===================================================== BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline] BUG: KMSAN: kernel-infoleak in _inline_copy_to_user include/linux/uaccess.h:205 [inline] BUG: KMSAN: kernel-infoleak in _copy_to_user+0xcc/0x120 lib/usercopy.c:26 instrument_copy_to_user include/linux/instrumented.h:114 [inline] _inline_copy_to_user include/linux/uaccess.h:205 [inline] _copy_to_user+0xcc/0x120 lib/usercopy.c:26 copy_to_user include/linux/uaccess.h:236 [inline] move_addr_to_user+0x29a/0x400 net/socket.c:306 ____sys_recvmsg+0x232/0x610 net/socket.c:2819 ___sys_recvmsg+0x20b/0x850 net/socket.c:2854 do_recvmmsg+0x40e/0xdf0 net/socket.c:2949 __sys_recvmmsg net/socket.c:3023 [inline] __do_sys_recvmmsg net/socket.c:3046 [inline] __se_sys_recvmmsg net/socket.c:3039 [inline] __x64_sys_recvmmsg+0x383/0x500 net/socket.c:3039 x64_sys_call+0x365f/0x3e70 arch/x86/include/generated/asm/syscalls_64.h:300 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xd3/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was stored to memory at: ieee802154_addr_to_sa include/net/ieee802154_netdev.h:369 [inline] dgram_recvmsg+0xa17/0xbe0 net/ieee802154/socket.c:739 sock_common_recvmsg+0xd5/0x1d0 net/core/sock.c:3956 sock_recvmsg_nosec+0x240/0x2f0 net/socket.c:1078 ____sys_recvmsg+0x4e5/0x610 net/socket.c:2810 ___sys_recvmsg+0x20b/0x850 net/socket.c:2854 do_recvmmsg+0x40e/0xdf0 net/socket.c:2949 __sys_recvmmsg net/socket.c:3023 [inline] __do_sys_recvmmsg net/socket.c:3046 [inline] __se_sys_recvmmsg net/socket.c:3039 [inline] __x64_sys_recvmmsg+0x383/0x500 net/socket.c:3039 x64_sys_call+0x365f/0x3e70 arch/x86/include/generated/asm/syscalls_64.h:300 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xd3/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was stored to memory at: __copy_skb_header+0xa3/0x840 net/core/skbuff.c:1532 __skb_clone+0x57/0x650 net/core/skbuff.c:1584 skb_clone+0x473/0x580 net/core/skbuff.c:2094 __ieee802154_rx_handle_packet net/mac802154/rx.c:363 [inline] ieee802154_rx+0xdeb/0x3460 net/mac802154/rx.c:431 ieee802154_tasklet_handler+0x136/0x2c0 net/mac802154/main.c:35 tasklet_action_common+0x34b/0xcf0 kernel/softirq.c:925 tasklet_action+0x2d/0x40 kernel/softirq.c:953 handle_softirqs+0x169/0x6e0 kernel/softirq.c:622 __do_softirq+0x14/0x1b kernel/softirq.c:656 Uninit was stored to memory at: ieee802154_parse_frame_start net/mac802154/rx.c:299 [inline] __ieee802154_rx_handle_packet net/mac802154/rx.c:343 [inline] ieee802154_rx+0xb4d/0x3460 net/mac802154/rx.c:431 ieee802154_tasklet_handler+0x136/0x2c0 net/mac802154/main.c:35 tasklet_action_common+0x34b/0xcf0 kernel/softirq.c:925 tasklet_action+0x2d/0x40 kernel/softirq.c:953 handle_softirqs+0x169/0x6e0 kernel/softirq.c:622 __do_softirq+0x14/0x1b kernel/softirq.c:656 Uninit was stored to memory at: ieee802154_hdr_get_addrs net/ieee802154/header_ops.c:275 [inline] ieee802154_hdr_pull+0xbf1/0xd60 net/ieee802154/header_ops.c:294 ieee802154_parse_frame_start net/mac802154/rx.c:283 [inline] __ieee802154_rx_handle_packet net/mac802154/rx.c:343 [inline] ieee802154_rx+0xa3d/0x3460 net/mac802154/rx.c:431 ieee802154_tasklet_handler+0x136/0x2c0 net/mac802154/main.c:35 tasklet_action_common+0x34b/0xcf0 kernel/softirq.c:925 tasklet_action+0x2d/0x40 kernel/softirq.c:953 handle_softirqs+0x169/0x6e0 kernel/softirq.c:622 __do_softirq+0x14/0x1b kernel/softirq.c:656 Local variable hdr.i created at: __ieee802154_rx_handle_packet net/mac802154/rx.c:340 [inline] ieee802154_rx+0x96e/0x3460 net/mac802154/rx.c:431 ieee802154_tasklet_handler+0x136/0x2c0 net/mac802154/main.c:35 Bytes 8-9 of 20 are uninitialized Memory access of size 20 starts at ffff88804e467a38 Data copied to user address 0000200000000800 CPU: 0 UID: 0 PID: 6040 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(none) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 =====================================================