Re: [PATCH v2] rseq: fix using an uninitialized stack variable in rseq_exit_user_update

Next message: Peter Zijlstra: "Re: [PATCH v2] static_call / jump_label: Replace __ASSEMBLY__ with __ASSEMBLER__ in headers"
Previous message: Kalra, Ashish: "Re: [PATCH v8 3/7] crypto/ccp: Disable CPU hotplug while SNP is active"
In reply to: Thomas Gleixner: "Re: [PATCH v2] rseq: fix using an uninitialized stack variable in rseq_exit_user_update"
Next in thread: Thomas Gleixner: "Re: [PATCH v2] rseq: fix using an uninitialized stack variable in rseq_exit_user_update"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Tetsuo Handa

Date: Fri Jun 19 2026 - 18:35:45 EST

On 2026/06/20 4:32, Thomas Gleixner wrote:
> %On Fri, Jun 19 2026 at 21:45, Tetsuo Handa wrote:
>> On 2026/06/02 19:42, Peter Zijlstra wrote:
>>> On Tue, Jun 02, 2026 at 11:08:54AM +0800, Qing Wang wrote:
>>>> There is an bug which is an uninitialized stack variable use in
>>>> `rseq_exit_user_update()` reported by syzbot:
>>>>
>>>> BUG: KMSAN: kernel-infoleak in rseq_set_ids_get_csaddr include/linux/rseq_entry.h:502 [inline]
>>>>
>>>> The local variable:
>>>> ```c
>>>> struct rseq_ids ids = {
>>>> .cpu_id = task_cpu(t),
>>>> .mm_cid = task_mm_cid(t),
>>>> .node_id = cpu_to_node(ids.cpu_id),
>>>> };
>>>> ```
>>>
>>> FWIW, I've no idea what that ``` nonsense is, but it does not belong in
>>> Changelogs. I've removed it.
>>>
>>
>> It seems that this problem is still happening after
>> commit 6d99479799c6 ("rseq: Fix using an uninitialized stack variable
>> in rseq_exit_user_update()") was applied. Please check.
>
> It seems is not really helpful. If you observe the problem can you
> please provide the full debug splat?

Please fetch the full debug splat from https://syzkaller.appspot.com/bug?extid=185a631927096f9da2fc .
This problem is still happening as of commit 9ecfb2f7287a which includes commit 6d99479799c6.