===================================================== BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline] BUG: KMSAN: kernel-infoleak in _inline_copy_to_user include/linux/uaccess.h:196 [inline] BUG: KMSAN: kernel-infoleak in _copy_to_user+0xc8/0x120 lib/usercopy.c:26 instrument_copy_to_user include/linux/instrumented.h:114 [inline] _inline_copy_to_user include/linux/uaccess.h:196 [inline] _copy_to_user+0xc8/0x120 lib/usercopy.c:26 copy_to_user include/linux/uaccess.h:225 [inline] move_addr_to_user+0x28b/0x400 net/socket.c:291 ____sys_recvmsg+0x232/0x620 net/socket.c:2810 ___sys_recvmsg+0x223/0x840 net/socket.c:2845 do_recvmmsg+0x45a/0xfc0 net/socket.c:2940 __sys_recvmmsg net/socket.c:3016 [inline] __do_sys_recvmmsg net/socket.c:3037 [inline] __se_sys_recvmmsg net/socket.c:3030 [inline] __x64_sys_recvmmsg+0x21a/0x490 net/socket.c:3030 x64_sys_call+0x35ba/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:300 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was stored to memory at: ieee802154_addr_to_sa include/net/ieee802154_netdev.h:369 [inline] dgram_recvmsg+0x616/0xb80 net/ieee802154/socket.c:739 sock_common_recvmsg+0xdd/0x1d0 net/core/sock.c:3801 sock_recvmsg_nosec net/socket.c:1033 [inline] sock_recvmsg+0x2c4/0x340 net/socket.c:1055 ____sys_recvmsg+0x18a/0x620 net/socket.c:2803 ___sys_recvmsg+0x223/0x840 net/socket.c:2845 do_recvmmsg+0x45a/0xfc0 net/socket.c:2940 __sys_recvmmsg net/socket.c:3016 [inline] __do_sys_recvmmsg net/socket.c:3037 [inline] __se_sys_recvmmsg net/socket.c:3030 [inline] __x64_sys_recvmmsg+0x21a/0x490 net/socket.c:3030 x64_sys_call+0x35ba/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:300 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was stored to memory at: __copy_skb_header+0x9b/0x850 net/core/skbuff.c:1533 __skb_clone+0x57/0x650 net/core/skbuff.c:1585 skb_clone+0x3aa/0x550 net/core/skbuff.c:2091 __ieee802154_rx_handle_packet net/mac802154/rx.c:363 [inline] ieee802154_rx+0xe13/0x32e0 net/mac802154/rx.c:431 ieee802154_tasklet_handler+0x133/0x2a0 net/mac802154/main.c:35 tasklet_action_common+0x39c/0xd60 kernel/softirq.c:811 tasklet_action+0x2d/0x40 kernel/softirq.c:837 handle_softirqs+0x1a0/0x7c0 kernel/softirq.c:561 __do_softirq+0x14/0x1a kernel/softirq.c:595 Uninit was stored to memory at: ieee802154_parse_frame_start net/mac802154/rx.c:299 [inline] __ieee802154_rx_handle_packet net/mac802154/rx.c:343 [inline] ieee802154_rx+0xb10/0x32e0 net/mac802154/rx.c:431 ieee802154_tasklet_handler+0x133/0x2a0 net/mac802154/main.c:35 tasklet_action_common+0x39c/0xd60 kernel/softirq.c:811 tasklet_action+0x2d/0x40 kernel/softirq.c:837 handle_softirqs+0x1a0/0x7c0 kernel/softirq.c:561 __do_softirq+0x14/0x1a kernel/softirq.c:595 Local variable hdr.i created at: __ieee802154_rx_handle_packet net/mac802154/rx.c:340 [inline] ieee802154_rx+0x93b/0x32e0 net/mac802154/rx.c:431 ieee802154_tasklet_handler+0x133/0x2a0 net/mac802154/main.c:35 Bytes 8-9 of 20 are uninitialized Memory access of size 20 starts at ffff88804e76fa38 Data copied to user address 0000000020000340 CPU: 1 UID: 0 PID: 9505 Comm: syz.9.742 Tainted: G W 6.13.0-rc5-syzkaller-00198-g9244696b34f2 #0 Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 =====================================================