syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1353]
Subsystems
🐞 Fixed [7051]
🐞 Invalid [18469]
Missing Backports [222]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

KMSAN: uninit-value in batadv_interface_tx (3)

Status: closed as invalid on 2026/04/08 13:13
Subsystems: batman
[Documentation on labels]
First crash: 85d, last: 25d
Similar bugs (2)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in batadv_interface_tx (2) batman 7 19 2087d 2263d 0/29 auto-closed as invalid on 2020/11/22 02:35
upstream KMSAN: uninit-value in batadv_interface_tx batman 7 C 98 2594d 2616d 11/29 fixed on 2019/03/06 07:43
Last patch testing requests (5)
Created Duration User Patch Repo Result
2026/02/01 04:54 3h54m retest repro upstream report log
2026/02/01 04:54 3h41m retest repro upstream report log
2026/02/01 04:54 25m retest repro upstream report log
2026/02/01 04:54 35m retest repro upstream report log
2026/02/01 04:54 21m retest repro upstream report log

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in batadv_interface_tx+0x581/0x1dd0 net/batman-adv/mesh-interface.c:207
 batadv_interface_tx+0x581/0x1dd0 net/batman-adv/mesh-interface.c:207
 __netdev_start_xmit include/linux/netdevice.h:5273 [inline]
 netdev_start_xmit include/linux/netdevice.h:5282 [inline]
 xmit_one net/core/dev.c:3866 [inline]
 dev_hard_start_xmit+0x22f/0xa30 net/core/dev.c:3882
 __dev_queue_xmit+0x3548/0x58c0 net/core/dev.c:4832
 dev_queue_xmit include/linux/netdevice.h:3381 [inline]
 __bpf_tx_skb net/core/filter.c:2153 [inline]
 __bpf_redirect_common net/core/filter.c:2197 [inline]
 __bpf_redirect+0x162d/0x1760 net/core/filter.c:2204
 ____bpf_clone_redirect net/core/filter.c:2487 [inline]
 bpf_clone_redirect+0x4b5/0x6d0 net/core/filter.c:2450
 ___bpf_prog_run+0x1297/0xeba0 kernel/bpf/core.c:2037
 __bpf_prog_run512+0xc5/0x100 kernel/bpf/core.c:2333
 bpf_dispatcher_nop_func include/linux/bpf.h:1378 [inline]
 __bpf_prog_run include/linux/filter.h:723 [inline]
 bpf_prog_run include/linux/filter.h:730 [inline]
 bpf_test_run+0x496/0xe00 net/bpf/test_run.c:423
 bpf_prog_test_run_skb+0x2377/0x3200 net/bpf/test_run.c:1158
 bpf_prog_test_run+0x5bb/0x9f0 kernel/bpf/syscall.c:4703
 __sys_bpf+0x873/0xeb0 kernel/bpf/syscall.c:6182
 __do_sys_bpf kernel/bpf/syscall.c:6274 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:6272 [inline]
 __x64_sys_bpf+0xa4/0xf0 kernel/bpf/syscall.c:6272
 x64_sys_call+0x31c3/0x3e70 arch/x86/include/generated/asm/syscalls_64.h:322
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd3/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was stored to memory at:
 batadv_interface_tx+0x57a/0x1dd0 net/batman-adv/mesh-interface.c:205
 __netdev_start_xmit include/linux/netdevice.h:5273 [inline]
 netdev_start_xmit include/linux/netdevice.h:5282 [inline]
 xmit_one net/core/dev.c:3866 [inline]
 dev_hard_start_xmit+0x22f/0xa30 net/core/dev.c:3882
 __dev_queue_xmit+0x3548/0x58c0 net/core/dev.c:4832
 dev_queue_xmit include/linux/netdevice.h:3381 [inline]
 __bpf_tx_skb net/core/filter.c:2153 [inline]
 __bpf_redirect_common net/core/filter.c:2197 [inline]
 __bpf_redirect+0x162d/0x1760 net/core/filter.c:2204
 ____bpf_clone_redirect net/core/filter.c:2487 [inline]
 bpf_clone_redirect+0x4b5/0x6d0 net/core/filter.c:2450
 ___bpf_prog_run+0x1297/0xeba0 kernel/bpf/core.c:2037
 __bpf_prog_run512+0xc5/0x100 kernel/bpf/core.c:2333
 bpf_dispatcher_nop_func include/linux/bpf.h:1378 [inline]
 __bpf_prog_run include/linux/filter.h:723 [inline]
 bpf_prog_run include/linux/filter.h:730 [inline]
 bpf_test_run+0x496/0xe00 net/bpf/test_run.c:423
 bpf_prog_test_run_skb+0x2377/0x3200 net/bpf/test_run.c:1158
 bpf_prog_test_run+0x5bb/0x9f0 kernel/bpf/syscall.c:4703
 __sys_bpf+0x873/0xeb0 kernel/bpf/syscall.c:6182
 __do_sys_bpf kernel/bpf/syscall.c:6274 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:6272 [inline]
 __x64_sys_bpf+0xa4/0xf0 kernel/bpf/syscall.c:6272
 x64_sys_call+0x31c3/0x3e70 arch/x86/include/generated/asm/syscalls_64.h:322
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd3/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was created at:
 slab_post_alloc_hook mm/slub.c:4960 [inline]
 slab_alloc_node mm/slub.c:5263 [inline]
 kmem_cache_alloc_node_noprof+0x9e7/0x17a0 mm/slub.c:5315
 kmalloc_reserve+0x13c/0x4b0 net/core/skbuff.c:586
 pskb_expand_head+0x1fc/0x15d0 net/core/skbuff.c:2282
 skb_ensure_writable+0x44e/0x510 net/core/skbuff.c:6316
 __bpf_try_make_writable net/core/filter.c:1682 [inline]
 bpf_try_make_writable net/core/filter.c:1688 [inline]
 bpf_try_make_head_writable net/core/filter.c:1696 [inline]
 ____bpf_clone_redirect net/core/filter.c:2481 [inline]
 bpf_clone_redirect+0x310/0x6d0 net/core/filter.c:2450
 ___bpf_prog_run+0x1297/0xeba0 kernel/bpf/core.c:2037
 __bpf_prog_run512+0xc5/0x100 kernel/bpf/core.c:2333
 bpf_dispatcher_nop_func include/linux/bpf.h:1378 [inline]
 __bpf_prog_run include/linux/filter.h:723 [inline]
 bpf_prog_run include/linux/filter.h:730 [inline]
 bpf_test_run+0x496/0xe00 net/bpf/test_run.c:423
 bpf_prog_test_run_skb+0x2377/0x3200 net/bpf/test_run.c:1158
 bpf_prog_test_run+0x5bb/0x9f0 kernel/bpf/syscall.c:4703
 __sys_bpf+0x873/0xeb0 kernel/bpf/syscall.c:6182
 __do_sys_bpf kernel/bpf/syscall.c:6274 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:6272 [inline]
 __x64_sys_bpf+0xa4/0xf0 kernel/bpf/syscall.c:6272
 x64_sys_call+0x31c3/0x3e70 arch/x86/include/generated/asm/syscalls_64.h:322
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd3/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

CPU: 1 UID: 0 PID: 6040 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(none) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
=====================================================

Crashes (9):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/01/17 14:40 upstream 39d3389331ab d6526ea3 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in batadv_interface_tx
2026/01/17 13:14 upstream 39d3389331ab d6526ea3 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in batadv_interface_tx
2026/01/17 11:46 upstream 39d3389331ab d6526ea3 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in batadv_interface_tx
2026/01/17 10:18 upstream 39d3389331ab d6526ea3 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in batadv_interface_tx
2026/01/17 08:42 upstream 39d3389331ab d6526ea3 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in batadv_interface_tx
2026/03/18 04:19 upstream f0caa1d49cc0 c8810548 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in batadv_interface_tx
2026/01/17 00:05 upstream 983d014aafb1 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in batadv_interface_tx
2026/03/18 07:29 upstream f0caa1d49cc0 c8810548 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in batadv_interface_tx
2026/03/18 07:29 upstream f0caa1d49cc0 c8810548 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in batadv_interface_tx
* Struck through repros no longer work on HEAD.