syzbot

==================================================================
BUG: KMSAN: uninit-value in __skb_checksum_complete+0x37f/0x550 net/core/skbuff.c:2683
CPU: 0 PID: 22586 Comm: udevd Not tainted 5.1.0-rc4+ #1
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x173/0x1d0 lib/dump_stack.c:113
 kmsan_report+0x131/0x2a0 mm/kmsan/kmsan.c:619
 __msan_warning+0x7a/0xf0 mm/kmsan/kmsan_instr.c:310
 __skb_checksum_complete+0x37f/0x550 net/core/skbuff.c:2683
 nf_ip_checksum+0x56b/0x710 net/netfilter/utils.c:35
 nf_nat_icmp_reply_translation+0x287/0x9a0 net/netfilter/nf_nat_proto.c:570
 nf_nat_ipv4_fn net/netfilter/nf_nat_proto.c:629 [inline]
 nf_nat_ipv4_local_fn+0x215/0x840 net/netfilter/nf_nat_proto.c:700
 nf_hook_entry_hookfn include/linux/netfilter.h:119 [inline]
 nf_hook_slow+0x176/0x3d0 net/netfilter/core.c:511
 nf_hook include/linux/netfilter.h:244 [inline]
 __ip_local_out+0x6dc/0x800 net/ipv4/ip_output.c:113
 ip_local_out net/ipv4/ip_output.c:122 [inline]
 ip_send_skb net/ipv4/ip_output.c:1465 [inline]
 ip_push_pending_frames+0x16f/0x460 net/ipv4/ip_output.c:1485
 icmp_push_reply+0x719/0x7e0 net/ipv4/icmp.c:394
 __icmp_send+0x2ec5/0x3110 net/ipv4/icmp.c:737
 icmp_send include/net/icmp.h:47 [inline]
 ipv4_link_failure+0x6d/0x230 net/ipv4/route.c:1190
 dst_link_failure include/net/dst.h:427 [inline]
 arp_error_report+0x106/0x1a0 net/ipv4/arp.c:297
 neigh_invalidate+0x359/0x8e0 net/core/neighbour.c:995
 neigh_timer_handler+0xdb4/0x1490 net/core/neighbour.c:1081
 call_timer_fn+0x285/0x600 kernel/time/timer.c:1325
 expire_timers kernel/time/timer.c:1362 [inline]
 __run_timers+0xdb4/0x11d0 kernel/time/timer.c:1681
 run_timer_softirq+0x2e/0x50 kernel/time/timer.c:1694
 __do_softirq+0x53f/0x93a kernel/softirq.c:294
 invoke_softirq kernel/softirq.c:376 [inline]
 irq_exit+0x241/0x290 kernel/softirq.c:417
 exiting_irq+0xe/0x10 arch/x86/include/asm/apic.h:536
 smp_apic_timer_interrupt+0x48/0x70 arch/x86/kernel/apic/apic.c:1064
 apic_timer_interrupt+0x2e/0x40 arch/x86/entry/entry_64.S:814
 </IRQ>
RIP: 0010:my_phys_addr_valid mm/kmsan/kmsan.c:525 [inline]
RIP: 0010:my_virt_addr_valid mm/kmsan/kmsan.c:548 [inline]
RIP: 0010:kmsan_get_shadow_origin_ptr+0x14b/0x480 mm/kmsan/kmsan.c:859
Code: 00 5f e9 29 ff ff ff 48 be 00 00 00 00 80 77 00 00 4d 89 f0 49 81 e8 00 00 00 80 0f 83 d5 02 00 00 49 8d 04 36 4c 39 c0 77 51 <8a> 0c 25 11 06 2e 8c 48 89 c2 48 d3 ea 48 85 d2 75 3f 48 89 c1 48
RSP: 0018:ffff88810184f930 EFLAGS: 00000207 ORIG_RAX: ffffffffffffff13
RAX: 00000001749d01b0 RBX: ffffffff8c89b000 RCX: 0000000000ffff88
RDX: 0000000000000000 RSI: 0000778000000000 RDI: ffffffff8b9fe945
RBP: ffff88810184f968 R08: ffff8881f49d01b0 R09: 0000778000000001
R10: ffffd0ffffffffff R11: 0000100000000000 R12: ffff8881749d0bd9
R13: ffff8881749d01b0 R14: ffff8881749d01b0 R15: 0000000000000008
 __msan_metadata_ptr_for_store_8+0x13/0x20 mm/kmsan/kmsan_instr.c:55
 rb_set_parent_color include/linux/rbtree_augmented.h:131 [inline]
 __rb_insert lib/rbtree.c:203 [inline]
 __rb_insert_augmented+0x389/0x12e0 lib/rbtree.c:495
 rb_insert_augmented include/linux/rbtree_augmented.h:63 [inline]
 vma_rb_insert mm/mmap.c:452 [inline]
 __vma_link_rb+0xb8a/0xc60 mm/mmap.c:606
 dup_mmap kernel/fork.c:580 [inline]
 dup_mm kernel/fork.c:1321 [inline]
 copy_mm kernel/fork.c:1376 [inline]
 copy_process+0x6d1a/0xb160 kernel/fork.c:1918
 _do_fork+0x33f/0xfb0 kernel/fork.c:2228
 __do_sys_clone kernel/fork.c:2335 [inline]
 __se_sys_clone+0xf6/0x110 kernel/fork.c:2329
 __x64_sys_clone+0x62/0x80 kernel/fork.c:2329
 do_syscall_64+0xbc/0xf0 arch/x86/entry/common.c:291
 entry_SYSCALL_64_after_hwframe+0x63/0xe7
RIP: 0033:0x7f04180eef46
Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 14 25 10 00 00 00 31 d2 49 81 c2 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 31 01 00 00 85 c0 41 89 c4 0f 85 3b 01 00
RSP: 002b:00007ffee1dc5310 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 00007ffee1dc5310 RCX: 00007f04180eef46
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
RBP: 00007ffee1dc5370 R08: 000000000000583a R09: 000000000000583a
R10: 00007f0418a0ba70 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffee1dc5330 R14: 0000000000000005 R15: 0000000000000005

Uninit was stored to memory at:
 kmsan_save_stack_with_flags mm/kmsan/kmsan.c:205 [inline]
 kmsan_save_stack mm/kmsan/kmsan.c:220 [inline]
 kmsan_internal_chain_origin+0x134/0x230 mm/kmsan/kmsan.c:426
 kmsan_memcpy_memmove_metadata+0x989/0xd60 mm/kmsan/kmsan.c:304
 kmsan_memcpy_metadata+0xb/0x10 mm/kmsan/kmsan.c:324
 __msan_memcpy+0x58/0x70 mm/kmsan/kmsan_instr.c:139
 csum_partial_copy+0xbd/0x520 lib/checksum.c:178
 skb_copy_and_csum_bits+0x214/0x10a0 net/core/skbuff.c:2570
 icmp_glue_bits+0x16b/0x380 net/ipv4/icmp.c:357
 __ip_append_data+0x3f20/0x5000 net/ipv4/ip_output.c:1040
 ip_append_data+0x324/0x480 net/ipv4/ip_output.c:1220
 icmp_push_reply+0x23d/0x7e0 net/ipv4/icmp.c:375
 __icmp_send+0x2ec5/0x3110 net/ipv4/icmp.c:737
 icmp_send include/net/icmp.h:47 [inline]
 ipv4_link_failure+0x6d/0x230 net/ipv4/route.c:1190
 dst_link_failure include/net/dst.h:427 [inline]
 arp_error_report+0x106/0x1a0 net/ipv4/arp.c:297
 neigh_invalidate+0x359/0x8e0 net/core/neighbour.c:995
 neigh_timer_handler+0xdb4/0x1490 net/core/neighbour.c:1081
 call_timer_fn+0x285/0x600 kernel/time/timer.c:1325
 expire_timers kernel/time/timer.c:1362 [inline]
 __run_timers+0xdb4/0x11d0 kernel/time/timer.c:1681
 run_timer_softirq+0x2e/0x50 kernel/time/timer.c:1694
 __do_softirq+0x53f/0x93a kernel/softirq.c:294

Uninit was stored to memory at:
 kmsan_save_stack_with_flags mm/kmsan/kmsan.c:205 [inline]
 kmsan_save_stack mm/kmsan/kmsan.c:220 [inline]
 kmsan_internal_chain_origin+0x134/0x230 mm/kmsan/kmsan.c:426
 kmsan_memcpy_memmove_metadata+0x989/0xd60 mm/kmsan/kmsan.c:304
 kmsan_memcpy_metadata+0xb/0x10 mm/kmsan/kmsan.c:324
 __msan_memcpy+0x58/0x70 mm/kmsan/kmsan_instr.c:139
 pskb_expand_head+0x3aa/0x1a30 net/core/skbuff.c:1478
 __skb_cow include/linux/skbuff.h:3029 [inline]
 skb_cow_head include/linux/skbuff.h:3063 [inline]
 ip_tunnel_xmit+0x2c4e/0x3310 net/ipv4/ip_tunnel.c:824
 __gre_xmit net/ipv4/ip_gre.c:444 [inline]
 erspan_xmit+0x1f5e/0x3640 net/ipv4/ip_gre.c:679
 __netdev_start_xmit include/linux/netdevice.h:4411 [inline]
 netdev_start_xmit include/linux/netdevice.h:4420 [inline]
 xmit_one net/core/dev.c:3278 [inline]
 dev_hard_start_xmit+0x604/0xc40 net/core/dev.c:3294
 sch_direct_xmit+0x58a/0x880 net/sched/sch_generic.c:327
 qdisc_restart net/sched/sch_generic.c:390 [inline]
 __qdisc_run+0x1cd7/0x34b0 net/sched/sch_generic.c:398
 qdisc_run include/net/pkt_sched.h:121 [inline]
 __dev_xmit_skb net/core/dev.c:3473 [inline]
 __dev_queue_xmit+0x1e51/0x3ce0 net/core/dev.c:3832
 dev_queue_xmit+0x4b/0x60 net/core/dev.c:3897
 neigh_resolve_output+0xab7/0xb40 net/core/neighbour.c:1487
 neigh_output include/net/neighbour.h:508 [inline]
 ip_finish_output2+0x1709/0x1930 net/ipv4/ip_output.c:229
 ip_finish_output+0xd2b/0xfd0 net/ipv4/ip_output.c:317
 NF_HOOK_COND include/linux/netfilter.h:278 [inline]
 ip_output+0x53f/0x610 net/ipv4/ip_output.c:405
 dst_output include/net/dst.h:444 [inline]
 NF_HOOK include/linux/netfilter.h:289 [inline]
 raw_send_hdrinc net/ipv4/raw.c:432 [inline]
 raw_sendmsg+0x41c7/0x4650 net/ipv4/raw.c:663
 inet_sendmsg+0x54a/0x720 net/ipv4/af_inet.c:798
 sock_sendmsg_nosec net/socket.c:651 [inline]
 sock_sendmsg net/socket.c:661 [inline]
 __sys_sendto+0x8c4/0xac0 net/socket.c:1932
 __do_sys_sendto net/socket.c:1944 [inline]
 __se_sys_sendto+0x107/0x130 net/socket.c:1940
 __x64_sys_sendto+0x6e/0x90 net/socket.c:1940
 do_syscall_64+0xbc/0xf0 arch/x86/entry/common.c:291
 entry_SYSCALL_64_after_hwframe+0x63/0xe7

Uninit was created at:
 kmsan_save_stack_with_flags mm/kmsan/kmsan.c:205 [inline]
 kmsan_internal_poison_shadow+0x92/0x150 mm/kmsan/kmsan.c:159
 kmsan_kmalloc+0xa9/0x130 mm/kmsan/kmsan_hooks.c:174
 kmsan_slab_alloc+0xe/0x10 mm/kmsan/kmsan_hooks.c:183
 slab_post_alloc_hook mm/slab.h:442 [inline]
 slab_alloc_node mm/slub.c:2771 [inline]
 __kmalloc_node_track_caller+0xead/0x1000 mm/slub.c:4399
 __kmalloc_reserve net/core/skbuff.c:140 [inline]
 __alloc_skb+0x309/0xa20 net/core/skbuff.c:208
 alloc_skb include/linux/skbuff.h:1059 [inline]
 alloc_skb_with_frags+0x186/0xa60 net/core/skbuff.c:5287
 sock_alloc_send_pskb+0xafd/0x10a0 net/core/sock.c:2220
 sock_alloc_send_skb+0xca/0xe0 net/core/sock.c:2237
 raw_send_hdrinc net/ipv4/raw.c:374 [inline]
 raw_sendmsg+0x2492/0x4650 net/ipv4/raw.c:663
 inet_sendmsg+0x54a/0x720 net/ipv4/af_inet.c:798
 sock_sendmsg_nosec net/socket.c:651 [inline]
 sock_sendmsg net/socket.c:661 [inline]
 __sys_sendto+0x8c4/0xac0 net/socket.c:1932
 __do_sys_sendto net/socket.c:1944 [inline]
 __se_sys_sendto+0x107/0x130 net/socket.c:1940
 __x64_sys_sendto+0x6e/0x90 net/socket.c:1940
 do_syscall_64+0xbc/0xf0 arch/x86/entry/common.c:291
 entry_SYSCALL_64_after_hwframe+0x63/0xe7
==================================================================