===================================================== BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline] BUG: KMSAN: kernel-infoleak in copy_to_user_iter lib/iov_iter.c:24 [inline] BUG: KMSAN: kernel-infoleak in iterate_iovec include/linux/iov_iter.h:52 [inline] BUG: KMSAN: kernel-infoleak in iterate_and_advance2 include/linux/iov_iter.h:304 [inline] BUG: KMSAN: kernel-infoleak in iterate_and_advance include/linux/iov_iter.h:330 [inline] BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x4e4/0x3400 lib/iov_iter.c:197 instrument_copy_to_user include/linux/instrumented.h:114 [inline] copy_to_user_iter lib/iov_iter.c:24 [inline] iterate_iovec include/linux/iov_iter.h:52 [inline] iterate_and_advance2 include/linux/iov_iter.h:304 [inline] iterate_and_advance include/linux/iov_iter.h:330 [inline] _copy_to_iter+0x4e4/0x3400 lib/iov_iter.c:197 copy_to_iter include/linux/uio.h:220 [inline] simple_copy_to_iter net/core/datagram.c:521 [inline] __skb_datagram_iter+0x7ce/0x12b0 net/core/datagram.c:435 skb_copy_datagram_iter+0x5b/0x1e0 net/core/datagram.c:535 skb_copy_datagram_msg include/linux/skbuff.h:4217 [inline] tcp_peek_sndq+0x12b/0x570 net/ipv4/tcp.c:1490 tcp_recvmsg_locked+0x565e/0x56f0 net/ipv4/tcp.c:2908 tcp_recvmsg+0x2bd/0xad0 net/ipv4/tcp.c:2927 inet_recvmsg+0x15b/0x690 net/ipv4/af_inet.c:891 sock_recvmsg_nosec+0x19d/0x2e0 net/socket.c:1078 ____sys_recvmsg+0x4e5/0x620 net/socket.c:2810 ___sys_recvmsg+0x20b/0x850 net/socket.c:2854 do_recvmmsg+0x50b/0xdf0 net/socket.c:2941 __sys_recvmmsg+0xf3/0x450 net/socket.c:3023 __do_compat_sys_recvmmsg_time32 net/compat.c:418 [inline] __se_compat_sys_recvmmsg_time32 net/compat.c:414 [inline] __ia32_compat_sys_recvmmsg_time32+0x102/0x1b0 net/compat.c:414 ia32_sys_call+0x2935/0x4340 arch/x86/include/generated/asm/syscalls_32.h:338 do_syscall_32_irqs_on arch/x86/entry/syscall_32.c:83 [inline] __do_fast_syscall_32+0x14a/0x310 arch/x86/entry/syscall_32.c:307 do_fast_syscall_32+0x37/0x80 arch/x86/entry/syscall_32.c:332 do_SYSENTER_32+0x1f/0x30 arch/x86/entry/syscall_32.c:370 entry_SYSENTER_compat_after_hwframe+0x84/0x8e Uninit was created at: __alloc_frozen_pages_noprof+0x6df/0xf50 mm/page_alloc.c:5263 alloc_pages_mpol+0x328/0x860 mm/mempolicy.c:2486 alloc_frozen_pages_noprof mm/mempolicy.c:2557 [inline] alloc_pages_noprof+0x101/0x280 mm/mempolicy.c:2577 skb_page_frag_refill+0x34e/0x730 net/core/sock.c:3146 sk_page_frag_refill+0x59/0x190 net/core/sock.c:3166 tcp_sendmsg_locked+0x23d8/0x76f0 net/ipv4/tcp.c:1247 tcp_sendmsg+0x4b/0x90 net/ipv4/tcp.c:1412 inet_sendmsg+0x134/0x290 net/ipv4/af_inet.c:859 sock_sendmsg_nosec net/socket.c:727 [inline] __sock_sendmsg net/socket.c:742 [inline] __sys_sendto+0x8ea/0xb90 net/socket.c:2206 __do_sys_sendto net/socket.c:2213 [inline] __se_sys_sendto net/socket.c:2209 [inline] __ia32_sys_sendto+0x12f/0x200 net/socket.c:2209 ia32_sys_call+0x1a3d/0x4340 arch/x86/include/generated/asm/syscalls_32.h:370 do_syscall_32_irqs_on arch/x86/entry/syscall_32.c:83 [inline] __do_fast_syscall_32+0x14a/0x310 arch/x86/entry/syscall_32.c:307 do_fast_syscall_32+0x37/0x80 arch/x86/entry/syscall_32.c:332 do_SYSENTER_32+0x1f/0x30 arch/x86/entry/syscall_32.c:370 entry_SYSENTER_compat_after_hwframe+0x84/0x8e Bytes 0-47 of 48 are uninitialized Memory access of size 48 starts at ffff88804dc00000 CPU: 0 UID: 0 PID: 18351 Comm: syz.3.3671 Tainted: G W L syzkaller #0 PREEMPT(voluntary) Tainted: [W]=WARN, [L]=SOFTLOCKUP Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 =====================================================