syzbot

 sign-in | mailing list | source | docs
🐞 Open [985] Subsystems 🐞 Fixed [5238] 🐞 Invalid [12509] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KMSAN: uninit-value in handle_control_request

Status: auto-obsoleted due to no activity on 2022/12/07 12:41
Subsystems: usb
[Documentation on labels]
First crash: 605d, last: 605d
Last patch testing requests (1)
Created Duration User Patch Repo Result
2022/12/07 10:31 22m retest repro https://github.com/google/kmsan.git master OK log

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in handle_control_request+0x8db/0x20b0 drivers/usb/gadget/udc/dummy_hcd.c:1625
 handle_control_request+0x8db/0x20b0 drivers/usb/gadget/udc/dummy_hcd.c:1625
 dummy_timer+0x1e53/0x4f20 drivers/usb/gadget/udc/dummy_hcd.c:1911
 call_timer_fn+0x43/0x480 kernel/time/timer.c:1474
 expire_timers+0x272/0x610 kernel/time/timer.c:1519
 __run_timers+0x5bd/0x8c0 kernel/time/timer.c:1790
 run_timer_softirq+0x64/0xe0 kernel/time/timer.c:1803
 __do_softirq+0x1cc/0x7fb kernel/softirq.c:571
 invoke_softirq+0x8f/0x100 kernel/softirq.c:445
 __irq_exit_rcu+0x5a/0x110 kernel/softirq.c:650
 irq_exit_rcu+0xe/0x10 kernel/softirq.c:662
 sysvec_apic_timer_interrupt+0x9a/0xc0 arch/x86/kernel/apic/apic.c:1106
 asm_sysvec_apic_timer_interrupt+0x1b/0x20
 console_emit_next_record+0xf48/0x11b0 kernel/printk/printk.c:2741
 console_unlock+0x4cf/0xb10 kernel/printk/printk.c:2861
 vprintk_emit+0x1f0/0x8d0 kernel/printk/printk.c:2271
 dev_vprintk_emit+0x47f/0x5ad drivers/base/core.c:4736
 dev_printk_emit+0x167/0x1a9 drivers/base/core.c:4747
 __dev_printk+0x2b2/0x320 drivers/base/core.c:4759
 _dev_info+0x196/0x1bc drivers/base/core.c:4805
 rc_register_device+0x149d/0x2180 drivers/media/rc/rc-main.c:1939
 imon_init_rdev drivers/media/rc/imon.c:2010 [inline]
 imon_init_intf0 drivers/media/rc/imon.c:2282 [inline]
 imon_probe+0x4969/0x5370 drivers/media/rc/imon.c:2433
 usb_probe_interface+0xc4b/0x11f0 drivers/usb/core/driver.c:396
 really_probe+0x506/0x1000 drivers/base/dd.c:609
 __driver_probe_device+0x2fa/0x3d0 drivers/base/dd.c:748
 driver_probe_device+0x72/0x7a0 drivers/base/dd.c:778
 __device_attach_driver+0x6f1/0x890 drivers/base/dd.c:901
 bus_for_each_drv+0x1fc/0x360 drivers/base/bus.c:427
 __device_attach+0x42a/0x720 drivers/base/dd.c:973
 device_initial_probe+0x2e/0x40 drivers/base/dd.c:1022
 bus_probe_device+0x13c/0x3b0 drivers/base/bus.c:487
 device_add+0x1d4b/0x26c0 drivers/base/core.c:3517
 usb_set_configuration+0x30f8/0x37e0 drivers/usb/core/message.c:2170
 usb_generic_driver_probe+0x105/0x290 drivers/usb/core/generic.c:238
 usb_probe_device+0x288/0x490 drivers/usb/core/driver.c:293
 really_probe+0x506/0x1000 drivers/base/dd.c:609
 __driver_probe_device+0x2fa/0x3d0 drivers/base/dd.c:748
 driver_probe_device+0x72/0x7a0 drivers/base/dd.c:778
 __device_attach_driver+0x6f1/0x890 drivers/base/dd.c:901
 bus_for_each_drv+0x1fc/0x360 drivers/base/bus.c:427
 __device_attach+0x42a/0x720 drivers/base/dd.c:973
 device_initial_probe+0x2e/0x40 drivers/base/dd.c:1022
 bus_probe_device+0x13c/0x3b0 drivers/base/bus.c:487
 device_add+0x1d4b/0x26c0 drivers/base/core.c:3517
 usb_new_device+0x17ac/0x2370 drivers/usb/core/hub.c:2573
 hub_port_connect drivers/usb/core/hub.c:5353 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5497 [inline]
 port_event drivers/usb/core/hub.c:5653 [inline]
 hub_event+0x5589/0x8080 drivers/usb/core/hub.c:5735
 process_one_work+0xb27/0x13e0 kernel/workqueue.c:2289
 worker_thread+0x1076/0x1d60 kernel/workqueue.c:2436
 kthread+0x31b/0x430 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30

Uninit was stored to memory at:
 dummy_timer+0x1d6b/0x4f20 drivers/usb/gadget/udc/dummy_hcd.c:1888
 call_timer_fn+0x43/0x480 kernel/time/timer.c:1474
 expire_timers+0x272/0x610 kernel/time/timer.c:1519
 __run_timers+0x5bd/0x8c0 kernel/time/timer.c:1790
 run_timer_softirq+0x64/0xe0 kernel/time/timer.c:1803
 __do_softirq+0x1cc/0x7fb kernel/softirq.c:571

Uninit was created at:
 slab_post_alloc_hook mm/slab.h:732 [inline]
 slab_alloc_node mm/slub.c:3258 [inline]
 slab_alloc mm/slub.c:3266 [inline]
 __kmalloc+0x7c9/0x1120 mm/slub.c:4435
 kmalloc include/linux/slab.h:605 [inline]
 raw_alloc_io_data drivers/usb/gadget/legacy/raw_gadget.c:626 [inline]
 raw_ioctl_ep0_read drivers/usb/gadget/legacy/raw_gadget.c:727 [inline]
 raw_ioctl+0x3ef5/0x5c60 drivers/usb/gadget/legacy/raw_gadget.c:1262
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:870 [inline]
 __se_sys_ioctl+0x222/0x400 fs/ioctl.c:856
 __x64_sys_ioctl+0x92/0xd0 fs/ioctl.c:856
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

CPU: 1 PID: 3553 Comm: kworker/1:4 Tainted: G        W          6.0.0-rc2-syzkaller-47461-gac3859c02d7f #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
Workqueue: usb_hub_wq hub_event
=====================================================

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/08/29 10:04 https://github.com/google/kmsan.git master ac3859c02d7f 07177916 .config console log report syz C ci-upstream-kmsan-gce KMSAN: uninit-value in handle_control_request
2022/08/29 08:23 https://github.com/google/kmsan.git master ac3859c02d7f 07177916 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in handle_control_request
* Struck through repros no longer work on HEAD.