[vfs?] KMSAN: kernel-infoleak in sys_name_to_handle_at
6 views
Skip to first unread message
syzbot
Dec 23, 2022, 5:02:35 AM12/23/22
to gli...@google.com, syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 5c6259d6d19f kmsan: fix memcpy tests
git tree: https://github.com/google/kmsan.git master
console output: https://syzkaller.appspot.com/x/log.txt?x=10e6053f880000
kernel config: https://syzkaller.appspot.com/x/.config?x=e2f77da22508204e
dashboard link: https://syzkaller.appspot.com/bug?extid=039eabc9d772dd6f8bf7
compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project.git 610139d2d9ce6746b3c617fb3e2f7886272d26ff), GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: i386
CC: [linux-...@vger.kernel.org linux-...@vger.kernel.org vi...@zeniv.linux.org.uk]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/76b6594632b8/disk-5c6259d6.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/81a2113c440e/vmlinux-5c6259d6.xz
kernel image: https://storage.googleapis.com/syzbot-assets/fd12d098edab/bzImage-5c6259d6.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+039eab...@syzkaller.appspotmail.com
loop3: detected capacity change from 0 to 128
=====================================================
BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:121 [inline]
BUG: KMSAN: kernel-infoleak in _copy_to_user+0xbc/0x100 lib/usercopy.c:33
instrument_copy_to_user include/linux/instrumented.h:121 [inline]
_copy_to_user+0xbc/0x100 lib/usercopy.c:33
copy_to_user include/linux/uaccess.h:169 [inline]
do_sys_name_to_handle fs/fhandle.c:73 [inline]
__do_sys_name_to_handle_at fs/fhandle.c:109 [inline]
__se_sys_name_to_handle_at+0x7c8/0x910 fs/fhandle.c:93
__ia32_sys_name_to_handle_at+0xdf/0x140 fs/fhandle.c:93
do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]
__do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178
do_fast_syscall_32+0x33/0x70 arch/x86/entry/common.c:203
do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:246
entry_SYSENTER_compat_after_hwframe+0x70/0x82
Uninit was created at:
slab_post_alloc_hook mm/slab.h:742 [inline]
slab_alloc_node mm/slub.c:3398 [inline]
__kmem_cache_alloc_node+0x6ee/0xc90 mm/slub.c:3437
__do_kmalloc_node mm/slab_common.c:954 [inline]
__kmalloc+0x11d/0x3c0 mm/slab_common.c:968
kmalloc include/linux/slab.h:558 [inline]
do_sys_name_to_handle fs/fhandle.c:40 [inline]
__do_sys_name_to_handle_at fs/fhandle.c:109 [inline]
__se_sys_name_to_handle_at+0x3a2/0x910 fs/fhandle.c:93
__ia32_sys_name_to_handle_at+0xdf/0x140 fs/fhandle.c:93
do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]
__do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178
do_fast_syscall_32+0x33/0x70 arch/x86/entry/common.c:203
do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:246
entry_SYSENTER_compat_after_hwframe+0x70/0x82
Bytes 18-19 of 20 are uninitialized
Memory access of size 20 starts at ffff8880927f9420
Data copied to user address 0000000020000780
CPU: 0 PID: 13653 Comm: syz-executor.3 Not tainted 6.1.0-syzkaller-64311-g5c6259d6d19f #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
=====================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 5c6259d6d19f kmsan: fix memcpy tests
git tree: https://github.com/google/kmsan.git master
console output: https://syzkaller.appspot.com/x/log.txt?x=10e6053f880000
kernel config: https://syzkaller.appspot.com/x/.config?x=e2f77da22508204e
dashboard link: https://syzkaller.appspot.com/bug?extid=039eabc9d772dd6f8bf7
compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project.git 610139d2d9ce6746b3c617fb3e2f7886272d26ff), GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: i386
CC: [linux-...@vger.kernel.org linux-...@vger.kernel.org vi...@zeniv.linux.org.uk]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/76b6594632b8/disk-5c6259d6.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/81a2113c440e/vmlinux-5c6259d6.xz
kernel image: https://storage.googleapis.com/syzbot-assets/fd12d098edab/bzImage-5c6259d6.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+039eab...@syzkaller.appspotmail.com
loop3: detected capacity change from 0 to 128
=====================================================
BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:121 [inline]
BUG: KMSAN: kernel-infoleak in _copy_to_user+0xbc/0x100 lib/usercopy.c:33
instrument_copy_to_user include/linux/instrumented.h:121 [inline]
_copy_to_user+0xbc/0x100 lib/usercopy.c:33
copy_to_user include/linux/uaccess.h:169 [inline]
do_sys_name_to_handle fs/fhandle.c:73 [inline]
__do_sys_name_to_handle_at fs/fhandle.c:109 [inline]
__se_sys_name_to_handle_at+0x7c8/0x910 fs/fhandle.c:93
__ia32_sys_name_to_handle_at+0xdf/0x140 fs/fhandle.c:93
do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]
__do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178
do_fast_syscall_32+0x33/0x70 arch/x86/entry/common.c:203
do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:246
entry_SYSENTER_compat_after_hwframe+0x70/0x82
Uninit was created at:
slab_post_alloc_hook mm/slab.h:742 [inline]
slab_alloc_node mm/slub.c:3398 [inline]
__kmem_cache_alloc_node+0x6ee/0xc90 mm/slub.c:3437
__do_kmalloc_node mm/slab_common.c:954 [inline]
__kmalloc+0x11d/0x3c0 mm/slab_common.c:968
kmalloc include/linux/slab.h:558 [inline]
do_sys_name_to_handle fs/fhandle.c:40 [inline]
__do_sys_name_to_handle_at fs/fhandle.c:109 [inline]
__se_sys_name_to_handle_at+0x3a2/0x910 fs/fhandle.c:93
__ia32_sys_name_to_handle_at+0xdf/0x140 fs/fhandle.c:93
do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]
__do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178
do_fast_syscall_32+0x33/0x70 arch/x86/entry/common.c:203
do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:246
entry_SYSENTER_compat_after_hwframe+0x70/0x82
Bytes 18-19 of 20 are uninitialized
Memory access of size 20 starts at ffff8880927f9420
Data copied to user address 0000000020000780
CPU: 0 PID: 13653 Comm: syz-executor.3 Not tainted 6.1.0-syzkaller-64311-g5c6259d6d19f #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
=====================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Mar 17, 2023, 1:26:36 PM3/17/23
to gli...@google.com, syzkaller-upst...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages