From: syzbot ci <syzbot+ci59ae1c0b8d5ca61e@syzkaller.appspotmail.com>
To: syzkaller-upstream-moderation@googlegroups.com
Cc: syzbot@lists.linux.dev
Subject: [moderation/CI] Re: uaccess: Convert small fixed size copy_{to/from}_user() to scoped user access
Date: Mon, 27 Apr 2026 14:44:42 -0700 [thread overview]
Message-ID: <69efd8ca.050a0220.18b4f.0007.GAE@google.com> (raw)
syzbot ci has tested the following series
[v1] uaccess: Convert small fixed size copy_{to/from}_user() to scoped user access
https://lore.kernel.org/all/cover.1777306795.git.chleroy@kernel.org
* [RFC PATCH v1 1/9] uaccess: Split check_zeroed_user() out of usercopy.c
* [RFC PATCH v1 2/9] uaccess: Convert INLINE_COPY_{TO/FROM}_USER to kconfig and reduce ifdefery
* [RFC PATCH v1 3/9] x86/umip: Be stricter in fixup_umip_exception()
* [RFC PATCH v1 4/9] uaccess: Introduce copy_{to/from}_user_partial()
* [RFC PATCH v1 5/9] uaccess: Switch to copy_{to/from}_user_partial() when relevant
* [RFC PATCH v1 6/9] uaccess: Change copy_{to/from}_user to return -EFAULT
* [RFC PATCH v1 7/9] x86: Add unsafe_copy_from_user()
* [RFC PATCH v1 8/9] arm64: Add unsafe_copy_from_user()
* [RFC PATCH v1 9/9] uaccess: Convert small fixed size copy_{to/from}_user() to scoped user access
and found the following issue:
general protection fault in rt_sigprocmask
Full report is available here:
https://ci.syzbot.org/series/aa7fc2a4-0ff8-418d-a7f8-d564d6337c56
***
general protection fault in rt_sigprocmask
tree: bpf-next
URL: https://kernel.googlesource.com/pub/scm/linux/kernel/git/bpf/bpf-next.git
base: 7c8d208d816d0504aa916138ae097d9cb4ed4e56
arch: amd64
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
config: https://ci.syzbot.org/builds/e539adaf-05e5-409c-80f8-973dab3db2a7/config
Key type big_key registered
Key type encrypted registered
AppArmor: AppArmor sha256 policy hashing enabled
ima: No TPM chip found, activating TPM-bypass!
Loading compiled-in module X.509 certificates
Loaded X.509 cert 'Build time autogenerated kernel key: 63d9792cbf98a5c58c0509974cba8c406c7870ed'
ima: Allocated hash algorithm: sha256
ima: No architecture policies found
evm: Initialising EVM extended attributes:
evm: security.selinux (disabled)
evm: security.SMACK64 (disabled)
evm: security.SMACK64EXEC (disabled)
evm: security.SMACK64TRANSMUTE (disabled)
evm: security.SMACK64MMAP (disabled)
evm: security.apparmor
evm: security.ima
evm: security.capability
evm: HMAC attrs: 0x1
PM: Magic number: 6:723:551
block sda: hash matches
acpi PNP0C0F:02: hash matches
netconsole: network logging started
gtp: GTP module loaded (pdp ctx size 128 bytes)
rdma_rxe: loaded
cfg80211: Loading compiled-in X.509 certificates for regulatory database
Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7'
Loaded X.509 cert 'wens: 61c038651aabdcf94bd0ac7ff06c7248db18c600'
clk: Disabling unused clocks
ALSA device list:
#0: Dummy 1
#1: Loopback 1
#2: Virtual MIDI Card 1
md: Waiting for all devices to be available before autodetect
md: If you don't use raid, use raid=noautodetect
md: Autodetecting RAID arrays.
md: autorun ...
md: ... autorun DONE.
EXT4-fs (sda1): mounted filesystem b4773fba-1738-4da0-8a90-0fe043d0a496 ro with ordered data mode. Quota mode: none.
VFS: Mounted root (ext4 filesystem) readonly on device 8:1.
devtmpfs: mounted
VFS: Pivoted into new rootfs
Freeing unused kernel image (initmem) memory: 26948K
Write protecting the kernel read-only data: 221184k
Freeing unused kernel image (text/rodata gap) memory: 2032K
Freeing unused kernel image (rodata/data gap) memory: 1428K
x86/mm: Checked W+X mappings: passed, no W+X pages found.
x86/mm: Checking user space page tables
x86/mm: Checked W+X mappings: passed, no W+X pages found.
Failed to set sysctl parameter 'max_rcu_stall_to_panic=1': parameter not found
Run /sbin/init as init process
Oops: general protection fault, probably for non-canonical address 0xe0000be81c51ea95: 0000 [#1] SMP KASAN PTI
KASAN: probably user-memory-access in range [0x00007f40e28f54a8-0x00007f40e28f54af]
CPU: 1 UID: 0 PID: 1 Comm: init Not tainted syzkaller #0 PREEMPT(full)
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
RIP: 0010:__se_sys_rt_sigprocmask+0x139/0x310
Code: 00 00 e8 3a f1 a5 00 48 b8 00 f0 ff ff ff 7f 00 00 49 39 c4 4c 0f 47 e0 0f 1f 00 48 8d 44 24 60 48 8b 08 4c 89 e0 48 c1 e8 03 <80> 3c 18 00 74 0e 4c 89 e7 48 89 cb e8 56 ef a5 00 48 89 d9 49 89
RSP: 0018:ffffc90000067de0 EFLAGS: 00010206
RAX: 00000fe81c51ea95 RBX: dffffc0000000000 RCX: 0000000000000000
RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffc90000067e40
RBP: ffffc90000067ee0 R08: ffffc90000067e47 R09: 1ffff9200000cfc8
R10: dffffc0000000000 R11: fffff5200000cfc9 R12: 00007f40e28f54a8
R13: 1ffff9200000cfc0 R14: ffff8881026f6210 R15: 1ffff110204dec42
FS: 00007f40e25f5380(0000) GS:ffff8882a8fd4000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f40e28baf3f CR3: 0000000171dca000 CR4: 00000000000006f0
Call Trace:
<TASK>
do_syscall_64+0x15f/0xf80
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f40e26f5773
Code: 00 f3 a5 48 8d 74 24 88 48 b9 ff ff ff 7f fe ff ff ff 48 21 c8 48 89 44 24 88 41 ba 08 00 00 00 44 89 c7 b8 0e 00 00 00 0f 05 <45> 31 c0 3d 00 f0 ff ff 76 06 41 89 c0 41 f7 d8 44 89 c0 5a c3 41
RSP: 002b:00007fffc2ca58c0 EFLAGS: 00000246 ORIG_RAX: 000000000000000e
RAX: ffffffffffffffda RBX: 00007fffc2ca5ac8 RCX: 00007f40e26f5773
RDX: 0000000000000000 RSI: 00007f40e28f54a8 RDI: 0000000000000000
RBP: 00007f40e28f54a8 R08: 0000000000000000 R09: 00007f40e2904b5d
R10: 0000000000000008 R11: 0000000000000246 R12: 00007f40e28f54a0
R13: 00007fffc2ca5ad8 R14: 0000562515803169 R15: 00007f40e292ea80
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__se_sys_rt_sigprocmask+0x139/0x310
Code: 00 00 e8 3a f1 a5 00 48 b8 00 f0 ff ff ff 7f 00 00 49 39 c4 4c 0f 47 e0 0f 1f 00 48 8d 44 24 60 48 8b 08 4c 89 e0 48 c1 e8 03 <80> 3c 18 00 74 0e 4c 89 e7 48 89 cb e8 56 ef a5 00 48 89 d9 49 89
RSP: 0018:ffffc90000067de0 EFLAGS: 00010206
RAX: 00000fe81c51ea95 RBX: dffffc0000000000 RCX: 0000000000000000
RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffc90000067e40
RBP: ffffc90000067ee0 R08: ffffc90000067e47 R09: 1ffff9200000cfc8
R10: dffffc0000000000 R11: fffff5200000cfc9 R12: 00007f40e28f54a8
R13: 1ffff9200000cfc0 R14: ffff8881026f6210 R15: 1ffff110204dec42
FS: 00007f40e25f5380(0000) GS:ffff8882a8fd4000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f40e28baf3f CR3: 0000000171dca000 CR4: 00000000000006f0
***
If these findings have caused you to resend the series or submit a
separate fix, please add the following tag to your commit message:
Tested-by: syzbot@syzkaller.appspotmail.com
---
This report is generated by a bot. It may contain errors.
syzbot ci engineers can be reached at syzkaller@googlegroups.com.
To test a patch for this bug, please reply with `#syz test`
(should be on a separate line).
The patch should be attached to the email.
Note: arguments like custom git repos and branches are not supported.
The email will later be sent to:
[akpm@linux-foundation.org amd-gfx@lists.freedesktop.org bpf@vger.kernel.org chleroy@kernel.org david.laight.linux@gmail.com dmaengine@vger.kernel.org dri-devel@lists.freedesktop.org intel-gfx@lists.freedesktop.org kasan-dev@googlegroups.com kvm@vger.kernel.org linux-alpha@vger.kernel.org linux-arch@vger.kernel.org linux-arm-kernel@lists.infradead.org linux-csky@vger.kernel.org linux-efi@vger.kernel.org linux-fsdevel@vger.kernel.org linux-fsi@lists.ozlabs.org linux-hexagon@vger.kernel.org linux-kernel@vger.kernel.org linux-m68k@lists.linux-m68k.org linux-media@vger.kernel.org linux-mips@vger.kernel.org linux-mm@kvack.org linux-openrisc@vger.kernel.org linux-parisc@vger.kernel.org linux-riscv@lists.infradead.org linux-s390@vger.kernel.org linux-serial@vger.kernel.org linux-sh@vger.kernel.org linux-snps-arc@lists.infradead.org linux-sound@vger.kernel.org linux-spi@vger.kernel.org linux-staging@lists.linux.dev linux-um@lists.infradead.org linux-usb@vger.kernel.org linux-wireless@vger.kernel.org linux-wpan@vger.kernel.org linux-x25@vger.kernel.org linuxppc-dev@lists.ozlabs.org loongarch@lists.linux.dev netdev@vger.kernel.org ocfs2-devel@lists.linux.dev rust-for-linux@vger.kernel.org sound-open-firmware@alsa-project.org sparclinux@vger.kernel.org tglx@linutronix.de torvalds@linux-foundation.org xen-devel@lists.xenproject.org ynorov@nvidia.com]
If the report looks fine to you, reply with:
#syz upstream
If the report is a false positive, reply with
#syz invalid
next reply other threads:[~2026-04-27 21:44 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-27 21:44 syzbot ci [this message]
2026-04-28 6:18 ` [moderation/CI] Re: uaccess: Convert small fixed size copy_{to/from}_user() to scoped user access Aleksandr Nogikh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=69efd8ca.050a0220.18b4f.0007.GAE@google.com \
--to=syzbot+ci59ae1c0b8d5ca61e@syzkaller.appspotmail.com \
--cc=syzbot@lists.linux.dev \
--cc=syzkaller-upstream-moderation@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.