=====================================================
BUG: KMSAN: use-after-free in do_slab_free mm/slub.c:3024 [inline]
BUG: KMSAN: use-after-free in slab_free mm/slub.c:3047 [inline]
BUG: KMSAN: use-after-free in kmem_cache_free+0x3df/0x2b70 mm/slub.c:3062
CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.4.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x191/0x1f0 lib/dump_stack.c:113
 kmsan_report+0x128/0x220 mm/kmsan/kmsan_report.c:108
 __msan_warning+0x73/0xe0 mm/kmsan/kmsan_instr.c:245
 do_slab_free mm/slub.c:3024 [inline]
 slab_free mm/slub.c:3047 [inline]
 kmem_cache_free+0x3df/0x2b70 mm/slub.c:3062
 kfree_skbmem net/core/skbuff.c:644 [inline]
 __kfree_skb net/core/skbuff.c:680 [inline]
 kfree_skb+0x473/0x4c0 net/core/skbuff.c:697
 packet_rcv_spkt+0x68d/0x7c0 net/packet/af_packet.c:1847
 deliver_skb net/core/dev.c:1969 [inline]
 deliver_ptype_list_skb net/core/dev.c:1984 [inline]
 __netif_receive_skb_core+0x3aed/0x51a0 net/core/dev.c:4968
 __netif_receive_skb_one_core net/core/dev.c:5008 [inline]
 __netif_receive_skb net/core/dev.c:5124 [inline]
 netif_receive_skb_internal+0x3cc/0xc20 net/core/dev.c:5214
 napi_skb_finish net/core/dev.c:5677 [inline]
 napi_gro_receive+0x67f/0xbb0 net/core/dev.c:5710
 receive_buf+0x653b/0x8810 drivers/net/virtio_net.c:1061
 virtnet_receive drivers/net/virtio_net.c:1323 [inline]
 virtnet_poll+0x666/0x1a10 drivers/net/virtio_net.c:1428
 napi_poll net/core/dev.c:6392 [inline]
 net_rx_action+0x7a6/0x1aa0 net/core/dev.c:6460
 __do_softirq+0x4a1/0x83a kernel/softirq.c:293
 invoke_softirq kernel/softirq.c:375 [inline]
 irq_exit+0x230/0x280 kernel/softirq.c:416
 exiting_irq arch/x86/include/asm/apic.h:536 [inline]
 do_IRQ+0x123/0x360 arch/x86/kernel/irq.c:263
 common_interrupt+0x2e/0x2e arch/x86/entry/entry_64.S:612
 </IRQ>
RIP: 0010:default_idle+0x53/0x90 arch/x86/kernel/process.c:581
Code: 03 e9 ed f2 44 8b 35 54 58 d1 01 48 c7 c7 88 f5 23 90 e8 90 6a b4 f3 83 38 00 75 31 45 85 f6 7e 07 0f 00 2d f7 c1 4e 00 fb f4 <65> 8b 35 de 15 b0 71 c7 03 00 00 00 00 c7 43 08 00 00 00 00 bf ff
RSP: 0018:ffff8881280dfe10 EFLAGS: 00000246 ORIG_RAX: ffffffffffffffda
RAX: ffff888217c38588 RBX: ffff8881280b09a8 RCX: ccccccccccccd000
RDX: ffff888207e31588 RSI: ffffea000a76d180 RDI: 000000001023f588
RBP: ffff8881280dfe20 R08: ffff88812fd30fc0 R09: ffff8881280b8002
R10: 00000041acaea180 R11: ffffffff8e529d00 R12: 0000000000000001
R13: 0000000000000000 R14: 0000000000000000 R15: ffff8881280b09a8
 arch_cpu_idle+0x25/0x30 arch/x86/kernel/process.c:571
 default_idle_call kernel/sched/idle.c:94 [inline]
 cpuidle_idle_call kernel/sched/idle.c:154 [inline]
 do_idle+0x1d5/0x780 kernel/sched/idle.c:263
 cpu_startup_entry+0x45/0x50 kernel/sched/idle.c:355
 start_secondary+0x389/0x480 arch/x86/kernel/smpboot.c:264
 secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:241

Uninit was stored to memory at:
 kmsan_save_stack_with_flags mm/kmsan/kmsan.c:151 [inline]
 kmsan_internal_chain_origin+0xbd/0x180 mm/kmsan/kmsan.c:319
 __msan_chain_origin+0x6b/0xd0 mm/kmsan/kmsan_instr.c:179
 ___slab_alloc+0x1dbc/0x1fb0 mm/slub.c:2636
 __slab_alloc mm/slub.c:2689 [inline]
 slab_alloc_node mm/slub.c:2763 [inline]
 slab_alloc mm/slub.c:2808 [inline]
 kmem_cache_alloc+0xadf/0xd20 mm/slub.c:2813
 skb_clone+0x326/0x5d0 net/core/skbuff.c:1448
 skb_share_check include/linux/skbuff.h:1669 [inline]
 packet_rcv_spkt+0x23f/0x7c0 net/packet/af_packet.c:1816
 deliver_skb net/core/dev.c:1969 [inline]
 deliver_ptype_list_skb net/core/dev.c:1984 [inline]
 __netif_receive_skb_core+0x3aed/0x51a0 net/core/dev.c:4968
 __netif_receive_skb_one_core net/core/dev.c:5008 [inline]
 __netif_receive_skb net/core/dev.c:5124 [inline]
 netif_receive_skb_internal+0x3cc/0xc20 net/core/dev.c:5214
 napi_skb_finish net/core/dev.c:5677 [inline]
 napi_gro_receive+0x67f/0xbb0 net/core/dev.c:5710
 receive_buf+0x653b/0x8810 drivers/net/virtio_net.c:1061
 virtnet_receive drivers/net/virtio_net.c:1323 [inline]
 virtnet_poll+0x666/0x1a10 drivers/net/virtio_net.c:1428
 napi_poll net/core/dev.c:6392 [inline]
 net_rx_action+0x7a6/0x1aa0 net/core/dev.c:6460
 __do_softirq+0x4a1/0x83a kernel/softirq.c:293
 invoke_softirq kernel/softirq.c:375 [inline]
 irq_exit+0x230/0x280 kernel/softirq.c:416
 exiting_irq arch/x86/include/asm/apic.h:536 [inline]
 do_IRQ+0x123/0x360 arch/x86/kernel/irq.c:263
 ret_from_intr+0x0/0x33
 native_safe_halt arch/x86/include/asm/irqflags.h:60 [inline]
 arch_safe_halt arch/x86/include/asm/irqflags.h:103 [inline]
 default_idle+0x53/0x90 arch/x86/kernel/process.c:580
 arch_cpu_idle+0x25/0x30 arch/x86/kernel/process.c:571
 default_idle_call kernel/sched/idle.c:94 [inline]
 cpuidle_idle_call kernel/sched/idle.c:154 [inline]
 do_idle+0x1d5/0x780 kernel/sched/idle.c:263
 cpu_startup_entry+0x45/0x50 kernel/sched/idle.c:355
 start_secondary+0x389/0x480 arch/x86/kernel/smpboot.c:264
 secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:241

Uninit was created at:
 kmsan_save_stack_with_flags mm/kmsan/kmsan.c:151 [inline]
 kmsan_internal_poison_shadow+0x60/0x120 mm/kmsan/kmsan.c:134
 kmsan_slab_free+0x8d/0xf0 mm/kmsan/kmsan_hooks.c:109
 slab_free_freelist_hook mm/slub.c:1473 [inline]
 slab_free mm/slub.c:3046 [inline]
 kmem_cache_free_bulk+0x3ad9/0x3f10 mm/slub.c:3171
 __kfree_skb_flush+0xb0/0x100 net/core/skbuff.c:862
 net_rx_action+0x1a5e/0x1aa0 net/core/dev.c:6483
 __do_softirq+0x4a1/0x83a kernel/softirq.c:293
 invoke_softirq kernel/softirq.c:375 [inline]
 irq_exit+0x230/0x280 kernel/softirq.c:416
 exiting_irq arch/x86/include/asm/apic.h:536 [inline]
 do_IRQ+0x123/0x360 arch/x86/kernel/irq.c:263
 ret_from_intr+0x0/0x33
 native_safe_halt arch/x86/include/asm/irqflags.h:60 [inline]
 arch_safe_halt arch/x86/include/asm/irqflags.h:103 [inline]
 default_idle+0x53/0x90 arch/x86/kernel/process.c:580
 arch_cpu_idle+0x25/0x30 arch/x86/kernel/process.c:571
 default_idle_call kernel/sched/idle.c:94 [inline]
 cpuidle_idle_call kernel/sched/idle.c:154 [inline]
 do_idle+0x1d5/0x780 kernel/sched/idle.c:263
 cpu_startup_entry+0x45/0x50 kernel/sched/idle.c:355
 rest_init+0x1be/0x1f0 init/main.c:452
 arch_call_rest_init+0x13/0x15
 start_kernel+0x987/0xb57 init/main.c:787
 x86_64_start_reservations+0x18/0x2e arch/x86/kernel/head64.c:490
 x86_64_start_kernel+0x81/0x84 arch/x86/kernel/head64.c:471
 secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:241
=====================================================