===================================================== BUG: KMSAN: kernel-infoleak-after-free in instrument_copy_to_user include/linux/instrumented.h:121 [inline] BUG: KMSAN: kernel-infoleak-after-free in _copy_to_user+0xbc/0x100 lib/usercopy.c:33 instrument_copy_to_user include/linux/instrumented.h:121 [inline] _copy_to_user+0xbc/0x100 lib/usercopy.c:33 copy_to_user include/linux/uaccess.h:169 [inline] compat_copy_entry_to_user net/ipv4/netfilter/ip_tables.c:1231 [inline] compat_copy_entries_to_user+0x29d/0xb50 net/ipv4/netfilter/ip_tables.c:1563 compat_get_entries net/ipv6/netfilter/ip6_tables.c:1608 [inline] do_ip6t_get_ctl+0x1f23/0x20c0 net/ipv6/netfilter/ip6_tables.c:1669 nf_getsockopt+0x41d/0x480 net/netfilter/nf_sockopt.c:116 ipv6_getsockopt+0x34f/0x510 net/ipv6/ipv6_sockglue.c:1513 tcp_getsockopt+0x162/0x1b0 net/ipv4/tcp.c:4402 sock_common_getsockopt+0x99/0xd0 net/core/sock.c:3614 __sys_getsockopt+0x5ea/0xb00 net/socket.c:2296 __do_compat_sys_socketcall net/compat.c:492 [inline] __se_compat_sys_socketcall+0xc09/0x1a90 net/compat.c:421 __ia32_compat_sys_socketcall+0x67/0x90 net/compat.c:421 do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline] __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178 do_fast_syscall_32+0x33/0x70 arch/x86/entry/common.c:203 do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:246 entry_SYSENTER_compat_after_hwframe+0x70/0x82 Uninit was stored to memory at: get_counters net/ipv4/netfilter/ip_tables.c:764 [inline] alloc_counters+0x71b/0x850 net/ipv4/netfilter/ip_tables.c:806 compat_copy_entries_to_user+0x91/0xb50 net/ipv4/netfilter/ip_tables.c:1556 compat_get_entries net/ipv6/netfilter/ip6_tables.c:1608 [inline] do_ip6t_get_ctl+0x1f23/0x20c0 net/ipv6/netfilter/ip6_tables.c:1669 nf_getsockopt+0x41d/0x480 net/netfilter/nf_sockopt.c:116 ipv6_getsockopt+0x34f/0x510 net/ipv6/ipv6_sockglue.c:1513 tcp_getsockopt+0x162/0x1b0 net/ipv4/tcp.c:4402 sock_common_getsockopt+0x99/0xd0 net/core/sock.c:3614 __sys_getsockopt+0x5ea/0xb00 net/socket.c:2296 __do_compat_sys_socketcall net/compat.c:492 [inline] __se_compat_sys_socketcall+0xc09/0x1a90 net/compat.c:421 __ia32_compat_sys_socketcall+0x67/0x90 net/compat.c:421 do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline] __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178 do_fast_syscall_32+0x33/0x70 arch/x86/entry/common.c:203 do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:246 entry_SYSENTER_compat_after_hwframe+0x70/0x82 Uninit was created at: free_pages_prepare mm/page_alloc.c:1410 [inline] free_pcp_prepare+0x40/0x640 mm/page_alloc.c:1532 free_unref_page_prepare mm/page_alloc.c:3387 [inline] free_unref_page+0x41/0x940 mm/page_alloc.c:3483 free_the_page mm/page_alloc.c:770 [inline] __free_pages+0x78/0x1c0 mm/page_alloc.c:5641 free_large_kmalloc+0x16f/0x230 mm/slab_common.c:932 kfree+0x1d3/0x420 mm/slab_common.c:1001 kvfree+0x65/0x70 mm/util.c:627 xt_free_table_info+0x135/0x1d0 net/netfilter/x_tables.c:1208 __do_replace+0xcd5/0xf90 net/ipv6/netfilter/ip6_tables.c:1104 compat_do_replace net/ipv6/netfilter/ip6_tables.c:1533 [inline] do_ip6t_set_ctl+0x5465/0x5760 net/ipv6/netfilter/ip6_tables.c:1636 nf_setsockopt+0x48a/0x4f0 net/netfilter/nf_sockopt.c:101 ipv6_setsockopt+0x1d8/0x310 net/ipv6/ipv6_sockglue.c:1030 tcp_setsockopt+0x14a/0x180 net/ipv4/tcp.c:3801 sock_common_setsockopt+0xef/0x120 net/core/sock.c:3641 __sys_setsockopt+0x8df/0xdd0 net/socket.c:2252 __do_compat_sys_socketcall net/compat.c:489 [inline] __se_compat_sys_socketcall+0xb3a/0x1a90 net/compat.c:421 __ia32_compat_sys_socketcall+0x67/0x90 net/compat.c:421 do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline] __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178 do_fast_syscall_32+0x33/0x70 arch/x86/entry/common.c:203 do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:246 entry_SYSENTER_compat_after_hwframe+0x70/0x82 Bytes 0-7 of 16 are uninitialized Memory access of size 16 starts at ffffc90010305000 Data copied to user address 00000000ffaef714 CPU: 0 PID: 3504 Comm: syz-executor.4 Tainted: G W 6.1.0-rc4-syzkaller-62820-g9b1ac640862d #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 =====================================================