syzbot


KMSAN: kernel-infoleak in __skb_datagram_iter

Status: fixed on 2023/09/28 17:51
Subsystems: net
[Documentation on labels]
Fix commit: aa5406950726 netlink: do not hard code device address lenth in fdb dumps
First crash: 175d, last: 67d
Similar bugs (23)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: kernel-infoleak in copyout (2) net C 6723 178d 1346d 24/25 fixed on 2023/06/08 14:41
android-5-15 KASAN: use-after-free Read in __skb_datagram_iter origin:upstream C 1 19d 19d 0/2 upstream: reported C repro on 2023/11/13 13:25
upstream KASAN: use-after-free Read in __skb_datagram_iter net 431 943d 950d 0/25 auto-closed as invalid on 2021/07/03 04:24
upstream KMSAN: kernel-infoleak in _copy_to_iter (7) net C 138977 282d 634d 24/25 fixed on 2023/02/24 13:50
upstream KMSAN: kernel-infoleak in _copy_to_iter (6) net C 748 634d 723d 22/25 fixed on 2022/03/08 16:11
upstream KMSAN: uninit-value in nf_nat_setup_info (2) netfilter C 764 614d 694d 0/25 auto-obsoleted due to no activity on 2022/09/28 07:28
upstream KMSAN: uninit-value in eth_type_trans (2) net C 3883 2d11h 1410d 0/25 upstream: reported C repro on 2020/01/22 16:47
upstream KMSAN: kernel-infoleak in move_addr_to_user (6) tipc C 4 674d 712d 22/25 fixed on 2022/03/08 16:11
upstream KMSAN: uninit-value in sctp_inq_pop (2) sctp C 2513 7h58m 694d 0/25 upstream: reported C repro on 2022/01/08 08:00
upstream KMSAN: uninit-value in seq_printf (2) fs C 99 535d 802d 0/25 auto-closed as invalid on 2022/09/30 02:43
upstream KMSAN: uninit-value in seq_printf fs 3 1459d 1488d 0/25 auto-closed as invalid on 2020/03/04 05:44
upstream KMSAN: kernel-infoleak in _copy_to_iter (8) mm C 21180 177d 272d 24/25 fixed on 2023/06/08 14:41
upstream KMSAN: uninit-value in skb_release_data (3) net C 10 501d 1180d 0/25 auto-obsoleted due to no activity on 2022/11/17 07:20
upstream KMSAN: uninit-value in hsr_register_frame_in net C 197 134d 1755d 0/25 upstream: reported C repro on 2019/02/11 21:53
upstream KMSAN: uninit-value in ipv6_find_tlv net C 271 219d 1572d 24/25 fixed on 2023/06/08 14:41
upstream KMSAN: uninit-value in bpf_prog_run_generic_xdp can 154 5h13m 380d 0/25 upstream: reported on 2022/11/18 11:39
upstream KMSAN: uninit-value in ax25cmp (2) hams C 51 438d 698d 0/25 closed as invalid on 2022/11/18 11:50
upstream KMSAN: uninit-value in virtqueue_add (3) virtualization 13 394d 686d 0/25 auto-obsoleted due to no activity on 2023/02/12 03:53
upstream KMSAN: uninit-value in can_send can C 630 376d 394d 24/25 fixed on 2023/02/24 13:50
upstream KMSAN: uninit-value in IP6_ECN_decapsulate net C 947 1d12h 1899d 24/25 upstream: reported C repro on 2018/09/20 20:54
upstream KMSAN: uninit-value in inet_frag_find (2) net 2 690d 698d 0/25 auto-closed as invalid on 2022/04/11 17:13
upstream KMSAN: uninit-value in hsr_fill_frame_info (2) net C 65 133d 416d 0/25 auto-obsoleted due to no activity on 2023/10/30 13:38
upstream KMSAN: uninit-value in ___bpf_prog_run (3) bpf C 5 596d 598d 24/25 fixed on 2023/02/24 13:50

Sample crash report:
=====================================================
BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]
BUG: KMSAN: kernel-infoleak in copyout lib/iov_iter.c:167 [inline]
BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x37d/0x1cf0 lib/iov_iter.c:316
 instrument_copy_to_user include/linux/instrumented.h:114 [inline]
 copyout lib/iov_iter.c:167 [inline]
 _copy_to_iter+0x37d/0x1cf0 lib/iov_iter.c:316
 copy_to_iter include/linux/uio.h:201 [inline]
 simple_copy_to_iter+0x68/0xa0 net/core/datagram.c:513
 __skb_datagram_iter+0x123/0xdc0 net/core/datagram.c:419
 skb_copy_datagram_iter+0x5c/0x200 net/core/datagram.c:527
 skb_copy_datagram_msg include/linux/skbuff.h:3957 [inline]
 packet_recvmsg+0xd9c/0x2000 net/packet/af_packet.c:3482
 sock_recvmsg_nosec net/socket.c:1027 [inline]
 sock_recvmsg net/socket.c:1049 [inline]
 sock_read_iter+0x467/0x580 net/socket.c:1119
 call_read_iter include/linux/fs.h:1950 [inline]
 aio_read+0x4b4/0x680 fs/aio.c:1551
 io_submit_one+0x25f9/0x3550 fs/aio.c:2001
 __do_sys_io_submit fs/aio.c:2060 [inline]
 __se_sys_io_submit+0x275/0x6f0 fs/aio.c:2030
 __x64_sys_io_submit+0x96/0xe0 fs/aio.c:2030
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Uninit was stored to memory at:
 skb_put_data include/linux/skbuff.h:2622 [inline]
 netlink_to_full_skb net/netlink/af_netlink.c:181 [inline]
 __netlink_deliver_tap_skb net/netlink/af_netlink.c:298 [inline]
 __netlink_deliver_tap+0x5be/0xc90 net/netlink/af_netlink.c:325
 netlink_deliver_tap net/netlink/af_netlink.c:338 [inline]
 netlink_deliver_tap_kernel net/netlink/af_netlink.c:347 [inline]
 netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]
 netlink_unicast+0x10f1/0x1250 net/netlink/af_netlink.c:1368
 netlink_sendmsg+0x1238/0x13d0 net/netlink/af_netlink.c:1910
 sock_sendmsg_nosec net/socket.c:730 [inline]
 sock_sendmsg net/socket.c:753 [inline]
 ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2541
 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2595
 __sys_sendmsg net/socket.c:2624 [inline]
 __do_sys_sendmsg net/socket.c:2633 [inline]
 __se_sys_sendmsg net/socket.c:2631 [inline]
 __x64_sys_sendmsg+0x307/0x490 net/socket.c:2631
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Uninit was created at:
 __alloc_pages+0x9a4/0xe00 mm/page_alloc.c:4449
 alloc_pages+0xd01/0x1040
 vm_area_alloc_pages mm/vmalloc.c:3063 [inline]
 __vmalloc_area_node mm/vmalloc.c:3139 [inline]
 __vmalloc_node_range+0x1009/0x28b0 mm/vmalloc.c:3320
 __vmalloc_node mm/vmalloc.c:3385 [inline]
 vmalloc+0x90/0xa0 mm/vmalloc.c:3418
 netlink_alloc_large_skb net/netlink/af_netlink.c:1219 [inline]
 netlink_sendmsg+0xc9a/0x13d0 net/netlink/af_netlink.c:1885
 sock_sendmsg_nosec net/socket.c:730 [inline]
 sock_sendmsg net/socket.c:753 [inline]
 ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2541
 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2595
 __sys_sendmsg net/socket.c:2624 [inline]
 __do_sys_sendmsg net/socket.c:2633 [inline]
 __se_sys_sendmsg net/socket.c:2631 [inline]
 __x64_sys_sendmsg+0x307/0x490 net/socket.c:2631
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Bytes 64988-65023 of 65024 are uninitialized
Memory access of size 65024 starts at ffff88815e8a0000
Data copied to user address 0000000020000000

CPU: 1 PID: 17862 Comm: syz-executor.0 Not tainted 6.6.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
=====================================================

Crashes (68):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/09/25 21:27 upstream 6465e260f487 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: kernel-infoleak in __skb_datagram_iter
2023/09/12 20:18 upstream a747acc0b752 59da8366 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: kernel-infoleak in __skb_datagram_iter
2023/09/05 04:40 upstream 3f86ed6ec0b3 8bc9053e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: kernel-infoleak in __skb_datagram_iter
2023/08/31 06:37 upstream ef2a0b7cdbc5 84803932 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: kernel-infoleak in __skb_datagram_iter
2023/09/24 05:31 upstream 3aba70aed91f 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in __skb_datagram_iter
2023/09/19 19:30 upstream 2cf0f7156238 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in __skb_datagram_iter
2023/08/05 19:01 upstream 024ff300db33 4ffcc9ef .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: kernel-infoleak in __skb_datagram_iter
2023/07/25 13:40 upstream 0b5547c51827 e88c086e .config console log report info ci-upstream-kmsan-gce KMSAN: kernel-infoleak in __skb_datagram_iter
2023/07/24 21:42 upstream 9e0ee0c7545c 06460670 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: kernel-infoleak in __skb_datagram_iter
2023/07/22 03:08 upstream d192f5382581 27cbe77f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: kernel-infoleak in __skb_datagram_iter
2023/07/18 15:05 upstream fdf0eaf11452 022df2bb .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: kernel-infoleak in __skb_datagram_iter
2023/08/23 12:04 upstream 89bf6209cad6 b81ca3f6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in __skb_datagram_iter
2023/08/17 20:59 upstream 16931859a650 74b106b6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in __skb_datagram_iter
2023/08/16 21:12 upstream 4853c74bd7ab 7773e940 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in __skb_datagram_iter
2023/08/10 01:37 upstream 13b937206866 13ca4cd6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in __skb_datagram_iter
2023/07/30 04:07 upstream 12214540ad87 92476829 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in __skb_datagram_iter
2023/07/27 16:40 upstream 0a8db05b571a 92476829 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in __skb_datagram_iter
2023/07/21 20:52 upstream f7e3a1bafdea 28847498 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in __skb_datagram_iter
2023/07/20 14:24 upstream bfa3037d8280 7b630fdb .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in __skb_datagram_iter
2023/06/24 00:53 https://github.com/google/kmsan.git master e6bc8833d80f 09ffe269 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: kernel-infoleak in __skb_datagram_iter
2023/06/19 06:40 https://github.com/google/kmsan.git master 7cccf3be6dcb f3921d4d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: kernel-infoleak in __skb_datagram_iter
2023/06/10 13:11 https://github.com/google/kmsan.git master 2741f1b02117 7086cdb9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: kernel-infoleak in __skb_datagram_iter
2023/07/10 08:22 https://github.com/google/kmsan.git master 257152fe29be 668cb1fa .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in __skb_datagram_iter
2023/06/15 03:20 https://github.com/google/kmsan.git master 7cccf3be6dcb 76decb82 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in __skb_datagram_iter
2023/06/13 05:52 https://github.com/google/kmsan.git master 2741f1b02117 749afb64 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in __skb_datagram_iter
2023/06/10 17:24 https://github.com/google/kmsan.git master 2741f1b02117 7086cdb9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: kernel-infoleak in __skb_datagram_iter
2023/09/26 13:49 upstream 6465e260f487 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in llc_rcv
2023/09/26 01:21 upstream 6465e260f487 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in llc_rcv
2023/09/21 22:57 upstream 27bbf45eae9c 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in llc_rcv
2023/09/20 04:27 upstream 2cf0f7156238 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in llc_rcv
2023/09/19 09:54 upstream 2cf0f7156238 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in seq_printf
2023/09/18 00:57 upstream e789286468a9 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in llc_rcv
2023/09/17 22:26 upstream e789286468a9 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in llc_rcv
2023/09/16 02:20 upstream e42bebf6db29 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in llc_rcv
2023/09/15 14:26 upstream 9fdfb15a3dbf 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in llc_rcv
2023/09/13 02:07 upstream a747acc0b752 59da8366 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in llc_rcv
2023/09/12 08:09 upstream 0bb80ecc33a8 59da8366 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in llc_rcv
2023/09/08 18:44 upstream a48fa7efaf11 6654cf89 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in seq_printf
2023/09/06 16:09 upstream 65d6e954e378 8bc9053e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in llc_rcv
2023/09/11 02:47 upstream 535a265d7f0d 6654cf89 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in llc_rcv
2023/08/29 20:17 upstream 1c59d383390f 7ba13a15 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in llc_rcv
2023/08/29 14:45 upstream 1c59d383390f 7ba13a15 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in llc_rcv
2023/08/27 14:40 upstream 28f20a19294d 03d9c195 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in llc_rcv
2023/08/23 15:25 upstream 89bf6209cad6 b81ca3f6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in llc_rcv
2023/08/20 12:35 upstream b320441c04c9 d216d8a0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in seq_printf
2023/08/19 02:17 upstream 8abd7287db92 d216d8a0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in llc_rcv
2023/08/13 07:03 upstream a785fd28d31f 39990d51 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in llc_rcv
2023/08/13 06:48 upstream a785fd28d31f 39990d51 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in llc_rcv
2023/08/13 06:47 upstream a785fd28d31f 39990d51 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in llc_rcv
2023/08/13 06:47 upstream a785fd28d31f 39990d51 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in llc_rcv
2023/08/12 10:48 upstream f8de32cc060b 39990d51 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in llc_rcv
2023/08/01 18:54 upstream 5d0c230f1de8 df07ffe8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in llc_rcv
2023/07/28 13:34 upstream 57012c57536f 92476829 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in llc_rcv
2023/07/22 16:59 upstream d192f5382581 27cbe77f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in llc_rcv
2023/08/19 02:48 upstream 0e8860d2125f d216d8a0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in llc_rcv
2023/08/13 07:50 upstream a785fd28d31f 39990d51 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in llc_rcv
2023/08/13 07:47 upstream a785fd28d31f 39990d51 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in llc_rcv
2023/07/28 13:35 upstream 57012c57536f 92476829 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in llc_rcv
2023/07/06 14:03 https://github.com/google/kmsan.git master 257152fe29be 1a2f6297 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in seq_printf
2023/06/24 22:35 https://github.com/google/kmsan.git master e6bc8833d80f 09ffe269 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in seq_printf
2023/06/23 05:44 https://github.com/google/kmsan.git master e6bc8833d80f 09ffe269 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in seq_printf
2023/06/23 00:39 https://github.com/google/kmsan.git master e6bc8833d80f 09ffe269 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in seq_printf
2023/06/18 02:13 https://github.com/google/kmsan.git master 7cccf3be6dcb f3921d4d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in seq_printf
* Struck through repros no longer work on HEAD.