===================================================== BUG: KMSAN: kernel-network-infoleak-after-free in __netdev_start_xmit include/linux/netdevice.h:4841 [inline] BUG: KMSAN: kernel-network-infoleak-after-free in netdev_start_xmit include/linux/netdevice.h:4857 [inline] BUG: KMSAN: kernel-network-infoleak-after-free in xmit_one+0x100/0x5f0 net/core/dev.c:3590 __netdev_start_xmit include/linux/netdevice.h:4841 [inline] netdev_start_xmit include/linux/netdevice.h:4857 [inline] xmit_one+0x100/0x5f0 net/core/dev.c:3590 dev_hard_start_xmit+0xe5/0x370 net/core/dev.c:3606 __dev_queue_xmit+0x1dec/0x31f0 net/core/dev.c:4256 dev_queue_xmit include/linux/netdevice.h:3009 [inline] __netlink_deliver_tap_skb net/netlink/af_netlink.c:307 [inline] __netlink_deliver_tap+0x7f6/0xca0 net/netlink/af_netlink.c:325 netlink_deliver_tap net/netlink/af_netlink.c:338 [inline] netlink_deliver_tap_kernel net/netlink/af_netlink.c:347 [inline] netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline] netlink_unicast+0x10fb/0x1270 net/netlink/af_netlink.c:1345 netlink_sendmsg+0x127d/0x1430 net/netlink/af_netlink.c:1921 sock_sendmsg_nosec net/socket.c:714 [inline] sock_sendmsg net/socket.c:734 [inline] ____sys_sendmsg+0xa8e/0xe70 net/socket.c:2482 ___sys_sendmsg+0x2a1/0x3f0 net/socket.c:2536 __sys_sendmsg net/socket.c:2565 [inline] __do_sys_sendmsg net/socket.c:2574 [inline] __se_sys_sendmsg net/socket.c:2572 [inline] __x64_sys_sendmsg+0x367/0x540 net/socket.c:2572 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Uninit was stored to memory at: skb_put_data include/linux/skbuff.h:2579 [inline] netlink_to_full_skb net/netlink/af_netlink.c:181 [inline] __netlink_deliver_tap_skb net/netlink/af_netlink.c:298 [inline] __netlink_deliver_tap+0x575/0xca0 net/netlink/af_netlink.c:325 netlink_deliver_tap net/netlink/af_netlink.c:338 [inline] netlink_deliver_tap_kernel net/netlink/af_netlink.c:347 [inline] netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline] netlink_unicast+0x10fb/0x1270 net/netlink/af_netlink.c:1345 netlink_sendmsg+0x127d/0x1430 net/netlink/af_netlink.c:1921 sock_sendmsg_nosec net/socket.c:714 [inline] sock_sendmsg net/socket.c:734 [inline] ____sys_sendmsg+0xa8e/0xe70 net/socket.c:2482 ___sys_sendmsg+0x2a1/0x3f0 net/socket.c:2536 __sys_sendmsg net/socket.c:2565 [inline] __do_sys_sendmsg net/socket.c:2574 [inline] __se_sys_sendmsg net/socket.c:2572 [inline] __x64_sys_sendmsg+0x367/0x540 net/socket.c:2572 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Uninit was created at: free_pages_prepare mm/page_alloc.c:1410 [inline] free_pcp_prepare+0x40/0x640 mm/page_alloc.c:1532 free_unref_page_prepare mm/page_alloc.c:3387 [inline] free_unref_page+0x41/0x940 mm/page_alloc.c:3483 free_the_page mm/page_alloc.c:770 [inline] __free_pages+0x78/0x1c0 mm/page_alloc.c:5644 __vunmap+0xfee/0x1410 mm/vmalloc.c:2713 __vfree mm/vmalloc.c:2761 [inline] vfree+0xda/0x120 mm/vmalloc.c:2792 netlink_skb_destructor+0x198/0x230 net/netlink/af_netlink.c:379 skb_release_head_state+0x143/0x340 net/core/skbuff.c:841 skb_release_all net/core/skbuff.c:852 [inline] __kfree_skb+0x25/0x240 net/core/skbuff.c:868 consume_skb+0x96/0x290 net/core/skbuff.c:1033 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline] netlink_unicast+0xf4c/0x1270 net/netlink/af_netlink.c:1345 netlink_sendmsg+0x127d/0x1430 net/netlink/af_netlink.c:1921 sock_sendmsg_nosec net/socket.c:714 [inline] sock_sendmsg net/socket.c:734 [inline] ____sys_sendmsg+0xa8e/0xe70 net/socket.c:2482 ___sys_sendmsg+0x2a1/0x3f0 net/socket.c:2536 __sys_sendmsg net/socket.c:2565 [inline] __do_sys_sendmsg net/socket.c:2574 [inline] __se_sys_sendmsg net/socket.c:2572 [inline] __x64_sys_sendmsg+0x367/0x540 net/socket.c:2572 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Bytes 51552-51583 of 51584 are uninitialized Memory access of size 51584 starts at ffff888131500000 CPU: 0 PID: 3509 Comm: syz-executor152 Not tainted 6.1.0-syzkaller-64311-g5c6259d6d19f #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 =====================================================