IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready 8021q: adding VLAN 0 to HW filter on device batadv0 8021q: adding VLAN 0 to HW filter on device batadv0 8021q: adding VLAN 0 to HW filter on device batadv0 ===================================================== BUG: KMSAN: uninit-value in ip6_parse_tlv+0x85e/0xc90 net/ipv6/exthdrs.c:156 CPU: 0 PID: 6590 Comm: syz-executor.4 Not tainted 5.13.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x1ff/0x280 lib/dump_stack.c:120 kmsan_report+0xfb/0x1e0 mm/kmsan/kmsan_report.c:121 __msan_warning+0x5c/0xa0 mm/kmsan/kmsan_instr.c:200 ip6_parse_tlv+0x85e/0xc90 net/ipv6/exthdrs.c:156 ipv6_destopt_rcv+0x5c4/0xdb0 net/ipv6/exthdrs.c:308 ip6_protocol_deliver_rcu+0x18c3/0x23b0 net/ipv6/ip6_input.c:422 ip6_input_finish net/ipv6/ip6_input.c:463 [inline] NF_HOOK include/linux/netfilter.h:301 [inline] ip6_input net/ipv6/ip6_input.c:472 [inline] dst_input include/net/dst.h:458 [inline] ip6_sublist_rcv_finish+0x4fd/0x780 net/ipv6/ip6_input.c:85 ip6_list_rcv_finish net/ipv6/ip6_input.c:142 [inline] ip6_sublist_rcv+0x12af/0x1320 net/ipv6/ip6_input.c:307 ipv6_list_rcv+0x914/0x980 net/ipv6/ip6_input.c:342 __netif_receive_skb_list_ptype net/core/dev.c:5502 [inline] __netif_receive_skb_list_core+0xfd7/0x14c0 net/core/dev.c:5550 __netif_receive_skb_list net/core/dev.c:5602 [inline] netif_receive_skb_list_internal+0xfd1/0x1680 net/core/dev.c:5712 gro_normal_list net/core/dev.c:5866 [inline] gro_normal_one net/core/dev.c:5879 [inline] napi_frags_finish net/core/dev.c:6275 [inline] napi_gro_frags+0x14bc/0x23a0 net/core/dev.c:6341 tun_get_user+0x59f9/0x7420 drivers/net/tun.c:1890 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4601ed Code: 28 89 54 24 1c 48 89 74 24 10 89 7c 24 08 e8 0a 2b 02 00 8b 54 24 1c 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 14 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 33 44 89 c7 48 89 44 24 08 e8 3e 2b 02 00 48 RSP: 002b:00007fa8c79230a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000014 RAX: ffffffffffffffda RBX: 000000000052bf00 RCX: 00000000004601ed RDX: 0000000000000001 RSI: 00007fa8c7923110 RDI: 00000000000000f0 RBP: 0000000020000180 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000049 R11: 0000000000000293 R12: 00000000ffffffff R13: 0000000000000003 R14: 000000000000004e R15: 00007fa8c79236bc Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:120 [inline] kmsan_internal_chain_origin+0xad/0x130 mm/kmsan/kmsan.c:288 kmsan_memcpy_memmove_metadata+0x25e/0x2d0 mm/kmsan/kmsan.c:225 kmsan_memcpy_metadata+0xb/0x10 mm/kmsan/kmsan.c:245 __msan_memcpy+0x46/0x60 mm/kmsan/kmsan_instr.c:110 pskb_expand_head+0x381/0x1ad0 net/core/skbuff.c:1688 skb_unclone include/linux/skbuff.h:1659 [inline] inet_frag_reasm_prepare+0xa69/0x1440 net/ipv4/inet_fragment.c:470 nf_ct_frag6_reasm net/ipv6/netfilter/nf_conntrack_reasm.c:325 [inline] nf_ct_frag6_queue net/ipv6/netfilter/nf_conntrack_reasm.c:286 [inline] nf_ct_frag6_gather+0x2815/0x3950 net/ipv6/netfilter/nf_conntrack_reasm.c:481 ipv6_defrag+0x538/0x650 net/ipv6/netfilter/nf_defrag_ipv6_hooks.c:68 nf_hook_entry_hookfn include/linux/netfilter.h:136 [inline] nf_hook_slow net/netfilter/core.c:589 [inline] nf_hook_slow_list+0x34f/0xaf0 net/netfilter/core.c:627 NF_HOOK_LIST include/linux/netfilter.h:337 [inline] ip6_sublist_rcv+0x1b2/0x1320 net/ipv6/ip6_input.c:305 ipv6_list_rcv+0x914/0x980 net/ipv6/ip6_input.c:342 __netif_receive_skb_list_ptype net/core/dev.c:5502 [inline] __netif_receive_skb_list_core+0xfd7/0x14c0 net/core/dev.c:5550 __netif_receive_skb_list net/core/dev.c:5602 [inline] netif_receive_skb_list_internal+0xfd1/0x1680 net/core/dev.c:5712 gro_normal_list net/core/dev.c:5866 [inline] gro_normal_one net/core/dev.c:5879 [inline] napi_frags_finish net/core/dev.c:6275 [inline] napi_gro_frags+0x14bc/0x23a0 net/core/dev.c:6341 tun_get_user+0x59f9/0x7420 drivers/net/tun.c:1890 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae Uninit was created at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:120 [inline] kmsan_internal_poison_memory+0x66/0xd0 mm/kmsan/kmsan.c:103 kmsan_slab_alloc+0x8e/0xe0 mm/kmsan/kmsan_hooks.c:74 slab_alloc_node mm/slub.c:2929 [inline] __kmalloc_node_track_caller+0xaf3/0x1520 mm/slub.c:4611 kmalloc_reserve net/core/skbuff.c:354 [inline] __alloc_skb+0x438/0xd80 net/core/skbuff.c:425 __napi_alloc_skb+0x34c/0xbc0 net/core/skbuff.c:566 napi_alloc_skb include/linux/skbuff.h:2924 [inline] napi_get_frags+0xd1/0x2a0 net/core/dev.c:6255 tun_napi_alloc_frags drivers/net/tun.c:1382 [inline] tun_get_user+0x14b0/0x7420 drivers/net/tun.c:1741 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae ===================================================== ===================================================== BUG: KMSAN: uninit-value in ip6_parse_tlv+0x884/0xc90 net/ipv6/exthdrs.c:162 CPU: 0 PID: 6590 Comm: syz-executor.4 Tainted: G B 5.13.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x1ff/0x280 lib/dump_stack.c:120 kmsan_report+0xfb/0x1e0 mm/kmsan/kmsan_report.c:121 __msan_warning+0x5c/0xa0 mm/kmsan/kmsan_instr.c:200 ip6_parse_tlv+0x884/0xc90 net/ipv6/exthdrs.c:162 ipv6_destopt_rcv+0x5c4/0xdb0 net/ipv6/exthdrs.c:308 ip6_protocol_deliver_rcu+0x18c3/0x23b0 net/ipv6/ip6_input.c:422 ip6_input_finish net/ipv6/ip6_input.c:463 [inline] NF_HOOK include/linux/netfilter.h:301 [inline] ip6_input net/ipv6/ip6_input.c:472 [inline] dst_input include/net/dst.h:458 [inline] ip6_sublist_rcv_finish+0x4fd/0x780 net/ipv6/ip6_input.c:85 ip6_list_rcv_finish net/ipv6/ip6_input.c:142 [inline] ip6_sublist_rcv+0x12af/0x1320 net/ipv6/ip6_input.c:307 ipv6_list_rcv+0x914/0x980 net/ipv6/ip6_input.c:342 __netif_receive_skb_list_ptype net/core/dev.c:5502 [inline] __netif_receive_skb_list_core+0xfd7/0x14c0 net/core/dev.c:5550 __netif_receive_skb_list net/core/dev.c:5602 [inline] netif_receive_skb_list_internal+0xfd1/0x1680 net/core/dev.c:5712 gro_normal_list net/core/dev.c:5866 [inline] gro_normal_one net/core/dev.c:5879 [inline] napi_frags_finish net/core/dev.c:6275 [inline] napi_gro_frags+0x14bc/0x23a0 net/core/dev.c:6341 tun_get_user+0x59f9/0x7420 drivers/net/tun.c:1890 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4601ed Code: 28 89 54 24 1c 48 89 74 24 10 89 7c 24 08 e8 0a 2b 02 00 8b 54 24 1c 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 14 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 33 44 89 c7 48 89 44 24 08 e8 3e 2b 02 00 48 RSP: 002b:00007fa8c79230a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000014 RAX: ffffffffffffffda RBX: 000000000052bf00 RCX: 00000000004601ed RDX: 0000000000000001 RSI: 00007fa8c7923110 RDI: 00000000000000f0 RBP: 0000000020000180 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000049 R11: 0000000000000293 R12: 00000000ffffffff R13: 0000000000000003 R14: 000000000000004e R15: 00007fa8c79236bc Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:120 [inline] kmsan_internal_chain_origin+0xad/0x130 mm/kmsan/kmsan.c:288 kmsan_memcpy_memmove_metadata+0x25e/0x2d0 mm/kmsan/kmsan.c:225 kmsan_memcpy_metadata+0xb/0x10 mm/kmsan/kmsan.c:245 __msan_memcpy+0x46/0x60 mm/kmsan/kmsan_instr.c:110 pskb_expand_head+0x381/0x1ad0 net/core/skbuff.c:1688 skb_unclone include/linux/skbuff.h:1659 [inline] inet_frag_reasm_prepare+0xa69/0x1440 net/ipv4/inet_fragment.c:470 nf_ct_frag6_reasm net/ipv6/netfilter/nf_conntrack_reasm.c:325 [inline] nf_ct_frag6_queue net/ipv6/netfilter/nf_conntrack_reasm.c:286 [inline] nf_ct_frag6_gather+0x2815/0x3950 net/ipv6/netfilter/nf_conntrack_reasm.c:481 ipv6_defrag+0x538/0x650 net/ipv6/netfilter/nf_defrag_ipv6_hooks.c:68 nf_hook_entry_hookfn include/linux/netfilter.h:136 [inline] nf_hook_slow net/netfilter/core.c:589 [inline] nf_hook_slow_list+0x34f/0xaf0 net/netfilter/core.c:627 NF_HOOK_LIST include/linux/netfilter.h:337 [inline] ip6_sublist_rcv+0x1b2/0x1320 net/ipv6/ip6_input.c:305 ipv6_list_rcv+0x914/0x980 net/ipv6/ip6_input.c:342 __netif_receive_skb_list_ptype net/core/dev.c:5502 [inline] __netif_receive_skb_list_core+0xfd7/0x14c0 net/core/dev.c:5550 __netif_receive_skb_list net/core/dev.c:5602 [inline] netif_receive_skb_list_internal+0xfd1/0x1680 net/core/dev.c:5712 gro_normal_list net/core/dev.c:5866 [inline] gro_normal_one net/core/dev.c:5879 [inline] napi_frags_finish net/core/dev.c:6275 [inline] napi_gro_frags+0x14bc/0x23a0 net/core/dev.c:6341 tun_get_user+0x59f9/0x7420 drivers/net/tun.c:1890 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae Uninit was created at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:120 [inline] kmsan_internal_poison_memory+0x66/0xd0 mm/kmsan/kmsan.c:103 kmsan_slab_alloc+0x8e/0xe0 mm/kmsan/kmsan_hooks.c:74 slab_alloc_node mm/slub.c:2929 [inline] __kmalloc_node_track_caller+0xaf3/0x1520 mm/slub.c:4611 kmalloc_reserve net/core/skbuff.c:354 [inline] __alloc_skb+0x438/0xd80 net/core/skbuff.c:425 __napi_alloc_skb+0x34c/0xbc0 net/core/skbuff.c:566 napi_alloc_skb include/linux/skbuff.h:2924 [inline] napi_get_frags+0xd1/0x2a0 net/core/dev.c:6255 tun_napi_alloc_frags drivers/net/tun.c:1382 [inline] tun_get_user+0x14b0/0x7420 drivers/net/tun.c:1741 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae ===================================================== ===================================================== BUG: KMSAN: uninit-value in ip6_parse_tlv+0xa12/0xc90 net/ipv6/exthdrs.c:137 CPU: 0 PID: 6590 Comm: syz-executor.4 Tainted: G B 5.13.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x1ff/0x280 lib/dump_stack.c:120 kmsan_report+0xfb/0x1e0 mm/kmsan/kmsan_report.c:121 __msan_warning+0x5c/0xa0 mm/kmsan/kmsan_instr.c:200 ip6_parse_tlv+0xa12/0xc90 net/ipv6/exthdrs.c:137 ipv6_destopt_rcv+0x5c4/0xdb0 net/ipv6/exthdrs.c:308 ip6_protocol_deliver_rcu+0x18c3/0x23b0 net/ipv6/ip6_input.c:422 ip6_input_finish net/ipv6/ip6_input.c:463 [inline] NF_HOOK include/linux/netfilter.h:301 [inline] ip6_input net/ipv6/ip6_input.c:472 [inline] dst_input include/net/dst.h:458 [inline] ip6_sublist_rcv_finish+0x4fd/0x780 net/ipv6/ip6_input.c:85 ip6_list_rcv_finish net/ipv6/ip6_input.c:142 [inline] ip6_sublist_rcv+0x12af/0x1320 net/ipv6/ip6_input.c:307 ipv6_list_rcv+0x914/0x980 net/ipv6/ip6_input.c:342 __netif_receive_skb_list_ptype net/core/dev.c:5502 [inline] __netif_receive_skb_list_core+0xfd7/0x14c0 net/core/dev.c:5550 __netif_receive_skb_list net/core/dev.c:5602 [inline] netif_receive_skb_list_internal+0xfd1/0x1680 net/core/dev.c:5712 gro_normal_list net/core/dev.c:5866 [inline] gro_normal_one net/core/dev.c:5879 [inline] napi_frags_finish net/core/dev.c:6275 [inline] napi_gro_frags+0x14bc/0x23a0 net/core/dev.c:6341 tun_get_user+0x59f9/0x7420 drivers/net/tun.c:1890 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4601ed Code: 28 89 54 24 1c 48 89 74 24 10 89 7c 24 08 e8 0a 2b 02 00 8b 54 24 1c 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 14 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 33 44 89 c7 48 89 44 24 08 e8 3e 2b 02 00 48 RSP: 002b:00007fa8c79230a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000014 RAX: ffffffffffffffda RBX: 000000000052bf00 RCX: 00000000004601ed RDX: 0000000000000001 RSI: 00007fa8c7923110 RDI: 00000000000000f0 RBP: 0000000020000180 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000049 R11: 0000000000000293 R12: 00000000ffffffff R13: 0000000000000003 R14: 000000000000004e R15: 00007fa8c79236bc Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:120 [inline] kmsan_internal_chain_origin+0xad/0x130 mm/kmsan/kmsan.c:288 kmsan_memcpy_memmove_metadata+0x25e/0x2d0 mm/kmsan/kmsan.c:225 kmsan_memcpy_metadata+0xb/0x10 mm/kmsan/kmsan.c:245 __msan_memcpy+0x46/0x60 mm/kmsan/kmsan_instr.c:110 pskb_expand_head+0x381/0x1ad0 net/core/skbuff.c:1688 skb_unclone include/linux/skbuff.h:1659 [inline] inet_frag_reasm_prepare+0xa69/0x1440 net/ipv4/inet_fragment.c:470 nf_ct_frag6_reasm net/ipv6/netfilter/nf_conntrack_reasm.c:325 [inline] nf_ct_frag6_queue net/ipv6/netfilter/nf_conntrack_reasm.c:286 [inline] nf_ct_frag6_gather+0x2815/0x3950 net/ipv6/netfilter/nf_conntrack_reasm.c:481 ipv6_defrag+0x538/0x650 net/ipv6/netfilter/nf_defrag_ipv6_hooks.c:68 nf_hook_entry_hookfn include/linux/netfilter.h:136 [inline] nf_hook_slow net/netfilter/core.c:589 [inline] nf_hook_slow_list+0x34f/0xaf0 net/netfilter/core.c:627 NF_HOOK_LIST include/linux/netfilter.h:337 [inline] ip6_sublist_rcv+0x1b2/0x1320 net/ipv6/ip6_input.c:305 ipv6_list_rcv+0x914/0x980 net/ipv6/ip6_input.c:342 __netif_receive_skb_list_ptype net/core/dev.c:5502 [inline] __netif_receive_skb_list_core+0xfd7/0x14c0 net/core/dev.c:5550 __netif_receive_skb_list net/core/dev.c:5602 [inline] netif_receive_skb_list_internal+0xfd1/0x1680 net/core/dev.c:5712 gro_normal_list net/core/dev.c:5866 [inline] gro_normal_one net/core/dev.c:5879 [inline] napi_frags_finish net/core/dev.c:6275 [inline] napi_gro_frags+0x14bc/0x23a0 net/core/dev.c:6341 tun_get_user+0x59f9/0x7420 drivers/net/tun.c:1890 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae Uninit was created at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:120 [inline] kmsan_internal_poison_memory+0x66/0xd0 mm/kmsan/kmsan.c:103 kmsan_slab_alloc+0x8e/0xe0 mm/kmsan/kmsan_hooks.c:74 slab_alloc_node mm/slub.c:2929 [inline] __kmalloc_node_track_caller+0xaf3/0x1520 mm/slub.c:4611 kmalloc_reserve net/core/skbuff.c:354 [inline] __alloc_skb+0x438/0xd80 net/core/skbuff.c:425 __napi_alloc_skb+0x34c/0xbc0 net/core/skbuff.c:566 napi_alloc_skb include/linux/skbuff.h:2924 [inline] napi_get_frags+0xd1/0x2a0 net/core/dev.c:6255 tun_napi_alloc_frags drivers/net/tun.c:1382 [inline] tun_get_user+0x14b0/0x7420 drivers/net/tun.c:1741 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae ===================================================== ===================================================== BUG: KMSAN: uninit-value in ip6_parse_tlv+0x85e/0xc90 net/ipv6/exthdrs.c:156 CPU: 0 PID: 6590 Comm: syz-executor.4 Tainted: G B 5.13.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x1ff/0x280 lib/dump_stack.c:120 kmsan_report+0xfb/0x1e0 mm/kmsan/kmsan_report.c:121 __msan_warning+0x5c/0xa0 mm/kmsan/kmsan_instr.c:200 ip6_parse_tlv+0x85e/0xc90 net/ipv6/exthdrs.c:156 ipv6_destopt_rcv+0x5c4/0xdb0 net/ipv6/exthdrs.c:308 ip6_protocol_deliver_rcu+0x18c3/0x23b0 net/ipv6/ip6_input.c:422 ip6_input_finish net/ipv6/ip6_input.c:463 [inline] NF_HOOK include/linux/netfilter.h:301 [inline] ip6_input net/ipv6/ip6_input.c:472 [inline] dst_input include/net/dst.h:458 [inline] ip6_sublist_rcv_finish+0x4fd/0x780 net/ipv6/ip6_input.c:85 ip6_list_rcv_finish net/ipv6/ip6_input.c:142 [inline] ip6_sublist_rcv+0x12af/0x1320 net/ipv6/ip6_input.c:307 ipv6_list_rcv+0x914/0x980 net/ipv6/ip6_input.c:342 __netif_receive_skb_list_ptype net/core/dev.c:5502 [inline] __netif_receive_skb_list_core+0xfd7/0x14c0 net/core/dev.c:5550 __netif_receive_skb_list net/core/dev.c:5602 [inline] netif_receive_skb_list_internal+0xfd1/0x1680 net/core/dev.c:5712 gro_normal_list net/core/dev.c:5866 [inline] gro_normal_one net/core/dev.c:5879 [inline] napi_frags_finish net/core/dev.c:6275 [inline] napi_gro_frags+0x14bc/0x23a0 net/core/dev.c:6341 tun_get_user+0x59f9/0x7420 drivers/net/tun.c:1890 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4601ed Code: 28 89 54 24 1c 48 89 74 24 10 89 7c 24 08 e8 0a 2b 02 00 8b 54 24 1c 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 14 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 33 44 89 c7 48 89 44 24 08 e8 3e 2b 02 00 48 RSP: 002b:00007fa8c79230a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000014 RAX: ffffffffffffffda RBX: 000000000052bf00 RCX: 00000000004601ed RDX: 0000000000000001 RSI: 00007fa8c7923110 RDI: 00000000000000f0 RBP: 0000000020000180 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000049 R11: 0000000000000293 R12: 00000000ffffffff R13: 0000000000000003 R14: 000000000000004e R15: 00007fa8c79236bc Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:120 [inline] kmsan_internal_chain_origin+0xad/0x130 mm/kmsan/kmsan.c:288 kmsan_memcpy_memmove_metadata+0x25e/0x2d0 mm/kmsan/kmsan.c:225 kmsan_memcpy_metadata+0xb/0x10 mm/kmsan/kmsan.c:245 __msan_memcpy+0x46/0x60 mm/kmsan/kmsan_instr.c:110 pskb_expand_head+0x381/0x1ad0 net/core/skbuff.c:1688 skb_unclone include/linux/skbuff.h:1659 [inline] inet_frag_reasm_prepare+0xa69/0x1440 net/ipv4/inet_fragment.c:470 nf_ct_frag6_reasm net/ipv6/netfilter/nf_conntrack_reasm.c:325 [inline] nf_ct_frag6_queue net/ipv6/netfilter/nf_conntrack_reasm.c:286 [inline] nf_ct_frag6_gather+0x2815/0x3950 net/ipv6/netfilter/nf_conntrack_reasm.c:481 ipv6_defrag+0x538/0x650 net/ipv6/netfilter/nf_defrag_ipv6_hooks.c:68 nf_hook_entry_hookfn include/linux/netfilter.h:136 [inline] nf_hook_slow net/netfilter/core.c:589 [inline] nf_hook_slow_list+0x34f/0xaf0 net/netfilter/core.c:627 NF_HOOK_LIST include/linux/netfilter.h:337 [inline] ip6_sublist_rcv+0x1b2/0x1320 net/ipv6/ip6_input.c:305 ipv6_list_rcv+0x914/0x980 net/ipv6/ip6_input.c:342 __netif_receive_skb_list_ptype net/core/dev.c:5502 [inline] __netif_receive_skb_list_core+0xfd7/0x14c0 net/core/dev.c:5550 __netif_receive_skb_list net/core/dev.c:5602 [inline] netif_receive_skb_list_internal+0xfd1/0x1680 net/core/dev.c:5712 gro_normal_list net/core/dev.c:5866 [inline] gro_normal_one net/core/dev.c:5879 [inline] napi_frags_finish net/core/dev.c:6275 [inline] napi_gro_frags+0x14bc/0x23a0 net/core/dev.c:6341 tun_get_user+0x59f9/0x7420 drivers/net/tun.c:1890 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae Uninit was created at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:120 [inline] kmsan_internal_poison_memory+0x66/0xd0 mm/kmsan/kmsan.c:103 kmsan_slab_alloc+0x8e/0xe0 mm/kmsan/kmsan_hooks.c:74 slab_alloc_node mm/slub.c:2929 [inline] __kmalloc_node_track_caller+0xaf3/0x1520 mm/slub.c:4611 kmalloc_reserve net/core/skbuff.c:354 [inline] __alloc_skb+0x438/0xd80 net/core/skbuff.c:425 __napi_alloc_skb+0x34c/0xbc0 net/core/skbuff.c:566 napi_alloc_skb include/linux/skbuff.h:2924 [inline] napi_get_frags+0xd1/0x2a0 net/core/dev.c:6255 tun_napi_alloc_frags drivers/net/tun.c:1382 [inline] tun_get_user+0x14b0/0x7420 drivers/net/tun.c:1741 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae ===================================================== ===================================================== BUG: KMSAN: uninit-value in ip6_parse_tlv+0x884/0xc90 net/ipv6/exthdrs.c:162 CPU: 0 PID: 6590 Comm: syz-executor.4 Tainted: G B 5.13.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x1ff/0x280 lib/dump_stack.c:120 kmsan_report+0xfb/0x1e0 mm/kmsan/kmsan_report.c:121 __msan_warning+0x5c/0xa0 mm/kmsan/kmsan_instr.c:200 ip6_parse_tlv+0x884/0xc90 net/ipv6/exthdrs.c:162 ipv6_destopt_rcv+0x5c4/0xdb0 net/ipv6/exthdrs.c:308 ip6_protocol_deliver_rcu+0x18c3/0x23b0 net/ipv6/ip6_input.c:422 ip6_input_finish net/ipv6/ip6_input.c:463 [inline] NF_HOOK include/linux/netfilter.h:301 [inline] ip6_input net/ipv6/ip6_input.c:472 [inline] dst_input include/net/dst.h:458 [inline] ip6_sublist_rcv_finish+0x4fd/0x780 net/ipv6/ip6_input.c:85 ip6_list_rcv_finish net/ipv6/ip6_input.c:142 [inline] ip6_sublist_rcv+0x12af/0x1320 net/ipv6/ip6_input.c:307 ipv6_list_rcv+0x914/0x980 net/ipv6/ip6_input.c:342 __netif_receive_skb_list_ptype net/core/dev.c:5502 [inline] __netif_receive_skb_list_core+0xfd7/0x14c0 net/core/dev.c:5550 __netif_receive_skb_list net/core/dev.c:5602 [inline] netif_receive_skb_list_internal+0xfd1/0x1680 net/core/dev.c:5712 gro_normal_list net/core/dev.c:5866 [inline] gro_normal_one net/core/dev.c:5879 [inline] napi_frags_finish net/core/dev.c:6275 [inline] napi_gro_frags+0x14bc/0x23a0 net/core/dev.c:6341 tun_get_user+0x59f9/0x7420 drivers/net/tun.c:1890 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4601ed Code: 28 89 54 24 1c 48 89 74 24 10 89 7c 24 08 e8 0a 2b 02 00 8b 54 24 1c 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 14 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 33 44 89 c7 48 89 44 24 08 e8 3e 2b 02 00 48 RSP: 002b:00007fa8c79230a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000014 RAX: ffffffffffffffda RBX: 000000000052bf00 RCX: 00000000004601ed RDX: 0000000000000001 RSI: 00007fa8c7923110 RDI: 00000000000000f0 RBP: 0000000020000180 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000049 R11: 0000000000000293 R12: 00000000ffffffff R13: 0000000000000003 R14: 000000000000004e R15: 00007fa8c79236bc Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:120 [inline] kmsan_internal_chain_origin+0xad/0x130 mm/kmsan/kmsan.c:288 kmsan_memcpy_memmove_metadata+0x25e/0x2d0 mm/kmsan/kmsan.c:225 kmsan_memcpy_metadata+0xb/0x10 mm/kmsan/kmsan.c:245 __msan_memcpy+0x46/0x60 mm/kmsan/kmsan_instr.c:110 pskb_expand_head+0x381/0x1ad0 net/core/skbuff.c:1688 skb_unclone include/linux/skbuff.h:1659 [inline] inet_frag_reasm_prepare+0xa69/0x1440 net/ipv4/inet_fragment.c:470 nf_ct_frag6_reasm net/ipv6/netfilter/nf_conntrack_reasm.c:325 [inline] nf_ct_frag6_queue net/ipv6/netfilter/nf_conntrack_reasm.c:286 [inline] nf_ct_frag6_gather+0x2815/0x3950 net/ipv6/netfilter/nf_conntrack_reasm.c:481 ipv6_defrag+0x538/0x650 net/ipv6/netfilter/nf_defrag_ipv6_hooks.c:68 nf_hook_entry_hookfn include/linux/netfilter.h:136 [inline] nf_hook_slow net/netfilter/core.c:589 [inline] nf_hook_slow_list+0x34f/0xaf0 net/netfilter/core.c:627 NF_HOOK_LIST include/linux/netfilter.h:337 [inline] ip6_sublist_rcv+0x1b2/0x1320 net/ipv6/ip6_input.c:305 ipv6_list_rcv+0x914/0x980 net/ipv6/ip6_input.c:342 __netif_receive_skb_list_ptype net/core/dev.c:5502 [inline] __netif_receive_skb_list_core+0xfd7/0x14c0 net/core/dev.c:5550 __netif_receive_skb_list net/core/dev.c:5602 [inline] netif_receive_skb_list_internal+0xfd1/0x1680 net/core/dev.c:5712 gro_normal_list net/core/dev.c:5866 [inline] gro_normal_one net/core/dev.c:5879 [inline] napi_frags_finish net/core/dev.c:6275 [inline] napi_gro_frags+0x14bc/0x23a0 net/core/dev.c:6341 tun_get_user+0x59f9/0x7420 drivers/net/tun.c:1890 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae Uninit was created at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:120 [inline] kmsan_internal_poison_memory+0x66/0xd0 mm/kmsan/kmsan.c:103 kmsan_slab_alloc+0x8e/0xe0 mm/kmsan/kmsan_hooks.c:74 slab_alloc_node mm/slub.c:2929 [inline] __kmalloc_node_track_caller+0xaf3/0x1520 mm/slub.c:4611 kmalloc_reserve net/core/skbuff.c:354 [inline] __alloc_skb+0x438/0xd80 net/core/skbuff.c:425 __napi_alloc_skb+0x34c/0xbc0 net/core/skbuff.c:566 napi_alloc_skb include/linux/skbuff.h:2924 [inline] napi_get_frags+0xd1/0x2a0 net/core/dev.c:6255 tun_napi_alloc_frags drivers/net/tun.c:1382 [inline] tun_get_user+0x14b0/0x7420 drivers/net/tun.c:1741 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae ===================================================== ===================================================== BUG: KMSAN: uninit-value in ip6_parse_tlv+0xa12/0xc90 net/ipv6/exthdrs.c:137 CPU: 0 PID: 6590 Comm: syz-executor.4 Tainted: G B 5.13.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x1ff/0x280 lib/dump_stack.c:120 kmsan_report+0xfb/0x1e0 mm/kmsan/kmsan_report.c:121 __msan_warning+0x5c/0xa0 mm/kmsan/kmsan_instr.c:200 ip6_parse_tlv+0xa12/0xc90 net/ipv6/exthdrs.c:137 ipv6_destopt_rcv+0x5c4/0xdb0 net/ipv6/exthdrs.c:308 ip6_protocol_deliver_rcu+0x18c3/0x23b0 net/ipv6/ip6_input.c:422 ip6_input_finish net/ipv6/ip6_input.c:463 [inline] NF_HOOK include/linux/netfilter.h:301 [inline] ip6_input net/ipv6/ip6_input.c:472 [inline] dst_input include/net/dst.h:458 [inline] ip6_sublist_rcv_finish+0x4fd/0x780 net/ipv6/ip6_input.c:85 ip6_list_rcv_finish net/ipv6/ip6_input.c:142 [inline] ip6_sublist_rcv+0x12af/0x1320 net/ipv6/ip6_input.c:307 ipv6_list_rcv+0x914/0x980 net/ipv6/ip6_input.c:342 __netif_receive_skb_list_ptype net/core/dev.c:5502 [inline] __netif_receive_skb_list_core+0xfd7/0x14c0 net/core/dev.c:5550 __netif_receive_skb_list net/core/dev.c:5602 [inline] netif_receive_skb_list_internal+0xfd1/0x1680 net/core/dev.c:5712 gro_normal_list net/core/dev.c:5866 [inline] gro_normal_one net/core/dev.c:5879 [inline] napi_frags_finish net/core/dev.c:6275 [inline] napi_gro_frags+0x14bc/0x23a0 net/core/dev.c:6341 tun_get_user+0x59f9/0x7420 drivers/net/tun.c:1890 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4601ed Code: 28 89 54 24 1c 48 89 74 24 10 89 7c 24 08 e8 0a 2b 02 00 8b 54 24 1c 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 14 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 33 44 89 c7 48 89 44 24 08 e8 3e 2b 02 00 48 RSP: 002b:00007fa8c79230a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000014 RAX: ffffffffffffffda RBX: 000000000052bf00 RCX: 00000000004601ed RDX: 0000000000000001 RSI: 00007fa8c7923110 RDI: 00000000000000f0 RBP: 0000000020000180 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000049 R11: 0000000000000293 R12: 00000000ffffffff R13: 0000000000000003 R14: 000000000000004e R15: 00007fa8c79236bc Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:120 [inline] kmsan_internal_chain_origin+0xad/0x130 mm/kmsan/kmsan.c:288 kmsan_memcpy_memmove_metadata+0x25e/0x2d0 mm/kmsan/kmsan.c:225 kmsan_memcpy_metadata+0xb/0x10 mm/kmsan/kmsan.c:245 __msan_memcpy+0x46/0x60 mm/kmsan/kmsan_instr.c:110 pskb_expand_head+0x381/0x1ad0 net/core/skbuff.c:1688 skb_unclone include/linux/skbuff.h:1659 [inline] inet_frag_reasm_prepare+0xa69/0x1440 net/ipv4/inet_fragment.c:470 nf_ct_frag6_reasm net/ipv6/netfilter/nf_conntrack_reasm.c:325 [inline] nf_ct_frag6_queue net/ipv6/netfilter/nf_conntrack_reasm.c:286 [inline] nf_ct_frag6_gather+0x2815/0x3950 net/ipv6/netfilter/nf_conntrack_reasm.c:481 ipv6_defrag+0x538/0x650 net/ipv6/netfilter/nf_defrag_ipv6_hooks.c:68 nf_hook_entry_hookfn include/linux/netfilter.h:136 [inline] nf_hook_slow net/netfilter/core.c:589 [inline] nf_hook_slow_list+0x34f/0xaf0 net/netfilter/core.c:627 NF_HOOK_LIST include/linux/netfilter.h:337 [inline] ip6_sublist_rcv+0x1b2/0x1320 net/ipv6/ip6_input.c:305 ipv6_list_rcv+0x914/0x980 net/ipv6/ip6_input.c:342 __netif_receive_skb_list_ptype net/core/dev.c:5502 [inline] __netif_receive_skb_list_core+0xfd7/0x14c0 net/core/dev.c:5550 __netif_receive_skb_list net/core/dev.c:5602 [inline] netif_receive_skb_list_internal+0xfd1/0x1680 net/core/dev.c:5712 gro_normal_list net/core/dev.c:5866 [inline] gro_normal_one net/core/dev.c:5879 [inline] napi_frags_finish net/core/dev.c:6275 [inline] napi_gro_frags+0x14bc/0x23a0 net/core/dev.c:6341 tun_get_user+0x59f9/0x7420 drivers/net/tun.c:1890 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae Uninit was created at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:120 [inline] kmsan_internal_poison_memory+0x66/0xd0 mm/kmsan/kmsan.c:103 kmsan_slab_alloc+0x8e/0xe0 mm/kmsan/kmsan_hooks.c:74 slab_alloc_node mm/slub.c:2929 [inline] __kmalloc_node_track_caller+0xaf3/0x1520 mm/slub.c:4611 kmalloc_reserve net/core/skbuff.c:354 [inline] __alloc_skb+0x438/0xd80 net/core/skbuff.c:425 __napi_alloc_skb+0x34c/0xbc0 net/core/skbuff.c:566 napi_alloc_skb include/linux/skbuff.h:2924 [inline] napi_get_frags+0xd1/0x2a0 net/core/dev.c:6255 tun_napi_alloc_frags drivers/net/tun.c:1382 [inline] tun_get_user+0x14b0/0x7420 drivers/net/tun.c:1741 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae ===================================================== ===================================================== BUG: KMSAN: uninit-value in ip6_parse_tlv+0x85e/0xc90 net/ipv6/exthdrs.c:156 CPU: 0 PID: 6590 Comm: syz-executor.4 Tainted: G B 5.13.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x1ff/0x280 lib/dump_stack.c:120 kmsan_report+0xfb/0x1e0 mm/kmsan/kmsan_report.c:121 __msan_warning+0x5c/0xa0 mm/kmsan/kmsan_instr.c:200 ip6_parse_tlv+0x85e/0xc90 net/ipv6/exthdrs.c:156 ipv6_destopt_rcv+0x5c4/0xdb0 net/ipv6/exthdrs.c:308 ip6_protocol_deliver_rcu+0x18c3/0x23b0 net/ipv6/ip6_input.c:422 ip6_input_finish net/ipv6/ip6_input.c:463 [inline] NF_HOOK include/linux/netfilter.h:301 [inline] ip6_input net/ipv6/ip6_input.c:472 [inline] dst_input include/net/dst.h:458 [inline] ip6_sublist_rcv_finish+0x4fd/0x780 net/ipv6/ip6_input.c:85 ip6_list_rcv_finish net/ipv6/ip6_input.c:142 [inline] ip6_sublist_rcv+0x12af/0x1320 net/ipv6/ip6_input.c:307 ipv6_list_rcv+0x914/0x980 net/ipv6/ip6_input.c:342 __netif_receive_skb_list_ptype net/core/dev.c:5502 [inline] __netif_receive_skb_list_core+0xfd7/0x14c0 net/core/dev.c:5550 __netif_receive_skb_list net/core/dev.c:5602 [inline] netif_receive_skb_list_internal+0xfd1/0x1680 net/core/dev.c:5712 gro_normal_list net/core/dev.c:5866 [inline] gro_normal_one net/core/dev.c:5879 [inline] napi_frags_finish net/core/dev.c:6275 [inline] napi_gro_frags+0x14bc/0x23a0 net/core/dev.c:6341 tun_get_user+0x59f9/0x7420 drivers/net/tun.c:1890 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4601ed Code: 28 89 54 24 1c 48 89 74 24 10 89 7c 24 08 e8 0a 2b 02 00 8b 54 24 1c 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 14 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 33 44 89 c7 48 89 44 24 08 e8 3e 2b 02 00 48 RSP: 002b:00007fa8c79230a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000014 RAX: ffffffffffffffda RBX: 000000000052bf00 RCX: 00000000004601ed RDX: 0000000000000001 RSI: 00007fa8c7923110 RDI: 00000000000000f0 RBP: 0000000020000180 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000049 R11: 0000000000000293 R12: 00000000ffffffff R13: 0000000000000003 R14: 000000000000004e R15: 00007fa8c79236bc Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:120 [inline] kmsan_internal_chain_origin+0xad/0x130 mm/kmsan/kmsan.c:288 kmsan_memcpy_memmove_metadata+0x25e/0x2d0 mm/kmsan/kmsan.c:225 kmsan_memcpy_metadata+0xb/0x10 mm/kmsan/kmsan.c:245 __msan_memcpy+0x46/0x60 mm/kmsan/kmsan_instr.c:110 pskb_expand_head+0x381/0x1ad0 net/core/skbuff.c:1688 skb_unclone include/linux/skbuff.h:1659 [inline] inet_frag_reasm_prepare+0xa69/0x1440 net/ipv4/inet_fragment.c:470 nf_ct_frag6_reasm net/ipv6/netfilter/nf_conntrack_reasm.c:325 [inline] nf_ct_frag6_queue net/ipv6/netfilter/nf_conntrack_reasm.c:286 [inline] nf_ct_frag6_gather+0x2815/0x3950 net/ipv6/netfilter/nf_conntrack_reasm.c:481 ipv6_defrag+0x538/0x650 net/ipv6/netfilter/nf_defrag_ipv6_hooks.c:68 nf_hook_entry_hookfn include/linux/netfilter.h:136 [inline] nf_hook_slow net/netfilter/core.c:589 [inline] nf_hook_slow_list+0x34f/0xaf0 net/netfilter/core.c:627 NF_HOOK_LIST include/linux/netfilter.h:337 [inline] ip6_sublist_rcv+0x1b2/0x1320 net/ipv6/ip6_input.c:305 ipv6_list_rcv+0x914/0x980 net/ipv6/ip6_input.c:342 __netif_receive_skb_list_ptype net/core/dev.c:5502 [inline] __netif_receive_skb_list_core+0xfd7/0x14c0 net/core/dev.c:5550 __netif_receive_skb_list net/core/dev.c:5602 [inline] netif_receive_skb_list_internal+0xfd1/0x1680 net/core/dev.c:5712 gro_normal_list net/core/dev.c:5866 [inline] gro_normal_one net/core/dev.c:5879 [inline] napi_frags_finish net/core/dev.c:6275 [inline] napi_gro_frags+0x14bc/0x23a0 net/core/dev.c:6341 tun_get_user+0x59f9/0x7420 drivers/net/tun.c:1890 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae Uninit was created at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:120 [inline] kmsan_internal_poison_memory+0x66/0xd0 mm/kmsan/kmsan.c:103 kmsan_slab_alloc+0x8e/0xe0 mm/kmsan/kmsan_hooks.c:74 slab_alloc_node mm/slub.c:2929 [inline] __kmalloc_node_track_caller+0xaf3/0x1520 mm/slub.c:4611 kmalloc_reserve net/core/skbuff.c:354 [inline] __alloc_skb+0x438/0xd80 net/core/skbuff.c:425 __napi_alloc_skb+0x34c/0xbc0 net/core/skbuff.c:566 napi_alloc_skb include/linux/skbuff.h:2924 [inline] napi_get_frags+0xd1/0x2a0 net/core/dev.c:6255 tun_napi_alloc_frags drivers/net/tun.c:1382 [inline] tun_get_user+0x14b0/0x7420 drivers/net/tun.c:1741 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae ===================================================== ===================================================== BUG: KMSAN: uninit-value in ip6_parse_tlv+0x884/0xc90 net/ipv6/exthdrs.c:162 CPU: 0 PID: 6590 Comm: syz-executor.4 Tainted: G B 5.13.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x1ff/0x280 lib/dump_stack.c:120 kmsan_report+0xfb/0x1e0 mm/kmsan/kmsan_report.c:121 __msan_warning+0x5c/0xa0 mm/kmsan/kmsan_instr.c:200 ip6_parse_tlv+0x884/0xc90 net/ipv6/exthdrs.c:162 ipv6_destopt_rcv+0x5c4/0xdb0 net/ipv6/exthdrs.c:308 ip6_protocol_deliver_rcu+0x18c3/0x23b0 net/ipv6/ip6_input.c:422 ip6_input_finish net/ipv6/ip6_input.c:463 [inline] NF_HOOK include/linux/netfilter.h:301 [inline] ip6_input net/ipv6/ip6_input.c:472 [inline] dst_input include/net/dst.h:458 [inline] ip6_sublist_rcv_finish+0x4fd/0x780 net/ipv6/ip6_input.c:85 ip6_list_rcv_finish net/ipv6/ip6_input.c:142 [inline] ip6_sublist_rcv+0x12af/0x1320 net/ipv6/ip6_input.c:307 ipv6_list_rcv+0x914/0x980 net/ipv6/ip6_input.c:342 __netif_receive_skb_list_ptype net/core/dev.c:5502 [inline] __netif_receive_skb_list_core+0xfd7/0x14c0 net/core/dev.c:5550 __netif_receive_skb_list net/core/dev.c:5602 [inline] netif_receive_skb_list_internal+0xfd1/0x1680 net/core/dev.c:5712 gro_normal_list net/core/dev.c:5866 [inline] gro_normal_one net/core/dev.c:5879 [inline] napi_frags_finish net/core/dev.c:6275 [inline] napi_gro_frags+0x14bc/0x23a0 net/core/dev.c:6341 tun_get_user+0x59f9/0x7420 drivers/net/tun.c:1890 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4601ed Code: 28 89 54 24 1c 48 89 74 24 10 89 7c 24 08 e8 0a 2b 02 00 8b 54 24 1c 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 14 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 33 44 89 c7 48 89 44 24 08 e8 3e 2b 02 00 48 RSP: 002b:00007fa8c79230a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000014 RAX: ffffffffffffffda RBX: 000000000052bf00 RCX: 00000000004601ed RDX: 0000000000000001 RSI: 00007fa8c7923110 RDI: 00000000000000f0 RBP: 0000000020000180 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000049 R11: 0000000000000293 R12: 00000000ffffffff R13: 0000000000000003 R14: 000000000000004e R15: 00007fa8c79236bc Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:120 [inline] kmsan_internal_chain_origin+0xad/0x130 mm/kmsan/kmsan.c:288 kmsan_memcpy_memmove_metadata+0x25e/0x2d0 mm/kmsan/kmsan.c:225 kmsan_memcpy_metadata+0xb/0x10 mm/kmsan/kmsan.c:245 __msan_memcpy+0x46/0x60 mm/kmsan/kmsan_instr.c:110 pskb_expand_head+0x381/0x1ad0 net/core/skbuff.c:1688 skb_unclone include/linux/skbuff.h:1659 [inline] inet_frag_reasm_prepare+0xa69/0x1440 net/ipv4/inet_fragment.c:470 nf_ct_frag6_reasm net/ipv6/netfilter/nf_conntrack_reasm.c:325 [inline] nf_ct_frag6_queue net/ipv6/netfilter/nf_conntrack_reasm.c:286 [inline] nf_ct_frag6_gather+0x2815/0x3950 net/ipv6/netfilter/nf_conntrack_reasm.c:481 ipv6_defrag+0x538/0x650 net/ipv6/netfilter/nf_defrag_ipv6_hooks.c:68 nf_hook_entry_hookfn include/linux/netfilter.h:136 [inline] nf_hook_slow net/netfilter/core.c:589 [inline] nf_hook_slow_list+0x34f/0xaf0 net/netfilter/core.c:627 NF_HOOK_LIST include/linux/netfilter.h:337 [inline] ip6_sublist_rcv+0x1b2/0x1320 net/ipv6/ip6_input.c:305 ipv6_list_rcv+0x914/0x980 net/ipv6/ip6_input.c:342 __netif_receive_skb_list_ptype net/core/dev.c:5502 [inline] __netif_receive_skb_list_core+0xfd7/0x14c0 net/core/dev.c:5550 __netif_receive_skb_list net/core/dev.c:5602 [inline] netif_receive_skb_list_internal+0xfd1/0x1680 net/core/dev.c:5712 gro_normal_list net/core/dev.c:5866 [inline] gro_normal_one net/core/dev.c:5879 [inline] napi_frags_finish net/core/dev.c:6275 [inline] napi_gro_frags+0x14bc/0x23a0 net/core/dev.c:6341 tun_get_user+0x59f9/0x7420 drivers/net/tun.c:1890 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae Uninit was created at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:120 [inline] kmsan_internal_poison_memory+0x66/0xd0 mm/kmsan/kmsan.c:103 kmsan_slab_alloc+0x8e/0xe0 mm/kmsan/kmsan_hooks.c:74 slab_alloc_node mm/slub.c:2929 [inline] __kmalloc_node_track_caller+0xaf3/0x1520 mm/slub.c:4611 kmalloc_reserve net/core/skbuff.c:354 [inline] __alloc_skb+0x438/0xd80 net/core/skbuff.c:425 __napi_alloc_skb+0x34c/0xbc0 net/core/skbuff.c:566 napi_alloc_skb include/linux/skbuff.h:2924 [inline] napi_get_frags+0xd1/0x2a0 net/core/dev.c:6255 tun_napi_alloc_frags drivers/net/tun.c:1382 [inline] tun_get_user+0x14b0/0x7420 drivers/net/tun.c:1741 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae ===================================================== ===================================================== BUG: KMSAN: uninit-value in ip6_parse_tlv+0xa12/0xc90 net/ipv6/exthdrs.c:137 CPU: 0 PID: 6590 Comm: syz-executor.4 Tainted: G B 5.13.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x1ff/0x280 lib/dump_stack.c:120 kmsan_report+0xfb/0x1e0 mm/kmsan/kmsan_report.c:121 __msan_warning+0x5c/0xa0 mm/kmsan/kmsan_instr.c:200 ip6_parse_tlv+0xa12/0xc90 net/ipv6/exthdrs.c:137 ipv6_destopt_rcv+0x5c4/0xdb0 net/ipv6/exthdrs.c:308 ip6_protocol_deliver_rcu+0x18c3/0x23b0 net/ipv6/ip6_input.c:422 ip6_input_finish net/ipv6/ip6_input.c:463 [inline] NF_HOOK include/linux/netfilter.h:301 [inline] ip6_input net/ipv6/ip6_input.c:472 [inline] dst_input include/net/dst.h:458 [inline] ip6_sublist_rcv_finish+0x4fd/0x780 net/ipv6/ip6_input.c:85 ip6_list_rcv_finish net/ipv6/ip6_input.c:142 [inline] ip6_sublist_rcv+0x12af/0x1320 net/ipv6/ip6_input.c:307 ipv6_list_rcv+0x914/0x980 net/ipv6/ip6_input.c:342 __netif_receive_skb_list_ptype net/core/dev.c:5502 [inline] __netif_receive_skb_list_core+0xfd7/0x14c0 net/core/dev.c:5550 __netif_receive_skb_list net/core/dev.c:5602 [inline] netif_receive_skb_list_internal+0xfd1/0x1680 net/core/dev.c:5712 gro_normal_list net/core/dev.c:5866 [inline] gro_normal_one net/core/dev.c:5879 [inline] napi_frags_finish net/core/dev.c:6275 [inline] napi_gro_frags+0x14bc/0x23a0 net/core/dev.c:6341 tun_get_user+0x59f9/0x7420 drivers/net/tun.c:1890 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4601ed Code: 28 89 54 24 1c 48 89 74 24 10 89 7c 24 08 e8 0a 2b 02 00 8b 54 24 1c 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 14 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 33 44 89 c7 48 89 44 24 08 e8 3e 2b 02 00 48 RSP: 002b:00007fa8c79230a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000014 RAX: ffffffffffffffda RBX: 000000000052bf00 RCX: 00000000004601ed RDX: 0000000000000001 RSI: 00007fa8c7923110 RDI: 00000000000000f0 RBP: 0000000020000180 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000049 R11: 0000000000000293 R12: 00000000ffffffff R13: 0000000000000003 R14: 000000000000004e R15: 00007fa8c79236bc Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:120 [inline] kmsan_internal_chain_origin+0xad/0x130 mm/kmsan/kmsan.c:288 kmsan_memcpy_memmove_metadata+0x25e/0x2d0 mm/kmsan/kmsan.c:225 kmsan_memcpy_metadata+0xb/0x10 mm/kmsan/kmsan.c:245 __msan_memcpy+0x46/0x60 mm/kmsan/kmsan_instr.c:110 pskb_expand_head+0x381/0x1ad0 net/core/skbuff.c:1688 skb_unclone include/linux/skbuff.h:1659 [inline] inet_frag_reasm_prepare+0xa69/0x1440 net/ipv4/inet_fragment.c:470 nf_ct_frag6_reasm net/ipv6/netfilter/nf_conntrack_reasm.c:325 [inline] nf_ct_frag6_queue net/ipv6/netfilter/nf_conntrack_reasm.c:286 [inline] nf_ct_frag6_gather+0x2815/0x3950 net/ipv6/netfilter/nf_conntrack_reasm.c:481 ipv6_defrag+0x538/0x650 net/ipv6/netfilter/nf_defrag_ipv6_hooks.c:68 nf_hook_entry_hookfn include/linux/netfilter.h:136 [inline] nf_hook_slow net/netfilter/core.c:589 [inline] nf_hook_slow_list+0x34f/0xaf0 net/netfilter/core.c:627 NF_HOOK_LIST include/linux/netfilter.h:337 [inline] ip6_sublist_rcv+0x1b2/0x1320 net/ipv6/ip6_input.c:305 ipv6_list_rcv+0x914/0x980 net/ipv6/ip6_input.c:342 __netif_receive_skb_list_ptype net/core/dev.c:5502 [inline] __netif_receive_skb_list_core+0xfd7/0x14c0 net/core/dev.c:5550 __netif_receive_skb_list net/core/dev.c:5602 [inline] netif_receive_skb_list_internal+0xfd1/0x1680 net/core/dev.c:5712 gro_normal_list net/core/dev.c:5866 [inline] gro_normal_one net/core/dev.c:5879 [inline] napi_frags_finish net/core/dev.c:6275 [inline] napi_gro_frags+0x14bc/0x23a0 net/core/dev.c:6341 tun_get_user+0x59f9/0x7420 drivers/net/tun.c:1890 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae Uninit was created at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:120 [inline] kmsan_internal_poison_memory+0x66/0xd0 mm/kmsan/kmsan.c:103 kmsan_slab_alloc+0x8e/0xe0 mm/kmsan/kmsan_hooks.c:74 slab_alloc_node mm/slub.c:2929 [inline] __kmalloc_node_track_caller+0xaf3/0x1520 mm/slub.c:4611 kmalloc_reserve net/core/skbuff.c:354 [inline] __alloc_skb+0x438/0xd80 net/core/skbuff.c:425 __napi_alloc_skb+0x34c/0xbc0 net/core/skbuff.c:566 napi_alloc_skb include/linux/skbuff.h:2924 [inline] napi_get_frags+0xd1/0x2a0 net/core/dev.c:6255 tun_napi_alloc_frags drivers/net/tun.c:1382 [inline] tun_get_user+0x14b0/0x7420 drivers/net/tun.c:1741 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae ===================================================== ===================================================== BUG: KMSAN: uninit-value in ip6_parse_tlv+0x85e/0xc90 net/ipv6/exthdrs.c:156 CPU: 0 PID: 6590 Comm: syz-executor.4 Tainted: G B 5.13.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x1ff/0x280 lib/dump_stack.c:120 kmsan_report+0xfb/0x1e0 mm/kmsan/kmsan_report.c:121 __msan_warning+0x5c/0xa0 mm/kmsan/kmsan_instr.c:200 ip6_parse_tlv+0x85e/0xc90 net/ipv6/exthdrs.c:156 ipv6_destopt_rcv+0x5c4/0xdb0 net/ipv6/exthdrs.c:308 ip6_protocol_deliver_rcu+0x18c3/0x23b0 net/ipv6/ip6_input.c:422 ip6_input_finish net/ipv6/ip6_input.c:463 [inline] NF_HOOK include/linux/netfilter.h:301 [inline] ip6_input net/ipv6/ip6_input.c:472 [inline] dst_input include/net/dst.h:458 [inline] ip6_sublist_rcv_finish+0x4fd/0x780 net/ipv6/ip6_input.c:85 ip6_list_rcv_finish net/ipv6/ip6_input.c:142 [inline] ip6_sublist_rcv+0x12af/0x1320 net/ipv6/ip6_input.c:307 ipv6_list_rcv+0x914/0x980 net/ipv6/ip6_input.c:342 __netif_receive_skb_list_ptype net/core/dev.c:5502 [inline] __netif_receive_skb_list_core+0xfd7/0x14c0 net/core/dev.c:5550 __netif_receive_skb_list net/core/dev.c:5602 [inline] netif_receive_skb_list_internal+0xfd1/0x1680 net/core/dev.c:5712 gro_normal_list net/core/dev.c:5866 [inline] gro_normal_one net/core/dev.c:5879 [inline] napi_frags_finish net/core/dev.c:6275 [inline] napi_gro_frags+0x14bc/0x23a0 net/core/dev.c:6341 tun_get_user+0x59f9/0x7420 drivers/net/tun.c:1890 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4601ed Code: 28 89 54 24 1c 48 89 74 24 10 89 7c 24 08 e8 0a 2b 02 00 8b 54 24 1c 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 14 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 33 44 89 c7 48 89 44 24 08 e8 3e 2b 02 00 48 RSP: 002b:00007fa8c79230a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000014 RAX: ffffffffffffffda RBX: 000000000052bf00 RCX: 00000000004601ed RDX: 0000000000000001 RSI: 00007fa8c7923110 RDI: 00000000000000f0 RBP: 0000000020000180 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000049 R11: 0000000000000293 R12: 00000000ffffffff R13: 0000000000000003 R14: 000000000000004e R15: 00007fa8c79236bc Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:120 [inline] kmsan_internal_chain_origin+0xad/0x130 mm/kmsan/kmsan.c:288 kmsan_memcpy_memmove_metadata+0x25e/0x2d0 mm/kmsan/kmsan.c:225 kmsan_memcpy_metadata+0xb/0x10 mm/kmsan/kmsan.c:245 __msan_memcpy+0x46/0x60 mm/kmsan/kmsan_instr.c:110 pskb_expand_head+0x381/0x1ad0 net/core/skbuff.c:1688 skb_unclone include/linux/skbuff.h:1659 [inline] inet_frag_reasm_prepare+0xa69/0x1440 net/ipv4/inet_fragment.c:470 nf_ct_frag6_reasm net/ipv6/netfilter/nf_conntrack_reasm.c:325 [inline] nf_ct_frag6_queue net/ipv6/netfilter/nf_conntrack_reasm.c:286 [inline] nf_ct_frag6_gather+0x2815/0x3950 net/ipv6/netfilter/nf_conntrack_reasm.c:481 ipv6_defrag+0x538/0x650 net/ipv6/netfilter/nf_defrag_ipv6_hooks.c:68 nf_hook_entry_hookfn include/linux/netfilter.h:136 [inline] nf_hook_slow net/netfilter/core.c:589 [inline] nf_hook_slow_list+0x34f/0xaf0 net/netfilter/core.c:627 NF_HOOK_LIST include/linux/netfilter.h:337 [inline] ip6_sublist_rcv+0x1b2/0x1320 net/ipv6/ip6_input.c:305 ipv6_list_rcv+0x914/0x980 net/ipv6/ip6_input.c:342 __netif_receive_skb_list_ptype net/core/dev.c:5502 [inline] __netif_receive_skb_list_core+0xfd7/0x14c0 net/core/dev.c:5550 __netif_receive_skb_list net/core/dev.c:5602 [inline] netif_receive_skb_list_internal+0xfd1/0x1680 net/core/dev.c:5712 gro_normal_list net/core/dev.c:5866 [inline] gro_normal_one net/core/dev.c:5879 [inline] napi_frags_finish net/core/dev.c:6275 [inline] napi_gro_frags+0x14bc/0x23a0 net/core/dev.c:6341 tun_get_user+0x59f9/0x7420 drivers/net/tun.c:1890 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae Uninit was created at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:120 [inline] kmsan_internal_poison_memory+0x66/0xd0 mm/kmsan/kmsan.c:103 kmsan_slab_alloc+0x8e/0xe0 mm/kmsan/kmsan_hooks.c:74 slab_alloc_node mm/slub.c:2929 [inline] __kmalloc_node_track_caller+0xaf3/0x1520 mm/slub.c:4611 kmalloc_reserve net/core/skbuff.c:354 [inline] __alloc_skb+0x438/0xd80 net/core/skbuff.c:425 __napi_alloc_skb+0x34c/0xbc0 net/core/skbuff.c:566 napi_alloc_skb include/linux/skbuff.h:2924 [inline] napi_get_frags+0xd1/0x2a0 net/core/dev.c:6255 tun_napi_alloc_frags drivers/net/tun.c:1382 [inline] tun_get_user+0x14b0/0x7420 drivers/net/tun.c:1741 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae ===================================================== ===================================================== BUG: KMSAN: uninit-value in ip6_parse_tlv+0x884/0xc90 net/ipv6/exthdrs.c:162 CPU: 0 PID: 6590 Comm: syz-executor.4 Tainted: G B 5.13.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x1ff/0x280 lib/dump_stack.c:120 kmsan_report+0xfb/0x1e0 mm/kmsan/kmsan_report.c:121 __msan_warning+0x5c/0xa0 mm/kmsan/kmsan_instr.c:200 ip6_parse_tlv+0x884/0xc90 net/ipv6/exthdrs.c:162 ipv6_destopt_rcv+0x5c4/0xdb0 net/ipv6/exthdrs.c:308 ip6_protocol_deliver_rcu+0x18c3/0x23b0 net/ipv6/ip6_input.c:422 ip6_input_finish net/ipv6/ip6_input.c:463 [inline] NF_HOOK include/linux/netfilter.h:301 [inline] ip6_input net/ipv6/ip6_input.c:472 [inline] dst_input include/net/dst.h:458 [inline] ip6_sublist_rcv_finish+0x4fd/0x780 net/ipv6/ip6_input.c:85 ip6_list_rcv_finish net/ipv6/ip6_input.c:142 [inline] ip6_sublist_rcv+0x12af/0x1320 net/ipv6/ip6_input.c:307 ipv6_list_rcv+0x914/0x980 net/ipv6/ip6_input.c:342 __netif_receive_skb_list_ptype net/core/dev.c:5502 [inline] __netif_receive_skb_list_core+0xfd7/0x14c0 net/core/dev.c:5550 __netif_receive_skb_list net/core/dev.c:5602 [inline] netif_receive_skb_list_internal+0xfd1/0x1680 net/core/dev.c:5712 gro_normal_list net/core/dev.c:5866 [inline] gro_normal_one net/core/dev.c:5879 [inline] napi_frags_finish net/core/dev.c:6275 [inline] napi_gro_frags+0x14bc/0x23a0 net/core/dev.c:6341 tun_get_user+0x59f9/0x7420 drivers/net/tun.c:1890 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4601ed Code: 28 89 54 24 1c 48 89 74 24 10 89 7c 24 08 e8 0a 2b 02 00 8b 54 24 1c 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 14 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 33 44 89 c7 48 89 44 24 08 e8 3e 2b 02 00 48 RSP: 002b:00007fa8c79230a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000014 RAX: ffffffffffffffda RBX: 000000000052bf00 RCX: 00000000004601ed RDX: 0000000000000001 RSI: 00007fa8c7923110 RDI: 00000000000000f0 RBP: 0000000020000180 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000049 R11: 0000000000000293 R12: 00000000ffffffff R13: 0000000000000003 R14: 000000000000004e R15: 00007fa8c79236bc Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:120 [inline] kmsan_internal_chain_origin+0xad/0x130 mm/kmsan/kmsan.c:288 kmsan_memcpy_memmove_metadata+0x25e/0x2d0 mm/kmsan/kmsan.c:225 kmsan_memcpy_metadata+0xb/0x10 mm/kmsan/kmsan.c:245 __msan_memcpy+0x46/0x60 mm/kmsan/kmsan_instr.c:110 pskb_expand_head+0x381/0x1ad0 net/core/skbuff.c:1688 skb_unclone include/linux/skbuff.h:1659 [inline] inet_frag_reasm_prepare+0xa69/0x1440 net/ipv4/inet_fragment.c:470 nf_ct_frag6_reasm net/ipv6/netfilter/nf_conntrack_reasm.c:325 [inline] nf_ct_frag6_queue net/ipv6/netfilter/nf_conntrack_reasm.c:286 [inline] nf_ct_frag6_gather+0x2815/0x3950 net/ipv6/netfilter/nf_conntrack_reasm.c:481 ipv6_defrag+0x538/0x650 net/ipv6/netfilter/nf_defrag_ipv6_hooks.c:68 nf_hook_entry_hookfn include/linux/netfilter.h:136 [inline] nf_hook_slow net/netfilter/core.c:589 [inline] nf_hook_slow_list+0x34f/0xaf0 net/netfilter/core.c:627 NF_HOOK_LIST include/linux/netfilter.h:337 [inline] ip6_sublist_rcv+0x1b2/0x1320 net/ipv6/ip6_input.c:305 ipv6_list_rcv+0x914/0x980 net/ipv6/ip6_input.c:342 __netif_receive_skb_list_ptype net/core/dev.c:5502 [inline] __netif_receive_skb_list_core+0xfd7/0x14c0 net/core/dev.c:5550 __netif_receive_skb_list net/core/dev.c:5602 [inline] netif_receive_skb_list_internal+0xfd1/0x1680 net/core/dev.c:5712 gro_normal_list net/core/dev.c:5866 [inline] gro_normal_one net/core/dev.c:5879 [inline] napi_frags_finish net/core/dev.c:6275 [inline] napi_gro_frags+0x14bc/0x23a0 net/core/dev.c:6341 tun_get_user+0x59f9/0x7420 drivers/net/tun.c:1890 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae Uninit was created at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:120 [inline] kmsan_internal_poison_memory+0x66/0xd0 mm/kmsan/kmsan.c:103 kmsan_slab_alloc+0x8e/0xe0 mm/kmsan/kmsan_hooks.c:74 slab_alloc_node mm/slub.c:2929 [inline] __kmalloc_node_track_caller+0xaf3/0x1520 mm/slub.c:4611 kmalloc_reserve net/core/skbuff.c:354 [inline] __alloc_skb+0x438/0xd80 net/core/skbuff.c:425 __napi_alloc_skb+0x34c/0xbc0 net/core/skbuff.c:566 napi_alloc_skb include/linux/skbuff.h:2924 [inline] napi_get_frags+0xd1/0x2a0 net/core/dev.c:6255 tun_napi_alloc_frags drivers/net/tun.c:1382 [inline] tun_get_user+0x14b0/0x7420 drivers/net/tun.c:1741 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae ===================================================== ===================================================== BUG: KMSAN: uninit-value in ip6_parse_tlv+0xa12/0xc90 net/ipv6/exthdrs.c:137 CPU: 0 PID: 6590 Comm: syz-executor.4 Tainted: G B 5.13.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x1ff/0x280 lib/dump_stack.c:120 kmsan_report+0xfb/0x1e0 mm/kmsan/kmsan_report.c:121 __msan_warning+0x5c/0xa0 mm/kmsan/kmsan_instr.c:200 ip6_parse_tlv+0xa12/0xc90 net/ipv6/exthdrs.c:137 ipv6_destopt_rcv+0x5c4/0xdb0 net/ipv6/exthdrs.c:308 ip6_protocol_deliver_rcu+0x18c3/0x23b0 net/ipv6/ip6_input.c:422 ip6_input_finish net/ipv6/ip6_input.c:463 [inline] NF_HOOK include/linux/netfilter.h:301 [inline] ip6_input net/ipv6/ip6_input.c:472 [inline] dst_input include/net/dst.h:458 [inline] ip6_sublist_rcv_finish+0x4fd/0x780 net/ipv6/ip6_input.c:85 ip6_list_rcv_finish net/ipv6/ip6_input.c:142 [inline] ip6_sublist_rcv+0x12af/0x1320 net/ipv6/ip6_input.c:307 ipv6_list_rcv+0x914/0x980 net/ipv6/ip6_input.c:342 __netif_receive_skb_list_ptype net/core/dev.c:5502 [inline] __netif_receive_skb_list_core+0xfd7/0x14c0 net/core/dev.c:5550 __netif_receive_skb_list net/core/dev.c:5602 [inline] netif_receive_skb_list_internal+0xfd1/0x1680 net/core/dev.c:5712 gro_normal_list net/core/dev.c:5866 [inline] gro_normal_one net/core/dev.c:5879 [inline] napi_frags_finish net/core/dev.c:6275 [inline] napi_gro_frags+0x14bc/0x23a0 net/core/dev.c:6341 tun_get_user+0x59f9/0x7420 drivers/net/tun.c:1890 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4601ed Code: 28 89 54 24 1c 48 89 74 24 10 89 7c 24 08 e8 0a 2b 02 00 8b 54 24 1c 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 14 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 33 44 89 c7 48 89 44 24 08 e8 3e 2b 02 00 48 RSP: 002b:00007fa8c79230a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000014 RAX: ffffffffffffffda RBX: 000000000052bf00 RCX: 00000000004601ed RDX: 0000000000000001 RSI: 00007fa8c7923110 RDI: 00000000000000f0 RBP: 0000000020000180 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000049 R11: 0000000000000293 R12: 00000000ffffffff R13: 0000000000000003 R14: 000000000000004e R15: 00007fa8c79236bc Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:120 [inline] kmsan_internal_chain_origin+0xad/0x130 mm/kmsan/kmsan.c:288 kmsan_memcpy_memmove_metadata+0x25e/0x2d0 mm/kmsan/kmsan.c:225 kmsan_memcpy_metadata+0xb/0x10 mm/kmsan/kmsan.c:245 __msan_memcpy+0x46/0x60 mm/kmsan/kmsan_instr.c:110 pskb_expand_head+0x381/0x1ad0 net/core/skbuff.c:1688 skb_unclone include/linux/skbuff.h:1659 [inline] inet_frag_reasm_prepare+0xa69/0x1440 net/ipv4/inet_fragment.c:470 nf_ct_frag6_reasm net/ipv6/netfilter/nf_conntrack_reasm.c:325 [inline] nf_ct_frag6_queue net/ipv6/netfilter/nf_conntrack_reasm.c:286 [inline] nf_ct_frag6_gather+0x2815/0x3950 net/ipv6/netfilter/nf_conntrack_reasm.c:481 ipv6_defrag+0x538/0x650 net/ipv6/netfilter/nf_defrag_ipv6_hooks.c:68 nf_hook_entry_hookfn include/linux/netfilter.h:136 [inline] nf_hook_slow net/netfilter/core.c:589 [inline] nf_hook_slow_list+0x34f/0xaf0 net/netfilter/core.c:627 NF_HOOK_LIST include/linux/netfilter.h:337 [inline] ip6_sublist_rcv+0x1b2/0x1320 net/ipv6/ip6_input.c:305 ipv6_list_rcv+0x914/0x980 net/ipv6/ip6_input.c:342 __netif_receive_skb_list_ptype net/core/dev.c:5502 [inline] __netif_receive_skb_list_core+0xfd7/0x14c0 net/core/dev.c:5550 __netif_receive_skb_list net/core/dev.c:5602 [inline] netif_receive_skb_list_internal+0xfd1/0x1680 net/core/dev.c:5712 gro_normal_list net/core/dev.c:5866 [inline] gro_normal_one net/core/dev.c:5879 [inline] napi_frags_finish net/core/dev.c:6275 [inline] napi_gro_frags+0x14bc/0x23a0 net/core/dev.c:6341 tun_get_user+0x59f9/0x7420 drivers/net/tun.c:1890 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae Uninit was created at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:120 [inline] kmsan_internal_poison_memory+0x66/0xd0 mm/kmsan/kmsan.c:103 kmsan_slab_alloc+0x8e/0xe0 mm/kmsan/kmsan_hooks.c:74 slab_alloc_node mm/slub.c:2929 [inline] __kmalloc_node_track_caller+0xaf3/0x1520 mm/slub.c:4611 kmalloc_reserve net/core/skbuff.c:354 [inline] __alloc_skb+0x438/0xd80 net/core/skbuff.c:425 __napi_alloc_skb+0x34c/0xbc0 net/core/skbuff.c:566 napi_alloc_skb include/linux/skbuff.h:2924 [inline] napi_get_frags+0xd1/0x2a0 net/core/dev.c:6255 tun_napi_alloc_frags drivers/net/tun.c:1382 [inline] tun_get_user+0x14b0/0x7420 drivers/net/tun.c:1741 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae ===================================================== ===================================================== BUG: KMSAN: uninit-value in ip6_parse_tlv+0x85e/0xc90 net/ipv6/exthdrs.c:156 CPU: 0 PID: 6590 Comm: syz-executor.4 Tainted: G B 5.13.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x1ff/0x280 lib/dump_stack.c:120 kmsan_report+0xfb/0x1e0 mm/kmsan/kmsan_report.c:121 __msan_warning+0x5c/0xa0 mm/kmsan/kmsan_instr.c:200 ip6_parse_tlv+0x85e/0xc90 net/ipv6/exthdrs.c:156 ipv6_destopt_rcv+0x5c4/0xdb0 net/ipv6/exthdrs.c:308 ip6_protocol_deliver_rcu+0x18c3/0x23b0 net/ipv6/ip6_input.c:422 ip6_input_finish net/ipv6/ip6_input.c:463 [inline] NF_HOOK include/linux/netfilter.h:301 [inline] ip6_input net/ipv6/ip6_input.c:472 [inline] dst_input include/net/dst.h:458 [inline] ip6_sublist_rcv_finish+0x4fd/0x780 net/ipv6/ip6_input.c:85 ip6_list_rcv_finish net/ipv6/ip6_input.c:142 [inline] ip6_sublist_rcv+0x12af/0x1320 net/ipv6/ip6_input.c:307 ipv6_list_rcv+0x914/0x980 net/ipv6/ip6_input.c:342 __netif_receive_skb_list_ptype net/core/dev.c:5502 [inline] __netif_receive_skb_list_core+0xfd7/0x14c0 net/core/dev.c:5550 __netif_receive_skb_list net/core/dev.c:5602 [inline] netif_receive_skb_list_internal+0xfd1/0x1680 net/core/dev.c:5712 gro_normal_list net/core/dev.c:5866 [inline] gro_normal_one net/core/dev.c:5879 [inline] napi_frags_finish net/core/dev.c:6275 [inline] napi_gro_frags+0x14bc/0x23a0 net/core/dev.c:6341 tun_get_user+0x59f9/0x7420 drivers/net/tun.c:1890 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4601ed Code: 28 89 54 24 1c 48 89 74 24 10 89 7c 24 08 e8 0a 2b 02 00 8b 54 24 1c 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 14 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 33 44 89 c7 48 89 44 24 08 e8 3e 2b 02 00 48 RSP: 002b:00007fa8c79230a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000014 RAX: ffffffffffffffda RBX: 000000000052bf00 RCX: 00000000004601ed RDX: 0000000000000001 RSI: 00007fa8c7923110 RDI: 00000000000000f0 RBP: 0000000020000180 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000049 R11: 0000000000000293 R12: 00000000ffffffff R13: 0000000000000003 R14: 000000000000004e R15: 00007fa8c79236bc Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:120 [inline] kmsan_internal_chain_origin+0xad/0x130 mm/kmsan/kmsan.c:288 kmsan_memcpy_memmove_metadata+0x25e/0x2d0 mm/kmsan/kmsan.c:225 kmsan_memcpy_metadata+0xb/0x10 mm/kmsan/kmsan.c:245 __msan_memcpy+0x46/0x60 mm/kmsan/kmsan_instr.c:110 pskb_expand_head+0x381/0x1ad0 net/core/skbuff.c:1688 skb_unclone include/linux/skbuff.h:1659 [inline] inet_frag_reasm_prepare+0xa69/0x1440 net/ipv4/inet_fragment.c:470 nf_ct_frag6_reasm net/ipv6/netfilter/nf_conntrack_reasm.c:325 [inline] nf_ct_frag6_queue net/ipv6/netfilter/nf_conntrack_reasm.c:286 [inline] nf_ct_frag6_gather+0x2815/0x3950 net/ipv6/netfilter/nf_conntrack_reasm.c:481 ipv6_defrag+0x538/0x650 net/ipv6/netfilter/nf_defrag_ipv6_hooks.c:68 nf_hook_entry_hookfn include/linux/netfilter.h:136 [inline] nf_hook_slow net/netfilter/core.c:589 [inline] nf_hook_slow_list+0x34f/0xaf0 net/netfilter/core.c:627 NF_HOOK_LIST include/linux/netfilter.h:337 [inline] ip6_sublist_rcv+0x1b2/0x1320 net/ipv6/ip6_input.c:305 ipv6_list_rcv+0x914/0x980 net/ipv6/ip6_input.c:342 __netif_receive_skb_list_ptype net/core/dev.c:5502 [inline] __netif_receive_skb_list_core+0xfd7/0x14c0 net/core/dev.c:5550 __netif_receive_skb_list net/core/dev.c:5602 [inline] netif_receive_skb_list_internal+0xfd1/0x1680 net/core/dev.c:5712 gro_normal_list net/core/dev.c:5866 [inline] gro_normal_one net/core/dev.c:5879 [inline] napi_frags_finish net/core/dev.c:6275 [inline] napi_gro_frags+0x14bc/0x23a0 net/core/dev.c:6341 tun_get_user+0x59f9/0x7420 drivers/net/tun.c:1890 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae Uninit was created at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:120 [inline] kmsan_internal_poison_memory+0x66/0xd0 mm/kmsan/kmsan.c:103 kmsan_slab_alloc+0x8e/0xe0 mm/kmsan/kmsan_hooks.c:74 slab_alloc_node mm/slub.c:2929 [inline] __kmalloc_node_track_caller+0xaf3/0x1520 mm/slub.c:4611 kmalloc_reserve net/core/skbuff.c:354 [inline] __alloc_skb+0x438/0xd80 net/core/skbuff.c:425 __napi_alloc_skb+0x34c/0xbc0 net/core/skbuff.c:566 napi_alloc_skb include/linux/skbuff.h:2924 [inline] napi_get_frags+0xd1/0x2a0 net/core/dev.c:6255 tun_napi_alloc_frags drivers/net/tun.c:1382 [inline] tun_get_user+0x14b0/0x7420 drivers/net/tun.c:1741 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae ===================================================== ===================================================== BUG: KMSAN: uninit-value in ip6_parse_tlv+0x85e/0xc90 net/ipv6/exthdrs.c:156 CPU: 0 PID: 6590 Comm: syz-executor.4 Tainted: G B 5.13.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x1ff/0x280 lib/dump_stack.c:120 kmsan_report+0xfb/0x1e0 mm/kmsan/kmsan_report.c:121 __msan_warning+0x5c/0xa0 mm/kmsan/kmsan_instr.c:200 ip6_parse_tlv+0x85e/0xc90 net/ipv6/exthdrs.c:156 ipv6_destopt_rcv+0x5c4/0xdb0 net/ipv6/exthdrs.c:308 ip6_protocol_deliver_rcu+0x18c3/0x23b0 net/ipv6/ip6_input.c:422 ip6_input_finish net/ipv6/ip6_input.c:463 [inline] NF_HOOK include/linux/netfilter.h:301 [inline] ip6_input net/ipv6/ip6_input.c:472 [inline] dst_input include/net/dst.h:458 [inline] ip6_sublist_rcv_finish+0x4fd/0x780 net/ipv6/ip6_input.c:85 ip6_list_rcv_finish net/ipv6/ip6_input.c:142 [inline] ip6_sublist_rcv+0x12af/0x1320 net/ipv6/ip6_input.c:307 ipv6_list_rcv+0x914/0x980 net/ipv6/ip6_input.c:342 __netif_receive_skb_list_ptype net/core/dev.c:5502 [inline] __netif_receive_skb_list_core+0xfd7/0x14c0 net/core/dev.c:5550 __netif_receive_skb_list net/core/dev.c:5602 [inline] netif_receive_skb_list_internal+0xfd1/0x1680 net/core/dev.c:5712 gro_normal_list net/core/dev.c:5866 [inline] gro_normal_one net/core/dev.c:5879 [inline] napi_frags_finish net/core/dev.c:6275 [inline] napi_gro_frags+0x14bc/0x23a0 net/core/dev.c:6341 tun_get_user+0x59f9/0x7420 drivers/net/tun.c:1890 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4601ed Code: 28 89 54 24 1c 48 89 74 24 10 89 7c 24 08 e8 0a 2b 02 00 8b 54 24 1c 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 14 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 33 44 89 c7 48 89 44 24 08 e8 3e 2b 02 00 48 RSP: 002b:00007fa8c79230a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000014 RAX: ffffffffffffffda RBX: 000000000052bf00 RCX: 00000000004601ed RDX: 0000000000000001 RSI: 00007fa8c7923110 RDI: 00000000000000f0 RBP: 0000000020000180 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000049 R11: 0000000000000293 R12: 00000000ffffffff R13: 0000000000000003 R14: 000000000000004e R15: 00007fa8c79236bc Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:120 [inline] kmsan_internal_chain_origin+0xad/0x130 mm/kmsan/kmsan.c:288 kmsan_memcpy_memmove_metadata+0x25e/0x2d0 mm/kmsan/kmsan.c:225 kmsan_memcpy_metadata+0xb/0x10 mm/kmsan/kmsan.c:245 __msan_memcpy+0x46/0x60 mm/kmsan/kmsan_instr.c:110 pskb_expand_head+0x381/0x1ad0 net/core/skbuff.c:1688 skb_unclone include/linux/skbuff.h:1659 [inline] inet_frag_reasm_prepare+0xa69/0x1440 net/ipv4/inet_fragment.c:470 nf_ct_frag6_reasm net/ipv6/netfilter/nf_conntrack_reasm.c:325 [inline] nf_ct_frag6_queue net/ipv6/netfilter/nf_conntrack_reasm.c:286 [inline] nf_ct_frag6_gather+0x2815/0x3950 net/ipv6/netfilter/nf_conntrack_reasm.c:481 ipv6_defrag+0x538/0x650 net/ipv6/netfilter/nf_defrag_ipv6_hooks.c:68 nf_hook_entry_hookfn include/linux/netfilter.h:136 [inline] nf_hook_slow net/netfilter/core.c:589 [inline] nf_hook_slow_list+0x34f/0xaf0 net/netfilter/core.c:627 NF_HOOK_LIST include/linux/netfilter.h:337 [inline] ip6_sublist_rcv+0x1b2/0x1320 net/ipv6/ip6_input.c:305 ipv6_list_rcv+0x914/0x980 net/ipv6/ip6_input.c:342 __netif_receive_skb_list_ptype net/core/dev.c:5502 [inline] __netif_receive_skb_list_core+0xfd7/0x14c0 net/core/dev.c:5550 __netif_receive_skb_list net/core/dev.c:5602 [inline] netif_receive_skb_list_internal+0xfd1/0x1680 net/core/dev.c:5712 gro_normal_list net/core/dev.c:5866 [inline] gro_normal_one net/core/dev.c:5879 [inline] napi_frags_finish net/core/dev.c:6275 [inline] napi_gro_frags+0x14bc/0x23a0 net/core/dev.c:6341 tun_get_user+0x59f9/0x7420 drivers/net/tun.c:1890 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae Uninit was created at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:120 [inline] kmsan_internal_poison_memory+0x66/0xd0 mm/kmsan/kmsan.c:103 kmsan_slab_alloc+0x8e/0xe0 mm/kmsan/kmsan_hooks.c:74 slab_alloc_node mm/slub.c:2929 [inline] __kmalloc_node_track_caller+0xaf3/0x1520 mm/slub.c:4611 kmalloc_reserve net/core/skbuff.c:354 [inline] __alloc_skb+0x438/0xd80 net/core/skbuff.c:425 __napi_alloc_skb+0x34c/0xbc0 net/core/skbuff.c:566 napi_alloc_skb include/linux/skbuff.h:2924 [inline] napi_get_frags+0xd1/0x2a0 net/core/dev.c:6255 tun_napi_alloc_frags drivers/net/tun.c:1382 [inline] tun_get_user+0x14b0/0x7420 drivers/net/tun.c:1741 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae ===================================================== ===================================================== BUG: KMSAN: uninit-value in ip6_parse_tlv+0x884/0xc90 net/ipv6/exthdrs.c:162 CPU: 0 PID: 6590 Comm: syz-executor.4 Tainted: G B 5.13.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x1ff/0x280 lib/dump_stack.c:120 kmsan_report+0xfb/0x1e0 mm/kmsan/kmsan_report.c:121 __msan_warning+0x5c/0xa0 mm/kmsan/kmsan_instr.c:200 ip6_parse_tlv+0x884/0xc90 net/ipv6/exthdrs.c:162 ipv6_destopt_rcv+0x5c4/0xdb0 net/ipv6/exthdrs.c:308 ip6_protocol_deliver_rcu+0x18c3/0x23b0 net/ipv6/ip6_input.c:422 ip6_input_finish net/ipv6/ip6_input.c:463 [inline] NF_HOOK include/linux/netfilter.h:301 [inline] ip6_input net/ipv6/ip6_input.c:472 [inline] dst_input include/net/dst.h:458 [inline] ip6_sublist_rcv_finish+0x4fd/0x780 net/ipv6/ip6_input.c:85 ip6_list_rcv_finish net/ipv6/ip6_input.c:142 [inline] ip6_sublist_rcv+0x12af/0x1320 net/ipv6/ip6_input.c:307 ipv6_list_rcv+0x914/0x980 net/ipv6/ip6_input.c:342 __netif_receive_skb_list_ptype net/core/dev.c:5502 [inline] __netif_receive_skb_list_core+0xfd7/0x14c0 net/core/dev.c:5550 __netif_receive_skb_list net/core/dev.c:5602 [inline] netif_receive_skb_list_internal+0xfd1/0x1680 net/core/dev.c:5712 gro_normal_list net/core/dev.c:5866 [inline] gro_normal_one net/core/dev.c:5879 [inline] napi_frags_finish net/core/dev.c:6275 [inline] napi_gro_frags+0x14bc/0x23a0 net/core/dev.c:6341 tun_get_user+0x59f9/0x7420 drivers/net/tun.c:1890 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4601ed Code: 28 89 54 24 1c 48 89 74 24 10 89 7c 24 08 e8 0a 2b 02 00 8b 54 24 1c 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 14 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 33 44 89 c7 48 89 44 24 08 e8 3e 2b 02 00 48 RSP: 002b:00007fa8c79230a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000014 RAX: ffffffffffffffda RBX: 000000000052bf00 RCX: 00000000004601ed RDX: 0000000000000001 RSI: 00007fa8c7923110 RDI: 00000000000000f0 RBP: 0000000020000180 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000049 R11: 0000000000000293 R12: 00000000ffffffff R13: 0000000000000003 R14: 000000000000004e R15: 00007fa8c79236bc Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:120 [inline] kmsan_internal_chain_origin+0xad/0x130 mm/kmsan/kmsan.c:288 kmsan_memcpy_memmove_metadata+0x25e/0x2d0 mm/kmsan/kmsan.c:225 kmsan_memcpy_metadata+0xb/0x10 mm/kmsan/kmsan.c:245 __msan_memcpy+0x46/0x60 mm/kmsan/kmsan_instr.c:110 pskb_expand_head+0x381/0x1ad0 net/core/skbuff.c:1688 skb_unclone include/linux/skbuff.h:1659 [inline] inet_frag_reasm_prepare+0xa69/0x1440 net/ipv4/inet_fragment.c:470 nf_ct_frag6_reasm net/ipv6/netfilter/nf_conntrack_reasm.c:325 [inline] nf_ct_frag6_queue net/ipv6/netfilter/nf_conntrack_reasm.c:286 [inline] nf_ct_frag6_gather+0x2815/0x3950 net/ipv6/netfilter/nf_conntrack_reasm.c:481 ipv6_defrag+0x538/0x650 net/ipv6/netfilter/nf_defrag_ipv6_hooks.c:68 nf_hook_entry_hookfn include/linux/netfilter.h:136 [inline] nf_hook_slow net/netfilter/core.c:589 [inline] nf_hook_slow_list+0x34f/0xaf0 net/netfilter/core.c:627 NF_HOOK_LIST include/linux/netfilter.h:337 [inline] ip6_sublist_rcv+0x1b2/0x1320 net/ipv6/ip6_input.c:305 ipv6_list_rcv+0x914/0x980 net/ipv6/ip6_input.c:342 __netif_receive_skb_list_ptype net/core/dev.c:5502 [inline] __netif_receive_skb_list_core+0xfd7/0x14c0 net/core/dev.c:5550 __netif_receive_skb_list net/core/dev.c:5602 [inline] netif_receive_skb_list_internal+0xfd1/0x1680 net/core/dev.c:5712 gro_normal_list net/core/dev.c:5866 [inline] gro_normal_one net/core/dev.c:5879 [inline] napi_frags_finish net/core/dev.c:6275 [inline] napi_gro_frags+0x14bc/0x23a0 net/core/dev.c:6341 tun_get_user+0x59f9/0x7420 drivers/net/tun.c:1890 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae Uninit was created at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:120 [inline] kmsan_internal_poison_memory+0x66/0xd0 mm/kmsan/kmsan.c:103 kmsan_slab_alloc+0x8e/0xe0 mm/kmsan/kmsan_hooks.c:74 slab_alloc_node mm/slub.c:2929 [inline] __kmalloc_node_track_caller+0xaf3/0x1520 mm/slub.c:4611 kmalloc_reserve net/core/skbuff.c:354 [inline] __alloc_skb+0x438/0xd80 net/core/skbuff.c:425 __napi_alloc_skb+0x34c/0xbc0 net/core/skbuff.c:566 napi_alloc_skb include/linux/skbuff.h:2924 [inline] napi_get_frags+0xd1/0x2a0 net/core/dev.c:6255 tun_napi_alloc_frags drivers/net/tun.c:1382 [inline] tun_get_user+0x14b0/0x7420 drivers/net/tun.c:1741 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae ===================================================== ===================================================== BUG: KMSAN: uninit-value in ip6_parse_tlv+0xa12/0xc90 net/ipv6/exthdrs.c:137 CPU: 0 PID: 6590 Comm: syz-executor.4 Tainted: G B 5.13.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x1ff/0x280 lib/dump_stack.c:120 kmsan_report+0xfb/0x1e0 mm/kmsan/kmsan_report.c:121 __msan_warning+0x5c/0xa0 mm/kmsan/kmsan_instr.c:200 ip6_parse_tlv+0xa12/0xc90 net/ipv6/exthdrs.c:137 ipv6_destopt_rcv+0x5c4/0xdb0 net/ipv6/exthdrs.c:308 ip6_protocol_deliver_rcu+0x18c3/0x23b0 net/ipv6/ip6_input.c:422 ip6_input_finish net/ipv6/ip6_input.c:463 [inline] NF_HOOK include/linux/netfilter.h:301 [inline] ip6_input net/ipv6/ip6_input.c:472 [inline] dst_input include/net/dst.h:458 [inline] ip6_sublist_rcv_finish+0x4fd/0x780 net/ipv6/ip6_input.c:85 ip6_list_rcv_finish net/ipv6/ip6_input.c:142 [inline] ip6_sublist_rcv+0x12af/0x1320 net/ipv6/ip6_input.c:307 ipv6_list_rcv+0x914/0x980 net/ipv6/ip6_input.c:342 __netif_receive_skb_list_ptype net/core/dev.c:5502 [inline] __netif_receive_skb_list_core+0xfd7/0x14c0 net/core/dev.c:5550 __netif_receive_skb_list net/core/dev.c:5602 [inline] netif_receive_skb_list_internal+0xfd1/0x1680 net/core/dev.c:5712 gro_normal_list net/core/dev.c:5866 [inline] gro_normal_one net/core/dev.c:5879 [inline] napi_frags_finish net/core/dev.c:6275 [inline] napi_gro_frags+0x14bc/0x23a0 net/core/dev.c:6341 tun_get_user+0x59f9/0x7420 drivers/net/tun.c:1890 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4601ed Code: 28 89 54 24 1c 48 89 74 24 10 89 7c 24 08 e8 0a 2b 02 00 8b 54 24 1c 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 14 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 33 44 89 c7 48 89 44 24 08 e8 3e 2b 02 00 48 RSP: 002b:00007fa8c79230a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000014 RAX: ffffffffffffffda RBX: 000000000052bf00 RCX: 00000000004601ed RDX: 0000000000000001 RSI: 00007fa8c7923110 RDI: 00000000000000f0 RBP: 0000000020000180 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000049 R11: 0000000000000293 R12: 00000000ffffffff R13: 0000000000000003 R14: 000000000000004e R15: 00007fa8c79236bc Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:120 [inline] kmsan_internal_chain_origin+0xad/0x130 mm/kmsan/kmsan.c:288 kmsan_memcpy_memmove_metadata+0x25e/0x2d0 mm/kmsan/kmsan.c:225 kmsan_memcpy_metadata+0xb/0x10 mm/kmsan/kmsan.c:245 __msan_memcpy+0x46/0x60 mm/kmsan/kmsan_instr.c:110 pskb_expand_head+0x381/0x1ad0 net/core/skbuff.c:1688 skb_unclone include/linux/skbuff.h:1659 [inline] inet_frag_reasm_prepare+0xa69/0x1440 net/ipv4/inet_fragment.c:470 nf_ct_frag6_reasm net/ipv6/netfilter/nf_conntrack_reasm.c:325 [inline] nf_ct_frag6_queue net/ipv6/netfilter/nf_conntrack_reasm.c:286 [inline] nf_ct_frag6_gather+0x2815/0x3950 net/ipv6/netfilter/nf_conntrack_reasm.c:481 ipv6_defrag+0x538/0x650 net/ipv6/netfilter/nf_defrag_ipv6_hooks.c:68 nf_hook_entry_hookfn include/linux/netfilter.h:136 [inline] nf_hook_slow net/netfilter/core.c:589 [inline] nf_hook_slow_list+0x34f/0xaf0 net/netfilter/core.c:627 NF_HOOK_LIST include/linux/netfilter.h:337 [inline] ip6_sublist_rcv+0x1b2/0x1320 net/ipv6/ip6_input.c:305 ipv6_list_rcv+0x914/0x980 net/ipv6/ip6_input.c:342 __netif_receive_skb_list_ptype net/core/dev.c:5502 [inline] __netif_receive_skb_list_core+0xfd7/0x14c0 net/core/dev.c:5550 __netif_receive_skb_list net/core/dev.c:5602 [inline] netif_receive_skb_list_internal+0xfd1/0x1680 net/core/dev.c:5712 gro_normal_list net/core/dev.c:5866 [inline] gro_normal_one net/core/dev.c:5879 [inline] napi_frags_finish net/core/dev.c:6275 [inline] napi_gro_frags+0x14bc/0x23a0 net/core/dev.c:6341 tun_get_user+0x59f9/0x7420 drivers/net/tun.c:1890 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae Uninit was created at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:120 [inline] kmsan_internal_poison_memory+0x66/0xd0 mm/kmsan/kmsan.c:103 kmsan_slab_alloc+0x8e/0xe0 mm/kmsan/kmsan_hooks.c:74 slab_alloc_node mm/slub.c:2929 [inline] __kmalloc_node_track_caller+0xaf3/0x1520 mm/slub.c:4611 kmalloc_reserve net/core/skbuff.c:354 [inline] __alloc_skb+0x438/0xd80 net/core/skbuff.c:425 __napi_alloc_skb+0x34c/0xbc0 net/core/skbuff.c:566 napi_alloc_skb include/linux/skbuff.h:2924 [inline] napi_get_frags+0xd1/0x2a0 net/core/dev.c:6255 tun_napi_alloc_frags drivers/net/tun.c:1382 [inline] tun_get_user+0x14b0/0x7420 drivers/net/tun.c:1741 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae ===================================================== ===================================================== BUG: KMSAN: uninit-value in ip6_parse_tlv+0x85e/0xc90 net/ipv6/exthdrs.c:156 CPU: 0 PID: 6590 Comm: syz-executor.4 Tainted: G B 5.13.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x1ff/0x280 lib/dump_stack.c:120 kmsan_report+0xfb/0x1e0 mm/kmsan/kmsan_report.c:121 __msan_warning+0x5c/0xa0 mm/kmsan/kmsan_instr.c:200 ip6_parse_tlv+0x85e/0xc90 net/ipv6/exthdrs.c:156 ipv6_destopt_rcv+0x5c4/0xdb0 net/ipv6/exthdrs.c:308 ip6_protocol_deliver_rcu+0x18c3/0x23b0 net/ipv6/ip6_input.c:422 ip6_input_finish net/ipv6/ip6_input.c:463 [inline] NF_HOOK include/linux/netfilter.h:301 [inline] ip6_input net/ipv6/ip6_input.c:472 [inline] dst_input include/net/dst.h:458 [inline] ip6_sublist_rcv_finish+0x4fd/0x780 net/ipv6/ip6_input.c:85 ip6_list_rcv_finish net/ipv6/ip6_input.c:142 [inline] ip6_sublist_rcv+0x12af/0x1320 net/ipv6/ip6_input.c:307 ipv6_list_rcv+0x914/0x980 net/ipv6/ip6_input.c:342 __netif_receive_skb_list_ptype net/core/dev.c:5502 [inline] __netif_receive_skb_list_core+0xfd7/0x14c0 net/core/dev.c:5550 __netif_receive_skb_list net/core/dev.c:5602 [inline] netif_receive_skb_list_internal+0xfd1/0x1680 net/core/dev.c:5712 gro_normal_list net/core/dev.c:5866 [inline] gro_normal_one net/core/dev.c:5879 [inline] napi_frags_finish net/core/dev.c:6275 [inline] napi_gro_frags+0x14bc/0x23a0 net/core/dev.c:6341 tun_get_user+0x59f9/0x7420 drivers/net/tun.c:1890 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4601ed Code: 28 89 54 24 1c 48 89 74 24 10 89 7c 24 08 e8 0a 2b 02 00 8b 54 24 1c 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 14 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 33 44 89 c7 48 89 44 24 08 e8 3e 2b 02 00 48 RSP: 002b:00007fa8c79230a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000014 RAX: ffffffffffffffda RBX: 000000000052bf00 RCX: 00000000004601ed RDX: 0000000000000001 RSI: 00007fa8c7923110 RDI: 00000000000000f0 RBP: 0000000020000180 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000049 R11: 0000000000000293 R12: 00000000ffffffff R13: 0000000000000003 R14: 000000000000004e R15: 00007fa8c79236bc Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:120 [inline] kmsan_internal_chain_origin+0xad/0x130 mm/kmsan/kmsan.c:288 kmsan_memcpy_memmove_metadata+0x25e/0x2d0 mm/kmsan/kmsan.c:225 kmsan_memcpy_metadata+0xb/0x10 mm/kmsan/kmsan.c:245 __msan_memcpy+0x46/0x60 mm/kmsan/kmsan_instr.c:110 pskb_expand_head+0x381/0x1ad0 net/core/skbuff.c:1688 skb_unclone include/linux/skbuff.h:1659 [inline] inet_frag_reasm_prepare+0xa69/0x1440 net/ipv4/inet_fragment.c:470 nf_ct_frag6_reasm net/ipv6/netfilter/nf_conntrack_reasm.c:325 [inline] nf_ct_frag6_queue net/ipv6/netfilter/nf_conntrack_reasm.c:286 [inline] nf_ct_frag6_gather+0x2815/0x3950 net/ipv6/netfilter/nf_conntrack_reasm.c:481 ipv6_defrag+0x538/0x650 net/ipv6/netfilter/nf_defrag_ipv6_hooks.c:68 nf_hook_entry_hookfn include/linux/netfilter.h:136 [inline] nf_hook_slow net/netfilter/core.c:589 [inline] nf_hook_slow_list+0x34f/0xaf0 net/netfilter/core.c:627 NF_HOOK_LIST include/linux/netfilter.h:337 [inline] ip6_sublist_rcv+0x1b2/0x1320 net/ipv6/ip6_input.c:305 ipv6_list_rcv+0x914/0x980 net/ipv6/ip6_input.c:342 __netif_receive_skb_list_ptype net/core/dev.c:5502 [inline] __netif_receive_skb_list_core+0xfd7/0x14c0 net/core/dev.c:5550 __netif_receive_skb_list net/core/dev.c:5602 [inline] netif_receive_skb_list_internal+0xfd1/0x1680 net/core/dev.c:5712 gro_normal_list net/core/dev.c:5866 [inline] gro_normal_one net/core/dev.c:5879 [inline] napi_frags_finish net/core/dev.c:6275 [inline] napi_gro_frags+0x14bc/0x23a0 net/core/dev.c:6341 tun_get_user+0x59f9/0x7420 drivers/net/tun.c:1890 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae Uninit was created at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:120 [inline] kmsan_internal_poison_memory+0x66/0xd0 mm/kmsan/kmsan.c:103 kmsan_slab_alloc+0x8e/0xe0 mm/kmsan/kmsan_hooks.c:74 slab_alloc_node mm/slub.c:2929 [inline] __kmalloc_node_track_caller+0xaf3/0x1520 mm/slub.c:4611 kmalloc_reserve net/core/skbuff.c:354 [inline] __alloc_skb+0x438/0xd80 net/core/skbuff.c:425 __napi_alloc_skb+0x34c/0xbc0 net/core/skbuff.c:566 napi_alloc_skb include/linux/skbuff.h:2924 [inline] napi_get_frags+0xd1/0x2a0 net/core/dev.c:6255 tun_napi_alloc_frags drivers/net/tun.c:1382 [inline] tun_get_user+0x14b0/0x7420 drivers/net/tun.c:1741 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae ===================================================== ===================================================== BUG: KMSAN: uninit-value in ip6_parse_tlv+0x884/0xc90 net/ipv6/exthdrs.c:162 CPU: 0 PID: 6590 Comm: syz-executor.4 Tainted: G B 5.13.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x1ff/0x280 lib/dump_stack.c:120 kmsan_report+0xfb/0x1e0 mm/kmsan/kmsan_report.c:121 __msan_warning+0x5c/0xa0 mm/kmsan/kmsan_instr.c:200 ip6_parse_tlv+0x884/0xc90 net/ipv6/exthdrs.c:162 ipv6_destopt_rcv+0x5c4/0xdb0 net/ipv6/exthdrs.c:308 ip6_protocol_deliver_rcu+0x18c3/0x23b0 net/ipv6/ip6_input.c:422 ip6_input_finish net/ipv6/ip6_input.c:463 [inline] NF_HOOK include/linux/netfilter.h:301 [inline] ip6_input net/ipv6/ip6_input.c:472 [inline] dst_input include/net/dst.h:458 [inline] ip6_sublist_rcv_finish+0x4fd/0x780 net/ipv6/ip6_input.c:85 ip6_list_rcv_finish net/ipv6/ip6_input.c:142 [inline] ip6_sublist_rcv+0x12af/0x1320 net/ipv6/ip6_input.c:307 ipv6_list_rcv+0x914/0x980 net/ipv6/ip6_input.c:342 __netif_receive_skb_list_ptype net/core/dev.c:5502 [inline] __netif_receive_skb_list_core+0xfd7/0x14c0 net/core/dev.c:5550 __netif_receive_skb_list net/core/dev.c:5602 [inline] netif_receive_skb_list_internal+0xfd1/0x1680 net/core/dev.c:5712 gro_normal_list net/core/dev.c:5866 [inline] gro_normal_one net/core/dev.c:5879 [inline] napi_frags_finish net/core/dev.c:6275 [inline] napi_gro_frags+0x14bc/0x23a0 net/core/dev.c:6341 tun_get_user+0x59f9/0x7420 drivers/net/tun.c:1890 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4601ed Code: 28 89 54 24 1c 48 89 74 24 10 89 7c 24 08 e8 0a 2b 02 00 8b 54 24 1c 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 14 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 33 44 89 c7 48 89 44 24 08 e8 3e 2b 02 00 48 RSP: 002b:00007fa8c79230a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000014 RAX: ffffffffffffffda RBX: 000000000052bf00 RCX: 00000000004601ed RDX: 0000000000000001 RSI: 00007fa8c7923110 RDI: 00000000000000f0 RBP: 0000000020000180 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000049 R11: 0000000000000293 R12: 00000000ffffffff R13: 0000000000000003 R14: 000000000000004e R15: 00007fa8c79236bc Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:120 [inline] kmsan_internal_chain_origin+0xad/0x130 mm/kmsan/kmsan.c:288 kmsan_memcpy_memmove_metadata+0x25e/0x2d0 mm/kmsan/kmsan.c:225 kmsan_memcpy_metadata+0xb/0x10 mm/kmsan/kmsan.c:245 __msan_memcpy+0x46/0x60 mm/kmsan/kmsan_instr.c:110 pskb_expand_head+0x381/0x1ad0 net/core/skbuff.c:1688 skb_unclone include/linux/skbuff.h:1659 [inline] inet_frag_reasm_prepare+0xa69/0x1440 net/ipv4/inet_fragment.c:470 nf_ct_frag6_reasm net/ipv6/netfilter/nf_conntrack_reasm.c:325 [inline] nf_ct_frag6_queue net/ipv6/netfilter/nf_conntrack_reasm.c:286 [inline] nf_ct_frag6_gather+0x2815/0x3950 net/ipv6/netfilter/nf_conntrack_reasm.c:481 ipv6_defrag+0x538/0x650 net/ipv6/netfilter/nf_defrag_ipv6_hooks.c:68 nf_hook_entry_hookfn include/linux/netfilter.h:136 [inline] nf_hook_slow net/netfilter/core.c:589 [inline] nf_hook_slow_list+0x34f/0xaf0 net/netfilter/core.c:627 NF_HOOK_LIST include/linux/netfilter.h:337 [inline] ip6_sublist_rcv+0x1b2/0x1320 net/ipv6/ip6_input.c:305 ipv6_list_rcv+0x914/0x980 net/ipv6/ip6_input.c:342 __netif_receive_skb_list_ptype net/core/dev.c:5502 [inline] __netif_receive_skb_list_core+0xfd7/0x14c0 net/core/dev.c:5550 __netif_receive_skb_list net/core/dev.c:5602 [inline] netif_receive_skb_list_internal+0xfd1/0x1680 net/core/dev.c:5712 gro_normal_list net/core/dev.c:5866 [inline] gro_normal_one net/core/dev.c:5879 [inline] napi_frags_finish net/core/dev.c:6275 [inline] napi_gro_frags+0x14bc/0x23a0 net/core/dev.c:6341 tun_get_user+0x59f9/0x7420 drivers/net/tun.c:1890 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae Uninit was created at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:120 [inline] kmsan_internal_poison_memory+0x66/0xd0 mm/kmsan/kmsan.c:103 kmsan_slab_alloc+0x8e/0xe0 mm/kmsan/kmsan_hooks.c:74 slab_alloc_node mm/slub.c:2929 [inline] __kmalloc_node_track_caller+0xaf3/0x1520 mm/slub.c:4611 kmalloc_reserve net/core/skbuff.c:354 [inline] __alloc_skb+0x438/0xd80 net/core/skbuff.c:425 __napi_alloc_skb+0x34c/0xbc0 net/core/skbuff.c:566 napi_alloc_skb include/linux/skbuff.h:2924 [inline] napi_get_frags+0xd1/0x2a0 net/core/dev.c:6255 tun_napi_alloc_frags drivers/net/tun.c:1382 [inline] tun_get_user+0x14b0/0x7420 drivers/net/tun.c:1741 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae ===================================================== ===================================================== BUG: KMSAN: uninit-value in ip6_parse_tlv+0xa12/0xc90 net/ipv6/exthdrs.c:137 CPU: 0 PID: 6590 Comm: syz-executor.4 Tainted: G B 5.13.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x1ff/0x280 lib/dump_stack.c:120 kmsan_report+0xfb/0x1e0 mm/kmsan/kmsan_report.c:121 __msan_warning+0x5c/0xa0 mm/kmsan/kmsan_instr.c:200 ip6_parse_tlv+0xa12/0xc90 net/ipv6/exthdrs.c:137 ipv6_destopt_rcv+0x5c4/0xdb0 net/ipv6/exthdrs.c:308 ip6_protocol_deliver_rcu+0x18c3/0x23b0 net/ipv6/ip6_input.c:422 ip6_input_finish net/ipv6/ip6_input.c:463 [inline] NF_HOOK include/linux/netfilter.h:301 [inline] ip6_input net/ipv6/ip6_input.c:472 [inline] dst_input include/net/dst.h:458 [inline] ip6_sublist_rcv_finish+0x4fd/0x780 net/ipv6/ip6_input.c:85 ip6_list_rcv_finish net/ipv6/ip6_input.c:142 [inline] ip6_sublist_rcv+0x12af/0x1320 net/ipv6/ip6_input.c:307 ipv6_list_rcv+0x914/0x980 net/ipv6/ip6_input.c:342 __netif_receive_skb_list_ptype net/core/dev.c:5502 [inline] __netif_receive_skb_list_core+0xfd7/0x14c0 net/core/dev.c:5550 __netif_receive_skb_list net/core/dev.c:5602 [inline] netif_receive_skb_list_internal+0xfd1/0x1680 net/core/dev.c:5712 gro_normal_list net/core/dev.c:5866 [inline] gro_normal_one net/core/dev.c:5879 [inline] napi_frags_finish net/core/dev.c:6275 [inline] napi_gro_frags+0x14bc/0x23a0 net/core/dev.c:6341 tun_get_user+0x59f9/0x7420 drivers/net/tun.c:1890 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4601ed Code: 28 89 54 24 1c 48 89 74 24 10 89 7c 24 08 e8 0a 2b 02 00 8b 54 24 1c 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 14 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 33 44 89 c7 48 89 44 24 08 e8 3e 2b 02 00 48 RSP: 002b:00007fa8c79230a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000014 RAX: ffffffffffffffda RBX: 000000000052bf00 RCX: 00000000004601ed RDX: 0000000000000001 RSI: 00007fa8c7923110 RDI: 00000000000000f0 RBP: 0000000020000180 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000049 R11: 0000000000000293 R12: 00000000ffffffff R13: 0000000000000003 R14: 000000000000004e R15: 00007fa8c79236bc Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:120 [inline] kmsan_internal_chain_origin+0xad/0x130 mm/kmsan/kmsan.c:288 kmsan_memcpy_memmove_metadata+0x25e/0x2d0 mm/kmsan/kmsan.c:225 kmsan_memcpy_metadata+0xb/0x10 mm/kmsan/kmsan.c:245 __msan_memcpy+0x46/0x60 mm/kmsan/kmsan_instr.c:110 pskb_expand_head+0x381/0x1ad0 net/core/skbuff.c:1688 skb_unclone include/linux/skbuff.h:1659 [inline] inet_frag_reasm_prepare+0xa69/0x1440 net/ipv4/inet_fragment.c:470 nf_ct_frag6_reasm net/ipv6/netfilter/nf_conntrack_reasm.c:325 [inline] nf_ct_frag6_queue net/ipv6/netfilter/nf_conntrack_reasm.c:286 [inline] nf_ct_frag6_gather+0x2815/0x3950 net/ipv6/netfilter/nf_conntrack_reasm.c:481 ipv6_defrag+0x538/0x650 net/ipv6/netfilter/nf_defrag_ipv6_hooks.c:68 nf_hook_entry_hookfn include/linux/netfilter.h:136 [inline] nf_hook_slow net/netfilter/core.c:589 [inline] nf_hook_slow_list+0x34f/0xaf0 net/netfilter/core.c:627 NF_HOOK_LIST include/linux/netfilter.h:337 [inline] ip6_sublist_rcv+0x1b2/0x1320 net/ipv6/ip6_input.c:305 ipv6_list_rcv+0x914/0x980 net/ipv6/ip6_input.c:342 __netif_receive_skb_list_ptype net/core/dev.c:5502 [inline] __netif_receive_skb_list_core+0xfd7/0x14c0 net/core/dev.c:5550 __netif_receive_skb_list net/core/dev.c:5602 [inline] netif_receive_skb_list_internal+0xfd1/0x1680 net/core/dev.c:5712 gro_normal_list net/core/dev.c:5866 [inline] gro_normal_one net/core/dev.c:5879 [inline] napi_frags_finish net/core/dev.c:6275 [inline] napi_gro_frags+0x14bc/0x23a0 net/core/dev.c:6341 tun_get_user+0x59f9/0x7420 drivers/net/tun.c:1890 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae Uninit was created at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:120 [inline] kmsan_internal_poison_memory+0x66/0xd0 mm/kmsan/kmsan.c:103 kmsan_slab_alloc+0x8e/0xe0 mm/kmsan/kmsan_hooks.c:74 slab_alloc_node mm/slub.c:2929 [inline] __kmalloc_node_track_caller+0xaf3/0x1520 mm/slub.c:4611 kmalloc_reserve net/core/skbuff.c:354 [inline] __alloc_skb+0x438/0xd80 net/core/skbuff.c:425 __napi_alloc_skb+0x34c/0xbc0 net/core/skbuff.c:566 napi_alloc_skb include/linux/skbuff.h:2924 [inline] napi_get_frags+0xd1/0x2a0 net/core/dev.c:6255 tun_napi_alloc_frags drivers/net/tun.c:1382 [inline] tun_get_user+0x14b0/0x7420 drivers/net/tun.c:1741 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae ===================================================== ===================================================== BUG: KMSAN: uninit-value in ip6_parse_tlv+0x85e/0xc90 net/ipv6/exthdrs.c:156 CPU: 0 PID: 6590 Comm: syz-executor.4 Tainted: G B 5.13.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x1ff/0x280 lib/dump_stack.c:120 kmsan_report+0xfb/0x1e0 mm/kmsan/kmsan_report.c:121 __msan_warning+0x5c/0xa0 mm/kmsan/kmsan_instr.c:200 ip6_parse_tlv+0x85e/0xc90 net/ipv6/exthdrs.c:156 ipv6_destopt_rcv+0x5c4/0xdb0 net/ipv6/exthdrs.c:308 ip6_protocol_deliver_rcu+0x18c3/0x23b0 net/ipv6/ip6_input.c:422 ip6_input_finish net/ipv6/ip6_input.c:463 [inline] NF_HOOK include/linux/netfilter.h:301 [inline] ip6_input net/ipv6/ip6_input.c:472 [inline] dst_input include/net/dst.h:458 [inline] ip6_sublist_rcv_finish+0x4fd/0x780 net/ipv6/ip6_input.c:85 ip6_list_rcv_finish net/ipv6/ip6_input.c:142 [inline] ip6_sublist_rcv+0x12af/0x1320 net/ipv6/ip6_input.c:307 ipv6_list_rcv+0x914/0x980 net/ipv6/ip6_input.c:342 __netif_receive_skb_list_ptype net/core/dev.c:5502 [inline] __netif_receive_skb_list_core+0xfd7/0x14c0 net/core/dev.c:5550 __netif_receive_skb_list net/core/dev.c:5602 [inline] netif_receive_skb_list_internal+0xfd1/0x1680 net/core/dev.c:5712 gro_normal_list net/core/dev.c:5866 [inline] gro_normal_one net/core/dev.c:5879 [inline] napi_frags_finish net/core/dev.c:6275 [inline] napi_gro_frags+0x14bc/0x23a0 net/core/dev.c:6341 tun_get_user+0x59f9/0x7420 drivers/net/tun.c:1890 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4601ed Code: 28 89 54 24 1c 48 89 74 24 10 89 7c 24 08 e8 0a 2b 02 00 8b 54 24 1c 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 14 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 33 44 89 c7 48 89 44 24 08 e8 3e 2b 02 00 48 RSP: 002b:00007fa8c79230a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000014 RAX: ffffffffffffffda RBX: 000000000052bf00 RCX: 00000000004601ed RDX: 0000000000000001 RSI: 00007fa8c7923110 RDI: 00000000000000f0 RBP: 0000000020000180 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000049 R11: 0000000000000293 R12: 00000000ffffffff R13: 0000000000000003 R14: 000000000000004e R15: 00007fa8c79236bc Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:120 [inline] kmsan_internal_chain_origin+0xad/0x130 mm/kmsan/kmsan.c:288 kmsan_memcpy_memmove_metadata+0x25e/0x2d0 mm/kmsan/kmsan.c:225 kmsan_memcpy_metadata+0xb/0x10 mm/kmsan/kmsan.c:245 __msan_memcpy+0x46/0x60 mm/kmsan/kmsan_instr.c:110 pskb_expand_head+0x381/0x1ad0 net/core/skbuff.c:1688 skb_unclone include/linux/skbuff.h:1659 [inline] inet_frag_reasm_prepare+0xa69/0x1440 net/ipv4/inet_fragment.c:470 nf_ct_frag6_reasm net/ipv6/netfilter/nf_conntrack_reasm.c:325 [inline] nf_ct_frag6_queue net/ipv6/netfilter/nf_conntrack_reasm.c:286 [inline] nf_ct_frag6_gather+0x2815/0x3950 net/ipv6/netfilter/nf_conntrack_reasm.c:481 ipv6_defrag+0x538/0x650 net/ipv6/netfilter/nf_defrag_ipv6_hooks.c:68 nf_hook_entry_hookfn include/linux/netfilter.h:136 [inline] nf_hook_slow net/netfilter/core.c:589 [inline] nf_hook_slow_list+0x34f/0xaf0 net/netfilter/core.c:627 NF_HOOK_LIST include/linux/netfilter.h:337 [inline] ip6_sublist_rcv+0x1b2/0x1320 net/ipv6/ip6_input.c:305 ipv6_list_rcv+0x914/0x980 net/ipv6/ip6_input.c:342 __netif_receive_skb_list_ptype net/core/dev.c:5502 [inline] __netif_receive_skb_list_core+0xfd7/0x14c0 net/core/dev.c:5550 __netif_receive_skb_list net/core/dev.c:5602 [inline] netif_receive_skb_list_internal+0xfd1/0x1680 net/core/dev.c:5712 gro_normal_list net/core/dev.c:5866 [inline] gro_normal_one net/core/dev.c:5879 [inline] napi_frags_finish net/core/dev.c:6275 [inline] napi_gro_frags+0x14bc/0x23a0 net/core/dev.c:6341 tun_get_user+0x59f9/0x7420 drivers/net/tun.c:1890 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae Uninit was created at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:120 [inline] kmsan_internal_poison_memory+0x66/0xd0 mm/kmsan/kmsan.c:103 kmsan_slab_alloc+0x8e/0xe0 mm/kmsan/kmsan_hooks.c:74 slab_alloc_node mm/slub.c:2929 [inline] __kmalloc_node_track_caller+0xaf3/0x1520 mm/slub.c:4611 kmalloc_reserve net/core/skbuff.c:354 [inline] __alloc_skb+0x438/0xd80 net/core/skbuff.c:425 __napi_alloc_skb+0x34c/0xbc0 net/core/skbuff.c:566 napi_alloc_skb include/linux/skbuff.h:2924 [inline] napi_get_frags+0xd1/0x2a0 net/core/dev.c:6255 tun_napi_alloc_frags drivers/net/tun.c:1382 [inline] tun_get_user+0x14b0/0x7420 drivers/net/tun.c:1741 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae ===================================================== ===================================================== BUG: KMSAN: uninit-value in ip6_parse_tlv+0x884/0xc90 net/ipv6/exthdrs.c:162 CPU: 0 PID: 6590 Comm: syz-executor.4 Tainted: G B 5.13.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x1ff/0x280 lib/dump_stack.c:120 kmsan_report+0xfb/0x1e0 mm/kmsan/kmsan_report.c:121 __msan_warning+0x5c/0xa0 mm/kmsan/kmsan_instr.c:200 ip6_parse_tlv+0x884/0xc90 net/ipv6/exthdrs.c:162 ipv6_destopt_rcv+0x5c4/0xdb0 net/ipv6/exthdrs.c:308 ip6_protocol_deliver_rcu+0x18c3/0x23b0 net/ipv6/ip6_input.c:422 ip6_input_finish net/ipv6/ip6_input.c:463 [inline] NF_HOOK include/linux/netfilter.h:301 [inline] ip6_input net/ipv6/ip6_input.c:472 [inline] dst_input include/net/dst.h:458 [inline] ip6_sublist_rcv_finish+0x4fd/0x780 net/ipv6/ip6_input.c:85 ip6_list_rcv_finish net/ipv6/ip6_input.c:142 [inline] ip6_sublist_rcv+0x12af/0x1320 net/ipv6/ip6_input.c:307 ipv6_list_rcv+0x914/0x980 net/ipv6/ip6_input.c:342 __netif_receive_skb_list_ptype net/core/dev.c:5502 [inline] __netif_receive_skb_list_core+0xfd7/0x14c0 net/core/dev.c:5550 __netif_receive_skb_list net/core/dev.c:5602 [inline] netif_receive_skb_list_internal+0xfd1/0x1680 net/core/dev.c:5712 gro_normal_list net/core/dev.c:5866 [inline] gro_normal_one net/core/dev.c:5879 [inline] napi_frags_finish net/core/dev.c:6275 [inline] napi_gro_frags+0x14bc/0x23a0 net/core/dev.c:6341 tun_get_user+0x59f9/0x7420 drivers/net/tun.c:1890 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4601ed Code: 28 89 54 24 1c 48 89 74 24 10 89 7c 24 08 e8 0a 2b 02 00 8b 54 24 1c 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 14 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 33 44 89 c7 48 89 44 24 08 e8 3e 2b 02 00 48 RSP: 002b:00007fa8c79230a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000014 RAX: ffffffffffffffda RBX: 000000000052bf00 RCX: 00000000004601ed RDX: 0000000000000001 RSI: 00007fa8c7923110 RDI: 00000000000000f0 RBP: 0000000020000180 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000049 R11: 0000000000000293 R12: 00000000ffffffff R13: 0000000000000003 R14: 000000000000004e R15: 00007fa8c79236bc Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:120 [inline] kmsan_internal_chain_origin+0xad/0x130 mm/kmsan/kmsan.c:288 kmsan_memcpy_memmove_metadata+0x25e/0x2d0 mm/kmsan/kmsan.c:225 kmsan_memcpy_metadata+0xb/0x10 mm/kmsan/kmsan.c:245 __msan_memcpy+0x46/0x60 mm/kmsan/kmsan_instr.c:110 pskb_expand_head+0x381/0x1ad0 net/core/skbuff.c:1688 skb_unclone include/linux/skbuff.h:1659 [inline] inet_frag_reasm_prepare+0xa69/0x1440 net/ipv4/inet_fragment.c:470 nf_ct_frag6_reasm net/ipv6/netfilter/nf_conntrack_reasm.c:325 [inline] nf_ct_frag6_queue net/ipv6/netfilter/nf_conntrack_reasm.c:286 [inline] nf_ct_frag6_gather+0x2815/0x3950 net/ipv6/netfilter/nf_conntrack_reasm.c:481 ipv6_defrag+0x538/0x650 net/ipv6/netfilter/nf_defrag_ipv6_hooks.c:68 nf_hook_entry_hookfn include/linux/netfilter.h:136 [inline] nf_hook_slow net/netfilter/core.c:589 [inline] nf_hook_slow_list+0x34f/0xaf0 net/netfilter/core.c:627 NF_HOOK_LIST include/linux/netfilter.h:337 [inline] ip6_sublist_rcv+0x1b2/0x1320 net/ipv6/ip6_input.c:305 ipv6_list_rcv+0x914/0x980 net/ipv6/ip6_input.c:342 __netif_receive_skb_list_ptype net/core/dev.c:5502 [inline] __netif_receive_skb_list_core+0xfd7/0x14c0 net/core/dev.c:5550 __netif_receive_skb_list net/core/dev.c:5602 [inline] netif_receive_skb_list_internal+0xfd1/0x1680 net/core/dev.c:5712 gro_normal_list net/core/dev.c:5866 [inline] gro_normal_one net/core/dev.c:5879 [inline] napi_frags_finish net/core/dev.c:6275 [inline] napi_gro_frags+0x14bc/0x23a0 net/core/dev.c:6341 tun_get_user+0x59f9/0x7420 drivers/net/tun.c:1890 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae Uninit was created at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:120 [inline] kmsan_internal_poison_memory+0x66/0xd0 mm/kmsan/kmsan.c:103 kmsan_slab_alloc+0x8e/0xe0 mm/kmsan/kmsan_hooks.c:74 slab_alloc_node mm/slub.c:2929 [inline] __kmalloc_node_track_caller+0xaf3/0x1520 mm/slub.c:4611 kmalloc_reserve net/core/skbuff.c:354 [inline] __alloc_skb+0x438/0xd80 net/core/skbuff.c:425 __napi_alloc_skb+0x34c/0xbc0 net/core/skbuff.c:566 napi_alloc_skb include/linux/skbuff.h:2924 [inline] napi_get_frags+0xd1/0x2a0 net/core/dev.c:6255 tun_napi_alloc_frags drivers/net/tun.c:1382 [inline] tun_get_user+0x14b0/0x7420 drivers/net/tun.c:1741 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae ===================================================== ===================================================== BUG: KMSAN: uninit-value in ip6_parse_tlv+0xa12/0xc90 net/ipv6/exthdrs.c:137 CPU: 0 PID: 6590 Comm: syz-executor.4 Tainted: G B 5.13.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x1ff/0x280 lib/dump_stack.c:120 kmsan_report+0xfb/0x1e0 mm/kmsan/kmsan_report.c:121 __msan_warning+0x5c/0xa0 mm/kmsan/kmsan_instr.c:200 ip6_parse_tlv+0xa12/0xc90 net/ipv6/exthdrs.c:137 ipv6_destopt_rcv+0x5c4/0xdb0 net/ipv6/exthdrs.c:308 ip6_protocol_deliver_rcu+0x18c3/0x23b0 net/ipv6/ip6_input.c:422 ip6_input_finish net/ipv6/ip6_input.c:463 [inline] NF_HOOK include/linux/netfilter.h:301 [inline] ip6_input net/ipv6/ip6_input.c:472 [inline] dst_input include/net/dst.h:458 [inline] ip6_sublist_rcv_finish+0x4fd/0x780 net/ipv6/ip6_input.c:85 ip6_list_rcv_finish net/ipv6/ip6_input.c:142 [inline] ip6_sublist_rcv+0x12af/0x1320 net/ipv6/ip6_input.c:307 ipv6_list_rcv+0x914/0x980 net/ipv6/ip6_input.c:342 __netif_receive_skb_list_ptype net/core/dev.c:5502 [inline] __netif_receive_skb_list_core+0xfd7/0x14c0 net/core/dev.c:5550 __netif_receive_skb_list net/core/dev.c:5602 [inline] netif_receive_skb_list_internal+0xfd1/0x1680 net/core/dev.c:5712 gro_normal_list net/core/dev.c:5866 [inline] gro_normal_one net/core/dev.c:5879 [inline] napi_frags_finish net/core/dev.c:6275 [inline] napi_gro_frags+0x14bc/0x23a0 net/core/dev.c:6341 tun_get_user+0x59f9/0x7420 drivers/net/tun.c:1890 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4601ed Code: 28 89 54 24 1c 48 89 74 24 10 89 7c 24 08 e8 0a 2b 02 00 8b 54 24 1c 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 14 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 33 44 89 c7 48 89 44 24 08 e8 3e 2b 02 00 48 RSP: 002b:00007fa8c79230a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000014 RAX: ffffffffffffffda RBX: 000000000052bf00 RCX: 00000000004601ed RDX: 0000000000000001 RSI: 00007fa8c7923110 RDI: 00000000000000f0 RBP: 0000000020000180 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000049 R11: 0000000000000293 R12: 00000000ffffffff R13: 0000000000000003 R14: 000000000000004e R15: 00007fa8c79236bc Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:120 [inline] kmsan_internal_chain_origin+0xad/0x130 mm/kmsan/kmsan.c:288 kmsan_memcpy_memmove_metadata+0x25e/0x2d0 mm/kmsan/kmsan.c:225 kmsan_memcpy_metadata+0xb/0x10 mm/kmsan/kmsan.c:245 __msan_memcpy+0x46/0x60 mm/kmsan/kmsan_instr.c:110 pskb_expand_head+0x381/0x1ad0 net/core/skbuff.c:1688 skb_unclone include/linux/skbuff.h:1659 [inline] inet_frag_reasm_prepare+0xa69/0x1440 net/ipv4/inet_fragment.c:470 nf_ct_frag6_reasm net/ipv6/netfilter/nf_conntrack_reasm.c:325 [inline] nf_ct_frag6_queue net/ipv6/netfilter/nf_conntrack_reasm.c:286 [inline] nf_ct_frag6_gather+0x2815/0x3950 net/ipv6/netfilter/nf_conntrack_reasm.c:481 ipv6_defrag+0x538/0x650 net/ipv6/netfilter/nf_defrag_ipv6_hooks.c:68 nf_hook_entry_hookfn include/linux/netfilter.h:136 [inline] nf_hook_slow net/netfilter/core.c:589 [inline] nf_hook_slow_list+0x34f/0xaf0 net/netfilter/core.c:627 NF_HOOK_LIST include/linux/netfilter.h:337 [inline] ip6_sublist_rcv+0x1b2/0x1320 net/ipv6/ip6_input.c:305 ipv6_list_rcv+0x914/0x980 net/ipv6/ip6_input.c:342 __netif_receive_skb_list_ptype net/core/dev.c:5502 [inline] __netif_receive_skb_list_core+0xfd7/0x14c0 net/core/dev.c:5550 __netif_receive_skb_list net/core/dev.c:5602 [inline] netif_receive_skb_list_internal+0xfd1/0x1680 net/core/dev.c:5712 gro_normal_list net/core/dev.c:5866 [inline] gro_normal_one net/core/dev.c:5879 [inline] napi_frags_finish net/core/dev.c:6275 [inline] napi_gro_frags+0x14bc/0x23a0 net/core/dev.c:6341 tun_get_user+0x59f9/0x7420 drivers/net/tun.c:1890 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae Uninit was created at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:120 [inline] kmsan_internal_poison_memory+0x66/0xd0 mm/kmsan/kmsan.c:103 kmsan_slab_alloc+0x8e/0xe0 mm/kmsan/kmsan_hooks.c:74 slab_alloc_node mm/slub.c:2929 [inline] __kmalloc_node_track_caller+0xaf3/0x1520 mm/slub.c:4611 kmalloc_reserve net/core/skbuff.c:354 [inline] __alloc_skb+0x438/0xd80 net/core/skbuff.c:425 __napi_alloc_skb+0x34c/0xbc0 net/core/skbuff.c:566 napi_alloc_skb include/linux/skbuff.h:2924 [inline] napi_get_frags+0xd1/0x2a0 net/core/dev.c:6255 tun_napi_alloc_frags drivers/net/tun.c:1382 [inline] tun_get_user+0x14b0/0x7420 drivers/net/tun.c:1741 tun_chr_write_iter+0x34e/0x400 drivers/net/tun.c:1937 do_iter_readv_writev+0x867/0xaa0 include/linux/fs.h:2108 do_iter_write+0x2f2/0xe20 fs/read_write.c:866 vfs_writev fs/read_write.c:939 [inline] do_writev+0x4bf/0xb70 fs/read_write.c:982 __do_sys_writev fs/read_write.c:1055 [inline] __se_sys_writev fs/read_write.c:1052 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1052 do_syscall_64+0xcc/0x180 arch/x86/entry/common.c:53 entry_SYSCALL_64_after_hwframe+0x44/0xae ===================================================== clocksource: timekeeping watchdog on CPU0: Marking clocksource 'tsc' as unstable because the skew is too large: clocksource: 'acpi_pm' wd_now: c7b2c0 wd_last: ba454b mask: ffffff clocksource: 'tsc' cs_now: 2f5c4fc624 cs_last: 2a35a83a4e mask: ffffffffffffffff tsc: Marking TSC unstable due to clocksource watchdog TSC found unstable after boot, most likely due to broken BIOS. Use 'tsc=unstable'. sched_clock: Marking unstable (83776014139, -68104911)<-(83722218111, -14191074) clocksource: Switched to clocksource acpi_pm