===================================================== BUG: KMSAN: uninit-value in rht_ptr_rcu include/linux/rhashtable.h:369 [inline] BUG: KMSAN: uninit-value in __rhashtable_lookup include/linux/rhashtable.h:599 [inline] BUG: KMSAN: uninit-value in rhashtable_lookup include/linux/rhashtable.h:638 [inline] BUG: KMSAN: uninit-value in tipc_sk_lookup+0x6ad/0xa10 net/tipc/socket.c:2995 rht_ptr_rcu include/linux/rhashtable.h:369 [inline] __rhashtable_lookup include/linux/rhashtable.h:599 [inline] rhashtable_lookup include/linux/rhashtable.h:638 [inline] tipc_sk_lookup+0x6ad/0xa10 net/tipc/socket.c:2995 tipc_sk_rcv+0x5db/0x2990 net/tipc/socket.c:2489 tipc_node_xmit+0x40c/0x1e40 net/tipc/node.c:1694 tipc_node_xmit_skb net/tipc/node.c:1754 [inline] tipc_node_distr_xmit+0x480/0x6e0 net/tipc/node.c:1769 tipc_sk_rcv+0x1ed7/0x2990 net/tipc/socket.c:2498 tipc_topsrv_kern_evt net/tipc/topsrv.c:616 [inline] tipc_conn_send_to_sock net/tipc/topsrv.c:283 [inline] tipc_conn_send_work+0x9de/0x1030 net/tipc/topsrv.c:303 process_one_work+0xdb9/0x1820 kernel/workqueue.c:2298 worker_thread+0x10bc/0x21f0 kernel/workqueue.c:2445 kthread+0x721/0x850 kernel/kthread.c:327 ret_from_fork+0x1f/0x30 Uninit was stored to memory at: msg_set_word net/tipc/msg.h:212 [inline] msg_set_destport net/tipc/msg.h:619 [inline] tipc_msg_create+0x8ad/0x920 net/tipc/msg.c:112 tipc_group_proto_xmit+0x252/0xc20 net/tipc/group.c:710 tipc_group_member_evt+0x1805/0x26d0 net/tipc/group.c:890 tipc_sk_proto_rcv+0x936/0xea0 net/tipc/socket.c:2169 tipc_sk_filter_rcv+0x497/0x4600 net/tipc/socket.c:2349 tipc_sk_enqueue net/tipc/socket.c:2442 [inline] tipc_sk_rcv+0xfbb/0x2990 net/tipc/socket.c:2494 tipc_topsrv_kern_evt net/tipc/topsrv.c:616 [inline] tipc_conn_send_to_sock net/tipc/topsrv.c:283 [inline] tipc_conn_send_work+0x9de/0x1030 net/tipc/topsrv.c:303 process_one_work+0xdb9/0x1820 kernel/workqueue.c:2298 worker_thread+0x10bc/0x21f0 kernel/workqueue.c:2445 kthread+0x721/0x850 kernel/kthread.c:327 ret_from_fork+0x1f/0x30 Uninit was stored to memory at: tipc_group_create_member+0x716/0x9f0 net/tipc/group.c:317 tipc_group_member_evt+0xafe/0x26d0 net/tipc/group.c:885 tipc_sk_proto_rcv+0x936/0xea0 net/tipc/socket.c:2169 tipc_sk_filter_rcv+0x497/0x4600 net/tipc/socket.c:2349 tipc_sk_enqueue net/tipc/socket.c:2442 [inline] tipc_sk_rcv+0xfbb/0x2990 net/tipc/socket.c:2494 tipc_topsrv_kern_evt net/tipc/topsrv.c:616 [inline] tipc_conn_send_to_sock net/tipc/topsrv.c:283 [inline] tipc_conn_send_work+0x9de/0x1030 net/tipc/topsrv.c:303 process_one_work+0xdb9/0x1820 kernel/workqueue.c:2298 worker_thread+0x10bc/0x21f0 kernel/workqueue.c:2445 kthread+0x721/0x850 kernel/kthread.c:327 ret_from_fork+0x1f/0x30 Uninit was stored to memory at: tipc_topsrv_kern_evt net/tipc/topsrv.c:612 [inline] tipc_conn_send_to_sock net/tipc/topsrv.c:283 [inline] tipc_conn_send_work+0x858/0x1030 net/tipc/topsrv.c:303 process_one_work+0xdb9/0x1820 kernel/workqueue.c:2298 worker_thread+0x10bc/0x21f0 kernel/workqueue.c:2445 kthread+0x721/0x850 kernel/kthread.c:327 ret_from_fork+0x1f/0x30 Uninit was stored to memory at: tipc_topsrv_queue_evt+0x3b9/0x770 net/tipc/topsrv.c:329 tipc_sub_send_event net/tipc/subscr.c:63 [inline] tipc_sub_report_overlap+0xab5/0xc80 net/tipc/subscr.c:102 tipc_service_insert_publ net/tipc/name_table.c:366 [inline] tipc_nametbl_insert_publ+0x2315/0x25e0 net/tipc/name_table.c:491 tipc_nametbl_publish+0x29a/0x5a0 net/tipc/name_table.c:776 tipc_sk_publish+0x36d/0x740 net/tipc/socket.c:2912 tipc_sk_join+0x6ef/0xa10 net/tipc/socket.c:3090 tipc_setsockopt+0xd3f/0x10c0 net/tipc/socket.c:3197 __sys_setsockopt+0x9d7/0xdc0 net/socket.c:2176 __do_sys_setsockopt net/socket.c:2187 [inline] __se_sys_setsockopt net/socket.c:2184 [inline] __ia32_sys_setsockopt+0x15d/0x1c0 net/socket.c:2184 do_syscall_32_irqs_on arch/x86/entry/common.c:114 [inline] __do_fast_syscall_32+0x96/0xf0 arch/x86/entry/common.c:180 do_fast_syscall_32+0x34/0x70 arch/x86/entry/common.c:205 do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:248 entry_SYSENTER_compat_after_hwframe+0x4d/0x5c Uninit was stored to memory at: tipc_sub_subscribe+0x4b7/0xc60 net/tipc/subscr.c:156 tipc_conn_rcv_sub+0x2d7/0x7e0 net/tipc/topsrv.c:375 tipc_topsrv_kern_subscr+0x44a/0x550 net/tipc/topsrv.c:579 tipc_group_create+0x65b/0x9b0 net/tipc/group.c:190 tipc_sk_join+0x392/0xa10 net/tipc/socket.c:3080 tipc_setsockopt+0xd3f/0x10c0 net/tipc/socket.c:3197 __sys_setsockopt+0x9d7/0xdc0 net/socket.c:2176 __do_sys_setsockopt net/socket.c:2187 [inline] __se_sys_setsockopt net/socket.c:2184 [inline] __ia32_sys_setsockopt+0x15d/0x1c0 net/socket.c:2184 do_syscall_32_irqs_on arch/x86/entry/common.c:114 [inline] __do_fast_syscall_32+0x96/0xf0 arch/x86/entry/common.c:180 do_fast_syscall_32+0x34/0x70 arch/x86/entry/common.c:205 do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:248 entry_SYSENTER_compat_after_hwframe+0x4d/0x5c Local variable sub created at: tipc_topsrv_kern_subscr+0xd9/0x550 net/tipc/topsrv.c:562 tipc_group_create+0x65b/0x9b0 net/tipc/group.c:190 CPU: 0 PID: 5474 Comm: kworker/u4:29 Not tainted 5.16.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: tipc_send tipc_conn_send_work =====================================================