syzbot

 sign-in | mailing list | source | docs
🐞 Open [982] Subsystems 🐞 Fixed [5216] 🐞 Invalid [12474] Missing Backports [82] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KMSAN: uninit-value in read_descriptors

Status: auto-closed as invalid on 2022/06/06 09:45
Subsystems: usb
[Documentation on labels]
First crash: 773d, last: 773d
Similar bugs (4)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in read_descriptors (2) usb 1 404d 404d 0/26 auto-obsoleted due to no activity on 2023/06/10 07:49
upstream KASAN: slab-out-of-bounds Read in read_descriptors (3) usb C error 7 277d 304d 23/26 fixed on 2023/10/12 12:48
linux-6.1 KASAN: slab-out-of-bounds Read in read_descriptors origin:upstream C error 1 262d 307d 0/3 auto-obsoleted due to no activity on 2023/11/08 10:43
linux-5.15 KASAN: slab-out-of-bounds Read in read_descriptors origin:upstream missing-backport C error 2 216d 307d 0/3 upstream: reported C repro on 2023/06/17 08:07

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in read_descriptors+0x83b/0x950 drivers/usb/core/sysfs.c:890
 read_descriptors+0x83b/0x950 drivers/usb/core/sysfs.c:890
 sysfs_kf_bin_read+0x4ce/0x540 fs/sysfs/file.c:97
 kernfs_file_read_iter fs/kernfs/file.c:213 [inline]
 kernfs_fop_read_iter+0x4c7/0xaa0 fs/kernfs/file.c:242
 call_read_iter include/linux/fs.h:2068 [inline]
 new_sync_read fs/read_write.c:400 [inline]
 vfs_read+0x1631/0x1980 fs/read_write.c:481
 ksys_read+0x28b/0x510 fs/read_write.c:619
 __do_sys_read fs/read_write.c:629 [inline]
 __se_sys_read fs/read_write.c:627 [inline]
 __x64_sys_read+0xdb/0x120 fs/read_write.c:627
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x44/0xae

Uninit was created at:
 slab_post_alloc_hook mm/slab.h:737 [inline]
 slab_alloc_node mm/slub.c:3247 [inline]
 __kmalloc_node_track_caller+0xe0c/0x1510 mm/slub.c:4975
 kmalloc_reserve net/core/skbuff.c:354 [inline]
 __alloc_skb+0x545/0xf90 net/core/skbuff.c:426
 __netdev_alloc_skb+0x4b9/0x8c0 net/core/skbuff.c:494
 __netdev_alloc_skb_ip_align include/linux/skbuff.h:2968 [inline]
 netdev_alloc_skb_ip_align include/linux/skbuff.h:2978 [inline]
 batadv_iv_ogm_aggregate_new net/batman-adv/bat_iv_ogm.c:559 [inline]
 batadv_iv_ogm_queue_add+0x1421/0x1ca0 net/batman-adv/bat_iv_ogm.c:671
 batadv_iv_ogm_schedule_buff net/batman-adv/bat_iv_ogm.c:850 [inline]
 batadv_iv_ogm_schedule+0x124e/0x1680 net/batman-adv/bat_iv_ogm.c:869
 batadv_iv_send_outstanding_bat_ogm_packet+0xd9a/0xf40 net/batman-adv/bat_iv_ogm.c:1713
 process_one_work+0xdb6/0x1820 kernel/workqueue.c:2307
 worker_thread+0x10b3/0x21e0 kernel/workqueue.c:2454
 kthread+0x3c7/0x500 kernel/kthread.c:377
 ret_from_fork+0x1f/0x30

CPU: 0 PID: 9531 Comm: udevd Tainted: G        W         5.17.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
=====================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/03/08 09:43 https://github.com/google/kmsan.git master 724946410067 7bdd8b2c .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in read_descriptors
* Struck through repros no longer work on HEAD.