KMSAN: uninit-value in ieee802154_hdr

KMSAN: uninit-value in ieee802154_hdr_push
Status: upstream: reported on 2021/03/02 09:29
Reported-by: syzbot+4f6e279a71100e94ae65@syzkaller.appspotmail.com
First crash: 274d, last: 26d

Sample crash report:

=====================================================
BUG: KMSAN: uninit-value in ieee802154_hdr_push_sechdr net/ieee802154/header_ops.c:54 [inline]
BUG: KMSAN: uninit-value in ieee802154_hdr_push+0xd8c/0xe00 net/ieee802154/header_ops.c:108
 ieee802154_hdr_push_sechdr net/ieee802154/header_ops.c:54 [inline]
 ieee802154_hdr_push+0xd8c/0xe00 net/ieee802154/header_ops.c:108
 ieee802154_header_create+0xd21/0x1070 net/mac802154/iface.c:404
 wpan_dev_hard_header include/net/cfg802154.h:374 [inline]
 dgram_sendmsg+0xea2/0x1650 net/ieee802154/socket.c:669
 ieee802154_sock_sendmsg+0xec/0x130 net/ieee802154/socket.c:96
 sock_sendmsg_nosec net/socket.c:704 [inline]
 sock_sendmsg net/socket.c:724 [inline]
 ____sys_sendmsg+0xe11/0x12c0 net/socket.c:2409
 ___sys_sendmsg net/socket.c:2463 [inline]
 __sys_sendmmsg+0x836/0xf50 net/socket.c:2542
 __compat_sys_sendmmsg net/compat.c:361 [inline]
 __do_compat_sys_sendmmsg net/compat.c:368 [inline]
 __se_compat_sys_sendmmsg net/compat.c:365 [inline]
 __ia32_compat_sys_sendmmsg+0x127/0x180 net/compat.c:365
 do_syscall_32_irqs_on arch/x86/entry/common.c:114 [inline]
 __do_fast_syscall_32+0x96/0xf0 arch/x86/entry/common.c:180
 do_fast_syscall_32+0x34/0x70 arch/x86/entry/common.c:205
 do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:248
 entry_SYSENTER_compat_after_hwframe+0x4d/0x5c

Local variable hdr created at:
 ieee802154_header_create+0xc8/0x1070 net/mac802154/iface.c:368
 wpan_dev_hard_header include/net/cfg802154.h:374 [inline]
 dgram_sendmsg+0xea2/0x1650 net/ieee802154/socket.c:669
=====================================================
Kernel panic - not syncing: panic_on_kmsan set ...
CPU: 1 PID: 30373 Comm: syz-executor.4 Tainted: G    B             5.15.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1ff/0x28e lib/dump_stack.c:106
 dump_stack+0x25/0x28 lib/dump_stack.c:113
 panic+0x44f/0xdeb kernel/panic.c:232
 kmsan_report+0x2ee/0x300 mm/kmsan/report.c:196
 __msan_warning+0xb4/0x100 mm/kmsan/instrumentation.c:199
 ieee802154_hdr_push_sechdr net/ieee802154/header_ops.c:54 [inline]
 ieee802154_hdr_push+0xd8c/0xe00 net/ieee802154/header_ops.c:108
 ieee802154_header_create+0xd21/0x1070 net/mac802154/iface.c:404
 wpan_dev_hard_header include/net/cfg802154.h:374 [inline]
 dgram_sendmsg+0xea2/0x1650 net/ieee802154/socket.c:669
 ieee802154_sock_sendmsg+0xec/0x130 net/ieee802154/socket.c:96
 sock_sendmsg_nosec net/socket.c:704 [inline]
 sock_sendmsg net/socket.c:724 [inline]
 ____sys_sendmsg+0xe11/0x12c0 net/socket.c:2409
 ___sys_sendmsg net/socket.c:2463 [inline]
 __sys_sendmmsg+0x836/0xf50 net/socket.c:2542
 __compat_sys_sendmmsg net/compat.c:361 [inline]
 __do_compat_sys_sendmmsg net/compat.c:368 [inline]
 __se_compat_sys_sendmmsg net/compat.c:365 [inline]
 __ia32_compat_sys_sendmmsg+0x127/0x180 net/compat.c:365
 do_syscall_32_irqs_on arch/x86/entry/common.c:114 [inline]
 __do_fast_syscall_32+0x96/0xf0 arch/x86/entry/common.c:180
 do_fast_syscall_32+0x34/0x70 arch/x86/entry/common.c:205
 do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:248
 entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
RIP: 0023:0xf6ed0549
Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00
RSP: 002b:00000000f44ca5fc EFLAGS: 00000296 ORIG_RAX: 0000000000000159
RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020002240
RDX: 000000000000003d RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
Kernel Offset: disabled
Rebooting in 86400 seconds..
----------------
Code disassembly (best guess):
   0:	03 74 c0 01          	add    0x1(%rax,%rax,8),%esi
   4:	10 05 03 74 b8 01    	adc    %al,0x1b87403(%rip)        # 0x1b8740d
   a:	10 06                	adc    %al,(%rsi)
   c:	03 74 b4 01          	add    0x1(%rsp,%rsi,4),%esi
  10:	10 07                	adc    %al,(%rdi)
  12:	03 74 b0 01          	add    0x1(%rax,%rsi,4),%esi
  16:	10 08                	adc    %cl,(%rax)
  18:	03 74 d8 01          	add    0x1(%rax,%rbx,8),%esi
  1c:	00 00                	add    %al,(%rax)
  1e:	00 00                	add    %al,(%rax)
  20:	00 51 52             	add    %dl,0x52(%rcx)
  23:	55                   	push   %rbp
  24:	89 e5                	mov    %esp,%ebp
  26:	0f 34                	sysenter
  28:	cd 80                	int    $0x80
* 2a:	5d                   	pop    %rbp <-- trapping instruction
  2b:	5a                   	pop    %rdx
  2c:	59                   	pop    %rcx
  2d:	c3                   	retq
  2e:	90                   	nop
  2f:	90                   	nop
  30:	90                   	nop
  31:	90                   	nop
  32:	66 2e 0f 1f 84 00 00 	nopw   %cs:0x0(%rax,%rax,1)
  39:	00 00 00
  3c:	0f                   	.byte 0xf
  3d:	1f                   	(bad)
  3e:	44                   	rex.R

Crashes (139):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	VM info	Title
ci-upstream-kmsan-gce-386	2021/11/01 04:54	https://github.com/google/kmsan.git master	59bd88c25ffc	098b5d53	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/11/01 01:26	https://github.com/google/kmsan.git master	59bd88c25ffc	098b5d53	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/10/31 16:58	https://github.com/google/kmsan.git master	59bd88c25ffc	098b5d53	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/10/31 15:43	https://github.com/google/kmsan.git master	59bd88c25ffc	098b5d53	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/10/30 17:00	https://github.com/google/kmsan.git master	59bd88c25ffc	098b5d53	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/10/30 15:38	https://github.com/google/kmsan.git master	59bd88c25ffc	098b5d53	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/10/30 14:08	https://github.com/google/kmsan.git master	59bd88c25ffc	098b5d53	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/10/28 15:19	https://github.com/google/kmsan.git master	8f7db06d805f	be531bb4	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/10/28 14:16	https://github.com/google/kmsan.git master	8f7db06d805f	be531bb4	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/10/27 08:35	https://github.com/google/kmsan.git master	8f7db06d805f	d50eb50a	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/10/26 10:45	https://github.com/google/kmsan.git master	0f36cda66082	c1132b49	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/10/24 06:41	https://github.com/google/kmsan.git master	82e66ad2e586	282f03fb	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/10/20 09:52	https://github.com/google/kmsan.git master	d6493d2046c4	466b7db1	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/10/17 06:35	https://github.com/google/kmsan.git master	d6493d2046c4	0c5d9412	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/10/16 01:58	https://github.com/google/kmsan.git master	8bdd014d5dc7	0c5d9412	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/10/11 11:05	https://github.com/google/kmsan.git master	c7f84f4e1147	838e7e2c	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/10/11 01:53	https://github.com/google/kmsan.git master	c7f84f4e1147	838e7e2c	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/10/11 00:36	https://github.com/google/kmsan.git master	c7f84f4e1147	838e7e2c	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/10/10 11:25	https://github.com/google/kmsan.git master	c7f84f4e1147	838e7e2c	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/10/09 06:10	https://github.com/google/kmsan.git master	c7f84f4e1147	efe0f24d	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/10/08 01:04	https://github.com/google/kmsan.git master	c7f84f4e1147	efe0f24d	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/10/07 15:03	https://github.com/google/kmsan.git master	c7f84f4e1147	62ee0987	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/10/05 04:53	https://github.com/google/kmsan.git master	90f502f5d016	ce697b49	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/10/04 22:31	https://github.com/google/kmsan.git master	90f502f5d016	ce697b49	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/09/24 13:07	https://github.com/google/kmsan.git master	5e561f94df41	8cac236e	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/09/24 09:43	https://github.com/google/kmsan.git master	5e561f94df41	8cac236e	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/09/23 02:47	https://github.com/google/kmsan.git master	c9006efa1749	8cac236e	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/09/22 16:38	https://github.com/google/kmsan.git master	f881dcecdc7a	169724fe	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/09/21 08:01	https://github.com/google/kmsan.git master	be0f0dd6a24b	af796c18	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/09/18 18:33	https://github.com/google/kmsan.git master	80de0ac1c3d2	70b76c1d	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/09/15 17:50	https://github.com/google/kmsan.git master	43b4682e8b8e	07e953c1	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/09/15 15:36	https://github.com/google/kmsan.git master	43b4682e8b8e	07e953c1	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/09/15 14:22	https://github.com/google/kmsan.git master	43b4682e8b8e	07e953c1	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/09/10 23:01	https://github.com/google/kmsan.git master	43b4682e8b8e	5ae8508a	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/09/09 16:23	https://github.com/google/kmsan.git master	43b4682e8b8e	e2776ee4	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/09/09 11:18	https://github.com/google/kmsan.git master	43b4682e8b8e	e2776ee4	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/09/01 02:43	https://github.com/google/kmsan.git master	e306aba466ec	7eb7e152	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/09/01 01:34	https://github.com/google/kmsan.git master	e306aba466ec	7eb7e152	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/08/28 23:46	https://github.com/google/kmsan.git master	f9d742fca814	be2c130d	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/08/28 11:39	https://github.com/google/kmsan.git master	f9d742fca814	d5a29e53	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/08/27 11:40	https://github.com/google/kmsan.git master	f9d742fca814	b318694d	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/08/22 14:52	https://github.com/google/kmsan.git master	40b1d724c752	b599f2fc	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/08/18 21:00	https://github.com/google/kmsan.git master	40b1d724c752	a2fe1cb5	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/08/18 15:25	https://github.com/google/kmsan.git master	40b1d724c752	a2fe1cb5	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/08/18 13:08	https://github.com/google/kmsan.git master	40b1d724c752	a2fe1cb5	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/08/18 05:59	https://github.com/google/kmsan.git master	40b1d724c752	a2fe1cb5	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/08/18 00:38	https://github.com/google/kmsan.git master	40b1d724c752	a2fe1cb5	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/02/28 22:39	https://github.com/google/kmsan.git master	29ad81a1074a	4c37c133	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/02/26 08:33	https://github.com/google/kmsan.git master	29ad81a1074a	76f7fc95	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push