syzbot


KMSAN: uninit-value in kvm_irq_delivery_to_apic_fast

Status: upstream: reported C repro on 2022/06/28 11:37
Reported-by: syzbot+d6caa905917d353f0d07@syzkaller.appspotmail.com
Fix commit: 8a414f943f8b KVM: x86: Fully initialize 'struct kvm_lapic_irq' in kvm_pv_kick_cpu_op() KVM: x86: Fully initialize 'struct kvm_lapic_irq' in kvm_pv_kick_cpu_op()
Patched on: [ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-upstream-bpf-kasan-gce ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-net-this-kasan-gce ci2-upstream-usb], missing on: [ci-qemu2-arm32 ci-qemu2-riscv64 ci-upstream-bpf-next-kasan-gce ci-upstream-gce-arm64 ci-upstream-gce-leak ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce ci-upstream-kmsan-gce-386 ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci2-upstream-kcsan-gce]
First crash: 52d, last: 14d

Sample crash report:
L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
=====================================================
BUG: KMSAN: uninit-value in kvm_apic_set_irq arch/x86/kvm/lapic.c:634 [inline]
BUG: KMSAN: uninit-value in kvm_irq_delivery_to_apic_fast+0x7a7/0x990 arch/x86/kvm/lapic.c:1044
 kvm_apic_set_irq arch/x86/kvm/lapic.c:634 [inline]
 kvm_irq_delivery_to_apic_fast+0x7a7/0x990 arch/x86/kvm/lapic.c:1044
 kvm_irq_delivery_to_apic+0xdb/0xe40 arch/x86/kvm/irq_comm.c:54
 kvm_pv_kick_cpu_op+0xd1/0x100 arch/x86/kvm/x86.c:9155
 kvm_emulate_hypercall+0xee7/0x1340 arch/x86/kvm/x86.c:9285
 __vmx_handle_exit+0x101f/0x1710 arch/x86/kvm/vmx/vmx.c:6237
 vmx_handle_exit+0x38/0x1f0 arch/x86/kvm/vmx/vmx.c:6254
 vcpu_enter_guest+0x4733/0x52d0 arch/x86/kvm/x86.c:10366
 vcpu_run+0x794/0x1230 arch/x86/kvm/x86.c:10455
 kvm_arch_vcpu_ioctl_run+0x11fe/0x1b30 arch/x86/kvm/x86.c:10659
 kvm_vcpu_ioctl+0xcd4/0x1980 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3948
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:870 [inline]
 __se_sys_ioctl+0x222/0x400 fs/ioctl.c:856
 __x64_sys_ioctl+0x92/0xd0 fs/ioctl.c:856
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x46/0xb0

Local variable lapic_irq created at:
 kvm_pv_kick_cpu_op+0x46/0x100 arch/x86/kvm/x86.c:9146
 kvm_emulate_hypercall+0xee7/0x1340 arch/x86/kvm/x86.c:9285

CPU: 1 PID: 3490 Comm: syz-executor407 Not tainted 5.19.0-rc3-syzkaller-30868-g4b28366af7d9 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
=====================================================

Crashes (20):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kmsan-gce 2022/06/24 12:15 https://github.com/google/kmsan.git master 4b28366af7d9 a5dbd430 .config log report syz C KMSAN: uninit-value in kvm_irq_delivery_to_apic_fast
ci-upstream-kmsan-gce 2022/08/01 00:30 https://github.com/google/kmsan.git master 97117d69c353 fef302b1 .config log report info KMSAN: uninit-value in kvm_irq_delivery_to_apic_fast
ci-upstream-kmsan-gce 2022/07/20 19:57 https://github.com/google/kmsan.git master 97117d69c353 88cb1383 .config log report info KMSAN: uninit-value in kvm_irq_delivery_to_apic_fast
ci-upstream-kmsan-gce 2022/07/16 07:23 https://github.com/google/kmsan.git master 97117d69c353 95cb00d1 .config log report info KMSAN: uninit-value in kvm_irq_delivery_to_apic_fast
ci-upstream-kmsan-gce 2022/07/15 10:32 https://github.com/google/kmsan.git master 97117d69c353 5d921b08 .config log report info KMSAN: uninit-value in kvm_irq_delivery_to_apic_fast
ci-upstream-kmsan-gce 2022/07/14 09:10 https://github.com/google/kmsan.git master 97117d69c353 5d921b08 .config log report info KMSAN: uninit-value in kvm_irq_delivery_to_apic_fast
ci-upstream-kmsan-gce 2022/07/11 21:56 https://github.com/google/kmsan.git master 97117d69c353 da3d6955 .config log report info KMSAN: uninit-value in kvm_irq_delivery_to_apic_fast
ci-upstream-kmsan-gce 2022/07/03 23:31 https://github.com/google/kmsan.git master 97117d69c353 1434eec0 .config log report info KMSAN: uninit-value in kvm_irq_delivery_to_apic_fast
ci-upstream-kmsan-gce 2022/06/26 19:33 https://github.com/google/kmsan.git master 4b28366af7d9 a371c43c .config log report info KMSAN: uninit-value in kvm_irq_delivery_to_apic_fast
ci-upstream-kmsan-gce 2022/06/26 07:05 https://github.com/google/kmsan.git master 4b28366af7d9 a371c43c .config log report info KMSAN: uninit-value in kvm_irq_delivery_to_apic_fast
ci-upstream-kmsan-gce 2022/06/26 06:33 https://github.com/google/kmsan.git master 4b28366af7d9 a371c43c .config log report info KMSAN: uninit-value in kvm_irq_delivery_to_apic_fast
ci-upstream-kmsan-gce 2022/06/25 09:37 https://github.com/google/kmsan.git master 4b28366af7d9 a371c43c .config log report info KMSAN: uninit-value in kvm_irq_delivery_to_apic_fast
ci-upstream-kmsan-gce 2022/06/24 10:47 https://github.com/google/kmsan.git master 4b28366af7d9 a5dbd430 .config log report info KMSAN: uninit-value in kvm_irq_delivery_to_apic_fast
ci-upstream-kmsan-gce-386 2022/07/19 05:36 https://github.com/google/kmsan.git master 97117d69c353 ff988920 .config log report info KMSAN: uninit-value in kvm_irq_delivery_to_apic_fast
ci-upstream-kmsan-gce-386 2022/07/16 07:20 https://github.com/google/kmsan.git master 97117d69c353 95cb00d1 .config log report info KMSAN: uninit-value in kvm_irq_delivery_to_apic_fast
ci-upstream-kmsan-gce-386 2022/07/13 23:15 https://github.com/google/kmsan.git master 97117d69c353 5d921b08 .config log report info KMSAN: uninit-value in kvm_irq_delivery_to_apic_fast
ci-upstream-kmsan-gce-386 2022/07/11 21:55 https://github.com/google/kmsan.git master 97117d69c353 da3d6955 .config log report info KMSAN: uninit-value in kvm_irq_delivery_to_apic_fast
ci-upstream-kmsan-gce-386 2022/07/07 10:39 https://github.com/google/kmsan.git master 97117d69c353 bff65f44 .config log report info KMSAN: uninit-value in kvm_irq_delivery_to_apic_fast
ci-upstream-kmsan-gce-386 2022/07/07 10:33 https://github.com/google/kmsan.git master 97117d69c353 bff65f44 .config log report info KMSAN: uninit-value in kvm_irq_delivery_to_apic_fast
ci-upstream-kmsan-gce-386 2022/07/03 22:33 https://github.com/google/kmsan.git master ec1cbf8b060e 1434eec0 .config log report info KMSAN: uninit-value in kvm_irq_delivery_to_apic_fast