syzbot

 sign-in | mailing list | source | docs
🐞 Open [1162] Subsystems 🐞 Fixed [4400] 🐞 Invalid [9888] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KMSAN: uninit-value in sctp_inq_pop (2)

Status: upstream: reported C repro on 2022/01/08 08:00
Subsystems: sctp (incorrect?)
Reported-by: syzbot+70a42f45e76bede082be@syzkaller.appspotmail.com
First crash: 487d, last: 9h22m
similar bugs (3):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in sctp_inq_pop 3 633d 673d 0/24 auto-closed as invalid on 2021/10/24 08:36
upstream KMSAN: uninit-value in nf_nat_setup_info (2) C 764 358d 438d 0/24 auto-obsoleted due to no activity on 2022/09/28 07:28
upstream KMSAN: kernel-infoleak in move_addr_to_user (6) tipc C 4 418d 456d 22/24 fixed on 2022/03/08 16:11
Last patch testing requests:
Created Duration User Patch Repo Result
2022/05/11 02:41 20m k.kahurani@gmail.com patch https://github.com/google/kmsan.git master OK
2022/05/08 15:20 12m (78) k.kahurani@gmail.com patch https://github.com/google/kmsan.git master report log

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in sctp_inq_pop+0x159f/0x1910 net/sctp/inqueue.c:205
 sctp_inq_pop+0x159f/0x1910 net/sctp/inqueue.c:205
 sctp_assoc_bh_rcv+0x1a3/0xc40 net/sctp/associola.c:999
 sctp_inq_push+0x238/0x2b0 net/sctp/inqueue.c:80
 sctp_backlog_rcv+0x3f1/0xe40 net/sctp/input.c:346
 sk_backlog_rcv include/net/sock.h:1047 [inline]
 __release_sock+0x1ff/0x560 net/core/sock.c:2849
 release_sock+0x67/0x1d0 net/core/sock.c:3404
 sctp_wait_for_connect+0x4a0/0x860 net/sctp/socket.c:9314
 sctp_sendmsg_to_asoc+0x179c/0x19e0 net/sctp/socket.c:1881
 sctp_sendmsg+0x3836/0x4ce0 net/sctp/socket.c:2027
 inet_sendmsg+0x101/0x180 net/ipv4/af_inet.c:819
 sock_sendmsg_nosec net/socket.c:714 [inline]
 sock_sendmsg net/socket.c:734 [inline]
 __sys_sendto+0x7ea/0xa60 net/socket.c:2119
 __do_sys_sendto net/socket.c:2131 [inline]
 __se_sys_sendto net/socket.c:2127 [inline]
 __x64_sys_sendto+0x121/0x1c0 net/socket.c:2127
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Uninit was stored to memory at:
 sctp_inq_pop+0x1522/0x1910 net/sctp/inqueue.c:201
 sctp_assoc_bh_rcv+0x1a3/0xc40 net/sctp/associola.c:999
 sctp_inq_push+0x238/0x2b0 net/sctp/inqueue.c:80
 sctp_backlog_rcv+0x3f1/0xe40 net/sctp/input.c:346
 sk_backlog_rcv include/net/sock.h:1047 [inline]
 __release_sock+0x1ff/0x560 net/core/sock.c:2849
 release_sock+0x67/0x1d0 net/core/sock.c:3404
 sctp_wait_for_connect+0x4a0/0x860 net/sctp/socket.c:9314
 sctp_sendmsg_to_asoc+0x179c/0x19e0 net/sctp/socket.c:1881
 sctp_sendmsg+0x3836/0x4ce0 net/sctp/socket.c:2027
 inet_sendmsg+0x101/0x180 net/ipv4/af_inet.c:819
 sock_sendmsg_nosec net/socket.c:714 [inline]
 sock_sendmsg net/socket.c:734 [inline]
 __sys_sendto+0x7ea/0xa60 net/socket.c:2119
 __do_sys_sendto net/socket.c:2131 [inline]
 __se_sys_sendto net/socket.c:2127 [inline]
 __x64_sys_sendto+0x121/0x1c0 net/socket.c:2127
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Uninit was created at:
 slab_post_alloc_hook mm/slab.h:755 [inline]
 slab_alloc_node mm/slub.c:3258 [inline]
 __kmalloc_node_track_caller+0x86c/0x1230 mm/slub.c:4994
 kmalloc_reserve net/core/skbuff.c:354 [inline]
 __alloc_skb+0x34a/0xd70 net/core/skbuff.c:426
 alloc_skb include/linux/skbuff.h:1426 [inline]
 sctp_packet_pack net/sctp/output.c:472 [inline]
 sctp_packet_transmit+0x16e4/0x4080 net/sctp/output.c:621
 sctp_outq_flush_transports net/sctp/outqueue.c:1170 [inline]
 sctp_outq_flush+0x19a1/0x6090 net/sctp/outqueue.c:1218
 sctp_outq_uncork+0x96/0xb0 net/sctp/outqueue.c:761
 sctp_side_effects net/sctp/sm_sideeffect.c:1199 [inline]
 sctp_do_sm+0x9503/0x9b90 net/sctp/sm_sideeffect.c:1170
 sctp_assoc_bh_rcv+0x8f8/0xc40 net/sctp/associola.c:1053
 sctp_inq_push+0x238/0x2b0 net/sctp/inqueue.c:80
 sctp_backlog_rcv+0x3f1/0xe40 net/sctp/input.c:346
 sk_backlog_rcv include/net/sock.h:1047 [inline]
 __release_sock+0x1ff/0x560 net/core/sock.c:2849
 release_sock+0x67/0x1d0 net/core/sock.c:3404
 sctp_wait_for_connect+0x4a0/0x860 net/sctp/socket.c:9314
 sctp_sendmsg_to_asoc+0x179c/0x19e0 net/sctp/socket.c:1881
 sctp_sendmsg+0x3836/0x4ce0 net/sctp/socket.c:2027
 inet_sendmsg+0x101/0x180 net/ipv4/af_inet.c:819
 sock_sendmsg_nosec net/socket.c:714 [inline]
 sock_sendmsg net/socket.c:734 [inline]
 __sys_sendto+0x7ea/0xa60 net/socket.c:2119
 __do_sys_sendto net/socket.c:2131 [inline]
 __se_sys_sendto net/socket.c:2127 [inline]
 __x64_sys_sendto+0x121/0x1c0 net/socket.c:2127
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

CPU: 0 PID: 3488 Comm: syz-executor140 Not tainted 5.19.0-syzkaller-32655-g1b070a5d1a2c #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
=====================================================

Crashes (1105):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci-upstream-kmsan-gce 2022/08/22 05:50 https://github.com/google/kmsan.git master 1b070a5d1a2c 26a13b38 .config strace log report syz C KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/05/13 22:16 https://github.com/google/kmsan.git master d6e2c8c7eb40 107f6434 .config strace log report syz C KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2022/01/04 02:03 https://github.com/google/kmsan.git master 81c325bbf94e 4a3f34f2 .config console log report syz C KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2023/03/20 11:13 https://github.com/google/kmsan.git master 90ea0df61c98 7939252e .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2023/03/20 09:25 https://github.com/google/kmsan.git master 34add094f9de 7939252e .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2023/03/19 22:47 https://github.com/google/kmsan.git master 34add094f9de 7939252e .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2023/03/19 10:06 https://github.com/google/kmsan.git master 34add094f9de 7939252e .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2023/03/19 08:04 https://github.com/google/kmsan.git master 34add094f9de 7939252e .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2023/03/19 02:03 https://github.com/google/kmsan.git master 34add094f9de 7939252e .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2023/03/19 00:28 https://github.com/google/kmsan.git master 34add094f9de 7939252e .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2023/03/18 19:10 https://github.com/google/kmsan.git master 34add094f9de 7939252e .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2023/03/17 18:43 https://github.com/google/kmsan.git master 34add094f9de 18b58603 .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2023/03/17 16:13 https://github.com/google/kmsan.git master 34add094f9de 18b58603 .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2023/03/17 11:57 https://github.com/google/kmsan.git master 34add094f9de 18b58603 .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2023/03/17 05:07 https://github.com/google/kmsan.git master 34add094f9de 18b58603 .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2023/03/16 17:26 https://github.com/google/kmsan.git master 34add094f9de 18b58603 .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2023/03/16 10:38 https://github.com/google/kmsan.git master 34add094f9de 18b58603 .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2023/03/15 12:11 https://github.com/google/kmsan.git master 34add094f9de 18b58603 .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2023/03/15 06:51 https://github.com/google/kmsan.git master 34add094f9de 0d5c4377 .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2023/03/14 20:24 https://github.com/google/kmsan.git master 34add094f9de 0d5c4377 .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2023/03/14 17:04 https://github.com/google/kmsan.git master 34add094f9de 0d5c4377 .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2023/03/14 06:26 https://github.com/google/kmsan.git master 34add094f9de 026e2200 .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2023/03/14 01:49 https://github.com/google/kmsan.git master 34add094f9de 026e2200 .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2023/03/13 23:53 https://github.com/google/kmsan.git master 34add094f9de 026e2200 .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2023/03/13 18:20 https://github.com/google/kmsan.git master 34add094f9de 026e2200 .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2023/03/13 17:00 https://github.com/google/kmsan.git master 34add094f9de 026e2200 .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2023/03/13 12:15 https://github.com/google/kmsan.git master e61893130d87 5205ef30 .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2023/03/13 00:15 https://github.com/google/kmsan.git master e61893130d87 5205ef30 .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2023/03/12 14:29 https://github.com/google/kmsan.git master e61893130d87 5205ef30 .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2023/03/12 05:53 https://github.com/google/kmsan.git master e61893130d87 5205ef30 .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2023/03/11 22:30 https://github.com/google/kmsan.git master e61893130d87 5205ef30 .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2023/03/11 12:47 https://github.com/google/kmsan.git master e61893130d87 5205ef30 .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2023/03/11 05:33 https://github.com/google/kmsan.git master e61893130d87 5205ef30 .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2023/03/11 00:06 https://github.com/google/kmsan.git master e61893130d87 5205ef30 .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2023/03/10 13:34 https://github.com/google/kmsan.git master e61893130d87 5205ef30 .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2023/03/10 00:11 https://github.com/google/kmsan.git master e61893130d87 f08b59ac .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2023/03/09 08:37 https://github.com/google/kmsan.git master e61893130d87 f08b59ac .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2023/03/09 03:54 https://github.com/google/kmsan.git master e61893130d87 4fc6d98d .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2023/03/08 19:29 https://github.com/google/kmsan.git master e61893130d87 4fc6d98d .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce 2023/03/07 10:09 https://github.com/google/kmsan.git master e61893130d87 f73829fc .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce-386 2023/03/21 12:37 https://github.com/google/kmsan.git master 90ea0df61c98 03fb9538 .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce-386 2023/03/21 10:59 https://github.com/google/kmsan.git master 90ea0df61c98 03fb9538 .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce-386 2023/03/21 09:58 https://github.com/google/kmsan.git master 90ea0df61c98 03fb9538 .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce-386 2023/03/20 12:23 https://github.com/google/kmsan.git master 90ea0df61c98 7939252e .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce-386 2023/03/13 21:39 https://github.com/google/kmsan.git master 34add094f9de 026e2200 .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce-386 2023/03/09 12:23 https://github.com/google/kmsan.git master e61893130d87 f08b59ac .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce-386 2023/03/09 00:56 https://github.com/google/kmsan.git master e61893130d87 4fc6d98d .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce-386 2023/03/08 05:45 https://github.com/google/kmsan.git master e61893130d87 d2b00170 .config console log report info [disk image] [vmlinux] [kernel image] KMSAN: uninit-value in sctp_inq_pop
ci-upstream-kmsan-gce-386 2021/11/19 07:31 https://github.com/google/kmsan.git master 412af9cd936d 31a30fc0 .config console log report info KMSAN: uninit-value in sctp_inq_pop
* Struck through repros no longer work on HEAD.