On Mon, Oct 28, 2019 at 02:55:52PM +0100, Takashi Iwai wrote:
On Mon, 28 Oct 2019 14:30:50 +0100, Greg KH wrote:
On Mon, Oct 28, 2019 at 02:13:20PM +0100, Takashi Iwai wrote:
On Mon, 28 Oct 2019 11:32:07 +0100, syzbot wrote:
Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:151 [inline] kmsan_internal_chain_origin+0xbd/0x180 mm/kmsan/kmsan.c:319 __msan_chain_origin+0x6b/0xd0 mm/kmsan/kmsan_instr.c:179 parse_term_proc_unit+0x73d/0x7e0 sound/usb/mixer.c:896 __check_input_term+0x13ef/0x2360 sound/usb/mixer.c:989
So this comes from the invalid descriptor for a processing unit, and it's very likely the same issue as already spotted -- the validator up to 5.3-rc4 had a bug that passed the invalid descriptor falsely. This should have been covered by 5.3-rc5, commit ba8bf0967a15 ("ALSA: usb-audio: Fix copy&paste error in the validator").
SHould we be backporting the validator to any older kernels as well?
Yes, that would be nice. I didn't mark them for stable just because they are a bit largish and wanted to let them tested for 5.4 for a while.
The following commits are relevant (from top/old to bottom/new).
57f8770620e9b51c61089751f0b5ad3dbe376ff2 ALSA: usb-audio: More validations of descriptor units 68e9fde245591d18200f8a9054cac22339437adb ALSA: usb-audio: Simplify parse_audio_unit() 52c3e317a857091fd746e15179a637f32be4d337 ALSA: usb-audio: Unify the release of usb_mixer_elem_info objects b8e4f1fdfa422398c2d6c47bfb7d1feb3046d70a ALSA: usb-audio: Remove superfluous bLength checks e0ccdef92653f8867e2d1667facfd3c23699f540 ALSA: usb-audio: Clean up check_input_term() 60849562a5db4a1eee2160167e4dce4590d3eafe ALSA: usb-audio: Fix possible NULL dereference at create_yamaha_midi_quirk() b39e077fcb283dd96dd251a3abeba585402c61fe ALSA: usb-audio: remove some dead code ba8bf0967a154796be15c4983603aad0b05c3138 ALSA: usb-audio: Fix copy&paste error in the validator
Thanks, I've queued this series up for 5.3.y and 4.19.y
greg k-h