KMSAN: kernel-infoleak in copy_page_to

Kernel	Title	Rank 🛈	Repro	Count	Last	Reported	Patched	Status
upstream	KMSAN: kernel-infoleak in copy_page_to_iter fs	9	C	364	2594d	2615d	0/29	closed as invalid on 2018/06/29 17:28
upstream	KMSAN: kernel-infoleak in copy_page_to_iter (2) mm fs	9	C	2099	1460d	2518d	20/29	fixed on 2021/11/10 00:50
upstream	KMSAN: kernel-infoleak in _copy_to_iter (8) mm	23	C	21180	789d	883d	22/29	fixed on 2023/06/08 14:41
upstream	KMSAN: kernel-infoleak in copy_page_to_iter (4) block	9		252	701d	780d	0/29	auto-obsoleted due to no activity on 2023/11/13 05:38
linux-5.15	KASAN: slab-out-of-bounds Write in copy_page_to_iter	23		1	717d	717d	0/3	auto-obsoleted due to no activity on 2023/11/27 15:14

===================================================== BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:121 [inline] BUG: KMSAN: kernel-infoleak in copyout lib/iov_iter.c:156 [inline] BUG: KMSAN: kernel-infoleak in copy_page_to_iter_iovec lib/iov_iter.c:231 [inline] BUG: KMSAN: kernel-infoleak in __copy_page_to_iter lib/iov_iter.c:808 [inline] BUG: KMSAN: kernel-infoleak in copy_page_to_iter+0xa6b/0x2630 lib/iov_iter.c:836 instrument_copy_to_user include/linux/instrumented.h:121 [inline] copyout lib/iov_iter.c:156 [inline] copy_page_to_iter_iovec lib/iov_iter.c:231 [inline] __copy_page_to_iter lib/iov_iter.c:808 [inline] copy_page_to_iter+0xa6b/0x2630 lib/iov_iter.c:836 filemap_read+0xf11/0x1aa0 mm/filemap.c:2683 generic_file_read_iter+0x190/0xa60 mm/filemap.c:2779 blkdev_read_iter+0x2a6/0x380 block/fops.c:545 call_read_iter include/linux/fs.h:2157 [inline] new_sync_read fs/read_write.c:404 [inline] vfs_read+0x1631/0x1980 fs/read_write.c:485 ksys_read+0x28c/0x520 fs/read_write.c:623 __do_sys_read fs/read_write.c:633 [inline] __se_sys_read fs/read_write.c:631 [inline] __x64_sys_read+0xdb/0x120 fs/read_write.c:631 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x44/0xae Uninit was stored to memory at: _copy_to_iter+0x10d1/0x25c0 lib/iov_iter.c:623 __copy_page_to_iter lib/iov_iter.c:811 [inline] copy_page_to_iter+0x188a/0x2630 lib/iov_iter.c:836 shmem_file_read_iter+0xb7a/0x17f0 mm/shmem.c:2597 do_iter_readv_writev+0xa7f/0xc70 do_iter_read+0x52c/0x14c0 fs/read_write.c:790 vfs_iter_read+0x118/0x180 fs/read_write.c:832 lo_read_simple drivers/block/loop.c:404 [inline] do_req_filebacked drivers/block/loop.c:675 [inline] loop_handle_cmd drivers/block/loop.c:2201 [inline] loop_process_work+0x3e32/0x5590 drivers/block/loop.c:2241 loop_rootcg_workfn+0x54/0x60 drivers/block/loop.c:2272 process_one_work+0xdc7/0x1760 kernel/workqueue.c:2297 worker_thread+0x1101/0x22b0 kernel/workqueue.c:2444 kthread+0x66b/0x780 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 Uninit was stored to memory at: copy_page_from_iter_atomic+0x14dd/0x2a80 lib/iov_iter.c:925 generic_perform_write+0x58d/0xc80 mm/filemap.c:3778 __generic_file_write_iter+0x573/0xc00 mm/filemap.c:3897 generic_file_write_iter+0x16f/0x440 mm/filemap.c:3929 do_iter_readv_writev+0xa7f/0xc70 do_iter_write+0x52c/0x1500 fs/read_write.c:855 vfs_iter_write+0x118/0x180 fs/read_write.c:896 lo_write_bvec+0x2e5/0x920 drivers/block/loop.c:328 lo_write_simple drivers/block/loop.c:350 [inline] do_req_filebacked drivers/block/loop.c:668 [inline] loop_handle_cmd drivers/block/loop.c:2201 [inline] loop_process_work+0x4935/0x5590 drivers/block/loop.c:2241 loop_rootcg_workfn+0x54/0x60 drivers/block/loop.c:2272 process_one_work+0xdc7/0x1760 kernel/workqueue.c:2297 worker_thread+0x1101/0x22b0 kernel/workqueue.c:2444 kthread+0x66b/0x780 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 Uninit was created at: __alloc_pages+0x8b3/0xfb0 mm/page_alloc.c:5421 alloc_pages+0xa39/0xde0 mm/mempolicy.c:2191 __page_cache_alloc mm/filemap.c:1022 [inline] pagecache_get_page+0x1384/0x1ec0 mm/filemap.c:1940 find_or_create_page include/linux/pagemap.h:420 [inline] grow_dev_page+0x1b1/0xe00 fs/buffer.c:949 grow_buffers fs/buffer.c:1014 [inline] __getblk_slow fs/buffer.c:1041 [inline] __getblk_gfp+0x437/0x670 fs/buffer.c:1334 sb_getblk include/linux/buffer_head.h:327 [inline] ext4_getblk+0x438/0xed0 fs/ext4/inode.c:854 ext4_xattr_inode_write fs/ext4/xattr.c:1368 [inline] ext4_xattr_inode_lookup_create fs/ext4/xattr.c:1532 [inline] ext4_xattr_set_entry+0x6161/0x7210 fs/ext4/xattr.c:1656 ext4_xattr_ibody_set+0x151/0x490 fs/ext4/xattr.c:2210 ext4_xattr_set_handle+0x1c49/0x2cd0 fs/ext4/xattr.c:2367 ext4_xattr_set+0x49c/0x6e0 fs/ext4/xattr.c:2480 ext4_xattr_trusted_set+0xef/0x100 fs/ext4/xattr_trusted.c:38 __vfs_setxattr+0x94c/0x9a0 fs/xattr.c:180 __vfs_setxattr_noperm+0x35d/0xe10 fs/xattr.c:214 __vfs_setxattr_locked+0x629/0x690 fs/xattr.c:275 vfs_setxattr+0x446/0x7c0 fs/xattr.c:301 setxattr+0x422/0x7b0 fs/xattr.c:575 path_setxattr+0x305/0x530 fs/xattr.c:595 __do_sys_setxattr fs/xattr.c:611 [inline] __se_sys_setxattr fs/xattr.c:607 [inline] __ia32_sys_setxattr+0x15b/0x1c0 fs/xattr.c:607 do_syscall_32_irqs_on arch/x86/entry/common.c:114 [inline] __do_fast_syscall_32+0x96/0xf0 arch/x86/entry/common.c:180 do_fast_syscall_32+0x34/0x70 arch/x86/entry/common.c:205 do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:248 entry_SYSENTER_compat_after_hwframe+0x4d/0x5c Bytes 1-4095 of 4096 are uninitialized Memory access of size 4096 starts at ffff888171cf3000 Data copied to user address 00005634b5eae628 =====================================================

Crashes (2):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2021/11/28 03:19	https://github.com/google/kmsan.git master	a535b0caaa2f	63eeac02	.config	console log	report			info		ci-upstream-kmsan-gce-386	KMSAN: kernel-infoleak in copy_page_to_iter
2021/11/26 16:46	https://github.com/google/kmsan.git master	a535b0caaa2f	63eeac02	.config	console log	report			info		ci-upstream-kmsan-gce-386	KMSAN: kernel-infoleak in copy_page_to_iter

Crashes (2):

Assets (help?)