* KMSAN: uninit-value in mii_nway_restart
@ 2019-06-04 10:32 syzbot
[not found] ` <b15ccfc3-4b86-4a6c-b72c-880963d842f6n@googlegroups.com>
0 siblings, 1 reply; 8+ messages in thread
From: syzbot @ 2019-06-04 10:32 UTC (permalink / raw)
To: davem, glider, linux-kernel, netdev, syzkaller-bugs
Hello,
syzbot found the following crash on:
HEAD commit: f75e4cfe kmsan: use kmsan_handle_urb() in urb.c
git tree: kmsan
console output: https://syzkaller.appspot.com/x/log.txt?x=1180360ea00000
kernel config: https://syzkaller.appspot.com/x/.config?x=602468164ccdc30a
dashboard link: https://syzkaller.appspot.com/bug?extid=1f53a30781af65d2c955
compiler: clang version 9.0.0 (/home/glider/llvm/clang
06d00afa61eef8f7f501ebdb4e8612ea43ec2d78)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16a2b4f2a00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=107f4e86a00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+1f53a30781af65d2c955@syzkaller.appspotmail.com
ax88179_178a 1-1:0.186 (unnamed net_device) (uninitialized): Failed to
write reg index 0x000d: -71
ax88179_178a 1-1:0.186 (unnamed net_device) (uninitialized): Failed to
write reg index 0x000e: -71
ax88179_178a 1-1:0.186 (unnamed net_device) (uninitialized): Failed to
write reg index 0x000d: -71
ax88179_178a 1-1:0.186 (unnamed net_device) (uninitialized): Failed to
write reg index 0x000e: -71
ax88179_178a 1-1:0.186 (unnamed net_device) (uninitialized): Failed to read
reg index 0x0000: -71
==================================================================
BUG: KMSAN: uninit-value in mii_nway_restart+0x141/0x260
drivers/net/mii.c:467
CPU: 1 PID: 3353 Comm: kworker/1:2 Not tainted 5.1.0+ #1
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Workqueue: usb_hub_wq hub_event
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x191/0x1f0 lib/dump_stack.c:113
kmsan_report+0x130/0x2a0 mm/kmsan/kmsan.c:622
__msan_warning+0x75/0xe0 mm/kmsan/kmsan_instr.c:310
mii_nway_restart+0x141/0x260 drivers/net/mii.c:467
ax88179_bind+0xee3/0x1a10 drivers/net/usb/ax88179_178a.c:1329
usbnet_probe+0x10f5/0x3940 drivers/net/usb/usbnet.c:1728
usb_probe_interface+0xd66/0x1320 drivers/usb/core/driver.c:361
really_probe+0xdae/0x1d80 drivers/base/dd.c:513
driver_probe_device+0x1b3/0x4f0 drivers/base/dd.c:671
__device_attach_driver+0x5b8/0x790 drivers/base/dd.c:778
bus_for_each_drv+0x28e/0x3b0 drivers/base/bus.c:454
__device_attach+0x454/0x730 drivers/base/dd.c:844
device_initial_probe+0x4a/0x60 drivers/base/dd.c:891
bus_probe_device+0x137/0x390 drivers/base/bus.c:514
device_add+0x288d/0x30e0 drivers/base/core.c:2106
usb_set_configuration+0x30dc/0x3750 drivers/usb/core/message.c:2027
generic_probe+0xe7/0x280 drivers/usb/core/generic.c:210
usb_probe_device+0x14c/0x200 drivers/usb/core/driver.c:266
really_probe+0xdae/0x1d80 drivers/base/dd.c:513
driver_probe_device+0x1b3/0x4f0 drivers/base/dd.c:671
__device_attach_driver+0x5b8/0x790 drivers/base/dd.c:778
bus_for_each_drv+0x28e/0x3b0 drivers/base/bus.c:454
__device_attach+0x454/0x730 drivers/base/dd.c:844
device_initial_probe+0x4a/0x60 drivers/base/dd.c:891
bus_probe_device+0x137/0x390 drivers/base/bus.c:514
device_add+0x288d/0x30e0 drivers/base/core.c:2106
usb_new_device+0x23e5/0x2ff0 drivers/usb/core/hub.c:2534
hub_port_connect drivers/usb/core/hub.c:5089 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5204 [inline]
port_event drivers/usb/core/hub.c:5350 [inline]
hub_event+0x48d1/0x7290 drivers/usb/core/hub.c:5432
process_one_work+0x1572/0x1f00 kernel/workqueue.c:2269
worker_thread+0x111b/0x2460 kernel/workqueue.c:2415
kthread+0x4b5/0x4f0 kernel/kthread.c:254
ret_from_fork+0x35/0x40 arch/x86/entry/entry_64.S:355
Local variable description: ----buf.i@ax88179_mdio_read
Variable was created at:
__ax88179_read_cmd drivers/net/usb/ax88179_178a.c:199 [inline]
ax88179_read_cmd drivers/net/usb/ax88179_178a.c:311 [inline]
ax88179_mdio_read+0x7b/0x240 drivers/net/usb/ax88179_178a.c:369
mii_nway_restart+0xcf/0x260 drivers/net/mii.c:465
==================================================================
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
^ permalink raw reply [flat|nested] 8+ messages in thread[parent not found: <b15ccfc3-4b86-4a6c-b72c-880963d842f6n@googlegroups.com>]
* Re: KMSAN: uninit-value in mii_nway_restart [not found] ` <b15ccfc3-4b86-4a6c-b72c-880963d842f6n@googlegroups.com> @ 2022-08-30 8:26 ` Alexander Potapenko 0 siblings, 0 replies; 8+ messages in thread From: Alexander Potapenko @ 2022-08-30 8:26 UTC (permalink / raw) To: syzkaller-bugs, David Miller, Alexander Potapenko, LKML, Networking (adding the original recipients back) On Fri, Aug 26, 2022 at 10:44 AM Alexander Potapenko <glider@google.com> wrote: > > > > On Tuesday, June 4, 2019 at 12:32:05 PM UTC+2 syzbot wrote: >> >> Hello, >> >> syzbot found the following crash on: >> >> HEAD commit: f75e4cfe kmsan: use kmsan_handle_urb() in urb.c >> git tree: kmsan >> console output: https://syzkaller.appspot.com/x/log.txt?x=1180360ea00000 >> kernel config: https://syzkaller.appspot.com/x/.config?x=602468164ccdc30a >> dashboard link: https://syzkaller.appspot.com/bug?extid=1f53a30781af65d2c955 >> compiler: clang version 9.0.0 (/home/glider/llvm/clang >> 06d00afa61eef8f7f501ebdb4e8612ea43ec2d78) >> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16a2b4f2a00000 >> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=107f4e86a00000 >> >> IMPORTANT: if you fix the bug, please add the following tag to the commit: >> Reported-by: syzbot+1f53a3...@syzkaller.appspotmail.com >> >> ax88179_178a 1-1:0.186 (unnamed net_device) (uninitialized): Failed to >> write reg index 0x000d: -71 >> ax88179_178a 1-1:0.186 (unnamed net_device) (uninitialized): Failed to >> write reg index 0x000e: -71 >> ax88179_178a 1-1:0.186 (unnamed net_device) (uninitialized): Failed to >> write reg index 0x000d: -71 >> ax88179_178a 1-1:0.186 (unnamed net_device) (uninitialized): Failed to >> write reg index 0x000e: -71 >> ax88179_178a 1-1:0.186 (unnamed net_device) (uninitialized): Failed to read >> reg index 0x0000: -71 >> ================================================================== >> BUG: KMSAN: uninit-value in mii_nway_restart+0x141/0x260 >> drivers/net/mii.c:467 >> CPU: 1 PID: 3353 Comm: kworker/1:2 Not tainted 5.1.0+ #1 >> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS >> Google 01/01/2011 >> Workqueue: usb_hub_wq hub_event >> Call Trace: >> __dump_stack lib/dump_stack.c:77 [inline] >> dump_stack+0x191/0x1f0 lib/dump_stack.c:113 >> kmsan_report+0x130/0x2a0 mm/kmsan/kmsan.c:622 >> __msan_warning+0x75/0xe0 mm/kmsan/kmsan_instr.c:310 >> mii_nway_restart+0x141/0x260 drivers/net/mii.c:467 >> ax88179_bind+0xee3/0x1a10 drivers/net/usb/ax88179_178a.c:1329 >> usbnet_probe+0x10f5/0x3940 drivers/net/usb/usbnet.c:1728 >> usb_probe_interface+0xd66/0x1320 drivers/usb/core/driver.c:361 >> really_probe+0xdae/0x1d80 drivers/base/dd.c:513 >> driver_probe_device+0x1b3/0x4f0 drivers/base/dd.c:671 >> __device_attach_driver+0x5b8/0x790 drivers/base/dd.c:778 >> bus_for_each_drv+0x28e/0x3b0 drivers/base/bus.c:454 >> __device_attach+0x454/0x730 drivers/base/dd.c:844 >> device_initial_probe+0x4a/0x60 drivers/base/dd.c:891 >> bus_probe_device+0x137/0x390 drivers/base/bus.c:514 >> device_add+0x288d/0x30e0 drivers/base/core.c:2106 >> usb_set_configuration+0x30dc/0x3750 drivers/usb/core/message.c:2027 >> generic_probe+0xe7/0x280 drivers/usb/core/generic.c:210 >> usb_probe_device+0x14c/0x200 drivers/usb/core/driver.c:266 >> really_probe+0xdae/0x1d80 drivers/base/dd.c:513 >> driver_probe_device+0x1b3/0x4f0 drivers/base/dd.c:671 >> __device_attach_driver+0x5b8/0x790 drivers/base/dd.c:778 >> bus_for_each_drv+0x28e/0x3b0 drivers/base/bus.c:454 >> __device_attach+0x454/0x730 drivers/base/dd.c:844 >> device_initial_probe+0x4a/0x60 drivers/base/dd.c:891 >> bus_probe_device+0x137/0x390 drivers/base/bus.c:514 >> device_add+0x288d/0x30e0 drivers/base/core.c:2106 >> usb_new_device+0x23e5/0x2ff0 drivers/usb/core/hub.c:2534 >> hub_port_connect drivers/usb/core/hub.c:5089 [inline] >> hub_port_connect_change drivers/usb/core/hub.c:5204 [inline] >> port_event drivers/usb/core/hub.c:5350 [inline] >> hub_event+0x48d1/0x7290 drivers/usb/core/hub.c:5432 >> process_one_work+0x1572/0x1f00 kernel/workqueue.c:2269 >> worker_thread+0x111b/0x2460 kernel/workqueue.c:2415 >> kthread+0x4b5/0x4f0 kernel/kthread.c:254 >> ret_from_fork+0x35/0x40 arch/x86/entry/entry_64.S:355 >> >> Local variable description: ----buf.i@ax88179_mdio_read >> Variable was created at: >> __ax88179_read_cmd drivers/net/usb/ax88179_178a.c:199 [inline] >> ax88179_read_cmd drivers/net/usb/ax88179_178a.c:311 [inline] >> ax88179_mdio_read+0x7b/0x240 drivers/net/usb/ax88179_178a.c:369 >> mii_nway_restart+0xcf/0x260 drivers/net/mii.c:465 >> ================================================================== >> > >> >> >> --- >> This bug is generated by a bot. It may contain errors. >> See https://goo.gl/tpsmEJ for more information about syzbot. >> syzbot engineers can be reached at syzk...@googlegroups.com. >> >> syzbot will keep track of this bug report. See: >> https://goo.gl/tpsmEJ#status for how to communicate with syzbot. >> syzbot can test patches for this bug, for details see: >> https://goo.gl/tpsmEJ#testing-patches > > > This bug is still triggerable by KMSAN (https://syzkaller.appspot.com/bug?id=835562bfa4dd92c72f323f29ad388c9cb4b0e63f): > > ===================================================== > BUG: KMSAN: uninit-value in mii_nway_restart+0x117/0x1d0 drivers/net/mii.c:465 > mii_nway_restart+0x117/0x1d0 drivers/net/mii.c:465 > dm9601_bind+0xa17/0xb50 drivers/net/usb/dm9601.c:431 > usbnet_probe+0xebb/0x3cc0 drivers/net/usb/usbnet.c:1747 > usb_probe_interface+0xc4b/0x11f0 drivers/usb/core/driver.c:396 > really_probe+0x499/0xf50 drivers/base/dd.c:634 > __driver_probe_device+0x2fa/0x3d0 drivers/base/dd.c:764 > driver_probe_device+0x72/0x7a0 drivers/base/dd.c:794 > __device_attach_driver+0x6f1/0x890 drivers/base/dd.c:917 > bus_for_each_drv+0x1fc/0x360 drivers/base/bus.c:427 > __device_attach+0x42a/0x720 drivers/base/dd.c:989 > device_initial_probe+0x2e/0x40 drivers/base/dd.c:1038 > bus_probe_device+0x13c/0x3b0 drivers/base/bus.c:487 > device_add+0x1d4b/0x26c0 drivers/base/core.c:3428 > usb_set_configuration+0x30f8/0x37e0 drivers/usb/core/message.c:2170 > usb_generic_driver_probe+0x105/0x290 drivers/usb/core/generic.c:238 > usb_probe_device+0x288/0x490 drivers/usb/core/driver.c:293 > really_probe+0x499/0xf50 drivers/base/dd.c:634 > __driver_probe_device+0x2fa/0x3d0 drivers/base/dd.c:764 > driver_probe_device+0x72/0x7a0 drivers/base/dd.c:794 > __device_attach_driver+0x6f1/0x890 drivers/base/dd.c:917 > bus_for_each_drv+0x1fc/0x360 drivers/base/bus.c:427 > __device_attach+0x42a/0x720 drivers/base/dd.c:989 > device_initial_probe+0x2e/0x40 drivers/base/dd.c:1038 > bus_probe_device+0x13c/0x3b0 drivers/base/bus.c:487 > device_add+0x1d4b/0x26c0 drivers/base/core.c:3428 > usb_new_device+0x17a1/0x2360 drivers/usb/core/hub.c:2566 > hub_port_connect drivers/usb/core/hub.c:5363 [inline] > hub_port_connect_change drivers/usb/core/hub.c:5507 [inline] > port_event drivers/usb/core/hub.c:5663 [inline] > hub_event+0x5559/0x8050 drivers/usb/core/hub.c:5745 > process_one_work+0xb27/0x13e0 kernel/workqueue.c:2289 > worker_thread+0x1076/0x1d60 kernel/workqueue.c:2436 > kthread+0x31b/0x430 kernel/kthread.c:376 > ret_from_fork+0x1f/0x30 > > Local variable res created at: > dm9601_mdio_read+0x49/0xf0 drivers/net/usb/dm9601.c:226 > mii_nway_restart+0x84/0x1d0 drivers/net/mii.c:463 > > CPU: 0 PID: 28 Comm: kworker/0:1 Not tainted 5.19.0-syzkaller-32655-g1b070a5d1a2c #0 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 > Workqueue: usb_hub_wq hub_event > ===================================================== > > I believe we should either be always checking the return value of dm_read_shared_word(), or make it unconditionally initialize *value. -- Alexander Potapenko Software Engineer Google Germany GmbH Erika-Mann-Straße, 33 80636 München Geschäftsführer: Paul Manicle, Liana Sebastian Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg ^ permalink raw reply [flat|nested] 8+ messages in thread
[parent not found: <CALiyAom35=FOaBTWuqT-vta9PFuQAshkq6CkSJirK62oxuo7VQ@mail.gmail.com>]
* Re: KMSAN: uninit-value in mii_nway_restart [not found] <CALiyAom35=FOaBTWuqT-vta9PFuQAshkq6CkSJirK62oxuo7VQ@mail.gmail.com> @ 2024-09-07 11:09 ` syzbot 0 siblings, 0 replies; 8+ messages in thread From: syzbot @ 2024-09-07 11:09 UTC (permalink / raw) To: hridesh699; +Cc: hridesh699, linux-kernel, syzkaller-bugs > #syz test This bug is already marked as fixed. No point in testing. > diff --git a/drivers/net/usb/dm9601.c b/drivers/net/usb/dm9601.c > index 48d7d278631e..2e2bb22e60ea 100644 > --- a/drivers/net/usb/dm9601.c > +++ b/drivers/net/usb/dm9601.c > @@ -10,6 +10,7 @@ > > //#define DEBUG > > +#include "net/net_debug.h" > #include <linux/module.h> > #include <linux/sched.h> > #include <linux/stddef.h> > @@ -222,13 +223,18 @@ static int dm9601_mdio_read(struct net_device > *netdev, int phy_id, int loc) > struct usbnet *dev = netdev_priv(netdev); > > __le16 res; > + int err; > > if (phy_id) { > netdev_dbg(dev->net, "Only internal phy supported\n"); > return 0; > } > > - dm_read_shared_word(dev, 1, loc, &res); > + err = dm_read_shared_word(dev, 1, loc, &res); > + if (err < 0) { > + netdev_err(dev->net, "MDIO read error: %d\n", err); > + return err; > + } > > netdev_dbg(dev->net, > "dm9601_mdio_read() phy_id=0x%02x, loc=0x%02x, returns=0x%04x\n", ^ permalink raw reply [flat|nested] 8+ messages in thread
[parent not found: <CACb6ct0LWnXzbEyFYL4dBMZX8m8xZD3Yc5JOtKJhK=Sj306Wzg@mail.gmail.com>]
* Re: KMSAN: uninit-value in mii_nway_restart [not found] <CACb6ct0LWnXzbEyFYL4dBMZX8m8xZD3Yc5JOtKJhK=Sj306Wzg@mail.gmail.com> @ 2024-09-12 9:41 ` syzbot 0 siblings, 0 replies; 8+ messages in thread From: syzbot @ 2024-09-12 9:41 UTC (permalink / raw) To: ksjoe30; +Cc: ksjoe30, linux-kernel, syzkaller-bugs > #syz test This bug is already marked as fixed. No point in testing. ^ permalink raw reply [flat|nested] 8+ messages in thread
[parent not found: <CACb6ct1hN+xLbMyKvmxuExkSqoSgahV30HFsdo0Epm4sjqWfkA@mail.gmail.com>]
* Re: KMSAN: uninit-value in mii_nway_restart [not found] <CACb6ct1hN+xLbMyKvmxuExkSqoSgahV30HFsdo0Epm4sjqWfkA@mail.gmail.com> @ 2024-09-12 10:20 ` syzbot 0 siblings, 0 replies; 8+ messages in thread From: syzbot @ 2024-09-12 10:20 UTC (permalink / raw) To: ksjoe30; +Cc: ksjoe30, linux-kernel, syzkaller-bugs > #syz test: This bug is already marked as fixed. No point in testing. > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ master ^ permalink raw reply [flat|nested] 8+ messages in thread
[parent not found: <CACb6ct19G+OKzjHTaMM3N-uO_5DC_UZWiHPv5V90XoWLoRzeHQ@mail.gmail.com>]
* Re: KMSAN: uninit-value in mii_nway_restart [not found] <CACb6ct19G+OKzjHTaMM3N-uO_5DC_UZWiHPv5V90XoWLoRzeHQ@mail.gmail.com> @ 2024-09-12 10:23 ` syzbot 0 siblings, 0 replies; 8+ messages in thread From: syzbot @ 2024-09-12 10:23 UTC (permalink / raw) To: ksjoe30; +Cc: ksjoe30, linux-kernel, syzkaller-bugs > #syz redo unknown command "redo" ^ permalink raw reply [flat|nested] 8+ messages in thread
[parent not found: <CAFRctSGbnUwgYE9yTU1V+ULZuo_AXxwHR8s-_7=+MiAHKE-Qow@mail.gmail.com>]
* Re: KMSAN: uninit-value in mii_nway_restart [not found] <CAFRctSGbnUwgYE9yTU1V+ULZuo_AXxwHR8s-_7=+MiAHKE-Qow@mail.gmail.com> @ 2024-09-28 21:14 ` syzbot 0 siblings, 0 replies; 8+ messages in thread From: syzbot @ 2024-09-28 21:14 UTC (permalink / raw) To: eslam.medhat1993; +Cc: eslam.medhat1993, linux-kernel, syzkaller-bugs > #syz test This bug is already marked as fixed. No point in testing. > > > -- > > *Eslam Medhat Khafagy* > > *https://www.linkedin.com/in/eslam-khafagy-a8a68159/ > <https://www.linkedin.com/in/eslam-khafagy-a8a68159/>* ^ permalink raw reply [flat|nested] 8+ messages in thread
[parent not found: <CABMo7LJa5deYaxgCuSFBMxSQeaX5PH4_mMyVnDnRQ+rJHi03pQ@mail.gmail.com>]
* Re: KMSAN: uninit-value in mii_nway_restart [not found] <CABMo7LJa5deYaxgCuSFBMxSQeaX5PH4_mMyVnDnRQ+rJHi03pQ@mail.gmail.com> @ 2024-12-07 19:16 ` syzbot 0 siblings, 0 replies; 8+ messages in thread From: syzbot @ 2024-12-07 19:16 UTC (permalink / raw) To: tuliomf09; +Cc: tuliomf09, linux-kernel, syzkaller-bugs > #syz test This bug is already marked as fixed. No point in testing. ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2024-12-07 19:16 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-06-04 10:32 KMSAN: uninit-value in mii_nway_restart syzbot
[not found] ` <b15ccfc3-4b86-4a6c-b72c-880963d842f6n@googlegroups.com>
2022-08-30 8:26 ` Alexander Potapenko
[not found] <CALiyAom35=FOaBTWuqT-vta9PFuQAshkq6CkSJirK62oxuo7VQ@mail.gmail.com>
2024-09-07 11:09 ` syzbot
[not found] <CACb6ct0LWnXzbEyFYL4dBMZX8m8xZD3Yc5JOtKJhK=Sj306Wzg@mail.gmail.com>
2024-09-12 9:41 ` syzbot
[not found] <CACb6ct1hN+xLbMyKvmxuExkSqoSgahV30HFsdo0Epm4sjqWfkA@mail.gmail.com>
2024-09-12 10:20 ` syzbot
[not found] <CACb6ct19G+OKzjHTaMM3N-uO_5DC_UZWiHPv5V90XoWLoRzeHQ@mail.gmail.com>
2024-09-12 10:23 ` syzbot
[not found] <CAFRctSGbnUwgYE9yTU1V+ULZuo_AXxwHR8s-_7=+MiAHKE-Qow@mail.gmail.com>
2024-09-28 21:14 ` syzbot
[not found] <CABMo7LJa5deYaxgCuSFBMxSQeaX5PH4_mMyVnDnRQ+rJHi03pQ@mail.gmail.com>
2024-12-07 19:16 ` syzbot
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox