===================================================== BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:121 [inline] BUG: KMSAN: kernel-infoleak in copyout lib/iov_iter.c:154 [inline] BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x6ef/0x25a0 lib/iov_iter.c:668 instrument_copy_to_user include/linux/instrumented.h:121 [inline] copyout lib/iov_iter.c:154 [inline] _copy_to_iter+0x6ef/0x25a0 lib/iov_iter.c:668 copy_to_iter include/linux/uio.h:162 [inline] simple_copy_to_iter+0xf3/0x140 net/core/datagram.c:519 __skb_datagram_iter+0x2d5/0x11b0 net/core/datagram.c:425 skb_copy_datagram_iter+0xdc/0x270 net/core/datagram.c:533 skb_copy_datagram_msg include/linux/skbuff.h:3696 [inline] netlink_recvmsg+0x669/0x1c80 net/netlink/af_netlink.c:1977 ____sys_recvmsg+0x590/0xb00 ___sys_recvmsg net/socket.c:2674 [inline] do_recvmmsg+0x11a4/0x2120 net/socket.c:2768 __sys_recvmmsg net/socket.c:2847 [inline] __do_sys_recvmmsg net/socket.c:2870 [inline] __se_sys_recvmmsg net/socket.c:2863 [inline] __x64_sys_recvmmsg+0x2af/0x500 net/socket.c:2863 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x44/0xae Uninit was stored to memory at: copy_to_user_auth net/xfrm/xfrm_user.c:896 [inline] copy_to_user_state_extra+0x132e/0x24e0 net/xfrm/xfrm_user.c:991 dump_one_state+0x38d/0x7f0 net/xfrm/xfrm_user.c:1069 xfrm_state_walk+0x567/0x16c0 net/xfrm/xfrm_state.c:2134 xfrm_dump_sa+0x27c/0x7f0 net/xfrm/xfrm_user.c:1140 netlink_dump+0xb72/0x16c0 net/netlink/af_netlink.c:2268 __netlink_dump_start+0xcf8/0xe90 net/netlink/af_netlink.c:2373 netlink_dump_start include/linux/netlink.h:254 [inline] xfrm_user_rcv_msg+0x936/0x1190 net/xfrm/xfrm_user.c:2926 netlink_rcv_skb+0x40c/0x7e0 net/netlink/af_netlink.c:2494 xfrm_netlink_rcv+0xb2/0xf0 net/xfrm/xfrm_user.c:2963 netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline] netlink_unicast+0x1093/0x1360 net/netlink/af_netlink.c:1343 netlink_sendmsg+0x14d9/0x1720 net/netlink/af_netlink.c:1919 sock_sendmsg_nosec net/socket.c:705 [inline] sock_sendmsg net/socket.c:725 [inline] ____sys_sendmsg+0xe11/0x12c0 net/socket.c:2413 ___sys_sendmsg net/socket.c:2467 [inline] __sys_sendmsg+0x704/0x840 net/socket.c:2496 __do_sys_sendmsg net/socket.c:2505 [inline] __se_sys_sendmsg net/socket.c:2503 [inline] __x64_sys_sendmsg+0xe2/0x120 net/socket.c:2503 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x44/0xae Uninit was created at: slab_post_alloc_hook mm/slab.h:737 [inline] slab_alloc_node mm/slub.c:3247 [inline] slab_alloc mm/slub.c:3255 [inline] __kmalloc+0xc3c/0x12d0 mm/slub.c:4438 kmalloc include/linux/slab.h:586 [inline] pfkey_msg2xfrm_state net/key/af_key.c:1177 [inline] pfkey_add+0x1dd9/0x3ee0 net/key/af_key.c:1504 pfkey_process net/key/af_key.c:2837 [inline] pfkey_sendmsg+0x16bb/0x1c60 net/key/af_key.c:3676 sock_sendmsg_nosec net/socket.c:705 [inline] sock_sendmsg net/socket.c:725 [inline] ____sys_sendmsg+0xe11/0x12c0 net/socket.c:2413 ___sys_sendmsg net/socket.c:2467 [inline] __sys_sendmsg+0x704/0x840 net/socket.c:2496 __do_sys_sendmsg net/socket.c:2505 [inline] __se_sys_sendmsg net/socket.c:2503 [inline] __x64_sys_sendmsg+0xe2/0x120 net/socket.c:2503 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x44/0xae Bytes 400-450 of 3279 are uninitialized Memory access of size 3279 starts at ffff888016a0403d Data copied to user address 00000000200094c0 CPU: 1 PID: 13815 Comm: syz-executor.3 Not tainted 5.17.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 =====================================================