syzbot


KMSAN: kernel-usb-infoleak in usbtmc_generic_write

Status: upstream: reported C repro on 2024/08/02 15:42
Subsystems: usb
[Documentation on labels]
Reported-by: syzbot+8f282cce71948071c335@syzkaller.appspotmail.com
First crash: 73d, last: 17d
Discussions (3)
Title Replies (including bot) Last reply
Re: [PATCH] usb: usbtmc: initialize memory written to device 3 (3) 2024/10/04 13:56
Re: [PATCH] usb: usbtmc: initialize memory written to device 2 (2) 2024/10/04 13:38
[syzbot] [usb?] KMSAN: kernel-usb-infoleak in usbtmc_generic_write 0 (2) 2024/09/22 09:17
Last patch testing requests (1)
Created Duration User Patch Repo Result
2024/10/07 10:49 50m retest repro upstream OK log

Sample crash report:
=====================================================
BUG: KMSAN: kernel-usb-infoleak in usb_submit_urb+0x597/0x2350 drivers/usb/core/urb.c:430
 usb_submit_urb+0x597/0x2350 drivers/usb/core/urb.c:430
 usbtmc_generic_write+0x7b6/0xe80 drivers/usb/class/usbtmc.c:1213
 usbtmc_write+0xdb7/0x1210 drivers/usb/class/usbtmc.c:1622
 vfs_write+0x487/0x1540 fs/read_write.c:681
 ksys_write+0x20f/0x4c0 fs/read_write.c:736
 __do_sys_write fs/read_write.c:748 [inline]
 __se_sys_write fs/read_write.c:745 [inline]
 __x64_sys_write+0x93/0xe0 fs/read_write.c:745
 x64_sys_call+0x306a/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:2
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was created at:
 slab_post_alloc_hook mm/slub.c:4092 [inline]
 slab_alloc_node mm/slub.c:4135 [inline]
 __kmalloc_cache_noprof+0x4f0/0xb00 mm/slub.c:4291
 kmalloc_noprof include/linux/slab.h:878 [inline]
 usbtmc_create_urb drivers/usb/class/usbtmc.c:757 [inline]
 usbtmc_generic_write+0x430/0xe80 drivers/usb/class/usbtmc.c:1176
 usbtmc_write+0xdb7/0x1210 drivers/usb/class/usbtmc.c:1622
 vfs_write+0x487/0x1540 fs/read_write.c:681
 ksys_write+0x20f/0x4c0 fs/read_write.c:736
 __do_sys_write fs/read_write.c:748 [inline]
 __se_sys_write fs/read_write.c:745 [inline]
 __x64_sys_write+0x93/0xe0 fs/read_write.c:745
 x64_sys_call+0x306a/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:2
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Bytes 2-3 of 4 are uninitialized
Memory access of size 4 starts at ffff88803f5c4000

CPU: 1 UID: 0 PID: 8114 Comm: syz.2.527 Tainted: G        W          6.11.0-syzkaller-08829-gaf9c191ac2a0 #0
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
=====================================================

Crashes (16):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/09/23 02:52 upstream af9c191ac2a0 6f888b75 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-usb-infoleak in usbtmc_generic_write
2024/09/22 09:16 upstream 88264981f208 6f888b75 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-usb-infoleak in usbtmc_generic_write
2024/09/22 05:19 upstream 88264981f208 6f888b75 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-usb-infoleak in usbtmc_generic_write
2024/09/22 05:19 upstream 88264981f208 6f888b75 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-usb-infoleak in usbtmc_generic_write
2024/09/22 05:19 upstream 88264981f208 6f888b75 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-usb-infoleak in usbtmc_generic_write
2024/08/08 15:48 upstream 6a0e38264012 de12cf65 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-usb-infoleak in usbtmc_generic_write
2024/07/30 13:29 upstream 94ede2a3e913 a4e01e1e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-usb-infoleak in usbtmc_generic_write
2024/07/29 15:31 upstream dc1c8034e31b 5187fc86 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-usb-infoleak in usbtmc_generic_write
2024/09/23 10:36 upstream de5cb0dcb74c 6f888b75 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-usb-infoleak in usbtmc_generic_write
2024/08/22 12:05 upstream 872cf28b8df9 ca02180f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-usb-infoleak in usbtmc_generic_write
2024/08/10 15:58 upstream afdab700f65e 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-usb-infoleak in usbtmc_generic_write
2024/08/10 15:53 upstream afdab700f65e 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-usb-infoleak in usbtmc_generic_write
2024/08/10 15:43 upstream afdab700f65e 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-usb-infoleak in usbtmc_generic_write
2024/08/10 15:42 upstream afdab700f65e 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-usb-infoleak in usbtmc_generic_write
2024/08/09 08:02 upstream cf6d429eb656 61405512 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-usb-infoleak in usbtmc_generic_write
2024/08/08 14:53 upstream 6a0e38264012 de12cf65 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-usb-infoleak in usbtmc_generic_write
* Struck through repros no longer work on HEAD.