syzbot


KMSAN: uninit-value in sctp_epaddr_lookup_transport

Status: auto-closed as invalid on 2022/03/29 02:40
Reported-by: syzbot+@syzkaller.appspotmail.com
First crash: 332d, last: 332d

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in rht_ptr_rcu include/linux/rhashtable.h:369 [inline]
BUG: KMSAN: uninit-value in __rhashtable_lookup include/linux/rhashtable.h:599 [inline]
BUG: KMSAN: uninit-value in rhltable_lookup include/linux/rhashtable.h:688 [inline]
BUG: KMSAN: uninit-value in sctp_epaddr_lookup_transport+0x9bc/0xd10 net/sctp/input.c:1041
 rht_ptr_rcu include/linux/rhashtable.h:369 [inline]
 __rhashtable_lookup include/linux/rhashtable.h:599 [inline]
 rhltable_lookup include/linux/rhashtable.h:688 [inline]
 sctp_epaddr_lookup_transport+0x9bc/0xd10 net/sctp/input.c:1041
 sctp_endpoint_lookup_assoc net/sctp/endpointola.c:277 [inline]
 sctp_endpoint_bh_rcv+0x4ca/0x1010 net/sctp/endpointola.c:370
 sctp_inq_push+0x31c/0x440 net/sctp/inqueue.c:80
 sctp_rcv+0x408d/0x4260 net/sctp/input.c:256
 sctp4_rcv+0x60/0x80 net/sctp/protocol.c:1154
 ip_protocol_deliver_rcu+0x752/0x10a0 net/ipv4/ip_input.c:204
 ip_local_deliver_finish net/ipv4/ip_input.c:231 [inline]
 NF_HOOK include/linux/netfilter.h:307 [inline]
 ip_local_deliver+0x584/0x8c0 net/ipv4/ip_input.c:252
 dst_input include/net/dst.h:460 [inline]
 ip_rcv_finish net/ipv4/ip_input.c:429 [inline]
 NF_HOOK include/linux/netfilter.h:307 [inline]
 ip_rcv+0x5a5/0x830 net/ipv4/ip_input.c:540
 __netif_receive_skb_one_core net/core/dev.c:5465 [inline]
 __netif_receive_skb+0x1ec/0x630 net/core/dev.c:5579
 process_backlog+0x54b/0xc10 net/core/dev.c:6455
 __napi_poll+0x14c/0xc00 net/core/dev.c:7023
 napi_poll net/core/dev.c:7090 [inline]
 net_rx_action+0x7e2/0x1820 net/core/dev.c:7177
 __do_softirq+0x1ee/0x7c5 kernel/softirq.c:558
 run_ksoftirqd+0x33/0x50 kernel/softirq.c:921
 smpboot_thread_fn+0x606/0xbd0 kernel/smpboot.c:164
 kthread+0x721/0x850 kernel/kthread.c:327
 ret_from_fork+0x1f/0x30

Uninit was stored to memory at:
 sctp_init_addrs+0x90/0xf0 net/sctp/sm_make_chunk.c:1409
 sctp_rcv+0x38c5/0x4260 net/sctp/input.c:222
 sctp4_rcv+0x60/0x80 net/sctp/protocol.c:1154
 ip_protocol_deliver_rcu+0x752/0x10a0 net/ipv4/ip_input.c:204
 ip_local_deliver_finish net/ipv4/ip_input.c:231 [inline]
 NF_HOOK include/linux/netfilter.h:307 [inline]
 ip_local_deliver+0x584/0x8c0 net/ipv4/ip_input.c:252
 dst_input include/net/dst.h:460 [inline]
 ip_rcv_finish net/ipv4/ip_input.c:429 [inline]
 NF_HOOK include/linux/netfilter.h:307 [inline]
 ip_rcv+0x5a5/0x830 net/ipv4/ip_input.c:540
 __netif_receive_skb_one_core net/core/dev.c:5465 [inline]
 __netif_receive_skb+0x1ec/0x630 net/core/dev.c:5579
 process_backlog+0x54b/0xc10 net/core/dev.c:6455
 __napi_poll+0x14c/0xc00 net/core/dev.c:7023
 napi_poll net/core/dev.c:7090 [inline]
 net_rx_action+0x7e2/0x1820 net/core/dev.c:7177
 __do_softirq+0x1ee/0x7c5 kernel/softirq.c:558

Local variable src created at:
 sctp_rcv+0x55/0x4260 net/sctp/input.c:93
 sctp4_rcv+0x60/0x80 net/sctp/protocol.c:1154

CPU: 1 PID: 18 Comm: ksoftirqd/1 Not tainted 5.16.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
=====================================================

Crashes (1):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kmsan-gce-386 2021/12/29 02:34 https://github.com/google/kmsan.git master 81c325bbf94e 76c8cf06 .config log report info KMSAN: uninit-value in sctp_epaddr_lookup_transport
* Struck through repros no longer work on HEAD.