From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Phong Tran <tranmanphong@gmail.com>,
syzbot+8a3fc6674bbc3978ed4e@syzkaller.appspotmail.com,
"David S . Miller" <davem@davemloft.net>,
Sasha Levin <sashal@kernel.org>,
linux-usb@vger.kernel.org, netdev@vger.kernel.org,
clang-built-linux@googlegroups.com
Subject: [PATCH AUTOSEL 4.19 139/158] net: usb: asix: init MAC address buffers
Date: Mon, 15 Jul 2019 10:17:50 -0400 [thread overview]
Message-ID: <20190715141809.8445-139-sashal@kernel.org> (raw)
In-Reply-To: <20190715141809.8445-1-sashal@kernel.org>
From: Phong Tran <tranmanphong@gmail.com>
[ Upstream commit 78226f6eaac80bf30256a33a4926c194ceefdf36 ]
This is for fixing bug KMSAN: uninit-value in ax88772_bind
Tested by
https://groups.google.com/d/msg/syzkaller-bugs/aFQurGotng4/eB_HlNhhCwAJ
Reported-by: syzbot+8a3fc6674bbc3978ed4e@syzkaller.appspotmail.com
syzbot found the following crash on:
HEAD commit: f75e4cfe kmsan: use kmsan_handle_urb() in urb.c
git tree: kmsan
console output: https://syzkaller.appspot.com/x/log.txt?x=136d720ea00000
kernel config:
https://syzkaller.appspot.com/x/.config?x=602468164ccdc30a
dashboard link:
https://syzkaller.appspot.com/bug?extid=8a3fc6674bbc3978ed4e
compiler: clang version 9.0.0 (/home/glider/llvm/clang
06d00afa61eef8f7f501ebdb4e8612ea43ec2d78)
syz repro:
https://syzkaller.appspot.com/x/repro.syz?x=12788316a00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=120359aaa00000
==================================================================
BUG: KMSAN: uninit-value in is_valid_ether_addr
include/linux/etherdevice.h:200 [inline]
BUG: KMSAN: uninit-value in asix_set_netdev_dev_addr
drivers/net/usb/asix_devices.c:73 [inline]
BUG: KMSAN: uninit-value in ax88772_bind+0x93d/0x11e0
drivers/net/usb/asix_devices.c:724
CPU: 0 PID: 3348 Comm: kworker/0:2 Not tainted 5.1.0+ #1
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Workqueue: usb_hub_wq hub_event
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x191/0x1f0 lib/dump_stack.c:113
kmsan_report+0x130/0x2a0 mm/kmsan/kmsan.c:622
__msan_warning+0x75/0xe0 mm/kmsan/kmsan_instr.c:310
is_valid_ether_addr include/linux/etherdevice.h:200 [inline]
asix_set_netdev_dev_addr drivers/net/usb/asix_devices.c:73 [inline]
ax88772_bind+0x93d/0x11e0 drivers/net/usb/asix_devices.c:724
usbnet_probe+0x10f5/0x3940 drivers/net/usb/usbnet.c:1728
usb_probe_interface+0xd66/0x1320 drivers/usb/core/driver.c:361
really_probe+0xdae/0x1d80 drivers/base/dd.c:513
driver_probe_device+0x1b3/0x4f0 drivers/base/dd.c:671
__device_attach_driver+0x5b8/0x790 drivers/base/dd.c:778
bus_for_each_drv+0x28e/0x3b0 drivers/base/bus.c:454
__device_attach+0x454/0x730 drivers/base/dd.c:844
device_initial_probe+0x4a/0x60 drivers/base/dd.c:891
bus_probe_device+0x137/0x390 drivers/base/bus.c:514
device_add+0x288d/0x30e0 drivers/base/core.c:2106
usb_set_configuration+0x30dc/0x3750 drivers/usb/core/message.c:2027
generic_probe+0xe7/0x280 drivers/usb/core/generic.c:210
usb_probe_device+0x14c/0x200 drivers/usb/core/driver.c:266
really_probe+0xdae/0x1d80 drivers/base/dd.c:513
driver_probe_device+0x1b3/0x4f0 drivers/base/dd.c:671
__device_attach_driver+0x5b8/0x790 drivers/base/dd.c:778
bus_for_each_drv+0x28e/0x3b0 drivers/base/bus.c:454
__device_attach+0x454/0x730 drivers/base/dd.c:844
device_initial_probe+0x4a/0x60 drivers/base/dd.c:891
bus_probe_device+0x137/0x390 drivers/base/bus.c:514
device_add+0x288d/0x30e0 drivers/base/core.c:2106
usb_new_device+0x23e5/0x2ff0 drivers/usb/core/hub.c:2534
hub_port_connect drivers/usb/core/hub.c:5089 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5204 [inline]
port_event drivers/usb/core/hub.c:5350 [inline]
hub_event+0x48d1/0x7290 drivers/usb/core/hub.c:5432
process_one_work+0x1572/0x1f00 kernel/workqueue.c:2269
process_scheduled_works kernel/workqueue.c:2331 [inline]
worker_thread+0x189c/0x2460 kernel/workqueue.c:2417
kthread+0x4b5/0x4f0 kernel/kthread.c:254
ret_from_fork+0x35/0x40 arch/x86/entry/entry_64.S:355
Signed-off-by: Phong Tran <tranmanphong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/usb/asix_devices.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/net/usb/asix_devices.c b/drivers/net/usb/asix_devices.c
index 3d93993e74da..2eca4168af2f 100644
--- a/drivers/net/usb/asix_devices.c
+++ b/drivers/net/usb/asix_devices.c
@@ -238,7 +238,7 @@ static void asix_phy_reset(struct usbnet *dev, unsigned int reset_bits)
static int ax88172_bind(struct usbnet *dev, struct usb_interface *intf)
{
int ret = 0;
- u8 buf[ETH_ALEN];
+ u8 buf[ETH_ALEN] = {0};
int i;
unsigned long gpio_bits = dev->driver_info->data;
@@ -689,7 +689,7 @@ static int asix_resume(struct usb_interface *intf)
static int ax88772_bind(struct usbnet *dev, struct usb_interface *intf)
{
int ret, i;
- u8 buf[ETH_ALEN], chipcode = 0;
+ u8 buf[ETH_ALEN] = {0}, chipcode = 0;
u32 phyid;
struct asix_common_private *priv;
@@ -1073,7 +1073,7 @@ static const struct net_device_ops ax88178_netdev_ops = {
static int ax88178_bind(struct usbnet *dev, struct usb_interface *intf)
{
int ret;
- u8 buf[ETH_ALEN];
+ u8 buf[ETH_ALEN] = {0};
usbnet_get_endpoints(dev,intf);
--
2.20.1
next prev parent reply other threads:[~2019-07-15 14:54 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-15 14:15 [PATCH AUTOSEL 4.19 001/158] wil6210: fix potential out-of-bounds read Sasha Levin
2019-07-15 14:15 ` [PATCH AUTOSEL 4.19 002/158] ath10k: Do not send probe response template for mesh Sasha Levin
2019-07-15 14:15 ` [PATCH AUTOSEL 4.19 003/158] ath9k: Check for errors when reading SREV register Sasha Levin
2019-07-15 14:15 ` [PATCH AUTOSEL 4.19 004/158] ath6kl: add some bounds checking Sasha Levin
2019-07-15 14:15 ` [PATCH AUTOSEL 4.19 005/158] ath10k: add peer id check in ath10k_peer_find_by_id Sasha Levin
2019-07-15 14:15 ` [PATCH AUTOSEL 4.19 007/158] wil6210: fix spurious interrupts in 3-msi Sasha Levin
2019-07-15 14:15 ` [PATCH AUTOSEL 4.19 008/158] ath: DFS JP domain W56 fixed pulse type 3 RADAR detection Sasha Levin
2019-07-15 14:15 ` [PATCH AUTOSEL 4.19 010/158] batman-adv: fix for leaked TVLV handler Sasha Levin
2019-07-15 14:15 ` [PATCH AUTOSEL 4.19 018/158] net: stmmac: dwmac1000: Clear unused address entries Sasha Levin
2019-07-15 14:15 ` [PATCH AUTOSEL 4.19 019/158] net: stmmac: dwmac4/5: " Sasha Levin
2019-07-15 14:15 ` [PATCH AUTOSEL 4.19 020/158] qed: Set the doorbell address correctly Sasha Levin
2019-07-15 14:15 ` [PATCH AUTOSEL 4.19 023/158] af_key: fix leaks in key_pol_get_resp and dump_sp Sasha Levin
2019-07-15 14:15 ` [PATCH AUTOSEL 4.19 024/158] xfrm: Fix xfrm sel prefix length validation Sasha Levin
2019-07-15 14:15 ` [PATCH AUTOSEL 4.19 027/158] Revert "e1000e: fix cyclic resets at link up with active tx" Sasha Levin
2019-07-15 14:15 ` [PATCH AUTOSEL 4.19 028/158] e1000e: start network tx queue only when link is up Sasha Levin
2019-07-15 14:16 ` [PATCH AUTOSEL 4.19 032/158] net: phy: Check against net_device being NULL Sasha Levin
2019-07-15 14:16 ` [PATCH AUTOSEL 4.19 036/158] batman-adv: Fix duplicated OGMs on NETDEV_UP Sasha Levin
2019-07-15 14:16 ` [PATCH AUTOSEL 4.19 039/158] net: hns3: set ops to null when unregister ad_dev Sasha Levin
2019-07-15 14:16 ` [PATCH AUTOSEL 4.19 043/158] net: stmmac: dwmac4: fix flow control issue Sasha Levin
2019-07-15 14:16 ` [PATCH AUTOSEL 4.19 044/158] net: stmmac: modify default value of tx-frames Sasha Levin
2019-07-15 14:16 ` [PATCH AUTOSEL 4.19 046/158] net: fec: Do not use netdev messages too early Sasha Levin
2019-07-15 14:16 ` [PATCH AUTOSEL 4.19 047/158] net: axienet: Fix race condition causing TX hang Sasha Levin
2019-07-15 14:16 ` [PATCH AUTOSEL 4.19 050/158] net: sfp: add mutex to prevent concurrent state checks Sasha Levin
2019-07-15 14:16 ` [PATCH AUTOSEL 4.19 051/158] ipset: Fix memory accounting for hash types on resize Sasha Levin
2019-07-15 14:16 ` [PATCH AUTOSEL 4.19 062/158] bpf: silence warning messages in core Sasha Levin
2019-07-15 14:16 ` [PATCH AUTOSEL 4.19 069/158] qed: iWARP - Fix tc for MPA ll2 connection Sasha Levin
2019-07-15 14:16 ` [PATCH AUTOSEL 4.19 070/158] net: hns3: fix for skb leak when doing selftest Sasha Levin
2019-07-15 14:16 ` [PATCH AUTOSEL 4.19 073/158] xfrm: fix sa selector validation Sasha Levin
2019-07-15 14:16 ` [PATCH AUTOSEL 4.19 079/158] vhost_net: disable zerocopy by default Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 090/158] ipsec: select crypto ciphers for xfrm_algo Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 091/158] ipvs: defer hook registration to avoid leaks Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 102/158] net: stmmac: sun8i: force select external PHY when no internal one Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 103/158] rtlwifi: rtl8192cu: fix error handle when usb probe failed Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 104/158] mt7601u: do not schedule rx_tasklet when the device has been disconnected Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 106/158] mt7601u: fix possible memory leak when the device is disconnected Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 107/158] ipvs: fix tinfo memory leak in start_sync_thread Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 108/158] ath10k: add missing error handling Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 109/158] ath10k: fix PCIE device wake up failed Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 114/158] xsk: Properly terminate assignment in xskq_produce_flush_desc Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 117/158] ixgbe: Check DDM existence in transceiver before access Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 121/158] wil6210: drop old event after wmi_call timeout Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 129/158] net: hns3: fix a -Wformat-nonliteral compile warning Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 130/158] net: hns3: add some error checking in hclge_tm module Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 131/158] ath10k: destroy sdio workqueue while remove sdio module Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 132/158] net: mvpp2: prs: Don't override the sign bit in SRAM parser shift Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 133/158] igb: clear out skb->tstamp after reading the txtime Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 134/158] iwlwifi: mvm: Drop large non sta frames Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 135/158] bpf: fix uapi bpf_prog_info fields alignment Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 138/158] bnx2x: Prevent ptp_task to be rescheduled indefinitely Sasha Levin
2019-07-15 14:17 ` Sasha Levin [this message]
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 141/158] bpf, libbpf, smatch: Fix potential NULL pointer dereference Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 142/158] selftests: bpf: fix inlines in test_lwt_seg6local Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 143/158] bonding: validate ip header before check IPPROTO_IGMP Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 145/158] tools: bpftool: Fix json dump crash on powerpc Sasha Levin
2019-07-15 14:18 ` [PATCH AUTOSEL 4.19 149/158] Bluetooth: 6lowpan: search for destination address in all peers Sasha Levin
2019-07-15 14:18 ` [PATCH AUTOSEL 4.19 151/158] Bluetooth: Check state in l2cap_disconnect_rsp Sasha Levin
2019-07-15 14:18 ` [PATCH AUTOSEL 4.19 152/158] gtp: add missing gtp_encap_disable_sock() in gtp_encap_enable() Sasha Levin
2019-07-15 14:18 ` [PATCH AUTOSEL 4.19 153/158] Bluetooth: validate BLE connection interval updates Sasha Levin
2019-07-15 14:18 ` [PATCH AUTOSEL 4.19 154/158] gtp: fix suspicious RCU usage Sasha Levin
2019-07-15 14:18 ` [PATCH AUTOSEL 4.19 155/158] gtp: fix Illegal context switch in RCU read-side critical section Sasha Levin
2019-07-15 14:18 ` [PATCH AUTOSEL 4.19 156/158] gtp: fix use-after-free in gtp_encap_destroy() Sasha Levin
2019-07-15 14:18 ` [PATCH AUTOSEL 4.19 157/158] gtp: fix use-after-free in gtp_newlink() Sasha Levin
2019-07-15 14:18 ` [PATCH AUTOSEL 4.19 158/158] net: mvmdio: defer probe of orion-mdio if a clock is not ready Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190715141809.8445-139-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=clang-built-linux@googlegroups.com \
--cc=davem@davemloft.net \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=syzbot+8a3fc6674bbc3978ed4e@syzkaller.appspotmail.com \
--cc=tranmanphong@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).