KMSAN: uninit-value in ieee802154_hdr

KMSAN: uninit-value in ieee802154_hdr_push
Status: upstream: reported on 2021/03/02 09:29
Reported-by: syzbot+4f6e279a71100e94ae65@syzkaller.appspotmail.com
First crash: 55d, last: 7d04h

Sample crash report:

=====================================================
BUG: KMSAN: uninit-value in ieee802154_hdr_push+0x5d7/0xdd0 net/ieee802154/header_ops.c:96
CPU: 0 PID: 30528 Comm: syz-executor.5 Tainted: G        W         5.12.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:79 [inline]
 dump_stack+0x24c/0x2e0 lib/dump_stack.c:120
 kmsan_report+0xfb/0x1e0 mm/kmsan/kmsan_report.c:118
 __msan_warning+0x5c/0xa0 mm/kmsan/kmsan_instr.c:197
 ieee802154_hdr_push+0x5d7/0xdd0 net/ieee802154/header_ops.c:96
 ieee802154_header_create+0xd07/0x1070 net/mac802154/iface.c:404
 wpan_dev_hard_header include/net/cfg802154.h:374 [inline]
 dgram_sendmsg+0xf4b/0x15d0 net/ieee802154/socket.c:670
 ieee802154_sock_sendmsg+0xec/0x130 net/ieee802154/socket.c:97
 sock_sendmsg_nosec net/socket.c:654 [inline]
 sock_sendmsg net/socket.c:674 [inline]
 ____sys_sendmsg+0xcfc/0x12f0 net/socket.c:2350
 ___sys_sendmsg net/socket.c:2404 [inline]
 __sys_sendmsg+0x714/0x830 net/socket.c:2433
 __compat_sys_sendmsg net/compat.c:347 [inline]
 __do_compat_sys_sendmsg net/compat.c:354 [inline]
 __se_compat_sys_sendmsg+0xa7/0xc0 net/compat.c:351
 __ia32_compat_sys_sendmsg+0x4a/0x70 net/compat.c:351
 do_syscall_32_irqs_on arch/x86/entry/common.c:79 [inline]
 __do_fast_syscall_32+0x127/0x180 arch/x86/entry/common.c:142
 do_fast_syscall_32+0x6a/0xc0 arch/x86/entry/common.c:167
 do_SYSENTER_32+0x73/0x90 arch/x86/entry/common.c:210
 entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
RIP: 0023:0xf7fba549
Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
RSP: 002b:00000000f55b45fc EFLAGS: 00000296 ORIG_RAX: 0000000000000172
RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000200001c0
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000

Uninit was stored to memory at:
 kmsan_save_stack_with_flags mm/kmsan/kmsan.c:121 [inline]
 kmsan_internal_chain_origin+0xad/0x130 mm/kmsan/kmsan.c:289
 kmsan_memcpy_memmove_metadata+0x25e/0x2d0 mm/kmsan/kmsan.c:226
 kmsan_memcpy_metadata+0xb/0x10 mm/kmsan/kmsan.c:246
 __msan_memcpy+0x46/0x60 mm/kmsan/kmsan_instr.c:110
 ieee802154_header_create+0xcd1/0x1070 net/mac802154/iface.c:402
 wpan_dev_hard_header include/net/cfg802154.h:374 [inline]
 dgram_sendmsg+0xf4b/0x15d0 net/ieee802154/socket.c:670
 ieee802154_sock_sendmsg+0xec/0x130 net/ieee802154/socket.c:97
 sock_sendmsg_nosec net/socket.c:654 [inline]
 sock_sendmsg net/socket.c:674 [inline]
 ____sys_sendmsg+0xcfc/0x12f0 net/socket.c:2350
 ___sys_sendmsg net/socket.c:2404 [inline]
 __sys_sendmsg+0x714/0x830 net/socket.c:2433
 __compat_sys_sendmsg net/compat.c:347 [inline]
 __do_compat_sys_sendmsg net/compat.c:354 [inline]
 __se_compat_sys_sendmsg+0xa7/0xc0 net/compat.c:351
 __ia32_compat_sys_sendmsg+0x4a/0x70 net/compat.c:351
 do_syscall_32_irqs_on arch/x86/entry/common.c:79 [inline]
 __do_fast_syscall_32+0x127/0x180 arch/x86/entry/common.c:142
 do_fast_syscall_32+0x6a/0xc0 arch/x86/entry/common.c:167
 do_SYSENTER_32+0x73/0x90 arch/x86/entry/common.c:210
 entry_SYSENTER_compat_after_hwframe+0x4d/0x5c

Uninit was stored to memory at:
 kmsan_save_stack_with_flags mm/kmsan/kmsan.c:121 [inline]
 kmsan_internal_chain_origin+0xad/0x130 mm/kmsan/kmsan.c:289
 __msan_chain_origin+0x54/0xa0 mm/kmsan/kmsan_instr.c:147
 ieee802154_addr_from_sa include/net/ieee802154_netdev.h:172 [inline]
 dgram_sendmsg+0x14bb/0x15d0 net/ieee802154/socket.c:660
 ieee802154_sock_sendmsg+0xec/0x130 net/ieee802154/socket.c:97
 sock_sendmsg_nosec net/socket.c:654 [inline]
 sock_sendmsg net/socket.c:674 [inline]
 ____sys_sendmsg+0xcfc/0x12f0 net/socket.c:2350
 ___sys_sendmsg net/socket.c:2404 [inline]
 __sys_sendmsg+0x714/0x830 net/socket.c:2433
 __compat_sys_sendmsg net/compat.c:347 [inline]
 __do_compat_sys_sendmsg net/compat.c:354 [inline]
 __se_compat_sys_sendmsg+0xa7/0xc0 net/compat.c:351
 __ia32_compat_sys_sendmsg+0x4a/0x70 net/compat.c:351
 do_syscall_32_irqs_on arch/x86/entry/common.c:79 [inline]
 __do_fast_syscall_32+0x127/0x180 arch/x86/entry/common.c:142
 do_fast_syscall_32+0x6a/0xc0 arch/x86/entry/common.c:167
 do_SYSENTER_32+0x73/0x90 arch/x86/entry/common.c:210
 entry_SYSENTER_compat_after_hwframe+0x4d/0x5c

Local variable ----address.i@__sys_sendmsg created at:
 ___sys_sendmsg net/socket.c:2394 [inline]
 __sys_sendmsg+0x30e/0x830 net/socket.c:2433
 ___sys_sendmsg net/socket.c:2394 [inline]
 __sys_sendmsg+0x30e/0x830 net/socket.c:2433
=====================================================

Crashes (16):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	VM info	Title
ci-upstream-kmsan-gce-386	2021/04/16 01:48	https://github.com/google/kmsan.git master	4ebaab5f	c59079a6	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/04/15 22:50	https://github.com/google/kmsan.git master	4ebaab5f	c59079a6	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/04/15 06:16	https://github.com/google/kmsan.git master	4ebaab5f	fcdb12ba	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/04/15 05:56	https://github.com/google/kmsan.git master	4ebaab5f	fcdb12ba	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/04/15 02:09	https://github.com/google/kmsan.git master	4ebaab5f	fcdb12ba	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/04/15 01:19	https://github.com/google/kmsan.git master	4ebaab5f	fcdb12ba	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/04/14 17:50	https://github.com/google/kmsan.git master	4ebaab5f	3134b37f	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/04/14 12:56	https://github.com/google/kmsan.git master	4ebaab5f	3134b37f	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/04/13 22:00	https://github.com/google/kmsan.git master	4ebaab5f	a184b83e	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/04/13 07:51	https://github.com/google/kmsan.git master	4ebaab5f	bfeda1b1	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/04/06 15:05	https://github.com/google/kmsan.git master	29ad81a1	6a81331a	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/04/01 22:28	https://github.com/google/kmsan.git master	29ad81a1	6a81331a	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/03/30 08:50	https://github.com/google/kmsan.git master	29ad81a1	6a81331a	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/03/24 04:57	https://github.com/google/kmsan.git master	29ad81a1	e613994b	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/02/28 22:39	https://github.com/google/kmsan.git master	29ad81a1	4c37c133	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push
ci-upstream-kmsan-gce-386	2021/02/26 08:33	https://github.com/google/kmsan.git master	29ad81a1	76f7fc95	.config	log	report	info	KMSAN: uninit-value in ieee802154_hdr_push