syzbot

 sign-in | mailing list | source | docs
🐞 Open [1433]
Subsystems
🐞 Fixed [6955]
🐞 Invalid [18140]
Missing Backports [223]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

KMSAN: uninit-value in nl80211_send_pmsr_capa

Status: upstream: reported on 2026/03/03 06:07
Subsystems: wireless
[Documentation on labels]
Reported-by: syzbot+c686c6b197d10ff3a749@syzkaller.appspotmail.com
First crash: 5d04h, last: 2d23h
Discussions (2)
Title Replies (including bot) Last reply
[PATCH wireless] wifi: mac80211_hwsim: fully initialise PMSR capabilities 1 (1) 2026/03/03 11:37
[syzbot] [wireless?] KMSAN: uninit-value in nl80211_send_pmsr_capa 0 (1) 2026/03/03 06:07

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in nl80211_send_pmsr_ftm_capa net/wireless/nl80211.c:2302 [inline]
BUG: KMSAN: uninit-value in nl80211_send_pmsr_capa+0x6fe/0x1b50 net/wireless/nl80211.c:2404
 nl80211_send_pmsr_ftm_capa net/wireless/nl80211.c:2302 [inline]
 nl80211_send_pmsr_capa+0x6fe/0x1b50 net/wireless/nl80211.c:2404
 nl80211_send_wiphy+0x1464/0x96d0 net/wireless/nl80211.c:3302
 nl80211_dump_wiphy+0x5b6/0xc80 net/wireless/nl80211.c:3447
 genl_dumpit+0x14e/0x2a0 net/netlink/genetlink.c:1026
 netlink_dump+0xbaa/0x1800 net/netlink/af_netlink.c:2325
 netlink_recvmsg+0xc8a/0xfe0 net/netlink/af_netlink.c:1976
 sock_recvmsg_nosec+0x23e/0x2e0 net/socket.c:1078
 ____sys_recvmsg+0x4e5/0x620 net/socket.c:2810
 ___sys_recvmsg+0x20b/0x850 net/socket.c:2854
 do_recvmmsg+0x40e/0xdf0 net/socket.c:2949
 __sys_recvmmsg net/socket.c:3023 [inline]
 __do_sys_recvmmsg net/socket.c:3046 [inline]
 __se_sys_recvmmsg net/socket.c:3039 [inline]
 __x64_sys_recvmmsg+0x383/0x500 net/socket.c:3039
 x64_sys_call+0x96d/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:300
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x134/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was stored to memory at:
 mac80211_hwsim_new_radio+0x60b8/0x7e20 drivers/net/wireless/virtual/mac80211_hwsim.c:5837
 hwsim_new_radio_nl+0x1839/0x3160 drivers/net/wireless/virtual/mac80211_hwsim.c:6504
 genl_family_rcv_msg_doit+0x338/0x3f0 net/netlink/genetlink.c:1114
 genl_family_rcv_msg net/netlink/genetlink.c:1194 [inline]
 genl_rcv_msg+0xac5/0xc00 net/netlink/genetlink.c:1209
 netlink_rcv_skb+0x54d/0x680 net/netlink/af_netlink.c:2550
 genl_rcv+0x41/0x60 net/netlink/genetlink.c:1218
 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
 netlink_unicast+0xf04/0x12b0 net/netlink/af_netlink.c:1344
 netlink_sendmsg+0x10b2/0x1250 net/netlink/af_netlink.c:1894
 sock_sendmsg_nosec net/socket.c:727 [inline]
 __sock_sendmsg net/socket.c:742 [inline]
 ____sys_sendmsg+0xfe7/0x1080 net/socket.c:2592
 ___sys_sendmsg+0x271/0x3b0 net/socket.c:2646
 __sys_sendmsg net/socket.c:2678 [inline]
 __do_sys_sendmsg net/socket.c:2683 [inline]
 __se_sys_sendmsg net/socket.c:2681 [inline]
 __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2681
 x64_sys_call+0x1e20/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:47
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x134/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was created at:
 slab_post_alloc_hook mm/slub.c:4522 [inline]
 slab_alloc_node mm/slub.c:4844 [inline]
 __kmalloc_cache_noprof+0x35e/0x1260 mm/slub.c:5353
 kmalloc_noprof include/linux/slab.h:950 [inline]
 hwsim_new_radio_nl+0x1705/0x3160 drivers/net/wireless/virtual/mac80211_hwsim.c:6492
 genl_family_rcv_msg_doit+0x338/0x3f0 net/netlink/genetlink.c:1114
 genl_family_rcv_msg net/netlink/genetlink.c:1194 [inline]
 genl_rcv_msg+0xac5/0xc00 net/netlink/genetlink.c:1209
 netlink_rcv_skb+0x54d/0x680 net/netlink/af_netlink.c:2550
 genl_rcv+0x41/0x60 net/netlink/genetlink.c:1218
 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
 netlink_unicast+0xf04/0x12b0 net/netlink/af_netlink.c:1344
 netlink_sendmsg+0x10b2/0x1250 net/netlink/af_netlink.c:1894
 sock_sendmsg_nosec net/socket.c:727 [inline]
 __sock_sendmsg net/socket.c:742 [inline]
 ____sys_sendmsg+0xfe7/0x1080 net/socket.c:2592
 ___sys_sendmsg+0x271/0x3b0 net/socket.c:2646
 __sys_sendmsg net/socket.c:2678 [inline]
 __do_sys_sendmsg net/socket.c:2683 [inline]
 __se_sys_sendmsg net/socket.c:2681 [inline]
 __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2681
 x64_sys_call+0x1e20/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:47
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x134/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

CPU: 0 UID: 0 PID: 15981 Comm: syz.5.4560 Tainted: G             L      syzkaller #0 PREEMPT(full) 
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
=====================================================

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/03/01 11:53 upstream eb71ab2bf722 43249bac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in nl80211_send_pmsr_capa
2026/03/01 11:52 upstream eb71ab2bf722 43249bac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in nl80211_send_pmsr_capa
2026/02/27 06:05 upstream a75cb869a8cc a2f13f71 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in nl80211_send_pmsr_capa
* Struck through repros no longer work on HEAD.