From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 91E69C4345F for ; Tue, 16 Apr 2024 08:46:35 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id EDB4E6B0087; Tue, 16 Apr 2024 04:46:34 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id E64D76B0088; Tue, 16 Apr 2024 04:46:34 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D2CF06B008A; Tue, 16 Apr 2024 04:46:34 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id B121F6B0087 for ; Tue, 16 Apr 2024 04:46:34 -0400 (EDT) Received: from smtpin29.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 2D37E120644 for ; Tue, 16 Apr 2024 08:46:34 +0000 (UTC) X-FDA: 82014763908.29.B912495 Received: from mail-pl1-f171.google.com (mail-pl1-f171.google.com [209.85.214.171]) by imf10.hostedemail.com (Postfix) with ESMTP id 5C3EFC0007 for ; Tue, 16 Apr 2024 08:46:31 +0000 (UTC) Authentication-Results: imf10.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=KEfjDLjf; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf10.hostedemail.com: domain of nogikh@google.com designates 209.85.214.171 as permitted sender) smtp.mailfrom=nogikh@google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1713257191; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=cdFARpeJLKEG6lkXysYKLQ1MgRKXAzEEOOq2GHR99oo=; b=mctYd6OracIgf4S5wm+4moG9owp+jzgESecheGIn4fRFvrN9lBmecaaCdq8rMY61OU1u14 g4YExw/QFWgcRHAnzp7lLJTbm+spiSBtCv/1/P8P+Tq65BNjkOojpHSddTur7fEDIvaiYa 5l3gf7iD4L4kodYNr+ZLkukST8EQ2Vs= ARC-Authentication-Results: i=1; imf10.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=KEfjDLjf; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf10.hostedemail.com: domain of nogikh@google.com designates 209.85.214.171 as permitted sender) smtp.mailfrom=nogikh@google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1713257191; a=rsa-sha256; cv=none; b=AcGZkGItX7NKuz8qEz22lcLTYMJZ7/cvEzAVp310Om8vpsHIfw6xtvtI9IRXyWJsn3gsKH JXYkJxaJTRevAjBDWHp8Nd+6HZlL6+39LYsAHFbXa69aG0TF/o9J1GUB2XYPX99yCPqzBX z6+moQlaVzkVx2aSvJu9fWyYzfedAJU= Received: by mail-pl1-f171.google.com with SMTP id d9443c01a7336-1e44f82ff9cso92375ad.1 for ; Tue, 16 Apr 2024 01:46:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1713257190; x=1713861990; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=cdFARpeJLKEG6lkXysYKLQ1MgRKXAzEEOOq2GHR99oo=; b=KEfjDLjfMLCluwH0jeyq3aX/3dui0gfBNGC8PMFOCcCL+ChPdUuQE5hMeAKbXTOrqw X05Ez3n1HkHc95DColJWNbgkYU8S/MZVkmz1xbQICKe2UzNOCZ8SnuEpcZbLRkAAsS/W l+hQrZA8VzFG41fMXbpsIrlU82ddnjwx+khmPocvGG6A3aJT27pOMEBw1dxsJfemNn4I 2csY4PKDNzfSbKEXFpebi+yG6a6k0QirnwQjnD8TdSsjsMB5OKW+rmXpcHPrOsZzJjle 3UYljdWHTHq9VdBg8iL+u1IyMf0zb+UbGDpvHhGmntx6sc/oXUvaO7kAtw6iJTKOkqYv JvPw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713257190; x=1713861990; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=cdFARpeJLKEG6lkXysYKLQ1MgRKXAzEEOOq2GHR99oo=; b=RPruMBMs0le4OB1YLwKZdwVr49QIn4ozZH+dz7+kAyox9bLmZl5/3AGdZ77hZMLzA+ ApyRsBfVfuHy5lZi6CoM+kjbUWYgMt/wTrYleqqtj8pPkr8NeAhkQici2tZbTStcRgjl aiHEekz8+B7n55TFqlRfc3vt6X0zrJg5gCiEvB3atsPojVLk2Bl72FTzuBUZm8j3GVSd cI3UjXEQlUhQxnaCHvJ6r+cihe2lMDTa+rjSzl9aSSULjvVJ9or0X8Js/L+cUIbzp9lp m9ehw85X5rasBBfuNa2ObLf/6gHzPFOM6vYOXpuBoIm0ZKzyGrTtZzwZeIwehpTlmolb HeHg== X-Forwarded-Encrypted: i=1; AJvYcCWIs2pHT7+rzF+wMWeUTdwJSH813MJhoXb5xR0cMtMa9K+V2jnvIFKKQ4bAM3oQiNpkG2YeihsQSadhQtxJmIedmG8= X-Gm-Message-State: AOJu0YxRf0ItPE2F47fPt3lENVzaOn011/fzTfyJvSxZhWnBZdJl9Zkh dusoXV6nNXhMXLsQpeW59kgOJohwolJgmqbFXru341gb1odSF7Ipz2P+FWeXgNmHnd6cQ1PUVBK PUVpF7uCRp4jF7cpVpErUGoDTjGKgLQ6DCz9e X-Google-Smtp-Source: AGHT+IFO1IZLaHuBSBibnq9pM+7smIeLVIAtC5ld61VMJb0S9XUpcC1f76mOW94iGHIxSJqyUGKfqdeMQ8u15Od0bx4= X-Received: by 2002:a17:902:f548:b0:1e5:1138:e29d with SMTP id h8-20020a170902f54800b001e51138e29dmr143673plf.29.1713257189512; Tue, 16 Apr 2024 01:46:29 -0700 (PDT) MIME-Version: 1.0 References: <000000000000fe696d0615f120bb@google.com> <20240415131837.411c6e05eb7b0af077d6424a@linux-foundation.org> In-Reply-To: From: Aleksandr Nogikh Date: Tue, 16 Apr 2024 10:46:16 +0200 Message-ID: Subject: Re: [syzbot] [mm?] KMSAN: kernel-infoleak in bpf_probe_write_user To: Alexei Starovoitov , Alexander Potapenko Cc: Andrew Morton , syzbot , LKML , linux-mm , syzkaller-bugs , bpf , Dmitry Vyukov Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 5C3EFC0007 X-Rspam-User: X-Rspamd-Server: rspam02 X-Stat-Signature: kfctd3cu8n8ny8fw6zx5yfuirsoasiis X-HE-Tag: 1713257191-658587 X-HE-Meta: U2FsdGVkX18NJmuJkEslsRdFYVl2dShGxgndaU0cQopQ1SFA8cnIZOHrDGZaCX73xGhbAc9PWLm/r4VTl6jGUhaeuBCuHX1MUNAHp/qCvhio5dap664JxMHrTOVjs7ex+MY6V3h3J+MnJW9D/V0YooN5WpCJFVaJFlA3x6yrRufZsue6IF5oJMBB6P8fr+IMPI29z4K/v6a5MTWSDh6LLaoN69OXycbPvR/sjsbw44uktW8cK9OPhzsS5lSwVInuJ/7iOrR4tGJiUaGcgLDxqT4XcdWHg0aFfUaBhcjRjA5gM8LsDiE29tmxN7biGO6UfdAhsZybxuGry8vWWlrIaLjRSvz0t1xEvBEowL6QU7rO+bv+2QlcyF5LfSEdjU9aAPEbGSo2V9zTN7vtGgCGFninyhsJ+fVmBjhCMzPWt/7I4RdNlUlnmDnmogsXY+iL/7Z5KkEl9hUrA9kQfGbrers9SUdLj1dHb3T582A3bV4CFm0ooGtrgsXYLZYjBNRhNFVIffJW1ugMR5KrzHdJGB/dfnsseiS8XWJkQd6Cn0AYFAUUxz4yr4zVRp+sd0XDLL6nIZfSKf6sI67c/5KOT+teQmDj/NLpDrUYkQ8RefEp14XatPT7nHvezK1b/CpBYXmaj38+yMD7l0fgZbk4owC6FfQpg6zwVxEhjrL7cwmX+xmndBJcXqHl22a/Nu+VDE+2BthCv85iBilPE4uWyM6qmipVmr06QuAPWKH1FDFo+ZZqCl9XuecMf/HObEtLjpUXwwN1XOxnASHpxuy4qsi3+/7gIskw3O0RxUqH61ZgtByHHsCpI+HgFiE2/aZG7TTStLOtl8GhOc7IwzhGU99/iIECO2ar8cVqa/R/qwQ2b7fHeTm2bhlZgBxHgIa0oBPlDzqRZuQ2kMX9YKusltiZW4jl4PYFSbXGhvWUpXa8RqRjxEto9PJ2yvKPcxpH8t1AEY4ULgrtQ2xJGjN U03Jhjyi TD9I0sZo6MM1eK7pTXm2xqVwMrGzZyKnSoMyXHhDfbNhUTvIEZT+6W/g4ONxPiwpx7wlO63nKEe+rgtAW4rQkMDrJl2ZGjsAP3ri863vkOnkAKXD9rIXEj9hlPKID0zSaMAIgy8Df7OBeR/oF3dcTKwbY1hmE6WvbSY0dgL2kq0Rn4+DvxL/BoMAeaN4jsI2wCz0IxnKesggLZRdeX/07WVY2yykI+VQxqwCbFBhiA8DUdec6vqvFqI9Z8B2/nDx+37WhsBGmfKsPnTw2Vdetgcph6ZiyIFpRhPZAfrPZkWgjClK8byMAfDGePtFbCXiyL6Rg4ThWEN2hdWkUjqI951AtYD504FQb7T9xvKBI1v2JvWxrXwU7rNALsN39n25G080K+QQVv9xJvgjO/MQKBzq7v2A5Ipk8n7k1kANAuQGhkiV9F9EwnKIo5f3FkNZyX6Z13Qn3ewpm9qUhuoOSXieDEBrkHCLDOcKrWsfDEKB6OxomSav+gPAgZkFTNhsE4k2lJ8kcBGKCsZ2/egNIRvdg81Seby2gHQKkVusYa0JmfSnW6r8l21IIRgkAkEqeSmCF02oWtCxRCw3Pw5cUgOztDwDrC416QWY0ONSUOjy2p85qBMiygVB5Hiy3oHlmMfbAn2mxdFxPnplQu/uyyOVeOQKelZ0peDcMbWH4bDucjCccBgMUcCRvdPrBKZ12EAxuGfX8y15HQurnRCjEP5fhPQwvaCTSK81wPbv+CKztdF7A8HA9F7+/U4yEKaZ3nfTK9zSciYOFke+dnBhKzjv/FyXm6chZemuDPbvjEvH0gaRb7kZC+ph5ryANQQzp9fFcLJFQeHTP/KWlDRunsuEvJzEYFCNVXvIy8rqQiWIYYgJxORxeL77j6JSGupC9nBInY6csJgmk4w+CfDU/A7Q4+3hzhS82YqCLnpN3mKJul6kY4sQuzRwYl5ypOOfi0KT2hBQpQKb/eTLW/e6xU7q2PpXl yR9fenGr RsMvKx6y7GtEjPCTHaIO3HTMzMFJdB0zfx6eAV9zBTbxEqxjPhT/Sb+D/w2E98ooL8qexnYVNDcf6HgXYgdN5R4YjVp3yyASXqq8igciZZmSX5AOJrq8YNLfrNwuD94cC+jC+sf8ABIpC42EwCSeFCUgwT5WPnHJ X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: (+Alexander Potapenko) Hi Alexei, Thanks for bringing this up! I guess some annotations in the kernel code need to be adjusted. Syzbot stress-tests the kernel, but in the end it's the kernel itself that detects problems and prints error reports. --=20 Aleksandr On Mon, Apr 15, 2024 at 11:06=E2=80=AFPM Alexei Starovoitov wrote: > > Hi, > > syzbot folks, please disable such "bug" reporting. > The whole point of bpf is to pass such info to userspace. > probe_write_user, various ring buffers, bpf_*_printk-s, bpf maps > all serve this purpose of "infoleak". > > On Mon, Apr 15, 2024 at 1:18=E2=80=AFPM Andrew Morton wrote: > > > > (cc bpf@) > > > > On Fri, 12 Apr 2024 19:27:25 -0700 syzbot wrote: > > > > > Hello, > > > > > > syzbot found the following issue on: > > > > > > HEAD commit: fec50db7033e Linux 6.9-rc3 > > > git tree: upstream > > > console+strace: https://syzkaller.appspot.com/x/log.txt?x=3D16509ba11= 80000 > > > kernel config: https://syzkaller.appspot.com/x/.config?x=3D13e7da432= 565d94c > > > dashboard link: https://syzkaller.appspot.com/bug?extid=3D79102ed905e= 5b2dc0fc3 > > > compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for= Debian) 2.40 > > > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=3D10a4af9= d180000 > > > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=3D12980f9d1= 80000 > > > > > > Downloadable assets: > > > disk image: https://storage.googleapis.com/syzbot-assets/901017b36ccc= /disk-fec50db7.raw.xz > > > vmlinux: https://storage.googleapis.com/syzbot-assets/16bfcf5618d3/vm= linux-fec50db7.xz > > > kernel image: https://storage.googleapis.com/syzbot-assets/dc9c5a1e7d= 02/bzImage-fec50db7.xz > > > > > > IMPORTANT: if you fix the issue, please add the following tag to the = commit: > > > Reported-by: syzbot+79102ed905e5b2dc0fc3@syzkaller.appspotmail.com > > > > > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D > > > BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/= instrumented.h:114 [inline] > > > BUG: KMSAN: kernel-infoleak in __copy_to_user_inatomic include/linux/= uaccess.h:125 [inline] > > > BUG: KMSAN: kernel-infoleak in copy_to_user_nofault+0x129/0x1f0 mm/ma= ccess.c:149 > > > instrument_copy_to_user include/linux/instrumented.h:114 [inline] > > > __copy_to_user_inatomic include/linux/uaccess.h:125 [inline] > > > copy_to_user_nofault+0x129/0x1f0 mm/maccess.c:149 > > > ____bpf_probe_write_user kernel/trace/bpf_trace.c:349 [inline] > > > bpf_probe_write_user+0x104/0x180 kernel/trace/bpf_trace.c:327 > > > ___bpf_prog_run+0x13fe/0xe0f0 kernel/bpf/core.c:1997 > > > __bpf_prog_run64+0xb5/0xe0 kernel/bpf/core.c:2236 > > > bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline] > > > __bpf_prog_run include/linux/filter.h:657 [inline] > > > bpf_prog_run include/linux/filter.h:664 [inline] > > > __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline] > > > bpf_trace_run2+0x116/0x300 kernel/trace/bpf_trace.c:2420 > > > __bpf_trace_kfree+0x29/0x40 include/trace/events/kmem.h:94 > > > trace_kfree include/trace/events/kmem.h:94 [inline] > > > kfree+0x6a5/0xa30 mm/slub.c:4377 > > > vfs_writev+0x12bf/0x1450 fs/read_write.c:978 > > > do_writev+0x251/0x5c0 fs/read_write.c:1018 > > > __do_sys_writev fs/read_write.c:1091 [inline] > > > __se_sys_writev fs/read_write.c:1088 [inline] > > > __x64_sys_writev+0x98/0xe0 fs/read_write.c:1088 > > > do_syscall_64+0xd5/0x1f0 > > > entry_SYSCALL_64_after_hwframe+0x72/0x7a > > > > > > Local variable stack created at: > > > __bpf_prog_run64+0x45/0xe0 kernel/bpf/core.c:2236 > > > bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline] > > > __bpf_prog_run include/linux/filter.h:657 [inline] > > > bpf_prog_run include/linux/filter.h:664 [inline] > > > __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline] > > > bpf_trace_run2+0x116/0x300 kernel/trace/bpf_trace.c:2420 > > > > > > Bytes 0-7 of 8 are uninitialized > > > Memory access of size 8 starts at ffff888121ec7ae8 > > > Data copied to user address 00000000ffffffff > > > > > > CPU: 1 PID: 4779 Comm: dhcpcd Not tainted 6.9.0-rc3-syzkaller #0 > > > Hardware name: Google Google Compute Engine/Google Compute Engine, BI= OS Google 03/27/2024 > > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D > > > > > > > > > --- > > > This report is generated by a bot. It may contain errors. > > > See https://goo.gl/tpsmEJ for more information about syzbot. > > > syzbot engineers can be reached at syzkaller@googlegroups.com. > > > > > > syzbot will keep track of this issue. See: > > > https://goo.gl/tpsmEJ#status for how to communicate with syzbot. > > > > > > If the report is already addressed, let syzbot know by replying with: > > > #syz fix: exact-commit-title > > > > > > If you want syzbot to run the reproducer, reply with: > > > #syz test: git://repo/address.git branch-or-commit-hash > > > If you attach or paste a git patch, syzbot will apply it before testi= ng. > > > > > > If you want to overwrite report's subsystems, reply with: > > > #syz set subsystems: new-subsystem > > > (See the list of subsystem names on the web dashboard) > > > > > > If the report is a duplicate of another one, reply with: > > > #syz dup: exact-subject-of-another-report > > > > > > If you want to undo deduplication, reply with: > > > #syz undup > > > > -- > You received this message because you are subscribed to the Google Groups= "syzkaller-bugs" group. > To unsubscribe from this group and stop receiving emails from it, send an= email to syzkaller-bugs+unsubscribe@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/msgi= d/syzkaller-bugs/CAADnVQ%2BE%3Dj1Z4MOuk2f-U33oqvUmmrRcvWvsDrmLXvD8FhUmsQ%40= mail.gmail.com.