===================================================== BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline] BUG: KMSAN: kernel-infoleak in copyout lib/iov_iter.c:169 [inline] BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x420/0x1d00 lib/iov_iter.c:536 instrument_copy_to_user include/linux/instrumented.h:114 [inline] copyout lib/iov_iter.c:169 [inline] _copy_to_iter+0x420/0x1d00 lib/iov_iter.c:536 copy_to_iter include/linux/uio.h:206 [inline] simple_copy_to_iter+0x68/0xa0 net/core/datagram.c:513 __skb_datagram_iter+0x123/0xdc0 net/core/datagram.c:419 skb_copy_datagram_iter+0x5c/0x200 net/core/datagram.c:527 tun_put_user drivers/net/tun.c:2159 [inline] tun_do_read+0x2167/0x2ae0 drivers/net/tun.c:2238 tun_chr_read_iter+0x3f0/0x670 drivers/net/tun.c:2262 call_read_iter include/linux/fs.h:1862 [inline] new_sync_read fs/read_write.c:389 [inline] vfs_read+0x933/0xe40 fs/read_write.c:470 ksys_read+0x20f/0x4c0 fs/read_write.c:613 __do_sys_read fs/read_write.c:623 [inline] __se_sys_read fs/read_write.c:621 [inline] __ia32_sys_read+0x91/0xd0 fs/read_write.c:621 do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline] __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178 do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203 do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246 entry_SYSENTER_compat_after_hwframe+0x70/0x82 Uninit was stored to memory at: pskb_expand_head+0x305/0x1a10 net/core/skbuff.c:2062 skb_expand_head+0x44c/0x870 net/core/skbuff.c:2228 ip_finish_output2+0xc75/0x1a10 net/ipv4/ip_output.c:210 __ip_finish_output+0x266/0x720 ip_finish_output+0x4b/0x420 net/ipv4/ip_output.c:317 NF_HOOK_COND include/linux/netfilter.h:292 [inline] ip_output+0x1f3/0x4e0 net/ipv4/ip_output.c:431 dst_output include/net/dst.h:458 [inline] ip_local_out net/ipv4/ip_output.c:126 [inline] __ip_queue_xmit+0x1985/0x1c40 net/ipv4/ip_output.c:533 sctp_v4_xmit+0x6a1/0xe90 net/sctp/protocol.c:1076 sctp_packet_transmit+0x3e55/0x4150 net/sctp/output.c:653 sctp_packet_singleton+0x2ab/0x390 net/sctp/outqueue.c:783 sctp_outq_flush_ctrl net/sctp/outqueue.c:914 [inline] sctp_outq_flush+0x709/0x5e70 net/sctp/outqueue.c:1212 sctp_outq_uncork+0x9c/0xb0 net/sctp/outqueue.c:764 sctp_side_effects net/sctp/sm_sideeffect.c:1198 [inline] sctp_do_sm+0x8c30/0x92d0 net/sctp/sm_sideeffect.c:1169 sctp_primitive_ASSOCIATE+0xc3/0x100 net/sctp/primitive.c:73 sctp_sendmsg_to_asoc+0x178d/0x1ee0 net/sctp/socket.c:1840 sctp_sendmsg+0x32b4/0x4a70 net/sctp/socket.c:2030 inet_sendmsg+0x105/0x190 net/ipv4/af_inet.c:827 sock_sendmsg_nosec net/socket.c:724 [inline] sock_sendmsg net/socket.c:747 [inline] ____sys_sendmsg+0x999/0xd50 net/socket.c:2503 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2557 __sys_sendmsg+0x222/0x3c0 net/socket.c:2586 __compat_sys_sendmsg net/compat.c:346 [inline] __do_compat_sys_sendmsg net/compat.c:353 [inline] __se_compat_sys_sendmsg net/compat.c:350 [inline] __ia32_compat_sys_sendmsg+0x9d/0xe0 net/compat.c:350 do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline] __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178 do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203 do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246 entry_SYSENTER_compat_after_hwframe+0x70/0x82 Uninit was created at: slab_post_alloc_hook+0x12d/0xb60 mm/slab.h:716 slab_alloc_node mm/slub.c:3451 [inline] __kmem_cache_alloc_node+0x4ff/0x8b0 mm/slub.c:3490 __do_kmalloc_node mm/slab_common.c:965 [inline] __kmalloc_node_track_caller+0x118/0x3c0 mm/slab_common.c:986 kmalloc_reserve+0x248/0x470 net/core/skbuff.c:585 __alloc_skb+0x318/0x740 net/core/skbuff.c:654 alloc_skb include/linux/skbuff.h:1288 [inline] sctp_packet_transmit+0x551/0x4150 net/sctp/output.c:598 sctp_packet_singleton+0x2ab/0x390 net/sctp/outqueue.c:783 sctp_outq_flush_ctrl net/sctp/outqueue.c:914 [inline] sctp_outq_flush+0x709/0x5e70 net/sctp/outqueue.c:1212 sctp_outq_uncork+0x9c/0xb0 net/sctp/outqueue.c:764 sctp_side_effects net/sctp/sm_sideeffect.c:1198 [inline] sctp_do_sm+0x8c30/0x92d0 net/sctp/sm_sideeffect.c:1169 sctp_primitive_ASSOCIATE+0xc3/0x100 net/sctp/primitive.c:73 sctp_sendmsg_to_asoc+0x178d/0x1ee0 net/sctp/socket.c:1840 sctp_sendmsg+0x32b4/0x4a70 net/sctp/socket.c:2030 inet_sendmsg+0x105/0x190 net/ipv4/af_inet.c:827 sock_sendmsg_nosec net/socket.c:724 [inline] sock_sendmsg net/socket.c:747 [inline] ____sys_sendmsg+0x999/0xd50 net/socket.c:2503 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2557 __sys_sendmsg+0x222/0x3c0 net/socket.c:2586 __compat_sys_sendmsg net/compat.c:346 [inline] __do_compat_sys_sendmsg net/compat.c:353 [inline] __se_compat_sys_sendmsg net/compat.c:350 [inline] __ia32_compat_sys_sendmsg+0x9d/0xe0 net/compat.c:350 do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline] __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178 do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203 do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246 entry_SYSENTER_compat_after_hwframe+0x70/0x82 Bytes 38-41 of 572 are uninitialized Memory access of size 572 starts at ffff888090c2a0b0 Data copied to user address 00000000ffc81958 CPU: 1 PID: 29337 Comm: syz-executor.1 Not tainted 6.4.0-rc6-syzkaller-g7cccf3be6dcb #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 =====================================================