===================================================== BUG: KMSAN: uninit-value in ____bpf_skb_get_nlattr net/core/filter.c:144 [inline] BUG: KMSAN: uninit-value in bpf_skb_get_nlattr+0x145/0x290 net/core/filter.c:134 CPU: 1 PID: 3851 Comm: kworker/1:2 Not tainted 5.8.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: ipv6_addrconf addrconf_dad_work Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1df/0x240 lib/dump_stack.c:118 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:121 __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215 ____bpf_skb_get_nlattr net/core/filter.c:144 [inline] bpf_skb_get_nlattr+0x145/0x290 net/core/filter.c:134 ___bpf_prog_run+0x214d/0x97a0 kernel/bpf/core.c:1516 __bpf_prog_run32+0x101/0x170 kernel/bpf/core.c:1681 bpf_dispatcher_nop_func include/linux/bpf.h:556 [inline] bpf_prog_run_pin_on_cpu include/linux/filter.h:597 [inline] bpf_prog_run_clear_cb include/linux/filter.h:719 [inline] run_filter net/packet/af_packet.c:2012 [inline] packet_rcv+0x70f/0x2150 net/packet/af_packet.c:2085 dev_queue_xmit_nit+0x11a0/0x1280 net/core/dev.c:2355 xmit_one net/core/dev.c:3552 [inline] dev_hard_start_xmit+0x20c/0xa70 net/core/dev.c:3572 sch_direct_xmit+0x580/0x1890 net/sched/sch_generic.c:314 qdisc_restart net/sched/sch_generic.c:377 [inline] __qdisc_run+0x155c/0x33a0 net/sched/sch_generic.c:385 qdisc_run include/net/pkt_sched.h:134 [inline] __dev_xmit_skb net/core/dev.c:3747 [inline] __dev_queue_xmit+0x23b7/0x3b20 net/core/dev.c:4100 dev_queue_xmit+0x4b/0x60 net/core/dev.c:4164 neigh_connected_output+0x662/0x6e0 net/core/neighbour.c:1518 neigh_output include/net/neighbour.h:509 [inline] ip6_finish_output2+0x20fb/0x2620 net/ipv6/ip6_output.c:117 __ip6_finish_output+0x824/0x8e0 net/ipv6/ip6_output.c:143 ip6_finish_output+0x166/0x410 net/ipv6/ip6_output.c:153 NF_HOOK_COND include/linux/netfilter.h:296 [inline] ip6_output+0x60a/0x770 net/ipv6/ip6_output.c:176 dst_output include/net/dst.h:443 [inline] NF_HOOK include/linux/netfilter.h:307 [inline] mld_sendpack+0xeba/0x13d0 net/ipv6/mcast.c:1679 mld_send_initial_cr+0x448/0x4c0 net/ipv6/mcast.c:2096 ipv6_mc_dad_complete+0xae/0x600 net/ipv6/mcast.c:2103 addrconf_dad_completed+0x8a7/0x1540 net/ipv6/addrconf.c:4146 addrconf_dad_begin net/ipv6/addrconf.c:3933 [inline] addrconf_dad_work+0x1a7b/0x2ac0 net/ipv6/addrconf.c:4035 process_one_work+0x1540/0x1f30 kernel/workqueue.c:2269 worker_thread+0xed2/0x23f0 kernel/workqueue.c:2415 kthread+0x515/0x550 kernel/kthread.c:292 ret_from_fork+0x22/0x30 arch/x86/entry/entry_64.S:293 Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:144 [inline] kmsan_internal_chain_origin+0xad/0x130 mm/kmsan/kmsan.c:310 __msan_chain_origin+0x50/0x90 mm/kmsan/kmsan_instr.c:165 ___bpf_prog_run+0x6cbe/0x97a0 kernel/bpf/core.c:1391 __bpf_prog_run32+0x101/0x170 kernel/bpf/core.c:1681 bpf_dispatcher_nop_func include/linux/bpf.h:556 [inline] bpf_prog_run_pin_on_cpu include/linux/filter.h:597 [inline] bpf_prog_run_clear_cb include/linux/filter.h:719 [inline] run_filter net/packet/af_packet.c:2012 [inline] packet_rcv+0x70f/0x2150 net/packet/af_packet.c:2085 dev_queue_xmit_nit+0x11a0/0x1280 net/core/dev.c:2355 xmit_one net/core/dev.c:3552 [inline] dev_hard_start_xmit+0x20c/0xa70 net/core/dev.c:3572 sch_direct_xmit+0x580/0x1890 net/sched/sch_generic.c:314 qdisc_restart net/sched/sch_generic.c:377 [inline] __qdisc_run+0x155c/0x33a0 net/sched/sch_generic.c:385 qdisc_run include/net/pkt_sched.h:134 [inline] __dev_xmit_skb net/core/dev.c:3747 [inline] __dev_queue_xmit+0x23b7/0x3b20 net/core/dev.c:4100 dev_queue_xmit+0x4b/0x60 net/core/dev.c:4164 neigh_connected_output+0x662/0x6e0 net/core/neighbour.c:1518 neigh_output include/net/neighbour.h:509 [inline] ip6_finish_output2+0x20fb/0x2620 net/ipv6/ip6_output.c:117 __ip6_finish_output+0x824/0x8e0 net/ipv6/ip6_output.c:143 ip6_finish_output+0x166/0x410 net/ipv6/ip6_output.c:153 NF_HOOK_COND include/linux/netfilter.h:296 [inline] ip6_output+0x60a/0x770 net/ipv6/ip6_output.c:176 dst_output include/net/dst.h:443 [inline] NF_HOOK include/linux/netfilter.h:307 [inline] mld_sendpack+0xeba/0x13d0 net/ipv6/mcast.c:1679 mld_send_initial_cr+0x448/0x4c0 net/ipv6/mcast.c:2096 ipv6_mc_dad_complete+0xae/0x600 net/ipv6/mcast.c:2103 addrconf_dad_completed+0x8a7/0x1540 net/ipv6/addrconf.c:4146 addrconf_dad_begin net/ipv6/addrconf.c:3933 [inline] addrconf_dad_work+0x1a7b/0x2ac0 net/ipv6/addrconf.c:4035 process_one_work+0x1540/0x1f30 kernel/workqueue.c:2269 worker_thread+0xed2/0x23f0 kernel/workqueue.c:2415 kthread+0x515/0x550 kernel/kthread.c:292 ret_from_fork+0x22/0x30 arch/x86/entry/entry_64.S:293 Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:144 [inline] kmsan_internal_chain_origin+0xad/0x130 mm/kmsan/kmsan.c:310 __msan_chain_origin+0x50/0x90 mm/kmsan/kmsan_instr.c:165 ___bpf_prog_run+0x6c64/0x97a0 kernel/bpf/core.c:1391 __bpf_prog_run32+0x101/0x170 kernel/bpf/core.c:1681 bpf_dispatcher_nop_func include/linux/bpf.h:556 [inline] bpf_prog_run_pin_on_cpu include/linux/filter.h:597 [inline] bpf_prog_run_clear_cb include/linux/filter.h:719 [inline] run_filter net/packet/af_packet.c:2012 [inline] packet_rcv+0x70f/0x2150 net/packet/af_packet.c:2085 dev_queue_xmit_nit+0x11a0/0x1280 net/core/dev.c:2355 xmit_one net/core/dev.c:3552 [inline] dev_hard_start_xmit+0x20c/0xa70 net/core/dev.c:3572 sch_direct_xmit+0x580/0x1890 net/sched/sch_generic.c:314 qdisc_restart net/sched/sch_generic.c:377 [inline] __qdisc_run+0x155c/0x33a0 net/sched/sch_generic.c:385 qdisc_run include/net/pkt_sched.h:134 [inline] __dev_xmit_skb net/core/dev.c:3747 [inline] __dev_queue_xmit+0x23b7/0x3b20 net/core/dev.c:4100 dev_queue_xmit+0x4b/0x60 net/core/dev.c:4164 neigh_connected_output+0x662/0x6e0 net/core/neighbour.c:1518 neigh_output include/net/neighbour.h:509 [inline] ip6_finish_output2+0x20fb/0x2620 net/ipv6/ip6_output.c:117 __ip6_finish_output+0x824/0x8e0 net/ipv6/ip6_output.c:143 ip6_finish_output+0x166/0x410 net/ipv6/ip6_output.c:153 NF_HOOK_COND include/linux/netfilter.h:296 [inline] ip6_output+0x60a/0x770 net/ipv6/ip6_output.c:176 dst_output include/net/dst.h:443 [inline] NF_HOOK include/linux/netfilter.h:307 [inline] mld_sendpack+0xeba/0x13d0 net/ipv6/mcast.c:1679 mld_send_initial_cr+0x448/0x4c0 net/ipv6/mcast.c:2096 ipv6_mc_dad_complete+0xae/0x600 net/ipv6/mcast.c:2103 addrconf_dad_completed+0x8a7/0x1540 net/ipv6/addrconf.c:4146 addrconf_dad_begin net/ipv6/addrconf.c:3933 [inline] addrconf_dad_work+0x1a7b/0x2ac0 net/ipv6/addrconf.c:4035 process_one_work+0x1540/0x1f30 kernel/workqueue.c:2269 worker_thread+0xed2/0x23f0 kernel/workqueue.c:2415 kthread+0x515/0x550 kernel/kthread.c:292 ret_from_fork+0x22/0x30 arch/x86/entry/entry_64.S:293 Local variable ----regs@__bpf_prog_run32 created at: __bpf_prog_run32+0x87/0x170 kernel/bpf/core.c:1681 __bpf_prog_run32+0x87/0x170 kernel/bpf/core.c:1681 =====================================================