Re: [PATCH v2] rseq: fix using an uninitialized stack variable in rseq_exit_user_update

Next message: Erni Sri Satya Vennela: "Re: [PATCH rdma-next v7] RDMA: Change capability fields in ib_device_attr from int to u32"
Previous message: Eduard Zingerman: "Re: [PATCH bpf-next 2/2] selftests/bpf: Cover refcount acquire node offsets"
In reply to: Tetsuo Handa: "Re: [PATCH v2] rseq: fix using an uninitialized stack variable in rseq_exit_user_update"
Next in thread: Tetsuo Handa: "Re: [PATCH v2] rseq: fix using an uninitialized stack variable in rseq_exit_user_update"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Thomas Gleixner

Date: Fri Jun 19 2026 - 15:32:19 EST

%On Fri, Jun 19 2026 at 21:45, Tetsuo Handa wrote:
> On 2026/06/02 19:42, Peter Zijlstra wrote:
>> On Tue, Jun 02, 2026 at 11:08:54AM +0800, Qing Wang wrote:
>>> There is an bug which is an uninitialized stack variable use in
>>> `rseq_exit_user_update()` reported by syzbot:
>>>
>>> BUG: KMSAN: kernel-infoleak in rseq_set_ids_get_csaddr include/linux/rseq_entry.h:502 [inline]
>>>
>>> The local variable:
>>> ```c
>>> struct rseq_ids ids = {
>>> .cpu_id = task_cpu(t),
>>> .mm_cid = task_mm_cid(t),
>>> .node_id = cpu_to_node(ids.cpu_id),
>>> };
>>> ```
>>
>> FWIW, I've no idea what that ``` nonsense is, but it does not belong in
>> Changelogs. I've removed it.
>>
>
> It seems that this problem is still happening after
> commit 6d99479799c6 ("rseq: Fix using an uninitialized stack variable
> in rseq_exit_user_update()") was applied. Please check.

It seems is not really helpful. If you observe the problem can you
please provide the full debug splat?