On 1/5/22 21:28, syzbot wrote:
Hello,
syzbot found the following issue on:
HEAD commit: 81c325bbf94e kmsan: hooks: do not check memory in kmsan_in..
git tree: https://github.com/google/kmsan.git master
console output: https://syzkaller.appspot.com/x/log.txt?x=14a07163b00000
kernel config: https://syzkaller.appspot.com/x/.config?x=2d8b9a11641dc9aa
dashboard link: https://syzkaller.appspot.com/bug?extid=003c0a286b9af5412510
compiler: clang version 14.0.0 (/usr/local/google/src/llvm-git-monorepo 2b554920f11c8b763cd9ed9003f4e19b919b8e1f), GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=100165dbb00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10c97e77b00000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+003c0a286b9af5412510@xxxxxxxxxxxxxxxxxxxxxxxxx
Heh, I think, more reports like this will appear soon. Syzbot learned
how to tweak usb read functions return values, I guess?
#syz test: https://github.com/google/kmsan.git master
With regards,
Pavel Skripkin
diff --git a/drivers/net/usb/mcs7830.c b/drivers/net/usb/mcs7830.c
index 326cc4e749d8..0daae7f16da9 100644
--- a/drivers/net/usb/mcs7830.c
+++ b/drivers/net/usb/mcs7830.c
@@ -108,8 +108,16 @@ static const char driver_name[] = "MOSCHIP usb-ethernet driver";
static int mcs7830_get_reg(struct usbnet *dev, u16 index, u16 size, void *data)
{
- return usbnet_read_cmd(dev, MCS7830_RD_BREQ, MCS7830_RD_BMREQ,
- 0x0000, index, data, size);
+ int ret;
+
+ ret = usbnet_read_cmd(dev, MCS7830_RD_BREQ, MCS7830_RD_BMREQ,
+ 0x0000, index, data, size);
+ if (ret < 0)
+ return ret;
+ else if (ret < size)
+ return -ENODATA;
+
+ return 0;
}
static int mcs7830_set_reg(struct usbnet *dev, u16 index, u16 size, const void *data)
