syzbot

 sign-in | mailing list | source | docs
🐞 Open [1474]
Subsystems
🐞 Fixed [6702]
🐞 Invalid [17191]
Missing Backports [217]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KMSAN: uninit-value in validate_beacon_head

Status: fixed on 2021/11/10 00:50
Subsystems: wireless
[Documentation on labels]
Reported-by: syzbot+72b99dcf4607e8c770f3@syzkaller.appspotmail.com
Fix commit: 9a6847ba1747 nl80211: fix beacon head validation
First crash: 1805d, last: 1574d
Discussions (9)
Title Replies (including bot) Last reply
[PATCH 5.10 000/188] 5.10.30-rc1 review 199 (199) 2021/04/13 10:44
[PATCH 5.11 000/210] 5.11.14-rc1 review 214 (214) 2021/04/13 04:46
[PATCH] nl80211: fix beacon head validation 1 (2) 2021/04/08 14:21
[PATCH v2] wireless/nl80211.c: fix uninitialized variable 2 (2) 2021/03/30 19:26
[PATCH v2] wireless/nl80211.c: fix uninitialized variable 2 (2) 2021/03/30 17:14
Re: [PATCH] wireless/nl80211.c: fix uninitialized variable 1 (1) 2021/03/30 12:48
Re: [PATCH] wireless/nl80211.c: fix uninitialized variable 1 (1) 2021/03/29 18:58
[PATCH] wireless/nl80211.c: fix uninitialized variable 2 (2) 2021/03/29 18:20
KMSAN: uninit-value in validate_beacon_head 0 (2) 2020/12/02 10:05
Last patch testing requests (3)
Created Duration User Patch Repo Result
2021/04/08 13:46 23m johannes@sipsolutions.net patch https://github.com/google/kmsan.git master OK
2021/04/05 16:48 15m alaaemadhossney.ae@gmail.com https://github.com/google/kmsan.git master report log
2021/03/25 21:50 24m alaaemadhossney.ae@gmail.com https://github.com/google/kmsan.git master report log

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in validate_beacon_head+0x4f2/0x5d0 net/wireless/nl80211.c:225
CPU: 0 PID: 8214 Comm: syz-executor516 Not tainted 5.11.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:79 [inline]
 dump_stack+0x21c/0x280 lib/dump_stack.c:120
 kmsan_report+0xfb/0x1e0 mm/kmsan/kmsan_report.c:118
 __msan_warning+0x5f/0xa0 mm/kmsan/kmsan_instr.c:197
 validate_beacon_head+0x4f2/0x5d0 net/wireless/nl80211.c:225
 validate_nla lib/nlattr.c:544 [inline]
 __nla_validate_parse+0x23e3/0x4da0 lib/nlattr.c:588
 __nla_parse+0x141/0x150 lib/nlattr.c:685
 __nlmsg_parse include/net/netlink.h:733 [inline]
 nlmsg_parse_deprecated include/net/netlink.h:772 [inline]
 nl80211_prepare_wdev_dump+0x6fd/0xbb0 net/wireless/nl80211.c:908
 nl80211_dump_station+0x143/0x740 net/wireless/nl80211.c:5888
 netlink_dump+0xb92/0x1650 net/netlink/af_netlink.c:2268
 __netlink_dump_start+0xcfa/0xea0 net/netlink/af_netlink.c:2373
 genl_family_rcv_msg_dumpit net/netlink/genetlink.c:697 [inline]
 genl_family_rcv_msg net/netlink/genetlink.c:780 [inline]
 genl_rcv_msg+0xfed/0x1610 net/netlink/genetlink.c:800
 netlink_rcv_skb+0x6fa/0x810 net/netlink/af_netlink.c:2494
 genl_rcv+0x63/0x80 net/netlink/genetlink.c:811
 netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline]
 netlink_unicast+0x11d6/0x14a0 net/netlink/af_netlink.c:1330
 netlink_sendmsg+0x1740/0x1840 net/netlink/af_netlink.c:1919
 sock_sendmsg_nosec net/socket.c:652 [inline]
 sock_sendmsg net/socket.c:672 [inline]
 ____sys_sendmsg+0xcfc/0x12f0 net/socket.c:2345
 ___sys_sendmsg net/socket.c:2399 [inline]
 __sys_sendmsg+0x714/0x830 net/socket.c:2432
 __do_sys_sendmsg net/socket.c:2441 [inline]
 __se_sys_sendmsg+0x97/0xb0 net/socket.c:2439
 __x64_sys_sendmsg+0x4a/0x70 net/socket.c:2439
 do_syscall_64+0x9f/0x140 arch/x86/entry/common.c:48
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x440679
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffd311890b8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00000000004004a0 RCX: 0000000000440679
RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003
RBP: 0000000000000000 R08: 0000000000000000 R09: 00007ffd31189258
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000403980
R13: 431bde82d7b634db R14: 00000000004ae018 R15: 00000000004004a0

Uninit was created at:
 kmsan_save_stack_with_flags mm/kmsan/kmsan.c:121 [inline]
 kmsan_internal_poison_shadow+0x5c/0xf0 mm/kmsan/kmsan.c:104
 kmsan_slab_alloc+0x8d/0xe0 mm/kmsan/kmsan_hooks.c:76
 slab_alloc_node mm/slub.c:2907 [inline]
 __kmalloc_node_track_caller+0xa37/0x1430 mm/slub.c:4527
 __kmalloc_reserve net/core/skbuff.c:142 [inline]
 __alloc_skb+0x2f8/0xb30 net/core/skbuff.c:210
 alloc_skb include/linux/skbuff.h:1099 [inline]
 netlink_alloc_large_skb net/netlink/af_netlink.c:1176 [inline]
 netlink_sendmsg+0xdbc/0x1840 net/netlink/af_netlink.c:1894
 sock_sendmsg_nosec net/socket.c:652 [inline]
 sock_sendmsg net/socket.c:672 [inline]
 ____sys_sendmsg+0xcfc/0x12f0 net/socket.c:2345
 ___sys_sendmsg net/socket.c:2399 [inline]
 __sys_sendmsg+0x714/0x830 net/socket.c:2432
 __do_sys_sendmsg net/socket.c:2441 [inline]
 __se_sys_sendmsg+0x97/0xb0 net/socket.c:2439
 __x64_sys_sendmsg+0x4a/0x70 net/socket.c:2439
 do_syscall_64+0x9f/0x140 arch/x86/entry/common.c:48
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
=====================================================

Crashes (284):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/02/20 02:58 https://github.com/google/kmsan.git master 29ad81a1074a f689d40a .config console log report syz C ci-upstream-kmsan-gce KMSAN: uninit-value in validate_beacon_head
2020/12/02 10:04 https://github.com/google/kmsan.git master 73d62e81b476 c42a35e9 .config console log report syz C ci-upstream-kmsan-gce
2021/07/13 23:22 https://github.com/google/kmsan.git master 57b5797c8013 fa0594c3 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in validate_beacon_head
2021/07/11 00:59 https://github.com/google/kmsan.git master 57b5797c8013 8f5a7b8c .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in validate_beacon_head
2021/07/09 18:41 https://github.com/google/kmsan.git master 57b5797c8013 281e815f .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in validate_beacon_head
2021/07/04 06:24 https://github.com/google/kmsan.git master 57b5797c8013 55aa55c2 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in validate_beacon_head
2021/07/03 02:13 https://github.com/google/kmsan.git master 57b5797c8013 55aa55c2 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in validate_beacon_head
2021/07/02 20:37 https://github.com/google/kmsan.git master 57b5797c8013 55aa55c2 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in validate_beacon_head
2021/06/26 18:52 https://github.com/google/kmsan.git master 57b5797c8013 9d2ab5df .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in validate_beacon_head
2021/06/16 20:36 https://github.com/google/kmsan.git master 89a0faf20faa c06f97ad .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in validate_beacon_head
2021/06/14 22:57 https://github.com/google/kmsan.git master 6099c9da2f7d 1ba81399 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in validate_beacon_head
2021/06/13 18:46 https://github.com/google/kmsan.git master 6099c9da2f7d 1ba81399 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in validate_beacon_head
2021/06/11 12:06 https://github.com/google/kmsan.git master 6099c9da2f7d 1ba81399 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in validate_beacon_head
2021/06/10 18:33 https://github.com/google/kmsan.git master 6099c9da2f7d 1ba81399 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in validate_beacon_head
2021/06/08 17:46 https://github.com/google/kmsan.git master 6099c9da2f7d b718257f .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in validate_beacon_head
2021/06/07 13:47 https://github.com/google/kmsan.git master 6099c9da2f7d e59537be .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in validate_beacon_head
2021/06/07 12:05 https://github.com/google/kmsan.git master 6099c9da2f7d e59537be .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in validate_beacon_head
2021/06/06 20:03 https://github.com/google/kmsan.git master 6099c9da2f7d 500c2339 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in validate_beacon_head
2021/06/04 15:09 https://github.com/google/kmsan.git master 6099c9da2f7d 966a236b .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in validate_beacon_head
2021/06/04 14:04 https://github.com/google/kmsan.git master 6099c9da2f7d 966a236b .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in validate_beacon_head
2021/06/03 09:18 https://github.com/google/kmsan.git master 6099c9da2f7d 0740de69 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in validate_beacon_head
2021/07/09 00:24 https://github.com/google/kmsan.git master 57b5797c8013 1b20171a .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in validate_beacon_head
2021/07/04 10:48 https://github.com/google/kmsan.git master 57b5797c8013 55aa55c2 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in validate_beacon_head
2021/06/28 16:21 https://github.com/google/kmsan.git master 57b5797c8013 9d2ab5df .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in validate_beacon_head
2021/06/20 23:30 https://github.com/google/kmsan.git master 6a6a67f21dec aba2b2fb .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in validate_beacon_head
2021/06/18 03:17 https://github.com/google/kmsan.git master bfeba8b4c158 aba2b2fb .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in validate_beacon_head
2021/06/17 16:46 https://github.com/google/kmsan.git master 89a0faf20faa aba2b2fb .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in validate_beacon_head
2021/06/16 17:05 https://github.com/google/kmsan.git master 89a0faf20faa c06f97ad .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in validate_beacon_head
2021/06/13 11:37 https://github.com/google/kmsan.git master 6099c9da2f7d 1ba81399 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in validate_beacon_head
2021/06/12 20:45 https://github.com/google/kmsan.git master 6099c9da2f7d 1ba81399 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in validate_beacon_head
2021/06/12 10:08 https://github.com/google/kmsan.git master 6099c9da2f7d 1ba81399 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in validate_beacon_head
2021/06/08 15:17 https://github.com/google/kmsan.git master 6099c9da2f7d b718257f .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in validate_beacon_head
2021/06/07 16:20 https://github.com/google/kmsan.git master 6099c9da2f7d e59537be .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in validate_beacon_head
2021/06/07 04:50 https://github.com/google/kmsan.git master 6099c9da2f7d 500c2339 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in validate_beacon_head
2021/06/06 23:15 https://github.com/google/kmsan.git master 6099c9da2f7d 500c2339 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in validate_beacon_head
2021/06/06 21:16 https://github.com/google/kmsan.git master 6099c9da2f7d 500c2339 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in validate_beacon_head
2021/06/05 10:28 https://github.com/google/kmsan.git master 6099c9da2f7d 500c2339 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in validate_beacon_head
2021/06/05 08:33 https://github.com/google/kmsan.git master 6099c9da2f7d 500c2339 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in validate_beacon_head
2021/06/04 20:20 https://github.com/google/kmsan.git master 6099c9da2f7d 966a236b .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in validate_beacon_head
2021/06/04 16:43 https://github.com/google/kmsan.git master 6099c9da2f7d 966a236b .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in validate_beacon_head
2021/06/03 22:42 https://github.com/google/kmsan.git master 6099c9da2f7d 0740de69 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in validate_beacon_head
2021/06/03 20:26 https://github.com/google/kmsan.git master 6099c9da2f7d 0740de69 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in validate_beacon_head
2021/06/02 21:29 https://github.com/google/kmsan.git master 6099c9da2f7d 0740de69 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in validate_beacon_head
2021/06/02 17:09 https://github.com/google/kmsan.git master 6099c9da2f7d 0740de69 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in validate_beacon_head
2021/06/02 13:55 https://github.com/google/kmsan.git master 6099c9da2f7d 0740de69 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in validate_beacon_head
2021/06/01 13:06 https://github.com/google/kmsan.git master 6099c9da2f7d 032639db .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in validate_beacon_head
2021/01/17 08:22 https://github.com/google/kmsan.git master 73d62e81b476 65a7a854 .config console log report info ci-upstream-kmsan-gce
2020/11/24 15:08 https://github.com/google/kmsan.git master 73d62e81b476 1ab681a4 .config console log report info ci-upstream-kmsan-gce-386
* Struck through repros no longer work on HEAD.