syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1323]
Subsystems
🐞 Fixed [7169]
🐞 Invalid [18934]
Missing Backports [221]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

KMSAN: uninit-value in __skb_flow_dissect (4)

Status: closed as invalid on 2026/01/09 12:02
Subsystems: net
[Documentation on labels]
First crash: 246d, last: 246d
Similar bugs (7)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in __skb_flow_dissect (3) net 7 C 3 2158d 2155d 0/29 closed as invalid on 2020/07/22 16:31
upstream KMSAN: uninit-value in __skb_flow_dissect net 7 C 15 2979d 2993d 0/29 closed as invalid on 2018/06/27 15:08
upstream KMSAN: uninit-value in __skb_flow_dissect (2) net 7 7 2289d 2408d 0/29 auto-closed as invalid on 2020/07/08 18:36
upstream KASAN: use-after-free Read in __skb_flow_dissect (2) net 19 C done unreliable 6 1234d 1412d 0/29 closed as invalid on 2023/03/21 17:25
upstream Internal error in __skb_flow_dissect net 2 1 1134d 1130d 0/29 auto-obsoleted due to no activity on 2023/08/07 05:35
upstream KASAN: use-after-free Read in __skb_flow_dissect net 19 3 1869d 1966d 0/29 auto-closed as invalid on 2021/08/03 02:14
upstream KASAN: use-after-free Read in __skb_flow_dissect (3) net 19 C 1 887d 897d 25/29 fixed on 2024/03/26 00:54

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in __skb_flow_dissect+0x426a/0x9ed0 net/core/flow_dissector.c:1204
 __skb_flow_dissect+0x426a/0x9ed0 net/core/flow_dissector.c:1204
 skb_flow_dissect_flow_keys_basic include/linux/skbuff.h:1624 [inline]
 skb_probe_transport_header include/linux/skbuff.h:3180 [inline]
 packet_parse_headers+0xc9e/0xed0 net/packet/af_packet.c:1938
 packet_snd net/packet/af_packet.c:3066 [inline]
 packet_sendmsg+0x8aed/0xa2a0 net/packet/af_packet.c:3108
 sock_sendmsg_nosec net/socket.c:727 [inline]
 __sock_sendmsg+0x333/0x3d0 net/socket.c:742
 ____sys_sendmsg+0x893/0xd80 net/socket.c:2630
 ___sys_sendmsg+0x271/0x3b0 net/socket.c:2684
 __sys_sendmmsg+0x2d9/0x7c0 net/socket.c:2773
 __do_sys_sendmmsg net/socket.c:2800 [inline]
 __se_sys_sendmmsg net/socket.c:2797 [inline]
 __x64_sys_sendmmsg+0xc6/0x150 net/socket.c:2797
 x64_sys_call+0x21de/0x3e30 arch/x86/include/generated/asm/syscalls_64.h:308
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd9/0xfa0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was created at:
 slab_post_alloc_hook mm/slub.c:4962 [inline]
 slab_alloc_node mm/slub.c:5265 [inline]
 kmem_cache_alloc_node_noprof+0x989/0x16b0 mm/slub.c:5317
 kmalloc_reserve+0x13c/0x4b0 net/core/skbuff.c:579
 __alloc_skb+0x347/0x7d0 net/core/skbuff.c:670
 alloc_skb include/linux/skbuff.h:1383 [inline]
 alloc_skb_with_frags+0xc5/0xa60 net/core/skbuff.c:6671
 sock_alloc_send_pskb+0xacc/0xc60 net/core/sock.c:2965
 packet_alloc_skb net/packet/af_packet.c:2926 [inline]
 packet_snd net/packet/af_packet.c:3019 [inline]
 packet_sendmsg+0x743d/0xa2a0 net/packet/af_packet.c:3108
 sock_sendmsg_nosec net/socket.c:727 [inline]
 __sock_sendmsg+0x333/0x3d0 net/socket.c:742
 ____sys_sendmsg+0x893/0xd80 net/socket.c:2630
 ___sys_sendmsg+0x271/0x3b0 net/socket.c:2684
 __sys_sendmmsg+0x2d9/0x7c0 net/socket.c:2773
 __do_sys_sendmmsg net/socket.c:2800 [inline]
 __se_sys_sendmmsg net/socket.c:2797 [inline]
 __x64_sys_sendmmsg+0xc6/0x150 net/socket.c:2797
 x64_sys_call+0x21de/0x3e30 arch/x86/include/generated/asm/syscalls_64.h:308
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd9/0xfa0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

CPU: 0 UID: 0 PID: 13143 Comm: syz.1.2131 Tainted: G        W           syzkaller #0 PREEMPT(none) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
=====================================================

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/10/13 14:38 upstream 3a8660878839 ff1712fe .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __skb_flow_dissect
2025/10/13 14:37 upstream 3a8660878839 ff1712fe .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in __skb_flow_dissect
2025/10/13 15:06 upstream 3a8660878839 ff1712fe .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in __skb_flow_dissect
* Struck through repros no longer work on HEAD.