===================================================== BUG: KMSAN: kernel-infoleak-after-free in instrument_copy_to_user include/linux/instrumented.h:121 [inline] BUG: KMSAN: kernel-infoleak-after-free in _copy_to_user+0xbc/0x100 lib/usercopy.c:33 instrument_copy_to_user include/linux/instrumented.h:121 [inline] _copy_to_user+0xbc/0x100 lib/usercopy.c:33 copy_to_user include/linux/uaccess.h:169 [inline] __do_replace+0xd37/0xf90 net/ipv6/netfilter/ip6_tables.c:1105 compat_do_replace net/ipv6/netfilter/ip6_tables.c:1533 [inline] do_ip6t_set_ctl+0x5465/0x5760 net/ipv6/netfilter/ip6_tables.c:1636 nf_setsockopt+0x48a/0x4f0 net/netfilter/nf_sockopt.c:101 ipv6_setsockopt+0x1d8/0x310 net/ipv6/ipv6_sockglue.c:1030 tcp_setsockopt+0x14a/0x180 net/ipv4/tcp.c:3801 sock_common_setsockopt+0xef/0x120 net/core/sock.c:3641 __sys_setsockopt+0x8df/0xdd0 net/socket.c:2252 __do_compat_sys_socketcall net/compat.c:489 [inline] __se_compat_sys_socketcall+0xb3a/0x1a90 net/compat.c:421 __ia32_compat_sys_socketcall+0x67/0x90 net/compat.c:421 do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline] __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178 do_fast_syscall_32+0x33/0x70 arch/x86/entry/common.c:203 do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:246 entry_SYSENTER_compat_after_hwframe+0x70/0x82 Uninit was stored to memory at: get_old_counters net/ipv6/netfilter/ip6_tables.c:800 [inline] __do_replace+0xb02/0xf90 net/ipv6/netfilter/ip6_tables.c:1098 compat_do_replace net/ipv6/netfilter/ip6_tables.c:1533 [inline] do_ip6t_set_ctl+0x5465/0x5760 net/ipv6/netfilter/ip6_tables.c:1636 nf_setsockopt+0x48a/0x4f0 net/netfilter/nf_sockopt.c:101 ipv6_setsockopt+0x1d8/0x310 net/ipv6/ipv6_sockglue.c:1030 tcp_setsockopt+0x14a/0x180 net/ipv4/tcp.c:3801 sock_common_setsockopt+0xef/0x120 net/core/sock.c:3641 __sys_setsockopt+0x8df/0xdd0 net/socket.c:2252 __do_compat_sys_socketcall net/compat.c:489 [inline] __se_compat_sys_socketcall+0xb3a/0x1a90 net/compat.c:421 __ia32_compat_sys_socketcall+0x67/0x90 net/compat.c:421 do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline] __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178 do_fast_syscall_32+0x33/0x70 arch/x86/entry/common.c:203 do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:246 entry_SYSENTER_compat_after_hwframe+0x70/0x82 Uninit was created at: free_pages_prepare mm/page_alloc.c:1410 [inline] free_pcp_prepare+0x40/0x640 mm/page_alloc.c:1532 free_unref_page_prepare mm/page_alloc.c:3387 [inline] free_unref_page_list+0xbf/0x1080 mm/page_alloc.c:3529 release_pages+0x1bf3/0x1c30 mm/swap.c:1055 free_pages_and_swap_cache+0xbd/0xd0 mm/swap_state.c:314 tlb_batch_pages_flush mm/mmu_gather.c:59 [inline] tlb_flush_mmu_free mm/mmu_gather.c:256 [inline] tlb_flush_mmu+0x85d/0xa90 mm/mmu_gather.c:263 tlb_finish_mmu+0xfc/0x250 mm/mmu_gather.c:363 exit_mmap+0x283/0x9f0 mm/mmap.c:3101 __mmput+0x147/0x510 kernel/fork.c:1185 mmput+0x76/0x80 kernel/fork.c:1207 exit_mm+0x1b8/0x360 kernel/exit.c:516 do_exit+0xe28/0x3f70 kernel/exit.c:807 do_group_exit+0x2f9/0x390 kernel/exit.c:950 get_signal+0x19e8/0x2050 kernel/signal.c:2858 arch_do_signal_or_restart+0x56/0xae0 arch/x86/kernel/signal.c:869 exit_to_user_mode_loop+0xea/0x320 kernel/entry/common.c:168 exit_to_user_mode_prepare+0x16e/0x220 kernel/entry/common.c:203 __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline] syscall_exit_to_user_mode+0x23/0x40 kernel/entry/common.c:296 __do_fast_syscall_32+0xb1/0x100 arch/x86/entry/common.c:181 do_fast_syscall_32+0x33/0x70 arch/x86/entry/common.c:203 do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:246 entry_SYSENTER_compat_after_hwframe+0x70/0x82 Bytes 0-7 of 48 are uninitialized Memory access of size 48 starts at ffffc90011499000 Data copied to user address 00000000ffc93b7c CPU: 0 PID: 3493 Comm: syz-executor.1 Tainted: G W 6.1.0-rc4-syzkaller-62818-gb1376a14297d #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 =====================================================