syzbot

 sign-in | mailing list | source | docs
🐞 Open [992] Subsystems 🐞 Fixed [5242] 🐞 Invalid [12509] Missing Backports [84] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KMSAN: uninit-value in digitv_rc_query

Status: fixed on 2020/02/18 14:31
Subsystems: media usb
[Documentation on labels]
Reported-by: syzbot+6bf9606ee955b646c0e1@syzkaller.appspotmail.com
Fix commit: eecc70d22ae5 media: digitv: don't continue if remote control state can't be read 569bc8d6a6a5 media: dvb-usb/dvb-usb-urb.c: initialize actlen to 0
First crash: 1664d, last: 1647d
Discussions (10)
Title Replies (including bot) Last reply
[PATCH 5.5 00/23] 5.5.2-stable review 31 (31) 2020/02/08 16:13
[PATCH 4.4 00/53] 4.4.213-stable review 63 (63) 2020/02/05 22:37
[PATCH 5.4 00/90] 5.4.18-stable review 107 (107) 2020/02/05 21:21
[PATCH 4.19 00/70] 4.19.102-stable review 77 (77) 2020/02/05 14:42
[PATCH 4.14 00/89] 4.14.170-stable review 93 (93) 2020/02/04 17:19
[PATCH 4.9 00/68] 4.9.213-stable review 72 (72) 2020/02/04 17:18
[PATCH] media: dvb: check return value digitv_ctrl_msg 4 (4) 2020/01/15 18:15
[PATCH 0/5] Fix various syzbot errors 10 (10) 2019/11/12 09:53
[PATCH 1/3] media: digitv: don't continue if remote control state can't be read 3 (3) 2019/11/10 10:34
KMSAN: uninit-value in digitv_rc_query 0 (1) 2019/11/08 17:04
Last patch testing requests (3)
Created Duration User Patch Repo Result
2019/12/02 15:48 21m tranmanphong@gmail.com patch https://github.com/google/kmsan.git 1e76a3e5 OK
2019/11/12 08:26 21m hverkuil@xs4all.nl patch https://github.com/google/kmsan.git master OK
2019/11/11 14:24 20m hverkuil@xs4all.nl patch https://github.com/google/kmsan.git master report log

Sample crash report:
dvb-usb: schedule remote query interval to 1000 msecs.
dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) successfully initialized and connected.
dvb-usb: bulk message failed: -22 (7/0)
dvb-usb: bulk message failed: -22 (7/0)
dvb-usb: bulk message failed: -22 (7/-30591)
dvb-usb: bulk message failed: -22 (7/0)
=====================================================
BUG: KMSAN: uninit-value in legacy_dvb_usb_read_remote_control+0x106/0x790 drivers/media/usb/dvb-usb/dvb-usb-remote.c:123
CPU: 1 PID: 3844 Comm: kworker/1:2 Not tainted 5.3.0-rc7+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events legacy_dvb_usb_read_remote_control
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x191/0x1f0 lib/dump_stack.c:113
 kmsan_report+0x13a/0x2b0 mm/kmsan/kmsan_report.c:108
 __msan_warning+0x73/0xe0 mm/kmsan/kmsan_instr.c:250
 digitv_rc_query+0x76a/0x890 drivers/media/usb/dvb-usb/digitv.c:259
 legacy_dvb_usb_read_remote_control+0x106/0x790 drivers/media/usb/dvb-usb/dvb-usb-remote.c:123
 process_one_work+0x1572/0x1ef0 kernel/workqueue.c:2269
 worker_thread+0x111b/0x2460 kernel/workqueue.c:2415
 kthread+0x4b5/0x4f0 kernel/kthread.c:256
 ret_from_fork+0x35/0x40 arch/x86/entry/entry_64.S:355

Local variable description: ----key@digitv_rc_query
Variable was created at:
 digitv_rc_query+0x78/0x890 drivers/media/usb/dvb-usb/digitv.c:234
 legacy_dvb_usb_read_remote_control+0x106/0x790 drivers/media/usb/dvb-usb/dvb-usb-remote.c:123
=====================================================
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 3844 Comm: kworker/1:2 Tainted: G    B             5.3.0-rc7+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events legacy_dvb_usb_read_remote_control
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x191/0x1f0 lib/dump_stack.c:113
 panic+0x3c9/0xc1e kernel/panic.c:219
 kmsan_report+0x2a2/0x2b0 mm/kmsan/kmsan_report.c:131
 __msan_warning+0x73/0xe0 mm/kmsan/kmsan_instr.c:250
 digitv_rc_query+0x76a/0x890 drivers/media/usb/dvb-usb/digitv.c:259
 legacy_dvb_usb_read_remote_control+0x106/0x790 drivers/media/usb/dvb-usb/dvb-usb-remote.c:123
 process_one_work+0x1572/0x1ef0 kernel/workqueue.c:2269
 worker_thread+0x111b/0x2460 kernel/workqueue.c:2415
 kthread+0x4b5/0x4f0 kernel/kthread.c:256
 ret_from_fork+0x35/0x40 arch/x86/entry/entry_64.S:355
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (4):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/10/05 15:15 https://github.com/google/kmsan.git master 1e76a3e537c3 f3f7d9c8 .config console log report syz C ci-upstream-kmsan-gce
2019/10/23 01:42 https://github.com/google/kmsan.git master 3c8ca70889aa 5681358a .config console log report ci-upstream-kmsan-gce
2019/10/19 02:51 https://github.com/google/kmsan.git master 3c8ca70889aa 8c88c9c1 .config console log report ci-upstream-kmsan-gce
2019/10/05 14:20 https://github.com/google/kmsan.git master 1e76a3e537c3 f3f7d9c8 .config console log report ci-upstream-kmsan-gce
* Struck through repros no longer work on HEAD.