===================================================== BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:121 [inline] BUG: KMSAN: kernel-infoleak in copyout lib/iov_iter.c:154 [inline] BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x6ef/0x25a0 lib/iov_iter.c:668 instrument_copy_to_user include/linux/instrumented.h:121 [inline] copyout lib/iov_iter.c:154 [inline] _copy_to_iter+0x6ef/0x25a0 lib/iov_iter.c:668 copy_to_iter include/linux/uio.h:162 [inline] simple_copy_to_iter+0xf3/0x140 net/core/datagram.c:519 __skb_datagram_iter+0x2d5/0x11b0 net/core/datagram.c:425 skb_copy_datagram_iter+0xdc/0x270 net/core/datagram.c:533 skb_copy_datagram_msg include/linux/skbuff.h:3696 [inline] packet_recvmsg+0x78d/0x20d0 net/packet/af_packet.c:3449 sock_recvmsg_nosec net/socket.c:948 [inline] sock_recvmsg net/socket.c:966 [inline] sock_read_iter+0x5a9/0x630 net/socket.c:1039 call_read_iter include/linux/fs.h:2068 [inline] new_sync_read fs/read_write.c:400 [inline] vfs_read+0x1631/0x1980 fs/read_write.c:481 ksys_read+0x28b/0x510 fs/read_write.c:619 __do_sys_read fs/read_write.c:629 [inline] __se_sys_read fs/read_write.c:627 [inline] __x64_sys_read+0xdb/0x120 fs/read_write.c:627 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x44/0xae Uninit was stored to memory at: skb_copy_from_linear_data include/linux/skbuff.h:3817 [inline] __pskb_copy_fclone+0x555/0x1950 net/core/skbuff.c:1634 __pskb_copy include/linux/skbuff.h:1222 [inline] pskb_copy include/linux/skbuff.h:3283 [inline] tipc_clone_to_loopback+0x1a8/0x940 net/tipc/bearer.c:754 tipc_loopback_trace net/tipc/bearer.h:253 [inline] tipc_topsrv_kern_evt net/tipc/topsrv.c:615 [inline] tipc_conn_send_to_sock net/tipc/topsrv.c:283 [inline] tipc_conn_send_work+0xf35/0x1030 net/tipc/topsrv.c:303 process_one_work+0xdb6/0x1820 kernel/workqueue.c:2307 worker_thread+0x10b3/0x21e0 kernel/workqueue.c:2454 kthread+0x3c7/0x500 kernel/kthread.c:377 ret_from_fork+0x1f/0x30 Uninit was stored to memory at: tipc_topsrv_kern_evt net/tipc/topsrv.c:612 [inline] tipc_conn_send_to_sock net/tipc/topsrv.c:283 [inline] tipc_conn_send_work+0x858/0x1030 net/tipc/topsrv.c:303 process_one_work+0xdb6/0x1820 kernel/workqueue.c:2307 worker_thread+0x10b3/0x21e0 kernel/workqueue.c:2454 kthread+0x3c7/0x500 kernel/kthread.c:377 ret_from_fork+0x1f/0x30 Uninit was stored to memory at: tipc_topsrv_queue_evt+0x3b9/0x770 net/tipc/topsrv.c:329 tipc_sub_send_event net/tipc/subscr.c:63 [inline] tipc_sub_report_overlap+0xab5/0xc80 net/tipc/subscr.c:102 tipc_service_insert_publ net/tipc/name_table.c:366 [inline] tipc_nametbl_insert_publ+0x2315/0x25e0 net/tipc/name_table.c:491 tipc_nametbl_publish+0x29a/0x5a0 net/tipc/name_table.c:776 tipc_sk_publish+0x36d/0x740 net/tipc/socket.c:2914 tipc_sk_join+0x6ef/0xa10 net/tipc/socket.c:3092 tipc_setsockopt+0xd3f/0x10c0 net/tipc/socket.c:3199 __sys_setsockopt+0x9d7/0xdc0 net/socket.c:2180 __do_sys_setsockopt net/socket.c:2191 [inline] __se_sys_setsockopt net/socket.c:2188 [inline] __x64_sys_setsockopt+0x15c/0x1c0 net/socket.c:2188 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x44/0xae Uninit was stored to memory at: tipc_sub_subscribe+0x4b7/0xc60 net/tipc/subscr.c:156 tipc_conn_rcv_sub+0x2d7/0x7e0 net/tipc/topsrv.c:375 tipc_topsrv_kern_subscr+0x44a/0x550 net/tipc/topsrv.c:579 tipc_group_create+0x65b/0x9b0 net/tipc/group.c:190 tipc_sk_join+0x392/0xa10 net/tipc/socket.c:3082 tipc_setsockopt+0xd3f/0x10c0 net/tipc/socket.c:3199 __sys_setsockopt+0x9d7/0xdc0 net/socket.c:2180 __do_sys_setsockopt net/socket.c:2191 [inline] __se_sys_setsockopt net/socket.c:2188 [inline] __x64_sys_setsockopt+0x15c/0x1c0 net/socket.c:2188 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x44/0xae Local variable sub created at: tipc_topsrv_kern_subscr+0xd9/0x550 net/tipc/topsrv.c:562 tipc_group_create+0x65b/0x9b0 net/tipc/group.c:190 Bytes 84-87 of 88 are uninitialized Memory access of size 88 starts at ffff8880805b2cd0 Data copied to user address 0000000020000480 CPU: 1 PID: 12466 Comm: syz-executor.0 Not tainted 5.17.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 =====================================================