syzbot

 sign-in | mailing list | source | docs
🐞 Open [1567]
Subsystems
🐞 Fixed [6212]
🐞 Invalid [15681]
Missing Backports [179]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KMSAN: kernel-infoleak in i2cdev_ioctl_smbus

Status: upstream: reported C repro on 2025/05/02 18:58
Subsystems: i2c
[Documentation on labels]
Reported-by: syzbot+08b819a87faa6def6dfb@syzkaller.appspotmail.com
First crash: 5d14h, last: 1h31m
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [i2c?] KMSAN: kernel-infoleak in i2cdev_ioctl_smbus 0 (1) 2025/05/02 18:58

Sample crash report:
=====================================================
BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]
BUG: KMSAN: kernel-infoleak in _inline_copy_to_user include/linux/uaccess.h:196 [inline]
BUG: KMSAN: kernel-infoleak in _copy_to_user+0xcc/0x120 lib/usercopy.c:26
 instrument_copy_to_user include/linux/instrumented.h:114 [inline]
 _inline_copy_to_user include/linux/uaccess.h:196 [inline]
 _copy_to_user+0xcc/0x120 lib/usercopy.c:26
 copy_to_user include/linux/uaccess.h:225 [inline]
 i2cdev_ioctl_smbus+0x586/0x660 drivers/i2c/i2c-dev.c:394
 i2cdev_ioctl+0xa14/0xf40 drivers/i2c/i2c-dev.c:478
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:906 [inline]
 __se_sys_ioctl+0x239/0x400 fs/ioctl.c:892
 __x64_sys_ioctl+0x97/0xe0 fs/ioctl.c:892
 x64_sys_call+0x1ebe/0x3db0 arch/x86/include/generated/asm/syscalls_64.h:17
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd9/0x1b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was stored to memory at:
 i2c_smbus_xfer_emulated drivers/i2c/i2c-core-smbus.c:495 [inline]
 __i2c_smbus_xfer+0x254d/0x2f60 drivers/i2c/i2c-core-smbus.c:607
 i2c_smbus_xfer+0x31d/0x4d0 drivers/i2c/i2c-core-smbus.c:545
 i2cdev_ioctl_smbus+0x4a1/0x660 drivers/i2c/i2c-dev.c:389
 i2cdev_ioctl+0xa14/0xf40 drivers/i2c/i2c-dev.c:478
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:906 [inline]
 __se_sys_ioctl+0x239/0x400 fs/ioctl.c:892
 __x64_sys_ioctl+0x97/0xe0 fs/ioctl.c:892
 x64_sys_call+0x1ebe/0x3db0 arch/x86/include/generated/asm/syscalls_64.h:17
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd9/0x1b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Local variable msgbuf1.i created at:
 i2c_smbus_xfer_emulated drivers/i2c/i2c-core-smbus.c:334 [inline]
 __i2c_smbus_xfer+0x86a/0x2f60 drivers/i2c/i2c-core-smbus.c:607
 i2c_smbus_xfer+0x31d/0x4d0 drivers/i2c/i2c-core-smbus.c:545

Bytes 0-1 of 2 are uninitialized
Memory access of size 2 starts at ffff88812e8b7d06
Data copied to user address 0000200000000080

CPU: 1 UID: 0 PID: 5885 Comm: syz-executor221 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(undef) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
=====================================================

Crashes (31):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/05/02 08:57 upstream 02ddfb981de8 51b137cd .config strace log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2025/05/04 08:07 upstream 02ddfb981de8 b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2025/05/04 06:45 upstream 02ddfb981de8 b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2025/05/04 03:40 upstream 02ddfb981de8 b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2025/05/04 01:40 upstream 02ddfb981de8 b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2025/05/03 23:00 upstream 02ddfb981de8 b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2025/05/03 16:49 upstream 02ddfb981de8 b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2025/05/03 12:45 upstream 02ddfb981de8 b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2025/05/03 12:38 upstream 02ddfb981de8 b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2025/05/03 12:34 upstream 02ddfb981de8 b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2025/05/03 06:14 upstream 02ddfb981de8 b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2025/05/02 14:34 upstream 02ddfb981de8 2bfec9c0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2025/05/02 14:33 upstream 02ddfb981de8 2bfec9c0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2025/05/02 05:04 upstream 02ddfb981de8 51b137cd .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2025/05/02 05:04 upstream 02ddfb981de8 51b137cd .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2025/05/02 05:04 upstream 02ddfb981de8 51b137cd .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2025/04/30 07:47 upstream 02ddfb981de8 85a5a23f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2025/05/04 02:24 upstream 02ddfb981de8 b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2025/05/03 22:57 upstream 02ddfb981de8 b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2025/05/03 12:41 upstream 02ddfb981de8 b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2025/05/03 10:35 upstream 02ddfb981de8 b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2025/05/03 07:12 upstream 02ddfb981de8 b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2025/05/03 07:11 upstream 02ddfb981de8 b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2025/05/01 22:16 upstream 02ddfb981de8 51b137cd .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2025/04/30 23:17 upstream 02ddfb981de8 ce7952f4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2025/04/30 23:14 upstream 02ddfb981de8 ce7952f4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2025/04/30 23:13 upstream 02ddfb981de8 ce7952f4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2025/04/29 08:08 upstream 02ddfb981de8 aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2025/04/29 08:07 upstream 02ddfb981de8 aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2025/04/29 08:07 upstream 02ddfb981de8 aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2025/04/28 18:51 upstream 02ddfb981de8 c6b4fb39 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
* Struck through repros no longer work on HEAD.