| Kernel | Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
|---|---|---|---|---|---|---|---|---|---|
| upstream | KMSAN: kernel-infoleak in tty_read serial | 3 | 5d19h | 36d | 0/28 | upstream: reported on 2024/08/12 09:45 |
syzbot |
sign-in | mailing list | source | docs |
===================================================== BUG: KMSAN: kernel-infoleak-after-free in instrument_copy_to_user include/linux/instrumented.h:114 [inline] BUG: KMSAN: kernel-infoleak-after-free in copy_to_user_iter lib/iov_iter.c:24 [inline] BUG: KMSAN: kernel-infoleak-after-free in iterate_ubuf include/linux/iov_iter.h:29 [inline] BUG: KMSAN: kernel-infoleak-after-free in iterate_and_advance2 include/linux/iov_iter.h:245 [inline] BUG: KMSAN: kernel-infoleak-after-free in iterate_and_advance include/linux/iov_iter.h:271 [inline] BUG: KMSAN: kernel-infoleak-after-free in _copy_to_iter+0x364/0x2520 lib/iov_iter.c:186 instrument_copy_to_user include/linux/instrumented.h:114 [inline] copy_to_user_iter lib/iov_iter.c:24 [inline] iterate_ubuf include/linux/iov_iter.h:29 [inline] iterate_and_advance2 include/linux/iov_iter.h:245 [inline] iterate_and_advance include/linux/iov_iter.h:271 [inline] _copy_to_iter+0x364/0x2520 lib/iov_iter.c:186 copy_to_iter include/linux/uio.h:197 [inline] iterate_tty_read drivers/tty/tty_io.c:882 [inline] tty_read+0x41e/0xde0 drivers/tty/tty_io.c:937 call_read_iter include/linux/fs.h:2014 [inline] aio_read+0x4b4/0x680 fs/aio.c:1551 io_submit_one+0x25f9/0x3550 fs/aio.c:2001 __do_sys_io_submit fs/aio.c:2060 [inline] __se_sys_io_submit+0x275/0x6f0 fs/aio.c:2030 __x64_sys_io_submit+0x96/0xe0 fs/aio.c:2030 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x44/0x110 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x63/0x6b Uninit was stored to memory at: copy_from_read_buf drivers/tty/n_tty.c:1972 [inline] n_tty_read+0x2054/0x31c0 drivers/tty/n_tty.c:2299 iterate_tty_read drivers/tty/tty_io.c:862 [inline] tty_read+0x31b/0xde0 drivers/tty/tty_io.c:937 call_read_iter include/linux/fs.h:2014 [inline] aio_read+0x4b4/0x680 fs/aio.c:1551 io_submit_one+0x25f9/0x3550 fs/aio.c:2001 __do_sys_io_submit fs/aio.c:2060 [inline] __se_sys_io_submit+0x275/0x6f0 fs/aio.c:2030 __x64_sys_io_submit+0x96/0xe0 fs/aio.c:2030 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x44/0x110 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x63/0x6b Uninit was stored to memory at: put_tty_queue drivers/tty/n_tty.c:308 [inline] n_tty_receive_buf_raw drivers/tty/n_tty.c:1556 [inline] __receive_buf drivers/tty/n_tty.c:1625 [inline] n_tty_receive_buf_common+0x11e6/0x2320 drivers/tty/n_tty.c:1734 n_tty_receive_buf2+0x4c/0x60 drivers/tty/n_tty.c:1780 tty_ldisc_receive_buf+0xce/0x270 drivers/tty/tty_buffer.c:387 tty_port_default_receive_buf+0xdf/0x190 drivers/tty/tty_port.c:37 receive_buf drivers/tty/tty_buffer.c:445 [inline] flush_to_ldisc+0x4b7/0xdc0 drivers/tty/tty_buffer.c:495 process_one_work kernel/workqueue.c:2630 [inline] process_scheduled_works+0x104e/0x1e70 kernel/workqueue.c:2703 worker_thread+0xf45/0x1490 kernel/workqueue.c:2784 kthread+0x3ed/0x540 kernel/kthread.c:388 ret_from_fork+0x66/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242 Uninit was created at: slab_free_hook mm/slub.c:1770 [inline] slab_free_freelist_hook mm/slub.c:1826 [inline] slab_free mm/slub.c:3809 [inline] __kmem_cache_free+0x59f/0xe80 mm/slub.c:3822 kfree+0x173/0x420 mm/slab_common.c:1056 skb_kfree_head net/core/skbuff.c:950 [inline] skb_free_head net/core/skbuff.c:962 [inline] skb_release_data+0xda9/0x1010 net/core/skbuff.c:992 skb_release_all net/core/skbuff.c:1058 [inline] __kfree_skb+0x6d/0x250 net/core/skbuff.c:1072 consume_skb+0xa8/0x2d0 net/core/skbuff.c:1288 batadv_forw_packet_free+0x70/0x370 net/batman-adv/send.c:471 batadv_iv_send_outstanding_bat_ogm_packet+0xd3b/0xe50 net/batman-adv/bat_iv_ogm.c:1718 process_one_work kernel/workqueue.c:2630 [inline] process_scheduled_works+0x104e/0x1e70 kernel/workqueue.c:2703 worker_thread+0xf45/0x1490 kernel/workqueue.c:2784 kthread+0x3ed/0x540 kernel/kthread.c:388 ret_from_fork+0x66/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242 Byte 0 of 64 is uninitialized Memory access of size 64 starts at ffff8880ba6ffb10 Data copied to user address 00000000200001c0 CPU: 0 PID: 8333 Comm: syz-executor.3 Not tainted 6.6.0-syzkaller-05843-g89ed67ef126c #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 =====================================================
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2023/11/01 11:58 | upstream | 89ed67ef126c | 69904c9f | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kmsan-gce | KMSAN: kernel-infoleak-after-free in tty_read |