syzbot


KMSAN: uninit-value in sctp_inq_pop (2)

Status: upstream: reported C repro on 2022/01/08 08:00
Subsystems: sctp
[Documentation on labels]
Reported-by: syzbot+70a42f45e76bede082be@syzkaller.appspotmail.com
First crash: 851d, last: 3d14h
Discussions (2)
Title Replies (including bot) Last reply
[PATCH net] sctp: fix uninit-value in sctp_inq_pop() 4 (4) 2023/09/08 04:48
[syzbot] KMSAN: uninit-value in sctp_inq_pop (2) 0 (1) 2022/01/08 08:00
Similar bugs (6)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in sctp_inq_pop sctp 3 996d 1036d 0/26 auto-closed as invalid on 2021/10/24 08:36
upstream KMSAN: kernel-infoleak in copyout (2) net C 6723 285d 1453d 22/26 fixed on 2023/06/08 14:41
upstream KMSAN: uninit-value in nf_nat_setup_info (2) netfilter C 764 721d 801d 0/26 auto-obsoleted due to no activity on 2022/09/28 07:28
upstream KMSAN: kernel-infoleak in __skb_datagram_iter net 68 174d 279d 23/26 fixed on 2023/09/28 17:51
upstream KMSAN: uninit-value in eth_type_trans (2) net C 4232 1h09m 1517d 0/26 upstream: reported C repro on 2020/01/22 16:47
upstream KMSAN: kernel-infoleak in move_addr_to_user (6) tipc C 4 781d 819d 20/26 fixed on 2022/03/08 16:11
Last patch testing requests (6)
Created Duration User Patch Repo Result
2023/08/28 16:57 25m n.zhandarovich@fintech.ru patch https://github.com/google/kmsan.git master OK log
2023/08/14 18:13 17m andrew.kanner@gmail.com patch https://github.com/google/kmsan.git master report log
2023/08/14 17:41 20m andrew.kanner@gmail.com patch https://github.com/google/kmsan.git master report log
2023/08/01 16:24 22m andrew.kanner@gmail.com https://github.com/google/kmsan.git master report log
2022/05/11 02:41 20m k.kahurani@gmail.com patch https://github.com/google/kmsan.git master OK
2022/05/08 15:20 12m (78) k.kahurani@gmail.com patch https://github.com/google/kmsan.git master report log

Sample crash report:
netlink: 44 bytes leftover after parsing attributes in process `syz-executor192'.
=====================================================
BUG: KMSAN: uninit-value in sctp_inq_pop+0x15b3/0x1920 net/sctp/inqueue.c:211
 sctp_inq_pop+0x15b3/0x1920 net/sctp/inqueue.c:211
 sctp_assoc_bh_rcv+0x1a7/0xc50 net/sctp/associola.c:997
 sctp_inq_push+0x2ec/0x380 net/sctp/inqueue.c:88
 sctp_backlog_rcv+0x397/0xdb0 net/sctp/input.c:331
 sk_backlog_rcv include/net/sock.h:1092 [inline]
 __release_sock+0x207/0x570 net/core/sock.c:2972
 release_sock+0x6b/0x200 net/core/sock.c:3538
 sctp_wait_for_connect+0x486/0x810 net/sctp/socket.c:9343
 sctp_sendmsg_to_asoc+0x1ea7/0x1ee0 net/sctp/socket.c:1884
 sctp_sendmsg+0x32b4/0x4a70 net/sctp/socket.c:2030
 inet_sendmsg+0x105/0x190 net/ipv4/af_inet.c:850
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg net/socket.c:745 [inline]
 __sys_sendto+0x735/0xa10 net/socket.c:2191
 __do_sys_sendto net/socket.c:2203 [inline]
 __se_sys_sendto net/socket.c:2199 [inline]
 __x64_sys_sendto+0x125/0x1c0 net/socket.c:2199
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x63/0x6b

Uninit was stored to memory at:
 sctp_inq_pop+0x153a/0x1920 net/sctp/inqueue.c:207
 sctp_assoc_bh_rcv+0x1a7/0xc50 net/sctp/associola.c:997
 sctp_inq_push+0x2ec/0x380 net/sctp/inqueue.c:88
 sctp_backlog_rcv+0x397/0xdb0 net/sctp/input.c:331
 sk_backlog_rcv include/net/sock.h:1092 [inline]
 __release_sock+0x207/0x570 net/core/sock.c:2972
 release_sock+0x6b/0x200 net/core/sock.c:3538
 sctp_wait_for_connect+0x486/0x810 net/sctp/socket.c:9343
 sctp_sendmsg_to_asoc+0x1ea7/0x1ee0 net/sctp/socket.c:1884
 sctp_sendmsg+0x32b4/0x4a70 net/sctp/socket.c:2030
 inet_sendmsg+0x105/0x190 net/ipv4/af_inet.c:850
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg net/socket.c:745 [inline]
 __sys_sendto+0x735/0xa10 net/socket.c:2191
 __do_sys_sendto net/socket.c:2203 [inline]
 __se_sys_sendto net/socket.c:2199 [inline]
 __x64_sys_sendto+0x125/0x1c0 net/socket.c:2199
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x63/0x6b

Uninit was created at:
 slab_post_alloc_hook mm/slub.c:3819 [inline]
 slab_alloc_node mm/slub.c:3860 [inline]
 __do_kmalloc_node mm/slub.c:3980 [inline]
 __kmalloc_node_track_caller+0x705/0x1000 mm/slub.c:4001
 kmalloc_reserve+0x249/0x4a0 net/core/skbuff.c:582
 __alloc_skb+0x352/0x790 net/core/skbuff.c:651
 alloc_skb include/linux/skbuff.h:1296 [inline]
 sctp_packet_pack net/sctp/output.c:472 [inline]
 sctp_packet_transmit+0x1782/0x4310 net/sctp/output.c:621
 sctp_outq_flush_transports net/sctp/outqueue.c:1173 [inline]
 sctp_outq_flush+0x1b2f/0x6540 net/sctp/outqueue.c:1221
 sctp_outq_uncork+0x9c/0xb0 net/sctp/outqueue.c:764
 sctp_side_effects net/sctp/sm_sideeffect.c:1198 [inline]
 sctp_do_sm+0x8c1a/0x9390 net/sctp/sm_sideeffect.c:1169
 sctp_assoc_bh_rcv+0x8fe/0xc50 net/sctp/associola.c:1051
 sctp_inq_push+0x2ec/0x380 net/sctp/inqueue.c:88
 sctp_backlog_rcv+0x397/0xdb0 net/sctp/input.c:331
 sk_backlog_rcv include/net/sock.h:1092 [inline]
 __release_sock+0x207/0x570 net/core/sock.c:2972
 release_sock+0x6b/0x200 net/core/sock.c:3538
 sctp_wait_for_connect+0x486/0x810 net/sctp/socket.c:9343
 sctp_sendmsg_to_asoc+0x1ea7/0x1ee0 net/sctp/socket.c:1884
 sctp_sendmsg+0x32b4/0x4a70 net/sctp/socket.c:2030
 inet_sendmsg+0x105/0x190 net/ipv4/af_inet.c:850
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg net/socket.c:745 [inline]
 __sys_sendto+0x735/0xa10 net/socket.c:2191
 __do_sys_sendto net/socket.c:2203 [inline]
 __se_sys_sendto net/socket.c:2199 [inline]
 __x64_sys_sendto+0x125/0x1c0 net/socket.c:2199
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x63/0x6b

CPU: 0 PID: 5016 Comm: syz-executor192 Not tainted 6.8.0-rc5-syzkaller-00381-g70ff1fe626a1 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
=====================================================

Crashes (2804):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/02/26 10:50 upstream 70ff1fe626a1 8d446f15 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2023/10/22 16:19 upstream 1acfd2bd3f0d 361b23dc .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in sctp_inq_pop
2023/07/10 03:00 https://github.com/google/kmsan.git master 257152fe29be 668cb1fa .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in sctp_inq_pop
2022/08/22 05:50 https://github.com/google/kmsan.git master 1b070a5d1a2c 26a13b38 .config strace log report syz C ci-upstream-kmsan-gce KMSAN: uninit-value in sctp_inq_pop
2022/05/13 22:16 https://github.com/google/kmsan.git master d6e2c8c7eb40 107f6434 .config strace log report syz C ci-upstream-kmsan-gce KMSAN: uninit-value in sctp_inq_pop
2022/01/04 02:03 https://github.com/google/kmsan.git master 81c325bbf94e 4a3f34f2 .config console log report syz C ci-upstream-kmsan-gce KMSAN: uninit-value in sctp_inq_pop
2024/03/15 17:22 upstream e5eb28f6d1af d615901c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2024/03/15 14:05 upstream e5eb28f6d1af d615901c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2024/03/14 11:51 upstream 480e035fc4c7 f919f202 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2024/03/13 07:19 upstream 9187210eee7d db5b7ff0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2024/03/13 05:03 upstream 9187210eee7d c35c26ec .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2024/03/13 03:54 upstream 9187210eee7d c35c26ec .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2024/03/12 10:21 upstream 855684c7d938 6ee49f2e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2024/03/11 22:31 upstream 8ede842f669b 6ee49f2e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2024/03/10 19:13 upstream 137e0ec05aeb 6ee49f2e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2024/03/09 12:20 upstream 09e5c48fea17 6ee49f2e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2024/03/09 02:03 upstream 10d48d70e82d 96d142e7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2024/03/08 22:56 upstream 3aaa8ce7a335 96d142e7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2024/03/08 15:31 upstream 3aaa8ce7a335 cf82cde1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2024/03/07 22:15 upstream 135288b73cef 2b789849 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2024/03/07 03:30 upstream 67be068d31d4 f39a7eed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2024/03/06 03:30 upstream 29cd507cbec2 f39a7eed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2024/03/05 16:26 upstream 90d35da658da f39a7eed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2024/03/05 06:07 upstream 90d35da658da 5fc53669 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2024/03/05 04:02 upstream 90d35da658da 5fc53669 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2024/03/05 02:19 upstream 90d35da658da 5fc53669 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2024/03/04 12:10 upstream 90d35da658da 25905f5d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2024/03/03 21:05 upstream 58c806d867bf 25905f5d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2024/03/03 04:32 upstream 04b8076df253 25905f5d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2024/02/29 18:17 upstream 805d849d7c3c 352ab904 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2023/12/19 03:10 upstream 2cf4f94d8e86 3ad490ea .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in sctp_inq_pop
2024/03/13 08:43 upstream 9187210eee7d db5b7ff0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in sctp_inq_pop
2024/03/12 16:30 upstream 855684c7d938 c35c26ec .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in sctp_inq_pop
2024/03/12 14:06 upstream 855684c7d938 c35c26ec .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in sctp_inq_pop
2024/03/12 11:29 upstream 855684c7d938 6ee49f2e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in sctp_inq_pop
2024/03/11 12:25 upstream e8f897f4afef 6ee49f2e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in sctp_inq_pop
2024/03/10 20:19 upstream 137e0ec05aeb 6ee49f2e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in sctp_inq_pop
2024/03/10 06:57 upstream 005f6f34bd47 6ee49f2e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in sctp_inq_pop
2024/03/09 16:05 upstream 09e5c48fea17 6ee49f2e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in sctp_inq_pop
2024/03/09 14:00 upstream 09e5c48fea17 6ee49f2e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in sctp_inq_pop
2024/03/09 04:41 upstream 10d48d70e82d 96d142e7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in sctp_inq_pop
2024/03/07 16:52 upstream 67be068d31d4 2b789849 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in sctp_inq_pop
2024/03/06 17:38 upstream 5847c9777c30 f39a7eed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in sctp_inq_pop
2024/03/06 05:11 upstream 29cd507cbec2 f39a7eed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in sctp_inq_pop
2024/03/05 19:01 upstream 90d35da658da f39a7eed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in sctp_inq_pop
2024/03/05 17:28 upstream 90d35da658da f39a7eed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in sctp_inq_pop
2024/03/05 08:04 upstream 90d35da658da 5fc53669 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in sctp_inq_pop
2024/03/03 00:45 upstream 04b8076df253 25905f5d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in sctp_inq_pop
2024/03/02 16:49 upstream 5ad3cb0ed525 25905f5d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in sctp_inq_pop
2024/03/02 15:20 upstream 5ad3cb0ed525 25905f5d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in sctp_inq_pop
2024/03/02 01:55 upstream 17ba56605bfd 25905f5d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in sctp_inq_pop
2024/03/01 19:13 upstream 87adedeba51a 25905f5d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in sctp_inq_pop
2024/03/01 05:22 upstream 87adedeba51a 352ab904 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in sctp_inq_pop
2023/12/20 03:38 upstream 55cb5f43689d 3ad490ea .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in sctp_inq_pop
2021/11/19 07:31 https://github.com/google/kmsan.git master 412af9cd936d 31a30fc0 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in sctp_inq_pop
* Struck through repros no longer work on HEAD.