=====================================================
BUG: KMSAN: uninit-value in bpf_prog_run_generic_xdp+0x1a97/0x20d0 net/core/dev.c:5521
 bpf_prog_run_generic_xdp+0x1a97/0x20d0 net/core/dev.c:5521
 netif_receive_generic_xdp net/core/dev.c:5604 [inline]
 do_xdp_generic+0xe07/0x17b0 net/core/dev.c:5666
 tun_get_user+0x52df/0x6fe0 drivers/net/tun.c:1874
 tun_chr_write_iter+0x3e9/0x5c0 drivers/net/tun.c:2001
 new_sync_write fs/read_write.c:595 [inline]
 vfs_write+0xbe1/0x15c0 fs/read_write.c:688
 ksys_write+0x1d9/0x470 fs/read_write.c:740
 __do_sys_write fs/read_write.c:751 [inline]
 __se_sys_write fs/read_write.c:748 [inline]
 __ia32_sys_write+0x9a/0xf0 fs/read_write.c:748
 ia32_sys_call+0x37a7/0x4360 arch/x86/include/generated/asm/syscalls_32.h:5
 do_syscall_32_irqs_on arch/x86/entry/syscall_32.c:83 [inline]
 do_int80_emulation+0x15a/0x360 arch/x86/entry/syscall_32.c:172
 asm_int80_emulation+0x1f/0x30 arch/x86/include/asm/idtentry.h:621

Uninit was stored to memory at:
 pskb_expand_head+0x497/0x1a40 net/core/skbuff.c:2310
 netif_skb_check_for_xdp net/core/dev.c:5567 [inline]
 netif_receive_generic_xdp net/core/dev.c:5598 [inline]
 do_xdp_generic+0xb30/0x17b0 net/core/dev.c:5666
 tun_get_user+0x52df/0x6fe0 drivers/net/tun.c:1874
 tun_chr_write_iter+0x3e9/0x5c0 drivers/net/tun.c:2001
 new_sync_write fs/read_write.c:595 [inline]
 vfs_write+0xbe1/0x15c0 fs/read_write.c:688
 ksys_write+0x1d9/0x470 fs/read_write.c:740
 __do_sys_write fs/read_write.c:751 [inline]
 __se_sys_write fs/read_write.c:748 [inline]
 __ia32_sys_write+0x9a/0xf0 fs/read_write.c:748
 ia32_sys_call+0x37a7/0x4360 arch/x86/include/generated/asm/syscalls_32.h:5
 do_syscall_32_irqs_on arch/x86/entry/syscall_32.c:83 [inline]
 do_int80_emulation+0x15a/0x360 arch/x86/entry/syscall_32.c:172
 asm_int80_emulation+0x1f/0x30 arch/x86/include/asm/idtentry.h:621

Uninit was created at:
 slab_post_alloc_hook mm/slub.c:4576 [inline]
 slab_alloc_node mm/slub.c:4898 [inline]
 __do_kmalloc_node mm/slub.c:5294 [inline]
 __kmalloc_node_track_caller_noprof+0x4f6/0x1750 mm/slub.c:5407
 kmalloc_reserve net/core/skbuff.c:635 [inline]
 __alloc_skb+0x90d/0x1190 net/core/skbuff.c:713
 alloc_skb include/linux/skbuff.h:1383 [inline]
 alloc_skb_with_frags+0xc5/0x990 net/core/skbuff.c:6734
 sock_alloc_send_pskb+0xacb/0xc60 net/core/sock.c:2998
 tun_alloc_skb drivers/net/tun.c:1463 [inline]
 tun_get_user+0xefa/0x6fe0 drivers/net/tun.c:1796
 tun_chr_write_iter+0x3e9/0x5c0 drivers/net/tun.c:2001
 new_sync_write fs/read_write.c:595 [inline]
 vfs_write+0xbe1/0x15c0 fs/read_write.c:688
 ksys_write+0x1d9/0x470 fs/read_write.c:740
 __do_sys_write fs/read_write.c:751 [inline]
 __se_sys_write fs/read_write.c:748 [inline]
 __ia32_sys_write+0x9a/0xf0 fs/read_write.c:748
 ia32_sys_call+0x37a7/0x4360 arch/x86/include/generated/asm/syscalls_32.h:5
 do_syscall_32_irqs_on arch/x86/entry/syscall_32.c:83 [inline]
 do_int80_emulation+0x15a/0x360 arch/x86/entry/syscall_32.c:172
 asm_int80_emulation+0x1f/0x30 arch/x86/include/asm/idtentry.h:621

CPU: 0 UID: 0 PID: 11166 Comm: syz.1.1774 Tainted: G             L      syzkaller #0 PREEMPT(full) 
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
=====================================================