syzbot

=====================================================
BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:131 [inline]
BUG: KMSAN: kernel-infoleak in copy_to_user_iter lib/iov_iter.c:24 [inline]
BUG: KMSAN: kernel-infoleak in iterate_ubuf include/linux/iov_iter.h:30 [inline]
BUG: KMSAN: kernel-infoleak in iterate_and_advance2 include/linux/iov_iter.h:302 [inline]
BUG: KMSAN: kernel-infoleak in iterate_and_advance include/linux/iov_iter.h:330 [inline]
BUG: KMSAN: kernel-infoleak in _copy_to_iter+0xef3/0x3400 lib/iov_iter.c:197
 instrument_copy_to_user include/linux/instrumented.h:131 [inline]
 copy_to_user_iter lib/iov_iter.c:24 [inline]
 iterate_ubuf include/linux/iov_iter.h:30 [inline]
 iterate_and_advance2 include/linux/iov_iter.h:302 [inline]
 iterate_and_advance include/linux/iov_iter.h:330 [inline]
 _copy_to_iter+0xef3/0x3400 lib/iov_iter.c:197
 copy_to_iter include/linux/uio.h:220 [inline]
 simple_copy_to_iter net/core/datagram.c:521 [inline]
 __skb_datagram_iter+0x18f/0x12b0 net/core/datagram.c:402
 skb_copy_datagram_iter+0x5b/0x210 net/core/datagram.c:535
 skb_copy_datagram_msg include/linux/skbuff.h:4243 [inline]
 packet_recvmsg+0xe34/0x2510 net/packet/af_packet.c:3479
 sock_recvmsg_nosec net/socket.c:1137 [inline]
 sock_recvmsg+0x27b/0x310 net/socket.c:1159
 sock_read_iter+0x2c8/0x360 net/socket.c:1229
 new_sync_read fs/read_write.c:493 [inline]
 vfs_read+0x8ec/0xf90 fs/read_write.c:574
 ksys_read+0x1d9/0x470 fs/read_write.c:717
 __do_sys_read fs/read_write.c:726 [inline]
 __se_sys_read fs/read_write.c:724 [inline]
 __x64_sys_read+0x97/0xf0 fs/read_write.c:724
 x64_sys_call+0x311c/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:1
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x134/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was stored to memory at:
 pskb_expand_head+0x497/0x1a40 net/core/skbuff.c:2310
 skb_expand_head+0x41c/0x870 net/core/skbuff.c:2458
 ip_finish_output2+0xe38/0x1e00 net/ipv4/ip_output.c:218
 __ip_finish_output net/ipv4/ip_output.c:-1 [inline]
 ip_finish_output+0x288/0x860 net/ipv4/ip_output.c:325
 NF_HOOK_COND include/linux/netfilter.h:307 [inline]
 ip_mc_output+0x58a/0x8c0 net/ipv4/ip_output.c:422
 dst_output include/net/dst.h:470 [inline]
 ip_local_out+0x1f4/0x200 net/ipv4/ip_output.c:131
 iptunnel_xmit+0x87c/0x1210 net/ipv4/ip_tunnel_core.c:97
 udp_tunnel_xmit_skb+0x32b/0x490 net/ipv4/udp_tunnel_core.c:193
 tipc_udp_xmit+0x733/0xb70 net/tipc/udp_media.c:197
 tipc_udp_send_msg+0x4d7/0x5c0 net/tipc/udp_media.c:256
 tipc_bearer_xmit_skb+0x390/0x4a0 net/tipc/bearer.c:575
 tipc_disc_timeout+0x93c/0xa40 net/tipc/discover.c:338
 call_timer_fn+0x4c/0x510 kernel/time/timer.c:1748
 expire_timers kernel/time/timer.c:1799 [inline]
 __run_timers kernel/time/timer.c:2374 [inline]
 __run_timer_base+0x80a/0xdb0 kernel/time/timer.c:2386
 run_timer_base kernel/time/timer.c:2395 [inline]
 run_timer_softirq+0x3a/0x70 kernel/time/timer.c:2405
 handle_softirqs+0x171/0x7b0 kernel/softirq.c:622
 __do_softirq kernel/softirq.c:656 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0x9a/0x1e0 kernel/softirq.c:735
 irq_exit_rcu+0x12/0x20 kernel/softirq.c:752
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1061 [inline]
 sysvec_apic_timer_interrupt+0x84/0x90 arch/x86/kernel/apic/apic.c:1061
 asm_sysvec_apic_timer_interrupt+0x1f/0x30 arch/x86/include/asm/idtentry.h:697

Uninit was created at:
 slab_post_alloc_hook mm/slub.c:4576 [inline]
 slab_alloc_node mm/slub.c:4898 [inline]
 kmem_cache_alloc_node_noprof+0x3cd/0x12c0 mm/slub.c:4950
 kmalloc_reserve net/core/skbuff.c:613 [inline]
 __alloc_skb+0x855/0x1190 net/core/skbuff.c:713
 alloc_skb_fclone include/linux/skbuff.h:1433 [inline]
 tipc_buf_acquire+0x4c/0x230 net/tipc/msg.c:72
 tipc_disc_create+0x12f/0x870 net/tipc/discover.c:359
 tipc_enable_bearer net/tipc/bearer.c:348 [inline]
 __tipc_nl_bearer_enable+0x1f61/0x2a00 net/tipc/bearer.c:1047
 tipc_nl_bearer_enable+0x3d/0x70 net/tipc/bearer.c:1056
 genl_family_rcv_msg_doit+0x338/0x3f0 net/netlink/genetlink.c:1114
 genl_family_rcv_msg net/netlink/genetlink.c:1194 [inline]
 genl_rcv_msg+0xac5/0xc00 net/netlink/genetlink.c:1209
 netlink_rcv_skb+0x54d/0x680 net/netlink/af_netlink.c:2550
 genl_rcv+0x41/0x60 net/netlink/genetlink.c:1218
 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
 netlink_unicast+0xee2/0x1290 net/netlink/af_netlink.c:1344
 netlink_sendmsg+0x10b2/0x1250 net/netlink/af_netlink.c:1894
 sock_sendmsg_nosec net/socket.c:787 [inline]
 __sock_sendmsg net/socket.c:802 [inline]
 ____sys_sendmsg+0xf37/0xfd0 net/socket.c:2698
 ___sys_sendmsg+0x271/0x3b0 net/socket.c:2752
 __sys_sendmsg net/socket.c:2784 [inline]
 __do_sys_sendmsg net/socket.c:2789 [inline]
 __se_sys_sendmsg net/socket.c:2787 [inline]
 __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2787
 x64_sys_call+0x1e20/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:47
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x134/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Bytes 24-35 of 140 are uninitialized
Memory access of size 140 starts at ffff888025674cd0
Data copied to user address 0000200000002c40

CPU: 1 UID: 0 PID: 24063 Comm: syz.2.6308 Tainted: G        W    L      syzkaller #0 PREEMPT(full) 
Tainted: [W]=WARN, [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
=====================================================