=====================================================
BUG: KMSAN: uninit-value in ____bpf_skb_get_nlattr_nest net/core/filter.c:164 [inline]
BUG: KMSAN: uninit-value in bpf_skb_get_nlattr_nest+0x14c/0x2f0 net/core/filter.c:154
CPU: 0 PID: 8814 Comm: syz-executor.1 Not tainted 5.8.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1df/0x240 lib/dump_stack.c:118
 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:121
 __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215
 ____bpf_skb_get_nlattr_nest net/core/filter.c:164 [inline]
 bpf_skb_get_nlattr_nest+0x14c/0x2f0 net/core/filter.c:154
 ___bpf_prog_run+0x214d/0x97a0 kernel/bpf/core.c:1516
 __bpf_prog_run32+0x101/0x170 kernel/bpf/core.c:1681
 bpf_dispatcher_nop_func include/linux/bpf.h:556 [inline]
 bpf_prog_run_pin_on_cpu include/linux/filter.h:597 [inline]
 bpf_prog_run_clear_cb include/linux/filter.h:719 [inline]
 run_filter net/packet/af_packet.c:2012 [inline]
 packet_rcv+0x70f/0x2150 net/packet/af_packet.c:2085
 dev_queue_xmit_nit+0x11a0/0x1280 net/core/dev.c:2355
 xmit_one net/core/dev.c:3552 [inline]
 dev_hard_start_xmit+0x20c/0xa70 net/core/dev.c:3572
 __dev_queue_xmit+0x2f8d/0x3b20 net/core/dev.c:4131
 dev_queue_xmit+0x4b/0x60 net/core/dev.c:4164
 neigh_connected_output+0x662/0x6e0 net/core/neighbour.c:1518
 neigh_output include/net/neighbour.h:509 [inline]
 ip6_finish_output2+0x20fb/0x2620 net/ipv6/ip6_output.c:117
 __ip6_finish_output+0x824/0x8e0 net/ipv6/ip6_output.c:143
 ip6_finish_output+0x166/0x410 net/ipv6/ip6_output.c:153
 NF_HOOK_COND include/linux/netfilter.h:296 [inline]
 ip6_output+0x60a/0x770 net/ipv6/ip6_output.c:176
 dst_output include/net/dst.h:443 [inline]
 NF_HOOK include/linux/netfilter.h:307 [inline]
 mld_sendpack+0xeba/0x13d0 net/ipv6/mcast.c:1679
 mld_send_cr net/ipv6/mcast.c:1975 [inline]
 mld_ifc_timer_expire+0x1158/0x1750 net/ipv6/mcast.c:2474
 call_timer_fn+0x218/0x510 kernel/time/timer.c:1404
 expire_timers kernel/time/timer.c:1449 [inline]
 __run_timers+0xd20/0x11c0 kernel/time/timer.c:1773
 run_timer_softirq+0x2d/0x50 kernel/time/timer.c:1786
 __do_softirq+0x311/0x83d kernel/softirq.c:293
 asm_call_on_stack+0x12/0x20 arch/x86/entry/entry_64.S:711
 </IRQ>
 __run_on_irqstack arch/x86/include/asm/irq_stack.h:23 [inline]
 run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:50 [inline]
 do_softirq_own_stack+0x7c/0xa0 arch/x86/kernel/irq_64.c:77
 invoke_softirq kernel/softirq.c:390 [inline]
 __irq_exit_rcu+0x226/0x270 kernel/softirq.c:420
 irq_exit_rcu+0xe/0x10 kernel/softirq.c:432
 sysvec_apic_timer_interrupt+0x107/0x130 arch/x86/kernel/apic/apic.c:1091
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:593
RIP: 0010:kmsan_get_metadata+0x24/0x180 mm/kmsan/kmsan_shadow.c:186
Code: 84 00 00 00 00 00 55 48 89 e5 41 57 41 56 53 41 89 d6 48 89 fb 48 83 e3 fc 85 d2 48 0f 44 df 40 f6 c7 03 48 0f 44 df 48 89 df <e8> f7 e1 ff ff 84 c0 75 0c 48 89 df e8 1b e2 ff ff 84 c0 74 6e f6
RSP: 0018:ffffb1d54268ba18 EFLAGS: 00000246
RAX: 0000000000000001 RBX: ffff8fd907c73d28 RCX: 0000000000000004
RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff8fd907c73d28
RBP: ffffb1d54268ba30 R08: ffffd7d5c000000f R09: ffff8fd86fffb000
R10: 0000000000000004 R11: 0000000000000000 R12: ffff8fd85a0b6558
R13: ffff8fd907c73d00 R14: 0000000000000000 R15: 0000000000000000
 kmsan_get_shadow_origin_ptr+0x6c/0xb0 mm/kmsan/kmsan_shadow.c:149
 __msan_metadata_ptr_for_load_4+0x10/0x20 mm/kmsan/kmsan_instr.c:54
 wait_consider_task+0x487/0x4740 kernel/exit.c:1291
 do_wait_thread kernel/exit.c:1380 [inline]
 do_wait+0x560/0xb70 kernel/exit.c:1451
 kernel_wait4+0x3e9/0x600 kernel/exit.c:1623
 __do_sys_wait4 kernel/exit.c:1635 [inline]
 __se_sys_wait4+0x168/0x2b0 kernel/exit.c:1631
 __x64_sys_wait4+0x56/0x70 kernel/exit.c:1631
 do_syscall_64+0xb0/0x150 arch/x86/entry/common.c:386
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x415ffa
Code: Bad RIP value.
RSP: 002b:0000000000c9fda8 EFLAGS: 00000246 ORIG_RAX: 000000000000003d
RAX: ffffffffffffffda RBX: 000000000013c8b7 RCX: 0000000000415ffa
RDX: 0000000040000001 RSI: 0000000000c9fde0 RDI: ffffffffffffffff
RBP: 000000000000093b R08: 0000000000000001 R09: 00000000016b6940
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000a
R13: 0000000000c9fde0 R14: 000000000013c7e6 R15: 0000000000c9fdf0

Uninit was stored to memory at:
 kmsan_save_stack_with_flags mm/kmsan/kmsan.c:144 [inline]
 kmsan_internal_chain_origin+0xad/0x130 mm/kmsan/kmsan.c:310
 __msan_chain_origin+0x50/0x90 mm/kmsan/kmsan_instr.c:165
 ___bpf_prog_run+0x6cbe/0x97a0 kernel/bpf/core.c:1391
 __bpf_prog_run32+0x101/0x170 kernel/bpf/core.c:1681
 bpf_dispatcher_nop_func include/linux/bpf.h:556 [inline]
 bpf_prog_run_pin_on_cpu include/linux/filter.h:597 [inline]
 bpf_prog_run_clear_cb include/linux/filter.h:719 [inline]
 run_filter net/packet/af_packet.c:2012 [inline]
 packet_rcv+0x70f/0x2150 net/packet/af_packet.c:2085
 dev_queue_xmit_nit+0x11a0/0x1280 net/core/dev.c:2355
 xmit_one net/core/dev.c:3552 [inline]
 dev_hard_start_xmit+0x20c/0xa70 net/core/dev.c:3572
 __dev_queue_xmit+0x2f8d/0x3b20 net/core/dev.c:4131
 dev_queue_xmit+0x4b/0x60 net/core/dev.c:4164
 neigh_connected_output+0x662/0x6e0 net/core/neighbour.c:1518
 neigh_output include/net/neighbour.h:509 [inline]
 ip6_finish_output2+0x20fb/0x2620 net/ipv6/ip6_output.c:117
 __ip6_finish_output+0x824/0x8e0 net/ipv6/ip6_output.c:143
 ip6_finish_output+0x166/0x410 net/ipv6/ip6_output.c:153
 NF_HOOK_COND include/linux/netfilter.h:296 [inline]
 ip6_output+0x60a/0x770 net/ipv6/ip6_output.c:176
 dst_output include/net/dst.h:443 [inline]
 NF_HOOK include/linux/netfilter.h:307 [inline]
 mld_sendpack+0xeba/0x13d0 net/ipv6/mcast.c:1679
 mld_send_cr net/ipv6/mcast.c:1975 [inline]
 mld_ifc_timer_expire+0x1158/0x1750 net/ipv6/mcast.c:2474
 call_timer_fn+0x218/0x510 kernel/time/timer.c:1404
 expire_timers kernel/time/timer.c:1449 [inline]
 __run_timers+0xd20/0x11c0 kernel/time/timer.c:1773
 run_timer_softirq+0x2d/0x50 kernel/time/timer.c:1786
 __do_softirq+0x311/0x83d kernel/softirq.c:293

Uninit was stored to memory at:
 kmsan_save_stack_with_flags mm/kmsan/kmsan.c:144 [inline]
 kmsan_internal_chain_origin+0xad/0x130 mm/kmsan/kmsan.c:310
 __msan_chain_origin+0x50/0x90 mm/kmsan/kmsan_instr.c:165
 ___bpf_prog_run+0x6c64/0x97a0 kernel/bpf/core.c:1391
 __bpf_prog_run32+0x101/0x170 kernel/bpf/core.c:1681
 bpf_dispatcher_nop_func include/linux/bpf.h:556 [inline]
 bpf_prog_run_pin_on_cpu include/linux/filter.h:597 [inline]
 bpf_prog_run_clear_cb include/linux/filter.h:719 [inline]
 run_filter net/packet/af_packet.c:2012 [inline]
 packet_rcv+0x70f/0x2150 net/packet/af_packet.c:2085
 dev_queue_xmit_nit+0x11a0/0x1280 net/core/dev.c:2355
 xmit_one net/core/dev.c:3552 [inline]
 dev_hard_start_xmit+0x20c/0xa70 net/core/dev.c:3572
 __dev_queue_xmit+0x2f8d/0x3b20 net/core/dev.c:4131
 dev_queue_xmit+0x4b/0x60 net/core/dev.c:4164
 neigh_connected_output+0x662/0x6e0 net/core/neighbour.c:1518
 neigh_output include/net/neighbour.h:509 [inline]
 ip6_finish_output2+0x20fb/0x2620 net/ipv6/ip6_output.c:117
 __ip6_finish_output+0x824/0x8e0 net/ipv6/ip6_output.c:143
 ip6_finish_output+0x166/0x410 net/ipv6/ip6_output.c:153
 NF_HOOK_COND include/linux/netfilter.h:296 [inline]
 ip6_output+0x60a/0x770 net/ipv6/ip6_output.c:176
 dst_output include/net/dst.h:443 [inline]
 NF_HOOK include/linux/netfilter.h:307 [inline]
 mld_sendpack+0xeba/0x13d0 net/ipv6/mcast.c:1679
 mld_send_cr net/ipv6/mcast.c:1975 [inline]
 mld_ifc_timer_expire+0x1158/0x1750 net/ipv6/mcast.c:2474
 call_timer_fn+0x218/0x510 kernel/time/timer.c:1404
 expire_timers kernel/time/timer.c:1449 [inline]
 __run_timers+0xd20/0x11c0 kernel/time/timer.c:1773
 run_timer_softirq+0x2d/0x50 kernel/time/timer.c:1786
 __do_softirq+0x311/0x83d kernel/softirq.c:293

Local variable ----regs@__bpf_prog_run32 created at:
 __bpf_prog_run32+0x87/0x170 kernel/bpf/core.c:1681
 __bpf_prog_run32+0x87/0x170 kernel/bpf/core.c:1681
=====================================================