syzbot

 sign-in | mailing list | source | docs
🐞 Open [1516]
Subsystems
🐞 Fixed [6461]
🐞 Invalid [16360]
Missing Backports [198]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KMSAN: kernel-infoleak in do_insn_ioctl

Status: upstream: reported C repro on 2025/07/17 19:14
Subsystems: comedi
[Documentation on labels]
Reported-by: syzbot+a5e45f768aab5892da5d@syzkaller.appspotmail.com
First crash: 8d05h, last: 4h26m
Discussions (4)
Title Replies (including bot) Last reply
[syzbot] [kernel?] KMSAN: kernel-infoleak in do_insn_ioctl 1 (5) 2025/07/25 10:21
Re: [PATCH] comedi: zero-init data in do_insn_ioctl 1 (1) 2025/07/25 10:06
Re: [PATCH] comedi: zero-init data in do_insn_ioctl 2 (2) 2025/07/25 10:04
[PATCH] comedi: zero-init data in do_insn_ioctl 2 (2) 2025/07/25 09:41
Last patch testing requests (2)
Created Duration User Patch Repo Result
2025/07/24 20:27 28m contact@arnaud-lcm.com patch upstream OK log
2025/07/25 10:21 abbotti@mev.co.uk patch upstream running

Sample crash report:
=====================================================
BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]
BUG: KMSAN: kernel-infoleak in _inline_copy_to_user include/linux/uaccess.h:196 [inline]
BUG: KMSAN: kernel-infoleak in _copy_to_user+0xcc/0x120 lib/usercopy.c:26
 instrument_copy_to_user include/linux/instrumented.h:114 [inline]
 _inline_copy_to_user include/linux/uaccess.h:196 [inline]
 _copy_to_user+0xcc/0x120 lib/usercopy.c:26
 copy_to_user include/linux/uaccess.h:225 [inline]
 do_insn_ioctl+0x59c/0x6d0 drivers/comedi/comedi_fops.c:1661
 comedi_unlocked_ioctl+0x1432/0x1e80 drivers/comedi/comedi_fops.c:2286
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:907 [inline]
 __se_sys_ioctl+0x23c/0x400 fs/ioctl.c:893
 __x64_sys_ioctl+0x97/0xe0 fs/ioctl.c:893
 x64_sys_call+0x1ebe/0x3db0 arch/x86/include/generated/asm/syscalls_64.h:17
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was created at:
 slab_post_alloc_hook mm/slub.c:4154 [inline]
 slab_alloc_node mm/slub.c:4197 [inline]
 __do_kmalloc_node mm/slub.c:4327 [inline]
 __kmalloc_noprof+0x95f/0x1310 mm/slub.c:4340
 kmalloc_noprof include/linux/slab.h:909 [inline]
 kmalloc_array_noprof include/linux/slab.h:948 [inline]
 do_insn_ioctl+0x108/0x6d0 drivers/comedi/comedi_fops.c:1639
 comedi_unlocked_ioctl+0x1432/0x1e80 drivers/comedi/comedi_fops.c:2286
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:907 [inline]
 __se_sys_ioctl+0x23c/0x400 fs/ioctl.c:893
 __x64_sys_ioctl+0x97/0xe0 fs/ioctl.c:893
 x64_sys_call+0x1ebe/0x3db0 arch/x86/include/generated/asm/syscalls_64.h:17
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Bytes 4-59 of 60 are uninitialized
Memory access of size 60 starts at ffff88811c38af00
Data copied to user address 0000200000000080

CPU: 1 UID: 0 PID: 5808 Comm: syz-executor410 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(none) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
=====================================================

Crashes (19):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/07/21 19:05 upstream 89be9a83ccf1 0b3788a0 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in do_insn_ioctl
2025/07/21 18:58 upstream 89be9a83ccf1 0b3788a0 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in do_insn_ioctl
2025/07/25 05:56 upstream 2942242dde89 fb8f743d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in do_insn_ioctl
2025/07/25 03:22 upstream 25fae0b93d1d fb8f743d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in do_insn_ioctl
2025/07/24 17:33 upstream 25fae0b93d1d fb8f743d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in do_insn_ioctl
2025/07/24 17:33 upstream 25fae0b93d1d fb8f743d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in do_insn_ioctl
2025/07/23 02:45 upstream 89be9a83ccf1 85deaf45 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in do_insn_ioctl
2025/07/23 02:44 upstream 89be9a83ccf1 85deaf45 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in do_insn_ioctl
2025/07/23 02:43 upstream 89be9a83ccf1 85deaf45 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in do_insn_ioctl
2025/07/23 02:41 upstream 89be9a83ccf1 85deaf45 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in do_insn_ioctl
2025/07/23 02:41 upstream 89be9a83ccf1 85deaf45 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in do_insn_ioctl
2025/07/22 00:48 upstream 89be9a83ccf1 0b3788a0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in do_insn_ioctl
2025/07/22 00:48 upstream 89be9a83ccf1 0b3788a0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in do_insn_ioctl
2025/07/21 15:57 upstream 89be9a83ccf1 0b3788a0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in do_insn_ioctl
2025/07/21 11:38 upstream 89be9a83ccf1 7117feec .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in do_insn_ioctl
2025/07/17 05:11 upstream e2291551827f 44f8051e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in do_insn_ioctl
2025/07/24 17:33 upstream 25fae0b93d1d fb8f743d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in do_insn_ioctl
2025/07/23 02:45 upstream 89be9a83ccf1 85deaf45 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in do_insn_ioctl
2025/07/21 15:56 upstream 89be9a83ccf1 0b3788a0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak-after-free in do_insn_ioctl
* Struck through repros no longer work on HEAD.