[syzbot] [kernel?] KMSAN: kernel-infoleak in irqentry_exit
3 views
Skip to first unread message
syzbot
May 30, 2026, 8:27:35 PM (2 days ago) May 30
to linux-...@vger.kernel.org, lu...@kernel.org, pet...@infradead.org, syzkall...@googlegroups.com, tg...@kernel.org
Hello,
syzbot found the following issue on:
HEAD commit: 670b77dfebe7 Merge tag 'usb-7.1-rc6' of git://git.kernel.o..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=10ca512e580000
kernel config: https://syzkaller.appspot.com/x/.config?x=a0ca3b8cb3875012
dashboard link: https://syzkaller.appspot.com/bug?extid=185a631927096f9da2fc
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/30de8a17219b/disk-670b77df.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/8ee3b0ab7b4b/vmlinux-670b77df.xz
kernel image: https://storage.googleapis.com/syzbot-assets/ccbac9177b62/bzImage-670b77df.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+185a63...@syzkaller.appspotmail.com
=====================================================
BUG: KMSAN: kernel-infoleak in rseq_set_ids_get_csaddr include/linux/rseq_entry.h:502 [inline]
BUG: KMSAN: kernel-infoleak in rseq_update_usr include/linux/rseq_entry.h:536 [inline]
BUG: KMSAN: kernel-infoleak in rseq_exit_user_update include/linux/rseq_entry.h:644 [inline]
BUG: KMSAN: kernel-infoleak in __rseq_exit_to_user_mode_restart include/linux/rseq_entry.h:673 [inline]
BUG: KMSAN: kernel-infoleak in rseq_exit_to_user_mode_restart include/linux/rseq_entry.h:702 [inline]
BUG: KMSAN: kernel-infoleak in exit_to_user_mode_loop kernel/entry/common.c:100 [inline]
BUG: KMSAN: kernel-infoleak in __exit_to_user_mode_prepare include/linux/irq-entry-common.h:207 [inline]
BUG: KMSAN: kernel-infoleak in irqentry_exit_to_user_mode_prepare include/linux/irq-entry-common.h:244 [inline]
BUG: KMSAN: kernel-infoleak in irqentry_exit_to_user_mode include/linux/irq-entry-common.h:315 [inline]
BUG: KMSAN: kernel-infoleak in irqentry_exit+0x48b/0xa00 kernel/entry/common.c:162
rseq_set_ids_get_csaddr include/linux/rseq_entry.h:502 [inline]
rseq_update_usr include/linux/rseq_entry.h:536 [inline]
rseq_exit_user_update include/linux/rseq_entry.h:644 [inline]
__rseq_exit_to_user_mode_restart include/linux/rseq_entry.h:673 [inline]
rseq_exit_to_user_mode_restart include/linux/rseq_entry.h:702 [inline]
exit_to_user_mode_loop kernel/entry/common.c:100 [inline]
__exit_to_user_mode_prepare include/linux/irq-entry-common.h:207 [inline]
irqentry_exit_to_user_mode_prepare include/linux/irq-entry-common.h:244 [inline]
irqentry_exit_to_user_mode include/linux/irq-entry-common.h:315 [inline]
irqentry_exit+0x48b/0xa00 kernel/entry/common.c:162
exc_page_fault+0x7e/0xb0 arch/x86/mm/fault.c:1530
asm_exc_page_fault+0x2b/0x30 arch/x86/include/asm/idtentry.h:618
Local variable end_time.i.i created at:
__do_sys_poll fs/select.c:1063 [inline]
__se_sys_poll fs/select.c:1060 [inline]
__x64_sys_poll+0x87/0x540 fs/select.c:1060
x64_sys_call+0x3130/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:8
Bytes 0-3 of 4 are uninitialized
Memory access of size 4 starts at ffff888119e3be88
Data copied to user address 00007fcc60203140
CPU: 1 UID: 0 PID: 5562 Comm: sshd-session Not tainted syzkaller #0 PREEMPT(lazy)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
=====================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 670b77dfebe7 Merge tag 'usb-7.1-rc6' of git://git.kernel.o..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=10ca512e580000
kernel config: https://syzkaller.appspot.com/x/.config?x=a0ca3b8cb3875012
dashboard link: https://syzkaller.appspot.com/bug?extid=185a631927096f9da2fc
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/30de8a17219b/disk-670b77df.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/8ee3b0ab7b4b/vmlinux-670b77df.xz
kernel image: https://storage.googleapis.com/syzbot-assets/ccbac9177b62/bzImage-670b77df.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+185a63...@syzkaller.appspotmail.com
=====================================================
BUG: KMSAN: kernel-infoleak in rseq_set_ids_get_csaddr include/linux/rseq_entry.h:502 [inline]
BUG: KMSAN: kernel-infoleak in rseq_update_usr include/linux/rseq_entry.h:536 [inline]
BUG: KMSAN: kernel-infoleak in rseq_exit_user_update include/linux/rseq_entry.h:644 [inline]
BUG: KMSAN: kernel-infoleak in __rseq_exit_to_user_mode_restart include/linux/rseq_entry.h:673 [inline]
BUG: KMSAN: kernel-infoleak in rseq_exit_to_user_mode_restart include/linux/rseq_entry.h:702 [inline]
BUG: KMSAN: kernel-infoleak in exit_to_user_mode_loop kernel/entry/common.c:100 [inline]
BUG: KMSAN: kernel-infoleak in __exit_to_user_mode_prepare include/linux/irq-entry-common.h:207 [inline]
BUG: KMSAN: kernel-infoleak in irqentry_exit_to_user_mode_prepare include/linux/irq-entry-common.h:244 [inline]
BUG: KMSAN: kernel-infoleak in irqentry_exit_to_user_mode include/linux/irq-entry-common.h:315 [inline]
BUG: KMSAN: kernel-infoleak in irqentry_exit+0x48b/0xa00 kernel/entry/common.c:162
rseq_set_ids_get_csaddr include/linux/rseq_entry.h:502 [inline]
rseq_update_usr include/linux/rseq_entry.h:536 [inline]
rseq_exit_user_update include/linux/rseq_entry.h:644 [inline]
__rseq_exit_to_user_mode_restart include/linux/rseq_entry.h:673 [inline]
rseq_exit_to_user_mode_restart include/linux/rseq_entry.h:702 [inline]
exit_to_user_mode_loop kernel/entry/common.c:100 [inline]
__exit_to_user_mode_prepare include/linux/irq-entry-common.h:207 [inline]
irqentry_exit_to_user_mode_prepare include/linux/irq-entry-common.h:244 [inline]
irqentry_exit_to_user_mode include/linux/irq-entry-common.h:315 [inline]
irqentry_exit+0x48b/0xa00 kernel/entry/common.c:162
exc_page_fault+0x7e/0xb0 arch/x86/mm/fault.c:1530
asm_exc_page_fault+0x2b/0x30 arch/x86/include/asm/idtentry.h:618
Local variable end_time.i.i created at:
__do_sys_poll fs/select.c:1063 [inline]
__se_sys_poll fs/select.c:1060 [inline]
__x64_sys_poll+0x87/0x540 fs/select.c:1060
x64_sys_call+0x3130/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:8
Bytes 0-3 of 4 are uninitialized
Memory access of size 4 starts at ffff888119e3be88
Data copied to user address 00007fcc60203140
CPU: 1 UID: 0 PID: 5562 Comm: sshd-session Not tainted syzkaller #0 PREEMPT(lazy)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
=====================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages