syzbot

 sign-in | mailing list | source | docs
🐞 Open [1008] Subsystems 🐞 Fixed [5248] 🐞 Invalid [12550] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KMSAN: kernel-infoleak in _copy_to_user

Status: closed as invalid on 2018/09/25 15:43
Subsystems: kernel
[Documentation on labels]
First crash: 2057d, last: 2057d

Sample crash report:
==================================================================
BUG: KMSAN: kernel-infoleak in _copy_to_user+0x15d/0x1f0 lib/usercopy.c:31
CPU: 0 PID: 4398 Comm: syz-executor001 Not tainted 4.19.0-rc3+ #45
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x14b/0x190 lib/dump_stack.c:113
 kmsan_report+0x183/0x2b0 mm/kmsan/kmsan.c:956
 kmsan_internal_check_memory+0xfe/0x1f0 mm/kmsan/kmsan.c:1014
 kmsan_copy_to_user+0x73/0xb0 mm/kmsan/kmsan_hooks.c:479
 _copy_to_user+0x15d/0x1f0 lib/usercopy.c:31
 copy_to_user include/linux/uaccess.h:183 [inline]
 copy_siginfo_to_user+0x81/0x130 kernel/signal.c:2897
 ptrace_peek_siginfo kernel/ptrace.c:741 [inline]
 ptrace_request+0x2278/0x2680 kernel/ptrace.c:912
 arch_ptrace+0xbdd/0x11a0 arch/x86/kernel/ptrace.c:877
 __do_sys_ptrace kernel/ptrace.c:1145 [inline]
 __se_sys_ptrace+0x2a2/0x7e0 kernel/ptrace.c:1110
 __x64_sys_ptrace+0x56/0x70 kernel/ptrace.c:1110
 do_syscall_64+0xb8/0x100 arch/x86/entry/common.c:291
 entry_SYSCALL_64_after_hwframe+0x63/0xe7
RIP: 0033:0x440df9
Code: e8 cc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffe8af43578 EFLAGS: 00000286 ORIG_RAX: 0000000000000065
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440df9
RDX: 0000000020000004 RSI: 0000000000000001 RDI: 0000000000004209
RBP: 0000000000000000 R08: 00000000004002c8 R09: 00000000004002c8
R10: 0000000020000100 R11: 0000000000000286 R12: 000000000000b922
R13: 0000000000401dd0 R14: 0000000000000000 R15: 0000000000000000

Local variable description: ----kiov@ptrace_request
Variable was created at:
 ptrace_request+0x19f/0x2680 kernel/ptrace.c:885
 arch_ptrace+0xbdd/0x11a0 arch/x86/kernel/ptrace.c:877

Bytes 0-15 of 128 are uninitialized
Memory access starts at ffff8801b751fca0
==================================================================

Crashes (5):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/09/12 23:05 https://github.com/google/kmsan.git master c795108d2d1c 71907daf .config console log report syz C ci-upstream-kmsan-gce
2018/09/13 09:15 https://github.com/google/kmsan.git master 7aac18b2ae49 71907daf .config console log report ci-upstream-kmsan-gce
2018/09/13 00:02 https://github.com/google/kmsan.git master c795108d2d1c 71907daf .config console log report ci-upstream-kmsan-gce
2018/09/13 00:01 https://github.com/google/kmsan.git master c795108d2d1c 71907daf .config console log report ci-upstream-kmsan-gce
2018/09/12 22:31 https://github.com/google/kmsan.git master c795108d2d1c 71907daf .config console log report ci-upstream-kmsan-gce
* Struck through repros no longer work on HEAD.