syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1344]
Subsystems
🐞 Fixed [7091]
🐞 Invalid [18734]
Missing Backports [220]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

KMSAN: uninit-value in ___bpf_prog_run (5)

Status: auto-obsoleted due to no activity on 2026/04/27 07:22
Subsystems: bpf
[Documentation on labels]
First crash: 118d, last: 118d
Similar bugs (4)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in ___bpf_prog_run (3) bpf 7 C 5 1492d 1494d 22/29 fixed on 2023/02/24 13:50
upstream KMSAN: uninit-value in ___bpf_prog_run bpf 7 C 75 2180d 2181d 0/29 closed as invalid on 2020/05/28 10:23
upstream KMSAN: uninit-value in ___bpf_prog_run (2) bpf 7 C 587 2127d 2130d 0/29 closed as invalid on 2020/07/22 14:22
upstream KMSAN: uninit-value in ___bpf_prog_run (4) bpf 7 C 322 459d 873d 28/29 fixed on 2025/06/10 16:19

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in ___bpf_prog_run+0x90d8/0xeba0 kernel/bpf/core.c:2037
 ___bpf_prog_run+0x90d8/0xeba0 kernel/bpf/core.c:2037
 __bpf_prog_run32+0xc2/0xf0 kernel/bpf/core.c:2331
 bpf_dispatcher_nop_func include/linux/bpf.h:1378 [inline]
 __bpf_prog_run include/linux/filter.h:723 [inline]
 bpf_prog_run include/linux/filter.h:730 [inline]
 bpf_prog_run_pin_on_cpu include/linux/filter.h:747 [inline]
 bpf_prog_run_clear_cb+0x20e/0x640 include/linux/filter.h:1008
 run_filter net/packet/af_packet.c:2081 [inline]
 packet_rcv+0x5ef/0x23a0 net/packet/af_packet.c:2154
 dev_queue_xmit_nit+0xfc3/0x1160 net/core/dev.c:2600
 xmit_one net/core/dev.c:3862 [inline]
 dev_hard_start_xmit+0x16b/0xa30 net/core/dev.c:3882
 __dev_queue_xmit+0x3548/0x58c0 net/core/dev.c:4832
 dev_queue_xmit include/linux/netdevice.h:3381 [inline]
 tipc_l2_send_msg+0x4cc/0x5d0 net/tipc/bearer.c:516
 tipc_bearer_xmit_skb+0x39e/0x4b0 net/tipc/bearer.c:575
 tipc_disc_timeout+0x93c/0xa40 net/tipc/discover.c:338
 call_timer_fn+0x4c/0x4c0 kernel/time/timer.c:1748
 expire_timers kernel/time/timer.c:1799 [inline]
 __run_timers kernel/time/timer.c:2373 [inline]
 __run_timer_base+0x80f/0xd90 kernel/time/timer.c:2385
 run_timer_base kernel/time/timer.c:2394 [inline]
 run_timer_softirq+0x3a/0x80 kernel/time/timer.c:2404
 handle_softirqs+0x169/0x6e0 kernel/softirq.c:622
 __do_softirq kernel/softirq.c:656 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0x66/0x180 kernel/softirq.c:723
 irq_exit_rcu+0x12/0x20 kernel/softirq.c:739
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
 sysvec_apic_timer_interrupt+0x84/0x90 arch/x86/kernel/apic/apic.c:1056
 asm_sysvec_apic_timer_interrupt+0x1f/0x30 arch/x86/include/asm/idtentry.h:697
 console_srcu_read_flags include/linux/console.h:530 [inline]
 console_flush_one_record kernel/printk/printk.c:3194 [inline]
 console_flush_all+0xec0/0x1250 kernel/printk/printk.c:3289
 __console_flush_and_unlock kernel/printk/printk.c:3319 [inline]
 console_unlock+0xeb/0x460 kernel/printk/printk.c:3359
 vprintk_emit+0x81f/0xb70 kernel/printk/printk.c:2426
 dev_vprintk_emit+0x5ac/0x7a0 drivers/base/core.c:4914
 dev_printk_emit+0x180/0x1b0 drivers/base/core.c:4925
 __netdev_printk+0x6a0/0x950 net/core/dev.c:12916
 netdev_info+0x1b4/0x1d0 net/core/dev.c:12971
 netif_change_name+0x1324/0x1370 net/core/dev.c:1479
 do_setlink+0xff6/0x7940 net/core/rtnetlink.c:3138
 rtnl_changelink net/core/rtnetlink.c:3776 [inline]
 __rtnl_newlink net/core/rtnetlink.c:3935 [inline]
 rtnl_newlink+0x2bf5/0x39a0 net/core/rtnetlink.c:4072
 rtnetlink_rcv_msg+0x106f/0x14b0 net/core/rtnetlink.c:6958
 netlink_rcv_skb+0x54d/0x680 net/netlink/af_netlink.c:2550
 rtnetlink_rcv+0x35/0x40 net/core/rtnetlink.c:6985
 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
 netlink_unicast+0xf04/0x12b0 net/netlink/af_netlink.c:1344
 netlink_sendmsg+0x10b3/0x1250 net/netlink/af_netlink.c:1894
 sock_sendmsg_nosec net/socket.c:727 [inline]
 __sock_sendmsg+0x333/0x3d0 net/socket.c:742
 __sys_sendto+0x593/0x720 net/socket.c:2206
 __do_sys_sendto net/socket.c:2213 [inline]
 __se_sys_sendto net/socket.c:2209 [inline]
 __x64_sys_sendto+0x130/0x200 net/socket.c:2209
 x64_sys_call+0x332b/0x3e70 arch/x86/include/generated/asm/syscalls_64.h:45
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd3/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was stored to memory at:
 ___bpf_prog_run+0x90d1/0xeba0 kernel/bpf/core.c:2037
 __bpf_prog_run32+0xc2/0xf0 kernel/bpf/core.c:2331
 bpf_dispatcher_nop_func include/linux/bpf.h:1378 [inline]
 __bpf_prog_run include/linux/filter.h:723 [inline]
 bpf_prog_run include/linux/filter.h:730 [inline]
 bpf_prog_run_pin_on_cpu include/linux/filter.h:747 [inline]
 bpf_prog_run_clear_cb+0x20e/0x640 include/linux/filter.h:1008
 run_filter net/packet/af_packet.c:2081 [inline]
 packet_rcv+0x5ef/0x23a0 net/packet/af_packet.c:2154
 dev_queue_xmit_nit+0xfc3/0x1160 net/core/dev.c:2600
 xmit_one net/core/dev.c:3862 [inline]
 dev_hard_start_xmit+0x16b/0xa30 net/core/dev.c:3882
 __dev_queue_xmit+0x3548/0x58c0 net/core/dev.c:4832
 dev_queue_xmit include/linux/netdevice.h:3381 [inline]
 tipc_l2_send_msg+0x4cc/0x5d0 net/tipc/bearer.c:516
 tipc_bearer_xmit_skb+0x39e/0x4b0 net/tipc/bearer.c:575
 tipc_disc_timeout+0x93c/0xa40 net/tipc/discover.c:338
 call_timer_fn+0x4c/0x4c0 kernel/time/timer.c:1748
 expire_timers kernel/time/timer.c:1799 [inline]
 __run_timers kernel/time/timer.c:2373 [inline]
 __run_timer_base+0x80f/0xd90 kernel/time/timer.c:2385
 run_timer_base kernel/time/timer.c:2394 [inline]
 run_timer_softirq+0x3a/0x80 kernel/time/timer.c:2404
 handle_softirqs+0x169/0x6e0 kernel/softirq.c:622
 __do_softirq kernel/softirq.c:656 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0x66/0x180 kernel/softirq.c:723
 irq_exit_rcu+0x12/0x20 kernel/softirq.c:739
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
 sysvec_apic_timer_interrupt+0x84/0x90 arch/x86/kernel/apic/apic.c:1056
 asm_sysvec_apic_timer_interrupt+0x1f/0x30 arch/x86/include/asm/idtentry.h:697

Uninit was stored to memory at:
 ___bpf_prog_run+0x8bb1/0xeba0 kernel/bpf/core.c:1814
 __bpf_prog_run32+0xc2/0xf0 kernel/bpf/core.c:2331
 bpf_dispatcher_nop_func include/linux/bpf.h:1378 [inline]
 __bpf_prog_run include/linux/filter.h:723 [inline]
 bpf_prog_run include/linux/filter.h:730 [inline]
 bpf_prog_run_pin_on_cpu include/linux/filter.h:747 [inline]
 bpf_prog_run_clear_cb+0x20e/0x640 include/linux/filter.h:1008
 run_filter net/packet/af_packet.c:2081 [inline]
 packet_rcv+0x5ef/0x23a0 net/packet/af_packet.c:2154
 dev_queue_xmit_nit+0xfc3/0x1160 net/core/dev.c:2600
 xmit_one net/core/dev.c:3862 [inline]
 dev_hard_start_xmit+0x16b/0xa30 net/core/dev.c:3882
 __dev_queue_xmit+0x3548/0x58c0 net/core/dev.c:4832
 dev_queue_xmit include/linux/netdevice.h:3381 [inline]
 tipc_l2_send_msg+0x4cc/0x5d0 net/tipc/bearer.c:516
 tipc_bearer_xmit_skb+0x39e/0x4b0 net/tipc/bearer.c:575
 tipc_disc_timeout+0x93c/0xa40 net/tipc/discover.c:338
 call_timer_fn+0x4c/0x4c0 kernel/time/timer.c:1748
 expire_timers kernel/time/timer.c:1799 [inline]
 __run_timers kernel/time/timer.c:2373 [inline]
 __run_timer_base+0x80f/0xd90 kernel/time/timer.c:2385
 run_timer_base kernel/time/timer.c:2394 [inline]
 run_timer_softirq+0x3a/0x80 kernel/time/timer.c:2404
 handle_softirqs+0x169/0x6e0 kernel/softirq.c:622
 __do_softirq kernel/softirq.c:656 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0x66/0x180 kernel/softirq.c:723
 irq_exit_rcu+0x12/0x20 kernel/softirq.c:739
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
 sysvec_apic_timer_interrupt+0x84/0x90 arch/x86/kernel/apic/apic.c:1056
 asm_sysvec_apic_timer_interrupt+0x1f/0x30 arch/x86/include/asm/idtentry.h:697

Uninit was stored to memory at:
 ___bpf_prog_run+0x9995/0xeba0 kernel/bpf/core.c:-1
 __bpf_prog_run32+0xc2/0xf0 kernel/bpf/core.c:2331
 bpf_dispatcher_nop_func include/linux/bpf.h:1378 [inline]
 __bpf_prog_run include/linux/filter.h:723 [inline]
 bpf_prog_run include/linux/filter.h:730 [inline]
 bpf_prog_run_pin_on_cpu include/linux/filter.h:747 [inline]
 bpf_prog_run_clear_cb+0x20e/0x640 include/linux/filter.h:1008
 run_filter net/packet/af_packet.c:2081 [inline]
 packet_rcv+0x5ef/0x23a0 net/packet/af_packet.c:2154
 dev_queue_xmit_nit+0xfc3/0x1160 net/core/dev.c:2600
 xmit_one net/core/dev.c:3862 [inline]
 dev_hard_start_xmit+0x16b/0xa30 net/core/dev.c:3882
 __dev_queue_xmit+0x3548/0x58c0 net/core/dev.c:4832
 dev_queue_xmit include/linux/netdevice.h:3381 [inline]
 tipc_l2_send_msg+0x4cc/0x5d0 net/tipc/bearer.c:516
 tipc_bearer_xmit_skb+0x39e/0x4b0 net/tipc/bearer.c:575
 tipc_disc_timeout+0x93c/0xa40 net/tipc/discover.c:338
 call_timer_fn+0x4c/0x4c0 kernel/time/timer.c:1748
 expire_timers kernel/time/timer.c:1799 [inline]
 __run_timers kernel/time/timer.c:2373 [inline]
 __run_timer_base+0x80f/0xd90 kernel/time/timer.c:2385
 run_timer_base kernel/time/timer.c:2394 [inline]
 run_timer_softirq+0x3a/0x80 kernel/time/timer.c:2404
 handle_softirqs+0x169/0x6e0 kernel/softirq.c:622
 __do_softirq kernel/softirq.c:656 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0x66/0x180 kernel/softirq.c:723
 irq_exit_rcu+0x12/0x20 kernel/softirq.c:739
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
 sysvec_apic_timer_interrupt+0x84/0x90 arch/x86/kernel/apic/apic.c:1056
 asm_sysvec_apic_timer_interrupt+0x1f/0x30 arch/x86/include/asm/idtentry.h:697

Uninit was stored to memory at:
 ___bpf_prog_run+0x12cf/0xeba0 kernel/bpf/core.c:2037
 __bpf_prog_run32+0xc2/0xf0 kernel/bpf/core.c:2331
 bpf_dispatcher_nop_func include/linux/bpf.h:1378 [inline]
 __bpf_prog_run include/linux/filter.h:723 [inline]
 bpf_prog_run include/linux/filter.h:730 [inline]
 bpf_prog_run_pin_on_cpu include/linux/filter.h:747 [inline]
 bpf_prog_run_clear_cb+0x20e/0x640 include/linux/filter.h:1008
 run_filter net/packet/af_packet.c:2081 [inline]
 packet_rcv+0x5ef/0x23a0 net/packet/af_packet.c:2154
 dev_queue_xmit_nit+0xfc3/0x1160 net/core/dev.c:2600
 xmit_one net/core/dev.c:3862 [inline]
 dev_hard_start_xmit+0x16b/0xa30 net/core/dev.c:3882
 __dev_queue_xmit+0x3548/0x58c0 net/core/dev.c:4832
 dev_queue_xmit include/linux/netdevice.h:3381 [inline]
 tipc_l2_send_msg+0x4cc/0x5d0 net/tipc/bearer.c:516
 tipc_bearer_xmit_skb+0x39e/0x4b0 net/tipc/bearer.c:575
 tipc_disc_timeout+0x93c/0xa40 net/tipc/discover.c:338
 call_timer_fn+0x4c/0x4c0 kernel/time/timer.c:1748
 expire_timers kernel/time/timer.c:1799 [inline]
 __run_timers kernel/time/timer.c:2373 [inline]
 __run_timer_base+0x80f/0xd90 kernel/time/timer.c:2385
 run_timer_base kernel/time/timer.c:2394 [inline]
 run_timer_softirq+0x3a/0x80 kernel/time/timer.c:2404
 handle_softirqs+0x169/0x6e0 kernel/softirq.c:622
 __do_softirq kernel/softirq.c:656 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0x66/0x180 kernel/softirq.c:723
 irq_exit_rcu+0x12/0x20 kernel/softirq.c:739
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
 sysvec_apic_timer_interrupt+0x84/0x90 arch/x86/kernel/apic/apic.c:1056
 asm_sysvec_apic_timer_interrupt+0x1f/0x30 arch/x86/include/asm/idtentry.h:697

Uninit was created at:
 slab_post_alloc_hook mm/slub.c:4960 [inline]
 slab_alloc_node mm/slub.c:5263 [inline]
 kmem_cache_alloc_node_noprof+0x9e7/0x17a0 mm/slub.c:5315
 kmalloc_reserve+0x13c/0x4b0 net/core/skbuff.c:586
 __alloc_skb+0x805/0x1040 net/core/skbuff.c:690
 alloc_skb_fclone include/linux/skbuff.h:1433 [inline]
 tipc_buf_acquire+0x4c/0x230 net/tipc/msg.c:72
 tipc_disc_create+0x12f/0x870 net/tipc/discover.c:359
 tipc_enable_bearer net/tipc/bearer.c:348 [inline]
 __tipc_nl_bearer_enable+0x1f61/0x2a00 net/tipc/bearer.c:1047
 tipc_nl_bearer_enable+0x3d/0x70 net/tipc/bearer.c:1056
 genl_family_rcv_msg_doit+0x338/0x3f0 net/netlink/genetlink.c:1115
 genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
 genl_rcv_msg+0xacf/0xc10 net/netlink/genetlink.c:1210
 netlink_rcv_skb+0x54d/0x680 net/netlink/af_netlink.c:2550
 genl_rcv+0x41/0x60 net/netlink/genetlink.c:1219
 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
 netlink_unicast+0xf04/0x12b0 net/netlink/af_netlink.c:1344
 netlink_sendmsg+0x10b3/0x1250 net/netlink/af_netlink.c:1894
 sock_sendmsg_nosec net/socket.c:727 [inline]
 __sock_sendmsg+0x333/0x3d0 net/socket.c:742
 ____sys_sendmsg+0x7f5/0xcf0 net/socket.c:2592
 ___sys_sendmsg+0x271/0x3b0 net/socket.c:2646
 __sys_sendmsg net/socket.c:2678 [inline]
 __do_sys_sendmsg net/socket.c:2683 [inline]
 __se_sys_sendmsg net/socket.c:2681 [inline]
 __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2681
 x64_sys_call+0x1c60/0x3e70 arch/x86/include/generated/asm/syscalls_64.h:47
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd3/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

CPU: 0 UID: 0 PID: 23596 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT(none) 
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
=====================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/01/19 05:27 upstream 24d479d26b25 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in ___bpf_prog_run
* Struck through repros no longer work on HEAD.