netlink: 224 bytes leftover after parsing attributes in process `syz-executor.2'. ===================================================== BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:121 [inline] BUG: KMSAN: kernel-infoleak in copyout lib/iov_iter.c:154 [inline] BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x6ef/0x25a0 lib/iov_iter.c:668 instrument_copy_to_user include/linux/instrumented.h:121 [inline] copyout lib/iov_iter.c:154 [inline] _copy_to_iter+0x6ef/0x25a0 lib/iov_iter.c:668 copy_to_iter include/linux/uio.h:162 [inline] simple_copy_to_iter+0xf3/0x140 net/core/datagram.c:519 __skb_datagram_iter+0x2d5/0x11b0 net/core/datagram.c:425 skb_copy_datagram_iter+0xdc/0x270 net/core/datagram.c:533 skb_copy_datagram_msg include/linux/skbuff.h:3696 [inline] netlink_recvmsg+0x669/0x1c80 net/netlink/af_netlink.c:1977 sock_recvmsg_nosec net/socket.c:948 [inline] sock_recvmsg net/socket.c:966 [inline] sock_read_iter+0x5a9/0x630 net/socket.c:1039 do_iter_readv_writev+0xa7f/0xc70 do_iter_read+0x52c/0x14c0 fs/read_write.c:786 vfs_readv fs/read_write.c:906 [inline] do_readv+0x432/0x800 fs/read_write.c:943 __do_sys_readv fs/read_write.c:1034 [inline] __se_sys_readv fs/read_write.c:1031 [inline] __x64_sys_readv+0xe5/0x120 fs/read_write.c:1031 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x44/0xae Uninit was stored to memory at: __nla_put lib/nlattr.c:994 [inline] nla_put+0x312/0x3d0 lib/nlattr.c:1052 copy_to_user_state_extra+0x1934/0x24e0 net/xfrm/xfrm_user.c:1001 dump_one_state+0x38d/0x7f0 net/xfrm/xfrm_user.c:1069 xfrm_state_walk+0x567/0x16c0 net/xfrm/xfrm_state.c:2134 xfrm_dump_sa+0x27c/0x7f0 net/xfrm/xfrm_user.c:1140 netlink_dump+0xb72/0x16c0 net/netlink/af_netlink.c:2268 __netlink_dump_start+0xcf8/0xe90 net/netlink/af_netlink.c:2373 netlink_dump_start include/linux/netlink.h:254 [inline] xfrm_user_rcv_msg+0x936/0x1190 net/xfrm/xfrm_user.c:2926 netlink_rcv_skb+0x40c/0x7e0 net/netlink/af_netlink.c:2494 xfrm_netlink_rcv+0xb2/0xf0 net/xfrm/xfrm_user.c:2963 netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline] netlink_unicast+0x1093/0x1360 net/netlink/af_netlink.c:1343 netlink_sendmsg+0x14d9/0x1720 net/netlink/af_netlink.c:1919 sock_sendmsg_nosec net/socket.c:705 [inline] sock_sendmsg net/socket.c:725 [inline] ____sys_sendmsg+0xe11/0x12c0 net/socket.c:2413 ___sys_sendmsg net/socket.c:2467 [inline] __sys_sendmsg+0x704/0x840 net/socket.c:2496 __do_sys_sendmsg net/socket.c:2505 [inline] __se_sys_sendmsg net/socket.c:2503 [inline] __x64_sys_sendmsg+0xe2/0x120 net/socket.c:2503 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x44/0xae Uninit was created at: slab_post_alloc_hook mm/slab.h:737 [inline] slab_alloc_node mm/slub.c:3247 [inline] slab_alloc mm/slub.c:3255 [inline] kmem_cache_alloc_trace+0xaca/0x1140 mm/slub.c:3272 kmalloc include/linux/slab.h:581 [inline] pfkey_msg2xfrm_state net/key/af_key.c:1199 [inline] pfkey_add+0x3498/0x3ee0 net/key/af_key.c:1504 pfkey_process net/key/af_key.c:2837 [inline] pfkey_sendmsg+0x16bb/0x1c60 net/key/af_key.c:3676 sock_sendmsg_nosec net/socket.c:705 [inline] sock_sendmsg net/socket.c:725 [inline] ____sys_sendmsg+0xe11/0x12c0 net/socket.c:2413 ___sys_sendmsg net/socket.c:2467 [inline] __sys_sendmmsg+0xac2/0xf60 net/socket.c:2553 __do_sys_sendmmsg net/socket.c:2582 [inline] __se_sys_sendmmsg net/socket.c:2579 [inline] __x64_sys_sendmmsg+0x11c/0x170 net/socket.c:2579 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x44/0xae Bytes 252-311 of 3608 are uninitialized Memory access of size 3608 starts at ffff888057395000 Data copied to user address 0000000020000400 CPU: 1 PID: 28911 Comm: syz-executor.2 Tainted: G W 5.17.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 =====================================================