syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1339]
Subsystems
🐞 Fixed [7089]
🐞 Invalid [18659]
Missing Backports [221]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

KMSAN: uninit-value in mptcp_established_options

Status: upstream: reported syz repro on 2026/05/01 06:15
Subsystems: mptcp
[Documentation on labels]
Reported-by: syzbot+ff020673c5e3d94d9478@syzkaller.appspotmail.com
First crash: 7d00h, last: now
✨ AI Jobs (1)
ID Workflow Result Correct Bug Created Started Finished Revision Error
5f52de13-b594-4ef7-b867-02a6d887d7bd assessment-security DenialOfService: ✅ Exploitable: ❌ FilesystemTrigger: ❌ NetworkTrigger: ✅ PeripheralTrigger: ❌ RemoteTrigger: ❌ Unprivileged: ✅ UserNamespace: ✅ VMGuestTrigger: ❌ VMHostTrigger: ❌ KMSAN: uninit-value in mptcp_established_options 2026/05/07 14:10 2026/05/07 14:10 2026/05/07 17:55 06a6ee865c1ddbbe04beddc5a2bf68cc0e8aa03c
Discussions (3)
Title Replies (including bot) Last reply
[PATCH] mptcp: fix KMSAN: uninit-value in mptcp_established_options 5 (8) 2026/05/07 07:44
[PATCH] mptcp: zero opts->ext_copy in mptcp_established_options_dss() 2 (2) 2026/05/04 09:37
[syzbot] [mptcp?] KMSAN: uninit-value in mptcp_established_options 0 (4) 2026/05/03 23:20
Similar bugs (1)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KASAN: use-after-free Read in mptcp_established_options mptcp 19 10 1905d 1905d 0/29 closed as dup on 2021/02/17 18:39
Last patch testing requests (5)
Created Duration User Patch Repo Result
2026/05/04 17:31 36m pabeni@redhat.com patch upstream report log
2026/05/04 16:22 7m pabeni@redhat.com patch upstream error
2026/05/04 10:00 35m matttbe@kernel.org patch upstream report log
2026/05/03 23:20 33m kartikey406@gmail.com patch upstream report log
2026/05/03 14:53 40m kartikey406@gmail.com patch upstream report log

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in mptcp_write_data_fin net/mptcp/options.c:542 [inline]
BUG: KMSAN: uninit-value in mptcp_established_options_dss net/mptcp/options.c:590 [inline]
BUG: KMSAN: uninit-value in mptcp_established_options+0x112f/0x3530 net/mptcp/options.c:874
 mptcp_write_data_fin net/mptcp/options.c:542 [inline]
 mptcp_established_options_dss net/mptcp/options.c:590 [inline]
 mptcp_established_options+0x112f/0x3530 net/mptcp/options.c:874
 tcp_established_options+0x312/0xcc0 net/ipv4/tcp_output.c:1192
 __tcp_transmit_skb+0x5dc/0x5fe0 net/ipv4/tcp_output.c:1575
 __tcp_send_ack+0x967/0xad0 net/ipv4/tcp_output.c:4499
 tcp_send_ack+0x3d/0x60 net/ipv4/tcp_output.c:4505
 mptcp_subflow_shutdown+0x164/0x690 net/mptcp/protocol.c:3137
 mptcp_check_send_data_fin+0x31b/0x3d0 net/mptcp/protocol.c:3218
 __mptcp_wr_shutdown net/mptcp/protocol.c:3234 [inline]
 __mptcp_close+0x860/0x1360 net/mptcp/protocol.c:3313
 mptcp_close+0x42/0x260 net/mptcp/protocol.c:3367
 inet_release+0x1ee/0x2a0 net/ipv4/af_inet.c:442
 __sock_release net/socket.c:722 [inline]
 sock_close+0xd6/0x2f0 net/socket.c:1514
 __fput+0x60e/0x1010 fs/file_table.c:510
 ____fput+0x25/0x30 fs/file_table.c:538
 task_work_run+0x208/0x2b0 kernel/task_work.c:233
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 __exit_to_user_mode_loop kernel/entry/common.c:67 [inline]
 exit_to_user_mode_loop+0x306/0x1b60 kernel/entry/common.c:98
 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:207 [inline]
 syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:238 [inline]
 syscall_exit_to_user_mode include/linux/entry-common.h:318 [inline]
 do_syscall_64+0x236/0xf80 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Local variable opts created at:
 __tcp_transmit_skb+0x4d/0x5fe0 net/ipv4/tcp_output.c:1536
 __tcp_send_ack+0x967/0xad0 net/ipv4/tcp_output.c:4499

CPU: 1 UID: 0 PID: 5871 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
=====================================================

Crashes (796):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/05/03 16:50 upstream 66edb901bf87 a0d91488 .config console log report syz / log [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in mptcp_established_options
2026/05/03 16:49 upstream 66edb901bf87 a0d91488 .config console log report syz / log [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in mptcp_established_options
2026/05/03 15:30 upstream 66edb901bf87 a0d91488 .config console log report syz / log [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in mptcp_established_options
2026/05/03 14:33 upstream 66edb901bf87 a0d91488 .config console log report syz / log [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in mptcp_established_options
2026/05/03 14:14 upstream 66edb901bf87 a0d91488 .config console log report syz / log [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in mptcp_established_options
2026/05/03 13:20 upstream 66edb901bf87 a0d91488 .config console log report syz / log [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in mptcp_established_options
2026/05/03 13:00 upstream 66edb901bf87 a0d91488 .config console log report syz / log [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in mptcp_established_options
2026/05/07 23:41 upstream 19cbc75c56c0 e358bca5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in mptcp_established_options
2026/05/07 16:06 upstream 5862221fdded f250db59 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in mptcp_established_options
2026/05/07 15:08 upstream 5862221fdded f250db59 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in mptcp_established_options
2026/05/07 14:04 upstream 5862221fdded f250db59 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in mptcp_established_options
2026/05/07 13:49 upstream 5862221fdded f250db59 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in mptcp_established_options
2026/05/07 11:36 upstream 5862221fdded f250db59 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in mptcp_established_options
2026/05/07 02:57 upstream 74fe02ce122a cbcd9ea0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in mptcp_established_options
2026/05/07 01:50 upstream 74fe02ce122a cbcd9ea0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in mptcp_established_options
2026/05/07 00:31 upstream 74fe02ce122a cbcd9ea0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in mptcp_established_options
2026/05/07 00:11 upstream 74fe02ce122a cbcd9ea0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in mptcp_established_options
2026/05/06 21:59 upstream 74fe02ce122a cbcd9ea0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in mptcp_established_options
2026/05/06 12:50 upstream 9207d47f966b 26da2c66 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in mptcp_established_options
2026/05/06 12:13 upstream 9207d47f966b 26da2c66 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in mptcp_established_options
2026/05/06 09:52 upstream 9207d47f966b 26da2c66 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in mptcp_established_options
2026/05/06 08:37 upstream 9207d47f966b 26da2c66 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in mptcp_established_options
2026/05/06 08:02 upstream 9207d47f966b 26da2c66 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in mptcp_established_options
2026/05/05 22:58 upstream a293ec25d59d 06e69a27 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in mptcp_established_options
2026/05/05 21:42 upstream a293ec25d59d 06e69a27 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in mptcp_established_options
2026/05/05 19:51 upstream a293ec25d59d 06e69a27 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in mptcp_established_options
2026/05/05 10:28 upstream c7e4e4d5f7dc a898ba9c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in mptcp_established_options
2026/05/05 09:25 upstream c7e4e4d5f7dc a898ba9c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in mptcp_established_options
2026/05/05 09:09 upstream c7e4e4d5f7dc a898ba9c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in mptcp_established_options
2026/05/05 07:56 upstream c7e4e4d5f7dc a898ba9c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in mptcp_established_options
2026/05/04 21:58 upstream 6d35786de281 85f1bcf2 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in mptcp_established_options
2026/05/04 21:31 upstream 6d35786de281 85f1bcf2 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in mptcp_established_options
2026/05/04 18:41 upstream 6d35786de281 85f1bcf2 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in mptcp_established_options
2026/05/04 04:28 upstream f377d0025eb0 a0d91488 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in mptcp_established_options
2026/05/04 03:10 upstream f377d0025eb0 a0d91488 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in mptcp_established_options
2026/05/04 02:49 upstream f377d0025eb0 a0d91488 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in mptcp_established_options
2026/05/04 01:49 upstream f377d0025eb0 a0d91488 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in mptcp_established_options
2026/05/03 23:49 upstream f377d0025eb0 a0d91488 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in mptcp_established_options
2026/05/07 03:25 upstream adc1e5c6203c cbcd9ea0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in mptcp_established_options
2026/05/07 01:34 upstream adc1e5c6203c cbcd9ea0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in mptcp_established_options
2026/05/06 10:45 upstream 9207d47f966b 26da2c66 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in mptcp_established_options
2026/05/05 22:44 upstream a293ec25d59d 06e69a27 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in mptcp_established_options
2026/05/05 20:35 upstream a293ec25d59d 06e69a27 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in mptcp_established_options
2026/05/05 07:58 upstream c7e4e4d5f7dc a898ba9c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in mptcp_established_options
2026/05/05 06:55 upstream c7e4e4d5f7dc a898ba9c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in mptcp_established_options
2026/05/04 08:20 upstream f377d0025eb0 a0d91488 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in mptcp_established_options
2026/05/04 08:20 upstream f377d0025eb0 a0d91488 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in mptcp_established_options
2026/05/04 07:17 upstream f377d0025eb0 a0d91488 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in mptcp_established_options
2026/05/04 05:14 upstream f377d0025eb0 a0d91488 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in mptcp_established_options
2026/05/04 00:59 upstream f377d0025eb0 a0d91488 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in mptcp_established_options
2026/05/03 18:19 upstream 66edb901bf87 a0d91488 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in mptcp_established_options
2026/05/01 06:12 upstream 08d0d3466664 753c55b9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in mptcp_established_options
2026/05/01 00:03 upstream 08d0d3466664 753c55b9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in mptcp_established_options
* Struck through repros no longer work on HEAD.