-
Notifications
You must be signed in to change notification settings - Fork 1.2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
pkg/report: improve KMSAN report parsing
Extract guilty frame from stack. Add few more ignored functions. Add more tests.
- Loading branch information
Showing
9 changed files
with
230 additions
and
8 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,41 @@ | ||
| TITLE: KMSAN: kernel-infoleak in copy_siginfo_to_user | ||
|
|
||
| [ 47.389823] ================================================================== | ||
| [ 47.397223] BUG: KMSAN: kernel-infoleak in _copy_to_user+0x15d/0x1f0 | ||
| [ 47.403731] CPU: 0 PID: 4398 Comm: syz-executor001 Not tainted 4.19.0-rc3+ #45 | ||
| [ 47.411088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 | ||
| [ 47.420459] Call Trace: | ||
| [ 47.423083] dump_stack+0x14b/0x190 | ||
| [ 47.426745] kmsan_report+0x183/0x2b0 | ||
| [ 47.430573] kmsan_internal_check_memory+0xfe/0x1f0 | ||
| [ 47.435592] kmsan_copy_to_user+0x73/0xb0 | ||
| [ 47.439764] _copy_to_user+0x15d/0x1f0 | ||
| [ 47.443663] copy_siginfo_to_user+0x81/0x130 | ||
| [ 47.448101] ptrace_request+0x2278/0x2680 | ||
| [ 47.452257] ? __msan_poison_alloca+0x173/0x1f0 | ||
| [ 47.456956] ? _raw_spin_lock_irqsave+0x41/0xe0 | ||
| [ 47.461649] ? wait_task_inactive+0x397/0x990 | ||
| [ 47.466185] ? kmsan_set_origin_inline+0x6b/0x120 | ||
| [ 47.471039] arch_ptrace+0xbdd/0x11a0 | ||
| [ 47.474841] ? ptrace_check_attach+0x182/0x5b0 | ||
| [ 47.479446] __se_sys_ptrace+0x2a2/0x7e0 | ||
| [ 47.483558] __x64_sys_ptrace+0x56/0x70 | ||
| [ 47.487534] do_syscall_64+0xb8/0x100 | ||
| [ 47.491343] entry_SYSCALL_64_after_hwframe+0x63/0xe7 | ||
| [ 47.496534] RIP: 0033:0x440df9 | ||
| [ 47.499746] Code: e8 cc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00 | ||
| [ 47.518655] RSP: 002b:00007ffe8af43578 EFLAGS: 00000286 ORIG_RAX: 0000000000000065 | ||
| [ 47.526385] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440df9 | ||
| [ 47.533646] RDX: 0000000020000004 RSI: 0000000000000001 RDI: 0000000000004209 | ||
| [ 47.540912] RBP: 0000000000000000 R08: 00000000004002c8 R09: 00000000004002c8 | ||
| [ 47.548187] R10: 0000000020000100 R11: 0000000000000286 R12: 000000000000b922 | ||
| [ 47.555446] R13: 0000000000401dd0 R14: 0000000000000000 R15: 0000000000000000 | ||
| [ 47.562727] | ||
| [ 47.564347] Local variable description: ----kiov@ptrace_request | ||
| [ 47.570385] Variable was created at: | ||
| [ 47.574130] ptrace_request+0x19f/0x2680 | ||
| [ 47.578185] arch_ptrace+0xbdd/0x11a0 | ||
| [ 47.581987] | ||
| [ 47.583623] Bytes 0-15 of 128 are uninitialized | ||
| [ 47.588292] Memory access starts at ffff8801b751fca0 | ||
| [ 47.593393] ================================================================== |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
| TITLE: KMSAN: kernel-infoleak in copy_siginfo_to_user | ||
|
|
||
| [ 42.870355] ================================================================== | ||
| [ 42.877778] BUG: KMSAN: kernel-infoleak in copy_siginfo_to_user+0xf0/0x150 | ||
| [ 42.884792] CPU: 0 PID: 4543 Comm: syz-executor869 Not tainted 4.18.0-rc4+ #23 | ||
| [ 42.892143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 | ||
| [ 42.901488] Call Trace: | ||
| [ 42.904076] dump_stack+0x185/0x1e0 | ||
| [ 42.907694] kmsan_report+0x195/0x2c0 | ||
| [ 42.911480] kmsan_internal_check_memory+0x10e/0x210 | ||
| [ 42.916571] kmsan_copy_to_user+0x83/0xe0 | ||
| [ 42.920708] copy_siginfo_to_user+0xf0/0x150 | ||
| [ 42.925103] ptrace_request+0x232d/0x2790 | ||
| [ 42.929251] ? __msan_metadata_ptr_for_store_1+0x13/0x20 | ||
| [ 42.934690] ? wait_task_inactive+0x821/0x9e0 | ||
| [ 42.939173] arch_ptrace+0xbcc/0x12c0 | ||
| [ 42.942959] ? ptrace_check_attach+0x182/0x5e0 | ||
| [ 42.947526] __se_sys_ptrace+0x2f0/0x850 | ||
| [ 42.951575] __x64_sys_ptrace+0x11e/0x170 | ||
| [ 42.955709] ? ptrace_regset+0x840/0x840 | ||
| [ 42.959757] do_syscall_64+0x15b/0x230 | ||
| [ 42.963636] entry_SYSCALL_64_after_hwframe+0x63/0xe7 | ||
| [ 42.968807] RIP: 0033:0x4401b9 | ||
| [ 42.971971] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 | ||
| [ 42.991161] RSP: 002b:00007ffcd9ce9e68 EFLAGS: 00000286 ORIG_RAX: 0000000000000065 | ||
| [ 42.998853] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00000000004401b9 | ||
| [ 43.006124] RDX: 0000000020000004 RSI: 0000000000000001 RDI: 0000000000004209 | ||
| [ 43.013388] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 | ||
| [ 43.020642] R10: 0000000020000100 R11: 0000000000000286 R12: 0000000000401a40 | ||
| [ 43.027898] R13: 0000000000401ad0 R14: 0000000000000000 R15: 0000000000000000 | ||
| [ 43.035162] | ||
| [ 43.036779] Local variable description: ----kiov@ptrace_request | ||
| [ 43.042818] Variable was created at: | ||
| [ 43.046520] ptrace_request+0x1bf/0x2790 | ||
| [ 43.050571] arch_ptrace+0xbcc/0x12c0 | ||
| [ 43.054344] | ||
| [ 43.055950] Bytes 0-15 of 128 are uninitialized | ||
| [ 43.060594] Memory access starts at ffff880193b8fca8 | ||
| [ 43.065675] ================================================================== |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,56 @@ | ||
| TITLE: KMSAN: uninit-value in tipc_nl_node_get_link | ||
|
|
||
| syzkaller login: [ 41.195107] ================================================================== | ||
| [ 41.202507] BUG: KMSAN: uninit-value in strcmp+0xf7/0x160 | ||
| [ 41.208024] CPU: 1 PID: 4527 Comm: syz-executor655 Not tainted 4.16.0+ #87 | ||
| [ 41.215027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 | ||
| [ 41.224359] Call Trace: | ||
| [ 41.226931] dump_stack+0x185/0x1d0 | ||
| [ 41.230537] ? strcmp+0xf7/0x160 | ||
| [ 41.233887] kmsan_report+0x142/0x240 | ||
| [ 41.237673] __msan_warning_32+0x6c/0xb0 | ||
| [ 41.241720] strcmp+0xf7/0x160 | ||
| [ 41.244903] tipc_nl_node_get_link+0x220/0x6f0 | ||
| [ 41.249462] ? kmsan_set_origin+0x9e/0x160 | ||
| [ 41.253680] ? tipc_node_find_by_name+0x630/0x630 | ||
| [ 41.258514] genl_rcv_msg+0x1686/0x1810 | ||
| [ 41.262477] netlink_rcv_skb+0x378/0x600 | ||
| [ 41.266518] ? genl_unbind+0x350/0x350 | ||
| [ 41.270383] genl_rcv+0x63/0x80 | ||
| [ 41.273639] netlink_unicast+0x166b/0x1740 | ||
| [ 41.277852] ? genl_pernet_exit+0xa0/0xa0 | ||
| [ 41.281988] netlink_sendmsg+0x1048/0x1310 | ||
| [ 41.286206] ? netlink_getsockopt+0xc80/0xc80 | ||
| [ 41.290701] ___sys_sendmsg+0xec0/0x1310 | ||
| [ 41.294741] ? do_huge_pmd_anonymous_page+0x19d5/0x2520 | ||
| [ 41.300086] ? __fdget+0x4e/0x60 | ||
| [ 41.303431] ? __fget_light+0x56/0x710 | ||
| [ 41.307294] ? __fdget+0x4e/0x60 | ||
| [ 41.310641] ? __msan_metadata_ptr_for_load_1+0x10/0x20 | ||
| [ 41.315983] ? __fget_light+0x6b9/0x710 | ||
| [ 41.319949] SYSC_sendmsg+0x2a3/0x3d0 | ||
| [ 41.323731] SyS_sendmsg+0x54/0x80 | ||
| [ 41.327250] do_syscall_64+0x309/0x430 | ||
| [ 41.331116] ? ___sys_sendmsg+0x1310/0x1310 | ||
| [ 41.335417] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 | ||
| [ 41.340584] RIP: 0033:0x445589 | ||
| [ 41.343758] RSP: 002b:00007fb7ee66cdb8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e | ||
| [ 41.351441] RAX: ffffffffffffffda RBX: 00000000006dac24 RCX: 0000000000445589 | ||
| [ 41.358692] RDX: 0000000000000000 RSI: 0000000020023000 RDI: 0000000000000003 | ||
| [ 41.365942] RBP: 00000000006dac20 R08: 0000000000000000 R09: 0000000000000000 | ||
| [ 41.373191] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 | ||
| [ 41.380439] R13: 00007fffa2bf3f3f R14: 00007fb7ee66d9c0 R15: 0000000000000001 | ||
| [ 41.387717] | ||
| [ 41.389320] Uninit was created at: | ||
| [ 41.392842] kmsan_internal_poison_shadow+0xb8/0x1b0 | ||
| [ 41.397923] kmsan_kmalloc+0x94/0x100 | ||
| [ 41.401726] kmsan_slab_alloc+0x11/0x20 | ||
| [ 41.405680] __kmalloc_node_track_caller+0xaed/0x11c0 | ||
| [ 41.410851] __alloc_skb+0x2cf/0x9f0 | ||
| [ 41.414566] netlink_sendmsg+0x9a6/0x1310 | ||
| [ 41.418703] ___sys_sendmsg+0xec0/0x1310 | ||
| [ 41.422744] SYSC_sendmsg+0x2a3/0x3d0 | ||
| [ 41.426521] SyS_sendmsg+0x54/0x80 | ||
| [ 41.430048] do_syscall_64+0x309/0x430 | ||
| [ 41.433923] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 | ||
| [ 41.439088] ================================================================== |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,42 @@ | ||
| TITLE: KMSAN: uninit-value in vti6_ioctl | ||
|
|
||
| syzkaller login: [ 44.865333] ================================================================== | ||
| [ 44.872739] BUG: KMSAN: uninit-value in strlcpy+0x68/0x1c0 | ||
| [ 44.878347] CPU: 1 PID: 4514 Comm: syz-executor022 Not tainted 4.16.0+ #87 | ||
| [ 44.885339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 | ||
| [ 44.894694] Call Trace: | ||
| [ 44.897273] dump_stack+0x185/0x1d0 | ||
| [ 44.900894] ? strlcpy+0x68/0x1c0 | ||
| [ 44.904330] kmsan_report+0x142/0x240 | ||
| [ 44.908119] __msan_warning_32+0x6c/0xb0 | ||
| [ 44.912173] strlcpy+0x68/0x1c0 | ||
| [ 44.915436] vti6_ioctl+0x1cea/0x3410 | ||
| [ 44.919230] ? vti6_tnl_xmit+0x2070/0x2070 | ||
| [ 44.923444] dev_ifsioc+0x8a8/0x10c0 | ||
| [ 44.927139] ? _cond_resched+0x3c/0xd0 | ||
| [ 44.931008] dev_ioctl+0xc3e/0x1cf0 | ||
| [ 44.934625] ? kmsan_set_origin+0x9e/0x160 | ||
| [ 44.938865] sock_ioctl+0x744/0xca0 | ||
| [ 44.942647] ? sock_poll+0x370/0x370 | ||
| [ 44.946373] do_vfs_ioctl+0xaf0/0x2440 | ||
| [ 44.950299] ? __msan_metadata_ptr_for_load_4+0x10/0x20 | ||
| [ 44.955672] ? __fget_light+0x1f5/0x710 | ||
| [ 44.959657] ? __msan_metadata_ptr_for_load_8+0x10/0x20 | ||
| [ 44.965033] SYSC_ioctl+0x1d2/0x260 | ||
| [ 44.968659] SyS_ioctl+0x54/0x80 | ||
| [ 44.972030] do_syscall_64+0x309/0x430 | ||
| [ 44.975910] ? ioctl_file_clone+0x4f0/0x4f0 | ||
| [ 44.980218] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 | ||
| [ 44.985389] RIP: 0033:0x43fe59 | ||
| [ 44.988556] RSP: 002b:00007ffeb63ff5b8 EFLAGS: 00000286 ORIG_RAX: 0000000000000010 | ||
| [ 44.996253] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fe59 | ||
| [ 45.003592] RDX: 0000000020000000 RSI: 08000000000089f1 RDI: 0000000000000003 | ||
| [ 45.010853] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 | ||
| [ 45.018121] R10: 00000000004002c8 R11: 0000000000000286 R12: 0000000000401780 | ||
| [ 45.025377] R13: 0000000000401810 R14: 0000000000000000 R15: 0000000000000000 | ||
| [ 45.032627] | ||
| [ 45.034232] Local variable description: ----p1@vti6_ioctl | ||
| [ 45.039742] Variable was created at: | ||
| [ 45.043440] vti6_ioctl+0xc1/0x3410 | ||
| [ 45.047060] dev_ifsioc+0x8a8/0x10c0 | ||
| [ 45.050756] ================================================================== |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,34 @@ | ||
| TITLE: KMSAN: uninit-value in __dev_mc_add | ||
|
|
||
| syzkaller login: [ 30.164779] ================================================================== | ||
| [ 30.172283] BUG: KMSAN: uninit-value in memcmp+0x119/0x180 | ||
| [ 30.177916] CPU: 0 PID: 3 Comm: kworker/0:0 Not tainted 4.16.0+ #82 | ||
| [ 30.184318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 | ||
| [ 30.193686] Workqueue: ipv6_addrconf addrconf_dad_work | ||
| [ 30.198962] Call Trace: | ||
| [ 30.201561] dump_stack+0x185/0x1d0 | ||
| [ 30.205216] ? memcmp+0x119/0x180 | ||
| [ 30.208673] kmsan_report+0x142/0x240 | ||
| [ 30.212484] __msan_warning_32+0x6c/0xb0 | ||
| [ 30.216549] memcmp+0x119/0x180 | ||
| [ 30.219845] __dev_mc_add+0x1c2/0x8e0 | ||
| [ 30.223658] ? ndisc_mc_map+0x59f/0x8c0 | ||
| [ 30.227634] dev_mc_add+0x6d/0x80 | ||
| [ 30.231092] igmp6_group_added+0x2db/0xa00 | ||
| [ 30.235338] ipv6_dev_mc_inc+0xe9e/0x1130 | ||
| [ 30.239495] addrconf_dad_work+0x427/0x2150 | ||
| [ 30.243823] ? ipv6_get_saddr_eval+0x1130/0x1130 | ||
| [ 30.248585] ? ipv6_get_saddr_eval+0x1130/0x1130 | ||
| [ 30.253348] process_one_work+0x12c6/0x1f60 | ||
| [ 30.257685] worker_thread+0x113c/0x24f0 | ||
| [ 30.261763] ? process_one_work+0x1f60/0x1f60 | ||
| [ 30.266254] kthread+0x539/0x720 | ||
| [ 30.269616] ? process_one_work+0x1f60/0x1f60 | ||
| [ 30.274097] ? kthread_blkcg+0xf0/0xf0 | ||
| [ 30.277976] ret_from_fork+0x35/0x40 | ||
| [ 30.281670] | ||
| [ 30.283279] Local variable description: ----buf@igmp6_group_added | ||
| [ 30.289491] Variable was created at: | ||
| [ 30.293192] igmp6_group_added+0x4a/0xa00 | ||
| [ 30.297338] ipv6_dev_mc_inc+0xe9e/0x1130 | ||
| [ 30.301465] ================================================================== |
0e29942There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@ramosian-glider FYI
0e29942There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yay!