Re: KMSAN: uninit-value in ax88172a_bind

All of lore.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+a8d4acdad35e6bbca308@syzkaller.appspotmail.com>
To: allison@lohutok.net, davem@davemloft.net, glider@google.com,
	gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org,
	linux-usb@vger.kernel.org, netdev@vger.kernel.org,
	oneukum@suse.com, opensource@jilayne.com, swinslow@gmail.com,
	syzkaller-bugs@googlegroups.com, tglx@linutronix.de
Subject: Re: KMSAN: uninit-value in ax88172a_bind
Date: Thu, 17 Oct 2019 07:39:00 -0700	[thread overview]
Message-ID: <000000000000a3ab9005951c2d39@google.com> (raw)
In-Reply-To: <1571320940.5264.11.camel@suse.com>

Hello,

syzbot has tested the proposed patch but the reproducer still triggered  
crash:
kernel BUG at drivers/net/phy/mdio_bus.c:LINE!

asix 5-1:0.78 eth1: unregister 'asix' usb-dummy_hcd.4-1, ASIX AX88172A USB  
2.0 Ethernet
asix 5-1:0.78 eth1 (unregistered): deregistering mdio bus �^[�#����\b
------------[ cut here ]------------
kernel BUG at drivers/net/phy/mdio_bus.c:453!
invalid opcode: 0000 [#1] SMP
CPU: 1 PID: 11855 Comm: kworker/1:4 Not tainted 5.4.0-rc2+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS  
Google 01/01/2011
Workqueue: usb_hub_wq hub_event
RIP: 0010:mdiobus_unregister+0x2e3/0x350 drivers/net/phy/mdio_bus.c:453
Code: e8 d2 d2 5f fe eb 3b 8b 7d d4 e8 68 d2 9c fb e9 78 fd ff ff 8b 3a e8  
5c d2 9c fb 41 83 fe 02 0f 84 93 fd ff ff e8 ad 26 38 fb <0f> 0b 44 89 f7  
e8 43 d2 9c fb 4d 85 ff 75 a5 e8 99 26 38 fb 48 8b
RSP: 0018:ffff88808e80f3f0 EFLAGS: 00010293
RAX: ffffffff8669e193 RBX: 0000000000000000 RCX: ffff888090ed3c80
RDX: 0000000000000000 RSI: ffffea0002c4d310 RDI: 000000008dc3c318
RBP: ffff88808e80f448 R08: 0000000000000002 R09: ffff88821fc99c38
R10: 0000000000000004 R11: ffffffff866687b0 R12: ffff88808dc3c318
R13: 0000000000000000 R14: 000000001e392680 R15: ffff888090ed4628
FS:  0000000000000000(0000) GS:ffff88812fd00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000007136b4 CR3: 000000008b8fd000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
  ax88172a_remove_mdio drivers/net/usb/ax88172a.c:124 [inline]
  ax88172a_unbind+0x119/0x1a0 drivers/net/usb/ax88172a.c:274
  usbnet_disconnect+0x209/0x660 drivers/net/usb/usbnet.c:1611
  usb_unbind_interface+0x3a2/0xdd0 drivers/usb/core/driver.c:423
  __device_release_driver drivers/base/dd.c:1134 [inline]
  device_release_driver_internal+0x96f/0xd80 drivers/base/dd.c:1165
  device_release_driver+0x4b/0x60 drivers/base/dd.c:1188
  bus_remove_device+0x4bf/0x670 drivers/base/bus.c:532
  device_del+0xcd5/0x1cb0 drivers/base/core.c:2375
  usb_disable_device+0x567/0x1150 drivers/usb/core/message.c:1241
  usb_disconnect+0x51e/0xd60 drivers/usb/core/hub.c:2199
  hub_port_connect drivers/usb/core/hub.c:4949 [inline]
  hub_port_connect_change drivers/usb/core/hub.c:5213 [inline]
  port_event drivers/usb/core/hub.c:5359 [inline]
  hub_event+0x3fd0/0x72f0 drivers/usb/core/hub.c:5441
  process_one_work+0x1572/0x1ef0 kernel/workqueue.c:2269
  worker_thread+0x111b/0x2460 kernel/workqueue.c:2415
  kthread+0x4b5/0x4f0 kernel/kthread.c:256
  ret_from_fork+0x35/0x40 arch/x86/entry/entry_64.S:355
Modules linked in:
---[ end trace c2dc0f9345a55089 ]---
RIP: 0010:mdiobus_unregister+0x2e3/0x350 drivers/net/phy/mdio_bus.c:453
Code: e8 d2 d2 5f fe eb 3b 8b 7d d4 e8 68 d2 9c fb e9 78 fd ff ff 8b 3a e8  
5c d2 9c fb 41 83 fe 02 0f 84 93 fd ff ff e8 ad 26 38 fb <0f> 0b 44 89 f7  
e8 43 d2 9c fb 4d 85 ff 75 a5 e8 99 26 38 fb 48 8b
RSP: 0018:ffff88808e80f3f0 EFLAGS: 00010293
RAX: ffffffff8669e193 RBX: 0000000000000000 RCX: ffff888090ed3c80
RDX: 0000000000000000 RSI: ffffea0002c4d310 RDI: 000000008dc3c318
RBP: ffff88808e80f448 R08: 0000000000000002 R09: ffff88821fc99c38
R10: 0000000000000004 R11: ffffffff866687b0 R12: ffff88808dc3c318
R13: 0000000000000000 R14: 000000001e392680 R15: ffff888090ed4628
FS:  0000000000000000(0000) GS:ffff88812fd00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000007136b4 CR3: 000000008b8fd000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400


Tested on:

commit:         fa169025 kmsan: get rid of unused static functions in kmsa..
git tree:       https://github.com/google/kmsan.git
console output: https://syzkaller.appspot.com/x/log.txt?x=17a128cf600000
kernel config:  https://syzkaller.appspot.com/x/.config?x=49548798e87d32d7
dashboard link: https://syzkaller.appspot.com/bug?extid=a8d4acdad35e6bbca308
compiler:       clang version 9.0.0 (/home/glider/llvm/clang  
80fee25776c2fb61e74c1ecb1a523375c2500b69)
patch:          https://syzkaller.appspot.com/x/patch.diff?x=131a3227600000

     prev parent reply	other threads:[~2019-10-17 14:39 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-10-15  5:10 KMSAN: uninit-value in ax88172a_bind syzbot
2019-10-17 14:02 ` Oliver Neukum
2019-10-17 14:39   ` syzbot [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=000000000000a3ab9005951c2d39@google.com \
    --to=syzbot+a8d4acdad35e6bbca308@syzkaller.appspotmail.com \
    --cc=allison@lohutok.net \
    --cc=davem@davemloft.net \
    --cc=glider@google.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-usb@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=oneukum@suse.com \
    --cc=opensource@jilayne.com \
    --cc=swinslow@gmail.com \
    --cc=syzkaller-bugs@googlegroups.com \
    --cc=tglx@linutronix.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.