===================================================== BUG: KMSAN: uninit-value in rht_ptr_rcu include/linux/rhashtable.h:369 [inline] BUG: KMSAN: uninit-value in __rhashtable_lookup include/linux/rhashtable.h:599 [inline] BUG: KMSAN: uninit-value in rhashtable_lookup include/linux/rhashtable.h:638 [inline] BUG: KMSAN: uninit-value in inet_frag_find+0x8bf/0x2b80 net/ipv4/inet_fragment.c:362 rht_ptr_rcu include/linux/rhashtable.h:369 [inline] __rhashtable_lookup include/linux/rhashtable.h:599 [inline] rhashtable_lookup include/linux/rhashtable.h:638 [inline] inet_frag_find+0x8bf/0x2b80 net/ipv4/inet_fragment.c:362 fq_find net/ipv6/reassembly.c:99 [inline] ipv6_frag_rcv+0x1320/0x4420 net/ipv6/reassembly.c:374 ip6_protocol_deliver_rcu+0xeb3/0x2ad0 net/ipv6/ip6_input.c:422 ip6_input_finish net/ipv6/ip6_input.c:463 [inline] NF_HOOK include/linux/netfilter.h:307 [inline] ip6_input+0x130/0x390 net/ipv6/ip6_input.c:472 ip6_mc_input+0xcab/0xef0 net/ipv6/ip6_input.c:566 dst_input include/net/dst.h:460 [inline] ip6_rcv_finish+0x5fa/0x7f0 net/ipv6/ip6_input.c:76 NF_HOOK include/linux/netfilter.h:307 [inline] ipv6_rcv+0x1d1/0x460 net/ipv6/ip6_input.c:297 __netif_receive_skb_one_core net/core/dev.c:5462 [inline] __netif_receive_skb+0x1ec/0x630 net/core/dev.c:5576 process_backlog+0x562/0xc30 net/core/dev.c:6452 __napi_poll+0x14e/0xbc0 net/core/dev.c:7020 napi_poll net/core/dev.c:7087 [inline] net_rx_action+0x824/0x1880 net/core/dev.c:7174 __do_softirq+0x1fe/0x7eb kernel/softirq.c:558 do_softirq+0x16d/0x220 kernel/softirq.c:459 netif_rx_ni+0xb6/0x410 net/core/dev.c:4970 dev_loopback_xmit+0x7cb/0x8d0 net/core/dev.c:3927 NF_HOOK include/linux/netfilter.h:307 [inline] ip6_finish_output2+0x69b/0x2c50 net/ipv6/ip6_output.c:92 ip6_fragment+0x2a95/0x41a0 net/ipv6/ip6_output.c:907 __ip6_finish_output+0xca4/0x10a0 net/ipv6/ip6_output.c:189 ip6_finish_output+0x15c/0x4d0 net/ipv6/ip6_output.c:201 NF_HOOK_COND include/linux/netfilter.h:296 [inline] ip6_output+0x4ac/0x7f0 net/ipv6/ip6_output.c:224 dst_output include/net/dst.h:450 [inline] ip6_local_out+0x180/0x1f0 net/ipv6/output_core.c:161 ip6_send_skb+0xf8/0x3f0 net/ipv6/ip6_output.c:1912 udp_v6_send_skb+0x1441/0x2210 net/ipv6/udp.c:1249 udpv6_sendmsg+0x4c69/0x4f50 net/ipv6/udp.c:1547 inet6_sendmsg+0x15b/0x1d0 net/ipv6/af_inet6.c:644 sock_sendmsg_nosec net/socket.c:704 [inline] sock_sendmsg net/socket.c:724 [inline] ____sys_sendmsg+0xe11/0x12c0 net/socket.c:2409 ___sys_sendmsg net/socket.c:2463 [inline] __sys_sendmmsg+0x8cd/0xe30 net/socket.c:2542 __compat_sys_sendmmsg net/compat.c:361 [inline] __do_compat_sys_sendmmsg net/compat.c:368 [inline] __se_compat_sys_sendmmsg net/compat.c:365 [inline] __ia32_compat_sys_sendmmsg+0x127/0x180 net/compat.c:365 do_syscall_32_irqs_on arch/x86/entry/common.c:114 [inline] __do_fast_syscall_32+0x96/0xf0 arch/x86/entry/common.c:180 do_fast_syscall_32+0x34/0x70 arch/x86/entry/common.c:205 do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:248 entry_SYSENTER_compat_after_hwframe+0x4d/0x5c Uninit was stored to memory at: fq_find net/ipv6/reassembly.c:86 [inline] ipv6_frag_rcv+0x127d/0x4420 net/ipv6/reassembly.c:374 ip6_protocol_deliver_rcu+0xeb3/0x2ad0 net/ipv6/ip6_input.c:422 ip6_input_finish net/ipv6/ip6_input.c:463 [inline] NF_HOOK include/linux/netfilter.h:307 [inline] ip6_input+0x130/0x390 net/ipv6/ip6_input.c:472 ip6_mc_input+0xcab/0xef0 net/ipv6/ip6_input.c:566 dst_input include/net/dst.h:460 [inline] ip6_rcv_finish+0x5fa/0x7f0 net/ipv6/ip6_input.c:76 NF_HOOK include/linux/netfilter.h:307 [inline] ipv6_rcv+0x1d1/0x460 net/ipv6/ip6_input.c:297 __netif_receive_skb_one_core net/core/dev.c:5462 [inline] __netif_receive_skb+0x1ec/0x630 net/core/dev.c:5576 process_backlog+0x562/0xc30 net/core/dev.c:6452 __napi_poll+0x14e/0xbc0 net/core/dev.c:7020 napi_poll net/core/dev.c:7087 [inline] net_rx_action+0x824/0x1880 net/core/dev.c:7174 __do_softirq+0x1fe/0x7eb kernel/softirq.c:558 Uninit was stored to memory at: pskb_expand_head+0x3cb/0x1db0 net/core/skbuff.c:1710 skb_unclone include/linux/skbuff.h:1690 [inline] skb_copy_ubufs+0x3d4/0x2880 net/core/skbuff.c:1422 skb_orphan_frags_rx include/linux/skbuff.h:2853 [inline] deliver_skb net/core/dev.c:2215 [inline] deliver_ptype_list_skb net/core/dev.c:2233 [inline] __netif_receive_skb_core+0x4982/0x5e80 net/core/dev.c:5413 __netif_receive_skb_one_core net/core/dev.c:5460 [inline] __netif_receive_skb+0xf2/0x630 net/core/dev.c:5576 process_backlog+0x562/0xc30 net/core/dev.c:6452 __napi_poll+0x14e/0xbc0 net/core/dev.c:7020 napi_poll net/core/dev.c:7087 [inline] net_rx_action+0x824/0x1880 net/core/dev.c:7174 __do_softirq+0x1fe/0x7eb kernel/softirq.c:558 Uninit was created at: slab_post_alloc_hook mm/slab.h:524 [inline] slab_alloc_node mm/slub.c:3251 [inline] __kmalloc_node_track_caller+0xe0c/0x1510 mm/slub.c:4974 kmalloc_reserve net/core/skbuff.c:354 [inline] __alloc_skb+0x545/0xf90 net/core/skbuff.c:426 alloc_skb include/linux/skbuff.h:1126 [inline] alloc_skb_with_frags+0x1dc/0xc10 net/core/skbuff.c:6078 sock_alloc_send_pskb+0xe37/0x1010 net/core/sock.c:2575 sock_alloc_send_skb+0xca/0xe0 net/core/sock.c:2592 __ip6_append_data+0x4d4f/0x6ee0 net/ipv6/ip6_output.c:1630 ip6_make_skb+0x796/0xdd0 net/ipv6/ip6_output.c:1991 udpv6_sendmsg+0x4a8d/0x4f50 net/ipv6/udp.c:1541 inet6_sendmsg+0x15b/0x1d0 net/ipv6/af_inet6.c:644 sock_sendmsg_nosec net/socket.c:704 [inline] sock_sendmsg net/socket.c:724 [inline] ____sys_sendmsg+0xe11/0x12c0 net/socket.c:2409 ___sys_sendmsg net/socket.c:2463 [inline] __sys_sendmmsg+0x8cd/0xe30 net/socket.c:2542 __compat_sys_sendmmsg net/compat.c:361 [inline] __do_compat_sys_sendmmsg net/compat.c:368 [inline] __se_compat_sys_sendmmsg net/compat.c:365 [inline] __ia32_compat_sys_sendmmsg+0x127/0x180 net/compat.c:365 do_syscall_32_irqs_on arch/x86/entry/common.c:114 [inline] __do_fast_syscall_32+0x96/0xf0 arch/x86/entry/common.c:180 do_fast_syscall_32+0x34/0x70 arch/x86/entry/common.c:205 do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:248 entry_SYSENTER_compat_after_hwframe+0x4d/0x5c CPU: 0 PID: 1625 Comm: syz-executor.2 Not tainted 5.16.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 =====================================================