================================================================== BUG: KMSAN: kernel-infoleak in copyout lib/iov_iter.c:143 [inline] BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x4c0/0x2700 lib/iov_iter.c:576 CPU: 0 PID: 6163 Comm: syz-executor0 Not tainted 4.20.0-rc3+ #95 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x32d/0x480 lib/dump_stack.c:113 kmsan_report+0x12c/0x290 mm/kmsan/kmsan.c:683 kmsan_internal_check_memory+0x32a/0xa50 mm/kmsan/kmsan.c:743 kmsan_copy_to_user+0x78/0xd0 mm/kmsan/kmsan_hooks.c:634 copyout lib/iov_iter.c:143 [inline] _copy_to_iter+0x4c0/0x2700 lib/iov_iter.c:576 copy_to_iter include/linux/uio.h:143 [inline] skb_copy_datagram_iter+0x4e2/0x1070 net/core/datagram.c:431 skb_copy_datagram_msg include/linux/skbuff.h:3316 [inline] packet_recvmsg+0x711/0x1c00 net/packet/af_packet.c:3327 sock_recvmsg_nosec net/socket.c:794 [inline] sock_recvmsg net/socket.c:801 [inline] __sys_recvfrom+0x6d3/0x910 net/socket.c:1845 __do_sys_recvfrom net/socket.c:1863 [inline] __se_sys_recvfrom+0x111/0x130 net/socket.c:1859 __x64_sys_recvfrom+0x6e/0x90 net/socket.c:1859 do_syscall_64+0xcf/0x110 arch/x86/entry/common.c:291 entry_SYSCALL_64_after_hwframe+0x63/0xe7 RIP: 0033:0x457569 Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007febdec83c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002d RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457569 RDX: 0000000000001000 RSI: 00000000200002c0 RDI: 0000000000000003 RBP: 000000000072bf00 R08: 0000000020000000 R09: 0000000000000014 R10: 0000000000000020 R11: 0000000000000246 R12: 00007febdec846d4 R13: 00000000004c3978 R14: 00000000004d5ef0 R15: 00000000ffffffff Uninit was created at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:246 [inline] kmsan_internal_poison_shadow+0x6d/0x130 mm/kmsan/kmsan.c:170 kmsan_kmalloc+0xa1/0x100 mm/kmsan/kmsan_hooks.c:186 kmsan_slab_alloc+0xe/0x10 mm/kmsan/kmsan_hooks.c:195 slab_post_alloc_hook mm/slab.h:446 [inline] slab_alloc_node mm/slub.c:2765 [inline] __kmalloc_node_track_caller+0xf62/0x14e0 mm/slub.c:4396 __kmalloc_reserve net/core/skbuff.c:138 [inline] __alloc_skb+0x42b/0xeb0 net/core/skbuff.c:206 alloc_skb include/linux/skbuff.h:998 [inline] alloc_skb_with_frags+0x1c9/0xa80 net/core/skbuff.c:5220 sock_alloc_send_pskb+0xeb3/0x14c0 net/core/sock.c:2083 packet_alloc_skb net/packet/af_packet.c:2781 [inline] packet_snd net/packet/af_packet.c:2872 [inline] packet_sendmsg+0x6719/0x9180 net/packet/af_packet.c:2953 sock_sendmsg_nosec net/socket.c:621 [inline] sock_sendmsg net/socket.c:631 [inline] ___sys_sendmsg+0xe3b/0x1240 net/socket.c:2116 __sys_sendmmsg+0x56b/0xa90 net/socket.c:2211 __do_sys_sendmmsg net/socket.c:2240 [inline] __se_sys_sendmmsg+0xbd/0xe0 net/socket.c:2237 __x64_sys_sendmmsg+0x56/0x70 net/socket.c:2237 do_syscall_64+0xcf/0x110 arch/x86/entry/common.c:291 entry_SYSCALL_64_after_hwframe+0x63/0xe7 Bytes 4-5 of 44 are uninitialized Memory access of size 44 starts at ffff888194516e64 Data copied to user address 00000000200002c0 ==================================================================