===================================================== BUG: KMSAN: kernel-infoleak-after-free in instrument_copy_to_user include/linux/instrumented.h:121 [inline] BUG: KMSAN: kernel-infoleak-after-free in copyout lib/iov_iter.c:154 [inline] BUG: KMSAN: kernel-infoleak-after-free in _copy_to_iter+0x6ef/0x25a0 lib/iov_iter.c:670 instrument_copy_to_user include/linux/instrumented.h:121 [inline] copyout lib/iov_iter.c:154 [inline] _copy_to_iter+0x6ef/0x25a0 lib/iov_iter.c:670 copy_to_iter include/linux/uio.h:162 [inline] simple_copy_to_iter+0xf3/0x140 net/core/datagram.c:519 __skb_datagram_iter+0x2d5/0x11b0 net/core/datagram.c:425 skb_copy_datagram_iter+0xdc/0x270 net/core/datagram.c:533 skb_copy_datagram_msg include/linux/skbuff.h:3696 [inline] packet_recvmsg+0x790/0x2170 net/packet/af_packet.c:3452 sock_recvmsg_nosec net/socket.c:948 [inline] sock_recvmsg net/socket.c:966 [inline] __sys_recvfrom+0x795/0xa10 net/socket.c:2097 __compat_sys_recvfrom net/compat.c:390 [inline] __do_compat_sys_recvfrom net/compat.c:403 [inline] __se_compat_sys_recvfrom net/compat.c:399 [inline] __ia32_compat_sys_recvfrom+0x1a3/0x210 net/compat.c:399 do_syscall_32_irqs_on arch/x86/entry/common.c:113 [inline] __do_fast_syscall_32+0x96/0xf0 arch/x86/entry/common.c:179 do_fast_syscall_32+0x34/0x70 arch/x86/entry/common.c:204 do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:247 entry_SYSENTER_compat_after_hwframe+0x4d/0x5c Uninit was stored to memory at: skb_put_data include/linux/skbuff.h:2376 [inline] netlink_to_full_skb net/netlink/af_netlink.c:179 [inline] __netlink_deliver_tap_skb net/netlink/af_netlink.c:296 [inline] __netlink_deliver_tap+0x626/0xe10 net/netlink/af_netlink.c:323 netlink_deliver_tap net/netlink/af_netlink.c:336 [inline] netlink_deliver_tap_kernel net/netlink/af_netlink.c:345 [inline] netlink_unicast_kernel net/netlink/af_netlink.c:1316 [inline] netlink_unicast+0x1233/0x1360 net/netlink/af_netlink.c:1343 netlink_sendmsg+0x14d9/0x1720 net/netlink/af_netlink.c:1919 sock_sendmsg_nosec net/socket.c:705 [inline] sock_sendmsg net/socket.c:725 [inline] ____sys_sendmsg+0xe11/0x12c0 net/socket.c:2413 ___sys_sendmsg net/socket.c:2467 [inline] __sys_sendmsg+0x704/0x840 net/socket.c:2496 __compat_sys_sendmsg net/compat.c:347 [inline] __do_compat_sys_sendmsg net/compat.c:354 [inline] __se_compat_sys_sendmsg net/compat.c:351 [inline] __ia32_compat_sys_sendmsg+0xed/0x130 net/compat.c:351 do_syscall_32_irqs_on arch/x86/entry/common.c:113 [inline] __do_fast_syscall_32+0x96/0xf0 arch/x86/entry/common.c:179 do_fast_syscall_32+0x34/0x70 arch/x86/entry/common.c:204 do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:247 entry_SYSENTER_compat_after_hwframe+0x4d/0x5c Uninit was created at: free_pages_prepare mm/page_alloc.c:1309 [inline] free_pcp_prepare+0x6b/0x860 mm/page_alloc.c:1432 free_unref_page_prepare mm/page_alloc.c:3334 [inline] free_unref_page_list+0x114/0xe30 mm/page_alloc.c:3450 release_pages+0x1e9b/0x1ed0 mm/swap.c:980 free_pages_and_swap_cache+0x4f9/0x520 mm/swap_state.c:320 tlb_batch_pages_flush mm/mmu_gather.c:51 [inline] tlb_flush_mmu_free mm/mmu_gather.c:244 [inline] tlb_flush_mmu+0x8f9/0xa80 mm/mmu_gather.c:251 tlb_finish_mmu+0x130/0x310 mm/mmu_gather.c:351 exit_mmap+0x7c0/0xe20 mm/mmap.c:3180 __mmput+0x1bf/0x6c0 kernel/fork.c:1116 mmput+0x9b/0xc0 kernel/fork.c:1137 exit_mm+0x1f5/0x350 kernel/exit.c:508 do_exit+0xeb0/0x4010 kernel/exit.c:795 do_group_exit+0x3cc/0x420 kernel/exit.c:937 get_signal+0x17d0/0x2c70 kernel/signal.c:2863 arch_do_signal_or_restart+0x9d/0xdd0 arch/x86/kernel/signal.c:868 handle_signal_work kernel/entry/common.c:148 [inline] exit_to_user_mode_loop+0x1f6/0x490 kernel/entry/common.c:172 exit_to_user_mode_prepare kernel/entry/common.c:207 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline] syscall_exit_to_user_mode+0x7e/0xc0 kernel/entry/common.c:300 __do_fast_syscall_32+0xa5/0xf0 arch/x86/entry/common.c:182 do_fast_syscall_32+0x34/0x70 arch/x86/entry/common.c:204 do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:247 entry_SYSENTER_compat_after_hwframe+0x4d/0x5c Bytes 4036-4095 of 4096 are uninitialized Memory access of size 4096 starts at ffff888070892000 Data copied to user address 00000000200011c0 CPU: 0 PID: 1767 Comm: syz-executor.4 Not tainted 5.17.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 =====================================================