=====================================================
BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]
BUG: KMSAN: kernel-infoleak in copy_to_user_iter lib/iov_iter.c:24 [inline]
BUG: KMSAN: kernel-infoleak in iterate_ubuf include/linux/iov_iter.h:30 [inline]
BUG: KMSAN: kernel-infoleak in iterate_and_advance2 include/linux/iov_iter.h:302 [inline]
BUG: KMSAN: kernel-infoleak in iterate_and_advance include/linux/iov_iter.h:330 [inline]
BUG: KMSAN: kernel-infoleak in _copy_to_iter+0xef3/0x33f0 lib/iov_iter.c:197
 instrument_copy_to_user include/linux/instrumented.h:114 [inline]
 copy_to_user_iter lib/iov_iter.c:24 [inline]
 iterate_ubuf include/linux/iov_iter.h:30 [inline]
 iterate_and_advance2 include/linux/iov_iter.h:302 [inline]
 iterate_and_advance include/linux/iov_iter.h:330 [inline]
 _copy_to_iter+0xef3/0x33f0 lib/iov_iter.c:197
 copy_page_to_iter+0x482/0x910 lib/iov_iter.c:374
 copy_folio_to_iter include/linux/uio.h:204 [inline]
 filemap_read+0xcfd/0x2300 mm/filemap.c:2851
 erofs_file_read_iter+0x297/0x2f0 fs/erofs/data.c:406
 new_sync_read fs/read_write.c:491 [inline]
 vfs_read+0x8ed/0xf90 fs/read_write.c:572
 ksys_read fs/read_write.c:715 [inline]
 __do_sys_read fs/read_write.c:724 [inline]
 __se_sys_read fs/read_write.c:722 [inline]
 __x64_sys_read+0x1fb/0x4d0 fs/read_write.c:722
 x64_sys_call+0x3123/0x3e70 arch/x86/include/generated/asm/syscalls_64.h:1
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd9/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

<Zero or more stacks not recorded to save memory>

Uninit was stored to memory at:
 LZ4_decompress_generic lib/lz4/lz4_decompress.c:407 [inline]
 LZ4_decompress_safe_partial+0x1f86/0x2190 lib/lz4/lz4_decompress.c:472
 z_erofs_lz4_decompress_mem fs/erofs/decompressor.c:232 [inline]
 z_erofs_lz4_decompress+0x24ad/0x2990 fs/erofs/decompressor.c:286
 z_erofs_decompress_pcluster fs/erofs/zdata.c:1309 [inline]
 z_erofs_decompress_queue+0x3205/0x6d70 fs/erofs/zdata.c:1421
 z_erofs_runqueue+0x33f7/0x3630 fs/erofs/zdata.c:1817
 z_erofs_read_folio+0x473/0x8c0 fs/erofs/zdata.c:1897
 filemap_read_folio mm/filemap.c:2496 [inline]
 filemap_update_page mm/filemap.c:2583 [inline]
 filemap_get_pages+0x30c3/0x3cf0 mm/filemap.c:2713
 filemap_read+0x5d2/0x2300 mm/filemap.c:2800
 erofs_file_read_iter+0x297/0x2f0 fs/erofs/data.c:406
 __kernel_read+0x7e1/0xe20 fs/read_write.c:530
 integrity_kernel_read+0x77/0x90 security/integrity/iint.c:28
 ima_calc_file_hash_tfm security/integrity/ima/ima_crypto.c:480 [inline]
 ima_calc_file_shash security/integrity/ima/ima_crypto.c:511 [inline]
 ima_calc_file_hash+0x17cb/0x4050 security/integrity/ima/ima_crypto.c:568
 ima_collect_measurement+0x45d/0xe50 security/integrity/ima/ima_api.c:293
 process_measurement+0x2c90/0x4130 security/integrity/ima/ima_main.c:406
 ima_file_check+0x90/0xd0 security/integrity/ima/ima_main.c:663
 security_file_post_open+0xbf/0x530 security/security.c:2652
 do_open fs/namei.c:4630 [inline]
 path_openat+0x64c4/0x7160 fs/namei.c:4787
 do_filp_open+0x280/0x660 fs/namei.c:4814
 do_sys_openat2+0x1c6/0x430 fs/open.c:1430
 do_sys_open fs/open.c:1436 [inline]
 __do_sys_openat fs/open.c:1452 [inline]
 __se_sys_openat fs/open.c:1447 [inline]
 __x64_sys_openat+0x240/0x300 fs/open.c:1447
 x64_sys_call+0x3597/0x3e70 arch/x86/include/generated/asm/syscalls_64.h:258
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd9/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was stored to memory at:
 LZ4_decompress_generic lib/lz4/lz4_decompress.c:406 [inline]
 LZ4_decompress_safe_partial+0x1f50/0x2190 lib/lz4/lz4_decompress.c:472
 z_erofs_lz4_decompress_mem fs/erofs/decompressor.c:232 [inline]
 z_erofs_lz4_decompress+0x24ad/0x2990 fs/erofs/decompressor.c:286
 z_erofs_decompress_pcluster fs/erofs/zdata.c:1309 [inline]
 z_erofs_decompress_queue+0x3205/0x6d70 fs/erofs/zdata.c:1421
 z_erofs_runqueue+0x33f7/0x3630 fs/erofs/zdata.c:1817
 z_erofs_read_folio+0x473/0x8c0 fs/erofs/zdata.c:1897
 filemap_read_folio mm/filemap.c:2496 [inline]
 filemap_update_page mm/filemap.c:2583 [inline]
 filemap_get_pages+0x30c3/0x3cf0 mm/filemap.c:2713
 filemap_read+0x5d2/0x2300 mm/filemap.c:2800
 erofs_file_read_iter+0x297/0x2f0 fs/erofs/data.c:406
 __kernel_read+0x7e1/0xe20 fs/read_write.c:530
 integrity_kernel_read+0x77/0x90 security/integrity/iint.c:28
 ima_calc_file_hash_tfm security/integrity/ima/ima_crypto.c:480 [inline]
 ima_calc_file_shash security/integrity/ima/ima_crypto.c:511 [inline]
 ima_calc_file_hash+0x17cb/0x4050 security/integrity/ima/ima_crypto.c:568
 ima_collect_measurement+0x45d/0xe50 security/integrity/ima/ima_api.c:293
 process_measurement+0x2c90/0x4130 security/integrity/ima/ima_main.c:406
 ima_file_check+0x90/0xd0 security/integrity/ima/ima_main.c:663
 security_file_post_open+0xbf/0x530 security/security.c:2652
 do_open fs/namei.c:4630 [inline]
 path_openat+0x64c4/0x7160 fs/namei.c:4787
 do_filp_open+0x280/0x660 fs/namei.c:4814
 do_sys_openat2+0x1c6/0x430 fs/open.c:1430
 do_sys_open fs/open.c:1436 [inline]
 __do_sys_openat fs/open.c:1452 [inline]
 __se_sys_openat fs/open.c:1447 [inline]
 __x64_sys_openat+0x240/0x300 fs/open.c:1447
 x64_sys_call+0x3597/0x3e70 arch/x86/include/generated/asm/syscalls_64.h:258
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd9/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was stored to memory at:
 LZ4_decompress_generic lib/lz4/lz4_decompress.c:405 [inline]
 LZ4_decompress_safe_partial+0x1f18/0x2190 lib/lz4/lz4_decompress.c:472
 z_erofs_lz4_decompress_mem fs/erofs/decompressor.c:232 [inline]
 z_erofs_lz4_decompress+0x24ad/0x2990 fs/erofs/decompressor.c:286
 z_erofs_decompress_pcluster fs/erofs/zdata.c:1309 [inline]
 z_erofs_decompress_queue+0x3205/0x6d70 fs/erofs/zdata.c:1421
 z_erofs_runqueue+0x33f7/0x3630 fs/erofs/zdata.c:1817
 z_erofs_read_folio+0x473/0x8c0 fs/erofs/zdata.c:1897
 filemap_read_folio mm/filemap.c:2496 [inline]
 filemap_update_page mm/filemap.c:2583 [inline]
 filemap_get_pages+0x30c3/0x3cf0 mm/filemap.c:2713
 filemap_read+0x5d2/0x2300 mm/filemap.c:2800
 erofs_file_read_iter+0x297/0x2f0 fs/erofs/data.c:406
 __kernel_read+0x7e1/0xe20 fs/read_write.c:530
 integrity_kernel_read+0x77/0x90 security/integrity/iint.c:28
 ima_calc_file_hash_tfm security/integrity/ima/ima_crypto.c:480 [inline]
 ima_calc_file_shash security/integrity/ima/ima_crypto.c:511 [inline]
 ima_calc_file_hash+0x17cb/0x4050 security/integrity/ima/ima_crypto.c:568
 ima_collect_measurement+0x45d/0xe50 security/integrity/ima/ima_api.c:293
 process_measurement+0x2c90/0x4130 security/integrity/ima/ima_main.c:406
 ima_file_check+0x90/0xd0 security/integrity/ima/ima_main.c:663
 security_file_post_open+0xbf/0x530 security/security.c:2652
 do_open fs/namei.c:4630 [inline]
 path_openat+0x64c4/0x7160 fs/namei.c:4787
 do_filp_open+0x280/0x660 fs/namei.c:4814
 do_sys_openat2+0x1c6/0x430 fs/open.c:1430
 do_sys_open fs/open.c:1436 [inline]
 __do_sys_openat fs/open.c:1452 [inline]
 __se_sys_openat fs/open.c:1447 [inline]
 __x64_sys_openat+0x240/0x300 fs/open.c:1447
 x64_sys_call+0x3597/0x3e70 arch/x86/include/generated/asm/syscalls_64.h:258
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd9/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was stored to memory at:
 LZ4_decompress_generic lib/lz4/lz4_decompress.c:408 [inline]
 LZ4_decompress_safe_partial+0x1fbc/0x2190 lib/lz4/lz4_decompress.c:472
 z_erofs_lz4_decompress_mem fs/erofs/decompressor.c:232 [inline]
 z_erofs_lz4_decompress+0x24ad/0x2990 fs/erofs/decompressor.c:286
 z_erofs_decompress_pcluster fs/erofs/zdata.c:1309 [inline]
 z_erofs_decompress_queue+0x3205/0x6d70 fs/erofs/zdata.c:1421
 z_erofs_decompressqueue_work+0x67/0x90 fs/erofs/zdata.c:1433
 process_one_work kernel/workqueue.c:3257 [inline]
 process_scheduled_works+0xb91/0x1d80 kernel/workqueue.c:3340
 worker_thread+0xedf/0x1590 kernel/workqueue.c:3421
 kthread+0xd5c/0xf00 kernel/kthread.c:463
 ret_from_fork+0x208/0x710 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246

Uninit was stored to memory at:
 LZ4_decompress_generic lib/lz4/lz4_decompress.c:407 [inline]
 LZ4_decompress_safe_partial+0x1f86/0x2190 lib/lz4/lz4_decompress.c:472
 z_erofs_lz4_decompress_mem fs/erofs/decompressor.c:232 [inline]
 z_erofs_lz4_decompress+0x24ad/0x2990 fs/erofs/decompressor.c:286
 z_erofs_decompress_pcluster fs/erofs/zdata.c:1309 [inline]
 z_erofs_decompress_queue+0x3205/0x6d70 fs/erofs/zdata.c:1421
 z_erofs_decompressqueue_work+0x67/0x90 fs/erofs/zdata.c:1433
 process_one_work kernel/workqueue.c:3257 [inline]
 process_scheduled_works+0xb91/0x1d80 kernel/workqueue.c:3340
 worker_thread+0xedf/0x1590 kernel/workqueue.c:3421
 kthread+0xd5c/0xf00 kernel/kthread.c:463
 ret_from_fork+0x208/0x710 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246

Uninit was stored to memory at:
 LZ4_decompress_generic lib/lz4/lz4_decompress.c:406 [inline]
 LZ4_decompress_safe_partial+0x1f50/0x2190 lib/lz4/lz4_decompress.c:472
 z_erofs_lz4_decompress_mem fs/erofs/decompressor.c:232 [inline]
 z_erofs_lz4_decompress+0x24ad/0x2990 fs/erofs/decompressor.c:286
 z_erofs_decompress_pcluster fs/erofs/zdata.c:1309 [inline]
 z_erofs_decompress_queue+0x3205/0x6d70 fs/erofs/zdata.c:1421
 z_erofs_decompressqueue_work+0x67/0x90 fs/erofs/zdata.c:1433
 process_one_work kernel/workqueue.c:3257 [inline]
 process_scheduled_works+0xb91/0x1d80 kernel/workqueue.c:3340
 worker_thread+0xedf/0x1590 kernel/workqueue.c:3421
 kthread+0xd5c/0xf00 kernel/kthread.c:463
 ret_from_fork+0x208/0x710 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246

Uninit was stored to memory at:
 LZ4_decompress_generic lib/lz4/lz4_decompress.c:405 [inline]
 LZ4_decompress_safe_partial+0x1f18/0x2190 lib/lz4/lz4_decompress.c:472
 z_erofs_lz4_decompress_mem fs/erofs/decompressor.c:232 [inline]
 z_erofs_lz4_decompress+0x24ad/0x2990 fs/erofs/decompressor.c:286
 z_erofs_decompress_pcluster fs/erofs/zdata.c:1309 [inline]
 z_erofs_decompress_queue+0x3205/0x6d70 fs/erofs/zdata.c:1421
 z_erofs_decompressqueue_work+0x67/0x90 fs/erofs/zdata.c:1433
 process_one_work kernel/workqueue.c:3257 [inline]
 process_scheduled_works+0xb91/0x1d80 kernel/workqueue.c:3340
 worker_thread+0xedf/0x1590 kernel/workqueue.c:3421
 kthread+0xd5c/0xf00 kernel/kthread.c:463
 ret_from_fork+0x208/0x710 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246

Uninit was created at:
 __alloc_frozen_pages_noprof+0x421/0xab0 mm/page_alloc.c:5233
 alloc_pages_mpol+0x328/0x860 mm/mempolicy.c:2486
 alloc_frozen_pages_noprof mm/mempolicy.c:2557 [inline]
 alloc_pages_noprof mm/mempolicy.c:2577 [inline]
 folio_alloc_noprof+0x109/0x360 mm/mempolicy.c:2587
 filemap_alloc_folio_noprof+0xda/0x480 mm/filemap.c:1013
 ractl_alloc_folio mm/readahead.c:189 [inline]
 ra_alloc_folio mm/readahead.c:446 [inline]
 page_cache_ra_order+0x8b8/0x1660 mm/readahead.c:512
 page_cache_sync_ra+0x10a2/0x1610 mm/readahead.c:626
 filemap_get_pages+0xcb3/0x3cf0 mm/filemap.c:2690
 filemap_read+0x5d2/0x2300 mm/filemap.c:2800
 erofs_file_read_iter+0x297/0x2f0 fs/erofs/data.c:406
 __kernel_read+0x7e1/0xe20 fs/read_write.c:530
 integrity_kernel_read+0x77/0x90 security/integrity/iint.c:28
 ima_calc_file_hash_tfm security/integrity/ima/ima_crypto.c:480 [inline]
 ima_calc_file_shash security/integrity/ima/ima_crypto.c:511 [inline]
 ima_calc_file_hash+0x17cb/0x4050 security/integrity/ima/ima_crypto.c:568
 ima_collect_measurement+0x45d/0xe50 security/integrity/ima/ima_api.c:293
 process_measurement+0x2c90/0x4130 security/integrity/ima/ima_main.c:406
 ima_file_check+0x90/0xd0 security/integrity/ima/ima_main.c:663
 security_file_post_open+0xbf/0x530 security/security.c:2652
 do_open fs/namei.c:4630 [inline]
 path_openat+0x64c4/0x7160 fs/namei.c:4787
 do_filp_open+0x280/0x660 fs/namei.c:4814
 do_sys_openat2+0x1c6/0x430 fs/open.c:1430
 do_sys_open fs/open.c:1436 [inline]
 __do_sys_openat fs/open.c:1452 [inline]
 __se_sys_openat fs/open.c:1447 [inline]
 __x64_sys_openat+0x240/0x300 fs/open.c:1447
 x64_sys_call+0x3597/0x3e70 arch/x86/include/generated/asm/syscalls_64.h:258
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd9/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Bytes 3928-3946 of 4096 are uninitialized
Memory access of size 4096 starts at ffff88811cbed000
Data copied to user address 00002000000041c0

CPU: 0 UID: 0 PID: 17928 Comm: syz.0.2366 Not tainted syzkaller #0 PREEMPT(none) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
=====================================================