[syzbot] [net?] [usb?] KMSAN: uninit-value in rtl8150_open
17 views
Skip to first unread message
syzbot
Aug 27, 2025, 7:22:36 PM8/27/25
to andrew...@lunn.ch, da...@davemloft.net, edum...@google.com, ku...@kernel.org, linux-...@vger.kernel.org, linu...@vger.kernel.org, net...@vger.kernel.org, pab...@redhat.com, pet...@nucleusys.com, syzkall...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: fab1beda7597 Merge tag 'devicetree-fixes-for-6.17-1' of gi..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=17a9e462580000
kernel config: https://syzkaller.appspot.com/x/.config?x=6ccfdce02093e91f
dashboard link: https://syzkaller.appspot.com/bug?extid=b4d5d8faea6996fd55e3
compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/db03ab9be061/disk-fab1beda.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/465314c75c15/vmlinux-fab1beda.xz
kernel image: https://storage.googleapis.com/syzbot-assets/02e5480b1de2/bzImage-fab1beda.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b4d5d8...@syzkaller.appspotmail.com
usb 1-1: device reset failed
=====================================================
BUG: KMSAN: uninit-value in set_carrier drivers/net/usb/rtl8150.c:721 [inline]
BUG: KMSAN: uninit-value in rtl8150_open+0x1131/0x1360 drivers/net/usb/rtl8150.c:758
set_carrier drivers/net/usb/rtl8150.c:721 [inline]
rtl8150_open+0x1131/0x1360 drivers/net/usb/rtl8150.c:758
__dev_open+0x7e9/0xc60 net/core/dev.c:1682
__dev_change_flags+0x3a8/0x9f0 net/core/dev.c:9549
netif_change_flags+0x8d/0x1e0 net/core/dev.c:9612
dev_change_flags+0x18c/0x320 net/core/dev_api.c:68
devinet_ioctl+0x1186/0x2500 net/ipv4/devinet.c:1200
inet_ioctl+0x4c0/0x6f0 net/ipv4/af_inet.c:1001
sock_do_ioctl+0x9c/0x480 net/socket.c:1238
sock_ioctl+0x70b/0xd60 net/socket.c:1359
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:598 [inline]
__se_sys_ioctl+0x23c/0x400 fs/ioctl.c:584
__x64_sys_ioctl+0x97/0xe0 fs/ioctl.c:584
x64_sys_call+0x1cbc/0x3e20 arch/x86/include/generated/asm/syscalls_64.h:17
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Local variable tmp created at:
number+0x8a/0x2200 lib/vsprintf.c:469
vsnprintf+0xd21/0x1bd0 lib/vsprintf.c:2890
CPU: 1 UID: 0 PID: 5461 Comm: dhcpcd Not tainted syzkaller #0 PREEMPT(none)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
=====================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: fab1beda7597 Merge tag 'devicetree-fixes-for-6.17-1' of gi..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=17a9e462580000
kernel config: https://syzkaller.appspot.com/x/.config?x=6ccfdce02093e91f
dashboard link: https://syzkaller.appspot.com/bug?extid=b4d5d8faea6996fd55e3
compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/db03ab9be061/disk-fab1beda.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/465314c75c15/vmlinux-fab1beda.xz
kernel image: https://storage.googleapis.com/syzbot-assets/02e5480b1de2/bzImage-fab1beda.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b4d5d8...@syzkaller.appspotmail.com
usb 1-1: device reset failed
=====================================================
BUG: KMSAN: uninit-value in set_carrier drivers/net/usb/rtl8150.c:721 [inline]
BUG: KMSAN: uninit-value in rtl8150_open+0x1131/0x1360 drivers/net/usb/rtl8150.c:758
set_carrier drivers/net/usb/rtl8150.c:721 [inline]
rtl8150_open+0x1131/0x1360 drivers/net/usb/rtl8150.c:758
__dev_open+0x7e9/0xc60 net/core/dev.c:1682
__dev_change_flags+0x3a8/0x9f0 net/core/dev.c:9549
netif_change_flags+0x8d/0x1e0 net/core/dev.c:9612
dev_change_flags+0x18c/0x320 net/core/dev_api.c:68
devinet_ioctl+0x1186/0x2500 net/ipv4/devinet.c:1200
inet_ioctl+0x4c0/0x6f0 net/ipv4/af_inet.c:1001
sock_do_ioctl+0x9c/0x480 net/socket.c:1238
sock_ioctl+0x70b/0xd60 net/socket.c:1359
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:598 [inline]
__se_sys_ioctl+0x23c/0x400 fs/ioctl.c:584
__x64_sys_ioctl+0x97/0xe0 fs/ioctl.c:584
x64_sys_call+0x1cbc/0x3e20 arch/x86/include/generated/asm/syscalls_64.h:17
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Local variable tmp created at:
number+0x8a/0x2200 lib/vsprintf.c:469
vsnprintf+0xd21/0x1bd0 lib/vsprintf.c:2890
CPU: 1 UID: 0 PID: 5461 Comm: dhcpcd Not tainted syzkaller #0 PREEMPT(none)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
=====================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Dec 19, 2025, 4:52:17 AM12/19/25
to syzkall...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages