===================================================== BUG: KMSAN: kernel-infoleak-after-free in instrument_copy_to_user include/linux/instrumented.h:121 [inline] BUG: KMSAN: kernel-infoleak-after-free in _copy_to_user+0xbc/0x100 lib/usercopy.c:33 instrument_copy_to_user include/linux/instrumented.h:121 [inline] _copy_to_user+0xbc/0x100 lib/usercopy.c:33 copy_to_user include/linux/uaccess.h:169 [inline] vcs_read+0x1ef7/0x23c0 drivers/tty/vt/vc_screen.c:456 vfs_read+0x3a9/0x11b0 fs/read_write.c:480 ksys_read+0x21b/0x4e0 fs/read_write.c:620 __do_sys_read fs/read_write.c:630 [inline] __se_sys_read fs/read_write.c:628 [inline] __x64_sys_read+0x8f/0xd0 fs/read_write.c:628 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Uninit was stored to memory at: vc_uniscr_insert drivers/tty/vt/vt.c:388 [inline] insert_char+0x185/0x660 drivers/tty/vt/vt.c:844 vc_con_write_normal drivers/tty/vt/vt.c:2854 [inline] do_con_write+0x2dd9/0x99a0 drivers/tty/vt/vt.c:2955 con_write+0x3b/0x70 drivers/tty/vt/vt.c:3295 n_tty_write+0x956/0x1f20 drivers/tty/n_tty.c:2320 do_tty_write drivers/tty/tty_io.c:1024 [inline] file_tty_write+0xbb0/0x1410 drivers/tty/tty_io.c:1095 tty_write+0x4b/0x60 drivers/tty/tty_io.c:1116 call_write_iter include/linux/fs.h:2058 [inline] new_sync_write fs/read_write.c:504 [inline] vfs_write+0xcf0/0x1810 fs/read_write.c:591 ksys_write+0x21b/0x4e0 fs/read_write.c:644 __do_sys_write fs/read_write.c:656 [inline] __se_sys_write fs/read_write.c:653 [inline] __x64_sys_write+0x8f/0xd0 fs/read_write.c:653 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Uninit was stored to memory at: vc_uniscr_insert drivers/tty/vt/vt.c:388 [inline] insert_char+0x185/0x660 drivers/tty/vt/vt.c:844 vc_con_write_normal drivers/tty/vt/vt.c:2854 [inline] do_con_write+0x2dd9/0x99a0 drivers/tty/vt/vt.c:2955 con_write+0x3b/0x70 drivers/tty/vt/vt.c:3295 n_tty_write+0x956/0x1f20 drivers/tty/n_tty.c:2320 do_tty_write drivers/tty/tty_io.c:1024 [inline] file_tty_write+0xbb0/0x1410 drivers/tty/tty_io.c:1095 tty_write+0x4b/0x60 drivers/tty/tty_io.c:1116 call_write_iter include/linux/fs.h:2058 [inline] new_sync_write fs/read_write.c:504 [inline] vfs_write+0xcf0/0x1810 fs/read_write.c:591 ksys_write+0x21b/0x4e0 fs/read_write.c:644 __do_sys_write fs/read_write.c:656 [inline] __se_sys_write fs/read_write.c:653 [inline] __x64_sys_write+0x8f/0xd0 fs/read_write.c:653 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Uninit was stored to memory at: vc_uniscr_insert drivers/tty/vt/vt.c:388 [inline] insert_char+0x185/0x660 drivers/tty/vt/vt.c:844 vc_con_write_normal drivers/tty/vt/vt.c:2854 [inline] do_con_write+0x2dd9/0x99a0 drivers/tty/vt/vt.c:2955 con_write+0x3b/0x70 drivers/tty/vt/vt.c:3295 n_tty_write+0x956/0x1f20 drivers/tty/n_tty.c:2320 do_tty_write drivers/tty/tty_io.c:1024 [inline] file_tty_write+0xbb0/0x1410 drivers/tty/tty_io.c:1095 tty_write+0x4b/0x60 drivers/tty/tty_io.c:1116 call_write_iter include/linux/fs.h:2058 [inline] new_sync_write fs/read_write.c:504 [inline] vfs_write+0xcf0/0x1810 fs/read_write.c:591 ksys_write+0x21b/0x4e0 fs/read_write.c:644 __do_sys_write fs/read_write.c:656 [inline] __se_sys_write fs/read_write.c:653 [inline] __x64_sys_write+0x8f/0xd0 fs/read_write.c:653 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Uninit was stored to memory at: vc_uniscr_insert drivers/tty/vt/vt.c:388 [inline] insert_char+0x185/0x660 drivers/tty/vt/vt.c:844 vc_con_write_normal drivers/tty/vt/vt.c:2854 [inline] do_con_write+0x2dd9/0x99a0 drivers/tty/vt/vt.c:2955 con_write+0x3b/0x70 drivers/tty/vt/vt.c:3295 n_tty_write+0x956/0x1f20 drivers/tty/n_tty.c:2320 do_tty_write drivers/tty/tty_io.c:1024 [inline] file_tty_write+0xbb0/0x1410 drivers/tty/tty_io.c:1095 tty_write+0x4b/0x60 drivers/tty/tty_io.c:1116 call_write_iter include/linux/fs.h:2058 [inline] new_sync_write fs/read_write.c:504 [inline] vfs_write+0xcf0/0x1810 fs/read_write.c:591 ksys_write+0x21b/0x4e0 fs/read_write.c:644 __do_sys_write fs/read_write.c:656 [inline] __se_sys_write fs/read_write.c:653 [inline] __x64_sys_write+0x8f/0xd0 fs/read_write.c:653 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Uninit was stored to memory at: vc_uniscr_insert drivers/tty/vt/vt.c:388 [inline] insert_char+0x185/0x660 drivers/tty/vt/vt.c:844 vc_con_write_normal drivers/tty/vt/vt.c:2854 [inline] do_con_write+0x2dd9/0x99a0 drivers/tty/vt/vt.c:2955 con_write+0x3b/0x70 drivers/tty/vt/vt.c:3295 n_tty_write+0x956/0x1f20 drivers/tty/n_tty.c:2320 do_tty_write drivers/tty/tty_io.c:1024 [inline] file_tty_write+0xbb0/0x1410 drivers/tty/tty_io.c:1095 tty_write+0x4b/0x60 drivers/tty/tty_io.c:1116 call_write_iter include/linux/fs.h:2058 [inline] new_sync_write fs/read_write.c:504 [inline] vfs_write+0xcf0/0x1810 fs/read_write.c:591 ksys_write+0x21b/0x4e0 fs/read_write.c:644 __do_sys_write fs/read_write.c:656 [inline] __se_sys_write fs/read_write.c:653 [inline] __x64_sys_write+0x8f/0xd0 fs/read_write.c:653 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Uninit was stored to memory at: vc_uniscr_insert drivers/tty/vt/vt.c:388 [inline] insert_char+0x185/0x660 drivers/tty/vt/vt.c:844 vc_con_write_normal drivers/tty/vt/vt.c:2854 [inline] do_con_write+0x2dd9/0x99a0 drivers/tty/vt/vt.c:2955 con_write+0x3b/0x70 drivers/tty/vt/vt.c:3295 n_tty_write+0x956/0x1f20 drivers/tty/n_tty.c:2320 do_tty_write drivers/tty/tty_io.c:1024 [inline] file_tty_write+0xbb0/0x1410 drivers/tty/tty_io.c:1095 tty_write+0x4b/0x60 drivers/tty/tty_io.c:1116 call_write_iter include/linux/fs.h:2058 [inline] new_sync_write fs/read_write.c:504 [inline] vfs_write+0xcf0/0x1810 fs/read_write.c:591 ksys_write+0x21b/0x4e0 fs/read_write.c:644 __do_sys_write fs/read_write.c:656 [inline] __se_sys_write fs/read_write.c:653 [inline] __x64_sys_write+0x8f/0xd0 fs/read_write.c:653 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Uninit was stored to memory at: vc_uniscr_insert drivers/tty/vt/vt.c:388 [inline] insert_char+0x185/0x660 drivers/tty/vt/vt.c:844 vc_con_write_normal drivers/tty/vt/vt.c:2854 [inline] do_con_write+0x2dd9/0x99a0 drivers/tty/vt/vt.c:2955 con_write+0x3b/0x70 drivers/tty/vt/vt.c:3295 n_tty_write+0x956/0x1f20 drivers/tty/n_tty.c:2320 do_tty_write drivers/tty/tty_io.c:1024 [inline] file_tty_write+0xbb0/0x1410 drivers/tty/tty_io.c:1095 tty_write+0x4b/0x60 drivers/tty/tty_io.c:1116 call_write_iter include/linux/fs.h:2058 [inline] new_sync_write fs/read_write.c:504 [inline] vfs_write+0xcf0/0x1810 fs/read_write.c:591 ksys_write+0x21b/0x4e0 fs/read_write.c:644 __do_sys_write fs/read_write.c:656 [inline] __se_sys_write fs/read_write.c:653 [inline] __x64_sys_write+0x8f/0xd0 fs/read_write.c:653 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Uninit was created at: free_pages_prepare mm/page_alloc.c:1328 [inline] free_pcp_prepare+0x40/0x680 mm/page_alloc.c:1449 free_unref_page_prepare mm/page_alloc.c:3353 [inline] free_unref_page_list+0x17c/0xd70 mm/page_alloc.c:3485 release_pages+0x2b49/0x2b90 mm/swap.c:980 free_pages_and_swap_cache+0xbd/0xd0 mm/swap_state.c:325 tlb_batch_pages_flush mm/mmu_gather.c:59 [inline] tlb_flush_mmu_free mm/mmu_gather.c:256 [inline] tlb_flush_mmu+0x85d/0xa90 mm/mmu_gather.c:263 tlb_finish_mmu+0xfc/0x250 mm/mmu_gather.c:363 exit_mmap+0x1d6/0x780 mm/mmap.c:3164 __mmput+0x147/0x510 kernel/fork.c:1189 mmput+0x76/0x80 kernel/fork.c:1210 exit_mm+0x1b8/0x360 kernel/exit.c:511 do_exit+0xcea/0x3e00 kernel/exit.c:784 do_group_exit+0x3aa/0x400 kernel/exit.c:927 get_signal+0x270e/0x2c50 kernel/signal.c:2857 arch_do_signal_or_restart+0x56/0xae0 arch/x86/kernel/signal.c:869 exit_to_user_mode_loop+0xea/0x320 kernel/entry/common.c:168 exit_to_user_mode_prepare+0x16e/0x220 kernel/entry/common.c:203 __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline] syscall_exit_to_user_mode+0x23/0x40 kernel/entry/common.c:296 do_syscall_64+0x49/0xb0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x63/0xcd Bytes 2956-3063 of 4096 are uninitialized Memory access of size 4096 starts at ffff888010c6f000 Data copied to user address 0000000020001dc0 CPU: 1 PID: 22453 Comm: syz-executor.5 Not tainted 5.19.0-syzkaller-32655-g1b070a5d1a2c #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 =====================================================