KMSAN: uninit-value in kvm

KMSAN: uninit-value in kvm_cpuid
Status: upstream: reported C repro on 2021/10/01 06:47
Reported-by: syzbot+d6d011bc17bb751d4aa2@syzkaller.appspotmail.com
Fix commit: e8a747d0884e KVM: x86: Swap order of CPUID entry "index" vs. "significant flag" checks
Patched on: [ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-leak ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce ci-upstream-kmsan-gce-386 ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-kcsan-gce ci2-upstream-usb], missing on: [ci-qemu2-riscv64]
First crash: 67d, last: 37d

Sample crash report:

L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
=====================================================
BUG: KMSAN: uninit-value in cpuid_entry2_find arch/x86/kvm/cpuid.c:68 [inline]
BUG: KMSAN: uninit-value in kvm_find_cpuid_entry arch/x86/kvm/cpuid.c:1103 [inline]
BUG: KMSAN: uninit-value in kvm_cpuid+0x456/0x28f0 arch/x86/kvm/cpuid.c:1183
 cpuid_entry2_find arch/x86/kvm/cpuid.c:68 [inline]
 kvm_find_cpuid_entry arch/x86/kvm/cpuid.c:1103 [inline]
 kvm_cpuid+0x456/0x28f0 arch/x86/kvm/cpuid.c:1183
 kvm_vcpu_reset+0x13fb/0x1c20 arch/x86/kvm/x86.c:10885
 kvm_apic_accept_events+0x58f/0x8c0 arch/x86/kvm/lapic.c:2923
 vcpu_enter_guest+0xfd2/0x6d80 arch/x86/kvm/x86.c:9534
 vcpu_run+0x7f5/0x18d0 arch/x86/kvm/x86.c:9788
 kvm_arch_vcpu_ioctl_run+0x245b/0x2d10 arch/x86/kvm/x86.c:10020
 kvm_vcpu_ioctl+0x1055/0x1e00 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3749
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:874 [inline]
 __se_sys_ioctl+0x2df/0x4a0 fs/ioctl.c:860
 __x64_sys_ioctl+0xd8/0x110 fs/ioctl.c:860
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x44/0xae

Local variable ----dummy@kvm_vcpu_reset created at:
 kvm_vcpu_reset+0x1fb/0x1c20 arch/x86/kvm/x86.c:10812
 kvm_apic_accept_events+0x58f/0x8c0 arch/x86/kvm/lapic.c:2923
=====================================================
Kernel panic - not syncing: panic_on_kmsan set ...
CPU: 1 PID: 6364 Comm: syz-executor072 Tainted: G    B             5.15.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1ff/0x28e lib/dump_stack.c:106
 dump_stack+0x25/0x28 lib/dump_stack.c:113
 panic+0x44f/0xdeb kernel/panic.c:232
 kmsan_report+0x2ee/0x300 mm/kmsan/report.c:186
 __msan_warning+0xd7/0x150 mm/kmsan/instrumentation.c:208
 cpuid_entry2_find arch/x86/kvm/cpuid.c:68 [inline]
 kvm_find_cpuid_entry arch/x86/kvm/cpuid.c:1103 [inline]
 kvm_cpuid+0x456/0x28f0 arch/x86/kvm/cpuid.c:1183
 kvm_vcpu_reset+0x13fb/0x1c20 arch/x86/kvm/x86.c:10885
 kvm_apic_accept_events+0x58f/0x8c0 arch/x86/kvm/lapic.c:2923
 vcpu_enter_guest+0xfd2/0x6d80 arch/x86/kvm/x86.c:9534
 vcpu_run+0x7f5/0x18d0 arch/x86/kvm/x86.c:9788
 kvm_arch_vcpu_ioctl_run+0x245b/0x2d10 arch/x86/kvm/x86.c:10020
 kvm_vcpu_ioctl+0x1055/0x1e00 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3749
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:874 [inline]
 __se_sys_ioctl+0x2df/0x4a0 fs/ioctl.c:860
 __x64_sys_ioctl+0xd8/0x110 fs/ioctl.c:860
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f51eb544a19
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffe2fe74dc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f51eb544a19
RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
RBP: 0000000000000000 R08: 0000000000000000 R09: 00007ffe2fe74f68
R10: 0000000000009120 R11: 0000000000000246 R12: 00007f51eb507c80
R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (22):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Title
ci-upstream-kmsan-gce	2021/09/25 03:57	https://github.com/google/kmsan.git master	cd2c05533838	8cac236e	.config	log	report	syz	C		KMSAN: uninit-value in kvm_cpuid
ci-upstream-kmsan-gce	2021/10/25 16:23	https://github.com/google/kmsan.git master	82e66ad2e586	4f0000ee	.config	log	report			info	KMSAN: uninit-value in kvm_cpuid
ci-upstream-kmsan-gce	2021/10/24 05:35	https://github.com/google/kmsan.git master	82e66ad2e586	282f03fb	.config	log	report			info	KMSAN: uninit-value in kvm_cpuid
ci-upstream-kmsan-gce	2021/10/23 20:15	https://github.com/google/kmsan.git master	82e66ad2e586	282f03fb	.config	log	report			info	KMSAN: uninit-value in kvm_cpuid
ci-upstream-kmsan-gce	2021/10/23 08:35	https://github.com/google/kmsan.git master	82e66ad2e586	282f03fb	.config	log	report			info	KMSAN: uninit-value in kvm_cpuid
ci-upstream-kmsan-gce	2021/10/21 20:53	https://github.com/google/kmsan.git master	d6493d2046c4	c5cb7da8	.config	log	report			info	KMSAN: uninit-value in kvm_cpuid
ci-upstream-kmsan-gce	2021/10/21 20:23	https://github.com/google/kmsan.git master	d6493d2046c4	c5cb7da8	.config	log	report			info	KMSAN: uninit-value in kvm_cpuid
ci-upstream-kmsan-gce	2021/10/20 14:21	https://github.com/google/kmsan.git master	d6493d2046c4	418a00eb	.config	log	report			info	KMSAN: uninit-value in kvm_cpuid
ci-upstream-kmsan-gce	2021/10/16 20:18	https://github.com/google/kmsan.git master	d6493d2046c4	0c5d9412	.config	log	report			info	KMSAN: uninit-value in kvm_cpuid
ci-upstream-kmsan-gce	2021/10/16 19:55	https://github.com/google/kmsan.git master	d6493d2046c4	0c5d9412	.config	log	report			info	KMSAN: uninit-value in kvm_cpuid
ci-upstream-kmsan-gce	2021/10/16 19:55	https://github.com/google/kmsan.git master	d6493d2046c4	0c5d9412	.config	log	report			info	KMSAN: uninit-value in kvm_cpuid
ci-upstream-kmsan-gce	2021/10/16 01:51	https://github.com/google/kmsan.git master	8bdd014d5dc7	0c5d9412	.config	log	report			info	KMSAN: uninit-value in kvm_cpuid
ci-upstream-kmsan-gce	2021/10/10 02:53	https://github.com/google/kmsan.git master	c7f84f4e1147	838e7e2c	.config	log	report			info	KMSAN: uninit-value in kvm_cpuid
ci-upstream-kmsan-gce	2021/10/10 02:53	https://github.com/google/kmsan.git master	c7f84f4e1147	838e7e2c	.config	log	report			info	KMSAN: uninit-value in kvm_cpuid
ci-upstream-kmsan-gce	2021/10/02 22:54	https://github.com/google/kmsan.git master	90f502f5d016	db0f5787	.config	log	report			info	KMSAN: uninit-value in kvm_cpuid
ci-upstream-kmsan-gce	2021/09/28 04:07	https://github.com/google/kmsan.git master	cd2c05533838	78494d16	.config	log	report			info	KMSAN: uninit-value in kvm_cpuid
ci-upstream-kmsan-gce	2021/09/28 01:31	https://github.com/google/kmsan.git master	cd2c05533838	78494d16	.config	log	report			info	KMSAN: uninit-value in kvm_cpuid
ci-upstream-kmsan-gce	2021/09/27 23:47	https://github.com/google/kmsan.git master	cd2c05533838	78494d16	.config	log	report			info	KMSAN: uninit-value in kvm_cpuid
ci-upstream-kmsan-gce	2021/09/24 23:01	https://github.com/google/kmsan.git master	cd2c05533838	8cac236e	.config	log	report			info	KMSAN: uninit-value in kvm_cpuid
ci-upstream-kmsan-gce	2021/09/24 22:55	https://github.com/google/kmsan.git master	cd2c05533838	8cac236e	.config	log	report			info	KMSAN: uninit-value in kvm_cpuid
ci-upstream-kmsan-gce	2021/09/24 21:56	https://github.com/google/kmsan.git master	cd2c05533838	8cac236e	.config	log	report			info	KMSAN: uninit-value in kvm_cpuid
ci-upstream-kmsan-gce	2021/09/24 21:35	https://github.com/google/kmsan.git master	cd2c05533838	8cac236e	.config	log	report			info	KMSAN: uninit-value in kvm_cpuid