syz_tun: entered allmulticast mode ===================================================== BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:131 [inline] BUG: KMSAN: kernel-infoleak in copy_to_user_iter lib/iov_iter.c:24 [inline] BUG: KMSAN: kernel-infoleak in iterate_ubuf include/linux/iov_iter.h:30 [inline] BUG: KMSAN: kernel-infoleak in iterate_and_advance2 include/linux/iov_iter.h:302 [inline] BUG: KMSAN: kernel-infoleak in iterate_and_advance include/linux/iov_iter.h:330 [inline] BUG: KMSAN: kernel-infoleak in _copy_to_iter+0xef3/0x3400 lib/iov_iter.c:197 instrument_copy_to_user include/linux/instrumented.h:131 [inline] copy_to_user_iter lib/iov_iter.c:24 [inline] iterate_ubuf include/linux/iov_iter.h:30 [inline] iterate_and_advance2 include/linux/iov_iter.h:302 [inline] iterate_and_advance include/linux/iov_iter.h:330 [inline] _copy_to_iter+0xef3/0x3400 lib/iov_iter.c:197 copy_to_iter include/linux/uio.h:220 [inline] simple_copy_to_iter net/core/datagram.c:521 [inline] __skb_datagram_iter+0x18f/0x12b0 net/core/datagram.c:402 skb_copy_datagram_iter+0x5b/0x240 net/core/datagram.c:535 skb_copy_datagram_msg include/linux/skbuff.h:4218 [inline] raw_recvmsg+0x2c8/0xab0 net/ipv4/raw.c:768 inet_recvmsg+0x33c/0x690 net/ipv4/af_inet.c:891 sock_recvmsg_nosec net/socket.c:1078 [inline] sock_recvmsg+0x22d/0x310 net/socket.c:1100 sock_read_iter+0x2c8/0x360 net/socket.c:1170 io_iter_do_read io_uring/rw.c:835 [inline] __io_read+0xc18/0x2540 io_uring/rw.c:951 io_read+0x6b/0x3c0 io_uring/rw.c:1031 __io_issue_sqe+0x2ba/0x790 io_uring/io_uring.c:1384 io_issue_sqe+0x5ad/0x24e0 io_uring/io_uring.c:1407 io_queue_sqe io_uring/io_uring.c:1634 [inline] io_req_task_submit+0xd1/0x220 io_uring/io_uring.c:1044 io_poll_task_func+0x12d0/0x1930 io_uring/poll.c:-1 io_handle_tw_list+0x39e/0x700 io_uring/tw.c:72 tctx_task_work_run+0x90/0x390 io_uring/tw.c:132 tctx_task_work+0x6d/0xc0 io_uring/tw.c:150 task_work_run+0x208/0x2b0 kernel/task_work.c:233 get_signal+0x136/0x2a70 kernel/signal.c:2807 arch_do_signal_or_restart+0x53/0xc00 arch/x86/kernel/signal.c:337 __exit_to_user_mode_loop kernel/entry/common.c:64 [inline] exit_to_user_mode_loop+0x117/0x1b60 kernel/entry/common.c:98 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline] syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline] syscall_exit_to_user_mode include/linux/entry-common.h:325 [inline] do_syscall_64+0x24d/0xf80 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was created at: slab_post_alloc_hook mm/slub.c:4522 [inline] slab_alloc_node mm/slub.c:4844 [inline] kmem_cache_alloc_node_noprof+0x3cd/0x12d0 mm/slub.c:4896 kmalloc_reserve net/core/skbuff.c:613 [inline] __alloc_skb+0x855/0x1190 net/core/skbuff.c:713 alloc_skb include/linux/skbuff.h:1383 [inline] ipmr_cache_report+0x410/0x2200 net/ipv4/ipmr.c:1053 ipmr_cache_unresolved+0x53d/0xd20 net/ipv4/ipmr.c:1153 ip_mr_input+0xe78/0xfb0 net/ipv4/ipmr.c:2222 dst_input include/net/dst.h:480 [inline] ip_rcv_finish+0x53e/0x560 net/ipv4/ip_input.c:453 NF_HOOK include/linux/netfilter.h:318 [inline] ip_rcv+0xcb/0x370 net/ipv4/ip_input.c:573 __netif_receive_skb_one_core net/core/dev.c:6164 [inline] __netif_receive_skb net/core/dev.c:6277 [inline] netif_receive_skb_internal net/core/dev.c:6363 [inline] netif_receive_skb+0x356/0x1160 net/core/dev.c:6422 tun_rx_batched+0x1da/0x980 drivers/net/tun.c:1485 tun_get_user+0x6002/0x7830 drivers/net/tun.c:1953 tun_chr_write_iter+0x3e9/0x5c0 drivers/net/tun.c:1999 new_sync_write fs/read_write.c:595 [inline] vfs_write+0xbe1/0x15c0 fs/read_write.c:688 ksys_write+0x1d9/0x470 fs/read_write.c:740 __do_sys_write fs/read_write.c:751 [inline] __se_sys_write fs/read_write.c:748 [inline] __x64_sys_write+0x97/0xf0 fs/read_write.c:748 x64_sys_call+0x2ff0/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:2 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x134/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f Bytes 22-27 of 28 are uninitialized Memory access of size 28 starts at ffff88808782fc80 Data copied to user address 0000200000000240 CPU: 1 UID: 0 PID: 12380 Comm: syz.1.1379 Tainted: G L syzkaller #0 PREEMPT(full) Tainted: [L]=SOFTLOCKUP Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 =====================================================