===================================================== BUG: KMSAN: uninit-value in can_receive+0x26b/0x630 net/can/af_can.c:652 CPU: 1 PID: 889 Comm: kworker/u4:11 Not tainted 5.9.0-rc8-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: bat_events batadv_nc_worker Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x21c/0x280 lib/dump_stack.c:118 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:122 __msan_warning+0x5f/0xa0 mm/kmsan/kmsan_instr.c:201 can_receive+0x26b/0x630 net/can/af_can.c:652 can_rcv+0x1fb/0x410 net/can/af_can.c:688 __netif_receive_skb_one_core net/core/dev.c:5286 [inline] __netif_receive_skb+0x1ec/0x640 net/core/dev.c:5400 process_backlog+0x523/0xc10 net/core/dev.c:6242 napi_poll+0x4aa/0x1090 net/core/dev.c:6688 net_rx_action+0x35c/0xd40 net/core/dev.c:6758 __do_softirq+0x1b9/0x7ed kernel/softirq.c:298 asm_call_irq_on_stack+0xf/0x20 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline] do_softirq_own_stack+0x6e/0x90 arch/x86/kernel/irq_64.c:77 invoke_softirq kernel/softirq.c:393 [inline] __irq_exit_rcu+0x226/0x270 kernel/softirq.c:423 irq_exit_rcu+0xe/0x10 kernel/softirq.c:435 sysvec_apic_timer_interrupt+0x106/0x130 arch/x86/kernel/apic/apic.c:1091 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:599 RIP: 0010:__nr_to_section include/linux/mmzone.h:1231 [inline] RIP: 0010:pfn_valid include/linux/mmzone.h:1341 [inline] RIP: 0010:kmsan_virt_addr_valid mm/kmsan/kmsan_shadow.c:91 [inline] RIP: 0010:virt_to_page_or_null+0x56/0xf0 mm/kmsan/kmsan_shadow.c:129 Code: 89 d6 48 d3 ee 48 85 f6 75 44 48 89 d1 48 c1 e9 2e 75 3b 48 8b 0d 3a 13 f5 0e 48 85 c9 74 2f 48 89 d6 48 c1 ee 23 4c 8b 0c f1 <4d> 85 c9 74 1f 48 89 d1 48 c1 e9 1b 0f b6 f1 48 c1 e6 04 4c 89 c9 RSP: 0018:ffff888136757ae8 EFLAGS: 00000246 RAX: ffff8880dab18780 RBX: ffff88805ab18780 RCX: ffff88823fff4000 RDX: 000000005ab18780 RSI: 0000000000000000 RDI: ffff88805ab18780 RBP: ffff888136757ae8 R08: ffffea000000000f R09: ffff88813fffa000 R10: 0000000000000004 R11: 0000000000000000 R12: 0000000000000000 R13: ffff888136426558 R14: 0000000000000000 R15: 0000000000000001 kmsan_get_metadata+0x116/0x180 mm/kmsan/kmsan_shadow.c:194 kmsan_get_shadow_origin_ptr+0x6f/0xb0 mm/kmsan/kmsan_shadow.c:149 __msan_metadata_ptr_for_load_8+0x10/0x20 mm/kmsan/kmsan_instr.c:59 batadv_nc_purge_orig_hash net/batman-adv/network-coding.c:408 [inline] batadv_nc_worker+0x126/0x1d70 net/batman-adv/network-coding.c:718 process_one_work+0x1224/0x20a0 kernel/workqueue.c:2269 worker_thread+0x10cc/0x2740 kernel/workqueue.c:2415 kthread+0x51c/0x560 kernel/kthread.c:293 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 Uninit was created at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:129 [inline] kmsan_internal_poison_shadow+0x5c/0xf0 mm/kmsan/kmsan.c:112 kmsan_slab_alloc+0x8d/0xe0 mm/kmsan/kmsan_hooks.c:80 slab_alloc_node mm/slub.c:2903 [inline] __kmalloc_node_track_caller+0x7de/0x1320 mm/slub.c:4507 __kmalloc_reserve net/core/skbuff.c:142 [inline] __alloc_skb+0x309/0xae0 net/core/skbuff.c:210 alloc_skb include/linux/skbuff.h:1094 [inline] j1939_tp_tx_dat_new net/can/j1939/transport.c:575 [inline] j1939_xtp_do_tx_ctl net/can/j1939/transport.c:635 [inline] j1939_tp_tx_ctl net/can/j1939/transport.c:653 [inline] j1939_session_tx_rts net/can/j1939/transport.c:721 [inline] j1939_xtp_txnext_transmiter net/can/j1939/transport.c:853 [inline] j1939_tp_txtimer+0x40cb/0x7950 net/can/j1939/transport.c:1116 __run_hrtimer+0x478/0xec0 kernel/time/hrtimer.c:1524 __hrtimer_run_queues kernel/time/hrtimer.c:1588 [inline] hrtimer_run_softirq+0x3bf/0x690 kernel/time/hrtimer.c:1605 __do_softirq+0x1b9/0x7ed kernel/softirq.c:298 =====================================================