KMSAN: uninit-value in pegasus

KMSAN: uninit-value in pegasus_probe
Status: upstream: reported C repro on 2019/10/03 19:59
Reported-by: syzbot+02c9f70f3afae308464a@syzkaller.appspotmail.com
First crash: 753d, last: 1d01h

Patch testing requests:
Created	Duration	User	Patch	Repo	Result
2020/09/15 13:35	20m	anant.thazhemadam@gmail.com		https://github.com/google/kmsan.git master	OK

Sample crash report:

usb 1-1: Product: syz
usb 1-1: Manufacturer: syz
usb 1-1: SerialNumber: syz
usb 1-1: config 0 descriptor??
(unnamed net_device) (uninitialized): read_eprom_word failed
=====================================================
BUG: KMSAN: uninit-value in get_interrupt_interval drivers/net/usb/pegasus.c:746 [inline]
BUG: KMSAN: uninit-value in pegasus_probe+0x10e7/0x4080 drivers/net/usb/pegasus.c:1152
CPU: 1 PID: 825 Comm: kworker/1:1 Not tainted 5.12.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: usb_hub_wq hub_event
Call Trace:
 __dump_stack lib/dump_stack.c:79 [inline]
 dump_stack+0x24c/0x2e0 lib/dump_stack.c:120
 kmsan_report+0xfb/0x1e0 mm/kmsan/kmsan_report.c:118
 __msan_warning+0x5c/0xa0 mm/kmsan/kmsan_instr.c:197
 get_interrupt_interval drivers/net/usb/pegasus.c:746 [inline]
 pegasus_probe+0x10e7/0x4080 drivers/net/usb/pegasus.c:1152
 usb_probe_interface+0xfcc/0x1520 drivers/usb/core/driver.c:396
 really_probe+0xe15/0x24d0 drivers/base/dd.c:561
 driver_probe_device+0x29d/0x3a0 drivers/base/dd.c:743
 __device_attach_driver+0x63f/0x830 drivers/base/dd.c:849
 bus_for_each_drv+0x2c8/0x3f0 drivers/base/bus.c:431
 __device_attach+0x56a/0x890 drivers/base/dd.c:917
 device_initial_probe+0x4a/0x60 drivers/base/dd.c:964
 bus_probe_device+0x17e/0x3d0 drivers/base/bus.c:491
 device_add+0x2c15/0x31d0 drivers/base/core.c:3242
 usb_set_configuration+0x3872/0x3eb0 drivers/usb/core/message.c:2164
 usb_generic_driver_probe+0x138/0x300 drivers/usb/core/generic.c:238
 usb_probe_device+0x317/0x570 drivers/usb/core/driver.c:293
 really_probe+0xe15/0x24d0 drivers/base/dd.c:561
 driver_probe_device+0x29d/0x3a0 drivers/base/dd.c:743
 __device_attach_driver+0x63f/0x830 drivers/base/dd.c:849
 bus_for_each_drv+0x2c8/0x3f0 drivers/base/bus.c:431
 __device_attach+0x56a/0x890 drivers/base/dd.c:917
 device_initial_probe+0x4a/0x60 drivers/base/dd.c:964
 bus_probe_device+0x17e/0x3d0 drivers/base/bus.c:491
 device_add+0x2c15/0x31d0 drivers/base/core.c:3242
 usb_new_device+0x1bd4/0x2a30 drivers/usb/core/hub.c:2555
 hub_port_connect drivers/usb/core/hub.c:5223 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5363 [inline]
 port_event drivers/usb/core/hub.c:5509 [inline]
 hub_event+0x5b99/0x8870 drivers/usb/core/hub.c:5591
 process_one_work+0x1219/0x1fe0 kernel/workqueue.c:2275
 worker_thread+0x10ec/0x2340 kernel/workqueue.c:2421
 kthread+0x521/0x560 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294

Local variable ----data.i@pegasus_probe created at:
 get_interrupt_interval drivers/net/usb/pegasus.c:1151 [inline]
 pegasus_probe+0xe57/0x4080 drivers/net/usb/pegasus.c:1152
 get_interrupt_interval drivers/net/usb/pegasus.c:1151 [inline]
 pegasus_probe+0xe57/0x4080 drivers/net/usb/pegasus.c:1152
=====================================================
pegasus 1-1:0.172: can't reset MAC
pegasus: probe of 1-1:0.172 failed with error -5
(unnamed net_device) (uninitialized): read_eprom_word failed
=====================================================
BUG: KMSAN: uninit-value in get_interrupt_interval drivers/net/usb/pegasus.c:746 [inline]
BUG: KMSAN: uninit-value in pegasus_probe+0x10e7/0x4080 drivers/net/usb/pegasus.c:1152
CPU: 1 PID: 825 Comm: kworker/1:1 Tainted: G    B             5.12.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: usb_hub_wq hub_event
Call Trace:
 __dump_stack lib/dump_stack.c:79 [inline]
 dump_stack+0x24c/0x2e0 lib/dump_stack.c:120
 kmsan_report+0xfb/0x1e0 mm/kmsan/kmsan_report.c:118
 __msan_warning+0x5c/0xa0 mm/kmsan/kmsan_instr.c:197
 get_interrupt_interval drivers/net/usb/pegasus.c:746 [inline]
 pegasus_probe+0x10e7/0x4080 drivers/net/usb/pegasus.c:1152
 usb_probe_interface+0xfcc/0x1520 drivers/usb/core/driver.c:396
 really_probe+0xe15/0x24d0 drivers/base/dd.c:561
 driver_probe_device+0x29d/0x3a0 drivers/base/dd.c:743
 __device_attach_driver+0x63f/0x830 drivers/base/dd.c:849
 bus_for_each_drv+0x2c8/0x3f0 drivers/base/bus.c:431
 __device_attach+0x56a/0x890 drivers/base/dd.c:917
 device_initial_probe+0x4a/0x60 drivers/base/dd.c:964
 bus_probe_device+0x17e/0x3d0 drivers/base/bus.c:491
 device_add+0x2c15/0x31d0 drivers/base/core.c:3242
 usb_set_configuration+0x3872/0x3eb0 drivers/usb/core/message.c:2164
 usb_generic_driver_probe+0x138/0x300 drivers/usb/core/generic.c:238
 usb_probe_device+0x317/0x570 drivers/usb/core/driver.c:293
 really_probe+0xe15/0x24d0 drivers/base/dd.c:561
 driver_probe_device+0x29d/0x3a0 drivers/base/dd.c:743
 __device_attach_driver+0x63f/0x830 drivers/base/dd.c:849
 bus_for_each_drv+0x2c8/0x3f0 drivers/base/bus.c:431
 __device_attach+0x56a/0x890 drivers/base/dd.c:917
 device_initial_probe+0x4a/0x60 drivers/base/dd.c:964
 bus_probe_device+0x17e/0x3d0 drivers/base/bus.c:491
 device_add+0x2c15/0x31d0 drivers/base/core.c:3242
 usb_new_device+0x1bd4/0x2a30 drivers/usb/core/hub.c:2555
 hub_port_connect drivers/usb/core/hub.c:5223 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5363 [inline]
 port_event drivers/usb/core/hub.c:5509 [inline]
 hub_event+0x5b99/0x8870 drivers/usb/core/hub.c:5591
 process_one_work+0x1219/0x1fe0 kernel/workqueue.c:2275
 worker_thread+0x10ec/0x2340 kernel/workqueue.c:2421
 kthread+0x521/0x560 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294

Local variable ----data.i@pegasus_probe created at:
 get_interrupt_interval drivers/net/usb/pegasus.c:1151 [inline]
 pegasus_probe+0xe57/0x4080 drivers/net/usb/pegasus.c:1152
 get_interrupt_interval drivers/net/usb/pegasus.c:1151 [inline]
 pegasus_probe+0xe57/0x4080 drivers/net/usb/pegasus.c:1152
=====================================================
pegasus 1-1:0.194: can't reset MAC
pegasus: probe of 1-1:0.194 failed with error -5
usb 1-1: USB disconnect, device number 2
usb 1-1: new full-speed USB device number 3 using dummy_hcd
usb 1-1: config 0 has an invalid interface number: 172 but max is 1
usb 1-1: config 0 contains an unexpected descriptor of type 0x2, skipping
usb 1-1: config 0 has an invalid interface number: 194 but max is 1
usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
usb 1-1: config 0 has no interface number 0
usb 1-1: config 0 has no interface number 1
usb 1-1: config 0 interface 172 altsetting 9 endpoint 0x4 has invalid maxpacket 558, setting to 64
usb 1-1: config 0 interface 172 altsetting 9 endpoint 0xD has invalid maxpacket 512, setting to 64
usb 1-1: config 0 interface 172 altsetting 9 endpoint 0x8 has invalid maxpacket 512, setting to 64
usb 1-1: config 0 interface 194 altsetting 64 endpoint 0xA has an invalid bInterval 127, changing to 4
usb 1-1: config 0 interface 194 altsetting 64 endpoint 0xA has invalid wMaxPacketSize 0
usb 1-1: config 0 interface 194 altsetting 64 has an invalid endpoint with address 0xA4, skipping
usb 1-1: config 0 interface 194 altsetting 64 has 2 endpoint descriptors, different from the interface descriptor's value: 16
usb 1-1: config 0 interface 172 has no altsetting 0
usb 1-1: config 0 interface 194 has no altsetting 0
usb 1-1: New USB device found, idVendor=07aa, idProduct=0004, bcdDevice=6e.8b
usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
usb 1-1: Product: syz
usb 1-1: Manufacturer: syz
usb 1-1: config 0 descriptor??
usb 1-1: can't set config #0, error -71
usb 1-1: USB disconnect, device number 3
usb 1-1: new full-speed USB device number 4 using dummy_hcd
usb 1-1: config 0 has an invalid interface number: 172 but max is 1
usb 1-1: config 0 contains an unexpected descriptor of type 0x2, skipping
usb 1-1: config 0 has an invalid interface number: 194 but max is 1
usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
usb 1-1: config 0 has no interface number 0
usb 1-1: config 0 has no interface number 1
usb 1-1: config 0 interface 172 altsetting 9 endpoint 0x4 has invalid maxpacket 558, setting to 64
usb 1-1: config 0 interface 172 altsetting 9 endpoint 0xD has invalid maxpacket 512, setting to 64
usb 1-1: config 0 interface 172 altsetting 9 endpoint 0x8 has invalid maxpacket 512, setting to 64
usb 1-1: config 0 interface 194 altsetting 64 endpoint 0xA has an invalid bInterval 127, changing to 4
usb 1-1: config 0 interface 194 altsetting 64 endpoint 0xA has invalid wMaxPacketSize 0
usb 1-1: config 0 interface 194 altsetting 64 has an invalid endpoint with address 0xA4, skipping
usb 1-1: config 0 interface 194 altsetting 64 has 2 endpoint descriptors, different from the interface descriptor's value: 16
usb 1-1: config 0 interface 172 has no altsetting 0
usb 1-1: config 0 interface 194 has no altsetting 0
usb 1-1: New USB device found, idVendor=07aa, idProduct=0004, bcdDevice=6e.8b
usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
usb 1-1: Product: syz
usb 1-1: Manufacturer: syz
usb 1-1: SerialNumber: syz
usb 1-1: config 0 descriptor??

Crashes (248):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Title
ci-upstream-kmsan-gce	2021/05/05 06:34	https://github.com/google/kmsan.git master	4ebaab5fb428	06c27ff5	.config	log	report	syz	C		KMSAN: uninit-value in pegasus_probe
ci-upstream-kmsan-gce	2019/09/28 07:18	https://github.com/google/kmsan.git master	124037e07586	d8074e0b	.config	log	report	syz	C
ci-upstream-kmsan-gce	2021/07/23 07:00	https://github.com/google/kmsan.git master	a43e029dee89	bc5f1d88	.config	log	report			info	KMSAN: uninit-value in pegasus_probe
ci-upstream-kmsan-gce	2021/07/18 15:39	https://github.com/google/kmsan.git master	a0f3a2c4404f	f115ae98	.config	log	report			info	KMSAN: uninit-value in pegasus_probe
ci-upstream-kmsan-gce	2021/07/13 09:46	https://github.com/google/kmsan.git master	57b5797c8013	f415556d	.config	log	report			info	KMSAN: uninit-value in pegasus_probe
ci-upstream-kmsan-gce	2021/07/12 03:38	https://github.com/google/kmsan.git master	57b5797c8013	8f5a7b8c	.config	log	report			info	KMSAN: uninit-value in pegasus_probe
ci-upstream-kmsan-gce	2021/07/09 16:19	https://github.com/google/kmsan.git master	57b5797c8013	281e815f	.config	log	report			info	KMSAN: uninit-value in pegasus_probe
ci-upstream-kmsan-gce	2021/07/05 07:46	https://github.com/google/kmsan.git master	57b5797c8013	55aa55c2	.config	log	report			info	KMSAN: uninit-value in pegasus_probe
ci-upstream-kmsan-gce	2021/07/05 05:59	https://github.com/google/kmsan.git master	57b5797c8013	55aa55c2	.config	log	report			info	KMSAN: uninit-value in pegasus_probe
ci-upstream-kmsan-gce	2021/07/03 23:41	https://github.com/google/kmsan.git master	57b5797c8013	55aa55c2	.config	log	report			info	KMSAN: uninit-value in pegasus_probe
ci-upstream-kmsan-gce	2021/06/25 17:17	https://github.com/google/kmsan.git master	a520ce29b172	ae6bf8dd	.config	log	report			info	KMSAN: uninit-value in pegasus_probe
ci-upstream-kmsan-gce	2021/06/25 14:10	https://github.com/google/kmsan.git master	a520ce29b172	0edbbe31	.config	log	report			info	KMSAN: uninit-value in pegasus_probe
ci-upstream-kmsan-gce	2021/06/22 06:45	https://github.com/google/kmsan.git master	6a6a67f21dec	aba2b2fb	.config	log	report			info	KMSAN: uninit-value in pegasus_probe
ci-upstream-kmsan-gce	2021/06/12 16:45	https://github.com/google/kmsan.git master	6099c9da2f7d	1ba81399	.config	log	report			info	KMSAN: uninit-value in pegasus_probe
ci-upstream-kmsan-gce	2021/06/08 11:52	https://github.com/google/kmsan.git master	6099c9da2f7d	b718257f	.config	log	report			info	KMSAN: uninit-value in pegasus_probe
ci-upstream-kmsan-gce	2021/06/07 18:55	https://github.com/google/kmsan.git master	6099c9da2f7d	e59537be	.config	log	report			info	KMSAN: uninit-value in pegasus_probe
ci-upstream-kmsan-gce	2021/05/20 06:04	https://github.com/google/kmsan.git master	6099c9da2f7d	a343ba6b	.config	log	report			info	KMSAN: uninit-value in pegasus_probe
ci-upstream-kmsan-gce	2021/05/18 08:42	https://github.com/google/kmsan.git master	bdefec9ab855	a343ba6b	.config	log	report			info	KMSAN: uninit-value in pegasus_probe
ci-upstream-kmsan-gce	2021/05/16 22:51	https://github.com/google/kmsan.git master	bdefec9ab855	f54a5c09	.config	log	report			info	KMSAN: uninit-value in pegasus_probe
ci-upstream-kmsan-gce	2021/05/15 07:37	https://github.com/google/kmsan.git master	bdefec9ab855	8bdd5343	.config	log	report			info	KMSAN: uninit-value in pegasus_probe
ci-upstream-kmsan-gce	2021/05/13 00:01	https://github.com/google/kmsan.git master	bdefec9ab855	ed7d41c5	.config	log	report			info	KMSAN: uninit-value in pegasus_probe
ci-upstream-kmsan-gce	2021/05/12 13:02	https://github.com/google/kmsan.git master	bdefec9ab855	da958a4d	.config	log	report			info	KMSAN: uninit-value in pegasus_probe
ci-upstream-kmsan-gce	2021/05/10 10:17	https://github.com/google/kmsan.git master	4ebaab5fb428	bc5434be	.config	log	report			info	KMSAN: uninit-value in pegasus_probe
ci-upstream-kmsan-gce	2021/05/08 11:46	https://github.com/google/kmsan.git master	4ebaab5fb428	bc5434be	.config	log	report			info	KMSAN: uninit-value in pegasus_probe
ci-upstream-kmsan-gce	2021/05/02 22:08	https://github.com/google/kmsan.git master	4ebaab5fb428	77e2b668	.config	log	report			info	KMSAN: uninit-value in pegasus_probe
ci-upstream-kmsan-gce	2021/05/02 04:26	https://github.com/google/kmsan.git master	4ebaab5fb428	77e2b668	.config	log	report			info	KMSAN: uninit-value in pegasus_probe
ci-upstream-kmsan-gce	2021/04/27 20:34	https://github.com/google/kmsan.git master	4ebaab5fb428	805b5003	.config	log	report			info	KMSAN: uninit-value in pegasus_probe
ci-upstream-kmsan-gce	2021/04/27 04:23	https://github.com/google/kmsan.git master	4ebaab5fb428	805b5003	.config	log	report			info	KMSAN: uninit-value in pegasus_probe
ci-upstream-kmsan-gce	2021/04/23 06:58	https://github.com/google/kmsan.git master	4ebaab5fb428	590921a5	.config	log	report			info	KMSAN: uninit-value in pegasus_probe
ci-upstream-kmsan-gce	2021/04/15 18:26	https://github.com/google/kmsan.git master	4ebaab5fb428	fcdb12ba	.config	log	report			info	KMSAN: uninit-value in pegasus_probe
ci-upstream-kmsan-gce	2021/04/13 15:35	https://github.com/google/kmsan.git master	4ebaab5fb428	bfeda1b1	.config	log	report			info	KMSAN: uninit-value in pegasus_probe
ci-upstream-kmsan-gce	2021/04/13 00:53	https://github.com/google/kmsan.git master	4ebaab5fb428	bfeda1b1	.config	log	report			info	KMSAN: uninit-value in pegasus_probe
ci-upstream-kmsan-gce	2021/04/11 16:06	https://github.com/google/kmsan.git master	4ebaab5fb428	bfeda1b1	.config	log	report			info	KMSAN: uninit-value in pegasus_probe
ci-upstream-kmsan-gce	2021/04/11 14:13	https://github.com/google/kmsan.git master	4ebaab5fb428	bfeda1b1	.config	log	report			info	KMSAN: uninit-value in pegasus_probe
ci-upstream-kmsan-gce	2021/04/09 16:01	https://github.com/google/kmsan.git master	29ad81a1074a	6a81331a	.config	log	report			info	KMSAN: uninit-value in pegasus_probe
ci-upstream-kmsan-gce-386	2021/07/23 07:40	https://github.com/google/kmsan.git master	a43e029dee89	bc5f1d88	.config	log	report			info	KMSAN: uninit-value in pegasus_probe
ci-upstream-kmsan-gce-386	2021/07/02 20:13	https://github.com/google/kmsan.git master	57b5797c8013	55aa55c2	.config	log	report			info	KMSAN: uninit-value in pegasus_probe
ci-upstream-kmsan-gce-386	2021/06/23 06:43	https://github.com/google/kmsan.git master	6a6a67f21dec	aba2b2fb	.config	log	report			info	KMSAN: uninit-value in pegasus_probe
ci-upstream-kmsan-gce-386	2021/06/12 16:37	https://github.com/google/kmsan.git master	6099c9da2f7d	1ba81399	.config	log	report			info	KMSAN: uninit-value in pegasus_probe
ci-upstream-kmsan-gce-386	2021/06/12 10:16	https://github.com/google/kmsan.git master	6099c9da2f7d	1ba81399	.config	log	report			info	KMSAN: uninit-value in pegasus_probe
ci-upstream-kmsan-gce-386	2021/06/12 09:03	https://github.com/google/kmsan.git master	6099c9da2f7d	1ba81399	.config	log	report			info	KMSAN: uninit-value in pegasus_probe
ci-upstream-kmsan-gce-386	2021/05/22 09:08	https://github.com/google/kmsan.git master	6099c9da2f7d	3c7fef33	.config	log	report			info	KMSAN: uninit-value in pegasus_probe
ci-upstream-kmsan-gce-386	2021/04/12 08:24	https://github.com/google/kmsan.git master	4ebaab5fb428	bfeda1b1	.config	log	report			info	KMSAN: uninit-value in pegasus_probe
ci-upstream-kmsan-gce-386	2021/04/09 14:48	https://github.com/google/kmsan.git master	29ad81a1074a	6a81331a	.config	log	report			info	KMSAN: uninit-value in pegasus_probe
ci-upstream-kmsan-gce-386	2021/04/08 14:55	https://github.com/google/kmsan.git master	29ad81a1074a	6a81331a	.config	log	report			info	KMSAN: uninit-value in pegasus_probe
ci-upstream-kmsan-gce	2019/07/01 17:34	https://github.com/google/kmsan.git master	41550654dedf	907bf746	.config	log	report
ci-upstream-kmsan-gce-386	2021/01/16 01:13	https://github.com/google/kmsan.git master	73d62e81b476	65a7a854	.config	log	report			info