===================================================== BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline] BUG: KMSAN: kernel-infoleak in copy_to_user_iter lib/iov_iter.c:24 [inline] BUG: KMSAN: kernel-infoleak in iterate_iovec include/linux/iov_iter.h:52 [inline] BUG: KMSAN: kernel-infoleak in iterate_and_advance2 include/linux/iov_iter.h:304 [inline] BUG: KMSAN: kernel-infoleak in iterate_and_advance include/linux/iov_iter.h:330 [inline] BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x4e4/0x33f0 lib/iov_iter.c:197 instrument_copy_to_user include/linux/instrumented.h:114 [inline] copy_to_user_iter lib/iov_iter.c:24 [inline] iterate_iovec include/linux/iov_iter.h:52 [inline] iterate_and_advance2 include/linux/iov_iter.h:304 [inline] iterate_and_advance include/linux/iov_iter.h:330 [inline] _copy_to_iter+0x4e4/0x33f0 lib/iov_iter.c:197 copy_to_iter include/linux/uio.h:220 [inline] simple_copy_to_iter net/core/datagram.c:521 [inline] __skb_datagram_iter+0x7d7/0x12c0 net/core/datagram.c:435 skb_copy_datagram_iter+0x5b/0x1e0 net/core/datagram.c:535 skb_copy_datagram_msg include/linux/skbuff.h:4217 [inline] tcp_peek_sndq+0x12b/0x570 net/ipv4/tcp.c:1490 tcp_recvmsg_locked+0x565e/0x56e0 net/ipv4/tcp.c:2908 tcp_recvmsg+0x2be/0xad0 net/ipv4/tcp.c:2927 inet_recvmsg+0x15b/0x6a0 net/ipv4/af_inet.c:891 sock_recvmsg_nosec net/socket.c:1078 [inline] sock_recvmsg+0x23c/0x390 net/socket.c:1100 ____sys_recvmsg+0x193/0x610 net/socket.c:2812 ___sys_recvmsg+0x20b/0x850 net/socket.c:2854 do_recvmmsg+0x50b/0xdf0 net/socket.c:2941 __sys_recvmmsg+0xf3/0x460 net/socket.c:3023 __do_compat_sys_recvmmsg_time32 net/compat.c:418 [inline] __se_compat_sys_recvmmsg_time32 net/compat.c:414 [inline] __ia32_compat_sys_recvmmsg_time32+0x102/0x1b0 net/compat.c:414 ia32_sys_call+0x2935/0x4340 arch/x86/include/generated/asm/syscalls_32.h:338 do_syscall_32_irqs_on arch/x86/entry/syscall_32.c:83 [inline] __do_fast_syscall_32+0x154/0x320 arch/x86/entry/syscall_32.c:307 do_fast_syscall_32+0x38/0x80 arch/x86/entry/syscall_32.c:332 do_SYSENTER_32+0x1f/0x30 arch/x86/entry/syscall_32.c:370 entry_SYSENTER_compat_after_hwframe+0x84/0x8e Uninit was created at: __alloc_frozen_pages_noprof+0x421/0xab0 mm/page_alloc.c:5233 alloc_pages_mpol+0x328/0x860 mm/mempolicy.c:2486 alloc_frozen_pages_noprof mm/mempolicy.c:2557 [inline] alloc_pages_noprof+0x102/0x280 mm/mempolicy.c:2577 skb_page_frag_refill+0x34e/0x740 net/core/sock.c:3146 sk_page_frag_refill+0x59/0x190 net/core/sock.c:3166 tcp_sendmsg_locked+0x289e/0x7680 net/ipv4/tcp.c:1247 tcp_sendmsg+0x4b/0x90 net/ipv4/tcp.c:1412 inet_sendmsg+0x134/0x2a0 net/ipv4/af_inet.c:859 sock_sendmsg_nosec net/socket.c:727 [inline] __sock_sendmsg+0x278/0x3d0 net/socket.c:742 __sys_sendto+0x593/0x720 net/socket.c:2206 __do_sys_sendto net/socket.c:2213 [inline] __se_sys_sendto net/socket.c:2209 [inline] __ia32_sys_sendto+0x12f/0x200 net/socket.c:2209 ia32_sys_call+0x1a3d/0x4340 arch/x86/include/generated/asm/syscalls_32.h:370 do_syscall_32_irqs_on arch/x86/entry/syscall_32.c:83 [inline] __do_fast_syscall_32+0x154/0x320 arch/x86/entry/syscall_32.c:307 do_fast_syscall_32+0x38/0x80 arch/x86/entry/syscall_32.c:332 do_SYSENTER_32+0x1f/0x30 arch/x86/entry/syscall_32.c:370 entry_SYSENTER_compat_after_hwframe+0x84/0x8e Bytes 0-145 of 146 are uninitialized Memory access of size 146 starts at ffff88811b250000 Data copied to user address 0000000080000980 CPU: 1 UID: 0 PID: 18453 Comm: syz.2.4338 Tainted: G W L syzkaller #0 PREEMPT(none) Tainted: [W]=WARN, [L]=SOFTLOCKUP Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 =====================================================