=====================================================
BUG: KMSAN: uninit-value in vring_map_one_sg drivers/virtio/virtio_ring.c:341 [inline]
BUG: KMSAN: uninit-value in virtqueue_add_split drivers/virtio/virtio_ring.c:554 [inline]
BUG: KMSAN: uninit-value in virtqueue_add+0x24cd/0x7a80 drivers/virtio/virtio_ring.c:1814
 vring_map_one_sg drivers/virtio/virtio_ring.c:341 [inline]
 virtqueue_add_split drivers/virtio/virtio_ring.c:554 [inline]
 virtqueue_add+0x24cd/0x7a80 drivers/virtio/virtio_ring.c:1814
 virtqueue_add_outbuf+0x13a/0x190 drivers/virtio/virtio_ring.c:1871
 xmit_skb drivers/net/virtio_net.c:1691 [inline]
 start_xmit+0x1685/0x25b0 drivers/net/virtio_net.c:1718
 __netdev_start_xmit include/linux/netdevice.h:4685 [inline]
 netdev_start_xmit include/linux/netdevice.h:4699 [inline]
 xmit_one+0x2f4/0x840 net/core/dev.c:3473
 dev_hard_start_xmit+0x186/0x440 net/core/dev.c:3489
 sch_direct_xmit+0x5f5/0x1400 net/sched/sch_generic.c:342
 __dev_xmit_skb+0x18a4/0x2900 net/core/dev.c:3700
 __dev_queue_xmit+0x1599/0x3310 net/core/dev.c:4081
 dev_queue_xmit+0x4b/0x60 net/core/dev.c:4149
 neigh_resolve_output+0xc0f/0xca0 net/core/neighbour.c:1528
 neigh_output include/net/neighbour.h:549 [inline]
 ip_finish_output2+0x1a4c/0x1c00 net/ipv4/ip_output.c:228
 __ip_finish_output+0x35e/0x970
 ip_finish_output+0x15c/0x4e0 net/ipv4/ip_output.c:316
 NF_HOOK_COND include/linux/netfilter.h:296 [inline]
 ip_mc_output+0xaff/0x1290 net/ipv4/ip_output.c:415
 dst_output include/net/dst.h:451 [inline]
 ip_local_out+0x180/0x1f0 net/ipv4/ip_output.c:126
 iptunnel_xmit+0xaaf/0x10e0 net/ipv4/ip_tunnel_core.c:82
 ip_tunnel_xmit+0x33a2/0x3b30 net/ipv4/ip_tunnel.c:810
 __gre_xmit net/ipv4/ip_gre.c:471 [inline]
 erspan_xmit+0x1920/0x2970 net/ipv4/ip_gre.c:713
 __netdev_start_xmit include/linux/netdevice.h:4685 [inline]
 netdev_start_xmit include/linux/netdevice.h:4699 [inline]
 xmit_one+0x2f4/0x840 net/core/dev.c:3473
 dev_hard_start_xmit+0x186/0x440 net/core/dev.c:3489
 sch_direct_xmit+0x5f5/0x1400 net/sched/sch_generic.c:342
 __dev_xmit_skb+0x18a4/0x2900 net/core/dev.c:3700
 __dev_queue_xmit+0x1599/0x3310 net/core/dev.c:4081
 dev_queue_xmit+0x4b/0x60 net/core/dev.c:4149
 neigh_resolve_output+0xc0f/0xca0 net/core/neighbour.c:1528
 neigh_output include/net/neighbour.h:549 [inline]
 ip_finish_output2+0x1a4c/0x1c00 net/ipv4/ip_output.c:228
 ip_do_fragment+0x245c/0x2bf0 net/ipv4/ip_output.c:856
 ip_fragment+0x378/0x4f0
 __ip_finish_output+0x6a5/0x970 net/ipv4/ip_output.c:304
 ip_finish_output+0x15c/0x4e0 net/ipv4/ip_output.c:316
 NF_HOOK_COND include/linux/netfilter.h:296 [inline]
 ip_mc_output+0xaff/0x1290 net/ipv4/ip_output.c:415
 dst_output include/net/dst.h:451 [inline]
 ip_local_out net/ipv4/ip_output.c:126 [inline]
 ip_send_skb+0x197/0x350 net/ipv4/ip_output.c:1570
 udp_send_skb+0x15cd/0x1c20 net/ipv4/udp.c:967
 udp_push_pending_frames net/ipv4/udp.c:995 [inline]
 udp_sendpage+0x822/0xbe0 net/ipv4/udp.c:1366
 inet_sendpage+0x1da/0x2f0 net/ipv4/af_inet.c:833
 kernel_sendpage net/socket.c:3492 [inline]
 sock_sendpage+0x531/0x630 net/socket.c:1007
 pipe_to_sendpage+0x3f1/0x510 fs/splice.c:364
 splice_from_pipe_feed fs/splice.c:418 [inline]
 __splice_from_pipe+0x5c3/0x1000 fs/splice.c:562
 splice_from_pipe fs/splice.c:597 [inline]
 generic_splice_sendpage+0x1d5/0x2c0 fs/splice.c:746
 do_splice_from fs/splice.c:767 [inline]
 do_splice+0x24f9/0x2df0 fs/splice.c:1079
 __do_splice fs/splice.c:1144 [inline]
 __do_sys_splice fs/splice.c:1350 [inline]
 __se_sys_splice+0x935/0xb70 fs/splice.c:1332
 __ia32_sys_splice+0x1a0/0x200 fs/splice.c:1332
 do_syscall_32_irqs_on arch/x86/entry/common.c:113 [inline]
 __do_fast_syscall_32+0x96/0xf0 arch/x86/entry/common.c:179
 do_fast_syscall_32+0x34/0x70 arch/x86/entry/common.c:204
 do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:247
 entry_SYSENTER_compat_after_hwframe+0x4d/0x5c

Uninit was stored to memory at:
 pskb_expand_head+0x3c9/0x1ca0 net/core/skbuff.c:1708
 __skb_cow include/linux/skbuff.h:3324 [inline]
 skb_cow_head include/linux/skbuff.h:3358 [inline]
 ip_tunnel_xmit+0x2fd4/0x3b30 net/ipv4/ip_tunnel.c:803
 __gre_xmit net/ipv4/ip_gre.c:471 [inline]
 erspan_xmit+0x1920/0x2970 net/ipv4/ip_gre.c:713
 __netdev_start_xmit include/linux/netdevice.h:4685 [inline]
 netdev_start_xmit include/linux/netdevice.h:4699 [inline]
 xmit_one+0x2f4/0x840 net/core/dev.c:3473
 dev_hard_start_xmit+0x186/0x440 net/core/dev.c:3489
 sch_direct_xmit+0x5f5/0x1400 net/sched/sch_generic.c:342
 __dev_xmit_skb+0x18a4/0x2900 net/core/dev.c:3700
 __dev_queue_xmit+0x1599/0x3310 net/core/dev.c:4081
 dev_queue_xmit+0x4b/0x60 net/core/dev.c:4149
 neigh_resolve_output+0xc0f/0xca0 net/core/neighbour.c:1528
 neigh_output include/net/neighbour.h:549 [inline]
 ip_finish_output2+0x1a4c/0x1c00 net/ipv4/ip_output.c:228
 ip_do_fragment+0x245c/0x2bf0 net/ipv4/ip_output.c:856
 ip_fragment+0x378/0x4f0
 __ip_finish_output+0x6a5/0x970 net/ipv4/ip_output.c:304
 ip_finish_output+0x15c/0x4e0 net/ipv4/ip_output.c:316
 NF_HOOK_COND include/linux/netfilter.h:296 [inline]
 ip_mc_output+0xaff/0x1290 net/ipv4/ip_output.c:415
 dst_output include/net/dst.h:451 [inline]
 ip_local_out net/ipv4/ip_output.c:126 [inline]
 ip_send_skb+0x197/0x350 net/ipv4/ip_output.c:1570
 udp_send_skb+0x15cd/0x1c20 net/ipv4/udp.c:967
 udp_push_pending_frames net/ipv4/udp.c:995 [inline]
 udp_sendpage+0x822/0xbe0 net/ipv4/udp.c:1366
 inet_sendpage+0x1da/0x2f0 net/ipv4/af_inet.c:833
 kernel_sendpage net/socket.c:3492 [inline]
 sock_sendpage+0x531/0x630 net/socket.c:1007
 pipe_to_sendpage+0x3f1/0x510 fs/splice.c:364
 splice_from_pipe_feed fs/splice.c:418 [inline]
 __splice_from_pipe+0x5c3/0x1000 fs/splice.c:562
 splice_from_pipe fs/splice.c:597 [inline]
 generic_splice_sendpage+0x1d5/0x2c0 fs/splice.c:746
 do_splice_from fs/splice.c:767 [inline]
 do_splice+0x24f9/0x2df0 fs/splice.c:1079
 __do_splice fs/splice.c:1144 [inline]
 __do_sys_splice fs/splice.c:1350 [inline]
 __se_sys_splice+0x935/0xb70 fs/splice.c:1332
 __ia32_sys_splice+0x1a0/0x200 fs/splice.c:1332
 do_syscall_32_irqs_on arch/x86/entry/common.c:113 [inline]
 __do_fast_syscall_32+0x96/0xf0 arch/x86/entry/common.c:179
 do_fast_syscall_32+0x34/0x70 arch/x86/entry/common.c:204
 do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:247
 entry_SYSENTER_compat_after_hwframe+0x4d/0x5c

Uninit was stored to memory at:
 pskb_expand_head+0x3c9/0x1ca0 net/core/skbuff.c:1708
 __skb_cow include/linux/skbuff.h:3324 [inline]
 skb_cow_head include/linux/skbuff.h:3358 [inline]
 erspan_xmit+0xae8/0x2970 net/ipv4/ip_gre.c:686
 __netdev_start_xmit include/linux/netdevice.h:4685 [inline]
 netdev_start_xmit include/linux/netdevice.h:4699 [inline]
 xmit_one+0x2f4/0x840 net/core/dev.c:3473
 dev_hard_start_xmit+0x186/0x440 net/core/dev.c:3489
 sch_direct_xmit+0x5f5/0x1400 net/sched/sch_generic.c:342
 __dev_xmit_skb+0x18a4/0x2900 net/core/dev.c:3700
 __dev_queue_xmit+0x1599/0x3310 net/core/dev.c:4081
 dev_queue_xmit+0x4b/0x60 net/core/dev.c:4149
 neigh_resolve_output+0xc0f/0xca0 net/core/neighbour.c:1528
 neigh_output include/net/neighbour.h:549 [inline]
 ip_finish_output2+0x1a4c/0x1c00 net/ipv4/ip_output.c:228
 ip_do_fragment+0x245c/0x2bf0 net/ipv4/ip_output.c:856
 ip_fragment+0x378/0x4f0
 __ip_finish_output+0x6a5/0x970 net/ipv4/ip_output.c:304
 ip_finish_output+0x15c/0x4e0 net/ipv4/ip_output.c:316
 NF_HOOK_COND include/linux/netfilter.h:296 [inline]
 ip_mc_output+0xaff/0x1290 net/ipv4/ip_output.c:415
 dst_output include/net/dst.h:451 [inline]
 ip_local_out net/ipv4/ip_output.c:126 [inline]
 ip_send_skb+0x197/0x350 net/ipv4/ip_output.c:1570
 udp_send_skb+0x15cd/0x1c20 net/ipv4/udp.c:967
 udp_push_pending_frames net/ipv4/udp.c:995 [inline]
 udp_sendpage+0x822/0xbe0 net/ipv4/udp.c:1366
 inet_sendpage+0x1da/0x2f0 net/ipv4/af_inet.c:833
 kernel_sendpage net/socket.c:3492 [inline]
 sock_sendpage+0x531/0x630 net/socket.c:1007
 pipe_to_sendpage+0x3f1/0x510 fs/splice.c:364
 splice_from_pipe_feed fs/splice.c:418 [inline]
 __splice_from_pipe+0x5c3/0x1000 fs/splice.c:562
 splice_from_pipe fs/splice.c:597 [inline]
 generic_splice_sendpage+0x1d5/0x2c0 fs/splice.c:746
 do_splice_from fs/splice.c:767 [inline]
 do_splice+0x24f9/0x2df0 fs/splice.c:1079
 __do_splice fs/splice.c:1144 [inline]
 __do_sys_splice fs/splice.c:1350 [inline]
 __se_sys_splice+0x935/0xb70 fs/splice.c:1332
 __ia32_sys_splice+0x1a0/0x200 fs/splice.c:1332
 do_syscall_32_irqs_on arch/x86/entry/common.c:113 [inline]
 __do_fast_syscall_32+0x96/0xf0 arch/x86/entry/common.c:179
 do_fast_syscall_32+0x34/0x70 arch/x86/entry/common.c:204
 do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:247
 entry_SYSENTER_compat_after_hwframe+0x4d/0x5c

Uninit was created at:
 slab_post_alloc_hook mm/slab.h:737 [inline]
 slab_alloc_node mm/slub.c:3244 [inline]
 __kmalloc_node_track_caller+0xde3/0x14f0 mm/slub.c:4972
 kmalloc_reserve net/core/skbuff.c:354 [inline]
 __alloc_skb+0x545/0xf90 net/core/skbuff.c:426
 alloc_skb include/linux/skbuff.h:1158 [inline]
 alloc_skb_with_frags+0x1db/0xbc0 net/core/skbuff.c:5956
 sock_alloc_send_pskb+0xdf4/0xfc0 net/core/sock.c:2586
 sock_alloc_send_skb+0xca/0xe0 net/core/sock.c:2603
 __ip_append_data+0x4234/0x6430 net/ipv4/ip_output.c:1101
 ip_append_data+0x343/0x4a0 net/ipv4/ip_output.c:1325
 udp_sendmsg+0x6ff/0x4260 net/ipv4/udp.c:1280
 udp_sendpage+0x1d8/0xbe0 net/ipv4/udp.c:1338
 inet_sendpage+0x1da/0x2f0 net/ipv4/af_inet.c:833
 kernel_sendpage net/socket.c:3492 [inline]
 sock_sendpage+0x531/0x630 net/socket.c:1007
 pipe_to_sendpage+0x3f1/0x510 fs/splice.c:364
 splice_from_pipe_feed fs/splice.c:418 [inline]
 __splice_from_pipe+0x5c3/0x1000 fs/splice.c:562
 splice_from_pipe fs/splice.c:597 [inline]
 generic_splice_sendpage+0x1d5/0x2c0 fs/splice.c:746
 do_splice_from fs/splice.c:767 [inline]
 do_splice+0x24f9/0x2df0 fs/splice.c:1079
 __do_splice fs/splice.c:1144 [inline]
 __do_sys_splice fs/splice.c:1350 [inline]
 __se_sys_splice+0x935/0xb70 fs/splice.c:1332
 __ia32_sys_splice+0x1a0/0x200 fs/splice.c:1332
 do_syscall_32_irqs_on arch/x86/entry/common.c:113 [inline]
 __do_fast_syscall_32+0x96/0xf0 arch/x86/entry/common.c:179
 do_fast_syscall_32+0x34/0x70 arch/x86/entry/common.c:204
 do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:247
 entry_SYSENTER_compat_after_hwframe+0x4d/0x5c

Bytes 38-39 of 92 are uninitialized
Memory access of size 92 starts at ffff88806cc6e0c0

CPU: 1 PID: 8842 Comm: syz-executor.1 Not tainted 5.17.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
=====================================================