syzbot

 sign-in | mailing list | source | docs
🐞 Open [1446]
Subsystems
🐞 Fixed [6889]
🐞 Invalid [17904]
Missing Backports [224]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KMSAN: kernel-infoleak in move_addr_to_user (7)

Status: upstream: reported C repro on 2024/09/22 17:46
Subsystems: wpan
[Documentation on labels]
Reported-by: syzbot+346474e3bf0b26bd3090@syzkaller.appspotmail.com
First crash: 494d, last: 9d17h
Discussions (10)
Title Replies (including bot) Last reply
[syzbot] Monthly wpan report (Jan 2026) 0 (1) 2026/01/26 07:12
[syzbot] Monthly wpan report (Dec 2025) 0 (1) 2025/12/26 07:48
[syzbot] Monthly wpan report (Oct 2025) 0 (1) 2025/10/20 11:38
[syzbot] Monthly hams report (Aug 2025) 0 (1) 2025/08/25 08:40
[syzbot] Monthly wpan report (Jun 2025) 0 (1) 2025/06/16 10:02
[syzbot] Monthly wpan report (May 2025) 0 (1) 2025/05/13 12:36
[PATCH net] Drop packets with invalid headers to prevent KMSAN infoleak 2 (2) 2024/11/04 10:03
[syzbot] [net?] KMSAN: kernel-infoleak in move_addr_to_user (7) 0 (8) 2024/11/03 19:27
[PATCH net] Drop packets with invalid headers to prevent KMSAN infoleak 10 (10) 2024/10/29 21:34
[PATCH] Fix KMSAN infoleak, initialize unused data in pskb_expand_head 7 (7) 2024/10/05 04:59
Similar bugs (6)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: kernel-infoleak in move_addr_to_user (3) net 9 C 79 1960d 1994d 15/29 fixed on 2020/09/28 09:09
upstream KMSAN: kernel-infoleak in move_addr_to_user (2) net 9 C 8 2499d 2514d 11/29 fixed on 2019/03/28 12:00
upstream KMSAN: kernel-infoleak in move_addr_to_user (4) net 9 C 59 1792d 1844d 19/29 fixed on 2021/03/10 01:48
upstream KMSAN: kernel-infoleak in move_addr_to_user (5) tipc 9 3 1642d 1783d 20/29 fixed on 2021/11/10 00:50
upstream KMSAN: kernel-infoleak in move_addr_to_user net 9 5 2527d 2577d 11/29 fixed on 2019/03/06 07:43
upstream KMSAN: kernel-infoleak in move_addr_to_user (6) tipc 9 C 4 1462d 1500d 20/29 fixed on 2022/03/08 16:11
Last patch testing requests (17)
Created Duration User Patch Repo Result
2026/01/19 08:01 55m retest repro upstream report log
2026/01/19 08:01 1h02m retest repro upstream report log
2025/12/13 00:28 29m retest repro upstream report log
2025/11/01 08:27 1h36m retest repro upstream report log
2025/10/03 19:21 2h37m retest repro upstream report log
2025/08/23 06:50 21m retest repro upstream report log
2025/07/25 01:39 30m retest repro upstream report log
2025/05/16 00:01 24m retest repro upstream report log
2025/05/16 00:01 1h23m retest repro upstream report log
2025/02/23 20:57 23m retest repro upstream report log
2024/11/03 19:27 32m danielyangkang@gmail.com patch upstream OK log
2024/10/17 23:29 49m danielyangkang@gmail.com patch upstream OK log
2024/10/17 23:09 27m danielyangkang@gmail.com patch upstream OK log
2024/10/17 22:14 27m danielyangkang@gmail.com patch upstream OK log
2024/10/17 19:01 2h29m danielyangkang@gmail.com patch upstream OK log
2024/10/16 04:53 39m danielyangkang@gmail.com patch upstream report log
2024/10/02 00:05 36m danielyangkang@gmail.com patch upstream OK log

Sample crash report:
=====================================================
BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]
BUG: KMSAN: kernel-infoleak in _inline_copy_to_user include/linux/uaccess.h:205 [inline]
BUG: KMSAN: kernel-infoleak in _copy_to_user+0xcc/0x120 lib/usercopy.c:26
 instrument_copy_to_user include/linux/instrumented.h:114 [inline]
 _inline_copy_to_user include/linux/uaccess.h:205 [inline]
 _copy_to_user+0xcc/0x120 lib/usercopy.c:26
 copy_to_user include/linux/uaccess.h:236 [inline]
 move_addr_to_user+0x29a/0x400 net/socket.c:306
 ____sys_recvmsg+0x232/0x610 net/socket.c:2819
 ___sys_recvmsg+0x20b/0x850 net/socket.c:2854
 do_recvmmsg+0x40e/0xdf0 net/socket.c:2949
 __sys_recvmmsg net/socket.c:3023 [inline]
 __do_sys_recvmmsg net/socket.c:3046 [inline]
 __se_sys_recvmmsg net/socket.c:3039 [inline]
 __x64_sys_recvmmsg+0x383/0x500 net/socket.c:3039
 x64_sys_call+0x365f/0x3e70 arch/x86/include/generated/asm/syscalls_64.h:300
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd3/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was stored to memory at:
 ieee802154_addr_to_sa include/net/ieee802154_netdev.h:369 [inline]
 dgram_recvmsg+0xa17/0xbe0 net/ieee802154/socket.c:739
 sock_common_recvmsg+0xd5/0x1d0 net/core/sock.c:3956
 sock_recvmsg_nosec+0x240/0x2f0 net/socket.c:1078
 ____sys_recvmsg+0x4e5/0x610 net/socket.c:2810
 ___sys_recvmsg+0x20b/0x850 net/socket.c:2854
 do_recvmmsg+0x40e/0xdf0 net/socket.c:2949
 __sys_recvmmsg net/socket.c:3023 [inline]
 __do_sys_recvmmsg net/socket.c:3046 [inline]
 __se_sys_recvmmsg net/socket.c:3039 [inline]
 __x64_sys_recvmmsg+0x383/0x500 net/socket.c:3039
 x64_sys_call+0x365f/0x3e70 arch/x86/include/generated/asm/syscalls_64.h:300
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd3/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was stored to memory at:
 __copy_skb_header+0xa3/0x840 net/core/skbuff.c:1532
 __skb_clone+0x57/0x650 net/core/skbuff.c:1584
 skb_clone+0x473/0x580 net/core/skbuff.c:2094
 __ieee802154_rx_handle_packet net/mac802154/rx.c:363 [inline]
 ieee802154_rx+0xdeb/0x3460 net/mac802154/rx.c:431
 ieee802154_tasklet_handler+0x136/0x2c0 net/mac802154/main.c:35
 tasklet_action_common+0x34b/0xcf0 kernel/softirq.c:925
 tasklet_action+0x2d/0x40 kernel/softirq.c:953
 handle_softirqs+0x169/0x6e0 kernel/softirq.c:622
 __do_softirq+0x14/0x1b kernel/softirq.c:656

Uninit was stored to memory at:
 ieee802154_parse_frame_start net/mac802154/rx.c:299 [inline]
 __ieee802154_rx_handle_packet net/mac802154/rx.c:343 [inline]
 ieee802154_rx+0xb4d/0x3460 net/mac802154/rx.c:431
 ieee802154_tasklet_handler+0x136/0x2c0 net/mac802154/main.c:35
 tasklet_action_common+0x34b/0xcf0 kernel/softirq.c:925
 tasklet_action+0x2d/0x40 kernel/softirq.c:953
 handle_softirqs+0x169/0x6e0 kernel/softirq.c:622
 __do_softirq+0x14/0x1b kernel/softirq.c:656

Uninit was stored to memory at:
 ieee802154_hdr_get_addrs net/ieee802154/header_ops.c:275 [inline]
 ieee802154_hdr_pull+0xbf1/0xd60 net/ieee802154/header_ops.c:294
 ieee802154_parse_frame_start net/mac802154/rx.c:283 [inline]
 __ieee802154_rx_handle_packet net/mac802154/rx.c:343 [inline]
 ieee802154_rx+0xa3d/0x3460 net/mac802154/rx.c:431
 ieee802154_tasklet_handler+0x136/0x2c0 net/mac802154/main.c:35
 tasklet_action_common+0x34b/0xcf0 kernel/softirq.c:925
 tasklet_action+0x2d/0x40 kernel/softirq.c:953
 handle_softirqs+0x169/0x6e0 kernel/softirq.c:622
 __do_softirq+0x14/0x1b kernel/softirq.c:656

Local variable hdr.i created at:
 __ieee802154_rx_handle_packet net/mac802154/rx.c:340 [inline]
 ieee802154_rx+0x96e/0x3460 net/mac802154/rx.c:431
 ieee802154_tasklet_handler+0x136/0x2c0 net/mac802154/main.c:35

Bytes 8-9 of 20 are uninitialized
Memory access of size 20 starts at ffff88804e467a38
Data copied to user address 0000200000000800

CPU: 0 UID: 0 PID: 6040 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(none) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
=====================================================

Crashes (43):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/01/04 08:42 upstream aacb0a6d604a d6526ea3 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in move_addr_to_user
2024/09/22 17:20 upstream 88264981f208 6f888b75 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in move_addr_to_user
2024/09/22 12:36 upstream 88264981f208 6f888b75 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in move_addr_to_user
2026/01/05 07:11 upstream 54e82e93ca93 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in move_addr_to_user
2026/01/04 06:07 upstream aacb0a6d604a d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in move_addr_to_user
2026/01/04 06:07 upstream aacb0a6d604a d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in move_addr_to_user
2025/10/06 08:45 upstream 9b0d551bcc05 49379ee0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in move_addr_to_user
2025/08/29 06:30 upstream 07d9df80082b 3e1beec6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in move_addr_to_user
2025/08/25 21:31 upstream b6add54ba618 bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in move_addr_to_user
2025/08/25 21:31 upstream b6add54ba618 bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in move_addr_to_user
2025/08/25 14:52 upstream 69fd6b99b8f8 bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in move_addr_to_user
2025/08/09 05:57 upstream 37816488247d 32a0e5ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in move_addr_to_user
2025/08/02 11:12 upstream 89748acdf226 7368264b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in move_addr_to_user
2025/08/02 11:12 upstream 89748acdf226 7368264b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in move_addr_to_user
2025/08/01 20:08 upstream 89748acdf226 40127d41 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in move_addr_to_user
2025/07/30 03:45 upstream 86aa72182095 f8f2b4da .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in move_addr_to_user
2025/06/30 11:32 upstream d0b3b7b22dfa fc9d8ee5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in move_addr_to_user
2025/06/28 11:30 upstream 35e261cd95dd fc9d8ee5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in move_addr_to_user
2025/06/22 18:35 upstream 739a6c93cc75 d6cdfb8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in move_addr_to_user
2025/06/22 18:35 upstream 739a6c93cc75 d6cdfb8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in move_addr_to_user
2025/06/15 17:06 upstream 8c6bc74c7f89 5f4b362d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in move_addr_to_user
2025/06/10 07:26 upstream 19272b37aa4f 4826c28e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in move_addr_to_user
2025/06/08 06:10 upstream 5b032cac6225 4826c28e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in move_addr_to_user
2025/05/23 23:55 upstream eccf6f2f6ab9 f8cc0c83 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in move_addr_to_user
2025/05/01 23:19 upstream 02ddfb981de8 51b137cd .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in move_addr_to_user
2025/01/06 09:49 upstream 9244696b34f2 f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in move_addr_to_user
2024/12/21 15:43 upstream 499551201b5f d7f584ee .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in move_addr_to_user
2024/11/29 14:27 upstream 7af08b57bcb9 5df23865 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in move_addr_to_user
2024/11/24 18:53 upstream 9f16d5e6f220 68da6d95 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in move_addr_to_user
2024/11/18 06:46 upstream f66d6acccbc0 cfe3a04a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in move_addr_to_user
2024/11/12 01:27 upstream 2d5404caa8c7 97fe5517 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in move_addr_to_user
2024/11/07 22:31 upstream ff7afaeca1a1 c069283c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in move_addr_to_user
2024/11/05 04:00 upstream 59b723cd2adb 509da429 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in move_addr_to_user
2024/10/29 21:46 upstream e42b1a9a2557 66aeb999 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in move_addr_to_user
2024/09/21 21:47 upstream 1868f9d0260e 6f888b75 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in move_addr_to_user
2025/08/28 23:00 upstream 07d9df80082b 443c11c7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in move_addr_to_user
2025/08/26 00:04 upstream b6add54ba618 bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in move_addr_to_user
2025/08/26 00:04 upstream b6add54ba618 bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in move_addr_to_user
2025/08/25 15:01 upstream c330cb607721 bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in move_addr_to_user
2025/08/25 14:59 upstream c330cb607721 bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in move_addr_to_user
2025/08/25 14:55 upstream c330cb607721 bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in move_addr_to_user
2025/06/22 18:55 upstream 739a6c93cc75 d6cdfb8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in move_addr_to_user
2025/06/22 18:55 upstream 739a6c93cc75 d6cdfb8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in move_addr_to_user
* Struck through repros no longer work on HEAD.