syzbot

 sign-in | mailing list | source | docs
🐞 Open [1607]
Subsystems
🐞 Fixed [5937]
🐞 Invalid [14468]
Missing Backports [106]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KMSAN: kernel-infoleak in bpf_probe_write_user

Status: auto-obsoleted due to no activity on 2024/11/24 11:35
Subsystems: mm
[Documentation on labels]
Reported-by: syzbot+79102ed905e5b2dc0fc3@syzkaller.appspotmail.com
First crash: 261d, last: 243d
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [mm?] KMSAN: kernel-infoleak in bpf_probe_write_user 6 (7) 2024/04/18 07:58
Last patch testing requests (4)
Created Duration User Patch Repo Result
2024/11/24 11:01 33m retest repro upstream OK log
2024/09/15 10:02 28m retest repro upstream log
2024/07/07 08:13 22m retest repro upstream error
2024/04/26 14:10 27m retest repro upstream report log

Sample crash report:
=====================================================
BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]
BUG: KMSAN: kernel-infoleak in __copy_to_user_inatomic include/linux/uaccess.h:125 [inline]
BUG: KMSAN: kernel-infoleak in copy_to_user_nofault+0x129/0x1f0 mm/maccess.c:149
 instrument_copy_to_user include/linux/instrumented.h:114 [inline]
 __copy_to_user_inatomic include/linux/uaccess.h:125 [inline]
 copy_to_user_nofault+0x129/0x1f0 mm/maccess.c:149
 ____bpf_probe_write_user kernel/trace/bpf_trace.c:349 [inline]
 bpf_probe_write_user+0x104/0x180 kernel/trace/bpf_trace.c:327
 ___bpf_prog_run+0x13fe/0xe0f0 kernel/bpf/core.c:1997
 __bpf_prog_run64+0xb5/0xe0 kernel/bpf/core.c:2236
 bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline]
 __bpf_prog_run include/linux/filter.h:657 [inline]
 bpf_prog_run include/linux/filter.h:664 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline]
 bpf_trace_run3+0x132/0x320 kernel/trace/bpf_trace.c:2421
 __bpf_trace_kmem_cache_free+0x31/0x40 include/trace/events/kmem.h:114
 trace_kmem_cache_free include/trace/events/kmem.h:114 [inline]
 kmem_cache_free+0x6da/0xa80 mm/slub.c:4343
 putname+0x188/0x1c0 fs/namei.c:273
 do_sys_openat2+0x28d/0x2f0 fs/open.c:1414
 do_sys_open fs/open.c:1421 [inline]
 __do_sys_openat fs/open.c:1437 [inline]
 __se_sys_openat fs/open.c:1432 [inline]
 __x64_sys_openat+0x2a1/0x310 fs/open.c:1432
 do_syscall_64+0xd5/0x1f0
 entry_SYSCALL_64_after_hwframe+0x72/0x7a

Local variable stack created at:
 __bpf_prog_run64+0x45/0xe0 kernel/bpf/core.c:2236
 bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline]
 __bpf_prog_run include/linux/filter.h:657 [inline]
 bpf_prog_run include/linux/filter.h:664 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline]
 bpf_trace_run3+0x132/0x320 kernel/trace/bpf_trace.c:2421

Bytes 0-7 of 8 are uninitialized
Memory access of size 8 starts at ffff888116e57be6
Data copied to user address 00000000ffffffff

CPU: 1 PID: 4461 Comm: udevd Not tainted 6.9.0-rc3-syzkaller-00011-g20cb38a7af88 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
=====================================================

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/04/10 02:10 upstream 20cb38a7af88 56086b24 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in bpf_probe_write_user
2024/04/09 03:13 upstream fec50db7033e 53df08b6 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in bpf_probe_write_user
2024/04/09 02:16 upstream fec50db7033e 53df08b6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in bpf_probe_write_user
* Struck through repros no longer work on HEAD.