KMSAN: uninit-value in bpf_prog_test_run

Title	Replies (including bot)	Last reply
[syzbot] [bpf?] KMSAN: uninit-value in bpf_prog_test_run_skb	0 (5)	2026/01/04 03:58

Title

Replies (including bot)

Last reply

[syzbot] [bpf?] KMSAN: uninit-value in bpf_prog_test_run_skb

0 (5)

2026/01/04 03:58


Created	Duration	User	Patch	Repo	Result
2026/01/04 03:58	50m	kartikey406@gmail.com	patch	upstream	report log
2026/01/04 03:48	53m	kartikey406@gmail.com	patch	upstream	report log
2026/01/04 02:01	23m	kartikey406@gmail.com	patch	upstream	report log
2026/01/02 02:20	24m	kartikey406@gmail.com	patch	upstream	report log

===================================================== BUG: KMSAN: uninit-value in bpf_prog_test_run_skb+0x3091/0x3200 net/bpf/test_run.c:-1 bpf_prog_test_run_skb+0x3091/0x3200 net/bpf/test_run.c:-1 bpf_prog_test_run+0x5bb/0x9f0 kernel/bpf/syscall.c:4703 __sys_bpf+0x873/0xeb0 kernel/bpf/syscall.c:6182 __do_sys_bpf kernel/bpf/syscall.c:6274 [inline] __se_sys_bpf kernel/bpf/syscall.c:6272 [inline] __x64_sys_bpf+0xa4/0xf0 kernel/bpf/syscall.c:6272 x64_sys_call+0x31c3/0x3e70 arch/x86/include/generated/asm/syscalls_64.h:322 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xd3/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was stored to memory at: pskb_expand_head+0x310/0x15d0 net/core/skbuff.c:2290 __skb_cow include/linux/skbuff.h:3853 [inline] skb_cow_head include/linux/skbuff.h:3887 [inline] bpf_skb_net_grow net/core/filter.c:3511 [inline] ____bpf_skb_adjust_room net/core/filter.c:3754 [inline] bpf_skb_adjust_room+0x103c/0x3310 net/core/filter.c:3699 ___bpf_prog_run+0x1297/0xeba0 kernel/bpf/core.c:2037 __bpf_prog_run512+0xc5/0x100 kernel/bpf/core.c:2333 bpf_dispatcher_nop_func include/linux/bpf.h:1378 [inline] __bpf_prog_run include/linux/filter.h:723 [inline] bpf_prog_run include/linux/filter.h:730 [inline] bpf_test_run+0x496/0xe00 net/bpf/test_run.c:423 bpf_prog_test_run_skb+0x2377/0x3200 net/bpf/test_run.c:1158 bpf_prog_test_run+0x5bb/0x9f0 kernel/bpf/syscall.c:4703 __sys_bpf+0x873/0xeb0 kernel/bpf/syscall.c:6182 __do_sys_bpf kernel/bpf/syscall.c:6274 [inline] __se_sys_bpf kernel/bpf/syscall.c:6272 [inline] __x64_sys_bpf+0xa4/0xf0 kernel/bpf/syscall.c:6272 x64_sys_call+0x31c3/0x3e70 arch/x86/include/generated/asm/syscalls_64.h:322 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xd3/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was stored to memory at: skb_data_move+0x424/0x570 include/linux/skbuff.h:-1 skb_postpush_data_move include/linux/skbuff.h:4639 [inline] bpf_skb_generic_push net/core/filter.c:3267 [inline] bpf_skb_net_hdr_push net/core/filter.c:3305 [inline] bpf_skb_net_grow net/core/filter.c:3542 [inline] ____bpf_skb_adjust_room net/core/filter.c:3754 [inline] bpf_skb_adjust_room+0x116c/0x3310 net/core/filter.c:3699 ___bpf_prog_run+0x1297/0xeba0 kernel/bpf/core.c:2037 __bpf_prog_run512+0xc5/0x100 kernel/bpf/core.c:2333 bpf_dispatcher_nop_func include/linux/bpf.h:1378 [inline] __bpf_prog_run include/linux/filter.h:723 [inline] bpf_prog_run include/linux/filter.h:730 [inline] bpf_test_run+0x496/0xe00 net/bpf/test_run.c:423 bpf_prog_test_run_skb+0x2377/0x3200 net/bpf/test_run.c:1158 bpf_prog_test_run+0x5bb/0x9f0 kernel/bpf/syscall.c:4703 __sys_bpf+0x873/0xeb0 kernel/bpf/syscall.c:6182 __do_sys_bpf kernel/bpf/syscall.c:6274 [inline] __se_sys_bpf kernel/bpf/syscall.c:6272 [inline] __x64_sys_bpf+0xa4/0xf0 kernel/bpf/syscall.c:6272 x64_sys_call+0x31c3/0x3e70 arch/x86/include/generated/asm/syscalls_64.h:322 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xd3/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was created at: slab_post_alloc_hook mm/slub.c:4960 [inline] slab_alloc_node mm/slub.c:5263 [inline] kmem_cache_alloc_node_noprof+0x9e7/0x17a0 mm/slub.c:5315 kmalloc_reserve+0x13c/0x4b0 net/core/skbuff.c:586 pskb_expand_head+0x1fc/0x15d0 net/core/skbuff.c:2282 __skb_cow include/linux/skbuff.h:3853 [inline] skb_cow_head include/linux/skbuff.h:3887 [inline] bpf_skb_net_grow net/core/filter.c:3511 [inline] ____bpf_skb_adjust_room net/core/filter.c:3754 [inline] bpf_skb_adjust_room+0x103c/0x3310 net/core/filter.c:3699 ___bpf_prog_run+0x1297/0xeba0 kernel/bpf/core.c:2037 __bpf_prog_run512+0xc5/0x100 kernel/bpf/core.c:2333 bpf_dispatcher_nop_func include/linux/bpf.h:1378 [inline] __bpf_prog_run include/linux/filter.h:723 [inline] bpf_prog_run include/linux/filter.h:730 [inline] bpf_test_run+0x496/0xe00 net/bpf/test_run.c:423 bpf_prog_test_run_skb+0x2377/0x3200 net/bpf/test_run.c:1158 bpf_prog_test_run+0x5bb/0x9f0 kernel/bpf/syscall.c:4703 __sys_bpf+0x873/0xeb0 kernel/bpf/syscall.c:6182 __do_sys_bpf kernel/bpf/syscall.c:6274 [inline] __se_sys_bpf kernel/bpf/syscall.c:6272 [inline] __x64_sys_bpf+0xa4/0xf0 kernel/bpf/syscall.c:6272 x64_sys_call+0x31c3/0x3e70 arch/x86/include/generated/asm/syscalls_64.h:322 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xd3/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f CPU: 1 UID: 0 PID: 6072 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(none) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 =====================================================

Crashes (3):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2025/12/27 10:15	upstream	3f0e9c8cefa9	d6526ea3	.config	console log	report	syz / log	C		[disk image] [vmlinux] [kernel image]	ci-upstream-kmsan-gce-root	KMSAN: uninit-value in bpf_prog_test_run_skb
2025/12/27 08:07	upstream	3f0e9c8cefa9	d6526ea3	.config	console log	report	syz / log	C		[disk image] [vmlinux] [kernel image]	ci-upstream-kmsan-gce-root	KMSAN: uninit-value in bpf_prog_test_run_skb
2025/12/27 05:55	upstream	3f0e9c8cefa9	d6526ea3	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kmsan-gce-root	KMSAN: uninit-value in bpf_prog_test_run_skb

Crashes (3):

Assets (help?)