syzbot

 sign-in | mailing list | source | docs
🐞 Open [1504]
Subsystems
🐞 Fixed [6667]
🐞 Invalid [17083]
Missing Backports [214]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KMSAN: uninit-value in lan78xx_reset

Status: upstream: reported C repro on 2025/09/04 18:56
Subsystems: usb net
[Documentation on labels]
Reported-by: syzbot+62ec8226f01cb4ca19d9@syzkaller.appspotmail.com
Fix commit: 49bdb63ff644 net: usb: lan78xx: Fix lost EEPROM read timeout error(-ETIMEDOUT) in lan78xx_read_raw_eeprom
Patched on: [ci-qemu-gce-upstream-auto ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-qemu2-riscv64 ci-snapshot-upstream-root ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-leak ci-upstream-kasan-badwrites-root ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce-386-root ci-upstream-kmsan-gce-root ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci-upstream-rust-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce ci2-upstream-usb], missing on: [ci-qemu-native-arm64-kvm ci-upstream-gce-arm64]
First crash: 50d, last: 12d
Discussions (3)
Title Replies (including bot) Last reply
Re: [PATCH net] net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset 1 (1) 2025/10/07 08:35
[PATCH] net: usb: lan78xx: Fix lost EEPROM read timeout error(-ETIMEDOUT) in lan78xx_read_raw_eeprom 11 (11) 2025/10/03 18:00
[syzbot] [net?] [usb?] KMSAN: uninit-value in lan78xx_reset 0 (2) 2025/10/03 02:01

Sample crash report:
usb 1-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
usb 1-1: Product: syz
usb 1-1: Manufacturer: syz
usb 1-1: SerialNumber: syz
lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): EEPROM read operation timeout
=====================================================
BUG: KMSAN: uninit-value in lan78xx_read_eeprom drivers/net/usb/lan78xx.c:1095 [inline]
BUG: KMSAN: uninit-value in lan78xx_init_mac_address drivers/net/usb/lan78xx.c:1937 [inline]
BUG: KMSAN: uninit-value in lan78xx_reset+0x999/0x2cd0 drivers/net/usb/lan78xx.c:3241
 lan78xx_read_eeprom drivers/net/usb/lan78xx.c:1095 [inline]
 lan78xx_init_mac_address drivers/net/usb/lan78xx.c:1937 [inline]
 lan78xx_reset+0x999/0x2cd0 drivers/net/usb/lan78xx.c:3241
 lan78xx_bind+0x711/0x1690 drivers/net/usb/lan78xx.c:3766
 lan78xx_probe+0x225c/0x3310 drivers/net/usb/lan78xx.c:4707
 usb_probe_interface+0xd23/0x1460 drivers/usb/core/driver.c:396
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x4d4/0xdc0 drivers/base/dd.c:659
 __driver_probe_device+0x268/0x380 drivers/base/dd.c:801
 driver_probe_device+0x70/0x8b0 drivers/base/dd.c:831
 __device_attach_driver+0x4ee/0x950 drivers/base/dd.c:959
 bus_for_each_drv+0x3e0/0x680 drivers/base/bus.c:462
 __device_attach+0x3c8/0x5c0 drivers/base/dd.c:1031
 device_initial_probe+0x33/0x40 drivers/base/dd.c:1080
 bus_probe_device+0x3ba/0x5e0 drivers/base/bus.c:537
 device_add+0x12a9/0x1c10 drivers/base/core.c:3689
 usb_set_configuration+0x3493/0x3b70 drivers/usb/core/message.c:2210
 usb_generic_driver_probe+0xfc/0x290 drivers/usb/core/generic.c:250
 usb_probe_device+0x38a/0x690 drivers/usb/core/driver.c:291
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x4d4/0xdc0 drivers/base/dd.c:659
 __driver_probe_device+0x268/0x380 drivers/base/dd.c:801
 driver_probe_device+0x70/0x8b0 drivers/base/dd.c:831
 __device_attach_driver+0x4ee/0x950 drivers/base/dd.c:959
 bus_for_each_drv+0x3e0/0x680 drivers/base/bus.c:462
 __device_attach+0x3c8/0x5c0 drivers/base/dd.c:1031
 device_initial_probe+0x33/0x40 drivers/base/dd.c:1080
 bus_probe_device+0x3ba/0x5e0 drivers/base/bus.c:537
 device_add+0x12a9/0x1c10 drivers/base/core.c:3689
 usb_new_device+0x1062/0x20f0 drivers/usb/core/hub.c:2694
 hub_port_connect drivers/usb/core/hub.c:5566 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5706 [inline]
 port_event drivers/usb/core/hub.c:5870 [inline]
 hub_event+0x54e0/0x7620 drivers/usb/core/hub.c:5952
 process_one_work kernel/workqueue.c:3263 [inline]
 process_scheduled_works+0xb91/0x1d80 kernel/workqueue.c:3346
 worker_thread+0xedf/0x1590 kernel/workqueue.c:3427
 kthread+0xd5c/0xf00 kernel/kthread.c:463
 ret_from_fork+0x233/0x380 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

Local variable sig.i.i created at:
 lan78xx_read_eeprom drivers/net/usb/lan78xx.c:1092 [inline]
 lan78xx_init_mac_address drivers/net/usb/lan78xx.c:1937 [inline]
 lan78xx_reset+0x77e/0x2cd0 drivers/net/usb/lan78xx.c:3241
 lan78xx_bind+0x711/0x1690 drivers/net/usb/lan78xx.c:3766

CPU: 0 UID: 0 PID: 5106 Comm: kworker/0:2 Not tainted syzkaller #0 PREEMPT(none) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
Workqueue: usb_hub_wq hub_event
=====================================================

Crashes (14):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/10/03 02:00 upstream 7f7072574127 49379ee0 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in lan78xx_reset
2025/10/08 23:48 upstream 0d97f2067c16 7e2882b3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in lan78xx_reset
2025/10/08 22:04 upstream 0d97f2067c16 7e2882b3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in lan78xx_reset
2025/10/04 21:27 upstream 9b0d551bcc05 49379ee0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in lan78xx_reset
2025/10/04 18:10 upstream 9b0d551bcc05 49379ee0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in lan78xx_reset
2025/10/04 13:13 upstream 9b0d551bcc05 49379ee0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in lan78xx_reset
2025/10/02 21:53 upstream 7f7072574127 49379ee0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in lan78xx_reset
2025/09/22 07:51 upstream 2d5bd41a4505 67c37560 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in lan78xx_reset
2025/09/09 18:56 upstream f777d1112ee5 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in lan78xx_reset
2025/08/31 18:47 upstream c8bc81a52d5a 807a3b61 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in lan78xx_reset
2025/08/31 18:46 upstream c8bc81a52d5a 807a3b61 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in lan78xx_reset
2025/09/28 23:27 upstream 8f9736633f8c 001c9061 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in lan78xx_reset
2025/09/12 02:04 upstream 02ffd6f89c50 e2beed91 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in lan78xx_reset
2025/09/12 02:04 upstream 02ffd6f89c50 e2beed91 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in lan78xx_reset
* Struck through repros no longer work on HEAD.