lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <690ba9d7.050a0220.baf87.0063.GAE@google.com>
Date: Wed, 05 Nov 2025 11:47:35 -0800
From: syzbot <syzbot@...kaller.appspotmail.com>
To: dharanitharan725@...il.com
Cc: davem@...emloft.net, dharanitharan725@...il.com, edumazet@...gle.com, 
	gregkh@...uxfoundation.org, kuba@...nel.org, linux-usb@...r.kernel.org, 
	netdev@...r.kernel.org, pabeni@...hat.com
Subject: Re: [PATCH v2] usb: rtl8150: Initialize buffers to fix KMSAN
 uninit-value in rtl8150_open

> KMSAN reported an uninitialized value use in rtl8150_open().
> Initialize rx_skb->data and intr_buff before submitting URBs to
> ensure memory is in a defined state.
>
> Changes in v2:
>  - Fixed whitespace and indentation (checkpatch clean)
>  - Corrected syzbot tag
>
> Reported-by: syzbot+b4d5d8faea6996fd@...kaller.appspotmail.com
> Signed-off-by: Dharanitharan R <dharanitharan725@...il.com>
> ---
>  drivers/net/usb/rtl8150.c | 34 +++++++++++++++-------------------
>  1 file changed, 15 insertions(+), 19 deletions(-)
>
> diff --git a/drivers/net/usb/rtl8150.c b/drivers/net/usb/rtl8150.c
> index f1a868f0032e..a7116d03c3d3 100644
> --- a/drivers/net/usb/rtl8150.c
> +++ b/drivers/net/usb/rtl8150.c
> @@ -735,33 +735,30 @@ static int rtl8150_open(struct net_device *netdev)
>  	rtl8150_t *dev = netdev_priv(netdev);
>  	int res;
>  
> -	if (dev->rx_skb == NULL)
> -		dev->rx_skb = pull_skb(dev);
> -	if (!dev->rx_skb)
> -		return -ENOMEM;
> -
>  	set_registers(dev, IDR, 6, netdev->dev_addr);
>  
>  	/* Fix: initialize memory before using it (KMSAN uninit-value) */
>  	memset(dev->rx_skb->data, 0, RTL8150_MTU);
>  	memset(dev->intr_buff, 0, INTBUFSIZE);
>  
> -	usb_fill_bulk_urb(dev->rx_urb, dev->udev, usb_rcvbulkpipe(dev->udev, 1),
> -		      dev->rx_skb->data, RTL8150_MTU, read_bulk_callback, dev);
> -	if ((res = usb_submit_urb(dev->rx_urb, GFP_KERNEL))) {
> -		if (res == -ENODEV)
> -			netif_device_detach(dev->netdev);
> +	usb_fill_bulk_urb(dev->rx_urb, dev->udev,
> +			  usb_rcvbulkpipe(dev->udev, 1),
> +			  dev->rx_skb->data, RTL8150_MTU,
> +			  read_bulk_callback, dev);
> +
> +	res = usb_submit_urb(dev->rx_urb, GFP_KERNEL);
> +	if (res) {
>  		dev_warn(&netdev->dev, "rx_urb submit failed: %d\n", res);
>  		return res;
>  	}
>  
> -	usb_fill_int_urb(dev->intr_urb, dev->udev, usb_rcvintpipe(dev->udev, 3),
> -		     dev->intr_buff, INTBUFSIZE, intr_callback,
> -		     dev, dev->intr_interval);
> -	if ((res = usb_submit_urb(dev->intr_urb, GFP_KERNEL))) {
> -		if (res == -ENODEV)
> -			netif_device_detach(dev->netdev);
> -		dev_warn(&netdev->dev, "intr_urb submit failed: %d\n", res);
> +	usb_fill_int_urb(dev->intr_urb, dev->udev,
> +			 usb_rcvintpipe(dev->udev, 3),
> +			 dev->intr_buff, INTBUFSIZE,
> +			 intr_callback, dev, dev->intr_interval);
> +
> +	res = usb_submit_urb(dev->intr_urb, GFP_KERNEL);
> +	if (res) {
>  		usb_kill_urb(dev->rx_urb);
>  		return res;
>  	}
> @@ -769,8 +766,7 @@ static int rtl8150_open(struct net_device *netdev)
>  	enable_net_traffic(dev);
>  	set_carrier(netdev);
>  	netif_start_queue(netdev);
> -
> -	return res;
> +	return 0;
>  }
>  
>  static int rtl8150_close(struct net_device *netdev)
> -- 
> 2.43.0
>

I see the command but can't find the corresponding bug.
The email is sent to  syzbot+HASH@...kaller.appspotmail.com address
but the HASH does not correspond to any known bug.
Please double check the address.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ