syzbot

 sign-in | mailing list | source | docs
🐞 Open [1217]
Subsystems
🐞 Fixed [5619]
🐞 Invalid [13498]
Missing Backports [100]
Kernel Health Bugs/Month Bug Lifetimes Fuzzing Crashes
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KMSAN: kernel-infoleak in raw_ioctl (2)

Status: upstream: reported C repro on 2024/07/23 20:55
Subsystems: usb
[Documentation on labels]
Reported-by: syzbot+17ca2339e34a1d863aad@syzkaller.appspotmail.com
Fix commit: usb: gadget: dummy_hcd: execute hrtimer callback in softirq context
Patched on: [ci2-upstream-usb], missing on: [ci-qemu-native-arm64-kvm ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-qemu2-riscv64 ci-snapshot-upstream-root ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-arm64 ci-upstream-gce-leak ci-upstream-kasan-badwrites-root ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce-386-root ci-upstream-kmsan-gce-root ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce]
First crash: 50d, last: now
Discussions (3)
Title Replies (including bot) Last reply
[PATCH] usb: gadget: dummy_hcd: execute hrtimer callback in softirq context 9 (9) 2024/09/04 01:34
[PATCH RESEND] usb: gadget: dummy_hcd: execute hrtimer callback in softirq context 1 (1) 2024/09/04 01:30
[syzbot] [usb?] KMSAN: kernel-infoleak in raw_ioctl (2) 1 (2) 2024/07/24 16:58
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: kernel-infoleak in raw_ioctl usb C 22 1465d 1490d 15/27 fixed on 2020/09/25 01:17

Sample crash report:
=====================================================
BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]
BUG: KMSAN: kernel-infoleak in _copy_to_user+0xbc/0x110 lib/usercopy.c:45
 instrument_copy_to_user include/linux/instrumented.h:114 [inline]
 _copy_to_user+0xbc/0x110 lib/usercopy.c:45
 copy_to_user include/linux/uaccess.h:191 [inline]
 raw_ioctl_ep0_read drivers/usb/gadget/legacy/raw_gadget.c:786 [inline]
 raw_ioctl+0x3d2e/0x5440 drivers/usb/gadget/legacy/raw_gadget.c:1315
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:907 [inline]
 __se_sys_ioctl+0x261/0x450 fs/ioctl.c:893
 __x64_sys_ioctl+0x96/0xe0 fs/ioctl.c:893
 x64_sys_call+0x1a06/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:17
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was created at:
 slab_post_alloc_hook mm/slub.c:3985 [inline]
 slab_alloc_node mm/slub.c:4028 [inline]
 __do_kmalloc_node mm/slub.c:4148 [inline]
 __kmalloc_noprof+0x661/0xf30 mm/slub.c:4161
 kmalloc_noprof include/linux/slab.h:685 [inline]
 raw_alloc_io_data drivers/usb/gadget/legacy/raw_gadget.c:675 [inline]
 raw_ioctl_ep0_read drivers/usb/gadget/legacy/raw_gadget.c:778 [inline]
 raw_ioctl+0x3bcb/0x5440 drivers/usb/gadget/legacy/raw_gadget.c:1315
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:907 [inline]
 __se_sys_ioctl+0x261/0x450 fs/ioctl.c:893
 __x64_sys_ioctl+0x96/0xe0 fs/ioctl.c:893
 x64_sys_call+0x1a06/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:17
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Bytes 0-4095 of 4096 are uninitialized
Memory access of size 4096 starts at ffff888116edb000
Data copied to user address 00007ffefdca74d8

CPU: 0 PID: 5057 Comm: syz-executor289 Not tainted 6.10.0-syzkaller-11185-g2c9b3512402e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
=====================================================

Crashes (13638):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/07/21 15:08 upstream 2c9b3512402e b88348e9 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in raw_ioctl
2024/09/07 22:33 upstream d1f2d51b711a 9750182a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in raw_ioctl
2024/09/07 18:58 upstream b31c44928842 9750182a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in raw_ioctl
2024/09/07 16:09 upstream b31c44928842 9750182a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in raw_ioctl
2024/09/07 13:56 upstream b31c44928842 9750182a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in raw_ioctl
2024/09/07 10:14 upstream b31c44928842 9750182a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in raw_ioctl
2024/09/07 09:14 upstream b31c44928842 9750182a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in raw_ioctl
2024/09/07 08:13 upstream b31c44928842 9750182a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in raw_ioctl
2024/09/07 07:14 upstream b31c44928842 9750182a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in raw_ioctl
2024/09/07 07:02 upstream b31c44928842 9750182a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in raw_ioctl
2024/09/07 01:15 upstream b831f83e40a2 ce70880a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in raw_ioctl
2024/09/06 23:26 upstream b831f83e40a2 ce70880a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in raw_ioctl
2024/09/06 19:17 upstream b831f83e40a2 ce70880a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in raw_ioctl
2024/09/06 18:29 upstream b831f83e40a2 ce70880a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in raw_ioctl
2024/09/06 16:55 upstream b831f83e40a2 ce70880a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in raw_ioctl
2024/09/06 15:53 upstream b831f83e40a2 ce70880a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in raw_ioctl
2024/09/06 12:39 upstream ad618736883b 464ac2ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in raw_ioctl
2024/09/06 11:06 upstream ad618736883b 464ac2ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in raw_ioctl
2024/09/06 08:38 upstream ad618736883b 464ac2ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in raw_ioctl
2024/09/06 06:37 upstream ad618736883b 464ac2ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in raw_ioctl
2024/09/06 05:37 upstream ad618736883b 464ac2ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in raw_ioctl
2024/09/06 05:36 upstream ad618736883b 464ac2ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in raw_ioctl
2024/09/06 04:27 upstream ad618736883b 464ac2ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in raw_ioctl
2024/09/07 22:31 upstream d1f2d51b711a 9750182a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in raw_ioctl
2024/09/07 21:26 upstream d1f2d51b711a 9750182a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in raw_ioctl
2024/09/07 20:35 upstream d1f2d51b711a 9750182a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in raw_ioctl
2024/09/07 17:11 upstream b31c44928842 9750182a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in raw_ioctl
2024/09/07 12:35 upstream b31c44928842 9750182a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in raw_ioctl
2024/09/07 11:02 upstream b31c44928842 9750182a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in raw_ioctl
2024/09/07 06:02 upstream b31c44928842 9750182a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in raw_ioctl
2024/09/07 05:02 upstream b31c44928842 9750182a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in raw_ioctl
2024/09/07 00:35 upstream b831f83e40a2 ce70880a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in raw_ioctl
2024/09/06 23:13 upstream b831f83e40a2 ce70880a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in raw_ioctl
2024/09/06 22:12 upstream b831f83e40a2 ce70880a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in raw_ioctl
2024/09/06 21:38 upstream b831f83e40a2 ce70880a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in raw_ioctl
2024/09/06 20:33 upstream b831f83e40a2 ce70880a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in raw_ioctl
2024/09/06 17:27 upstream b831f83e40a2 ce70880a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in raw_ioctl
2024/09/06 13:38 upstream ad618736883b 464ac2ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in raw_ioctl
2024/09/06 12:07 upstream ad618736883b 464ac2ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in raw_ioctl
2024/09/06 10:22 upstream ad618736883b 464ac2ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in raw_ioctl
2024/09/06 09:38 upstream ad618736883b 464ac2ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in raw_ioctl
2024/09/06 07:39 upstream ad618736883b 464ac2ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in raw_ioctl
2024/09/06 02:09 upstream c763c4339688 464ac2ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in raw_ioctl
2024/09/06 01:02 upstream c763c4339688 464ac2ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in raw_ioctl
* Struck through repros no longer work on HEAD.