===================================================== BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline] BUG: KMSAN: kernel-infoleak in copy_to_user_iter lib/iov_iter.c:24 [inline] BUG: KMSAN: kernel-infoleak in iterate_ubuf include/linux/iov_iter.h:29 [inline] BUG: KMSAN: kernel-infoleak in iterate_and_advance2 include/linux/iov_iter.h:245 [inline] BUG: KMSAN: kernel-infoleak in iterate_and_advance include/linux/iov_iter.h:271 [inline] BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x364/0x2520 lib/iov_iter.c:186 instrument_copy_to_user include/linux/instrumented.h:114 [inline] copy_to_user_iter lib/iov_iter.c:24 [inline] iterate_ubuf include/linux/iov_iter.h:29 [inline] iterate_and_advance2 include/linux/iov_iter.h:245 [inline] iterate_and_advance include/linux/iov_iter.h:271 [inline] _copy_to_iter+0x364/0x2520 lib/iov_iter.c:186 copy_to_iter include/linux/uio.h:197 [inline] simple_copy_to_iter+0x68/0xa0 net/core/datagram.c:532 __skb_datagram_iter+0x123/0xdc0 net/core/datagram.c:420 skb_copy_datagram_iter+0x5c/0x200 net/core/datagram.c:546 skb_copy_datagram_msg include/linux/skbuff.h:3960 [inline] netlink_recvmsg+0x432/0x1600 net/netlink/af_netlink.c:1967 sock_recvmsg_nosec net/socket.c:1046 [inline] sock_recvmsg net/socket.c:1068 [inline] ____sys_recvmsg+0x283/0x7f0 net/socket.c:2803 ___sys_recvmsg+0x223/0x840 net/socket.c:2845 __sys_recvmsg net/socket.c:2875 [inline] __do_sys_recvmsg net/socket.c:2885 [inline] __se_sys_recvmsg net/socket.c:2882 [inline] __x64_sys_recvmsg+0x304/0x490 net/socket.c:2882 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b Uninit was stored to memory at: pskb_expand_head+0x305/0x1a00 net/core/skbuff.c:2106 netlink_trim+0x2c0/0x330 net/netlink/af_netlink.c:1324 netlink_broadcast_filtered+0x82/0x2390 net/netlink/af_netlink.c:1531 netlink_broadcast net/netlink/af_netlink.c:1576 [inline] nlmsg_multicast include/net/netlink.h:1090 [inline] nlmsg_notify+0x15f/0x2f0 net/netlink/af_netlink.c:2588 rtnl_notify+0xc3/0xf0 net/core/rtnetlink.c:772 wireless_nlevent_flush net/wireless/wext-core.c:353 [inline] wireless_nlevent_process+0xfe/0x240 net/wireless/wext-core.c:413 process_one_work kernel/workqueue.c:2633 [inline] process_scheduled_works+0x104e/0x1e70 kernel/workqueue.c:2706 worker_thread+0xf45/0x1490 kernel/workqueue.c:2787 kthread+0x3ed/0x540 kernel/kthread.c:388 ret_from_fork+0x66/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242 Uninit was stored to memory at: wireless_send_event+0x566/0x1010 net/wireless/wext-core.c:579 ioctl_standard_iw_point+0x12de/0x13b0 compat_standard_call+0x179/0x310 net/wireless/wext-core.c:1107 wext_ioctl_dispatch+0x230/0xa30 net/wireless/wext-core.c:1013 compat_wext_handle_ioctl+0x1ae/0x2f0 net/wireless/wext-core.c:1136 compat_sock_ioctl+0x220/0x1370 net/socket.c:3525 __do_compat_sys_ioctl fs/ioctl.c:972 [inline] __se_compat_sys_ioctl+0x79b/0xfe0 fs/ioctl.c:914 __ia32_compat_sys_ioctl+0x93/0xd0 fs/ioctl.c:914 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline] __do_fast_syscall_32+0xb3/0x110 arch/x86/entry/common.c:321 do_fast_syscall_32+0x37/0x70 arch/x86/entry/common.c:346 do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:384 entry_SYSENTER_compat_after_hwframe+0x70/0x7a Local variable iwp created at: compat_standard_call+0x48/0x310 net/wireless/wext-core.c:1094 wext_ioctl_dispatch+0x230/0xa30 net/wireless/wext-core.c:1013 Bytes 60-63 of 64 are uninitialized Memory access of size 64 starts at ffff8881174fa280 Data copied to user address 00007ffc50fa2858 CPU: 1 PID: 4657 Comm: dhcpcd Not tainted 6.7.0-syzkaller-00562-g9f8413c4a66f #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 =====================================================