syzbot

 sign-in | mailing list | source | docs
🐞 Open [1511]
Subsystems
🐞 Fixed [6531]
🐞 Invalid [16651]
Missing Backports [205]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KMSAN: uninit-value in pptp_xmit (3)

Status: upstream: reported C repro on 2025/07/29 07:51
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+afad90ffc8645324afe5@syzkaller.appspotmail.com
Fix commit: de9c4861fb42 pptp: ensure minimal skb length in pptp_xmit()
Patched on: [ci-qemu-gce-upstream-auto ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-qemu2-riscv64 ci-snapshot-upstream-root ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-arm64 ci-upstream-gce-leak ci-upstream-kasan-badwrites-root ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce-386-root ci-upstream-kmsan-gce-root ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci-upstream-rust-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce ci2-upstream-usb], missing on: [ci-qemu-native-arm64-kvm]
First crash: 30d, last: 22d
Discussions (2)
Title Replies (including bot) Last reply
[PATCH net] pptp: ensure minimal skb length in pptp_xmit() 3 (3) 2025/07/31 02:20
[syzbot] [net?] KMSAN: uninit-value in pptp_xmit (3) 0 (1) 2025/07/29 07:51
Similar bugs (2)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in pptp_xmit (2) net 7 C 6 109d 124d 0/29 closed as invalid on 2025/06/04 14:03
upstream KMSAN: uninit-value in pptp_xmit net 7 1 1568d 1568d 0/29 auto-closed as invalid on 2021/08/11 09:47

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in pptp_xmit+0xc34/0x2720 drivers/net/ppp/pptp.c:193
 pptp_xmit+0xc34/0x2720 drivers/net/ppp/pptp.c:193
 ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2290 [inline]
 ppp_input+0x1d6/0xe60 drivers/net/ppp/ppp_generic.c:2314
 pppoe_rcv_core+0x1e8/0x760 drivers/net/ppp/pppoe.c:379
 sk_backlog_rcv+0x142/0x420 include/net/sock.h:1148
 __release_sock+0x1d3/0x330 net/core/sock.c:3213
 release_sock+0x6b/0x270 net/core/sock.c:3767
 pppoe_sendmsg+0x15d/0xcb0 drivers/net/ppp/pppoe.c:904
 sock_sendmsg_nosec net/socket.c:712 [inline]
 __sock_sendmsg+0x330/0x3d0 net/socket.c:727
 ____sys_sendmsg+0x893/0xd80 net/socket.c:2566
 ___sys_sendmsg+0x271/0x3b0 net/socket.c:2620
 __sys_sendmmsg+0x2d9/0x7c0 net/socket.c:2709
 __do_sys_sendmmsg net/socket.c:2736 [inline]
 __se_sys_sendmmsg net/socket.c:2733 [inline]
 __x64_sys_sendmmsg+0xc6/0x150 net/socket.c:2733
 x64_sys_call+0x3ce7/0x3db0 arch/x86/include/generated/asm/syscalls_64.h:308
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was created at:
 slab_post_alloc_hook mm/slub.c:4154 [inline]
 slab_alloc_node mm/slub.c:4197 [inline]
 __do_kmalloc_node mm/slub.c:4327 [inline]
 __kmalloc_node_track_caller_noprof+0x96d/0x12f0 mm/slub.c:4347
 kmalloc_reserve+0x22f/0x4b0 net/core/skbuff.c:601
 pskb_expand_head+0x1fc/0x1610 net/core/skbuff.c:2241
 skb_realloc_headroom+0x152/0x2d0 net/core/skbuff.c:2321
 pptp_xmit+0x9d4/0x2720 drivers/net/ppp/pptp.c:181
 ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2290 [inline]
 ppp_input+0x1d6/0xe60 drivers/net/ppp/ppp_generic.c:2314
 pppoe_rcv_core+0x1e8/0x760 drivers/net/ppp/pppoe.c:379
 sk_backlog_rcv+0x142/0x420 include/net/sock.h:1148
 __release_sock+0x1d3/0x330 net/core/sock.c:3213
 release_sock+0x6b/0x270 net/core/sock.c:3767
 pppoe_sendmsg+0x15d/0xcb0 drivers/net/ppp/pppoe.c:904
 sock_sendmsg_nosec net/socket.c:712 [inline]
 __sock_sendmsg+0x330/0x3d0 net/socket.c:727
 ____sys_sendmsg+0x893/0xd80 net/socket.c:2566
 ___sys_sendmsg+0x271/0x3b0 net/socket.c:2620
 __sys_sendmmsg+0x2d9/0x7c0 net/socket.c:2709
 __do_sys_sendmmsg net/socket.c:2736 [inline]
 __se_sys_sendmmsg net/socket.c:2733 [inline]
 __x64_sys_sendmmsg+0xc6/0x150 net/socket.c:2733
 x64_sys_call+0x3ce7/0x3db0 arch/x86/include/generated/asm/syscalls_64.h:308
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

CPU: 0 UID: 0 PID: 5830 Comm: syz-executor110 Not tainted 6.16.0-syzkaller #0 PREEMPT(none) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
=====================================================

Crashes (49):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/07/29 02:16 upstream 038d61fd6422 c4a95487 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pptp_xmit
2025/08/05 19:37 upstream 5998f2bca43e 904e669c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pptp_xmit
2025/08/05 08:55 upstream d632ab86aff2 abdcb213 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pptp_xmit
2025/08/05 08:55 upstream d632ab86aff2 abdcb213 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pptp_xmit
2025/08/05 08:42 upstream d632ab86aff2 abdcb213 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pptp_xmit
2025/08/05 08:42 upstream d632ab86aff2 abdcb213 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pptp_xmit
2025/08/05 02:31 upstream d632ab86aff2 abdcb213 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pptp_xmit
2025/08/05 02:25 upstream d632ab86aff2 abdcb213 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pptp_xmit
2025/08/04 16:15 upstream 352af6a011d5 7368264b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pptp_xmit
2025/08/03 14:59 upstream 89748acdf226 7368264b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pptp_xmit
2025/08/03 14:59 upstream 89748acdf226 7368264b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pptp_xmit
2025/08/03 13:45 upstream 89748acdf226 7368264b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pptp_xmit
2025/08/03 12:40 upstream 89748acdf226 7368264b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pptp_xmit
2025/08/03 12:36 upstream 89748acdf226 7368264b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pptp_xmit
2025/08/02 23:40 upstream 89748acdf226 7368264b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pptp_xmit
2025/07/29 23:08 upstream 86aa72182095 f8f2b4da .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pptp_xmit
2025/07/29 23:08 upstream 86aa72182095 f8f2b4da .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pptp_xmit
2025/07/29 07:45 upstream ced1b9e0392d c4a95487 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pptp_xmit
2025/07/29 07:45 upstream ced1b9e0392d c4a95487 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pptp_xmit
2025/07/28 19:59 upstream 038d61fd6422 c4a95487 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in pptp_xmit
2025/08/05 10:36 upstream d2eedaa3909b abdcb213 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in pptp_xmit
2025/08/05 08:08 upstream d2eedaa3909b abdcb213 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in pptp_xmit
2025/08/05 08:08 upstream d2eedaa3909b abdcb213 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in pptp_xmit
2025/08/05 01:57 upstream d2eedaa3909b abdcb213 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in pptp_xmit
2025/08/05 01:57 upstream d2eedaa3909b abdcb213 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in pptp_xmit
2025/08/03 22:39 upstream 186f3edfdd41 7368264b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in pptp_xmit
2025/08/03 22:39 upstream 186f3edfdd41 7368264b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in pptp_xmit
2025/08/03 18:43 upstream 186f3edfdd41 7368264b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in pptp_xmit
2025/08/03 18:43 upstream 186f3edfdd41 7368264b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in pptp_xmit
2025/08/03 18:32 upstream 186f3edfdd41 7368264b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in pptp_xmit
2025/08/03 18:32 upstream 186f3edfdd41 7368264b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in pptp_xmit
2025/08/03 08:19 upstream eacf91b0c78a 7368264b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in pptp_xmit
2025/08/03 05:59 upstream eacf91b0c78a 7368264b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in pptp_xmit
2025/08/03 05:56 upstream eacf91b0c78a 7368264b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in pptp_xmit
2025/08/03 05:25 upstream eacf91b0c78a 7368264b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in pptp_xmit
2025/08/03 05:25 upstream eacf91b0c78a 7368264b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in pptp_xmit
2025/07/30 04:25 upstream 86aa72182095 f8f2b4da .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in pptp_xmit
2025/07/30 04:25 upstream 86aa72182095 f8f2b4da .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in pptp_xmit
2025/07/30 04:20 upstream 86aa72182095 f8f2b4da .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in pptp_xmit
2025/07/30 04:20 upstream 86aa72182095 f8f2b4da .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in pptp_xmit
2025/07/29 10:23 upstream ced1b9e0392d c4a95487 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in pptp_xmit
2025/07/29 10:23 upstream ced1b9e0392d c4a95487 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in pptp_xmit
2025/07/28 22:36 upstream 038d61fd6422 c4a95487 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in pptp_xmit
* Struck through repros no longer work on HEAD.