syzbot


KMSAN: kernel-infoleak in i2cdev_ioctl_smbus

Status: upstream: reported C repro on 2025/05/02 18:58
Subsystems: usb i2c
[Documentation on labels]
Reported-by: syzbot+08b819a87faa6def6dfb@syzkaller.appspotmail.com
First crash: 356d, last: 9d12h
Discussions (8)
Title Replies (including bot) Last reply
[syzbot] Monthly i2c report (Mar 2026) 0 (1) 2026/03/27 12:54
[syzbot] Monthly i2c report (Jan 2026) 0 (1) 2026/01/19 12:46
[syzbot] Monthly i2c report (Nov 2025) 0 (1) 2025/11/30 10:08
[syzbot] Monthly i2c report (Oct 2025) 0 (1) 2025/10/28 13:08
[PATCH v2] media: dvb-usb: az6027: fix return value of az6027_i2c_xfer() 1 (1) 2025/05/06 00:09
[PATCH] media: dvb-usb: az6027: fix return value of az6027_i2c_xfer() 1 (1) 2025/05/05 22:40
[PATCH] media: dvb-usb: az6027: fix return value of az6027_i2c_xfer() 1 (1) 2025/05/05 21:20
[syzbot] [i2c?] KMSAN: kernel-infoleak in i2cdev_ioctl_smbus 0 (2) 2025/05/05 01:42
Last patch testing requests (2)
Created Duration User Patch Repo Result
2025/06/09 20:51 30m retest repro upstream report log
2025/05/05 01:42 1h06m praveen.balakrishnan@magd.ox.ac.uk patch upstream OK log

Sample crash report:
=====================================================
BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:131 [inline]
BUG: KMSAN: kernel-infoleak in _inline_copy_to_user include/linux/uaccess.h:205 [inline]
BUG: KMSAN: kernel-infoleak in _copy_to_user+0xcc/0x120 lib/usercopy.c:26
 instrument_copy_to_user include/linux/instrumented.h:131 [inline]
 _inline_copy_to_user include/linux/uaccess.h:205 [inline]
 _copy_to_user+0xcc/0x120 lib/usercopy.c:26
 copy_to_user include/linux/uaccess.h:236 [inline]
 i2cdev_ioctl_smbus+0x586/0x660 drivers/i2c/i2c-dev.c:394
 i2cdev_ioctl+0xa14/0xf40 drivers/i2c/i2c-dev.c:478
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:597 [inline]
 __se_sys_ioctl+0x23c/0x400 fs/ioctl.c:583
 __x64_sys_ioctl+0x97/0xe0 fs/ioctl.c:583
 x64_sys_call+0x1975/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:17
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x134/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was stored to memory at:
 i2c_smbus_xfer_emulated drivers/i2c/i2c-core-smbus.c:-1 [inline]
 __i2c_smbus_xfer+0x25b3/0x3120 drivers/i2c/i2c-core-smbus.c:608
 i2c_smbus_xfer+0x2d8/0x480 drivers/i2c/i2c-core-smbus.c:546
 i2cdev_ioctl_smbus+0x4a1/0x660 drivers/i2c/i2c-dev.c:389
 i2cdev_ioctl+0xa14/0xf40 drivers/i2c/i2c-dev.c:478
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:597 [inline]
 __se_sys_ioctl+0x23c/0x400 fs/ioctl.c:583
 __x64_sys_ioctl+0x97/0xe0 fs/ioctl.c:583
 x64_sys_call+0x1975/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:17
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x134/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Local variable msgbuf1.i created at:
 i2c_smbus_xfer_emulated drivers/i2c/i2c-core-smbus.c:335 [inline]
 __i2c_smbus_xfer+0x853/0x3120 drivers/i2c/i2c-core-smbus.c:608
 i2c_smbus_xfer+0x2d8/0x480 drivers/i2c/i2c-core-smbus.c:546

Byte 0 of 1 is uninitialized
Memory access of size 1 starts at ffff88804a09fd06
Data copied to user address 0000200000000040

CPU: 0 UID: 0 PID: 6052 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
=====================================================

Crashes (1007):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/04/04 08:25 upstream 631919fb12fe 4440e7c2 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2025/11/28 00:47 upstream 765e56e41a5a d6526ea3 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2025/11/28 00:39 upstream 765e56e41a5a d6526ea3 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2025/08/19 10:45 upstream be48bcf004f9 523f460e .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2025/05/02 08:57 upstream 02ddfb981de8 51b137cd .config strace log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2026/04/10 16:29 upstream 9a9c8ce300cd 38c8e246 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2026/04/09 23:49 upstream 8b02520ec5f7 38c8e246 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2026/04/06 21:14 upstream 591cd656a1bf 4440e7c2 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2026/04/06 21:14 upstream 591cd656a1bf 4440e7c2 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2026/04/06 18:09 upstream 591cd656a1bf 4440e7c2 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2026/04/05 08:12 upstream 3aae9383f42f 4440e7c2 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2026/04/05 03:26 upstream 3aae9383f42f 4440e7c2 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2026/04/04 23:11 upstream 7ca6d1cfec80 4440e7c2 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2026/04/02 07:13 upstream 9147566d8016 0cb124d5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2026/04/02 07:13 upstream 9147566d8016 0cb124d5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2026/03/30 21:58 upstream 7aaa8047eafd 458630d8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2026/03/30 18:31 upstream 7aaa8047eafd 458630d8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2026/03/29 14:58 upstream cbfffcca2bf0 356bdfc9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2026/03/28 14:53 upstream 7df48e363130 356bdfc9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2026/03/28 14:53 upstream 7df48e363130 356bdfc9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2026/03/25 19:45 upstream bbeb83d3182a 4367a094 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2026/03/25 08:08 upstream bbeb83d3182a 35e4ff71 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2026/03/18 18:08 upstream a989fde763f4 0199f9a1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2026/03/15 05:10 upstream 69237f8c1f69 ee8d34d6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2026/03/14 13:11 upstream 1c9982b49613 ee8d34d6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2026/03/12 21:41 upstream 80234b5ab240 4efadf07 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2026/03/12 15:27 upstream 80234b5ab240 4efadf07 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2026/03/12 15:25 upstream 80234b5ab240 4efadf07 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2026/03/11 11:57 upstream b4f0dd314b39 86914af9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2026/03/10 19:23 upstream 1f318b96cc84 4683d576 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2026/03/10 14:28 upstream 1f318b96cc84 4683d576 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2026/03/10 11:26 upstream 1f318b96cc84 6972f302 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2026/03/09 20:12 upstream 1f318b96cc84 176bead5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2026/03/09 03:59 upstream 014441d1e4b2 5cb44a80 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2026/03/09 02:52 upstream 014441d1e4b2 5cb44a80 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2026/04/10 03:09 upstream 8b02520ec5f7 38c8e246 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2026/04/06 19:19 upstream 591cd656a1bf 4440e7c2 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2026/04/06 00:32 upstream 1791c390149f 4440e7c2 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2026/04/05 10:04 upstream 3aae9383f42f 4440e7c2 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2026/04/05 05:39 upstream 3aae9383f42f 4440e7c2 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2026/04/02 08:58 upstream 9147566d8016 0cb124d5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2026/03/30 23:37 upstream 7aaa8047eafd 458630d8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2026/03/29 16:57 upstream cbfffcca2bf0 356bdfc9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2026/03/29 04:13 upstream be762d8b6dd7 356bdfc9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2026/03/29 00:00 upstream be762d8b6dd7 356bdfc9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2026/03/28 22:27 upstream be762d8b6dd7 356bdfc9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2026/03/25 23:30 upstream bbeb83d3182a 4367a094 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2026/03/13 09:18 upstream 0257f64bdac7 2f7f359d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2026/03/11 13:29 upstream b4f0dd314b39 86914af9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2026/03/10 23:10 upstream 1f318b96cc84 4683d576 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
2026/03/09 08:55 upstream 014441d1e4b2 5cb44a80 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: kernel-infoleak in i2cdev_ioctl_smbus
* Struck through repros no longer work on HEAD.