e 94b45706 .config log report
ci-upstream-kmsan-gce 2020/08/19 12:03 https://github.com/google/kmsan.git master ce8056d1f79e e1c29030 .config log report
ci-upstream-kmsan-gce 2020/08/19 08:13 https://github.com/google/kmsan.git master ce8056d1f79e e1c29030 .config log report
ci-upstream-kmsan-gce 2020/08/17 04:58 https://github.com/google/kmsan.git master ce8056d1f79e 424dd8e7 .config log report
ci-upstream-kmsan-gce 2020/08/17 04:57 https://github.com/google/kmsan.git master ce8056d1f79e 424dd8e7 .config log report
ci-upstream-kmsan-gce 2020/08/16 16:43 https://github.com/google/kmsan.git master ce8056d1f79e 424dd8e7 .config log report
ci-upstream-kmsan-gce 2020/08/16 16:41 https://github.com/google/kmsan.git master ce8056d1f79e 424dd8e7 .config log report
ci-upstream-kmsan-gce 2020/08/16 07:57 https://github.com/google/kmsan.git master ce8056d1f79e 424dd8e7 .config log report
ci-upstream-kmsan-gce 2020/08/15 13:27 https://github.com/google/kmsan.git master ce8056d1f79e 424dd8e7 .config log report
ci-upstream-kmsan-gce 2020/08/13 14:27 https://github.com/google/kmsan.git master ce8056d1f79e bc15f7db .config log report
ci-upstream-kmsan-gce 2020/08/13 11:24 https://github.com/google/kmsan.git master ce8056d1f79e bc15f7db .config log report
ci-upstream-kmsan-gce-386 2020/09/16 18:47 https://github.com/google/kmsan.git master 6c24608b4b24 18d7d030 .config log report info
ci-upstream-kmsan-gce-386 2020/09/10 18:26 https://github.com/google/kmsan.git master 3b3ea6028136 409809d8 .config log report
ci-upstream-kmsan-gce-386 2020/09/09 05:33 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config log report
ci-upstream-kmsan-gce-386 2020/09/08 12:29 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config log report
ci-upstream-kmsan-gce-386 2020/09/08 06:03 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config log report
ci-upstream-kmsan-gce-386 2020/09/07 03:52 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config log report
ci-upstream-kmsan-gce-386 2020/09/07 00:15 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config log report
ci-upstream-kmsan-gce-386 2020/09/05 21:36 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config log report
ci-upstream-kmsan-gce-386 2020/09/05 14:03 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config log report
ci-upstream-kmsan-gce-386 2020/09/05 05:09 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config log report
ci-upstream-kmsan-gce-386 2020/09/05 03:11 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config log report
ci-upstream-kmsan-gce-386 2020/09/03 22:01 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config log report
ci-upstream-kmsan-gce-386 2020/09/02 12:04 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config log report
ci-upstream-kmsan-gce-386 2020/09/01 20:26 https://github.com/google/kmsan.git master 3b3ea6028136 d5a3ae1f .config log report
ci-upstream-kmsan-gce-386 2020/09/01 13:33 https://github.com/google/kmsan.git master 3b3ea6028136 d5a3ae1f .config log report
ci-upstream-kmsan-gce-386 2020/09/01 03:05 https://github.com/google/kmsan.git master 3b3ea6028136 d5a3ae1f .config log report
ci-upstream-kmsan-gce-386 2020/08/29 14:55 https://github.com/google/kmsan.git master 3b3ea6028136 d5a3ae1f .config log report
ci-upstream-kmsan-gce-386 2020/08/28 03:59 https://github.com/google/kmsan.git master ce8056d1f79e 816e0689 .config log report
ci-upstream-kmsan-gce-386 2020/08/28 00:55 https://github.com/google/kmsan.git master ce8056d1f79e 816e0689 .config log report
ci-upstream-kmsan-gce-386 2020/08/26 18:53 https://github.com/google/kmsan.git master ce8056d1f79e 318430cb .config log report
ci-upstream-kmsan-gce-386 2020/08/26 10:53 https://github.com/google/kmsan.git master ce8056d1f79e 344da168 .config log report
ci-upstream-kmsan-gce-386 2020/08/26 03:11 https://github.com/google/kmsan.git master ce8056d1f79e 344da168 .config log report
ci-upstream-kmsan-gce-386 2020/08/25 11:56 https://github.com/google/kmsan.git master ce8056d1f79e 344da168 .config log report
ci-upstream-kmsan-gce-386 2020/08/25 01:05 https://github.com/google/kmsan.git master ce8056d1f79e 67b599d1 .config log report
ci-upstream-kmsan-gce-386 2020/08/22 15:21 https://github.com/google/kmsan.git master ce8056d1f79e 6436ce4b .config log report
ci-upstream-kmsan-gce-386 2020/08/22 13:28 https://github.com/google/kmsan.git master ce8056d1f79e 6436ce4b .config log report
ci-upstream-kmsan-gce-386 2020/08/13 11:38 https://github.com/google/kmsan.git master ce8056d1f79e bc15f7db .config log report
ci-upstream-kmsan-gce-386 2020/08/11 17:55 https://github.com/google/kmsan.git master ce8056d1f79e bacaf5fa .config log report
ci-upstream-kmsan-gce-386 2020/08/09 11:49 https://github.com/google/kmsan.git master ce8056d1f79e f721e4a0 .config log report
ci-upstream-kmsan-gce-386 2020/08/09 05:20 https://github.com/google/kmsan.git master ce8056d1f79e f721e4a0 .config log report
ci-upstream-kmsan-gce-386 2020/08/09 02:20 https://github.com/google/kmsan.git master ce8056d1f79e f721e4a0 .config log report
ci-upstream-kmsan-gce-386 2020/08/07 20:16 https://github.com/google/kmsan.git master 05fd5f9f0208 cb436c69 .config log report