__x64_sys_write+0x4a/0x70 fs/read_write.c:607 do_syscall_64+0xbc/0xf0 arch/x86/entry/common.c:291 entry_SYSCALL_64_after_hwframe+0x63/0xe7 Uninit was created at: ================================================================== BUG: KMSAN: uninit-value in print_stack_trace+0xce/0x350 kernel/stacktrace.c:18 CPU: 0 PID: 20018 Comm: syz-executor5 Not tainted 4.20.0-rc7+ #3 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x173/0x1d0 lib/dump_stack.c:113 kmsan_report+0x12e/0x2a0 mm/kmsan/kmsan.c:613 __msan_warning+0x82/0xf0 mm/kmsan/kmsan_instr.c:313 print_stack_trace+0xce/0x350 kernel/stacktrace.c:18 kmsan_print_origin+0x15d/0x1f0 mm/kmsan/kmsan.c:383 kmsan_internal_chain_origin+0x21b/0x230 mm/kmsan/kmsan.c:432 kmsan_memcpy_memmove_metadata+0x58f/0xfa0 mm/kmsan/kmsan.c:316 kmsan_memcpy_metadata+0xb/0x10 mm/kmsan/kmsan.c:337 __msan_memcpy+0x58/0x70 mm/kmsan/kmsan_instr.c:139 skb_copy_from_linear_data_offset include/linux/skbuff.h:3442 [inline] skb_copy_bits+0x1d2/0xc60 net/core/skbuff.c:2033 tcp_collapse+0x163f/0x2640 net/ipv4/tcp_input.c:4922 tcp_prune_queue net/ipv4/tcp_input.c:5070 [inline] tcp_try_rmem_schedule+0x12ab/0x2040 net/ipv4/tcp_input.c:4462 tcp_data_queue_ofo net/ipv4/tcp_input.c:4483 [inline] tcp_data_queue+0x247f/0x91a0 net/ipv4/tcp_input.c:4790 tcp_rcv_established+0x1a2d/0x2800 net/ipv4/tcp_input.c:5648 tcp_v4_do_rcv+0x686/0xd70 net/ipv4/tcp_ipv4.c:1534 tcp_v4_rcv+0x689d/0x6e90 net/ipv4/tcp_ipv4.c:1826 ip_local_deliver_finish+0x7a2/0xea0 net/ipv4/ip_input.c:215 NF_HOOK include/linux/netfilter.h:289 [inline] ip_local_deliver+0x44b/0x510 net/ipv4/ip_input.c:256 dst_input include/net/dst.h:450 [inline] ip_rcv_finish net/ipv4/ip_input.c:415 [inline] NF_HOOK include/linux/netfilter.h:289 [inline] ip_rcv+0x6b6/0x740 net/ipv4/ip_input.c:524 __netif_receive_skb_one_core net/core/dev.c:4946 [inline] __netif_receive_skb net/core/dev.c:5056 [inline] process_backlog+0x766/0x10f0 net/core/dev.c:5864 napi_poll net/core/dev.c:6287 [inline] net_rx_action+0x78b/0x1a60 net/core/dev.c:6353 __do_softirq+0x53f/0x93a kernel/softirq.c:293 invoke_softirq kernel/softirq.c:375 [inline] irq_exit+0x214/0x250 kernel/softirq.c:416 exiting_irq+0xe/0x10 arch/x86/include/asm/apic.h:536 smp_apic_timer_interrupt+0x48/0x70 arch/x86/kernel/apic/apic.c:1063 apic_timer_interrupt+0x2e/0x40 arch/x86/entry/entry_64.S:814 RIP: 0010:_raw_spin_unlock_irqrestore+0x4b/0x70 kernel/locking/spinlock.c:185 Code: 00 8b b8 88 0c 00 00 48 8b 00 48 85 c0 75 28 48 89 df e8 28 07 32 f7 c6 00 00 c6 03 00 4d 85 e4 75 1c 4c 89 7d d8 ff 75 d8 9d <48> 83 c4 08 5b 41 5c 41 5e 41 5f 5d c3 e8 83 11 32 f7 eb d1 44 89 RSP: 0018:ffff88804aa7fb88 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13 RAX: ffff888127cceaa0 RBX: ffff888127ccaaa0 RCX: ffff888127cceaa0 RDX: ffff888127e32aa0 RSI: 0000160000000000 RDI: ccccccccccccd000 RBP: ffff88804aa7fbb0 R08: ffff888127ccaaa4 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000282 spin_unlock_irqrestore include/linux/spinlock.h:384 [inline] remove_wait_queue+0x137/0x2a0 kernel/sched/wait.c:45 do_wait+0xb2a/0xbd0 kernel/exit.c:1542 kernel_wait4+0x3cc/0x5e0 kernel/exit.c:1661 __do_sys_wait4 kernel/exit.c:1673 [inline] __se_sys_wait4+0x15f/0x2b0 kernel/exit.c:1669 __x64_sys_wait4+0x56/0x70 kernel/exit.c:1669 do_syscall_64+0xbc/0xf0 arch/x86/entry/common.c:291 entry_SYSCALL_64_after_hwframe+0x63/0xe7 RIP: 0033:0x411f1a Code: 0f 83 1a 17 00 00 c3 66 0f 1f 84 00 00 00 00 00 8b 05 7e 43 64 00 85 c0 75 36 45 31 d2 48 63 d2 48 63 ff b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 d4 ff ff ff f7 RSP: 002b:0000000000a4fd98 EFLAGS: 00000246 ORIG_RAX: 000000000000003d RAX: ffffffffffffffda RBX: 000000000008b571 RCX: 0000000000411f1a RDX: 0000000040000001 RSI: 0000000000a4fdd0 RDI: ffffffffffffffff RBP: 0000000000000061 R08: 0000000000000001 R09: 0000000001928940 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 R13: 000000000008b542 R14: 000000000000002c R15: 0000000000000005 Local variable description: ----__ret.i.i.i.i@kmem_cache_free Variable was created at: kmem_cache_free+0xdc/0x2b70 mm/slub.c:3023 kfree_skbmem net/core/skbuff.c:603 [inline] __kfree_skb net/core/skbuff.c:642 [inline] kfree_skb+0x4d0/0x530 net/core/skbuff.c:659 ==================================================================