syzbot

 sign-in | mailing list | source | docs
🐞 Open [950] Subsystems 🐞 Fixed [4575] 🐞 Invalid [10560] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KMSAN: kernel-usb-infoleak in hif_usb_send

Status: fixed on 2023/02/24 13:50
Labels: wireless (incorrect?)
Reported-by: syzbot+f83a1df1ed4f67e8d8ad@syzkaller.appspotmail.com
Fix commit: d1e0df1c57bd ath9k_htc: fix uninit value bugs
First crash: 1036d, last: 413d
Discussions (10)
Title Replies (including bot) Last reply
[PATCH 4.19 000/338] 4.19.238-rc1 review 357 (358) 2022/12/17 09:01
[PATCH 4.14 000/284] 4.14.276-rc1 review 297 (298) 2022/09/12 10:15
[PATCH 5.10 000/599] 5.10.110-rc1 review 628 (629) 2022/05/08 12:31
[PATCH 4.9 000/218] 4.9.311-rc1 review 224 (225) 2022/04/19 10:09
[PATCH 5.4 000/475] 5.4.189-rc1 review 485 (486) 2022/04/15 15:35
[PATCH 5.16 0000/1017] 5.16.19-rc1 review 1034 (1035) 2022/04/07 08:34
[PATCH 5.15 000/913] 5.15.33-rc1 review 932 (933) 2022/04/06 15:36
[PATCH 5.17 0000/1126] 5.17.2-rc1 review 1143 (1144) 2022/04/06 14:06
[PATCH] ath9k_htc: fix uninit value bugs 6 (6) 2022/02/03 08:39
KMSAN: kernel-usb-infoleak in hif_usb_send 0 (2) 2020/08/13 08:14
Last patch testing requests (5)
Created Duration User Patch Repo Result
2022/01/15 11:36 20m paskripkin@gmail.com patch https://github.com/google/kmsan.git master report log
2022/01/15 10:37 13m paskripkin@gmail.com patch https://github.com/google/kmsan.git master report log
2022/01/15 09:53 13m paskripkin@gmail.com https://github.com/google/kmsan.git master report log
2020/09/26 03:08 21m anant.thazhemadam@gmail.com https://github.com/google/kmsan.git master OK
2020/09/26 00:39 22m anant.thazhemadam@gmail.com patch https://github.com/google/kmsan.git master OK

Sample crash report:
usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
=====================================================
BUG: KMSAN: kernel-usb-infoleak in kmsan_handle_urb+0x28/0x40 mm/kmsan/kmsan_hooks.c:303
CPU: 0 PID: 2019 Comm: kworker/0:2 Not tainted 5.11.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events request_firmware_work_func
Call Trace:
 __dump_stack lib/dump_stack.c:79 [inline]
 dump_stack+0x21c/0x280 lib/dump_stack.c:120
 kmsan_report+0xfb/0x1e0 mm/kmsan/kmsan_report.c:118
 kmsan_internal_check_memory+0x202/0x520 mm/kmsan/kmsan.c:402
 kmsan_handle_urb+0x28/0x40 mm/kmsan/kmsan_hooks.c:303
 usb_submit_urb+0x89f/0x2590 drivers/usb/core/urb.c:421
 hif_usb_send_regout drivers/net/wireless/ath/ath9k/hif_usb.c:127 [inline]
 hif_usb_send+0x5f5/0x1720 drivers/net/wireless/ath/ath9k/hif_usb.c:479
 htc_issue_send drivers/net/wireless/ath/ath9k/htc_hst.c:34 [inline]
 htc_connect_service+0x14b2/0x19f0 drivers/net/wireless/ath/ath9k/htc_hst.c:275
 ath9k_wmi_connect+0x178/0x2c0 drivers/net/wireless/ath/ath9k/wmi.c:267
 ath9k_init_htc_services+0xf3/0x1190 drivers/net/wireless/ath/ath9k/htc_drv_init.c:146
 ath9k_htc_probe_device+0x4fb/0x3e10 drivers/net/wireless/ath/ath9k/htc_drv_init.c:960
 ath9k_htc_hw_init+0xdf/0x190 drivers/net/wireless/ath/ath9k/htc_hst.c:503
 ath9k_hif_usb_firmware_cb+0x42b/0xab0 drivers/net/wireless/ath/ath9k/hif_usb.c:1239
 request_firmware_work_func+0x1b8/0x2e0 drivers/base/firmware_loader/main.c:1079
 process_one_work+0x1219/0x1fe0 kernel/workqueue.c:2275
 worker_thread+0x10ec/0x2340 kernel/workqueue.c:2421
 kthread+0x521/0x560 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296

Uninit was created at:
 kmsan_save_stack_with_flags mm/kmsan/kmsan.c:121 [inline]
 kmsan_internal_poison_shadow+0x5c/0xf0 mm/kmsan/kmsan.c:104
 kmsan_slab_alloc+0x8d/0xe0 mm/kmsan/kmsan_hooks.c:76
 slab_alloc_node mm/slub.c:2907 [inline]
 __kmalloc_node_track_caller+0xa37/0x1430 mm/slub.c:4527
 __kmalloc_reserve net/core/skbuff.c:142 [inline]
 __alloc_skb+0x2f8/0xb30 net/core/skbuff.c:210
 alloc_skb include/linux/skbuff.h:1099 [inline]
 htc_connect_service+0x1057/0x19f0 drivers/net/wireless/ath/ath9k/htc_hst.c:258
 ath9k_wmi_connect+0x178/0x2c0 drivers/net/wireless/ath/ath9k/wmi.c:267
 ath9k_init_htc_services+0xf3/0x1190 drivers/net/wireless/ath/ath9k/htc_drv_init.c:146
 ath9k_htc_probe_device+0x4fb/0x3e10 drivers/net/wireless/ath/ath9k/htc_drv_init.c:960
 ath9k_htc_hw_init+0xdf/0x190 drivers/net/wireless/ath/ath9k/htc_hst.c:503
 ath9k_hif_usb_firmware_cb+0x42b/0xab0 drivers/net/wireless/ath/ath9k/hif_usb.c:1239
 request_firmware_work_func+0x1b8/0x2e0 drivers/base/firmware_loader/main.c:1079
 process_one_work+0x1219/0x1fe0 kernel/workqueue.c:2275
 worker_thread+0x10ec/0x2340 kernel/workqueue.c:2421
 kthread+0x521/0x560 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296

Bytes 4-7 of 18 are uninitialized
Memory access of size 18 starts at ffff888121719400
=====================================================

Crashes (18149):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Manager Title
2021/03/01 19:21 https://github.com/google/kmsan.git master 29ad81a1074a 4c37c133 .config console log report syz C ci-upstream-kmsan-gce KMSAN: kernel-usb-infoleak in hif_usb_send
2021/02/26 11:46 https://github.com/google/kmsan.git master 29ad81a1074a 76f7fc95 .config console log report syz C ci-upstream-kmsan-gce KMSAN: kernel-usb-infoleak in hif_usb_send
2020/12/25 23:56 https://github.com/google/kmsan.git master 73d62e81b476 b982b3ea .config console log report syz C ci-upstream-kmsan-gce
2020/12/17 12:24 https://github.com/google/kmsan.git master 73d62e81b476 04201c06 .config console log report syz C ci-upstream-kmsan-gce
2020/08/20 18:25 https://github.com/google/kmsan.git master ce8056d1f79e ed282a3a .config console log report syz C ci-upstream-kmsan-gce
2020/08/13 08:14 https://github.com/google/kmsan.git master ce8056d1f79e bc15f7db .config console log report syz C ci-upstream-kmsan-gce
2022/04/22 13:57 https://github.com/google/kmsan.git master 33d9269ef6e0 2738b391 .config console log report info ci-upstream-kmsan-gce KMSAN: kernel-usb-infoleak in hif_usb_send
2022/04/22 12:40 https://github.com/google/kmsan.git master 33d9269ef6e0 2738b391 .config console log report info ci-upstream-kmsan-gce KMSAN: kernel-usb-infoleak in hif_usb_send
2022/04/22 11:33 https://github.com/google/kmsan.git master 33d9269ef6e0 2738b391 .config console log report info ci-upstream-kmsan-gce KMSAN: kernel-usb-infoleak in hif_usb_send
2022/04/22 10:31 https://github.com/google/kmsan.git master 33d9269ef6e0 2738b391 .config console log report info ci-upstream-kmsan-gce KMSAN: kernel-usb-infoleak in hif_usb_send
2022/04/22 05:54 https://github.com/google/kmsan.git master 33d9269ef6e0 2738b391 .config console log report info ci-upstream-kmsan-gce KMSAN: kernel-usb-infoleak in hif_usb_send
2022/04/22 03:02 https://github.com/google/kmsan.git master 33d9269ef6e0 2738b391 .config console log report info ci-upstream-kmsan-gce KMSAN: kernel-usb-infoleak in hif_usb_send
2022/04/22 01:53 https://github.com/google/kmsan.git master 33d9269ef6e0 2738b391 .config console log report info ci-upstream-kmsan-gce KMSAN: kernel-usb-infoleak in hif_usb_send
2022/04/22 00:45 https://github.com/google/kmsan.git master 33d9269ef6e0 2738b391 .config console log report info ci-upstream-kmsan-gce KMSAN: kernel-usb-infoleak in hif_usb_send
2022/04/21 23:38 https://github.com/google/kmsan.git master 33d9269ef6e0 2738b391 .config console log report info ci-upstream-kmsan-gce KMSAN: kernel-usb-infoleak in hif_usb_send
2022/04/21 21:30 https://github.com/google/kmsan.git master 33d9269ef6e0 2738b391 .config console log report info ci-upstream-kmsan-gce KMSAN: kernel-usb-infoleak in hif_usb_send
2022/04/21 20:18 https://github.com/google/kmsan.git master 33d9269ef6e0 2738b391 .config console log report info ci-upstream-kmsan-gce KMSAN: kernel-usb-infoleak in hif_usb_send
2022/04/21 17:50 https://github.com/google/kmsan.git master 33d9269ef6e0 2738b391 .config console log report info ci-upstream-kmsan-gce KMSAN: kernel-usb-infoleak in hif_usb_send
2022/04/21 15:41 https://github.com/google/kmsan.git master 33d9269ef6e0 2738b391 .config console log report info ci-upstream-kmsan-gce KMSAN: kernel-usb-infoleak in hif_usb_send
2022/04/21 13:10 https://github.com/google/kmsan.git master 33d9269ef6e0 d4befee1 .config console log report info ci-upstream-kmsan-gce KMSAN: kernel-usb-infoleak in hif_usb_send
2022/04/21 13:01 https://github.com/google/kmsan.git master 33d9269ef6e0 d4befee1 .config console log report info ci-upstream-kmsan-gce KMSAN: kernel-usb-infoleak in hif_usb_send
2022/04/21 10:03 https://github.com/google/kmsan.git master 33d9269ef6e0 d4befee1 .config console log report info ci-upstream-kmsan-gce KMSAN: kernel-usb-infoleak in hif_usb_send
2022/04/21 08:09 https://github.com/google/kmsan.git master 33d9269ef6e0 d4befee1 .config console log report info ci-upstream-kmsan-gce KMSAN: kernel-usb-infoleak in hif_usb_send
2022/04/21 07:06 https://github.com/google/kmsan.git master 33d9269ef6e0 d4befee1 .config console log report info ci-upstream-kmsan-gce KMSAN: kernel-usb-infoleak in hif_usb_send
2022/04/21 05:54 https://github.com/google/kmsan.git master 33d9269ef6e0 d4befee1 .config console log report info ci-upstream-kmsan-gce KMSAN: kernel-usb-infoleak in hif_usb_send
2022/04/21 01:36 https://github.com/google/kmsan.git master 33d9269ef6e0 d4befee1 .config console log report info ci-upstream-kmsan-gce KMSAN: kernel-usb-infoleak in hif_usb_send
2022/04/20 23:47 https://github.com/google/kmsan.git master 33d9269ef6e0 160a3f31 .config console log report info ci-upstream-kmsan-gce KMSAN: kernel-usb-infoleak in hif_usb_send
2022/04/20 22:08 https://github.com/google/kmsan.git master 33d9269ef6e0 160a3f31 .config console log report info ci-upstream-kmsan-gce KMSAN: kernel-usb-infoleak in hif_usb_send
2022/04/20 19:33 https://github.com/google/kmsan.git master 33d9269ef6e0 160a3f31 .config console log report info ci-upstream-kmsan-gce KMSAN: kernel-usb-infoleak in hif_usb_send
2022/04/20 18:23 https://github.com/google/kmsan.git master 33d9269ef6e0 160a3f31 .config console log report info ci-upstream-kmsan-gce KMSAN: kernel-usb-infoleak in hif_usb_send
2022/04/20 16:59 https://github.com/google/kmsan.git master 33d9269ef6e0 160a3f31 .config console log report info ci-upstream-kmsan-gce KMSAN: kernel-usb-infoleak in hif_usb_send
2022/04/20 15:57 https://github.com/google/kmsan.git master 33d9269ef6e0 160a3f31 .config console log report info ci-upstream-kmsan-gce KMSAN: kernel-usb-infoleak in hif_usb_send
2022/04/20 14:51 https://github.com/google/kmsan.git master 33d9269ef6e0 160a3f31 .config console log report info ci-upstream-kmsan-gce KMSAN: kernel-usb-infoleak in hif_usb_send
2022/04/20 13:44 https://github.com/google/kmsan.git master 33d9269ef6e0 160a3f31 .config console log report info ci-upstream-kmsan-gce KMSAN: kernel-usb-infoleak in hif_usb_send
2022/04/20 11:57 https://github.com/google/kmsan.git master 33d9269ef6e0 7d7bc738 .config console log report info ci-upstream-kmsan-gce KMSAN: kernel-usb-infoleak in hif_usb_send
2022/04/20 10:12 https://github.com/google/kmsan.git master 33d9269ef6e0 7d7bc738 .config console log report info ci-upstream-kmsan-gce KMSAN: kernel-usb-infoleak in hif_usb_send
2022/04/20 09:00 https://github.com/google/kmsan.git master 33d9269ef6e0 7d7bc738 .config console log report info ci-upstream-kmsan-gce KMSAN: kernel-usb-infoleak in hif_usb_send
2022/04/20 07:11 https://github.com/google/kmsan.git master 33d9269ef6e0 7d7bc738 .config console log report info ci-upstream-kmsan-gce KMSAN: kernel-usb-infoleak in hif_usb_send
2022/04/20 06:03 https://github.com/google/kmsan.git master 33d9269ef6e0 7d7bc738 .config console log report info ci-upstream-kmsan-gce KMSAN: kernel-usb-infoleak in hif_usb_send
2022/04/20 04:54 https://github.com/google/kmsan.git master 33d9269ef6e0 7d7bc738 .config console log report info ci-upstream-kmsan-gce KMSAN: kernel-usb-infoleak in hif_usb_send
2022/04/19 23:47 https://github.com/google/kmsan.git master 33d9269ef6e0 7d7bc738 .config console log report info ci-upstream-kmsan-gce KMSAN: kernel-usb-infoleak in hif_usb_send
2022/04/19 21:56 https://github.com/google/kmsan.git master 33d9269ef6e0 c334415e .config console log report info ci-upstream-kmsan-gce KMSAN: kernel-usb-infoleak in hif_usb_send
2022/04/21 22:35 https://github.com/google/kmsan.git master 33d9269ef6e0 2738b391 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-usb-infoleak in hif_usb_send
2022/04/21 20:20 https://github.com/google/kmsan.git master 33d9269ef6e0 2738b391 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-usb-infoleak in hif_usb_send
2022/04/21 16:48 https://github.com/google/kmsan.git master 33d9269ef6e0 2738b391 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-usb-infoleak in hif_usb_send
2022/04/21 11:59 https://github.com/google/kmsan.git master 33d9269ef6e0 d4befee1 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-usb-infoleak in hif_usb_send
2022/04/21 11:13 https://github.com/google/kmsan.git master 33d9269ef6e0 d4befee1 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-usb-infoleak in hif_usb_send
2022/04/21 10:03 https://github.com/google/kmsan.git master 33d9269ef6e0 d4befee1 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-usb-infoleak in hif_usb_send
2022/04/21 07:05 https://github.com/google/kmsan.git master 33d9269ef6e0 d4befee1 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-usb-infoleak in hif_usb_send
2022/04/21 04:45 https://github.com/google/kmsan.git master 33d9269ef6e0 d4befee1 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-usb-infoleak in hif_usb_send
2022/04/20 21:22 https://github.com/google/kmsan.git master 33d9269ef6e0 160a3f31 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-usb-infoleak in hif_usb_send
2022/04/20 02:09 https://github.com/google/kmsan.git master 33d9269ef6e0 7d7bc738 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: kernel-usb-infoleak in hif_usb_send
2021/01/17 13:43 https://github.com/google/kmsan.git master 73d62e81b476 813be542 .config console log report info ci-upstream-kmsan-gce
2020/08/11 15:40 https://github.com/google/kmsan.git master ce8056d1f79e bacaf5fa .config console log report ci-upstream-kmsan-gce-386
2020/08/08 05:20 https://github.com/google/kmsan.git master ce8056d1f79e ff51e522 .config console log report ci-upstream-kmsan-gce-386
2020/08/07 17:50 https://github.com/google/kmsan.git master 05fd5f9f0208 cb436c69 .config console log report ci-upstream-kmsan-gce-386
* Struck through repros no longer work on HEAD.