syzbot

 sign-in | mailing list | source | docs
🐞 Open [975] 🐞 Fixed [3869] 🐞 Invalid [8348] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

KMSAN: uninit-value in sctp_inq_pop (2)

Status: upstream: reported C repro on 2022/01/08 08:00
Reported-by: syzbot+70a42f45e76bede082be@syzkaller.appspotmail.com
First crash: 222d, last: 14h03m
similar bugs (3):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in sctp_inq_pop 3 368d 408d 0/22 auto-closed as invalid on 2021/10/24 08:36
upstream KMSAN: uninit-value in nf_nat_setup_info (2) C 764 93d 173d 0/22 upstream: reported C repro on 2022/01/07 16:51
upstream KMSAN: kernel-infoleak in move_addr_to_user (6) C 4 153d 191d 22/22 fixed on 2022/03/08 16:11
Patch testing requests:
Created Duration User Patch Repo Result
2022/05/11 02:41 20m k.kahurani@gmail.com patch https://github.com/google/kmsan.git master OK
2022/05/08 15:20 12m (78) k.kahurani@gmail.com patch https://github.com/google/kmsan.git master report log

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in sctp_inq_pop+0x15c8/0x18f0 net/sctp/inqueue.c:205
 sctp_inq_pop+0x15c8/0x18f0 net/sctp/inqueue.c:205
 sctp_assoc_bh_rcv+0x201/0xdd0 net/sctp/associola.c:1000
 sctp_inq_push+0x31c/0x440 net/sctp/inqueue.c:80
 sctp_backlog_rcv+0x38e/0x10c0 net/sctp/input.c:344
 sk_backlog_rcv include/net/sock.h:1051 [inline]
 __release_sock+0x256/0x640 net/core/sock.c:2794
 release_sock+0x98/0x2e0 net/core/sock.c:3327
 sctp_wait_for_connect+0x52a/0x9e0 net/sctp/socket.c:9316
 sctp_sendmsg_to_asoc+0x1c32/0x1f50 net/sctp/socket.c:1881
 sctp_sendmsg+0x3eac/0x5460 net/sctp/socket.c:2027
 inet_sendmsg+0x15b/0x1d0 net/ipv4/af_inet.c:819
 sock_sendmsg_nosec net/socket.c:705 [inline]
 sock_sendmsg net/socket.c:725 [inline]
 __sys_sendto+0x9ef/0xc70 net/socket.c:2040
 __do_sys_sendto net/socket.c:2052 [inline]
 __se_sys_sendto net/socket.c:2048 [inline]
 __x64_sys_sendto+0x19c/0x210 net/socket.c:2048
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x51/0xa0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x44/0xae

Uninit was stored to memory at:
 sctp_inq_pop+0x155c/0x18f0 net/sctp/inqueue.c:201
 sctp_assoc_bh_rcv+0x201/0xdd0 net/sctp/associola.c:1000
 sctp_inq_push+0x31c/0x440 net/sctp/inqueue.c:80
 sctp_backlog_rcv+0x38e/0x10c0 net/sctp/input.c:344
 sk_backlog_rcv include/net/sock.h:1051 [inline]
 __release_sock+0x256/0x640 net/core/sock.c:2794
 release_sock+0x98/0x2e0 net/core/sock.c:3327
 sctp_wait_for_connect+0x52a/0x9e0 net/sctp/socket.c:9316
 sctp_sendmsg_to_asoc+0x1c32/0x1f50 net/sctp/socket.c:1881
 sctp_sendmsg+0x3eac/0x5460 net/sctp/socket.c:2027
 inet_sendmsg+0x15b/0x1d0 net/ipv4/af_inet.c:819
 sock_sendmsg_nosec net/socket.c:705 [inline]
 sock_sendmsg net/socket.c:725 [inline]
 __sys_sendto+0x9ef/0xc70 net/socket.c:2040
 __do_sys_sendto net/socket.c:2052 [inline]
 __se_sys_sendto net/socket.c:2048 [inline]
 __x64_sys_sendto+0x19c/0x210 net/socket.c:2048
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x51/0xa0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x44/0xae

Uninit was created at:
 slab_post_alloc_hook mm/slab.h:754 [inline]
 slab_alloc_node mm/slub.c:3231 [inline]
 __kmalloc_node_track_caller+0xde3/0x14f0 mm/slub.c:4962
 kmalloc_reserve net/core/skbuff.c:354 [inline]
 __alloc_skb+0x545/0xf90 net/core/skbuff.c:426
 alloc_skb include/linux/skbuff.h:1300 [inline]
 sctp_packet_pack net/sctp/output.c:471 [inline]
 sctp_packet_transmit+0x1956/0x45b0 net/sctp/output.c:620
 sctp_outq_flush_transports net/sctp/outqueue.c:1170 [inline]
 sctp_outq_flush+0x1a36/0x6030 net/sctp/outqueue.c:1218
 sctp_outq_uncork+0x105/0x120 net/sctp/outqueue.c:761
 sctp_side_effects net/sctp/sm_sideeffect.c:1195 [inline]
 sctp_do_sm+0x946f/0x9b50 net/sctp/sm_sideeffect.c:1166
 sctp_assoc_bh_rcv+0xa13/0xdd0 net/sctp/associola.c:1054
 sctp_inq_push+0x31c/0x440 net/sctp/inqueue.c:80
 sctp_backlog_rcv+0x38e/0x10c0 net/sctp/input.c:344
 sk_backlog_rcv include/net/sock.h:1051 [inline]
 __release_sock+0x256/0x640 net/core/sock.c:2794
 release_sock+0x98/0x2e0 net/core/sock.c:3327
 sctp_wait_for_connect+0x52a/0x9e0 net/sctp/socket.c:9316
 sctp_sendmsg_to_asoc+0x1c32/0x1f50 net/sctp/socket.c:1881
 sctp_sendmsg+0x3eac/0x5460 net/sctp/socket.c:2027
 inet_sendmsg+0x15b/0x1d0 net/ipv4/af_inet.c:819
 sock_sendmsg_nosec net/socket.c:705 [inline]
 sock_sendmsg net/socket.c:725 [inline]
 __sys_sendto+0x9ef/0xc70 net/socket.c:2040
 __do_sys_sendto net/socket.c:2052 [inline]
 __se_sys_sendto net/socket.c:2048 [inline]
 __x64_sys_sendto+0x19c/0x210 net/socket.c:2048
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x51/0xa0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x44/0xae

CPU: 0 PID: 3476 Comm: syz-executor106 Not tainted 5.18.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
=====================================================

Crashes (543):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kmsan-gce 2022/05/13 22:16 https://github.com/google/kmsan.git master d6e2c8c7eb40 107f6434 .config log report syz C KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/01/04 02:03 https://github.com/google/kmsan.git master 81c325bbf94e 4a3f34f2 .config log report syz C KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/06/29 14:47 https://github.com/google/kmsan.git master ec1cbf8b060e 1434eec0 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/06/29 10:15 https://github.com/google/kmsan.git master ec1cbf8b060e 496a8536 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/06/28 23:21 https://github.com/google/kmsan.git master ec1cbf8b060e 496a8536 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/06/28 07:52 https://github.com/google/kmsan.git master 4b28366af7d9 ef82eb2c .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/06/27 18:50 https://github.com/google/kmsan.git master 4b28366af7d9 ef82eb2c .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/06/27 01:44 https://github.com/google/kmsan.git master 4b28366af7d9 a371c43c .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/06/26 19:05 https://github.com/google/kmsan.git master 4b28366af7d9 a371c43c .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/06/26 14:49 https://github.com/google/kmsan.git master 4b28366af7d9 a371c43c .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/06/26 11:47 https://github.com/google/kmsan.git master 4b28366af7d9 a371c43c .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/06/26 09:01 https://github.com/google/kmsan.git master 4b28366af7d9 a371c43c .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/06/24 17:24 https://github.com/google/kmsan.git master 4b28366af7d9 a5dbd430 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/06/24 07:03 https://github.com/google/kmsan.git master 4b28366af7d9 912f5df7 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/06/23 21:16 https://github.com/google/kmsan.git master 4b28366af7d9 912f5df7 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/06/22 21:51 https://github.com/google/kmsan.git master 4b28366af7d9 912f5df7 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/06/22 11:09 https://github.com/google/kmsan.git master 4b28366af7d9 0fc5c330 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/06/20 04:06 https://github.com/google/kmsan.git master 74df87f93710 8f633d84 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/06/19 14:47 https://github.com/google/kmsan.git master 74df87f93710 8f633d84 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/06/19 12:55 https://github.com/google/kmsan.git master fb61e40b30d1 8f633d84 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/06/18 16:36 https://github.com/google/kmsan.git master 365ac3bfacfb 8f633d84 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/06/18 05:59 https://github.com/google/kmsan.git master 365ac3bfacfb 8f633d84 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/06/17 05:43 https://github.com/google/kmsan.git master 2f3064574275 1719ee24 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/06/16 16:03 https://github.com/google/kmsan.git master 2f3064574275 1719ee24 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/06/16 15:02 https://github.com/google/kmsan.git master 2f3064574275 1719ee24 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/06/16 13:43 https://github.com/google/kmsan.git master 2f3064574275 1719ee24 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/06/15 19:38 https://github.com/google/kmsan.git master 2f3064574275 1719ee24 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/06/15 07:40 https://github.com/google/kmsan.git master 2f3064574275 127d1faf .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/06/14 05:18 https://github.com/google/kmsan.git master 2f3064574275 0f087040 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/06/14 03:10 https://github.com/google/kmsan.git master 2f3064574275 0f087040 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/06/13 17:40 https://github.com/google/kmsan.git master 2f3064574275 0d5abf15 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/05/25 14:09 https://github.com/google/kmsan.git master c5c93da9af13 647c0e27 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/05/25 03:20 https://github.com/google/kmsan.git master c5c93da9af13 647c0e27 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce-386 2022/06/29 01:27 https://github.com/google/kmsan.git master ec1cbf8b060e 496a8536 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce-386 2022/06/28 16:49 https://github.com/google/kmsan.git master ec1cbf8b060e ef82eb2c .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce-386 2022/06/27 22:50 https://github.com/google/kmsan.git master d60755a5e2cb ef82eb2c .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce-386 2022/06/24 08:50 https://github.com/google/kmsan.git master 4b28366af7d9 a5dbd430 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce-386 2022/06/23 00:37 https://github.com/google/kmsan.git master 4b28366af7d9 912f5df7 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce-386 2022/06/21 11:40 https://github.com/google/kmsan.git master 7516e1b6d801 0fc5c330 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce-386 2022/06/21 11:34 https://github.com/google/kmsan.git master 7516e1b6d801 0fc5c330 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce-386 2022/06/20 18:58 https://github.com/google/kmsan.git master eb5e8c791e57 8d15e28d .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce-386 2022/06/19 02:20 https://github.com/google/kmsan.git master fb61e40b30d1 8f633d84 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce-386 2022/06/18 11:08 https://github.com/google/kmsan.git master 365ac3bfacfb 8f633d84 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce-386 2022/06/17 10:06 https://github.com/google/kmsan.git master 2f3064574275 1719ee24 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce-386 2022/06/15 22:26 https://github.com/google/kmsan.git master 2f3064574275 1719ee24 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce-386 2022/06/15 21:10 https://github.com/google/kmsan.git master 2f3064574275 1719ee24 .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce-386 2022/06/15 03:28 https://github.com/google/kmsan.git master 2f3064574275 127d1faf .config log report info KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce-386 2021/11/19 07:31 https://github.com/google/kmsan.git master 412af9cd936d 31a30fc0 .config log report info KMSAN: uninit-value in sctp_inq_pop