syzbot

 sign-in | mailing list | source | docs
🐞 Open [993] Subsystems 🐞 Fixed [5244] 🐞 Invalid [12515] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KMSAN: uninit-value in read_eprom_word

Status: fixed on 2019/08/27 17:15
Subsystems: usb
[Documentation on labels]
Reported-by: syzbot+3499a83b2d062ae409d4@syzkaller.appspotmail.com
Fix commit: 224c04973db1 net: usb: pegasus: fix improper read if get_registers() fail
First crash: 1768d, last: 1706d
Discussions (14)
Title Replies (including bot) Last reply
[PATCH AUTOSEL 5.2 001/123] ASoC: simple_card_utils.h: care NULL dai at asoc_simple_debug_dai() 138 (138) 2019/09/09 09:35
[PATCH 5.2 000/135] 5.2.10-stable review 160 (160) 2019/08/27 10:51
[PATCH 4.4 00/78] 4.4.190-stable review 91 (91) 2019/08/24 18:14
[PATCH 4.9 000/103] 4.9.190-stable review 109 (109) 2019/08/24 17:59
[PATCH 4.14 00/71] 4.14.140-stable review 79 (79) 2019/08/24 17:55
[PATCH 4.19 00/85] 4.19.68-stable review 91 (91) 2019/08/24 17:51
[PATCH AUTOSEL 4.14 01/44] iio: adc: max9611: Fix misuse of GENMASK macro 45 (45) 2019/08/14 07:37
[PATCH AUTOSEL 4.19 01/68] iio: adc: max9611: Fix misuse of GENMASK macro 69 (69) 2019/08/14 07:36
[PATCH AUTOSEL 4.4 01/28] HID: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT 28 (28) 2019/08/14 02:25
[PATCH AUTOSEL 4.9 01/33] HID: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT 33 (33) 2019/08/14 02:23
[PATCH] net: usb: pegasus: fix improper read if get_registers() fail 6 (6) 2019/08/01 22:18
Re: [PATCH] net: usb: pegasus: fix improper read if get_registers() fail 1 (1) 2019/07/30 21:10
[PATCH] net: usb: pegasus: fix improper read if get_registers() fail 1 (1) 2019/07/30 12:45
KMSAN: uninit-value in read_eprom_word 0 (1) 2019/07/30 09:38

Sample crash report:
usb 1-1: config 0 has no interface number 0
usb 1-1: New USB device found, idVendor=050d, idProduct=0122, bcdDevice=c1.69
usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
usb 1-1: config 0 descriptor??
==================================================================
BUG: KMSAN: uninit-value in read_eprom_word+0x947/0xdd0 /drivers/net/usb/pegasus.c:295
CPU: 1 PID: 49 Comm: kworker/1:1 Not tainted 5.2.0+ #15
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: usb_hub_wq hub_event
Call Trace:
 __dump_stack /lib/dump_stack.c:77 [inline]
 dump_stack+0x191/0x1f0 /lib/dump_stack.c:113
 kmsan_report+0x162/0x2d0 /mm/kmsan/kmsan_report.c:109
 __msan_warning+0x75/0xe0 /mm/kmsan/kmsan_instr.c:294
 read_eprom_word+0x947/0xdd0 /drivers/net/usb/pegasus.c:295
 get_interrupt_interval /drivers/net/usb/pegasus.c:755 [inline]
 pegasus_probe+0xf2b/0x4be0 /drivers/net/usb/pegasus.c:1189
 usb_probe_interface+0xd19/0x1310 /drivers/usb/core/driver.c:361
 really_probe+0x1344/0x1d90 /drivers/base/dd.c:513
 driver_probe_device+0x1ba/0x510 /drivers/base/dd.c:670
 __device_attach_driver+0x5b8/0x790 /drivers/base/dd.c:777
 bus_for_each_drv+0x28e/0x3b0 /drivers/base/bus.c:454
 __device_attach+0x489/0x750 /drivers/base/dd.c:843
 device_initial_probe+0x4a/0x60 /drivers/base/dd.c:890
 bus_probe_device+0x131/0x390 /drivers/base/bus.c:514
 device_add+0x25b5/0x2df0 /drivers/base/core.c:2111
 usb_set_configuration+0x309f/0x3710 /drivers/usb/core/message.c:2027
 generic_probe+0xe7/0x280 /drivers/usb/core/generic.c:210
 usb_probe_device+0x146/0x200 /drivers/usb/core/driver.c:266
 really_probe+0x1344/0x1d90 /drivers/base/dd.c:513
 driver_probe_device+0x1ba/0x510 /drivers/base/dd.c:670
 __device_attach_driver+0x5b8/0x790 /drivers/base/dd.c:777
 bus_for_each_drv+0x28e/0x3b0 /drivers/base/bus.c:454
 __device_attach+0x489/0x750 /drivers/base/dd.c:843
 device_initial_probe+0x4a/0x60 /drivers/base/dd.c:890
 bus_probe_device+0x131/0x390 /drivers/base/bus.c:514
 device_add+0x25b5/0x2df0 /drivers/base/core.c:2111
 usb_new_device+0x23e5/0x2fb0 /drivers/usb/core/hub.c:2534
 hub_port_connect /drivers/usb/core/hub.c:5089 [inline]
 hub_port_connect_change /drivers/usb/core/hub.c:5204 [inline]
 port_event /drivers/usb/core/hub.c:5350 [inline]
 hub_event+0x5853/0x7320 /drivers/usb/core/hub.c:5432
 process_one_work+0x1572/0x1f00 /kernel/workqueue.c:2269
 worker_thread+0x111b/0x2460 /kernel/workqueue.c:2415
 kthread+0x4b5/0x4f0 /kernel/kthread.c:256
 ret_from_fork+0x35/0x40 /arch/x86/entry/entry_64.S:355

Local variable description: ----data.addr.i13@read_eprom_word
Variable was created at:
 set_register /drivers/net/usb/pegasus.c:171 [inline]
 read_eprom_word+0x498/0xdd0 /drivers/net/usb/pegasus.c:291
 get_interrupt_interval /drivers/net/usb/pegasus.c:755 [inline]
 pegasus_probe+0xf2b/0x4be0 /drivers/net/usb/pegasus.c:1189
==================================================================

Crashes (31):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/07/19 10:09 https://github.com/google/kmsan.git master beaab8a31e0d 7bb222f7 .config console log report syz C ci-upstream-kmsan-gce
2019/07/17 10:14 https://github.com/google/kmsan.git master 7280182c67ba 0d10349c .config console log report syz C ci-upstream-kmsan-gce
2019/06/24 18:47 https://github.com/google/kmsan.git master 3351e2b9635b 472f0082 .config console log report syz C ci-upstream-kmsan-gce
2019/08/25 13:50 https://github.com/google/kmsan.git master 61ccdad1fcdf d21c5d9d .config console log report ci-upstream-kmsan-gce
2019/08/22 20:23 https://github.com/google/kmsan.git master 61ccdad1fcdf d003d6d0 .config console log report ci-upstream-kmsan-gce
2019/08/20 04:07 https://github.com/google/kmsan.git master 61ccdad1fcdf ee12860b .config console log report ci-upstream-kmsan-gce
2019/08/18 00:14 https://github.com/google/kmsan.git master 61ccdad1fcdf 55bf8926 .config console log report ci-upstream-kmsan-gce
2019/08/17 14:17 https://github.com/google/kmsan.git master 61ccdad1fcdf 8fd428a1 .config console log report ci-upstream-kmsan-gce
2019/08/14 00:02 https://github.com/google/kmsan.git master 61ccdad1fcdf ef801a3e .config console log report ci-upstream-kmsan-gce
2019/08/12 19:45 https://github.com/google/kmsan.git master 61ccdad1fcdf acb51638 .config console log report ci-upstream-kmsan-gce
2019/08/10 07:24 https://github.com/google/kmsan.git master 61ccdad1fcdf acb51638 .config console log report ci-upstream-kmsan-gce
2019/08/05 19:05 https://github.com/google/kmsan.git master ae0c578a3cdf 6affd8e8 .config console log report ci-upstream-kmsan-gce
2019/08/03 09:12 https://github.com/google/kmsan.git master beaab8a31e0d 6affd8e8 .config console log report ci-upstream-kmsan-gce
2019/07/30 15:27 https://github.com/google/kmsan.git master beaab8a31e0d f28bf2a5 .config console log report ci-upstream-kmsan-gce
2019/07/30 14:54 https://github.com/google/kmsan.git master beaab8a31e0d f28bf2a5 .config console log report ci-upstream-kmsan-gce
2019/07/30 02:51 https://github.com/google/kmsan.git master beaab8a31e0d f67095ee .config console log report ci-upstream-kmsan-gce
2019/07/30 02:48 https://github.com/google/kmsan.git master beaab8a31e0d f67095ee .config console log report ci-upstream-kmsan-gce
2019/07/30 00:01 https://github.com/google/kmsan.git master beaab8a31e0d f67095ee .config console log report ci-upstream-kmsan-gce
2019/07/27 15:38 https://github.com/google/kmsan.git master beaab8a31e0d c85e1c5b .config console log report ci-upstream-kmsan-gce
2019/07/23 13:26 https://github.com/google/kmsan.git master beaab8a31e0d de453f34 .config console log report ci-upstream-kmsan-gce
2019/07/11 04:09 https://github.com/google/kmsan.git master b38a37c68ee8 ff7bf04c .config console log report ci-upstream-kmsan-gce
2019/07/10 11:32 https://github.com/google/kmsan.git master 4009f3cf8673 f62e1e85 .config console log report ci-upstream-kmsan-gce
2019/07/10 08:35 https://github.com/google/kmsan.git master 4009f3cf8673 f62e1e85 .config console log report ci-upstream-kmsan-gce
2019/07/10 01:12 https://github.com/google/kmsan.git master fe36eb20e4a4 f62e1e85 .config console log report ci-upstream-kmsan-gce
2019/07/07 06:24 https://github.com/google/kmsan.git master f23a6010183e f62e1e85 .config console log report ci-upstream-kmsan-gce
2019/07/03 20:45 https://github.com/google/kmsan.git master 28617b0ab254 55565fa0 .config console log report ci-upstream-kmsan-gce
2019/07/01 23:04 https://github.com/google/kmsan.git master 41550654dedf 907bf746 .config console log report ci-upstream-kmsan-gce
2019/07/01 17:34 https://github.com/google/kmsan.git master 41550654dedf 907bf746 .config console log report ci-upstream-kmsan-gce
2019/07/01 16:33 https://github.com/google/kmsan.git master 41550654dedf 907bf746 .config console log report ci-upstream-kmsan-gce
2019/06/28 08:19 https://github.com/google/kmsan.git master 41550654dedf 7509bf36 .config console log report ci-upstream-kmsan-gce
2019/06/24 17:29 https://github.com/google/kmsan.git master 3351e2b9635b 472f0082 .config console log report ci-upstream-kmsan-gce
* Struck through repros no longer work on HEAD.