syzbot


KMSAN: uninit-value in kalmia_send_init_packet

Status: fixed on 2023/06/08 14:41
Subsystems: usb
[Documentation on labels]
Reported-by: syzbot+cd80c5ef5121bfe85b55@syzkaller.appspotmail.com
Fix commit: c68f345b7c42 net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path
First crash: 539d, last: 539d
Discussions (3)
Title Replies (including bot) Last reply
[PATCH v2] net/usb: kalmia: Fix uninit-value in kalmia_send_init_packet 8 (8) 2023/02/13 09:50
[UNTESTED PATCH] net/usb: kalmia: Fix uninit-value in kalmia_send_init_packet 3 (3) 2023/01/31 11:48
[syzbot] KMSAN: uninit-value in kalmia_send_init_packet 0 (1) 2023/01/31 08:04
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in number (4) kernel C 7189 607d 985d 0/27 closed as invalid on 2022/11/28 10:01
Last patch testing requests (2)
Created Duration User Patch Repo Result
2023/02/09 14:19 22m mikoxyzzz@gmail.com patch https://github.com/google/kmsan.git master OK log
2023/01/31 12:04 24m mikoxyzzz@gmail.com patch https://github.com/google/kmsan.git master OK log

Sample crash report:
usb 1-1: Product: syz
usb 1-1: Manufacturer: syz
usb 1-1: SerialNumber: syz
usb 1-1: config 0 descriptor??
=====================================================
BUG: KMSAN: uninit-value in kalmia_send_init_packet+0x56f/0x5f0 drivers/net/usb/kalmia.c:67
 kalmia_send_init_packet+0x56f/0x5f0 drivers/net/usb/kalmia.c:67
 kalmia_init_and_get_ethernet_addr drivers/net/usb/kalmia.c:113 [inline]
 kalmia_bind+0x2fd/0x5a0 drivers/net/usb/kalmia.c:148
 usbnet_probe+0xf8e/0x3de0 drivers/net/usb/usbnet.c:1745
 usb_probe_interface+0xc4b/0x11f0 drivers/usb/core/driver.c:396
 really_probe+0x506/0x1000 drivers/base/dd.c:639
 __driver_probe_device+0x2fa/0x3d0 drivers/base/dd.c:778
 driver_probe_device+0x72/0x7a0 drivers/base/dd.c:808
 __device_attach_driver+0x548/0x8e0 drivers/base/dd.c:936
 bus_for_each_drv+0x1fc/0x360 drivers/base/bus.c:427
 __device_attach+0x42a/0x720 drivers/base/dd.c:1008
 device_initial_probe+0x2e/0x40 drivers/base/dd.c:1057
 bus_probe_device+0x13c/0x3b0 drivers/base/bus.c:487
 device_add+0x1d4b/0x26c0 drivers/base/core.c:3479
 usb_set_configuration+0x3157/0x3860 drivers/usb/core/message.c:2171
 usb_generic_driver_probe+0x105/0x290 drivers/usb/core/generic.c:238
 usb_probe_device+0x288/0x490 drivers/usb/core/driver.c:293
 really_probe+0x506/0x1000 drivers/base/dd.c:639
 __driver_probe_device+0x2fa/0x3d0 drivers/base/dd.c:778
 driver_probe_device+0x72/0x7a0 drivers/base/dd.c:808
 __device_attach_driver+0x548/0x8e0 drivers/base/dd.c:936
 bus_for_each_drv+0x1fc/0x360 drivers/base/bus.c:427
 __device_attach+0x42a/0x720 drivers/base/dd.c:1008
 device_initial_probe+0x2e/0x40 drivers/base/dd.c:1057
 bus_probe_device+0x13c/0x3b0 drivers/base/bus.c:487
 device_add+0x1d4b/0x26c0 drivers/base/core.c:3479
 usb_new_device+0x17ac/0x2370 drivers/usb/core/hub.c:2576
 hub_port_connect drivers/usb/core/hub.c:5408 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5552 [inline]
 port_event drivers/usb/core/hub.c:5712 [inline]
 hub_event+0x56f3/0x7660 drivers/usb/core/hub.c:5794
 process_one_work+0xb27/0x13e0 kernel/workqueue.c:2289
 worker_thread+0x1076/0x1d60 kernel/workqueue.c:2436
 kthread+0x31b/0x430 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308

Local variable act_len created at:
 kalmia_send_init_packet+0x4e/0x5f0 drivers/net/usb/kalmia.c:64
 kalmia_init_and_get_ethernet_addr drivers/net/usb/kalmia.c:113 [inline]
 kalmia_bind+0x2fd/0x5a0 drivers/net/usb/kalmia.c:148

CPU: 1 PID: 4675 Comm: kworker/1:3 Not tainted 6.2.0-rc5-syzkaller-80200-g41c66f470616 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
Workqueue: usb_hub_wq hub_event
=====================================================

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/01/30 09:22 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in kalmia_send_init_packet
2023/01/30 08:46 https://github.com/google/kmsan.git master 41c66f470616 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in kalmia_send_init_packet
* Struck through repros no longer work on HEAD.