syzbot


KMSAN: uninit-value in ieee80211_sta_tx_notify (2)

Status: fixed on 2022/03/08 16:11
Subsystems: wireless
[Documentation on labels]
Reported-by: syzbot+614e82b88a1a4973e534@syzkaller.appspotmail.com
Fix commit: d5e568c3a4ec mac80211: track only QoS data frames for admission control
First crash: 1054d, last: 960d
Discussions (6)
Title Replies (including bot) Last reply
[PATCH 4.19 00/56] 4.19.222-rc1 review 66 (66) 2021/12/22 07:54
[PATCH 5.15 000/177] 5.15.11-rc1 review 183 (183) 2021/12/21 23:14
[PATCH 5.10 00/99] 5.10.88-rc1 review 106 (106) 2021/12/21 23:13
[PATCH 5.4 00/71] 5.4.168-rc1 review 78 (78) 2021/12/21 23:13
[PATCH] mac80211: track only QoS data frames for admission control 1 (2) 2021/11/22 11:47
[syzbot] KMSAN: uninit-value in ieee80211_sta_tx_notify (2) 0 (1) 2021/11/20 12:17
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in ieee80211_sta_tx_notify wireless 648 1185d 1458d 0/28 auto-closed as invalid on 2021/10/06 05:32

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in ieee80211_ac_from_tid net/mac80211/ieee80211_i.h:2217 [inline]
BUG: KMSAN: uninit-value in ieee80211_sta_tx_wmm_ac_notify net/mac80211/mlme.c:2456 [inline]
BUG: KMSAN: uninit-value in ieee80211_sta_tx_notify+0x3b8/0x950 net/mac80211/mlme.c:2488
 ieee80211_ac_from_tid net/mac80211/ieee80211_i.h:2217 [inline]
 ieee80211_sta_tx_wmm_ac_notify net/mac80211/mlme.c:2456 [inline]
 ieee80211_sta_tx_notify+0x3b8/0x950 net/mac80211/mlme.c:2488
 ieee80211_tx_status_ext+0x1234/0x5610 net/mac80211/status.c:1147
 ieee80211_tx_status+0x228/0x270 net/mac80211/status.c:1090
 ieee80211_tasklet_handler+0x2fe/0x370 net/mac80211/main.c:239
 tasklet_action_common+0x515/0x850 kernel/softirq.c:784
 tasklet_action+0x70/0x80 kernel/softirq.c:805
 __do_softirq+0x1ee/0x7c5 kernel/softirq.c:558
 do_softirq+0x16d/0x220 kernel/softirq.c:459
 __local_bh_enable_ip+0xd5/0xe0 kernel/softirq.c:383
 local_bh_enable+0x36/0x40 include/linux/bottom_half.h:33
 __ieee80211_tx_skb_tid_band+0x29c/0x3a0 net/mac80211/tx.c:5702
 ieee80211_tx_skb_tid net/mac80211/ieee80211_i.h:2186 [inline]
 ieee80211_tx_skb net/mac80211/ieee80211_i.h:2195 [inline]
 ieee80211_send_nullfunc+0x525/0x620 net/mac80211/mlme.c:1095
 ieee80211_mgd_probe_ap_send+0x6f1/0xa40 net/mac80211/mlme.c:2550
 ieee80211_mgd_probe_ap+0x572/0x610 net/mac80211/mlme.c:2633
 ieee80211_beacon_connection_loss_work+0x1b0/0x440 net/mac80211/mlme.c:2767
 process_one_work+0xdb9/0x1820 kernel/workqueue.c:2298
 worker_thread+0x10bc/0x21f0 kernel/workqueue.c:2445
 kthread+0x721/0x850 kernel/kthread.c:327
 ret_from_fork+0x1f/0x30

Uninit was created at:
 slab_post_alloc_hook mm/slab.h:524 [inline]
 slab_alloc_node mm/slub.c:3251 [inline]
 __kmalloc_node_track_caller+0xe0c/0x1510 mm/slub.c:4974
 kmalloc_reserve net/core/skbuff.c:354 [inline]
 __alloc_skb+0x545/0xf90 net/core/skbuff.c:426
 __netdev_alloc_skb+0x4b9/0x8c0 net/core/skbuff.c:494
 netdev_alloc_skb include/linux/skbuff.h:2914 [inline]
 dev_alloc_skb include/linux/skbuff.h:2927 [inline]
 ieee80211_nullfunc_get+0x2b6/0x820 net/mac80211/tx.c:5416
 ieee80211_send_nullfunc+0x124/0x620 net/mac80211/mlme.c:1077
 ieee80211_mgd_probe_ap_send+0x6f1/0xa40 net/mac80211/mlme.c:2550
 ieee80211_mgd_probe_ap+0x572/0x610 net/mac80211/mlme.c:2633
 ieee80211_beacon_connection_loss_work+0x1b0/0x440 net/mac80211/mlme.c:2767
 process_one_work+0xdb9/0x1820 kernel/workqueue.c:2298
 worker_thread+0x10bc/0x21f0 kernel/workqueue.c:2445
 kthread+0x721/0x850 kernel/kthread.c:327
 ret_from_fork+0x1f/0x30

CPU: 0 PID: 52 Comm: kworker/u4:3 Not tainted 5.16.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: phy14 ieee80211_beacon_connection_loss_work
=====================================================

Crashes (283):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/02/18 11:36 https://github.com/google/kmsan.git master 85cfd6e539bd 3cd800e4 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in ieee80211_sta_tx_notify
2022/02/18 07:28 https://github.com/google/kmsan.git master 85cfd6e539bd 3cd800e4 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in ieee80211_sta_tx_notify
2022/02/17 23:25 https://github.com/google/kmsan.git master 85cfd6e539bd 3cd800e4 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in ieee80211_sta_tx_notify
2022/02/17 14:19 https://github.com/google/kmsan.git master 85cfd6e539bd 3cd800e4 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in ieee80211_sta_tx_notify
2022/02/16 23:57 https://github.com/google/kmsan.git master 85cfd6e539bd 2bea8a27 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in ieee80211_sta_tx_notify
2022/02/15 04:25 https://github.com/google/kmsan.git master 85cfd6e539bd 8b9ca619 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in ieee80211_sta_tx_notify
2022/02/12 11:47 https://github.com/google/kmsan.git master 85cfd6e539bd 8b9ca619 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in ieee80211_sta_tx_notify
2022/02/11 18:23 https://github.com/google/kmsan.git master 85cfd6e539bd 8b9ca619 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in ieee80211_sta_tx_notify
2022/02/07 18:28 https://github.com/google/kmsan.git master 85cfd6e539bd a7dab638 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in ieee80211_sta_tx_notify
2022/02/06 01:54 https://github.com/google/kmsan.git master 85cfd6e539bd a7dab638 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in ieee80211_sta_tx_notify
2022/02/05 16:32 https://github.com/google/kmsan.git master 85cfd6e539bd a7dab638 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in ieee80211_sta_tx_notify
2022/02/05 09:26 https://github.com/google/kmsan.git master 85cfd6e539bd a7dab638 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in ieee80211_sta_tx_notify
2022/02/04 18:34 https://github.com/google/kmsan.git master 85cfd6e539bd e13a05ed .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in ieee80211_sta_tx_notify
2022/02/04 09:44 https://github.com/google/kmsan.git master 85cfd6e539bd a3e470b2 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in ieee80211_sta_tx_notify
2022/02/03 21:39 https://github.com/google/kmsan.git master 85cfd6e539bd 30646bfe .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in ieee80211_sta_tx_notify
2022/02/03 19:23 https://github.com/google/kmsan.git master 85cfd6e539bd 4ebb2798 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in ieee80211_sta_tx_notify
2022/01/31 19:51 https://github.com/google/kmsan.git master 85cfd6e539bd 6b7c57fe .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in ieee80211_sta_tx_notify
2022/01/30 11:55 https://github.com/google/kmsan.git master 85cfd6e539bd 495e00c5 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in ieee80211_sta_tx_notify
2022/01/28 04:46 https://github.com/google/kmsan.git master 85cfd6e539bd 495e00c5 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in ieee80211_sta_tx_notify
2022/01/26 06:49 https://github.com/google/kmsan.git master 85cfd6e539bd 2cbffd88 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in ieee80211_sta_tx_notify
2022/01/21 15:48 https://github.com/google/kmsan.git master 85cfd6e539bd 214351e1 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in ieee80211_sta_tx_notify
2022/01/21 03:43 https://github.com/google/kmsan.git master 85cfd6e539bd ab3d9f17 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in ieee80211_sta_tx_notify
2022/01/21 02:36 https://github.com/google/kmsan.git master 85cfd6e539bd ab3d9f17 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in ieee80211_sta_tx_notify
2022/01/20 15:59 https://github.com/google/kmsan.git master 85cfd6e539bd b838eb76 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in ieee80211_sta_tx_notify
2021/11/20 10:23 https://github.com/google/kmsan.git master 412af9cd936d 3a9d0024 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in ieee80211_sta_tx_notify
2021/11/16 11:43 https://github.com/google/kmsan.git master 386004877847 600426bd .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in ieee80211_sta_tx_notify
2022/02/17 17:43 https://github.com/google/kmsan.git master 85cfd6e539bd 3cd800e4 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ieee80211_sta_tx_notify
2022/02/17 15:55 https://github.com/google/kmsan.git master 85cfd6e539bd 3cd800e4 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ieee80211_sta_tx_notify
2022/02/17 00:59 https://github.com/google/kmsan.git master 85cfd6e539bd 2bea8a27 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ieee80211_sta_tx_notify
2022/02/11 21:13 https://github.com/google/kmsan.git master 85cfd6e539bd 8b9ca619 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ieee80211_sta_tx_notify
2022/02/11 19:34 https://github.com/google/kmsan.git master 85cfd6e539bd 8b9ca619 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ieee80211_sta_tx_notify
2022/02/08 18:04 https://github.com/google/kmsan.git master 85cfd6e539bd 0b33604d .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ieee80211_sta_tx_notify
2022/02/08 15:27 https://github.com/google/kmsan.git master 85cfd6e539bd 0b33604d .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ieee80211_sta_tx_notify
2022/02/05 11:57 https://github.com/google/kmsan.git master 85cfd6e539bd a7dab638 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ieee80211_sta_tx_notify
2022/02/05 10:57 https://github.com/google/kmsan.git master 85cfd6e539bd a7dab638 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ieee80211_sta_tx_notify
2022/02/05 08:19 https://github.com/google/kmsan.git master 85cfd6e539bd a7dab638 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ieee80211_sta_tx_notify
2022/02/04 13:58 https://github.com/google/kmsan.git master 85cfd6e539bd a3e470b2 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ieee80211_sta_tx_notify
2022/02/04 12:21 https://github.com/google/kmsan.git master 85cfd6e539bd a3e470b2 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ieee80211_sta_tx_notify
2022/02/01 23:09 https://github.com/google/kmsan.git master 85cfd6e539bd 4ebb2798 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ieee80211_sta_tx_notify
2022/02/01 14:42 https://github.com/google/kmsan.git master 85cfd6e539bd c1c1631d .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ieee80211_sta_tx_notify
2022/01/31 11:58 https://github.com/google/kmsan.git master 85cfd6e539bd 6b7c57fe .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ieee80211_sta_tx_notify
2022/01/31 09:47 https://github.com/google/kmsan.git master 85cfd6e539bd 6b7c57fe .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ieee80211_sta_tx_notify
2022/01/27 21:46 https://github.com/google/kmsan.git master 85cfd6e539bd 64a8e201 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ieee80211_sta_tx_notify
2022/01/27 18:10 https://github.com/google/kmsan.git master 85cfd6e539bd 64a8e201 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ieee80211_sta_tx_notify
2022/01/24 21:37 https://github.com/google/kmsan.git master 85cfd6e539bd 2cbffd88 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ieee80211_sta_tx_notify
2022/01/21 07:53 https://github.com/google/kmsan.git master 85cfd6e539bd ab3d9f17 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ieee80211_sta_tx_notify
2022/01/20 19:07 https://github.com/google/kmsan.git master 85cfd6e539bd b838eb76 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ieee80211_sta_tx_notify
* Struck through repros no longer work on HEAD.