syzbot


KMSAN: uninit-value in ath9k_wmi_ctrl_rx

Status: fixed on 2023/09/28 17:51
Subsystems: wireless
[Documentation on labels]
Reported-by: syzbot+f2cb6e0ffdb961921e4d@syzkaller.appspotmail.com
Fix commit: f24292e82708 wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx
First crash: 458d, last: 326d
Discussions (11)
Title Replies (including bot) Last reply
[PATCH v3 1/2] wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx 4 (4) 2023/08/22 13:35
Re: [PATCH v3 2/2] wifi: ath9k: protect WMI command response buffer replacement with a lock 1 (1) 2023/08/08 14:07
Re: [PATCH v3 1/2] wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx 4 (4) 2023/05/18 15:44
[PATCH 0/3] wifi: ath9k: deal with uninit memory 13 (13) 2023/04/28 16:52
[PATCH v3 2/2] wifi: ath9k: protect WMI command response buffer replacement with a lock 1 (1) 2023/04/25 19:26
Re: [PATCH v2] wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx 1 (1) 2023/04/25 07:54
Re: [PATCH v2] wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx 1 (1) 2023/04/25 05:45
[syzbot] [wireless] Monthly Report 0 (1) 2023/03/24 15:33
Re: [syzbot] [wireless?] KMSAN: uninit-value in ath9k_wmi_ctrl_rx 1 (2) 2023/03/15 19:59
Re: [syzbot] [wireless?] KMSAN: uninit-value in ath9k_wmi_ctrl_rx 1 (2) 2023/03/13 10:53
[syzbot] [wireless?] KMSAN: uninit-value in ath9k_wmi_ctrl_rx 0 (1) 2023/03/06 17:55
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in ath9k_htc_rx_msg wireless C 17731 469d 1387d 22/26 fixed on 2023/02/24 13:50
upstream KMSAN: uninit-value in skb_trim wireless C 519 712d 1372d 0/26 auto-obsoleted due to no activity on 2022/10/14 01:22
Last patch testing requests (2)
Created Duration User Patch Repo Result
2023/03/15 19:33 24m pchelkin@ispras.ru patch https://github.com/google/kmsan.git master OK log
2023/03/13 10:28 24m pchelkin@ispras.ru patch https://github.com/google/kmsan.git master OK log

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in ath9k_wmi_ctrl_rx+0x2fd/0x530 drivers/net/wireless/ath/ath9k/wmi.c:227
 ath9k_wmi_ctrl_rx+0x2fd/0x530 drivers/net/wireless/ath/ath9k/wmi.c:227
 ath9k_htc_rx_msg+0x5a7/0xac0 drivers/net/wireless/ath/ath9k/htc_hst.c:479
 ath9k_hif_usb_rx_stream drivers/net/wireless/ath/ath9k/hif_usb.c:653 [inline]
 ath9k_hif_usb_rx_cb+0x18fd/0x1ee0 drivers/net/wireless/ath/ath9k/hif_usb.c:686
 __usb_hcd_giveback_urb+0x521/0x750 drivers/usb/core/hcd.c:1671
 usb_hcd_giveback_urb+0x158/0x680 drivers/usb/core/hcd.c:1754
 dummy_timer+0xd4d/0x4cc0 drivers/usb/gadget/udc/dummy_hcd.c:1988
 call_timer_fn+0x45/0x4e0 kernel/time/timer.c:1700
 expire_timers kernel/time/timer.c:1751 [inline]
 __run_timers+0x861/0xf90 kernel/time/timer.c:2022
 run_timer_softirq+0x68/0xe0 kernel/time/timer.c:2035
 __do_softirq+0x1c9/0x7c5 kernel/softirq.c:571
 invoke_softirq kernel/softirq.c:445 [inline]
 __irq_exit_rcu+0xe5/0x220 kernel/softirq.c:650
 irq_exit_rcu+0x12/0x20 kernel/softirq.c:662
 sysvec_apic_timer_interrupt+0x9e/0xc0 arch/x86/kernel/apic/apic.c:1107
 asm_sysvec_apic_timer_interrupt+0x1f/0x30 arch/x86/include/asm/idtentry.h:649
 native_safe_halt arch/x86/include/asm/irqflags.h:51 [inline]
 arch_safe_halt arch/x86/include/asm/irqflags.h:89 [inline]
 acpi_safe_halt drivers/acpi/processor_idle.c:112 [inline]
 acpi_idle_do_entry drivers/acpi/processor_idle.c:570 [inline]
 acpi_idle_enter+0x6d7/0x820 drivers/acpi/processor_idle.c:707
 cpuidle_enter_state+0x84d/0x1ae0 drivers/cpuidle/cpuidle.c:239
 cpuidle_enter+0x7f/0xf0 drivers/cpuidle/cpuidle.c:356
 call_cpuidle kernel/sched/idle.c:155 [inline]
 cpuidle_idle_call kernel/sched/idle.c:236 [inline]
 do_idle+0x5ee/0x7f0 kernel/sched/idle.c:303
 cpu_startup_entry+0x21/0x30 kernel/sched/idle.c:400
 rest_init+0x22e/0x2b0 init/main.c:732
 arch_call_rest_init+0x12/0x20 init/main.c:894
 start_kernel+0x951/0xb40 init/main.c:1148
 x86_64_start_reservations+0x2e/0x30 arch/x86/kernel/head64.c:556
 x86_64_start_kernel+0x118/0x120 arch/x86/kernel/head64.c:537
 secondary_startup_64_no_verify+0xcf/0xdb

Uninit was created at:
 slab_post_alloc_hook+0x12d/0xb60 mm/slab.h:766
 slab_alloc_node mm/slub.c:3452 [inline]
 __kmem_cache_alloc_node+0x518/0x920 mm/slub.c:3491
 __do_kmalloc_node mm/slab_common.c:967 [inline]
 __kmalloc_node_track_caller+0x118/0x3c0 mm/slab_common.c:988
 kmalloc_reserve net/core/skbuff.c:492 [inline]
 __alloc_skb+0x3b8/0x900 net/core/skbuff.c:565
 __netdev_alloc_skb+0x12f/0x7e0 net/core/skbuff.c:630
 __dev_alloc_skb include/linux/skbuff.h:3165 [inline]
 ath9k_hif_usb_rx_stream drivers/net/wireless/ath/ath9k/hif_usb.c:635 [inline]
 ath9k_hif_usb_rx_cb+0xda6/0x1ee0 drivers/net/wireless/ath/ath9k/hif_usb.c:686
 __usb_hcd_giveback_urb+0x521/0x750 drivers/usb/core/hcd.c:1671
 usb_hcd_giveback_urb+0x158/0x680 drivers/usb/core/hcd.c:1754
 dummy_timer+0xd4d/0x4cc0 drivers/usb/gadget/udc/dummy_hcd.c:1988
 call_timer_fn+0x45/0x4e0 kernel/time/timer.c:1700
 expire_timers kernel/time/timer.c:1751 [inline]
 __run_timers+0x861/0xf90 kernel/time/timer.c:2022
 run_timer_softirq+0x68/0xe0 kernel/time/timer.c:2035
 __do_softirq+0x1c9/0x7c5 kernel/softirq.c:571

CPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.2.0-syzkaller-81157-g944070199c5e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
=====================================================

Crashes (45):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/03/01 20:33 https://github.com/google/kmsan.git master 944070199c5e f8902b57 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in ath9k_wmi_ctrl_rx
2023/07/06 16:08 https://github.com/google/kmsan.git master 257152fe29be 1a2f6297 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in ath9k_wmi_ctrl_rx
2023/06/30 02:51 https://github.com/google/kmsan.git master 257152fe29be 7b33cf8f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in ath9k_wmi_ctrl_rx
2023/06/26 05:35 https://github.com/google/kmsan.git master e6bc8833d80f 09ffe269 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in ath9k_wmi_ctrl_rx
2023/06/20 16:00 https://github.com/google/kmsan.git master e6bc8833d80f 09ffe269 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in ath9k_wmi_ctrl_rx
2023/06/15 22:30 https://github.com/google/kmsan.git master 7cccf3be6dcb 757d26ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in ath9k_wmi_ctrl_rx
2023/06/14 21:34 https://github.com/google/kmsan.git master 7cccf3be6dcb d2ee9228 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in ath9k_wmi_ctrl_rx
2023/06/13 23:03 https://github.com/google/kmsan.git master 7cccf3be6dcb d2ee9228 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in ath9k_wmi_ctrl_rx
2023/06/07 17:58 https://github.com/google/kmsan.git master 2741f1b02117 7086cdb9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in ath9k_wmi_ctrl_rx
2023/05/29 09:19 https://github.com/google/kmsan.git master f93f2feda5d6 cf184559 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in ath9k_wmi_ctrl_rx
2023/05/29 05:17 https://github.com/google/kmsan.git master f93f2feda5d6 cf184559 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in ath9k_wmi_ctrl_rx
2023/05/20 11:36 https://github.com/google/kmsan.git master dad188c049f8 4bce1a3e .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in ath9k_wmi_ctrl_rx
2023/05/17 16:28 https://github.com/google/kmsan.git master dad188c049f8 eaac4681 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in ath9k_wmi_ctrl_rx
2023/05/16 18:08 https://github.com/google/kmsan.git master dad188c049f8 11c89444 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in ath9k_wmi_ctrl_rx
2023/05/11 02:10 https://github.com/google/kmsan.git master 46e8b6e7cfeb 0fbd49f4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in ath9k_wmi_ctrl_rx
2023/05/10 05:35 https://github.com/google/kmsan.git master 46e8b6e7cfeb 1964022b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in ath9k_wmi_ctrl_rx
2023/05/08 20:34 https://github.com/google/kmsan.git master 81af97bdef5e 90c93c40 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in ath9k_wmi_ctrl_rx
2023/05/08 20:00 https://github.com/google/kmsan.git master 81af97bdef5e 90c93c40 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in ath9k_wmi_ctrl_rx
2023/05/06 12:19 https://github.com/google/kmsan.git master 81af97bdef5e 90c93c40 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in ath9k_wmi_ctrl_rx
2023/04/30 01:51 https://github.com/google/kmsan.git master 81af97bdef5e 62df2017 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in ath9k_wmi_ctrl_rx
2023/03/31 13:47 https://github.com/google/kmsan.git master 90ea0df61c98 f325deb0 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in ath9k_wmi_ctrl_rx
2023/03/30 15:41 https://github.com/google/kmsan.git master 90ea0df61c98 f325deb0 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in ath9k_wmi_ctrl_rx
2023/03/30 05:22 https://github.com/google/kmsan.git master 90ea0df61c98 f325deb0 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in ath9k_wmi_ctrl_rx
2023/03/30 05:13 https://github.com/google/kmsan.git master 90ea0df61c98 f325deb0 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in ath9k_wmi_ctrl_rx
2023/03/20 20:25 https://github.com/google/kmsan.git master 90ea0df61c98 7939252e .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in ath9k_wmi_ctrl_rx
2023/03/15 05:38 https://github.com/google/kmsan.git master 34add094f9de 0d5c4377 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in ath9k_wmi_ctrl_rx
2023/03/14 13:28 https://github.com/google/kmsan.git master 34add094f9de 0d5c4377 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in ath9k_wmi_ctrl_rx
2023/03/04 15:31 https://github.com/google/kmsan.git master 944070199c5e f8902b57 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in ath9k_wmi_ctrl_rx
2023/03/01 18:55 https://github.com/google/kmsan.git master 944070199c5e f8902b57 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in ath9k_wmi_ctrl_rx
2023/03/01 13:08 https://github.com/google/kmsan.git master 97e36f4aa06f f8902b57 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in ath9k_wmi_ctrl_rx
2023/07/06 11:50 https://github.com/google/kmsan.git master 257152fe29be ba5dba36 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ath9k_wmi_ctrl_rx
2023/06/26 05:45 https://github.com/google/kmsan.git master e6bc8833d80f 09ffe269 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ath9k_wmi_ctrl_rx
2023/05/29 06:23 https://github.com/google/kmsan.git master f93f2feda5d6 cf184559 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ath9k_wmi_ctrl_rx
2023/05/29 05:28 https://github.com/google/kmsan.git master f93f2feda5d6 cf184559 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ath9k_wmi_ctrl_rx
2023/05/11 02:06 https://github.com/google/kmsan.git master 46e8b6e7cfeb 0fbd49f4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ath9k_wmi_ctrl_rx
2023/05/06 12:18 https://github.com/google/kmsan.git master 81af97bdef5e 90c93c40 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ath9k_wmi_ctrl_rx
2023/03/30 15:43 https://github.com/google/kmsan.git master 90ea0df61c98 f325deb0 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ath9k_wmi_ctrl_rx
2023/03/30 05:34 https://github.com/google/kmsan.git master 90ea0df61c98 f325deb0 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ath9k_wmi_ctrl_rx
2023/03/30 05:30 https://github.com/google/kmsan.git master 90ea0df61c98 f325deb0 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ath9k_wmi_ctrl_rx
2023/03/30 05:17 https://github.com/google/kmsan.git master 90ea0df61c98 f325deb0 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ath9k_wmi_ctrl_rx
2023/03/30 05:15 https://github.com/google/kmsan.git master 90ea0df61c98 f325deb0 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ath9k_wmi_ctrl_rx
2023/03/14 23:16 https://github.com/google/kmsan.git master 34add094f9de 0d5c4377 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ath9k_wmi_ctrl_rx
2023/03/02 21:46 https://github.com/google/kmsan.git master 944070199c5e f8902b57 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ath9k_wmi_ctrl_rx
2023/02/25 08:44 https://github.com/google/kmsan.git master 97e36f4aa06f ee50e71c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in ath9k_wmi_ctrl_rx
* Struck through repros no longer work on HEAD.