===================================================== BUG: KMSAN: kernel-infoleak-after-free in instrument_copy_to_user include/linux/instrumented.h:121 [inline] BUG: KMSAN: kernel-infoleak-after-free in _copy_to_user+0xbc/0x100 lib/usercopy.c:33 instrument_copy_to_user include/linux/instrumented.h:121 [inline] _copy_to_user+0xbc/0x100 lib/usercopy.c:33 copy_to_user include/linux/uaccess.h:169 [inline] vcs_read+0x1ef7/0x23c0 drivers/tty/vt/vc_screen.c:456 vfs_read+0x3a9/0x11b0 fs/read_write.c:480 ksys_read+0x21b/0x4e0 fs/read_write.c:620 __do_sys_read fs/read_write.c:630 [inline] __se_sys_read fs/read_write.c:628 [inline] __ia32_sys_read+0x8d/0xd0 fs/read_write.c:628 do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline] __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178 do_fast_syscall_32+0x33/0x70 arch/x86/entry/common.c:203 do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:246 entry_SYSENTER_compat_after_hwframe+0x70/0x82 Uninit was stored to memory at: vc_uniscr_copy_line+0x340/0x570 drivers/tty/vt/vt.c:565 vcs_read_buf_uni drivers/tty/vt/vc_screen.c:265 [inline] vcs_read+0x102d/0x23c0 drivers/tty/vt/vc_screen.c:436 vfs_read+0x3a9/0x11b0 fs/read_write.c:480 ksys_read+0x21b/0x4e0 fs/read_write.c:620 __do_sys_read fs/read_write.c:630 [inline] __se_sys_read fs/read_write.c:628 [inline] __ia32_sys_read+0x8d/0xd0 fs/read_write.c:628 do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline] __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178 do_fast_syscall_32+0x33/0x70 arch/x86/entry/common.c:203 do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:246 entry_SYSENTER_compat_after_hwframe+0x70/0x82 Uninit was created at: free_pages_prepare mm/page_alloc.c:1328 [inline] free_pcp_prepare+0x40/0x680 mm/page_alloc.c:1449 free_unref_page_prepare mm/page_alloc.c:3353 [inline] free_unref_page+0x3e/0x3f0 mm/page_alloc.c:3448 free_the_page mm/page_alloc.c:694 [inline] __free_pages+0x78/0x1c0 mm/page_alloc.c:5534 __free_slab+0x2ab/0x690 mm/slub.c:2068 free_slab mm/slub.c:2083 [inline] discard_slab+0x113/0x1a0 mm/slub.c:2089 __slab_free+0x82d/0x8c0 mm/slub.c:3456 do_slab_free mm/slub.c:3539 [inline] slab_free mm/slub.c:3552 [inline] kmem_cache_free+0x78d/0xa40 mm/slub.c:3568 vm_area_free+0x73/0x1c0 kernel/fork.c:488 remove_vma mm/mmap.c:194 [inline] exit_mmap+0x4b5/0x780 mm/mmap.c:3170 __mmput+0x147/0x510 kernel/fork.c:1189 mmput+0x76/0x80 kernel/fork.c:1210 exit_mm+0x1b8/0x360 kernel/exit.c:511 do_exit+0xcea/0x3e00 kernel/exit.c:784 do_group_exit+0x3aa/0x400 kernel/exit.c:927 get_signal+0x270e/0x2c50 kernel/signal.c:2857 arch_do_signal_or_restart+0x56/0xae0 arch/x86/kernel/signal.c:869 exit_to_user_mode_loop+0xea/0x320 kernel/entry/common.c:168 exit_to_user_mode_prepare+0x16e/0x220 kernel/entry/common.c:203 __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline] syscall_exit_to_user_mode+0x23/0x40 kernel/entry/common.c:296 __do_fast_syscall_32+0xb1/0x100 arch/x86/entry/common.c:181 do_fast_syscall_32+0x33/0x70 arch/x86/entry/common.c:203 do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:246 entry_SYSENTER_compat_after_hwframe+0x70/0x82 Bytes 4-511 of 4096 are uninitialized Memory access of size 4096 starts at ffff888065965000 Data copied to user address 00000000200021c0 CPU: 1 PID: 24760 Comm: syz-executor.2 Not tainted 5.19.0-syzkaller-32655-g1b070a5d1a2c #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 =====================================================