KMSAN: uninit-value in __skb_checksum

ID	Workflow	Result	Correct	Bug	Created	Started	Finished	Revision	Error
e38db609-ea0b-448e-af4b-98f510c13d4c	assessment-security	DenialOfService: ❌ Exploitable: ❌ FilesystemTrigger: ❌ NetworkTrigger: ❌ PeripheralTrigger: ❌ RemoteTrigger: ❌ Unprivileged: ❌ UserNamespace: ❌ VMGuestTrigger: ❌ VMHostTrigger: ❌	❓	KMSAN: uninit-value in __skb_checksum_complete (7)	2026/05/25 16:07	2026/05/25 16:07	2026/05/25 17:01	c69befb30ac10e158cc9d1557b508ee3f0eca1de

Kernel	Title	Rank 🛈	Repro	Count	Last	Reported	Patched	Status
upstream	KMSAN: uninit-value in __skb_checksum_complete (3) netfilter	7		7	2621d	2788d	0/29	auto-closed as invalid on 2019/10/19 05:22
upstream	KMSAN: uninit-value in __skb_checksum_complete (5) net	7	C	1497	1028d	2140d	0/29	auto-obsoleted due to no activity on 2024/02/04 15:28
upstream	KMSAN: uninit-value in __skb_checksum_complete (2) net	7		2	2913d	2914d	0/29	closed as invalid on 2018/09/05 16:20
upstream	KMSAN: uninit-value in __skb_checksum_complete (4) netfilter	7	C	420	2163d	2405d	0/29	closed as invalid on 2020/07/22 16:42
upstream	KMSAN: uninit-value in __skb_checksum_complete net	7	C	5	2985d	2986d	0/29	closed as invalid on 2018/04/22 15:44
upstream	KMSAN: uninit-value in __skb_checksum_complete (6) net	7		3	572d	584d	0/29	closed as invalid on 2025/01/15 13:14

Kernel

Title

Rank 🛈

upstream

KMSAN: uninit-value in __skb_checksum_complete (3) netfilter

2621d

2788d

0/29

auto-closed as invalid on 2019/10/19 05:22

upstream

KMSAN: uninit-value in __skb_checksum_complete (5) net

1497

1028d

2140d

0/29

auto-obsoleted due to no activity on 2024/02/04 15:28

upstream

KMSAN: uninit-value in __skb_checksum_complete (2) net

2913d

2914d

0/29

closed as invalid on 2018/09/05 16:20

upstream

KMSAN: uninit-value in __skb_checksum_complete (4) netfilter

420

2163d

2405d

0/29

closed as invalid on 2020/07/22 16:42

upstream

KMSAN: uninit-value in __skb_checksum_complete net

2985d

2986d

0/29

closed as invalid on 2018/04/22 15:44

upstream

KMSAN: uninit-value in __skb_checksum_complete (6) net

572d

584d

0/29

closed as invalid on 2025/01/15 13:14

===================================================== BUG: KMSAN: uninit-value in __skb_checksum_complete+0x371/0x480 net/core/skbuff.c:3806 __skb_checksum_complete+0x371/0x480 net/core/skbuff.c:3806 __skb_checksum_validate_complete include/linux/skbuff.h:4858 [inline] icmp_rcv+0xc0b/0x2460 net/ipv4/icmp.c:1467 ip_protocol_deliver_rcu+0xb3d/0x13d0 net/ipv4/ip_input.c:207 ip_local_deliver_finish+0x409/0x720 net/ipv4/ip_input.c:241 NF_HOOK include/linux/netfilter.h:318 [inline] ip_local_deliver+0x228/0x4a0 net/ipv4/ip_input.c:262 dst_input include/net/dst.h:480 [inline] ip_rcv_finish+0x4d7/0x560 net/ipv4/ip_input.c:453 NF_HOOK include/linux/netfilter.h:318 [inline] ip_rcv+0xcb/0x370 net/ipv4/ip_input.c:573 __netif_receive_skb_one_core net/core/dev.c:6181 [inline] __netif_receive_skb net/core/dev.c:6294 [inline] process_backlog+0x8d7/0x1500 net/core/dev.c:6645 __napi_poll+0xdc/0x950 net/core/dev.c:7709 napi_poll net/core/dev.c:7772 [inline] net_rx_action+0xa5b/0x1c70 net/core/dev.c:7929 handle_softirqs+0x171/0x7e0 kernel/softirq.c:622 __do_softirq+0x14/0x1b kernel/softirq.c:656 do_softirq+0x58/0x90 kernel/softirq.c:523 __local_bh_enable_ip+0xa1/0xb0 kernel/softirq.c:450 local_bh_enable include/linux/bottom_half.h:33 [inline] __icmp_send+0x1c72/0x1cc0 net/ipv4/icmp.c:1009 icmp_send include/net/icmp.h:43 [inline] ip_fragment+0x287/0x2c0 net/ipv4/ip_output.c:589 ip_finish_output_gso net/ipv4/ip_output.c:288 [inline] __ip_finish_output net/ipv4/ip_output.c:310 [inline] ip_finish_output+0x6af/0x860 net/ipv4/ip_output.c:325 NF_HOOK_COND include/linux/netfilter.h:307 [inline] ip_output+0x14f/0x3e0 net/ipv4/ip_output.c:438 dst_output include/net/dst.h:470 [inline] ip_local_out net/ipv4/ip_output.c:131 [inline] __ip_queue_xmit+0x1f82/0x20b0 net/ipv4/ip_output.c:534 ip_queue_xmit+0x60/0x80 net/ipv4/ip_output.c:548 __tcp_transmit_skb+0x4a9a/0x5ce0 net/ipv4/tcp_output.c:1693 tcp_transmit_skb net/ipv4/tcp_output.c:1711 [inline] tcp_write_xmit+0x4ea0/0xa170 net/ipv4/tcp_output.c:3064 __tcp_push_pending_frames+0xc5/0x3c0 net/ipv4/tcp_output.c:3247 tcp_sendmsg_locked+0x306d/0x7d30 net/ipv4/tcp.c:1406 tcp_sendmsg+0x4b/0x90 net/ipv4/tcp.c:1465 inet_sendmsg+0x134/0x290 net/ipv4/af_inet.c:865 sock_sendmsg_nosec net/socket.c:727 [inline] __sock_sendmsg net/socket.c:742 [inline] ____sys_sendmsg+0xd27/0xfd0 net/socket.c:2592 ___sys_sendmsg+0x271/0x3b0 net/socket.c:2646 __sys_sendmsg net/socket.c:2678 [inline] __do_sys_sendmsg net/socket.c:2683 [inline] __se_sys_sendmsg net/socket.c:2681 [inline] __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2681 x64_sys_call+0x1e20/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:47 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x134/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was stored to memory at: csum_partial_copy_nocheck include/net/checksum.h:53 [inline] skb_copy_and_csum_bits+0x150/0x1580 net/core/skbuff.c:3618 icmp_glue_bits+0x8e/0x2f0 net/ipv4/icmp.c:371 __ip_append_data+0x60ed/0x7030 net/ipv4/ip_output.c:1172 ip_append_data+0x144/0x220 net/ipv4/ip_output.c:1378 icmp_push_reply+0xb7/0x760 net/ipv4/icmp.c:388 __icmp_send+0x1b43/0x1cc0 net/ipv4/icmp.c:1000 icmp_send include/net/icmp.h:43 [inline] ip_fragment+0x287/0x2c0 net/ipv4/ip_output.c:589 ip_finish_output_gso net/ipv4/ip_output.c:288 [inline] __ip_finish_output net/ipv4/ip_output.c:310 [inline] ip_finish_output+0x6af/0x860 net/ipv4/ip_output.c:325 NF_HOOK_COND include/linux/netfilter.h:307 [inline] ip_output+0x14f/0x3e0 net/ipv4/ip_output.c:438 dst_output include/net/dst.h:470 [inline] ip_local_out net/ipv4/ip_output.c:131 [inline] __ip_queue_xmit+0x1f82/0x20b0 net/ipv4/ip_output.c:534 ip_queue_xmit+0x60/0x80 net/ipv4/ip_output.c:548 __tcp_transmit_skb+0x4a9a/0x5ce0 net/ipv4/tcp_output.c:1693 tcp_transmit_skb net/ipv4/tcp_output.c:1711 [inline] tcp_write_xmit+0x4ea0/0xa170 net/ipv4/tcp_output.c:3064 __tcp_push_pending_frames+0xc5/0x3c0 net/ipv4/tcp_output.c:3247 tcp_sendmsg_locked+0x306d/0x7d30 net/ipv4/tcp.c:1406 tcp_sendmsg+0x4b/0x90 net/ipv4/tcp.c:1465 inet_sendmsg+0x134/0x290 net/ipv4/af_inet.c:865 sock_sendmsg_nosec net/socket.c:727 [inline] __sock_sendmsg net/socket.c:742 [inline] ____sys_sendmsg+0xd27/0xfd0 net/socket.c:2592 ___sys_sendmsg+0x271/0x3b0 net/socket.c:2646 __sys_sendmsg net/socket.c:2678 [inline] __do_sys_sendmsg net/socket.c:2683 [inline] __se_sys_sendmsg net/socket.c:2681 [inline] __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2681 x64_sys_call+0x1e20/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:47 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x134/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was stored to memory at: skb_copy_bits+0x7a1/0x1120 net/core/skbuff.c:3055 skb_segment+0x5528/0x7ba0 net/core/skbuff.c:4978 tcp_gso_segment+0xab0/0x2df0 net/ipv4/tcp_offload.c:181 tcp4_gso_segment+0xe28/0x1c10 net/ipv4/tcp_offload.c:130 inet_gso_segment+0xd4d/0x1f00 net/ipv4/af_inet.c:1417 skb_mac_gso_segment+0x425/0x890 net/core/gso.c:53 __skb_gso_segment+0x695/0x8b0 net/core/gso.c:124 skb_gso_segment include/net/gso.h:83 [inline] ip_finish_output_gso net/ipv4/ip_output.c:276 [inline] __ip_finish_output net/ipv4/ip_output.c:310 [inline] ip_finish_output+0x45e/0x860 net/ipv4/ip_output.c:325 NF_HOOK_COND include/linux/netfilter.h:307 [inline] ip_output+0x14f/0x3e0 net/ipv4/ip_output.c:438 dst_output include/net/dst.h:470 [inline] ip_local_out net/ipv4/ip_output.c:131 [inline] __ip_queue_xmit+0x1f82/0x20b0 net/ipv4/ip_output.c:534 ip_queue_xmit+0x60/0x80 net/ipv4/ip_output.c:548 __tcp_transmit_skb+0x4a9a/0x5ce0 net/ipv4/tcp_output.c:1693 tcp_transmit_skb net/ipv4/tcp_output.c:1711 [inline] tcp_write_xmit+0x4ea0/0xa170 net/ipv4/tcp_output.c:3064 __tcp_push_pending_frames+0xc5/0x3c0 net/ipv4/tcp_output.c:3247 tcp_sendmsg_locked+0x306d/0x7d30 net/ipv4/tcp.c:1406 tcp_sendmsg+0x4b/0x90 net/ipv4/tcp.c:1465 inet_sendmsg+0x134/0x290 net/ipv4/af_inet.c:865 sock_sendmsg_nosec net/socket.c:727 [inline] __sock_sendmsg net/socket.c:742 [inline] ____sys_sendmsg+0xd27/0xfd0 net/socket.c:2592 ___sys_sendmsg+0x271/0x3b0 net/socket.c:2646 __sys_sendmsg net/socket.c:2678 [inline] __do_sys_sendmsg net/socket.c:2683 [inline] __se_sys_sendmsg net/socket.c:2681 [inline] __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2681 x64_sys_call+0x1e20/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:47 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x134/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was created at: __alloc_frozen_pages_noprof+0x6f7/0x1020 mm/page_alloc.c:5273 alloc_pages_mpol+0x328/0x860 mm/mempolicy.c:2490 alloc_frozen_pages_noprof mm/mempolicy.c:2561 [inline] alloc_pages_noprof+0x101/0x290 mm/mempolicy.c:2581 skb_page_frag_refill+0x34e/0x730 net/core/sock.c:3146 sk_page_frag_refill+0x59/0x190 net/core/sock.c:3166 tcp_sendmsg_locked+0x319a/0x7d30 net/ipv4/tcp.c:1300 tcp_sendmsg+0x4b/0x90 net/ipv4/tcp.c:1465 inet_sendmsg+0x134/0x290 net/ipv4/af_inet.c:865 sock_sendmsg_nosec net/socket.c:727 [inline] __sock_sendmsg net/socket.c:742 [inline] ____sys_sendmsg+0xd27/0xfd0 net/socket.c:2592 ___sys_sendmsg+0x271/0x3b0 net/socket.c:2646 __sys_sendmsg net/socket.c:2678 [inline] __do_sys_sendmsg net/socket.c:2683 [inline] __se_sys_sendmsg net/socket.c:2681 [inline] __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2681 x64_sys_call+0x1e20/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:47 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x134/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f CPU: 1 UID: 0 PID: 7307 Comm: syz.4.464 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 =====================================================

Crashes (4):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	VM info	Assets (help?)	Manager	Title
2026/04/06 05:50	upstream	1791c390149f	4440e7c2	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci-upstream-kmsan-gce-root	KMSAN: uninit-value in __skb_checksum_complete
2026/02/16 18:01	upstream	0f2acd3148e0	5d52cba5	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci-upstream-kmsan-gce-root	KMSAN: uninit-value in __skb_checksum_complete
2026/02/03 15:35	upstream	6bd9ed02871f	6df4c87a	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci-upstream-kmsan-gce-root	KMSAN: uninit-value in __skb_checksum_complete
2026/02/07 05:42	upstream	2687c848e578	f20fc9f9	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci-upstream-kmsan-gce-386-root	KMSAN: uninit-value in __skb_checksum_complete

Crashes (4):

Assets (help?)