syzbot

 sign-in | mailing list | source | docs
🐞 Open [1651]
Subsystems
🐞 Fixed [6000]
🐞 Invalid [14793]
Missing Backports [136]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KMSAN: kernel-usb-infoleak in usbnet_write_cmd_nopm

Status: auto-closed as invalid on 2022/09/27 08:31
Subsystems: usb
[Documentation on labels]
First crash: 1113d, last: 1079d
Last patch testing requests (1)
Created Duration User Patch Repo Result
2022/09/27 07:30 23m retest repro https://github.com/google/kmsan.git master OK log

Sample crash report:
ax88179_178a 1-1:0.38 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
ax88179_178a 1-1:0.38 eth2: register 'ax88179_178a' at usb-dummy_hcd.0-1, D-Link DUB-1312 USB 3.0 to Gigabit Ethernet Adapter, 2e:e2:0e:fb:7a:a5
ax88179_178a 1-1:0.38 eth2: Failed to read reg index 0x0002: -71
=====================================================
BUG: KMSAN: kernel-usb-infoleak in usb_submit_urb+0x6c1/0x2aa0 drivers/usb/core/urb.c:430
 usb_submit_urb+0x6c1/0x2aa0 drivers/usb/core/urb.c:430
 usb_start_wait_urb+0x153/0x4b0 drivers/usb/core/message.c:58
 usb_internal_control_msg drivers/usb/core/message.c:102 [inline]
 usb_control_msg+0x487/0x7c0 drivers/usb/core/message.c:153
 __usbnet_write_cmd drivers/net/usb/usbnet.c:2050 [inline]
 usbnet_write_cmd_nopm+0x2c9/0x330 drivers/net/usb/usbnet.c:2115
 __ax88179_write_cmd drivers/net/usb/ax88179_178a.c:224 [inline]
 ax88179_write_cmd_nopm drivers/net/usb/ax88179_178a.c:283 [inline]
 ax88179_suspend+0x252/0xab0 drivers/net/usb/ax88179_178a.c:437
 usb_suspend_interface drivers/usb/core/driver.c:1307 [inline]
 usb_suspend_both+0x38e/0x1fa0 drivers/usb/core/driver.c:1412
 usb_runtime_suspend+0xe4/0x270 drivers/usb/core/driver.c:1950
 __rpm_callback+0xdb1/0x14f0 drivers/base/power/runtime.c:377
 rpm_callback drivers/base/power/runtime.c:501 [inline]
 rpm_suspend+0x18ac/0x3650 drivers/base/power/runtime.c:644
 __pm_runtime_suspend+0x2d1/0x330 drivers/base/power/runtime.c:1080
 pm_runtime_put_sync_autosuspend include/linux/pm_runtime.h:490 [inline]
 usb_new_device+0x1e52/0x2950 drivers/usb/core/hub.c:2593
 hub_port_connect drivers/usb/core/hub.c:5353 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5497 [inline]
 port_event drivers/usb/core/hub.c:5643 [inline]
 hub_event+0x5ad2/0x8910 drivers/usb/core/hub.c:5725
 process_one_work+0xdb9/0x1820 kernel/workqueue.c:2298
 worker_thread+0x10bc/0x21f0 kernel/workqueue.c:2445
 kthread+0x721/0x850 kernel/kthread.c:327
 ret_from_fork+0x1f/0x30

Uninit was stored to memory at:
 kmemdup+0x107/0x140 mm/util.c:130
 __usbnet_write_cmd drivers/net/usb/usbnet.c:2039 [inline]
 usbnet_write_cmd_nopm+0x100/0x330 drivers/net/usb/usbnet.c:2115
 __ax88179_write_cmd drivers/net/usb/ax88179_178a.c:224 [inline]
 ax88179_write_cmd_nopm drivers/net/usb/ax88179_178a.c:283 [inline]
 ax88179_suspend+0x252/0xab0 drivers/net/usb/ax88179_178a.c:437
 usb_suspend_interface drivers/usb/core/driver.c:1307 [inline]
 usb_suspend_both+0x38e/0x1fa0 drivers/usb/core/driver.c:1412
 usb_runtime_suspend+0xe4/0x270 drivers/usb/core/driver.c:1950
 __rpm_callback+0xdb1/0x14f0 drivers/base/power/runtime.c:377
 rpm_callback drivers/base/power/runtime.c:501 [inline]
 rpm_suspend+0x18ac/0x3650 drivers/base/power/runtime.c:644
 __pm_runtime_suspend+0x2d1/0x330 drivers/base/power/runtime.c:1080
 pm_runtime_put_sync_autosuspend include/linux/pm_runtime.h:490 [inline]
 usb_new_device+0x1e52/0x2950 drivers/usb/core/hub.c:2593
 hub_port_connect drivers/usb/core/hub.c:5353 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5497 [inline]
 port_event drivers/usb/core/hub.c:5643 [inline]
 hub_event+0x5ad2/0x8910 drivers/usb/core/hub.c:5725
 process_one_work+0xdb9/0x1820 kernel/workqueue.c:2298
 worker_thread+0x10bc/0x21f0 kernel/workqueue.c:2445
 kthread+0x721/0x850 kernel/kthread.c:327
 ret_from_fork+0x1f/0x30

Uninit was stored to memory at:
 ax88179_write_cmd_nopm drivers/net/usb/ax88179_178a.c:281 [inline]
 ax88179_suspend+0x6e9/0xab0 drivers/net/usb/ax88179_178a.c:437
 usb_suspend_interface drivers/usb/core/driver.c:1307 [inline]
 usb_suspend_both+0x38e/0x1fa0 drivers/usb/core/driver.c:1412
 usb_runtime_suspend+0xe4/0x270 drivers/usb/core/driver.c:1950
 __rpm_callback+0xdb1/0x14f0 drivers/base/power/runtime.c:377
 rpm_callback drivers/base/power/runtime.c:501 [inline]
 rpm_suspend+0x18ac/0x3650 drivers/base/power/runtime.c:644
 __pm_runtime_suspend+0x2d1/0x330 drivers/base/power/runtime.c:1080
 pm_runtime_put_sync_autosuspend include/linux/pm_runtime.h:490 [inline]
 usb_new_device+0x1e52/0x2950 drivers/usb/core/hub.c:2593
 hub_port_connect drivers/usb/core/hub.c:5353 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5497 [inline]
 port_event drivers/usb/core/hub.c:5643 [inline]
 hub_event+0x5ad2/0x8910 drivers/usb/core/hub.c:5725
 process_one_work+0xdb9/0x1820 kernel/workqueue.c:2298
 worker_thread+0x10bc/0x21f0 kernel/workqueue.c:2445
 kthread+0x721/0x850 kernel/kthread.c:327
 ret_from_fork+0x1f/0x30

Local variable buf.i created at:
 ax88179_suspend+0xd4/0xab0 drivers/net/usb/ax88179_178a.c:434
 usb_suspend_interface drivers/usb/core/driver.c:1307 [inline]
 usb_suspend_both+0x38e/0x1fa0 drivers/usb/core/driver.c:1412

Bytes 0-1 of 2 are uninitialized
Memory access of size 2 starts at ffff888113547968

CPU: 0 PID: 116 Comm: kworker/0:2 Not tainted 5.16.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: usb_hub_wq hub_event
=====================================================

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/02/13 07:32 https://github.com/google/kmsan.git master 85cfd6e539bd 8b9ca619 .config console log report syz C ci-upstream-kmsan-gce KMSAN: kernel-usb-infoleak in usbnet_write_cmd_nopm
2022/02/13 07:03 https://github.com/google/kmsan.git master 85cfd6e539bd 8b9ca619 .config console log report info ci-upstream-kmsan-gce KMSAN: kernel-usb-infoleak in usbnet_write_cmd_nopm
2022/01/10 17:08 https://github.com/google/kmsan.git master 81c325bbf94e 2ca0d385 .config console log report info ci-upstream-kmsan-gce KMSAN: kernel-usb-infoleak in usbnet_write_cmd_nopm
* Struck through repros no longer work on HEAD.