===================================================== BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:121 [inline] BUG: KMSAN: kernel-infoleak in copyout lib/iov_iter.c:156 [inline] BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x6f8/0x2550 lib/iov_iter.c:670 instrument_copy_to_user include/linux/instrumented.h:121 [inline] copyout lib/iov_iter.c:156 [inline] _copy_to_iter+0x6f8/0x2550 lib/iov_iter.c:670 copy_to_iter include/linux/uio.h:155 [inline] simple_copy_to_iter+0xf3/0x140 net/core/datagram.c:519 __skb_datagram_iter+0x2d5/0x11b0 net/core/datagram.c:425 skb_copy_datagram_iter+0xdc/0x270 net/core/datagram.c:533 skb_copy_datagram_msg include/linux/skbuff.h:3657 [inline] netlink_recvmsg+0x669/0x1c80 net/netlink/af_netlink.c:1979 sock_recvmsg_nosec net/socket.c:944 [inline] sock_recvmsg net/socket.c:962 [inline] __sys_recvfrom+0x795/0xa10 net/socket.c:2093 __do_sys_recvfrom net/socket.c:2111 [inline] __se_sys_recvfrom net/socket.c:2107 [inline] __x64_sys_recvfrom+0x19d/0x210 net/socket.c:2107 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x44/0xae Uninit was stored to memory at: __nla_put lib/nlattr.c:994 [inline] nla_put+0x312/0x3d0 lib/nlattr.c:1052 nla_put_u32 include/net/netlink.h:1311 [inline] vti6_fill_info+0x5ad/0x670 net/ipv6/ip6_vti.c:1087 rtnl_link_info_fill net/core/rtnetlink.c:672 [inline] rtnl_link_fill+0x66a/0x1050 net/core/rtnetlink.c:693 rtnl_fill_ifinfo+0x288a/0x3340 net/core/rtnetlink.c:1787 rtnl_dump_ifinfo+0xcbe/0x27e0 net/core/rtnetlink.c:2138 netlink_dump+0xaca/0x16a0 net/netlink/af_netlink.c:2270 netlink_recvmsg+0x1129/0x1c80 net/netlink/af_netlink.c:2004 sock_recvmsg_nosec net/socket.c:944 [inline] sock_recvmsg net/socket.c:962 [inline] __sys_recvfrom+0x795/0xa10 net/socket.c:2093 __do_sys_recvfrom net/socket.c:2111 [inline] __se_sys_recvfrom net/socket.c:2107 [inline] __x64_sys_recvfrom+0x19d/0x210 net/socket.c:2107 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x44/0xae Uninit was stored to memory at: nla_put_u32 include/net/netlink.h:1309 [inline] vti6_fill_info+0x60e/0x670 net/ipv6/ip6_vti.c:1087 rtnl_link_info_fill net/core/rtnetlink.c:672 [inline] rtnl_link_fill+0x66a/0x1050 net/core/rtnetlink.c:693 rtnl_fill_ifinfo+0x288a/0x3340 net/core/rtnetlink.c:1787 rtnl_dump_ifinfo+0xcbe/0x27e0 net/core/rtnetlink.c:2138 netlink_dump+0xaca/0x16a0 net/netlink/af_netlink.c:2270 netlink_recvmsg+0x1129/0x1c80 net/netlink/af_netlink.c:2004 sock_recvmsg_nosec net/socket.c:944 [inline] sock_recvmsg net/socket.c:962 [inline] __sys_recvfrom+0x795/0xa10 net/socket.c:2093 __do_sys_recvfrom net/socket.c:2111 [inline] __se_sys_recvfrom net/socket.c:2107 [inline] __x64_sys_recvfrom+0x19d/0x210 net/socket.c:2107 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x44/0xae Uninit was stored to memory at: vti6_tnl_create net/ipv6/ip6_vti.c:226 [inline] vti6_locate+0xaf7/0xda0 net/ipv6/ip6_vti.c:277 vti6_siocdevprivate+0x1113/0x1f20 net/ipv6/ip6_vti.c:841 dev_siocdevprivate net/core/dev_ioctl.c:285 [inline] dev_ifsioc+0x1957/0x1bb0 net/core/dev_ioctl.c:403 dev_ioctl+0xbb2/0x16e0 net/core/dev_ioctl.c:610 sock_ioctl+0x1224/0x13d0 net/socket.c:1162 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl+0x2df/0x4a0 fs/ioctl.c:860 __x64_sys_ioctl+0xd8/0x110 fs/ioctl.c:860 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x44/0xae Local variable p1 created at: vti6_siocdevprivate+0xac/0x1f20 net/ipv6/ip6_vti.c:806 dev_siocdevprivate net/core/dev_ioctl.c:285 [inline] dev_ifsioc+0x1957/0x1bb0 net/core/dev_ioctl.c:403 Bytes 27508-27511 of 31880 are uninitialized Memory access of size 31880 starts at ffff888086740000 Data copied to user address 0000000020000000 CPU: 1 PID: 9363 Comm: syz-executor.0 Not tainted 5.16.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 =====================================================