syzbot


KMSAN: uninit-value in usb_get_configuration

Status: auto-closed as invalid on 2022/03/04 20:20
Reported-by: syzbot+@syzkaller.appspotmail.com
First crash: 358d, last: 358d
similar bugs (1):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in hid_connect C 176 26d 376d 0/24 closed as invalid on 2022/11/03 08:52

Sample crash report:
usb 1-1: config 0 has 2 interfaces, different from the descriptor's value: 1
usb 1-1: config 0 has no interface number 0
usb 1-1: config 0 has no interface number 1
=====================================================
BUG: KMSAN: uninit-value in string_nocheck lib/vsprintf.c:638 [inline]
BUG: KMSAN: uninit-value in string+0x4fd/0x700 lib/vsprintf.c:720
 string_nocheck lib/vsprintf.c:638 [inline]
 string+0x4fd/0x700 lib/vsprintf.c:720
 vsnprintf+0x224f/0x36a0 lib/vsprintf.c:2805
 va_format lib/vsprintf.c:1694 [inline]
 pointer+0x184c/0x2060 lib/vsprintf.c:2435
 vsnprintf+0x1aaf/0x36a0 lib/vsprintf.c:2809
 vprintk_store+0x535/0x2180 kernel/printk/printk.c:2135
 vprintk_emit+0x25c/0x950 kernel/printk/printk.c:2229
 dev_vprintk_emit+0x5f5/0x6d6 drivers/base/core.c:4594
 dev_printk_emit+0x1d8/0x21a drivers/base/core.c:4605
 __dev_printk+0x3de/0x460 drivers/base/core.c:4617
 _dev_warn+0x1e5/0x22a drivers/base/core.c:4661
 usb_parse_interface drivers/usb/core/config.c:593 [inline]
 usb_parse_configuration drivers/usb/core/config.c:795 [inline]
 usb_get_configuration+0x7fe4/0x9330 drivers/usb/core/config.c:944
 usb_enumerate_device drivers/usb/core/hub.c:2395 [inline]
 usb_new_device+0x1d1/0x2960 drivers/usb/core/hub.c:2533
 hub_port_connect drivers/usb/core/hub.c:5353 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5497 [inline]
 port_event drivers/usb/core/hub.c:5643 [inline]
 hub_event+0x595e/0x8910 drivers/usb/core/hub.c:5725
 process_one_work+0xdc2/0x1820 kernel/workqueue.c:2298
 process_scheduled_works kernel/workqueue.c:2361 [inline]
 worker_thread+0x17a9/0x2290 kernel/workqueue.c:2447
 kthread+0x721/0x850 kernel/kthread.c:327
 ret_from_fork+0x1f/0x30

Local variable timer created at:
 schedule_timeout+0x57/0x5d0 kernel/time/timer.c:1844
 do_wait_for_common kernel/sched/completion.c:85 [inline]
 __wait_for_common kernel/sched/completion.c:106 [inline]
 wait_for_common+0x319/0x660 kernel/sched/completion.c:117

CPU: 0 PID: 7868 Comm: kworker/0:3 Not tainted 5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: usb_hub_wq hub_event
=====================================================

Crashes (1):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kmsan-gce-386 2021/12/04 20:15 https://github.com/google/kmsan.git master b0f85c4ccdd4 a617004c .config log report info KMSAN: uninit-value in usb_get_configuration
* Struck through repros no longer work on HEAD.