syzbot

 sign-in | mailing list | source | docs
🐞 Open [1163] Subsystems 🐞 Fixed [4400] 🐞 Invalid [9892] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KMSAN: kernel-infoleak in sys_name_to_handle_at

Status: auto-obsoleted due to no activity on 2023/03/17 17:26
Subsystems: fs (incorrect?)
Reported-by: syzbot+039eabc9d772dd6f8bf7@syzkaller.appspotmail.com
First crash: 99d, last: 95d

Sample crash report:
loop3: detected capacity change from 0 to 128
=====================================================
BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:121 [inline]
BUG: KMSAN: kernel-infoleak in _copy_to_user+0xbc/0x100 lib/usercopy.c:33
 instrument_copy_to_user include/linux/instrumented.h:121 [inline]
 _copy_to_user+0xbc/0x100 lib/usercopy.c:33
 copy_to_user include/linux/uaccess.h:169 [inline]
 do_sys_name_to_handle fs/fhandle.c:73 [inline]
 __do_sys_name_to_handle_at fs/fhandle.c:109 [inline]
 __se_sys_name_to_handle_at+0x7c8/0x910 fs/fhandle.c:93
 __ia32_sys_name_to_handle_at+0xdf/0x140 fs/fhandle.c:93
 do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]
 __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178
 do_fast_syscall_32+0x33/0x70 arch/x86/entry/common.c:203
 do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:246
 entry_SYSENTER_compat_after_hwframe+0x70/0x82

Uninit was created at:
 slab_post_alloc_hook mm/slab.h:742 [inline]
 slab_alloc_node mm/slub.c:3398 [inline]
 __kmem_cache_alloc_node+0x6ee/0xc90 mm/slub.c:3437
 __do_kmalloc_node mm/slab_common.c:954 [inline]
 __kmalloc+0x11d/0x3c0 mm/slab_common.c:968
 kmalloc include/linux/slab.h:558 [inline]
 do_sys_name_to_handle fs/fhandle.c:40 [inline]
 __do_sys_name_to_handle_at fs/fhandle.c:109 [inline]
 __se_sys_name_to_handle_at+0x3a2/0x910 fs/fhandle.c:93
 __ia32_sys_name_to_handle_at+0xdf/0x140 fs/fhandle.c:93
 do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]
 __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178
 do_fast_syscall_32+0x33/0x70 arch/x86/entry/common.c:203
 do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:246
 entry_SYSENTER_compat_after_hwframe+0x70/0x82

Bytes 18-19 of 20 are uninitialized
Memory access of size 20 starts at ffff8880927f9420
Data copied to user address 0000000020000780

CPU: 0 PID: 13653 Comm: syz-executor.3 Not tainted 6.1.0-syzkaller-64311-g5c6259d6d19f #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
=====================================================

Crashes (2):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci-upstream-kmsan-gce-386 2022/12/17 17:26 https://github.com/google/kmsan.git master 5c6259d6d19f 05494336 .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: kernel-infoleak in sys_name_to_handle_at
ci-upstream-kmsan-gce-386 2022/12/12 21:21 https://github.com/google/kmsan.git master 5c6259d6d19f 67be1ae7 .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: kernel-infoleak in sys_name_to_handle_at
* Struck through repros no longer work on HEAD.