KMSAN: kernel-infoleak in seq_read

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
upstream	general protection fault in seq_read_iter fs				1	40d	36d	0/28	moderation: reported on 2024/12/23 04:18

=====================================================
BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]
BUG: KMSAN: kernel-infoleak in copy_to_user_iter lib/iov_iter.c:24 [inline]
BUG: KMSAN: kernel-infoleak in iterate_iovec include/linux/iov_iter.h:51 [inline]
BUG: KMSAN: kernel-infoleak in iterate_and_advance2 include/linux/iov_iter.h:247 [inline]
BUG: KMSAN: kernel-infoleak in iterate_and_advance include/linux/iov_iter.h:271 [inline]
BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x7c1/0x2520 lib/iov_iter.c:186
 instrument_copy_to_user include/linux/instrumented.h:114 [inline]
 copy_to_user_iter lib/iov_iter.c:24 [inline]
 iterate_iovec include/linux/iov_iter.h:51 [inline]
 iterate_and_advance2 include/linux/iov_iter.h:247 [inline]
 iterate_and_advance include/linux/iov_iter.h:271 [inline]
 _copy_to_iter+0x7c1/0x2520 lib/iov_iter.c:186
 copy_to_iter include/linux/uio.h:197 [inline]
 seq_read_iter+0x4cb/0x20c0 fs/seq_file.c:216
 seq_read+0x1c9/0x290 fs/seq_file.c:162
 pde_read fs/proc/inode.c:313 [inline]
 proc_reg_read+0x264/0x4a0 fs/proc/inode.c:325
 do_loop_readv_writev fs/read_write.c:755 [inline]
 do_iter_read+0x816/0x1380 fs/read_write.c:797
 vfs_readv fs/read_write.c:915 [inline]
 do_preadv+0x2ea/0x540 fs/read_write.c:1007
 __do_sys_preadv2 fs/read_write.c:1069 [inline]
 __se_sys_preadv2 fs/read_write.c:1060 [inline]
 __x64_sys_preadv2+0x14b/0x270 fs/read_write.c:1060
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x63/0x6b

Uninit was created at:
 slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768
 slab_alloc_node mm/slub.c:3478 [inline]
 __kmem_cache_alloc_node+0x5c9/0x970 mm/slub.c:3517
 __do_kmalloc_node mm/slab_common.c:1006 [inline]
 __kmalloc_node+0x11c/0x3c0 mm/slab_common.c:1014
 kmalloc_node include/linux/slab.h:620 [inline]
 kvmalloc_node+0xc0/0x2d0 mm/util.c:617
 kvmalloc include/linux/slab.h:738 [inline]
 seq_buf_alloc fs/seq_file.c:38 [inline]
 traverse+0x107/0xa30 fs/seq_file.c:102
 seq_read_iter+0x1c8c/0x20c0 fs/seq_file.c:195
 seq_read+0x1c9/0x290 fs/seq_file.c:162
 pde_read fs/proc/inode.c:313 [inline]
 proc_reg_read+0x264/0x4a0 fs/proc/inode.c:325
 do_loop_readv_writev fs/read_write.c:755 [inline]
 do_iter_read+0x816/0x1380 fs/read_write.c:797
 vfs_readv fs/read_write.c:915 [inline]
 do_preadv+0x2ea/0x540 fs/read_write.c:1007
 __do_sys_preadv2 fs/read_write.c:1069 [inline]
 __se_sys_preadv2 fs/read_write.c:1060 [inline]
 __x64_sys_preadv2+0x14b/0x270 fs/read_write.c:1060
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x63/0x6b

Bytes 39-61 of 62 are uninitialized
Memory access of size 62 starts at ffff8880a90b0030
Data copied to user address 00000000200000c0

CPU: 1 PID: 31835 Comm: syz-executor.1 Not tainted 6.7.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
=====================================================

Time	Kernel	Commit	Syzkaller	Config	Log	Report	VM info	Assets (help?)	Manager	Title
2023/12/18 19:40	upstream	ceb6a6f023fd	3222d10c	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci-upstream-kmsan-gce	KMSAN: kernel-infoleak in seq_read_iter
2023/12/04 17:19	upstream	33cc938e65a9	f819d6f7	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci-upstream-kmsan-gce	KMSAN: kernel-infoleak in seq_read_iter
2023/11/15 00:51	upstream	9bacdd8996c7	cb976f63	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci-upstream-kmsan-gce	KMSAN: kernel-infoleak in seq_read_iter
2023/11/16 21:39	upstream	7475e51b8796	cb976f63	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci-upstream-kmsan-gce-386	KMSAN: kernel-infoleak in seq_read_iter