===================================================== BUG: KMSAN: uninit-value in __skb_checksum_complete+0x371/0x480 net/core/skbuff.c:3806 __skb_checksum_complete+0x371/0x480 net/core/skbuff.c:3806 __skb_checksum_validate_complete include/linux/skbuff.h:4858 [inline] icmp_rcv+0xc0b/0x2460 net/ipv4/icmp.c:1467 ip_protocol_deliver_rcu+0xb3d/0x13d0 net/ipv4/ip_input.c:207 ip_local_deliver_finish+0x409/0x720 net/ipv4/ip_input.c:241 NF_HOOK include/linux/netfilter.h:318 [inline] ip_local_deliver+0x228/0x4a0 net/ipv4/ip_input.c:262 dst_input include/net/dst.h:480 [inline] ip_rcv_finish+0x4d7/0x560 net/ipv4/ip_input.c:453 NF_HOOK include/linux/netfilter.h:318 [inline] ip_rcv+0xcb/0x370 net/ipv4/ip_input.c:573 __netif_receive_skb_one_core net/core/dev.c:6181 [inline] __netif_receive_skb net/core/dev.c:6294 [inline] process_backlog+0x8d7/0x1500 net/core/dev.c:6645 __napi_poll+0xdc/0x950 net/core/dev.c:7709 napi_poll net/core/dev.c:7772 [inline] net_rx_action+0xa5b/0x1c70 net/core/dev.c:7929 handle_softirqs+0x171/0x7e0 kernel/softirq.c:622 __do_softirq+0x14/0x1b kernel/softirq.c:656 do_softirq+0x58/0x90 kernel/softirq.c:523 __local_bh_enable_ip+0xa1/0xb0 kernel/softirq.c:450 local_bh_enable include/linux/bottom_half.h:33 [inline] __icmp_send+0x1c72/0x1cc0 net/ipv4/icmp.c:1009 icmp_send include/net/icmp.h:43 [inline] ip_fragment+0x287/0x2c0 net/ipv4/ip_output.c:589 ip_finish_output_gso net/ipv4/ip_output.c:288 [inline] __ip_finish_output net/ipv4/ip_output.c:310 [inline] ip_finish_output+0x6af/0x860 net/ipv4/ip_output.c:325 NF_HOOK_COND include/linux/netfilter.h:307 [inline] ip_output+0x14f/0x3e0 net/ipv4/ip_output.c:438 dst_output include/net/dst.h:470 [inline] ip_local_out net/ipv4/ip_output.c:131 [inline] __ip_queue_xmit+0x1f82/0x20b0 net/ipv4/ip_output.c:534 ip_queue_xmit+0x60/0x80 net/ipv4/ip_output.c:548 __tcp_transmit_skb+0x4a9a/0x5ce0 net/ipv4/tcp_output.c:1693 tcp_transmit_skb net/ipv4/tcp_output.c:1711 [inline] tcp_write_xmit+0x4ea0/0xa170 net/ipv4/tcp_output.c:3064 __tcp_push_pending_frames+0xc5/0x3c0 net/ipv4/tcp_output.c:3247 tcp_sendmsg_locked+0x306d/0x7d30 net/ipv4/tcp.c:1406 tcp_sendmsg+0x4b/0x90 net/ipv4/tcp.c:1465 inet_sendmsg+0x134/0x290 net/ipv4/af_inet.c:865 sock_sendmsg_nosec net/socket.c:727 [inline] __sock_sendmsg net/socket.c:742 [inline] ____sys_sendmsg+0xd27/0xfd0 net/socket.c:2592 ___sys_sendmsg+0x271/0x3b0 net/socket.c:2646 __sys_sendmsg net/socket.c:2678 [inline] __do_sys_sendmsg net/socket.c:2683 [inline] __se_sys_sendmsg net/socket.c:2681 [inline] __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2681 x64_sys_call+0x1e20/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:47 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x134/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was stored to memory at: csum_partial_copy_nocheck include/net/checksum.h:53 [inline] skb_copy_and_csum_bits+0x150/0x1580 net/core/skbuff.c:3618 icmp_glue_bits+0x8e/0x2f0 net/ipv4/icmp.c:371 __ip_append_data+0x60ed/0x7030 net/ipv4/ip_output.c:1172 ip_append_data+0x144/0x220 net/ipv4/ip_output.c:1378 icmp_push_reply+0xb7/0x760 net/ipv4/icmp.c:388 __icmp_send+0x1b43/0x1cc0 net/ipv4/icmp.c:1000 icmp_send include/net/icmp.h:43 [inline] ip_fragment+0x287/0x2c0 net/ipv4/ip_output.c:589 ip_finish_output_gso net/ipv4/ip_output.c:288 [inline] __ip_finish_output net/ipv4/ip_output.c:310 [inline] ip_finish_output+0x6af/0x860 net/ipv4/ip_output.c:325 NF_HOOK_COND include/linux/netfilter.h:307 [inline] ip_output+0x14f/0x3e0 net/ipv4/ip_output.c:438 dst_output include/net/dst.h:470 [inline] ip_local_out net/ipv4/ip_output.c:131 [inline] __ip_queue_xmit+0x1f82/0x20b0 net/ipv4/ip_output.c:534 ip_queue_xmit+0x60/0x80 net/ipv4/ip_output.c:548 __tcp_transmit_skb+0x4a9a/0x5ce0 net/ipv4/tcp_output.c:1693 tcp_transmit_skb net/ipv4/tcp_output.c:1711 [inline] tcp_write_xmit+0x4ea0/0xa170 net/ipv4/tcp_output.c:3064 __tcp_push_pending_frames+0xc5/0x3c0 net/ipv4/tcp_output.c:3247 tcp_sendmsg_locked+0x306d/0x7d30 net/ipv4/tcp.c:1406 tcp_sendmsg+0x4b/0x90 net/ipv4/tcp.c:1465 inet_sendmsg+0x134/0x290 net/ipv4/af_inet.c:865 sock_sendmsg_nosec net/socket.c:727 [inline] __sock_sendmsg net/socket.c:742 [inline] ____sys_sendmsg+0xd27/0xfd0 net/socket.c:2592 ___sys_sendmsg+0x271/0x3b0 net/socket.c:2646 __sys_sendmsg net/socket.c:2678 [inline] __do_sys_sendmsg net/socket.c:2683 [inline] __se_sys_sendmsg net/socket.c:2681 [inline] __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2681 x64_sys_call+0x1e20/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:47 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x134/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was stored to memory at: skb_copy_bits+0x7a1/0x1120 net/core/skbuff.c:3055 skb_segment+0x5528/0x7ba0 net/core/skbuff.c:4978 tcp_gso_segment+0xab0/0x2df0 net/ipv4/tcp_offload.c:181 tcp4_gso_segment+0xe28/0x1c10 net/ipv4/tcp_offload.c:130 inet_gso_segment+0xd4d/0x1f00 net/ipv4/af_inet.c:1417 skb_mac_gso_segment+0x425/0x890 net/core/gso.c:53 __skb_gso_segment+0x695/0x8b0 net/core/gso.c:124 skb_gso_segment include/net/gso.h:83 [inline] ip_finish_output_gso net/ipv4/ip_output.c:276 [inline] __ip_finish_output net/ipv4/ip_output.c:310 [inline] ip_finish_output+0x45e/0x860 net/ipv4/ip_output.c:325 NF_HOOK_COND include/linux/netfilter.h:307 [inline] ip_output+0x14f/0x3e0 net/ipv4/ip_output.c:438 dst_output include/net/dst.h:470 [inline] ip_local_out net/ipv4/ip_output.c:131 [inline] __ip_queue_xmit+0x1f82/0x20b0 net/ipv4/ip_output.c:534 ip_queue_xmit+0x60/0x80 net/ipv4/ip_output.c:548 __tcp_transmit_skb+0x4a9a/0x5ce0 net/ipv4/tcp_output.c:1693 tcp_transmit_skb net/ipv4/tcp_output.c:1711 [inline] tcp_write_xmit+0x4ea0/0xa170 net/ipv4/tcp_output.c:3064 __tcp_push_pending_frames+0xc5/0x3c0 net/ipv4/tcp_output.c:3247 tcp_sendmsg_locked+0x306d/0x7d30 net/ipv4/tcp.c:1406 tcp_sendmsg+0x4b/0x90 net/ipv4/tcp.c:1465 inet_sendmsg+0x134/0x290 net/ipv4/af_inet.c:865 sock_sendmsg_nosec net/socket.c:727 [inline] __sock_sendmsg net/socket.c:742 [inline] ____sys_sendmsg+0xd27/0xfd0 net/socket.c:2592 ___sys_sendmsg+0x271/0x3b0 net/socket.c:2646 __sys_sendmsg net/socket.c:2678 [inline] __do_sys_sendmsg net/socket.c:2683 [inline] __se_sys_sendmsg net/socket.c:2681 [inline] __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2681 x64_sys_call+0x1e20/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:47 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x134/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was created at: __alloc_frozen_pages_noprof+0x6f7/0x1020 mm/page_alloc.c:5273 alloc_pages_mpol+0x328/0x860 mm/mempolicy.c:2490 alloc_frozen_pages_noprof mm/mempolicy.c:2561 [inline] alloc_pages_noprof+0x101/0x290 mm/mempolicy.c:2581 skb_page_frag_refill+0x34e/0x730 net/core/sock.c:3146 sk_page_frag_refill+0x59/0x190 net/core/sock.c:3166 tcp_sendmsg_locked+0x319a/0x7d30 net/ipv4/tcp.c:1300 tcp_sendmsg+0x4b/0x90 net/ipv4/tcp.c:1465 inet_sendmsg+0x134/0x290 net/ipv4/af_inet.c:865 sock_sendmsg_nosec net/socket.c:727 [inline] __sock_sendmsg net/socket.c:742 [inline] ____sys_sendmsg+0xd27/0xfd0 net/socket.c:2592 ___sys_sendmsg+0x271/0x3b0 net/socket.c:2646 __sys_sendmsg net/socket.c:2678 [inline] __do_sys_sendmsg net/socket.c:2683 [inline] __se_sys_sendmsg net/socket.c:2681 [inline] __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2681 x64_sys_call+0x1e20/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:47 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x134/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f CPU: 1 UID: 0 PID: 7307 Comm: syz.4.464 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 =====================================================