syzbot

 sign-in | mailing list | source | docs
🐞 Open [1135] 🐞 Fixed [4220] 🐞 Invalid [9375] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

KMSAN: uninit-value in sctp_inq_pop (2)

Status: upstream: reported C repro on 2022/01/08 08:00
Reported-by: syzbot+70a42f45e76bede082be@syzkaller.appspotmail.com
First crash: 385d, last: 9h40m
similar bugs (3):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in sctp_inq_pop 3 531d 571d 0/24 auto-closed as invalid on 2021/10/24 08:36
upstream KMSAN: uninit-value in nf_nat_setup_info (2) C 764 256d 336d 0/24 auto-obsoleted due to no activity on 2022/09/28 07:28
upstream KMSAN: kernel-infoleak in move_addr_to_user (6) C 4 316d 354d 22/24 fixed on 2022/03/08 16:11
Patch testing requests:
Created Duration User Patch Repo Result
2022/05/11 02:41 20m k.kahurani@gmail.com patch https://github.com/google/kmsan.git master OK
2022/05/08 15:20 12m (78) k.kahurani@gmail.com patch https://github.com/google/kmsan.git master report log

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in sctp_inq_pop+0x159f/0x1910 net/sctp/inqueue.c:205
 sctp_inq_pop+0x159f/0x1910 net/sctp/inqueue.c:205
 sctp_assoc_bh_rcv+0x1a3/0xc40 net/sctp/associola.c:999
 sctp_inq_push+0x238/0x2b0 net/sctp/inqueue.c:80
 sctp_backlog_rcv+0x3f1/0xe40 net/sctp/input.c:346
 sk_backlog_rcv include/net/sock.h:1047 [inline]
 __release_sock+0x1ff/0x560 net/core/sock.c:2849
 release_sock+0x67/0x1d0 net/core/sock.c:3404
 sctp_wait_for_connect+0x4a0/0x860 net/sctp/socket.c:9314
 sctp_sendmsg_to_asoc+0x179c/0x19e0 net/sctp/socket.c:1881
 sctp_sendmsg+0x3836/0x4ce0 net/sctp/socket.c:2027
 inet_sendmsg+0x101/0x180 net/ipv4/af_inet.c:819
 sock_sendmsg_nosec net/socket.c:714 [inline]
 sock_sendmsg net/socket.c:734 [inline]
 __sys_sendto+0x7ea/0xa60 net/socket.c:2119
 __do_sys_sendto net/socket.c:2131 [inline]
 __se_sys_sendto net/socket.c:2127 [inline]
 __x64_sys_sendto+0x121/0x1c0 net/socket.c:2127
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Uninit was stored to memory at:
 sctp_inq_pop+0x1522/0x1910 net/sctp/inqueue.c:201
 sctp_assoc_bh_rcv+0x1a3/0xc40 net/sctp/associola.c:999
 sctp_inq_push+0x238/0x2b0 net/sctp/inqueue.c:80
 sctp_backlog_rcv+0x3f1/0xe40 net/sctp/input.c:346
 sk_backlog_rcv include/net/sock.h:1047 [inline]
 __release_sock+0x1ff/0x560 net/core/sock.c:2849
 release_sock+0x67/0x1d0 net/core/sock.c:3404
 sctp_wait_for_connect+0x4a0/0x860 net/sctp/socket.c:9314
 sctp_sendmsg_to_asoc+0x179c/0x19e0 net/sctp/socket.c:1881
 sctp_sendmsg+0x3836/0x4ce0 net/sctp/socket.c:2027
 inet_sendmsg+0x101/0x180 net/ipv4/af_inet.c:819
 sock_sendmsg_nosec net/socket.c:714 [inline]
 sock_sendmsg net/socket.c:734 [inline]
 __sys_sendto+0x7ea/0xa60 net/socket.c:2119
 __do_sys_sendto net/socket.c:2131 [inline]
 __se_sys_sendto net/socket.c:2127 [inline]
 __x64_sys_sendto+0x121/0x1c0 net/socket.c:2127
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Uninit was created at:
 slab_post_alloc_hook mm/slab.h:755 [inline]
 slab_alloc_node mm/slub.c:3258 [inline]
 __kmalloc_node_track_caller+0x86c/0x1230 mm/slub.c:4994
 kmalloc_reserve net/core/skbuff.c:354 [inline]
 __alloc_skb+0x34a/0xd70 net/core/skbuff.c:426
 alloc_skb include/linux/skbuff.h:1426 [inline]
 sctp_packet_pack net/sctp/output.c:472 [inline]
 sctp_packet_transmit+0x16e4/0x4080 net/sctp/output.c:621
 sctp_outq_flush_transports net/sctp/outqueue.c:1170 [inline]
 sctp_outq_flush+0x19a1/0x6090 net/sctp/outqueue.c:1218
 sctp_outq_uncork+0x96/0xb0 net/sctp/outqueue.c:761
 sctp_side_effects net/sctp/sm_sideeffect.c:1199 [inline]
 sctp_do_sm+0x9503/0x9b90 net/sctp/sm_sideeffect.c:1170
 sctp_assoc_bh_rcv+0x8f8/0xc40 net/sctp/associola.c:1053
 sctp_inq_push+0x238/0x2b0 net/sctp/inqueue.c:80
 sctp_backlog_rcv+0x3f1/0xe40 net/sctp/input.c:346
 sk_backlog_rcv include/net/sock.h:1047 [inline]
 __release_sock+0x1ff/0x560 net/core/sock.c:2849
 release_sock+0x67/0x1d0 net/core/sock.c:3404
 sctp_wait_for_connect+0x4a0/0x860 net/sctp/socket.c:9314
 sctp_sendmsg_to_asoc+0x179c/0x19e0 net/sctp/socket.c:1881
 sctp_sendmsg+0x3836/0x4ce0 net/sctp/socket.c:2027
 inet_sendmsg+0x101/0x180 net/ipv4/af_inet.c:819
 sock_sendmsg_nosec net/socket.c:714 [inline]
 sock_sendmsg net/socket.c:734 [inline]
 __sys_sendto+0x7ea/0xa60 net/socket.c:2119
 __do_sys_sendto net/socket.c:2131 [inline]
 __se_sys_sendto net/socket.c:2127 [inline]
 __x64_sys_sendto+0x121/0x1c0 net/socket.c:2127
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

CPU: 0 PID: 3488 Comm: syz-executor140 Not tainted 5.19.0-syzkaller-32655-g1b070a5d1a2c #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
=====================================================

Crashes (709):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kmsan-gce 2022/08/22 05:50 https://github.com/google/kmsan.git master 1b070a5d1a2c 26a13b38 .config log report syz C KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/05/13 22:16 https://github.com/google/kmsan.git master d6e2c8c7eb40 107f6434 .config log report syz C KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/01/04 02:03 https://github.com/google/kmsan.git master 81c325bbf94e 4a3f34f2 .config log report syz C KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/12/06 18:02 https://github.com/google/kmsan.git master 30d2727189c5 d88f3abb .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/12/06 15:48 https://github.com/google/kmsan.git master 30d2727189c5 d88f3abb .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/11/29 01:40 https://github.com/google/kmsan.git master 49a9a20768f5 ca9683b8 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/11/28 12:06 https://github.com/google/kmsan.git master 49a9a20768f5 247de55b .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/11/23 10:32 https://github.com/google/kmsan.git master ddce02aa9c40 75740b3f .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/11/22 12:11 https://github.com/google/kmsan.git master ddce02aa9c40 1c576c23 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/11/22 10:17 https://github.com/google/kmsan.git master ddce02aa9c40 1c576c23 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/11/10 05:46 https://github.com/google/kmsan.git master b1376a14297d b2488a87 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/11/03 08:53 https://github.com/google/kmsan.git master 00b2db371a9e 7a2ebf95 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/11/03 06:49 https://github.com/google/kmsan.git master 00b2db371a9e 08977f5d .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/11/02 22:57 https://github.com/google/kmsan.git master f2d7b53c0153 08977f5d .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/10/25 08:31 https://github.com/google/kmsan.git master 4a3e741a3d6a 45645420 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/10/25 06:27 https://github.com/google/kmsan.git master 4a3e741a3d6a 45645420 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/10/25 02:34 https://github.com/google/kmsan.git master 968c2729e576 ff2fe65d .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/10/23 23:59 https://github.com/google/kmsan.git master 968c2729e576 23bf86af .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/10/19 20:35 https://github.com/google/kmsan.git master 968c2729e576 b31320fc .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/10/13 02:52 https://github.com/google/kmsan.git master 968c2729e576 89b5a509 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/10/04 15:06 https://github.com/google/kmsan.git master 968c2729e576 eab8f949 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/10/04 11:07 https://github.com/google/kmsan.git master 968c2729e576 77d3f689 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/10/04 07:07 https://github.com/google/kmsan.git master 968c2729e576 feb56351 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/10/04 02:30 https://github.com/google/kmsan.git master 968c2729e576 feb56351 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/10/03 20:21 https://github.com/google/kmsan.git master 968c2729e576 feb56351 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/10/03 17:30 https://github.com/google/kmsan.git master 968c2729e576 feb56351 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/10/03 15:11 https://github.com/google/kmsan.git master 968c2729e576 feb56351 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/10/02 23:44 https://github.com/google/kmsan.git master 968c2729e576 feb56351 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/10/02 11:15 https://github.com/google/kmsan.git master 968c2729e576 feb56351 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/10/02 00:34 https://github.com/google/kmsan.git master 968c2729e576 feb56351 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/09/30 21:09 https://github.com/google/kmsan.git master 968c2729e576 feb56351 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce-386 2022/12/09 17:09 https://github.com/google/kmsan.git master 30d2727189c5 67be1ae7 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce-386 2022/12/06 11:56 https://github.com/google/kmsan.git master 30d2727189c5 045cbb84 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce-386 2022/11/29 02:52 https://github.com/google/kmsan.git master 49a9a20768f5 ca9683b8 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce-386 2022/11/25 08:45 https://github.com/google/kmsan.git master a472f15b3d1e 74a66371 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce-386 2022/11/22 20:09 https://github.com/google/kmsan.git master ddce02aa9c40 9da37ae8 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce-386 2022/11/17 19:11 https://github.com/google/kmsan.git master cb231e2f67ec 4ba8ab94 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce-386 2022/11/10 16:21 https://github.com/google/kmsan.git master 9b1ac640862d 3ead01ad .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce-386 2022/11/08 20:50 https://github.com/google/kmsan.git master b1376a14297d 060f945e .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce-386 2022/11/05 05:24 https://github.com/google/kmsan.git master 53d6b047b069 6d752409 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce-386 2022/11/03 11:52 https://github.com/google/kmsan.git master 00b2db371a9e 7a2ebf95 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce-386 2022/11/01 19:57 https://github.com/google/kmsan.git master be8b0d020631 edac4fd1 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce-386 2022/11/01 17:15 https://github.com/google/kmsan.git master be8b0d020631 edac4fd1 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce-386 2022/10/30 03:25 https://github.com/google/kmsan.git master be8b0d020631 2a71366b .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce-386 2022/10/26 02:35 https://github.com/google/kmsan.git master da7a7c9082c9 1984aebd .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce-386 2022/10/25 16:36 https://github.com/google/kmsan.git master 4a3e741a3d6a 45645420 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce-386 2022/10/25 11:09 https://github.com/google/kmsan.git master 4a3e741a3d6a 45645420 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce-386 2022/10/22 07:24 https://github.com/google/kmsan.git master 968c2729e576 c0b80a55 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce-386 2022/10/15 00:50 https://github.com/google/kmsan.git master 968c2729e576 67cb024c .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce-386 2022/10/14 06:41 https://github.com/google/kmsan.git master 968c2729e576 4954e4b2 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce-386 2022/10/12 07:12 https://github.com/google/kmsan.git master 968c2729e576 16a9c9e0 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce-386 2022/10/07 04:32 https://github.com/google/kmsan.git master 968c2729e576 8a212197 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce-386 2021/11/19 07:31 https://github.com/google/kmsan.git master 412af9cd936d 31a30fc0 .config log report info KMSAN: uninit-value in sctp_inq_pop
* Struck through repros no longer work on HEAD.