syzbot

 sign-in | mailing list | source | docs
🐞 Open [1225]
Subsystems
🐞 Fixed [5626]
🐞 Invalid [13553]
Missing Backports [97]
Kernel Health Bugs/Month Bug Lifetimes Fuzzing Crashes
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KMSAN: kernel-usb-infoleak in usbtmc_generic_write

Status: upstream: reported on 2024/08/02 15:42
Subsystems: usb
[Documentation on labels]
Reported-by: syzbot+8f282cce71948071c335@syzkaller.appspotmail.com
First crash: 44d, last: 21d
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [usb?] KMSAN: kernel-usb-infoleak in usbtmc_generic_write 0 (1) 2024/08/02 15:42

Sample crash report:
=====================================================
BUG: KMSAN: kernel-usb-infoleak in usb_submit_urb+0x597/0x2350 drivers/usb/core/urb.c:430
 usb_submit_urb+0x597/0x2350 drivers/usb/core/urb.c:430
 usbtmc_generic_write+0x7b6/0xe80 drivers/usb/class/usbtmc.c:1213
 usbtmc_write+0xdbd/0x1220 drivers/usb/class/usbtmc.c:1622
 vfs_write+0x493/0x1550 fs/read_write.c:588
 ksys_write+0x20f/0x4c0 fs/read_write.c:643
 __do_sys_write fs/read_write.c:655 [inline]
 __se_sys_write fs/read_write.c:652 [inline]
 __x64_sys_write+0x93/0xe0 fs/read_write.c:652
 x64_sys_call+0x306a/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:2
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was created at:
 slab_post_alloc_hook mm/slub.c:3994 [inline]
 slab_alloc_node mm/slub.c:4037 [inline]
 __kmalloc_cache_noprof+0x4f0/0xb00 mm/slub.c:4184
 kmalloc_noprof include/linux/slab.h:681 [inline]
 usbtmc_create_urb drivers/usb/class/usbtmc.c:757 [inline]
 usbtmc_generic_write+0x430/0xe80 drivers/usb/class/usbtmc.c:1176
 usbtmc_write+0xdbd/0x1220 drivers/usb/class/usbtmc.c:1622
 vfs_write+0x493/0x1550 fs/read_write.c:588
 ksys_write+0x20f/0x4c0 fs/read_write.c:643
 __do_sys_write fs/read_write.c:655 [inline]
 __se_sys_write fs/read_write.c:652 [inline]
 __x64_sys_write+0x93/0xe0 fs/read_write.c:652
 x64_sys_call+0x306a/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:2
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Bytes 1-3 of 4 are uninitialized
Memory access of size 4 starts at ffff88803db74000

CPU: 1 UID: 0 PID: 5461 Comm: syz.0.21 Not tainted 6.11.0-rc2-syzkaller-00027-g6a0e38264012 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
=====================================================

Crashes (10):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/08/08 15:48 upstream 6a0e38264012 de12cf65 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-usb-infoleak in usbtmc_generic_write
2024/07/30 13:29 upstream 94ede2a3e913 a4e01e1e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-usb-infoleak in usbtmc_generic_write
2024/07/29 15:31 upstream dc1c8034e31b 5187fc86 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-usb-infoleak in usbtmc_generic_write
2024/08/22 12:05 upstream 872cf28b8df9 ca02180f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-usb-infoleak in usbtmc_generic_write
2024/08/10 15:58 upstream afdab700f65e 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-usb-infoleak in usbtmc_generic_write
2024/08/10 15:53 upstream afdab700f65e 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-usb-infoleak in usbtmc_generic_write
2024/08/10 15:43 upstream afdab700f65e 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-usb-infoleak in usbtmc_generic_write
2024/08/10 15:42 upstream afdab700f65e 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-usb-infoleak in usbtmc_generic_write
2024/08/09 08:02 upstream cf6d429eb656 61405512 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-usb-infoleak in usbtmc_generic_write
2024/08/08 14:53 upstream 6a0e38264012 de12cf65 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-usb-infoleak in usbtmc_generic_write
* Struck through repros no longer work on HEAD.