syzbot


KMSAN: kernel-infoleak in video_usercopy (2)

Status: auto-obsoleted due to no activity on 2022/09/16 08:29
Subsystems: media
[Documentation on labels]
Reported-by: syzbot+c67f8c1e31d62912ff2f@syzkaller.appspotmail.com
First crash: 1756d, last: 1550d
Discussions (1)
Title Replies (including bot) Last reply
KMSAN: kernel-infoleak in video_usercopy (2) 0 (1) 2020/02/20 09:08
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: kernel-infoleak in video_usercopy media C 410 2085d 2184d 11/28 fixed on 2019/03/28 12:00
Last patch testing requests (2)
Created Duration User Patch Repo Result
2022/09/16 05:29 19m retest repro https://github.com/google/kmsan.git master OK log
2020/09/26 00:09 19m anant.thazhemadam@gmail.com https://github.com/google/kmsan.git master OK

Sample crash report:
=====================================================
BUG: KMSAN: kernel-infoleak in kmsan_copy_to_user+0x81/0x90 mm/kmsan/kmsan_hooks.c:253
CPU: 1 PID: 11474 Comm: syz-executor301 Not tainted 5.6.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1c9/0x220 lib/dump_stack.c:118
 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:118
 kmsan_internal_check_memory+0x238/0x3d0 mm/kmsan/kmsan.c:423
 kmsan_copy_to_user+0x81/0x90 mm/kmsan/kmsan_hooks.c:253
 _copy_to_user+0x15a/0x1f0 lib/usercopy.c:33
 copy_to_user include/linux/uaccess.h:174 [inline]
 video_put_user drivers/media/v4l2-core/v4l2-ioctl.c:3165 [inline]
 video_usercopy+0x248c/0x2b50 drivers/media/v4l2-core/v4l2-ioctl.c:3264
 video_ioctl2+0x9f/0xb0 drivers/media/v4l2-core/v4l2-ioctl.c:3274
 v4l2_ioctl+0x23f/0x270 drivers/media/v4l2-core/v4l2-dev.c:360
 vfs_ioctl fs/ioctl.c:47 [inline]
 ksys_ioctl fs/ioctl.c:763 [inline]
 __do_sys_ioctl fs/ioctl.c:772 [inline]
 __se_sys_ioctl+0x2e9/0x410 fs/ioctl.c:770
 __x64_sys_ioctl+0x4a/0x70 fs/ioctl.c:770
 do_syscall_64+0xb8/0x160 arch/x86/entry/common.c:296
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x440289
Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffe00ee4fc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440289
RDX: 00000000200000c0 RSI: 00000000c050560f RDI: 0000000000000003
RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b10
R13: 0000000000401ba0 R14: 0000000000000000 R15: 0000000000000000

Local variable ----vb32.i@video_usercopy created at:
 video_put_user drivers/media/v4l2-core/v4l2-ioctl.c:3149 [inline]
 video_usercopy+0x20bf/0x2b50 drivers/media/v4l2-core/v4l2-ioctl.c:3264
 video_put_user drivers/media/v4l2-core/v4l2-ioctl.c:3149 [inline]
 video_usercopy+0x20bf/0x2b50 drivers/media/v4l2-core/v4l2-ioctl.c:3264

Bytes 52-55 of 80 are uninitialized
Memory access of size 80 starts at ffffa88f81563ce0
Data copied to user address 00000000200000c0
=====================================================

Crashes (922):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/02/19 22:05 https://github.com/google/kmsan.git master 8bbbc5cf3dca b690a6e3 .config console log report syz C ci-upstream-kmsan-gce
2020/09/12 04:35 https://github.com/google/kmsan.git master 3b3ea6028136 79fb24e2 .config console log report ci-upstream-kmsan-gce
2020/09/11 23:42 https://github.com/google/kmsan.git master 3b3ea6028136 79fb24e2 .config console log report ci-upstream-kmsan-gce
2020/09/11 18:27 https://github.com/google/kmsan.git master 3b3ea6028136 adfb8b4e .config console log report ci-upstream-kmsan-gce
2020/09/11 15:51 https://github.com/google/kmsan.git master 3b3ea6028136 adfb8b4e .config console log report ci-upstream-kmsan-gce
2020/09/11 07:12 https://github.com/google/kmsan.git master 3b3ea6028136 409809d8 .config console log report ci-upstream-kmsan-gce
2020/09/11 05:49 https://github.com/google/kmsan.git master 3b3ea6028136 409809d8 .config console log report ci-upstream-kmsan-gce
2020/09/11 04:30 https://github.com/google/kmsan.git master 3b3ea6028136 409809d8 .config console log report ci-upstream-kmsan-gce
2020/09/11 00:02 https://github.com/google/kmsan.git master 3b3ea6028136 409809d8 .config console log report ci-upstream-kmsan-gce
2020/09/10 20:54 https://github.com/google/kmsan.git master 3b3ea6028136 409809d8 .config console log report ci-upstream-kmsan-gce
2020/09/10 16:43 https://github.com/google/kmsan.git master 3b3ea6028136 409809d8 .config console log report ci-upstream-kmsan-gce
2020/09/10 13:46 https://github.com/google/kmsan.git master 3b3ea6028136 409809d8 .config console log report ci-upstream-kmsan-gce
2020/09/10 11:57 https://github.com/google/kmsan.git master 3b3ea6028136 409809d8 .config console log report ci-upstream-kmsan-gce
2020/09/10 07:37 https://github.com/google/kmsan.git master 3b3ea6028136 409809d8 .config console log report ci-upstream-kmsan-gce
2020/09/10 02:48 https://github.com/google/kmsan.git master 3b3ea6028136 409809d8 .config console log report ci-upstream-kmsan-gce
2020/09/10 00:11 https://github.com/google/kmsan.git master 3b3ea6028136 409809d8 .config console log report ci-upstream-kmsan-gce
2020/09/09 20:00 https://github.com/google/kmsan.git master 3b3ea6028136 0ea7a887 .config console log report ci-upstream-kmsan-gce
2020/09/07 23:17 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config console log report ci-upstream-kmsan-gce
2020/09/07 05:26 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config console log report ci-upstream-kmsan-gce
2020/09/07 05:08 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config console log report ci-upstream-kmsan-gce
2020/09/06 04:44 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config console log report ci-upstream-kmsan-gce
2020/09/05 22:04 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config console log report ci-upstream-kmsan-gce
2020/09/05 17:39 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config console log report ci-upstream-kmsan-gce
2020/09/05 12:54 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config console log report ci-upstream-kmsan-gce
2020/02/19 20:28 https://github.com/google/kmsan.git master 8bbbc5cf3dca b690a6e3 .config console log report ci-upstream-kmsan-gce
2020/09/12 11:06 https://github.com/google/kmsan.git master 3b3ea6028136 79fb24e2 .config console log report ci-upstream-kmsan-gce-386
2020/09/12 10:41 https://github.com/google/kmsan.git master 3b3ea6028136 79fb24e2 .config console log report ci-upstream-kmsan-gce-386
2020/09/11 17:01 https://github.com/google/kmsan.git master 3b3ea6028136 adfb8b4e .config console log report ci-upstream-kmsan-gce-386
2020/09/10 20:56 https://github.com/google/kmsan.git master 3b3ea6028136 409809d8 .config console log report ci-upstream-kmsan-gce-386
2020/09/10 18:25 https://github.com/google/kmsan.git master 3b3ea6028136 409809d8 .config console log report ci-upstream-kmsan-gce-386
2020/09/09 07:15 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config console log report ci-upstream-kmsan-gce-386
2020/09/09 05:42 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config console log report ci-upstream-kmsan-gce-386
2020/09/09 03:55 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config console log report ci-upstream-kmsan-gce-386
2020/09/09 01:30 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config console log report ci-upstream-kmsan-gce-386
2020/09/08 22:27 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config console log report ci-upstream-kmsan-gce-386
2020/09/08 19:22 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config console log report ci-upstream-kmsan-gce-386
2020/09/08 03:14 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config console log report ci-upstream-kmsan-gce-386
2020/09/07 06:26 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config console log report ci-upstream-kmsan-gce-386
2020/09/07 04:03 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config console log report ci-upstream-kmsan-gce-386
2020/09/06 17:30 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config console log report ci-upstream-kmsan-gce-386
2020/09/06 15:40 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config console log report ci-upstream-kmsan-gce-386
2020/09/06 13:42 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config console log report ci-upstream-kmsan-gce-386
2020/09/05 15:50 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config console log report ci-upstream-kmsan-gce-386
2020/09/05 14:19 https://github.com/google/kmsan.git master 3b3ea6028136 abf9ba4f .config console log report ci-upstream-kmsan-gce-386
* Struck through repros no longer work on HEAD.