lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <6913e1f0.a70a0220.22f260.0152.GAE@google.com>
Date: Tue, 11 Nov 2025 17:25:04 -0800
From: syzbot <syzbot+f64019ba229e3a5c411b@...kaller.appspotmail.com>
To: kartikey406@...il.com, linux-kernel@...r.kernel.org, 
	syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [fs?] [mm?] KMSAN: kernel-infoleak in hugetlbfs_read_iter

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
KMSAN: kernel-infoleak in hugetlbfs_read_iter

=====================================================
BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]
BUG: KMSAN: kernel-infoleak in copy_to_user_iter lib/iov_iter.c:24 [inline]
BUG: KMSAN: kernel-infoleak in iterate_iovec include/linux/iov_iter.h:52 [inline]
BUG: KMSAN: kernel-infoleak in iterate_and_advance2 include/linux/iov_iter.h:304 [inline]
BUG: KMSAN: kernel-infoleak in iterate_and_advance include/linux/iov_iter.h:330 [inline]
BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x4e4/0x33f0 lib/iov_iter.c:185
 instrument_copy_to_user include/linux/instrumented.h:114 [inline]
 copy_to_user_iter lib/iov_iter.c:24 [inline]
 iterate_iovec include/linux/iov_iter.h:52 [inline]
 iterate_and_advance2 include/linux/iov_iter.h:304 [inline]
 iterate_and_advance include/linux/iov_iter.h:330 [inline]
 _copy_to_iter+0x4e4/0x33f0 lib/iov_iter.c:185
 copy_page_to_iter+0x482/0x910 lib/iov_iter.c:362
 copy_folio_to_iter include/linux/uio.h:204 [inline]
 hugetlbfs_read_iter+0x6cd/0xe10 fs/hugetlbfs/inode.c:281
 do_iter_readv_writev+0x9e1/0xc20 fs/read_write.c:-1
 vfs_readv+0x34a/0xf30 fs/read_write.c:1018
 do_preadv fs/read_write.c:1132 [inline]
 __do_sys_preadv fs/read_write.c:1179 [inline]
 __se_sys_preadv fs/read_write.c:1174 [inline]
 __x64_sys_preadv+0x2a3/0x510 fs/read_write.c:1174
 x64_sys_call+0x3064/0x3e30 arch/x86/include/generated/asm/syscalls_64.h:296
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd9/0xfa0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was created at:
 __alloc_frozen_pages_noprof+0x689/0xf00 mm/page_alloc.c:5206
 alloc_buddy_hugetlb_folio mm/hugetlb.c:1944 [inline]
 only_alloc_fresh_hugetlb_folio+0x2b0/0x1280 mm/hugetlb.c:1984
 alloc_pool_huge_folio+0x60f/0x760 mm/hugetlb.c:2042
 set_max_huge_pages mm/hugetlb.c:3912 [inline]
 __nr_hugepages_store_common+0x609/0x1420 mm/hugetlb.c:4206
 hugetlb_sysctl_handler_common mm/hugetlb.c:5129 [inline]
 hugetlb_sysctl_handler+0x1f7/0x2a0 mm/hugetlb.c:5139
 proc_sys_call_handler+0x86b/0xdc0 fs/proc/proc_sysctl.c:600
 proc_sys_write+0x3b/0x50 fs/proc/proc_sysctl.c:626
 __kernel_write_iter+0x6fa/0xdd0 fs/read_write.c:619
 __kernel_write fs/read_write.c:639 [inline]
 kernel_write+0x322/0x710 fs/read_write.c:660
 process_sysctl_arg+0x74b/0x1150 fs/proc/proc_sysctl.c:1687
 parse_one kernel/params.c:153 [inline]
 parse_args+0x652/0x1190 kernel/params.c:186
 do_sysctl_args+0xf8/0x210 fs/proc/proc_sysctl.c:1719
 kernel_init+0xf7/0x5e0 init/main.c:1506
 ret_from_fork+0x1f5/0x4c0 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

Bytes 0-5 of 6 are uninitialized
Memory access of size 6 starts at ffff88811b20000f
Data copied to user address 0000200000000080

CPU: 0 UID: 0 PID: 6511 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(none) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
=====================================================


Tested on:

commit:         24172e0d Merge tag 'arm64-fixes' of git://git.kernel.o..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=14cbdc12580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=cbf50e713aaa5cb0
dashboard link: https://syzkaller.appspot.com/bug?extid=f64019ba229e3a5c411b
compiler:       Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch:          https://syzkaller.appspot.com/x/patch.diff?x=13508692580000

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ