syzbot

 sign-in | mailing list | source | docs
🐞 Open [1495]
Subsystems
🐞 Fixed [6528]
🐞 Invalid [16630]
Missing Backports [205]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KMSAN: kernel-infoleak in do_insn_ioctl

Status: upstream: reported C repro on 2025/07/17 19:14
Subsystems: comedi
[Documentation on labels]
Reported-by: syzbot+a5e45f768aab5892da5d@syzkaller.appspotmail.com
Fix commit: 3cd212e895ca comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl()
Patched on: [ci-qemu-gce-upstream-auto ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-snapshot-upstream-root ci-upstream-gce-leak ci-upstream-kasan-badwrites-root ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce-386-root ci-upstream-kmsan-gce-root ci-upstream-linux-next-kasan-gce-root ci-upstream-rust-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce], missing on: [ci-qemu-native-arm64-kvm ci-qemu2-riscv64 ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-arm64 ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-usb]
First crash: 39d, last: 1d13h
Discussions (5)
Title Replies (including bot) Last reply
[PATCH] comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() 1 (1) 2025/07/25 12:53
[syzbot] [kernel?] KMSAN: kernel-infoleak in do_insn_ioctl 1 (5) 2025/07/25 10:21
Re: [PATCH] comedi: zero-init data in do_insn_ioctl 1 (1) 2025/07/25 10:06
Re: [PATCH] comedi: zero-init data in do_insn_ioctl 2 (2) 2025/07/25 10:04
[PATCH] comedi: zero-init data in do_insn_ioctl 2 (2) 2025/07/25 09:41
Last patch testing requests (2)
Created Duration User Patch Repo Result
2025/07/25 10:21 29m abbotti@mev.co.uk patch upstream OK log
2025/07/24 20:27 28m contact@arnaud-lcm.com patch upstream OK log

Sample crash report:
=====================================================
BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]
BUG: KMSAN: kernel-infoleak in _inline_copy_to_user include/linux/uaccess.h:196 [inline]
BUG: KMSAN: kernel-infoleak in _copy_to_user+0xcc/0x120 lib/usercopy.c:26
 instrument_copy_to_user include/linux/instrumented.h:114 [inline]
 _inline_copy_to_user include/linux/uaccess.h:196 [inline]
 _copy_to_user+0xcc/0x120 lib/usercopy.c:26
 copy_to_user include/linux/uaccess.h:225 [inline]
 do_insn_ioctl+0x59c/0x6d0 drivers/comedi/comedi_fops.c:1661
 comedi_unlocked_ioctl+0x1432/0x1e80 drivers/comedi/comedi_fops.c:2286
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:907 [inline]
 __se_sys_ioctl+0x23c/0x400 fs/ioctl.c:893
 __x64_sys_ioctl+0x97/0xe0 fs/ioctl.c:893
 x64_sys_call+0x1ebe/0x3db0 arch/x86/include/generated/asm/syscalls_64.h:17
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was created at:
 slab_post_alloc_hook mm/slub.c:4154 [inline]
 slab_alloc_node mm/slub.c:4197 [inline]
 __do_kmalloc_node mm/slub.c:4327 [inline]
 __kmalloc_noprof+0x95f/0x1310 mm/slub.c:4340
 kmalloc_noprof include/linux/slab.h:909 [inline]
 kmalloc_array_noprof include/linux/slab.h:948 [inline]
 do_insn_ioctl+0x108/0x6d0 drivers/comedi/comedi_fops.c:1639
 comedi_unlocked_ioctl+0x1432/0x1e80 drivers/comedi/comedi_fops.c:2286
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:907 [inline]
 __se_sys_ioctl+0x23c/0x400 fs/ioctl.c:893
 __x64_sys_ioctl+0x97/0xe0 fs/ioctl.c:893
 x64_sys_call+0x1ebe/0x3db0 arch/x86/include/generated/asm/syscalls_64.h:17
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Bytes 4-59 of 60 are uninitialized
Memory access of size 60 starts at ffff88811c38af00
Data copied to user address 0000200000000080

CPU: 1 UID: 0 PID: 5808 Comm: syz-executor410 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(none) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
=====================================================

Crashes (164):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/07/21 19:05 upstream 89be9a83ccf1 0b3788a0 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in do_insn_ioctl
2025/07/21 18:58 upstream 89be9a83ccf1 0b3788a0 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in do_insn_ioctl
2025/08/23 17:04 upstream 6debb6904172 bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in do_insn_ioctl
2025/08/23 15:31 upstream 6debb6904172 bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in do_insn_ioctl
2025/08/22 22:19 upstream a2e94e80790b bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in do_insn_ioctl
2025/08/22 11:45 upstream 3957a5720157 bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in do_insn_ioctl
2025/08/21 11:50 upstream 41cd3fd15263 0b9605c8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in do_insn_ioctl
2025/08/20 06:42 upstream b19a97d57c15 79512909 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in do_insn_ioctl
2025/08/19 17:49 upstream be48bcf004f9 523f460e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in do_insn_ioctl
2025/08/18 09:13 upstream 8d561baae505 1804e95e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in do_insn_ioctl
2025/08/17 12:09 upstream 99bade344cfa 1804e95e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in do_insn_ioctl
2025/08/16 23:17 upstream 90d970cade8e 1804e95e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in do_insn_ioctl
2025/08/16 23:16 upstream 90d970cade8e 1804e95e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in do_insn_ioctl
2025/08/14 22:24 upstream 0cc53520e68b dcc075fb .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in do_insn_ioctl
2025/08/13 23:32 upstream 91325f31afc1 22ec1469 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in do_insn_ioctl
2025/08/13 16:40 upstream 8742b2d8935f 22ec1469 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in do_insn_ioctl
2025/08/13 08:36 upstream 8742b2d8935f 22ec1469 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in do_insn_ioctl
2025/08/13 05:50 upstream 8742b2d8935f 22ec1469 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in do_insn_ioctl
2025/08/13 04:02 upstream 8742b2d8935f 22ec1469 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in do_insn_ioctl
2025/08/12 20:38 upstream 53e760d89498 c06e8995 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in do_insn_ioctl
2025/08/12 11:37 upstream 53e760d89498 c06e8995 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in do_insn_ioctl
2025/08/10 17:38 upstream 561c80369df0 32a0e5ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in do_insn_ioctl
2025/08/10 03:05 upstream c30a13538d9f 32a0e5ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in do_insn_ioctl
2025/08/09 21:43 upstream c30a13538d9f 32a0e5ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in do_insn_ioctl
2025/08/09 11:01 upstream 37816488247d 32a0e5ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in do_insn_ioctl
2025/08/09 05:46 upstream 37816488247d 32a0e5ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in do_insn_ioctl
2025/08/09 04:12 upstream 37816488247d 32a0e5ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in do_insn_ioctl
2025/08/09 04:11 upstream 37816488247d 32a0e5ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in do_insn_ioctl
2025/08/08 03:38 upstream 6e64f4580381 6a893178 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in do_insn_ioctl
2025/08/08 01:27 upstream 6e64f4580381 6a893178 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in do_insn_ioctl
2025/08/07 15:50 upstream 6e64f4580381 04cffc22 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in do_insn_ioctl
2025/08/07 02:36 upstream cca7a0aae895 4bd24a3e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in do_insn_ioctl
2025/08/06 12:56 upstream a530a36bb548 4bd24a3e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in do_insn_ioctl
2025/08/05 14:37 upstream d632ab86aff2 904e669c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in do_insn_ioctl
2025/07/17 05:11 upstream e2291551827f 44f8051e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in do_insn_ioctl
2025/08/23 12:26 upstream 6debb6904172 bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in do_insn_ioctl
2025/08/23 12:06 upstream 6debb6904172 bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in do_insn_ioctl
2025/08/20 13:42 upstream b19a97d57c15 bd178e57 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in do_insn_ioctl
2025/08/19 05:48 upstream be48bcf004f9 523f460e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in do_insn_ioctl
2025/08/18 15:57 upstream c17b750b3ad9 1804e95e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in do_insn_ioctl
2025/08/16 22:07 upstream 90d970cade8e 1804e95e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in do_insn_ioctl
2025/08/15 18:28 upstream d7ee5bdce789 1804e95e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in do_insn_ioctl
2025/08/14 16:23 upstream 0cc53520e68b dcc075fb .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in do_insn_ioctl
2025/08/14 10:55 upstream 0cc53520e68b 22ec1469 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in do_insn_ioctl
2025/08/13 09:44 upstream 8742b2d8935f 22ec1469 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in do_insn_ioctl
2025/08/10 12:56 upstream 561c80369df0 32a0e5ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in do_insn_ioctl
2025/08/09 13:16 upstream 37816488247d 32a0e5ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in do_insn_ioctl
2025/08/07 18:19 upstream 6e64f4580381 04cffc22 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in do_insn_ioctl
* Struck through repros no longer work on HEAD.