syz_tun: entered allmulticast mode pimreg: entered allmulticast mode ===================================================== BUG: KMSAN: kernel-infoleak-after-free in instrument_copy_to_user include/linux/instrumented.h:114 [inline] BUG: KMSAN: kernel-infoleak-after-free in copy_to_user_iter lib/iov_iter.c:24 [inline] BUG: KMSAN: kernel-infoleak-after-free in iterate_iovec include/linux/iov_iter.h:52 [inline] BUG: KMSAN: kernel-infoleak-after-free in iterate_and_advance2 include/linux/iov_iter.h:304 [inline] BUG: KMSAN: kernel-infoleak-after-free in iterate_and_advance include/linux/iov_iter.h:330 [inline] BUG: KMSAN: kernel-infoleak-after-free in _copy_to_iter+0x4e4/0x33f0 lib/iov_iter.c:185 instrument_copy_to_user include/linux/instrumented.h:114 [inline] copy_to_user_iter lib/iov_iter.c:24 [inline] iterate_iovec include/linux/iov_iter.h:52 [inline] iterate_and_advance2 include/linux/iov_iter.h:304 [inline] iterate_and_advance include/linux/iov_iter.h:330 [inline] _copy_to_iter+0x4e4/0x33f0 lib/iov_iter.c:185 copy_to_iter include/linux/uio.h:220 [inline] simple_copy_to_iter net/core/datagram.c:521 [inline] __skb_datagram_iter+0x196/0x12c0 net/core/datagram.c:402 skb_copy_datagram_iter+0x5b/0x1e0 net/core/datagram.c:535 skb_copy_datagram_msg include/linux/skbuff.h:4167 [inline] raw_recvmsg+0x2c8/0xab0 net/ipv4/raw.c:766 inet_recvmsg+0x343/0x6a0 net/ipv4/af_inet.c:883 sock_recvmsg_nosec+0x19d/0x2f0 net/socket.c:1065 ____sys_recvmsg+0x4e5/0x610 net/socket.c:2832 ___sys_recvmsg+0x20b/0x850 net/socket.c:2876 do_recvmmsg+0x50b/0xdf0 net/socket.c:2963 __sys_recvmmsg+0xf3/0x460 net/socket.c:3045 __do_compat_sys_recvmmsg_time32 net/compat.c:418 [inline] __se_compat_sys_recvmmsg_time32 net/compat.c:414 [inline] __ia32_compat_sys_recvmmsg_time32+0x102/0x1b0 net/compat.c:414 ia32_sys_call+0x2970/0x4310 arch/x86/include/generated/asm/syscalls_32.h:338 do_syscall_32_irqs_on arch/x86/entry/syscall_32.c:83 [inline] __do_fast_syscall_32+0xb0/0x150 arch/x86/entry/syscall_32.c:306 do_fast_syscall_32+0x38/0x80 arch/x86/entry/syscall_32.c:331 do_SYSENTER_32+0x1f/0x30 arch/x86/entry/syscall_32.c:369 entry_SYSENTER_compat_after_hwframe+0x84/0x8e Uninit was created at: slab_free_hook mm/slub.c:2348 [inline] slab_free mm/slub.c:4695 [inline] kmem_cache_free+0x2a1/0xec0 mm/slub.c:4797 skb_kfree_head net/core/skbuff.c:1045 [inline] skb_free_head+0x13c/0x3a0 net/core/skbuff.c:1059 skb_release_data+0x9f7/0xac0 net/core/skbuff.c:1086 skb_release_all net/core/skbuff.c:1151 [inline] __kfree_skb+0x6b/0x260 net/core/skbuff.c:1165 consume_skb+0x83/0x230 net/core/skbuff.c:1397 netlink_broadcast_filtered+0x227b/0x2430 net/netlink/af_netlink.c:1537 nlmsg_multicast_filtered include/net/netlink.h:1165 [inline] nlmsg_multicast include/net/netlink.h:1184 [inline] nlmsg_notify+0x15b/0x2f0 net/netlink/af_netlink.c:2595 rtnl_notify+0xba/0x100 net/core/rtnetlink.c:958 inet_ifmcaddr_notify+0x171/0x300 net/ipv4/igmp.c:1495 ____ip_mc_inc_group+0x94c/0x10d0 net/ipv4/igmp.c:1564 __ip_mc_join_group+0x5dc/0x830 net/ipv4/igmp.c:2305 ip_mc_join_group+0x38/0x50 net/ipv4/igmp.c:2315 do_ip_setsockopt+0x3c8b/0x4a70 net/ipv4/ip_sockglue.c:1248 ip_setsockopt+0x106/0x210 net/ipv4/ip_sockglue.c:1417 raw_setsockopt+0x1b9/0x2f0 net/ipv4/raw.c:845 sock_common_setsockopt+0xf2/0x140 net/core/sock.c:3903 do_sock_setsockopt net/socket.c:2344 [inline] __sys_setsockopt+0x43e/0x580 net/socket.c:2369 __do_sys_setsockopt net/socket.c:2375 [inline] __se_sys_setsockopt net/socket.c:2372 [inline] __ia32_sys_setsockopt+0xf3/0x1a0 net/socket.c:2372 ia32_sys_call+0x24c2/0x4310 arch/x86/include/generated/asm/syscalls_32.h:367 do_syscall_32_irqs_on arch/x86/entry/syscall_32.c:83 [inline] __do_fast_syscall_32+0xb0/0x150 arch/x86/entry/syscall_32.c:306 do_fast_syscall_32+0x38/0x80 arch/x86/entry/syscall_32.c:331 do_SYSENTER_32+0x1f/0x30 arch/x86/entry/syscall_32.c:369 entry_SYSENTER_compat_after_hwframe+0x84/0x8e Bytes 22-27 of 28 are uninitialized Memory access of size 28 starts at ffff888033a46100 Data copied to user address 0000000080000640 CPU: 1 UID: 0 PID: 20411 Comm: syz.0.4098 Not tainted syzkaller #0 PREEMPT(none) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 =====================================================