Received: by 2002:a25:d7c1:0:0:0:0:0 with SMTP id o184csp1742142ybg;
        Sat, 19 Oct 2019 01:31:29 -0700 (PDT)
X-Google-Smtp-Source: APXvYqznK57OhR/1hpRppPO3SY9oonP10rwafNWv/PVGOxafYwaUPTV04C69RASquegWX5axoro7
X-Received: by 2002:a50:ace1:: with SMTP id x88mr14184888edc.132.1571473889598;
        Sat, 19 Oct 2019 01:31:29 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1571473889; cv=none;
        d=google.com; s=arc-20160816;
        b=JSygD5pq6ZxE+1Hz2c/kasTRZMxS73R7wu3R62ks2J3+IKOVlTAx5DvWQSl9o1EZda
         O6oFddnb60TlrHhhZJoTwThfnTdXKeGyjQAqM4w8nUe3Ou9cFR9TDpqRFeTEllupADQ5
         vZeK7ZDQQgWgWWo7vF9pD+C/VYNQJaQQegr2CFkbJkyeKl0VkJYgM+DLBz6vwfWPiic6
         89Q79Y108pnEBguzbiy+hQtz/rTJei5W9ycKgj8Hcnj3bt/3DhlTQ7D6L1ie7CtqRc8I
         EAQIC/ERMbZkI3kvU4Lk/P2xKWnEGCLHLw9DrKoP/gUToFa2rR5OPudMSITyYVQuFuzu
         LibQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject
         :message-id:date:from:in-reply-to:references:mime-version
         :dkim-signature;
        bh=qRJSjSfwWk65VGJdf4XvN9SqgEtDgNCxKyoZRmSRziU=;
        b=NkoJqqtdtJ/esMBdhkFx4M2tMeg9+izeuYG3KM34Ckg0ddMVej7GY0l6VAX/qI3hTT
         u+IwZ89SVZl8Orr1V+5/4qVD/yh++k4TlAnoL4yNEOkv3J23u9tB6Pfdp7HQ0+VfgRPD
         scoiECkQaKjaqJBfSab4UwziUr4pWa71U5nOes3XRHI5oDiVL58C+qIxVkBYoHDaoLBo
         2m8s8qG+x4eOWc3NaNsYhuK8LnZmRi8BX8Iu99abAYugTKB/ply1RkIEXMMUZurQ1ggq
         e5LAeW+IQBHdLa3aWi87B85eh3rrguTLd0cgX8e/RuE9GEAmRKvp72VJYvZ2XvOMHqPv
         syfQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b="Dran/X3V";
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id d34si215048eda.268.2019.10.19.01.31.06;
        Sat, 19 Oct 2019 01:31:29 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b="Dran/X3V";
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2442698AbfJROeR (ORCPT <rfc822;qidong1992@gmail.com>
        + 99 others); Fri, 18 Oct 2019 10:34:17 -0400
Received: from mail-wm1-f65.google.com ([209.85.128.65]:51540 "EHLO
        mail-wm1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S2408662AbfJROeQ (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 18 Oct 2019 10:34:16 -0400
Received: by mail-wm1-f65.google.com with SMTP id 7so6461269wme.1
        for <linux-kernel@vger.kernel.org>; Fri, 18 Oct 2019 07:34:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc:content-transfer-encoding;
        bh=qRJSjSfwWk65VGJdf4XvN9SqgEtDgNCxKyoZRmSRziU=;
        b=Dran/X3VvHsOsLxMHx2mR4Tbc2E0CsYuXkAVyxt+rQg1nOiiruEmPu6Rq/0c282a+F
         ggJOtx621SXz4bS1W6J3oTzOrrCZthi6et66yFpQYwUW2P9id96GcGZMCfdcXwbLX5es
         ve8HtlmX+75D9UfDTi1k9mYUAFEwXCjB8Q5j2H7CuqjYuTNuHkEXO7gqEN/vVEffGumb
         bPwC0XzbDLfAfKN1WTlLIxCzJsSCIt2y6MkGh031HvQEv9/LlHfkESbTMlJ0AYSuR5mG
         oeShHCaasoNi9k/zgpcPJBvcsuumloyWQqdDVf6fcgvcjI+LILE1fhCeVpnrMRN7cTPP
         XEpg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc:content-transfer-encoding;
        bh=qRJSjSfwWk65VGJdf4XvN9SqgEtDgNCxKyoZRmSRziU=;
        b=LwpkW9+L8kO5C0NtLtWUYQrhL5H1uiy0cu+a3I105xOTugbeq5VOd5dfEh47FhnfkE
         duaX6qsqM7zdktKsXothsRUnRxPXPWIuUI/ONDtjPGdDje1PEPa+wSPX6zLyDHZlLl8c
         8IhM5gUbO9Rm3IVXghCMXxA2COhcDjL1L3v/Bnxl2VaYvv6yhEnGZnywvSYFbckWKytX
         yHopAFBb4XWEVe23mQZlwDel26eLbcOJwDTUugJv7u3R8vy61b81BtOULhpn7No8uL1e
         xxssL1znk35SBJxCvFXTVG55eWcofc8PNBfaihoRX2mCXY9HR9mA6DoSGHvA/nYWvFRO
         SFxQ==
X-Gm-Message-State: APjAAAU9c8JpoZMCZjYw+mfGF7p8uMQiZtixixquQJwOcKbzG7/LRqiS
        DzbsUYAyu0ye6TLZ41hyhDjP2KsCXnMFECM2yIIUKA==
X-Received: by 2002:a05:600c:2196:: with SMTP id e22mr2108693wme.79.1571409254188;
 Fri, 18 Oct 2019 07:34:14 -0700 (PDT)
MIME-Version: 1.0
References: <0000000000006120c905952febbd@google.com> <5289022.tfFiBPLraV@bentobox>
In-Reply-To: <5289022.tfFiBPLraV@bentobox>
From:   Alexander Potapenko <glider@google.com>
Date:   Fri, 18 Oct 2019 16:34:02 +0200
Message-ID: <CAG_fn=VFnPmhupvPLZMZWJP6U_-w=fxoZd+R668rzBeCGh+S3A@mail.gmail.com>
Subject: Re: KMSAN: uninit-value in batadv_hard_if_event
To:     Sven Eckelmann <sven@narfation.org>
Cc:     syzbot <syzbot+0183453ce4de8bdf9214@syzkaller.appspotmail.com>,
        a@unstable.cc, b.a.t.m.a.n@lists.open-mesh.org,
        David Miller <davem@davemloft.net>,
        LKML <linux-kernel@vger.kernel.org>, mareklindner@neomailbox.ch,
        Networking <netdev@vger.kernel.org>, sw@simonwunderlich.de,
        syzkaller-bugs <syzkaller-bugs@googlegroups.com>,
        Petko Manolov <petkan@nucleusys.com>,
        USB list <linux-usb@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, Oct 18, 2019 at 4:32 PM Sven Eckelmann <sven@narfation.org> wrote:
>
> Hi,
>
> not sure whether this is now a bug in batman-adv or in the rtl8150 driver=
. See
> my comments inline.
>
> On Friday, 18 October 2019 16:12:08 CEST syzbot wrote:
> [...]
> > usb 1-1: config 0 has no interface number 0
> > usb 1-1: New USB device found, idVendor=3D0411, idProduct=3D0012,
> > bcdDevice=3D56.5f
> > usb 1-1: New USB device strings: Mfr=3D0, Product=3D0, SerialNumber=3D0
> > usb 1-1: config 0 descriptor??
> > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D
> > BUG: KMSAN: uninit-value in batadv_check_known_mac_addr
> > net/batman-adv/hard-interface.c:511 [inline]
> > BUG: KMSAN: uninit-value in batadv_hardif_add_interface
> > net/batman-adv/hard-interface.c:942 [inline]
> > BUG: KMSAN: uninit-value in batadv_hard_if_event+0x23c0/0x3260
> > net/batman-adv/hard-interface.c:1032
> > CPU: 0 PID: 13223 Comm: kworker/0:3 Not tainted 5.4.0-rc3+ #0
> > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> > Google 01/01/2011
> > Workqueue: usb_hub_wq hub_event
> > Call Trace:
> >   __dump_stack lib/dump_stack.c:77 [inline]
> >   dump_stack+0x191/0x1f0 lib/dump_stack.c:113
> >   kmsan_report+0x14a/0x2f0 mm/kmsan/kmsan_report.c:109
> >   __msan_warning+0x73/0xf0 mm/kmsan/kmsan_instr.c:245
> >   batadv_check_known_mac_addr net/batman-adv/hard-interface.c:511 [inli=
ne]
> >   batadv_hardif_add_interface net/batman-adv/hard-interface.c:942 [inli=
ne]
> >   batadv_hard_if_event+0x23c0/0x3260 net/batman-adv/hard-interface.c:10=
32
> >   notifier_call_chain kernel/notifier.c:95 [inline]
> [...]
>
> The line in batman-adv is (batadv_check_known_mac_addr):
>
>                 if (!batadv_compare_eth(hard_iface->net_dev->dev_addr,
>                                         net_dev->dev_addr))
>
> So it goes through the list of ethernet interfaces (which are currently
> attached to a batadv interface) and compares it with the new device's MAC
> address. And it seems like the new device doesn't have the mac address pa=
rt
> initialized yet.
>
> Is this allowed in NETDEV_REGISTER/NETDEV_POST_TYPE_CHANGE?
>
> > Uninit was stored to memory at:
> >   kmsan_save_stack_with_flags mm/kmsan/kmsan.c:150 [inline]
> >   kmsan_internal_chain_origin+0xbd/0x170 mm/kmsan/kmsan.c:317
> >   kmsan_memcpy_memmove_metadata+0x25c/0x2e0 mm/kmsan/kmsan.c:253
> >   kmsan_memcpy_metadata+0xb/0x10 mm/kmsan/kmsan.c:273
> >   __msan_memcpy+0x56/0x70 mm/kmsan/kmsan_instr.c:129
> >   set_ethernet_addr drivers/net/usb/rtl8150.c:282 [inline]
> >   rtl8150_probe+0x1143/0x14a0 drivers/net/usb/rtl8150.c:912
>
> This looks like it should store the mac address at this point.
>
>     static inline void set_ethernet_addr(rtl8150_t * dev)
>     {
>         u8 node_id[6];
>
>         get_registers(dev, IDR, sizeof(node_id), node_id);
>         memcpy(dev->netdev->dev_addr, node_id, sizeof(node_id));
>     }
>
> But it seems more like get_registers failed and the uninitialized was sti=
ll
> copied to the mac address. Thus causing the KMSAN error in batman-adv.
Yes, most of such reports is usually because functions like
get_registers() fail or read 0 bytes.

> Is this interpretation of the KMSAN output correct or do I miss something=
?
>
> Kind regards,
>         Sven



--=20
Alexander Potapenko
Software Engineer

Google Germany GmbH
Erika-Mann-Stra=C3=9Fe, 33
80636 M=C3=BCnchen

Gesch=C3=A4ftsf=C3=BChrer: Paul Manicle, Halimah DeLaine Prado
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg