syzbot

 sign-in | mailing list | source | docs
🐞 Open [1282]
Subsystems
🐞 Fixed [5732]
🐞 Invalid [13984]
Missing Backports [94]
Kernel Health Bugs/Month Bug Lifetimes Fuzzing Crashes
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KMSAN: kernel-usb-infoleak in usbtmc_write

Status: upstream: reported C repro on 2024/07/25 09:14
Subsystems: usb
[Documentation on labels]
Reported-by: syzbot+9d34f80f841e948c3fdb@syzkaller.appspotmail.com
Fix commit: 625fa77151f0 USB: usbtmc: prevent kernel-usb-infoleak
Patched on: [ci-qemu-gce-upstream-auto ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-qemu2-riscv64 ci-snapshot-upstream-root ci-upstream-bpf-next-kasan-gce ci-upstream-gce-arm64 ci-upstream-gce-leak ci-upstream-kasan-badwrites-root ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce-386-root ci-upstream-kmsan-gce-root ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce ci2-upstream-usb], missing on: [ci-qemu-native-arm64-kvm ci-upstream-bpf-kasan-gce]
First crash: 85d, last: 20d
Discussions (2)
Title Replies (including bot) Last reply
[PATCH] USB: usbtmc: prevent kernel-infoleak 20 (20) 2024/09/08 09:17
[syzbot] [usb?] KMSAN: kernel-usb-infoleak in usbtmc_write 7 (18) 2024/09/06 16:59
Last patch testing requests (9)
Created Duration User Patch Repo Result
2024/09/06 13:52 3h05m eadavis@qq.com patch upstream OK log
2024/09/06 13:12 37m eadavis@qq.com patch upstream OK log
2024/09/06 12:38 28m eadavis@qq.com patch upstream OK log
2024/09/06 11:57 31m eadavis@qq.com patch upstream OK log
2024/09/05 14:27 28m eadavis@qq.com patch upstream OK log
2024/09/05 11:27 4h01m eadavis@qq.com patch upstream OK log
2024/09/05 08:29 28m lizhi.xu@windriver.com patch upstream report log
2024/09/05 07:11 25m lizhi.xu@windriver.com patch upstream report log
2024/09/04 12:48 44m eadavis@qq.com patch upstream OK log

Sample crash report:
=====================================================
BUG: KMSAN: kernel-usb-infoleak in usb_submit_urb+0x597/0x2350 drivers/usb/core/urb.c:430
 usb_submit_urb+0x597/0x2350 drivers/usb/core/urb.c:430
 usbtmc_write+0xc32/0x1220 drivers/usb/class/usbtmc.c:1606
 vfs_write+0x493/0x1550 fs/read_write.c:588
 ksys_write+0x20f/0x4c0 fs/read_write.c:643
 __do_sys_write fs/read_write.c:655 [inline]
 __se_sys_write fs/read_write.c:652 [inline]
 __x64_sys_write+0x93/0xe0 fs/read_write.c:652
 x64_sys_call+0x306a/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:2
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was created at:
 slab_post_alloc_hook mm/slub.c:3994 [inline]
 slab_alloc_node mm/slub.c:4037 [inline]
 __kmalloc_cache_noprof+0x4f0/0xb00 mm/slub.c:4184
 kmalloc_noprof include/linux/slab.h:681 [inline]
 usbtmc_create_urb drivers/usb/class/usbtmc.c:757 [inline]
 usbtmc_write+0x3d3/0x1220 drivers/usb/class/usbtmc.c:1547
 vfs_write+0x493/0x1550 fs/read_write.c:588
 ksys_write+0x20f/0x4c0 fs/read_write.c:643
 __do_sys_write fs/read_write.c:655 [inline]
 __se_sys_write fs/read_write.c:652 [inline]
 __x64_sys_write+0x93/0xe0 fs/read_write.c:652
 x64_sys_call+0x306a/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:2
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Byte 15 of 16 is uninitialized
Memory access of size 16 starts at ffff8881171ce000

CPU: 1 UID: 0 PID: 5216 Comm: syz-executor240 Not tainted 6.11.0-rc6-syzkaller-00026-g88fac17500f4 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
=====================================================

Crashes (167):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/09/04 16:01 upstream 88fac17500f4 9d47f20a .config strace log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-usb-infoleak in usbtmc_write
2024/09/04 14:06 upstream 88fac17500f4 9d47f20a .config strace log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-usb-infoleak in usbtmc_write
2024/09/04 11:59 upstream 88fac17500f4 9d47f20a .config strace log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-usb-infoleak in usbtmc_write
2024/09/26 13:00 upstream aa486552a110 0d19f247 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-usb-infoleak in usbtmc_write
2024/09/23 18:36 upstream de5cb0dcb74c 89298aad .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-usb-infoleak in usbtmc_write
2024/09/22 15:00 upstream 88264981f208 6f888b75 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-usb-infoleak in usbtmc_write
2024/09/19 20:50 upstream 839c4f596f89 6f888b75 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-usb-infoleak in usbtmc_write
2024/09/19 09:10 upstream 4a39ac5b7d62 c673ca06 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-usb-infoleak in usbtmc_write
2024/09/18 15:37 upstream bdf56c7580d2 c673ca06 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-usb-infoleak in usbtmc_write
2024/09/17 14:02 upstream a430d95c5efa c673ca06 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-usb-infoleak in usbtmc_write
2024/09/16 23:10 upstream adfc3ded5c33 49cf0773 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-usb-infoleak in usbtmc_write
2024/09/16 21:18 upstream adfc3ded5c33 49cf0773 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-usb-infoleak in usbtmc_write
2024/09/16 02:15 upstream d42f7708e27c 08d8a733 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-usb-infoleak in usbtmc_write
2024/09/14 18:41 upstream b7718454f937 ff60e2ca .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-usb-infoleak in usbtmc_write
2024/09/14 04:49 upstream e936e7d4a83b 158f4851 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-usb-infoleak in usbtmc_write
2024/09/13 14:31 upstream 196145c606d0 73e8a465 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-usb-infoleak in usbtmc_write
2024/09/12 08:23 upstream 7c6a3a65ace7 d94c83d8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-usb-infoleak in usbtmc_write
2024/09/10 11:43 upstream bc83b4d1f086 784df80e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-usb-infoleak in usbtmc_write
2024/09/08 17:59 upstream d1f2d51b711a 9750182a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-usb-infoleak in usbtmc_write
2024/09/07 16:11 upstream b31c44928842 9750182a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-usb-infoleak in usbtmc_write
2024/09/04 13:00 upstream 88fac17500f4 9d47f20a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-usb-infoleak in usbtmc_write
2024/09/04 10:49 upstream 88fac17500f4 9d47f20a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-usb-infoleak in usbtmc_write
2024/09/04 07:54 upstream 88fac17500f4 9d47f20a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-usb-infoleak in usbtmc_write
2024/09/03 02:39 upstream 67784a74e258 abeaa9b9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-usb-infoleak in usbtmc_write
2024/09/01 16:59 upstream 431c1646e1f8 1eda0d14 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-usb-infoleak in usbtmc_write
2024/09/01 02:54 upstream e8784b0aef62 1eda0d14 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-usb-infoleak in usbtmc_write
2024/08/31 12:08 upstream 1934261d8974 1eda0d14 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-usb-infoleak in usbtmc_write
2024/08/31 02:50 upstream 20371ba12063 f885a8ff .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-usb-infoleak in usbtmc_write
2024/08/30 15:24 upstream 20371ba12063 54fe8471 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-usb-infoleak in usbtmc_write
2024/08/30 03:38 upstream d5d547aa7b51 54fe8471 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-usb-infoleak in usbtmc_write
2024/08/27 02:59 upstream 5be63fc19fca 9aee4e0b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-usb-infoleak in usbtmc_write
2024/08/25 23:45 upstream 5be63fc19fca d7d32352 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-usb-infoleak in usbtmc_write
2024/09/27 13:03 upstream 13882369ceb9 9314348a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-usb-infoleak in usbtmc_write
2024/09/24 02:14 upstream f8eb5bd9a818 89298aad .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-usb-infoleak in usbtmc_write
2024/09/23 12:01 upstream de5cb0dcb74c 6f888b75 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-usb-infoleak in usbtmc_write
2024/09/20 21:28 upstream baeb9a7d8b60 6f888b75 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-usb-infoleak in usbtmc_write
2024/09/20 03:43 upstream 839c4f596f89 6f888b75 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-usb-infoleak in usbtmc_write
2024/09/18 03:38 upstream fc1dc0d50780 c673ca06 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-usb-infoleak in usbtmc_write
2024/09/17 22:29 upstream fc1dc0d50780 c673ca06 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-usb-infoleak in usbtmc_write
2024/09/15 11:05 upstream 0babf683783d 08d8a733 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-usb-infoleak in usbtmc_write
2024/09/14 16:34 upstream b7718454f937 ff60e2ca .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-usb-infoleak in usbtmc_write
2024/09/07 18:43 upstream b31c44928842 9750182a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-usb-infoleak in usbtmc_write
2024/09/06 00:43 upstream c763c4339688 464ac2ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-usb-infoleak in usbtmc_write
2024/09/04 16:03 upstream 88fac17500f4 9d47f20a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-usb-infoleak in usbtmc_write
2024/09/04 15:58 upstream 88fac17500f4 9d47f20a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-usb-infoleak in usbtmc_write
2024/09/01 10:18 upstream e8784b0aef62 1eda0d14 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-usb-infoleak in usbtmc_write
2024/08/30 05:47 upstream d5d547aa7b51 54fe8471 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-usb-infoleak in usbtmc_write
2024/08/28 21:03 upstream 86987d84b968 940f38c1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-usb-infoleak in usbtmc_write
2024/08/27 06:44 upstream 5be63fc19fca 9aee4e0b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-usb-infoleak in usbtmc_write
2024/08/26 05:38 upstream 5be63fc19fca d7d32352 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-usb-infoleak in usbtmc_write
2024/07/24 08:07 upstream 28bbe4ea686a 57b2edb1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-usb-infoleak in usbtmc_write
2024/07/24 08:07 upstream 28bbe4ea686a 57b2edb1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-usb-infoleak in usbtmc_write
* Struck through repros no longer work on HEAD.