syzbot

 sign-in | mailing list | source | docs
🐞 Open [1466]
Subsystems
🐞 Fixed [6733]
🐞 Invalid [17303]
Missing Backports [220]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KMSAN: uninit-value in cfg80211_classify8021d

Status: upstream: reported C repro on 2025/10/20 21:07
Subsystems: wireless
[Documentation on labels]
Reported-by: syzbot+878ddc3962f792e9af59@syzkaller.appspotmail.com
First crash: 28d, last: 3d06h
Discussions (4)
Title Replies (including bot) Last reply
[syzbot] [wireless?] KMSAN: uninit-value in cfg80211_classify8021d 0 (8) 2025/11/12 17:32
Re: [syzbot] [wireless?] KMSAN: uninit-value in cfg80211_classify8021d 1 (2) 2025/11/12 15:33
[PATCH v2] wifi: cfg80211: Fix uninitialized header access in cfg80211_classify8021d 3 (3) 2025/11/11 18:29
[PATCH] net: wireless: util: Fix uninitialized header access in cfg80211_classify8021d 2 (2) 2025/11/05 15:17
Last patch testing requests (9)
Created Duration User Patch Repo Result
2025/11/12 17:32 30m vnranganath.20@gmail.com patch upstream OK log
2025/11/12 15:51 0m vnranganath.20@gmail.com patch upstream error
2025/11/12 14:49 42m vnranganath.20@gmail.com patch upstream error
2025/11/12 13:09 1m vnranganath.20@gmail.com patch upstream error
2025/11/11 19:18 11m vnranganath.20@gmail.com patch upstream error
2025/11/01 17:41 27m vnranganath.20@gmail.com patch upstream OK log
2025/10/31 21:48 24m retest repro upstream report log
2025/10/21 17:14 2h10m listout@listout.xyz patch upstream report log
2025/10/21 11:57 46m listout@listout.xyz patch upstream report log

Sample crash report:
mac80211_hwsim hwsim5 wlan1: entered allmulticast mode
=====================================================
BUG: KMSAN: uninit-value in cfg80211_classify8021d+0x99d/0x12b0 net/wireless/util.c:1027
 cfg80211_classify8021d+0x99d/0x12b0 net/wireless/util.c:1027
 ieee80211_select_queue+0x37a/0x9e0 net/mac80211/wme.c:180
 __ieee80211_subif_start_xmit+0x60f/0x1d90 net/mac80211/tx.c:4304
 ieee80211_subif_start_xmit+0xa8/0x6d0 net/mac80211/tx.c:4538
 __netdev_start_xmit include/linux/netdevice.h:5248 [inline]
 netdev_start_xmit include/linux/netdevice.h:5257 [inline]
 xmit_one net/core/dev.c:3845 [inline]
 dev_hard_start_xmit+0x22f/0xa30 net/core/dev.c:3861
 __dev_queue_xmit+0x3c51/0x5e60 net/core/dev.c:4763
 dev_queue_xmit include/linux/netdevice.h:3365 [inline]
 packet_xmit+0x8f/0x710 net/packet/af_packet.c:275
 packet_snd net/packet/af_packet.c:3076 [inline]
 packet_sendmsg+0x9173/0xa2a0 net/packet/af_packet.c:3108
 sock_sendmsg_nosec net/socket.c:727 [inline]
 __sock_sendmsg+0x333/0x3d0 net/socket.c:742
 __sys_sendto+0x593/0x720 net/socket.c:2244
 __do_sys_sendto net/socket.c:2251 [inline]
 __se_sys_sendto net/socket.c:2247 [inline]
 __x64_sys_sendto+0x130/0x200 net/socket.c:2247
 x64_sys_call+0x3924/0x3e30 arch/x86/include/generated/asm/syscalls_64.h:45
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd9/0xfa0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was created at:
 slab_post_alloc_hook mm/slub.c:4962 [inline]
 slab_alloc_node mm/slub.c:5265 [inline]
 kmem_cache_alloc_node_noprof+0x989/0x16b0 mm/slub.c:5317
 kmalloc_reserve+0x13c/0x4b0 net/core/skbuff.c:579
 __alloc_skb+0x347/0x7d0 net/core/skbuff.c:670
 alloc_skb include/linux/skbuff.h:1383 [inline]
 alloc_skb_with_frags+0xc5/0xa60 net/core/skbuff.c:6671
 sock_alloc_send_pskb+0xacc/0xc60 net/core/sock.c:2965
 packet_alloc_skb net/packet/af_packet.c:2926 [inline]
 packet_snd net/packet/af_packet.c:3019 [inline]
 packet_sendmsg+0x743d/0xa2a0 net/packet/af_packet.c:3108
 sock_sendmsg_nosec net/socket.c:727 [inline]
 __sock_sendmsg+0x333/0x3d0 net/socket.c:742
 __sys_sendto+0x593/0x720 net/socket.c:2244
 __do_sys_sendto net/socket.c:2251 [inline]
 __se_sys_sendto net/socket.c:2247 [inline]
 __x64_sys_sendto+0x130/0x200 net/socket.c:2247
 x64_sys_call+0x3924/0x3e30 arch/x86/include/generated/asm/syscalls_64.h:45
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd9/0xfa0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

CPU: 0 UID: 0 PID: 6051 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(none) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
=====================================================

Crashes (6):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/10/17 18:20 upstream 98ac9cc4b445 7adf5298 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in cfg80211_classify8021d
2025/11/11 23:45 upstream 4427259cc7f7 4e1406b4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in cfg80211_classify8021d
2025/11/11 23:44 upstream 4427259cc7f7 4e1406b4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in cfg80211_classify8021d
2025/11/11 23:44 upstream 4427259cc7f7 4e1406b4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in cfg80211_classify8021d
2025/10/17 09:39 upstream 98ac9cc4b445 19568248 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in cfg80211_classify8021d
2025/10/17 15:54 upstream 98ac9cc4b445 7adf5298 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in cfg80211_classify8021d
* Struck through repros no longer work on HEAD.