syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1340]
Subsystems
🐞 Fixed [7063]
🐞 Invalid [18529]
Missing Backports [222]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

KMSAN: uninit-value in netif_skb_features (4)

Status: upstream: reported C repro on 2025/10/07 06:40
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+1543a7d954d9c6d00407@syzkaller.appspotmail.com
Fix commit: ddc748a391dd net: use skb_header_pointer() for TCPv4 GSO frag_off check
Patched on: [ci-qemu-gce-upstream-auto ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-snapshot-upstream-root ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-leak ci-upstream-kasan-badwrites-root ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce-386-root ci-upstream-kmsan-gce-root ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci-upstream-rust-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce ci2-upstream-usb], missing on: [ci-qemu-native-arm64-kvm ci-qemu2-riscv64 ci-upstream-gce-arm64]
First crash: 197d, last: 17d
Discussions (3)
Title Replies (including bot) Last reply
[PATCH net] net: clear mangleid_features for SKB_GSO_DODGY TCPv4 22 (22) 2026/03/31 00:40
[syzbot] [net?] KMSAN: uninit-value in netif_skb_features (4) 0 (9) 2026/03/26 10:43
[syzbot] Monthly bridge report (Jan 2026) 0 (1) 2026/01/19 08:19
Similar bugs (5)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: kernel-infoleak in copyout (2) net 17 C 6723 1045d 2214d 22/29 fixed on 2023/06/08 14:41
upstream KMSAN: uninit-value in netif_skb_features (2) net 7 C 9 853d 941d 25/29 fixed on 2024/01/30 15:47
upstream KMSAN: kernel-infoleak in _copy_to_iter (7) net 21 C 138977 1149d 1501d 22/29 fixed on 2023/02/24 13:50
upstream KMSAN: uninit-value in netif_skb_features (3) net 7 1 422d 422d 0/29 auto-obsoleted due to no activity on 2025/05/29 13:17
upstream KMSAN: uninit-value in netif_skb_features net 7 C 119 2902d 2928d 5/29 fixed on 2018/05/08 18:30
Last patch testing requests (7)
Created Duration User Patch Repo Result
2026/03/26 10:43 27m yss2813483011xxl@gmail.com patch upstream OK log
2026/03/19 14:52 4h31m yss2813483011xxl@gmail.com patch upstream OK log
2026/03/18 10:44 3h35m yss2813483011xxl@gmail.com patch upstream OK log
2026/03/12 06:17 37m yss2813483011xxl@gmail.com patch upstream OK log
2026/03/11 13:35 4h28m yss2813483011xxl@gmail.com patch upstream report log
2026/03/08 07:12 28m yss2813483011xxl@gmail.com patch upstream OK log
2026/03/07 13:07 27m yss2813483011xxl@gmail.com patch upstream OK log

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in gso_features_check net/core/dev.c:3804 [inline]
BUG: KMSAN: uninit-value in netif_skb_features+0x6fb/0x1870 net/core/dev.c:3828
 gso_features_check net/core/dev.c:3804 [inline]
 netif_skb_features+0x6fb/0x1870 net/core/dev.c:3828
 validate_xmit_skb+0xb6/0x2400 net/core/dev.c:4003
 validate_xmit_skb_list+0xd4/0x320 net/core/dev.c:4065
 sch_direct_xmit+0xd4/0xcf0 net/sched/sch_generic.c:332
 __dev_xmit_skb net/core/dev.c:4179 [inline]
 __dev_queue_xmit+0x3016/0x5a50 net/core/dev.c:4795
 dev_queue_xmit include/linux/netdevice.h:3384 [inline]
 packet_xmit+0x8f/0x710 net/packet/af_packet.c:275
 packet_snd net/packet/af_packet.c:3077 [inline]
 packet_sendmsg+0x91d9/0xa320 net/packet/af_packet.c:3109
 sock_sendmsg_nosec net/socket.c:727 [inline]
 __sock_sendmsg net/socket.c:742 [inline]
 ____sys_sendmsg+0xfe7/0x1080 net/socket.c:2592
 ___sys_sendmsg+0x271/0x3b0 net/socket.c:2646
 __sys_sendmsg net/socket.c:2678 [inline]
 __do_sys_sendmsg net/socket.c:2683 [inline]
 __se_sys_sendmsg net/socket.c:2681 [inline]
 __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2681
 x64_sys_call+0x1e20/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:47
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x134/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was created at:
 slab_post_alloc_hook mm/slub.c:4466 [inline]
 slab_alloc_node mm/slub.c:4788 [inline]
 kmem_cache_alloc_node_noprof+0x3cd/0x12d0 mm/slub.c:4840
 kmalloc_reserve net/core/skbuff.c:613 [inline]
 __alloc_skb+0x855/0x1190 net/core/skbuff.c:713
 alloc_skb include/linux/skbuff.h:1383 [inline]
 alloc_skb_with_frags+0xc5/0xa60 net/core/skbuff.c:6750
 sock_alloc_send_pskb+0xacb/0xc60 net/core/sock.c:2995
 packet_alloc_skb net/packet/af_packet.c:2927 [inline]
 packet_snd net/packet/af_packet.c:3020 [inline]
 packet_sendmsg+0x7477/0xa320 net/packet/af_packet.c:3109
 sock_sendmsg_nosec net/socket.c:727 [inline]
 __sock_sendmsg net/socket.c:742 [inline]
 ____sys_sendmsg+0xfe7/0x1080 net/socket.c:2592
 ___sys_sendmsg+0x271/0x3b0 net/socket.c:2646
 __sys_sendmsg net/socket.c:2678 [inline]
 __do_sys_sendmsg net/socket.c:2683 [inline]
 __se_sys_sendmsg net/socket.c:2681 [inline]
 __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2681
 x64_sys_call+0x1e20/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:47
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x134/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

CPU: 0 UID: 0 PID: 6045 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
=====================================================

Crashes (116):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/02/15 14:45 upstream ca4ee40bf13d 1e62d198 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in netif_skb_features
2026/04/01 23:35 upstream 9147566d8016 0285fe54 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in netif_skb_features
2026/03/31 20:13 upstream d0c3bcd5b897 aeea1c72 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in netif_skb_features
2026/03/29 15:18 upstream cbfffcca2bf0 356bdfc9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in netif_skb_features
2026/03/27 20:47 upstream 46b513250491 74a13a23 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in netif_skb_features
2026/03/27 10:57 upstream 46b513250491 50cdcaa1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in netif_skb_features
2026/03/26 06:28 upstream d2a43e7f89da c6143aac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in netif_skb_features
2026/03/20 18:20 upstream 0e4f8f1a3d08 2f245add .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in netif_skb_features
2026/03/17 14:01 upstream 2d1373e4246d c01bca74 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in netif_skb_features
2026/03/14 15:56 upstream 1c9982b49613 ee8d34d6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in netif_skb_features
2026/03/14 01:27 upstream b36eb6e3f5d8 351cb5cf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in netif_skb_features
2026/03/13 06:56 upstream 0257f64bdac7 2f7f359d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in netif_skb_features
2026/03/12 06:22 upstream b29fb8829bff 2d88ab01 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in netif_skb_features
2026/03/10 19:23 upstream 1f318b96cc84 4683d576 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in netif_skb_features
2026/03/06 08:09 upstream 5ee8dbf54602 31e9c887 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in netif_skb_features
2026/03/05 08:36 upstream ecc64d2dc9ff a9fe5c9e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in netif_skb_features
2026/03/04 15:10 upstream 0031c06807cf e6b6b96b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in netif_skb_features
2026/03/04 06:11 upstream 0031c06807cf 4180d919 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in netif_skb_features
2026/02/28 14:21 upstream 4d349ee5c778 43249bac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in netif_skb_features
2026/02/27 09:54 upstream a75cb869a8cc a2f13f71 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in netif_skb_features
2026/02/26 20:35 upstream f4d0ec0aa20d ffa54287 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in netif_skb_features
2026/02/25 05:20 upstream 7dff99b35460 787dfb7c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in netif_skb_features
2026/02/25 05:20 upstream 7dff99b35460 787dfb7c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in netif_skb_features
2026/02/22 17:23 upstream 32a92f8c8932 6e7b5511 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in netif_skb_features
2026/02/22 17:23 upstream 32a92f8c8932 6e7b5511 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in netif_skb_features
2025/10/03 06:32 upstream e406d57be7bd 49379ee0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in netif_skb_features
2026/03/31 22:12 upstream d0c3bcd5b897 aeea1c72 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in netif_skb_features
2026/03/29 17:35 upstream cbfffcca2bf0 356bdfc9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in netif_skb_features
2026/03/27 22:24 upstream 46b513250491 74a13a23 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in netif_skb_features
2026/03/27 10:33 upstream 46b513250491 50cdcaa1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in netif_skb_features
2026/03/26 09:23 upstream d2a43e7f89da c6143aac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in netif_skb_features
2026/03/17 18:16 upstream 2d1373e4246d c01bca74 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in netif_skb_features
2026/03/15 02:34 upstream 69237f8c1f69 ee8d34d6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in netif_skb_features
2026/03/14 18:12 upstream 1c9982b49613 ee8d34d6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in netif_skb_features
2026/03/12 17:49 upstream 80234b5ab240 4efadf07 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in netif_skb_features
2026/03/04 17:48 upstream 0031c06807cf e6b6b96b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in netif_skb_features
2026/03/04 09:09 upstream 0031c06807cf 4180d919 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in netif_skb_features
2026/02/28 19:21 upstream 4d349ee5c778 43249bac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in netif_skb_features
2026/02/27 22:17 upstream a75cb869a8cc 2cf092b8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in netif_skb_features
2026/02/27 11:46 upstream a75cb869a8cc a2f13f71 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in netif_skb_features
2026/02/27 01:17 upstream f4d0ec0aa20d ffa54287 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in netif_skb_features
2026/02/25 07:26 upstream 7dff99b35460 787dfb7c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in netif_skb_features
2026/02/22 18:57 upstream 32a92f8c8932 6e7b5511 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in netif_skb_features
2026/02/22 18:56 upstream 32a92f8c8932 6e7b5511 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in netif_skb_features
2026/02/21 17:34 upstream a95f71ad3e2e 6e7b5511 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in netif_skb_features
2026/02/21 17:29 upstream a95f71ad3e2e 6e7b5511 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in netif_skb_features
* Struck through repros no longer work on HEAD.