RDX: 0000000000000002 RSI: 0000000020008400 RDI: 00000000000002c4 RBP: 00007f754bad7493 R08: 0000000000000286 R09: 0000000000000000 R10: 0000000020008640 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f754bccfb1f R14: 00007f754c759300 R15: 0000000000022000 ---[ end trace 0000000000000000 ]--- ===================================================== BUG: KMSAN: kernel-infoleak-after-free in instrument_copy_to_user include/linux/instrumented.h:114 [inline] BUG: KMSAN: kernel-infoleak-after-free in copyout+0xb8/0x100 lib/iov_iter.c:167 instrument_copy_to_user include/linux/instrumented.h:114 [inline] copyout+0xb8/0x100 lib/iov_iter.c:167 _copy_to_iter+0x65a/0x1c60 lib/iov_iter.c:316 copy_page_to_iter+0x420/0x880 lib/iov_iter.c:481 process_vm_rw_pages mm/process_vm_access.c:45 [inline] process_vm_rw_single_vec mm/process_vm_access.c:117 [inline] process_vm_rw_core mm/process_vm_access.c:215 [inline] process_vm_rw+0xf6f/0x1a60 mm/process_vm_access.c:283 __do_sys_process_vm_readv mm/process_vm_access.c:295 [inline] __se_sys_process_vm_readv mm/process_vm_access.c:291 [inline] __x64_sys_process_vm_readv+0x11f/0x1a0 mm/process_vm_access.c:291 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Uninit was created at: free_pages_prepare mm/page_alloc.c:1110 [inline] free_unref_page_prepare+0x4a/0x9a0 mm/page_alloc.c:2348 free_unref_page+0x59/0x660 mm/page_alloc.c:2443 __folio_put_small mm/swap.c:106 [inline] __folio_put+0x10d/0x170 mm/swap.c:129 folio_put include/linux/mm.h:1423 [inline] put_page include/linux/mm.h:1492 [inline] extract_user_to_sg lib/scatterlist.c:1151 [inline] extract_iter_to_sg+0x3232/0x3890 lib/scatterlist.c:1349 hash_sendmsg+0x705/0x1d40 crypto/algif_hash.c:117 sock_sendmsg_nosec net/socket.c:725 [inline] sock_sendmsg net/socket.c:748 [inline] ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2494 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2548 __sys_sendmsg net/socket.c:2577 [inline] __do_sys_sendmsg net/socket.c:2586 [inline] __se_sys_sendmsg net/socket.c:2584 [inline] __x64_sys_sendmsg+0x307/0x490 net/socket.c:2584 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Bytes 0-4095 of 4096 are uninitialized Memory access of size 4096 starts at ffff8880109c2000 Data copied to user address 00000000203ffe80 CPU: 1 PID: 10104 Comm: syz-executor.0 Tainted: G W 6.5.0-rc1-syzkaller-gd1d7f15cd819 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023 =====================================================