KMSAN: uninit-value in sctp_inq

KMSAN: uninit-value in sctp_inq_pop (2)
Status: upstream: reported C repro on 2022/01/08 08:00
Reported-by: syzbot+70a42f45e76bede082be@syzkaller.appspotmail.com
First crash: 66d, last: 4h51m

similar bugs (1):
Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
upstream	KMSAN: uninit-value in sctp_inq_pop				3	212d	252d	0/22	auto-closed as invalid on 2021/10/24 08:36

Sample crash report:

netlink: 244 bytes leftover after parsing attributes in process `syz-executor678'.
=====================================================
BUG: KMSAN: uninit-value in sctp_inq_pop+0x15c8/0x18f0 net/sctp/inqueue.c:205
 sctp_inq_pop+0x15c8/0x18f0 net/sctp/inqueue.c:205
 sctp_assoc_bh_rcv+0x1fa/0xdd0 net/sctp/associola.c:1000
 sctp_inq_push+0x31c/0x440 net/sctp/inqueue.c:80
 sctp_backlog_rcv+0x30f/0x10b0 net/sctp/input.c:344
 sk_backlog_rcv include/net/sock.h:1030 [inline]
 __release_sock+0x256/0x640 net/core/sock.c:2768
 release_sock+0x98/0x2e0 net/core/sock.c:3300
 sctp_wait_for_connect+0x52a/0x9e0 net/sctp/socket.c:9306
 sctp_sendmsg_to_asoc+0x1c47/0x1f90 net/sctp/socket.c:1881
 sctp_sendmsg+0x3eaa/0x5460 net/sctp/socket.c:2027
 inet_sendmsg+0x15b/0x1d0 net/ipv4/af_inet.c:819
 sock_sendmsg_nosec net/socket.c:704 [inline]
 sock_sendmsg net/socket.c:724 [inline]
 __sys_sendto+0x9ef/0xc70 net/socket.c:2036
 __do_sys_sendto net/socket.c:2048 [inline]
 __se_sys_sendto net/socket.c:2044 [inline]
 __x64_sys_sendto+0x19c/0x210 net/socket.c:2044
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x44/0xae

Uninit was stored to memory at:
 sctp_inq_pop+0x155c/0x18f0 net/sctp/inqueue.c:201
 sctp_assoc_bh_rcv+0x1fa/0xdd0 net/sctp/associola.c:1000
 sctp_inq_push+0x31c/0x440 net/sctp/inqueue.c:80
 sctp_backlog_rcv+0x30f/0x10b0 net/sctp/input.c:344
 sk_backlog_rcv include/net/sock.h:1030 [inline]
 __release_sock+0x256/0x640 net/core/sock.c:2768
 release_sock+0x98/0x2e0 net/core/sock.c:3300
 sctp_wait_for_connect+0x52a/0x9e0 net/sctp/socket.c:9306
 sctp_sendmsg_to_asoc+0x1c47/0x1f90 net/sctp/socket.c:1881
 sctp_sendmsg+0x3eaa/0x5460 net/sctp/socket.c:2027
 inet_sendmsg+0x15b/0x1d0 net/ipv4/af_inet.c:819
 sock_sendmsg_nosec net/socket.c:704 [inline]
 sock_sendmsg net/socket.c:724 [inline]
 __sys_sendto+0x9ef/0xc70 net/socket.c:2036
 __do_sys_sendto net/socket.c:2048 [inline]
 __se_sys_sendto net/socket.c:2044 [inline]
 __x64_sys_sendto+0x19c/0x210 net/socket.c:2044
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x44/0xae

Uninit was created at:
 slab_post_alloc_hook mm/slab.h:524 [inline]
 slab_alloc_node mm/slub.c:3251 [inline]
 __kmalloc_node_track_caller+0xe0c/0x1510 mm/slub.c:4974
 kmalloc_reserve net/core/skbuff.c:354 [inline]
 __alloc_skb+0x545/0xf90 net/core/skbuff.c:426
 alloc_skb include/linux/skbuff.h:1126 [inline]
 sctp_packet_pack net/sctp/output.c:471 [inline]
 sctp_packet_transmit+0x194c/0x45a0 net/sctp/output.c:620
 sctp_outq_flush_transports net/sctp/outqueue.c:1163 [inline]
 sctp_outq_flush+0x17d9/0x5eb0 net/sctp/outqueue.c:1211
 sctp_outq_uncork+0x105/0x120 net/sctp/outqueue.c:758
 sctp_side_effects net/sctp/sm_sideeffect.c:1195 [inline]
 sctp_do_sm+0x946f/0x9b50 net/sctp/sm_sideeffect.c:1166
 sctp_assoc_bh_rcv+0xa15/0xdd0 net/sctp/associola.c:1054
 sctp_inq_push+0x31c/0x440 net/sctp/inqueue.c:80
 sctp_backlog_rcv+0x30f/0x10b0 net/sctp/input.c:344
 sk_backlog_rcv include/net/sock.h:1030 [inline]
 __release_sock+0x256/0x640 net/core/sock.c:2768
 release_sock+0x98/0x2e0 net/core/sock.c:3300
 sctp_wait_for_connect+0x52a/0x9e0 net/sctp/socket.c:9306
 sctp_sendmsg_to_asoc+0x1c47/0x1f90 net/sctp/socket.c:1881
 sctp_sendmsg+0x3eaa/0x5460 net/sctp/socket.c:2027
 inet_sendmsg+0x15b/0x1d0 net/ipv4/af_inet.c:819
 sock_sendmsg_nosec net/socket.c:704 [inline]
 sock_sendmsg net/socket.c:724 [inline]
 __sys_sendto+0x9ef/0xc70 net/socket.c:2036
 __do_sys_sendto net/socket.c:2048 [inline]
 __se_sys_sendto net/socket.c:2044 [inline]
 __x64_sys_sendto+0x19c/0x210 net/socket.c:2044
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x44/0xae

CPU: 0 PID: 3479 Comm: syz-executor678 Not tainted 5.16.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
=====================================================

Crashes (30):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Title
ci-upstream-kmsan-gce	2022/01/04 02:03	https://github.com/google/kmsan.git master	81c325bbf94e	4a3f34f2	.config	log	report	syz	C		KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce	2022/01/24 22:21	https://github.com/google/kmsan.git master	85cfd6e539bd	2cbffd88	.config	log	report			info	KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce	2022/01/24 19:02	https://github.com/google/kmsan.git master	85cfd6e539bd	2cbffd88	.config	log	report			info	KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce	2022/01/23 23:48	https://github.com/google/kmsan.git master	85cfd6e539bd	214351e1	.config	log	report			info	KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce	2022/01/23 15:13	https://github.com/google/kmsan.git master	85cfd6e539bd	214351e1	.config	log	report			info	KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce	2022/01/23 11:00	https://github.com/google/kmsan.git master	85cfd6e539bd	214351e1	.config	log	report			info	KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce	2022/01/23 06:56	https://github.com/google/kmsan.git master	85cfd6e539bd	214351e1	.config	log	report			info	KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce	2022/01/23 06:09	https://github.com/google/kmsan.git master	85cfd6e539bd	214351e1	.config	log	report			info	KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce	2022/01/22 15:13	https://github.com/google/kmsan.git master	85cfd6e539bd	214351e1	.config	log	report			info	KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce	2022/01/22 14:34	https://github.com/google/kmsan.git master	85cfd6e539bd	214351e1	.config	log	report			info	KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce	2022/01/21 20:02	https://github.com/google/kmsan.git master	85cfd6e539bd	214351e1	.config	log	report			info	KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce	2022/01/21 16:20	https://github.com/google/kmsan.git master	85cfd6e539bd	214351e1	.config	log	report			info	KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce	2022/01/21 16:16	https://github.com/google/kmsan.git master	85cfd6e539bd	214351e1	.config	log	report			info	KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce	2022/01/21 16:03	https://github.com/google/kmsan.git master	85cfd6e539bd	214351e1	.config	log	report			info	KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce	2022/01/20 14:42	https://github.com/google/kmsan.git master	85cfd6e539bd	b838eb76	.config	log	report			info	KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce	2022/01/16 19:46	https://github.com/google/kmsan.git master	fa3879a274df	723cfaf0	.config	log	report			info	KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce	2022/01/09 14:48	https://github.com/google/kmsan.git master	81c325bbf94e	2ca0d385	.config	log	report			info	KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce	2022/01/09 03:03	https://github.com/google/kmsan.git master	81c325bbf94e	2ca0d385	.config	log	report			info	KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce	2022/01/08 23:49	https://github.com/google/kmsan.git master	81c325bbf94e	2ca0d385	.config	log	report			info	KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce	2022/01/08 08:29	https://github.com/google/kmsan.git master	81c325bbf94e	2ca0d385	.config	log	report			info	KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce	2022/01/07 15:49	https://github.com/google/kmsan.git master	81c325bbf94e	2ca0d385	.config	log	report			info	KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce	2022/01/07 07:08	https://github.com/google/kmsan.git master	81c325bbf94e	6acc789a	.config	log	report			info	KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce	2022/01/03 22:19	https://github.com/google/kmsan.git master	81c325bbf94e	4a3f34f2	.config	log	report			info	KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce-386	2022/01/24 18:55	https://github.com/google/kmsan.git master	85cfd6e539bd	2cbffd88	.config	log	report			info	KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce-386	2022/01/22 00:45	https://github.com/google/kmsan.git master	85cfd6e539bd	214351e1	.config	log	report			info	KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce-386	2022/01/20 19:23	https://github.com/google/kmsan.git master	85cfd6e539bd	b838eb76	.config	log	report			info	KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce-386	2022/01/14 20:25	https://github.com/google/kmsan.git master	fa3879a274df	53e00b45	.config	log	report			info	KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce-386	2021/12/03 12:30	https://github.com/google/kmsan.git master	093998ececa3	c7c20675	.config	log	report			info	KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce-386	2021/11/26 04:17	https://github.com/google/kmsan.git master	a535b0caaa2f	63eeac02	.config	log	report			info	KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce-386	2021/11/19 07:31	https://github.com/google/kmsan.git master	412af9cd936d	31a30fc0	.config	log	report			info	KMSAN: uninit-value in sctp_inq_pop