syzbot


KMSAN: kernel-infoleak in copy_page_to_iter (2)

Status: fixed on 2021/11/10 00:50
Subsystems: fs mm
[Documentation on labels]
Reported-by: syzbot+2dcfeaf8cb49b05e8f1a@syzkaller.appspotmail.com
Fix commit: ce3aba43599f ext4: fix kernel infoleak via ext4_extent_header
First crash: 2089d, last: 955d
Discussions (14)
Title Replies (including bot) Last reply
[PATCH v2] ext4: fix kernel infoleak via ext4_extent_header 4 (4) 2022/12/29 20:30
[PATCH 5.13 000/800] 5.13.2-rc1 review 840 (840) 2021/07/28 17:46
[PATCH 4.4 000/188] 4.4.276-rc1 review 195 (195) 2021/07/21 10:42
[PATCH 4.9 000/245] 4.9.276-rc1 review 250 (250) 2021/07/21 10:29
[PATCH 4.14 000/315] 4.14.240-rc1 review 321 (321) 2021/07/20 08:21
[PATCH 4.19 000/421] 4.19.198-rc1 review 423 (423) 2021/07/19 16:00
[PATCH 5.10 000/593] 5.10.50-rc1 review 615 (615) 2021/07/16 05:18
[PATCH 5.12 000/700] 5.12.17-rc1 review 708 (708) 2021/07/13 21:37
[PATCH 5.4 000/348] 5.4.132-rc1 review 354 (354) 2021/07/12 18:54
[PATCH v2 resend] ext4: fix kernel infoleak via ext4_extent_header 1 (1) 2021/06/10 15:46
[PATCH] ext4: fix kernel infoleak via ext4_extent_header 3 (3) 2021/05/06 18:58
Reminder: 11 open syzbot bugs in block subsystem 1 (1) 2019/07/24 02:26
Reminder: 11 open syzbot bugs in block subsystem 1 (1) 2019/06/25 06:17
KMSAN: kernel-infoleak in copy_page_to_iter (2) 5 (6) 2019/05/15 14:41
Similar bugs (5)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: kernel-infoleak in copy_page_to_iter fs C 364 2089d 2110d 0/26 closed as invalid on 2018/06/29 17:28
upstream KMSAN: kernel-infoleak in copy_page_to_iter (3) block 2 842d 843d 0/26 auto-closed as invalid on 2022/02/26 03:22
upstream KMSAN: kernel-infoleak in _copy_to_iter (8) mm C 21180 284d 379d 22/26 fixed on 2023/06/08 14:41
upstream KMSAN: kernel-infoleak in copy_page_to_iter (4) block 252 197d 275d 0/26 auto-obsoleted due to no activity on 2023/11/13 05:38
linux-5.15 KASAN: slab-out-of-bounds Write in copy_page_to_iter 1 212d 212d 0/3 auto-obsoleted due to no activity on 2023/11/27 15:14
Last patch testing requests (1)
Created Duration User Patch Repo Result
2020/09/30 17:18 18m anant.thazhemadam@gmail.com patch https://github.com/google/kmsan.git master report log

Sample crash report:
IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
8021q: adding VLAN 0 to HW filter on device team0
==================================================================
BUG: KMSAN: kernel-infoleak in copyout lib/iov_iter.c:140 [inline]
BUG: KMSAN: kernel-infoleak in copy_page_to_iter_iovec lib/iov_iter.c:212 [inline]
BUG: KMSAN: kernel-infoleak in copy_page_to_iter+0x77a/0x1ac0 lib/iov_iter.c:846
CPU: 0 PID: 5005 Comm: blkid Not tainted 4.19.0-rc1+ #39
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x14b/0x190 lib/dump_stack.c:113
 kmsan_report+0x183/0x2b0 mm/kmsan/kmsan.c:956
 kmsan_internal_check_memory+0x17e/0x1f0 mm/kmsan/kmsan.c:1020
 kmsan_copy_to_user+0x73/0xb0 mm/kmsan/kmsan_hooks.c:479
 copyout lib/iov_iter.c:140 [inline]
 copy_page_to_iter_iovec lib/iov_iter.c:212 [inline]
 copy_page_to_iter+0x77a/0x1ac0 lib/iov_iter.c:846
 generic_file_buffered_read mm/filemap.c:2185 [inline]
 generic_file_read_iter+0x3469/0x4430 mm/filemap.c:2362
 blkdev_read_iter+0x20d/0x270 fs/block_dev.c:1936
 call_read_iter include/linux/fs.h:1801 [inline]
 new_sync_read fs/read_write.c:406 [inline]
 __vfs_read+0x7bb/0x9f0 fs/read_write.c:418
 vfs_read+0x36f/0x6a0 fs/read_write.c:452
 ksys_read fs/read_write.c:578 [inline]
 __do_sys_read fs/read_write.c:588 [inline]
 __se_sys_read fs/read_write.c:586 [inline]
 __x64_sys_read+0x1b7/0x3c0 fs/read_write.c:586
 do_syscall_64+0x15b/0x220 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x63/0xe7
RIP: 0033:0x7f6bf4959310
Code: 73 01 c3 48 8b 0d 28 4b 2b 00 31 d2 48 29 c2 64 89 11 48 83 c8 ff eb ea 90 90 83 3d e5 a2 2b 00 00 75 10 b8 00 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 6e 8a 01 00 48 89 04 24
RSP: 002b:00007fff70489898 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
RAX: ffffffffffffffda RBX: 0000000000037000 RCX: 00007f6bf4959310
RDX: 0000000000000029 RSI: 0000000000ddf1c8 RDI: 0000000000000003
RBP: 0000000000ddf1a0 R08: 0000000000000058 R09: 0101010101010101
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000dd9030
R13: 0000000000000029 R14: 0000000000dd9080 R15: 0000000000ddf1b8

Uninit was created at:
 kmsan_save_stack_with_flags mm/kmsan/kmsan.c:256 [inline]
 kmsan_internal_alloc_meta_for_pages+0x146/0x700 mm/kmsan/kmsan.c:694
 kmsan_alloc_page+0x75/0xd0 mm/kmsan/kmsan_hooks.c:250
 __alloc_pages_nodemask+0xf6b/0x5c80 mm/page_alloc.c:4411
 alloc_pages_current+0x6b1/0x970 mm/mempolicy.c:2093
 alloc_pages include/linux/gfp.h:511 [inline]
 __page_cache_alloc+0x95/0x320 mm/filemap.c:946
 page_cache_alloc include/linux/pagemap.h:234 [inline]
 generic_file_buffered_read mm/filemap.c:2273 [inline]
 generic_file_read_iter+0x27a4/0x4430 mm/filemap.c:2362
 blkdev_read_iter+0x20d/0x270 fs/block_dev.c:1936
 call_read_iter include/linux/fs.h:1801 [inline]
 new_sync_read fs/read_write.c:406 [inline]
 __vfs_read+0x7bb/0x9f0 fs/read_write.c:418
 vfs_read+0x36f/0x6a0 fs/read_write.c:452
 ksys_read fs/read_write.c:578 [inline]
 __do_sys_read fs/read_write.c:588 [inline]
 __se_sys_read fs/read_write.c:586 [inline]
 __x64_sys_read+0x1b7/0x3c0 fs/read_write.c:586
 do_syscall_64+0x15b/0x220 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x63/0xe7

Bytes 0-40 of 41 are uninitialized
Memory access starts at ffff8801b1729000
==================================================================

Crashes (2099):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/08/31 16:47 https://github.com/google/kmsan.git master ab98bd30a4ba a4718693 .config console log report syz C ci-upstream-kmsan-gce
2018/08/30 12:57 https://github.com/google/kmsan.git master 2dca2cbde67a 6c7e9d3d .config console log report syz C ci-upstream-kmsan-gce
2018/08/30 11:32 https://github.com/google/kmsan.git master 2dca2cbde67a 6c7e9d3d .config console log report syz C ci-upstream-kmsan-gce
2018/08/25 03:09 https://github.com/google/kmsan.git master 0cc51dc9a291 9b0f5c75 .config console log report syz C ci-upstream-kmsan-gce
2018/08/25 01:57 https://github.com/google/kmsan.git master 0cc51dc9a291 9b0f5c75 .config console log report syz C ci-upstream-kmsan-gce
2018/07/23 10:46 https://github.com/google/kmsan.git master d1c2a46a46f6 f69c5fcd .config console log report syz C ci-upstream-kmsan-gce
2018/07/22 03:19 https://github.com/google/kmsan.git master d1c2a46a46f6 8cc079c3 .config console log report syz C ci-upstream-kmsan-gce
2018/07/19 16:24 https://github.com/google/kmsan.git master cf8cd3cd03e2 49f35839 .config console log report syz C ci-upstream-kmsan-gce
2018/07/17 11:05 https://github.com/google/kmsan.git master 80ecacc456c1 13761366 .config console log report syz C ci-upstream-kmsan-gce
2018/07/08 05:37 https://github.com/google/kmsan.git master a00de5aa4da3 c9a7a4dc .config console log report syz C ci-upstream-kmsan-gce
2018/06/29 23:50 https://github.com/google/kmsan.git master 123906095e30 dba0b50e .config console log report syz C ci-upstream-kmsan-gce
2018/07/18 09:22 https://github.com/google/kmsan.git master 80ecacc456c1 6d5bd5b5 .config console log report syz ci-upstream-kmsan-gce
2021/06/25 14:01 https://github.com/google/kmsan.git master a520ce29b172 0edbbe31 .config console log report info ci-upstream-kmsan-gce KMSAN: kernel-infoleak in copy_page_to_iter
2021/08/06 15:05 https://github.com/google/kmsan.git master ee9407ea37bf f9e341e3 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in copy_page_to_iter
2021/08/06 14:04 https://github.com/google/kmsan.git master ee9407ea37bf f9e341e3 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in copy_page_to_iter
2021/08/06 12:09 https://github.com/google/kmsan.git master ee9407ea37bf f9e341e3 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in copy_page_to_iter
2021/08/06 06:44 https://github.com/google/kmsan.git master ee9407ea37bf d2d6e680 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in copy_page_to_iter
2021/08/06 05:13 https://github.com/google/kmsan.git master ee9407ea37bf d2d6e680 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in copy_page_to_iter
2021/08/06 02:44 https://github.com/google/kmsan.git master ee9407ea37bf d2d6e680 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in copy_page_to_iter
2021/08/06 01:41 https://github.com/google/kmsan.git master ee9407ea37bf d2d6e680 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in copy_page_to_iter
2021/08/05 17:22 https://github.com/google/kmsan.git master 925ba2a2a2fd 7f7bb950 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in copy_page_to_iter
2021/08/05 00:14 https://github.com/google/kmsan.git master b87ff0bc1209 b97d64c9 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in copy_page_to_iter
2021/08/04 20:31 https://github.com/google/kmsan.git master b87ff0bc1209 b97d64c9 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in copy_page_to_iter
2021/08/04 19:15 https://github.com/google/kmsan.git master b87ff0bc1209 b97d64c9 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in copy_page_to_iter
2021/08/04 04:31 https://github.com/google/kmsan.git master fc388325c43b 6c236867 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in copy_page_to_iter
2021/08/03 22:59 https://github.com/google/kmsan.git master fc388325c43b 6c236867 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in copy_page_to_iter
2021/08/03 15:29 https://github.com/google/kmsan.git master fc388325c43b 6c236867 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in copy_page_to_iter
2021/08/03 14:59 https://github.com/google/kmsan.git master fc388325c43b 6c236867 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in copy_page_to_iter
2021/08/03 09:49 https://github.com/google/kmsan.git master d41122e877c7 6c236867 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in copy_page_to_iter
2021/08/03 03:44 https://github.com/google/kmsan.git master d41122e877c7 6c236867 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in copy_page_to_iter
2021/08/01 19:21 https://github.com/google/kmsan.git master dfab4dc3af38 6c236867 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in copy_page_to_iter
2021/08/01 15:57 https://github.com/google/kmsan.git master dfab4dc3af38 6c236867 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in copy_page_to_iter
2021/08/01 08:59 https://github.com/google/kmsan.git master dfab4dc3af38 6c236867 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in copy_page_to_iter
2021/08/01 05:50 https://github.com/google/kmsan.git master dfab4dc3af38 6c236867 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in copy_page_to_iter
2021/07/31 23:47 https://github.com/google/kmsan.git master dfab4dc3af38 6c236867 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in copy_page_to_iter
2021/07/31 11:30 https://github.com/google/kmsan.git master dfab4dc3af38 6c236867 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in copy_page_to_iter
2021/07/31 04:48 https://github.com/google/kmsan.git master a2a37c61659d 6c236867 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in copy_page_to_iter
2021/07/31 02:14 https://github.com/google/kmsan.git master a2a37c61659d 6c236867 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in copy_page_to_iter
2021/07/31 01:02 https://github.com/google/kmsan.git master a2a37c61659d 6c236867 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in copy_page_to_iter
2021/07/30 05:47 https://github.com/google/kmsan.git master e89364d49ff0 c585c7b0 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in copy_page_to_iter
2021/07/30 04:37 https://github.com/google/kmsan.git master e89364d49ff0 c585c7b0 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in copy_page_to_iter
2021/07/30 03:23 https://github.com/google/kmsan.git master e89364d49ff0 c585c7b0 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in copy_page_to_iter
2021/07/29 21:26 https://github.com/google/kmsan.git master e89364d49ff0 b44001ce .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in copy_page_to_iter
2021/07/29 19:56 https://github.com/google/kmsan.git master e89364d49ff0 b44001ce .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in copy_page_to_iter
2021/07/29 15:48 https://github.com/google/kmsan.git master 981c4ec7b5ad b44001ce .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in copy_page_to_iter
2021/07/29 12:15 https://github.com/google/kmsan.git master 981c4ec7b5ad b44001ce .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in copy_page_to_iter
2021/07/29 08:06 https://github.com/google/kmsan.git master 981c4ec7b5ad 9a4781d4 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in copy_page_to_iter
2021/07/29 06:40 https://github.com/google/kmsan.git master 981c4ec7b5ad 9a4781d4 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in copy_page_to_iter
2021/07/29 02:49 https://github.com/google/kmsan.git master 981c4ec7b5ad 9a4781d4 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in copy_page_to_iter
2021/07/28 23:36 https://github.com/google/kmsan.git master 981c4ec7b5ad 9a4781d4 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in copy_page_to_iter
2021/07/28 10:05 https://github.com/google/kmsan.git master 981c4ec7b5ad 17d6ab15 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in copy_page_to_iter
2021/07/28 05:33 https://github.com/google/kmsan.git master 981c4ec7b5ad 17d6ab15 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in copy_page_to_iter
2021/07/27 23:47 https://github.com/google/kmsan.git master 981c4ec7b5ad 17d6ab15 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in copy_page_to_iter
2021/07/27 22:17 https://github.com/google/kmsan.git master 981c4ec7b5ad 17d6ab15 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in copy_page_to_iter
2021/07/27 17:53 https://github.com/google/kmsan.git master e8a3c6c03fa1 fd511809 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in copy_page_to_iter
2021/07/27 04:29 https://github.com/google/kmsan.git master e8a3c6c03fa1 fd511809 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in copy_page_to_iter
2021/07/27 02:24 https://github.com/google/kmsan.git master e8a3c6c03fa1 fd511809 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in copy_page_to_iter
2021/07/26 17:02 https://github.com/google/kmsan.git master e8a3c6c03fa1 fd511809 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in copy_page_to_iter
2021/07/26 12:00 https://github.com/google/kmsan.git master a43e029dee89 fd511809 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in copy_page_to_iter
2021/01/07 08:36 https://github.com/google/kmsan.git master 73d62e81b476 c104d4a3 .config console log report info ci-upstream-kmsan-gce-386
* Struck through repros no longer work on HEAD.