Re: [syzbot] [kernel?] KMSAN: kernel-infoleak in do_insnlist_ioctl

From: syzbot
Date: Fri Jul 25 2025 - 06:24:04 EST

Next message: Jammy Huang: "RE: [PATCH v6 2/2] mailbox: aspeed: add mailbox driver for AST27XX series SoC"
Previous message: Ziyue Zhang: "[PATCH v7 1/3] dt-bindings: phy: qcom,sc8280xp-qmp-pcie-phy: Update pcie phy bindings"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> #syz test

This crash does not have a reproducer. I cannot test it.

>
> diff --git a/drivers/comedi/comedi_fops.c b/drivers/comedi/comedi_fops.c
> index 23b7178522ae..360fde417016 100644
> --- a/drivers/comedi/comedi_fops.c
> +++ b/drivers/comedi/comedi_fops.c
> @@ -1587,6 +1587,10 @@ static int do_insnlist_ioctl(struct comedi_device *dev,
> memset(&data[n], 0, (MIN_SAMPLES - n) *
> sizeof(unsigned int));
> }
> + } else {
> + unsigned int n_min = max(n, (unsigned int)MIN_SAMPLES);
> +
> + memset(data, 0, n_min * sizeof(unsigned int));
> }
> ret = parse_insn(dev, insns + i, data, file);
> if (ret < 0)
> @@ -1670,6 +1674,8 @@ static int do_insn_ioctl(struct comedi_device *dev,
> memset(&data[insn->n], 0,
> (MIN_SAMPLES - insn->n) * sizeof(unsigned int));
> }
> + } else {
> + memset(data, 0, n_data * sizeof(unsigned int));
> }
> ret = parse_insn(dev, insn, data, file);
> if (ret < 0)

Next message: Jammy Huang: "RE: [PATCH v6 2/2] mailbox: aspeed: add mailbox driver for AST27XX series SoC"
Previous message: Ziyue Zhang: "[PATCH v7 1/3] dt-bindings: phy: qcom,sc8280xp-qmp-pcie-phy: Update pcie phy bindings"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]