=====================================================
BUG: KMSAN: uninit-value in ____bpf_skb_get_nlattr net/core/filter.c:144 [inline]
BUG: KMSAN: uninit-value in bpf_skb_get_nlattr+0x145/0x290 net/core/filter.c:134
CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 5.8.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1df/0x240 lib/dump_stack.c:118
 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:121
 __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215
 ____bpf_skb_get_nlattr net/core/filter.c:144 [inline]
 bpf_skb_get_nlattr+0x145/0x290 net/core/filter.c:134
 ___bpf_prog_run+0x214d/0x97a0 kernel/bpf/core.c:1516
 __bpf_prog_run32+0x101/0x170 kernel/bpf/core.c:1681
 bpf_dispatcher_nop_func include/linux/bpf.h:556 [inline]
 bpf_prog_run_pin_on_cpu include/linux/filter.h:597 [inline]
 bpf_prog_run_clear_cb include/linux/filter.h:719 [inline]
 run_filter net/packet/af_packet.c:2012 [inline]
 packet_rcv+0x70f/0x2150 net/packet/af_packet.c:2085
 dev_queue_xmit_nit+0x11a0/0x1280 net/core/dev.c:2355
 xmit_one net/core/dev.c:3552 [inline]
 dev_hard_start_xmit+0x20c/0xa70 net/core/dev.c:3572
 __dev_queue_xmit+0x2f8d/0x3b20 net/core/dev.c:4131
 dev_queue_xmit+0x4b/0x60 net/core/dev.c:4164
 br_dev_queue_push_xmit+0x905/0x9f0 net/bridge/br_forward.c:52
 br_nf_dev_queue_xmit+0x693/0x1910 include/linux/skbuff.h:4195
 NF_HOOK include/linux/netfilter.h:307 [inline]
 br_nf_post_routing+0x1542/0x17f0 net/bridge/br_netfilter_hooks.c:851
 nf_hook_entry_hookfn include/linux/netfilter.h:135 [inline]
 nf_hook_slow+0x16e/0x400 net/netfilter/core.c:512
 nf_hook include/linux/netfilter.h:262 [inline]
 NF_HOOK include/linux/netfilter.h:305 [inline]
 br_forward_finish+0x24a/0x3f0 net/bridge/br_forward.c:65
 br_nf_hook_thresh net/bridge/br_netfilter_hooks.c:1009 [inline]
 br_nf_forward_finish+0xf47/0x11a0 net/bridge/br_netfilter_hooks.c:564
 NF_HOOK include/linux/netfilter.h:307 [inline]
 br_nf_forward_ip+0x1d33/0x1f40 net/bridge/br_netfilter_hooks.c:634
 nf_hook_entry_hookfn include/linux/netfilter.h:135 [inline]
 nf_hook_slow+0x16e/0x400 net/netfilter/core.c:512
 nf_hook include/linux/netfilter.h:262 [inline]
 NF_HOOK include/linux/netfilter.h:305 [inline]
 __br_forward+0x773/0xd10 net/bridge/br_forward.c:109
 deliver_clone net/bridge/br_forward.c:125 [inline]
 br_flood+0xe29/0x1020 net/bridge/br_forward.c:232
 br_handle_frame_finish+0x1a00/0x1bb0 net/bridge/br_input.c:166
 br_nf_hook_thresh+0x4f7/0x680 net/bridge/br_netfilter_hooks.c:1021
 br_nf_pre_routing_finish_ipv6+0xe72/0x1000 net/bridge/br_netfilter_ipv6.c:187
 NF_HOOK include/linux/netfilter.h:307 [inline]
 br_nf_pre_routing_ipv6+0x6ad/0x7f0 net/bridge/br_netfilter_ipv6.c:236
 br_nf_pre_routing+0xd0e/0x1fd0 net/bridge/br_netfilter_hooks.c:505
 nf_hook_entry_hookfn include/linux/netfilter.h:135 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:228 [inline]
 br_handle_frame+0xcd2/0x2050 net/bridge/br_input.c:356
 __netif_receive_skb_core+0x213f/0x5890 net/core/dev.c:5175
 __netif_receive_skb_one_core net/core/dev.c:5279 [inline]
 __netif_receive_skb net/core/dev.c:5395 [inline]
 process_backlog+0x605/0x14e0 net/core/dev.c:6239
 napi_poll net/core/dev.c:6684 [inline]
 net_rx_action+0x746/0x1aa0 net/core/dev.c:6752
 __do_softirq+0x311/0x83d kernel/softirq.c:293
 run_ksoftirqd+0x25/0x40 kernel/softirq.c:634
 smpboot_thread_fn+0x493/0x980 kernel/smpboot.c:165
 kthread+0x515/0x550 kernel/kthread.c:292
 ret_from_fork+0x22/0x30 arch/x86/entry/entry_64.S:293

Uninit was stored to memory at:
 kmsan_save_stack_with_flags mm/kmsan/kmsan.c:144 [inline]
 kmsan_internal_chain_origin+0xad/0x130 mm/kmsan/kmsan.c:310
 __msan_chain_origin+0x50/0x90 mm/kmsan/kmsan_instr.c:165
 ___bpf_prog_run+0x6cbe/0x97a0 kernel/bpf/core.c:1391
 __bpf_prog_run32+0x101/0x170 kernel/bpf/core.c:1681
 bpf_dispatcher_nop_func include/linux/bpf.h:556 [inline]
 bpf_prog_run_pin_on_cpu include/linux/filter.h:597 [inline]
 bpf_prog_run_clear_cb include/linux/filter.h:719 [inline]
 run_filter net/packet/af_packet.c:2012 [inline]
 packet_rcv+0x70f/0x2150 net/packet/af_packet.c:2085
 dev_queue_xmit_nit+0x11a0/0x1280 net/core/dev.c:2355
 xmit_one net/core/dev.c:3552 [inline]
 dev_hard_start_xmit+0x20c/0xa70 net/core/dev.c:3572
 __dev_queue_xmit+0x2f8d/0x3b20 net/core/dev.c:4131
 dev_queue_xmit+0x4b/0x60 net/core/dev.c:4164
 br_dev_queue_push_xmit+0x905/0x9f0 net/bridge/br_forward.c:52
 br_nf_dev_queue_xmit+0x693/0x1910 include/linux/skbuff.h:4195
 NF_HOOK include/linux/netfilter.h:307 [inline]
 br_nf_post_routing+0x1542/0x17f0 net/bridge/br_netfilter_hooks.c:851
 nf_hook_entry_hookfn include/linux/netfilter.h:135 [inline]
 nf_hook_slow+0x16e/0x400 net/netfilter/core.c:512
 nf_hook include/linux/netfilter.h:262 [inline]
 NF_HOOK include/linux/netfilter.h:305 [inline]
 br_forward_finish+0x24a/0x3f0 net/bridge/br_forward.c:65
 br_nf_hook_thresh net/bridge/br_netfilter_hooks.c:1009 [inline]
 br_nf_forward_finish+0xf47/0x11a0 net/bridge/br_netfilter_hooks.c:564
 NF_HOOK include/linux/netfilter.h:307 [inline]
 br_nf_forward_ip+0x1d33/0x1f40 net/bridge/br_netfilter_hooks.c:634
 nf_hook_entry_hookfn include/linux/netfilter.h:135 [inline]
 nf_hook_slow+0x16e/0x400 net/netfilter/core.c:512
 nf_hook include/linux/netfilter.h:262 [inline]
 NF_HOOK include/linux/netfilter.h:305 [inline]
 __br_forward+0x773/0xd10 net/bridge/br_forward.c:109
 deliver_clone net/bridge/br_forward.c:125 [inline]
 br_flood+0xe29/0x1020 net/bridge/br_forward.c:232
 br_handle_frame_finish+0x1a00/0x1bb0 net/bridge/br_input.c:166
 br_nf_hook_thresh+0x4f7/0x680 net/bridge/br_netfilter_hooks.c:1021
 br_nf_pre_routing_finish_ipv6+0xe72/0x1000 net/bridge/br_netfilter_ipv6.c:187
 NF_HOOK include/linux/netfilter.h:307 [inline]
 br_nf_pre_routing_ipv6+0x6ad/0x7f0 net/bridge/br_netfilter_ipv6.c:236
 br_nf_pre_routing+0xd0e/0x1fd0 net/bridge/br_netfilter_hooks.c:505
 nf_hook_entry_hookfn include/linux/netfilter.h:135 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:228 [inline]
 br_handle_frame+0xcd2/0x2050 net/bridge/br_input.c:356
 __netif_receive_skb_core+0x213f/0x5890 net/core/dev.c:5175
 __netif_receive_skb_one_core net/core/dev.c:5279 [inline]
 __netif_receive_skb net/core/dev.c:5395 [inline]
 process_backlog+0x605/0x14e0 net/core/dev.c:6239
 napi_poll net/core/dev.c:6684 [inline]
 net_rx_action+0x746/0x1aa0 net/core/dev.c:6752
 __do_softirq+0x311/0x83d kernel/softirq.c:293

Uninit was stored to memory at:
 kmsan_save_stack_with_flags mm/kmsan/kmsan.c:144 [inline]
 kmsan_internal_chain_origin+0xad/0x130 mm/kmsan/kmsan.c:310
 __msan_chain_origin+0x50/0x90 mm/kmsan/kmsan_instr.c:165
 ___bpf_prog_run+0x6c64/0x97a0 kernel/bpf/core.c:1391
 __bpf_prog_run32+0x101/0x170 kernel/bpf/core.c:1681
 bpf_dispatcher_nop_func include/linux/bpf.h:556 [inline]
 bpf_prog_run_pin_on_cpu include/linux/filter.h:597 [inline]
 bpf_prog_run_clear_cb include/linux/filter.h:719 [inline]
 run_filter net/packet/af_packet.c:2012 [inline]
 packet_rcv+0x70f/0x2150 net/packet/af_packet.c:2085
 dev_queue_xmit_nit+0x11a0/0x1280 net/core/dev.c:2355
 xmit_one net/core/dev.c:3552 [inline]
 dev_hard_start_xmit+0x20c/0xa70 net/core/dev.c:3572
 __dev_queue_xmit+0x2f8d/0x3b20 net/core/dev.c:4131
 dev_queue_xmit+0x4b/0x60 net/core/dev.c:4164
 br_dev_queue_push_xmit+0x905/0x9f0 net/bridge/br_forward.c:52
 br_nf_dev_queue_xmit+0x693/0x1910 include/linux/skbuff.h:4195
 NF_HOOK include/linux/netfilter.h:307 [inline]
 br_nf_post_routing+0x1542/0x17f0 net/bridge/br_netfilter_hooks.c:851
 nf_hook_entry_hookfn include/linux/netfilter.h:135 [inline]
 nf_hook_slow+0x16e/0x400 net/netfilter/core.c:512
 nf_hook include/linux/netfilter.h:262 [inline]
 NF_HOOK include/linux/netfilter.h:305 [inline]
 br_forward_finish+0x24a/0x3f0 net/bridge/br_forward.c:65
 br_nf_hook_thresh net/bridge/br_netfilter_hooks.c:1009 [inline]
 br_nf_forward_finish+0xf47/0x11a0 net/bridge/br_netfilter_hooks.c:564
 NF_HOOK include/linux/netfilter.h:307 [inline]
 br_nf_forward_ip+0x1d33/0x1f40 net/bridge/br_netfilter_hooks.c:634
 nf_hook_entry_hookfn include/linux/netfilter.h:135 [inline]
 nf_hook_slow+0x16e/0x400 net/netfilter/core.c:512
 nf_hook include/linux/netfilter.h:262 [inline]
 NF_HOOK include/linux/netfilter.h:305 [inline]
 __br_forward+0x773/0xd10 net/bridge/br_forward.c:109
 deliver_clone net/bridge/br_forward.c:125 [inline]
 br_flood+0xe29/0x1020 net/bridge/br_forward.c:232
 br_handle_frame_finish+0x1a00/0x1bb0 net/bridge/br_input.c:166
 br_nf_hook_thresh+0x4f7/0x680 net/bridge/br_netfilter_hooks.c:1021
 br_nf_pre_routing_finish_ipv6+0xe72/0x1000 net/bridge/br_netfilter_ipv6.c:187
 NF_HOOK include/linux/netfilter.h:307 [inline]
 br_nf_pre_routing_ipv6+0x6ad/0x7f0 net/bridge/br_netfilter_ipv6.c:236
 br_nf_pre_routing+0xd0e/0x1fd0 net/bridge/br_netfilter_hooks.c:505
 nf_hook_entry_hookfn include/linux/netfilter.h:135 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:228 [inline]
 br_handle_frame+0xcd2/0x2050 net/bridge/br_input.c:356
 __netif_receive_skb_core+0x213f/0x5890 net/core/dev.c:5175
 __netif_receive_skb_one_core net/core/dev.c:5279 [inline]
 __netif_receive_skb net/core/dev.c:5395 [inline]
 process_backlog+0x605/0x14e0 net/core/dev.c:6239
 napi_poll net/core/dev.c:6684 [inline]
 net_rx_action+0x746/0x1aa0 net/core/dev.c:6752
 __do_softirq+0x311/0x83d kernel/softirq.c:293

Local variable ----regs@__bpf_prog_run32 created at:
 __bpf_prog_run32+0x87/0x170 kernel/bpf/core.c:1681
 __bpf_prog_run32+0x87/0x170 kernel/bpf/core.c:1681
=====================================================