syzbot

 sign-in | mailing list | source | docs
🐞 Open [1593]
Subsystems
🐞 Fixed [6224]
🐞 Invalid [15741]
Missing Backports [182]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KMSAN: uninit-value in sctp_inq_pop (2)

Status: upstream: reported C repro on 2022/01/08 08:00
Subsystems: sctp
[Documentation on labels]
Reported-by: syzbot+70a42f45e76bede082be@syzkaller.appspotmail.com
First crash: 1269d, last: 18h53m
Discussions (3)
Title Replies (including bot) Last reply
[syzbot] Monthly sctp report (Apr 2025) 0 (1) 2025/04/14 10:17
[PATCH net] sctp: fix uninit-value in sctp_inq_pop() 4 (4) 2023/09/08 04:48
[syzbot] KMSAN: uninit-value in sctp_inq_pop (2) 0 (1) 2022/01/08 08:00
Similar bugs (6)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in sctp_inq_pop sctp 3 1415d 1455d 0/28 auto-closed as invalid on 2021/10/24 08:36
upstream KMSAN: kernel-infoleak in copyout (2) net C 6723 703d 1872d 22/28 fixed on 2023/06/08 14:41
upstream KMSAN: uninit-value in nf_nat_setup_info (2) netfilter C 764 1140d 1220d 0/28 auto-obsoleted due to no activity on 2022/09/28 07:28
upstream KMSAN: kernel-infoleak in __skb_datagram_iter net 68 593d 698d 23/28 fixed on 2023/09/28 17:51
upstream KMSAN: uninit-value in eth_type_trans (2) net C 7018 32m 1936d 0/28 upstream: reported C repro on 2020/01/22 16:47
upstream KMSAN: kernel-infoleak in move_addr_to_user (6) tipc C 4 1200d 1238d 20/28 fixed on 2022/03/08 16:11
Last patch testing requests (12)
Created Duration User Patch Repo Result
2024/06/30 07:40 30m retest repro upstream error
2024/06/29 07:43 23m retest repro upstream OK log
2024/06/29 07:43 23m retest repro upstream OK log
2024/06/29 07:43 23m retest repro upstream log
2024/06/29 07:43 26m retest repro upstream OK log
2024/06/29 07:43 23m retest repro upstream OK log
2023/08/28 16:57 25m n.zhandarovich@fintech.ru patch https://github.com/google/kmsan.git master OK log
2023/08/14 18:13 17m andrew.kanner@gmail.com patch https://github.com/google/kmsan.git master report log
2023/08/14 17:41 20m andrew.kanner@gmail.com patch https://github.com/google/kmsan.git master report log
2023/08/01 16:24 22m andrew.kanner@gmail.com https://github.com/google/kmsan.git master report log
2022/05/11 02:41 20m k.kahurani@gmail.com patch https://github.com/google/kmsan.git master OK
2022/05/08 15:20 12m (78) k.kahurani@gmail.com patch https://github.com/google/kmsan.git master report log

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in sctp_inq_pop+0x15b7/0x1920 net/sctp/inqueue.c:211
 sctp_inq_pop+0x15b7/0x1920 net/sctp/inqueue.c:211
 sctp_assoc_bh_rcv+0x1a7/0xc50 net/sctp/associola.c:998
 sctp_inq_push+0x2ef/0x380 net/sctp/inqueue.c:88
 sctp_backlog_rcv+0x397/0xdb0 net/sctp/input.c:331
 sk_backlog_rcv+0x13b/0x420 include/net/sock.h:1122
 __release_sock+0x1da/0x330 net/core/sock.c:3106
 release_sock+0x6b/0x250 net/core/sock.c:3660
 sctp_wait_for_connect+0x487/0x820 net/sctp/socket.c:9360
 sctp_sendmsg_to_asoc+0x1ec1/0x1f00 net/sctp/socket.c:1885
 sctp_sendmsg+0x32b9/0x4a80 net/sctp/socket.c:2031
 inet_sendmsg+0x25a/0x280 net/ipv4/af_inet.c:851
 sock_sendmsg_nosec net/socket.c:718 [inline]
 __sock_sendmsg+0x267/0x380 net/socket.c:733
 __sys_sendto+0x594/0x750 net/socket.c:2187
 __do_sys_sendto net/socket.c:2194 [inline]
 __se_sys_sendto net/socket.c:2190 [inline]
 __x64_sys_sendto+0x125/0x1d0 net/socket.c:2190
 x64_sys_call+0x346a/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:45
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was stored to memory at:
 sctp_inq_pop+0x153e/0x1920 net/sctp/inqueue.c:207
 sctp_assoc_bh_rcv+0x1a7/0xc50 net/sctp/associola.c:998
 sctp_inq_push+0x2ef/0x380 net/sctp/inqueue.c:88
 sctp_backlog_rcv+0x397/0xdb0 net/sctp/input.c:331
 sk_backlog_rcv+0x13b/0x420 include/net/sock.h:1122
 __release_sock+0x1da/0x330 net/core/sock.c:3106
 release_sock+0x6b/0x250 net/core/sock.c:3660
 sctp_wait_for_connect+0x487/0x820 net/sctp/socket.c:9360
 sctp_sendmsg_to_asoc+0x1ec1/0x1f00 net/sctp/socket.c:1885
 sctp_sendmsg+0x32b9/0x4a80 net/sctp/socket.c:2031
 inet_sendmsg+0x25a/0x280 net/ipv4/af_inet.c:851
 sock_sendmsg_nosec net/socket.c:718 [inline]
 __sock_sendmsg+0x267/0x380 net/socket.c:733
 __sys_sendto+0x594/0x750 net/socket.c:2187
 __do_sys_sendto net/socket.c:2194 [inline]
 __se_sys_sendto net/socket.c:2190 [inline]
 __x64_sys_sendto+0x125/0x1d0 net/socket.c:2190
 x64_sys_call+0x346a/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:45
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was created at:
 slab_post_alloc_hook mm/slub.c:4121 [inline]
 slab_alloc_node mm/slub.c:4164 [inline]
 __do_kmalloc_node mm/slub.c:4293 [inline]
 __kmalloc_node_track_caller_noprof+0x945/0x1240 mm/slub.c:4313
 kmalloc_reserve+0x23e/0x4a0 net/core/skbuff.c:609
 __alloc_skb+0x363/0x7b0 net/core/skbuff.c:678
 alloc_skb include/linux/skbuff.h:1331 [inline]
 sctp_packet_pack net/sctp/output.c:472 [inline]
 sctp_packet_transmit+0x17fa/0x43a0 net/sctp/output.c:621
 sctp_outq_flush_transports net/sctp/outqueue.c:1173 [inline]
 sctp_outq_flush+0x1b2f/0x6590 net/sctp/outqueue.c:1221
 sctp_outq_uncork+0x9c/0xb0 net/sctp/outqueue.c:764
 sctp_side_effects net/sctp/sm_sideeffect.c:1198 [inline]
 sctp_do_sm+0x8c49/0x93d0 net/sctp/sm_sideeffect.c:1169
 sctp_assoc_bh_rcv+0x8fe/0xc50 net/sctp/associola.c:1052
 sctp_inq_push+0x2ef/0x380 net/sctp/inqueue.c:88
 sctp_backlog_rcv+0x397/0xdb0 net/sctp/input.c:331
 sk_backlog_rcv+0x13b/0x420 include/net/sock.h:1122
 __release_sock+0x1da/0x330 net/core/sock.c:3106
 release_sock+0x6b/0x250 net/core/sock.c:3660
 sctp_wait_for_connect+0x487/0x820 net/sctp/socket.c:9360
 sctp_sendmsg_to_asoc+0x1ec1/0x1f00 net/sctp/socket.c:1885
 sctp_sendmsg+0x32b9/0x4a80 net/sctp/socket.c:2031
 inet_sendmsg+0x25a/0x280 net/ipv4/af_inet.c:851
 sock_sendmsg_nosec net/socket.c:718 [inline]
 __sock_sendmsg+0x267/0x380 net/socket.c:733
 __sys_sendto+0x594/0x750 net/socket.c:2187
 __do_sys_sendto net/socket.c:2194 [inline]
 __se_sys_sendto net/socket.c:2190 [inline]
 __x64_sys_sendto+0x125/0x1d0 net/socket.c:2190
 x64_sys_call+0x346a/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:45
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

CPU: 1 UID: 0 PID: 5785 Comm: syz-executor966 Not tainted 6.14.0-rc2-syzkaller-00056-gab68d7eb7b1a #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
=====================================================

Crashes (3926):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/02/14 06:36 upstream ab68d7eb7b1a d9a046cf .config strace log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2024/02/26 10:50 upstream 70ff1fe626a1 8d446f15 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2023/07/10 03:00 https://github.com/google/kmsan.git master 257152fe29be 668cb1fa .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in sctp_inq_pop
2023/10/22 16:19 upstream 1acfd2bd3f0d 361b23dc .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in sctp_inq_pop
2022/08/22 05:50 https://github.com/google/kmsan.git master 1b070a5d1a2c 26a13b38 .config strace log report syz C ci-upstream-kmsan-gce KMSAN: uninit-value in sctp_inq_pop
2022/05/13 22:16 https://github.com/google/kmsan.git master d6e2c8c7eb40 107f6434 .config strace log report syz C ci-upstream-kmsan-gce KMSAN: uninit-value in sctp_inq_pop
2022/01/04 02:03 https://github.com/google/kmsan.git master 81c325bbf94e 4a3f34f2 .config console log report syz C ci-upstream-kmsan-gce KMSAN: uninit-value in sctp_inq_pop
2025/05/11 08:52 upstream 02ddfb981de8 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2025/05/09 11:04 upstream 02ddfb981de8 bb813bcc .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2025/05/09 09:39 upstream 02ddfb981de8 bb813bcc .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2025/05/08 17:56 upstream 02ddfb981de8 dbf35fa1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2025/05/08 15:43 upstream 02ddfb981de8 dbf35fa1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2025/05/07 20:50 upstream 02ddfb981de8 350f4ffc .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2025/05/07 03:02 upstream 02ddfb981de8 350f4ffc .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2025/05/06 05:33 upstream 02ddfb981de8 ae98e6b9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2025/05/05 22:55 upstream 02ddfb981de8 6ca47dd8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2025/05/05 21:24 upstream 02ddfb981de8 6ca47dd8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2025/05/04 23:03 upstream 02ddfb981de8 b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2025/05/04 02:26 upstream 02ddfb981de8 b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2025/05/02 20:19 upstream 02ddfb981de8 b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2025/05/02 14:26 upstream 02ddfb981de8 2bfec9c0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2025/05/01 19:48 upstream 02ddfb981de8 51b137cd .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2025/04/30 21:16 upstream 02ddfb981de8 ce7952f4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2025/04/30 11:35 upstream 02ddfb981de8 85a5a23f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2025/04/30 08:44 upstream 02ddfb981de8 85a5a23f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2025/04/29 14:30 upstream 02ddfb981de8 aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2025/04/27 17:26 upstream 02ddfb981de8 c6b4fb39 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2025/04/25 23:45 upstream 02ddfb981de8 c6b4fb39 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2025/04/25 09:21 upstream 02ddfb981de8 e3715315 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2025/04/24 23:12 upstream e72e9e693307 9c80ffa0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2025/04/24 21:53 upstream e72e9e693307 9c80ffa0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2025/04/24 17:51 upstream a79be02bba5c 9c80ffa0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2025/04/24 13:15 upstream a79be02bba5c 9c80ffa0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2025/04/23 06:43 upstream bc3372351d0c 53a8b9bd .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2025/04/22 23:40 upstream a33b5a08cbbd 53a8b9bd .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2025/04/21 21:31 upstream 9d7a0577c9db 2a20f901 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2025/04/19 20:39 upstream 8560697b23dc 2a20f901 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2025/04/18 17:38 upstream fc96b232f8e7 2a20f901 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2025/04/17 20:33 upstream cfb2e2c57aef 2a6ededb .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2025/04/13 19:45 upstream 7cdabafc0012 0bd6db41 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2025/04/13 11:19 upstream 7cdabafc0012 0bd6db41 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2025/04/13 05:37 upstream ecd5d67ad602 0bd6db41 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in sctp_inq_pop
2023/12/19 03:10 upstream 2cf4f94d8e86 3ad490ea .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: uninit-value in sctp_inq_pop
2025/05/10 10:50 upstream 02ddfb981de8 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in sctp_inq_pop
2025/05/09 16:01 upstream 02ddfb981de8 bb813bcc .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in sctp_inq_pop
2025/05/05 04:45 upstream 02ddfb981de8 b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in sctp_inq_pop
2025/05/04 05:15 upstream 02ddfb981de8 b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in sctp_inq_pop
2025/04/30 20:23 upstream 02ddfb981de8 ce7952f4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in sctp_inq_pop
2025/04/29 22:00 upstream 02ddfb981de8 aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in sctp_inq_pop
2025/04/29 18:44 upstream 02ddfb981de8 aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in sctp_inq_pop
2025/04/23 10:58 upstream bc3372351d0c 53a8b9bd .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in sctp_inq_pop
2025/04/21 00:34 upstream 6fea5fabd332 2a20f901 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in sctp_inq_pop
2025/04/20 12:17 upstream 119009db2674 2a20f901 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in sctp_inq_pop
2025/04/13 16:24 upstream 7cdabafc0012 0bd6db41 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in sctp_inq_pop
2023/12/20 03:38 upstream 55cb5f43689d 3ad490ea .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in sctp_inq_pop
2021/11/19 07:31 https://github.com/google/kmsan.git master 412af9cd936d 31a30fc0 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in sctp_inq_pop
* Struck through repros no longer work on HEAD.