syzbot


KMSAN: uninit-value in kvm_irq_delivery_to_apic_fast

Status: fixed on 2023/02/24 14:17
Subsystems: kvm
[Documentation on labels]
Reported-by: syzbot+d6caa905917d353f0d07@syzkaller.appspotmail.com
Fix commit: 8a414f943f8b KVM: x86: Fully initialize 'struct kvm_lapic_irq' in kvm_pv_kick_cpu_op() KVM: x86: Fully initialize 'struct kvm_lapic_irq' in kvm_pv_kick_cpu_op()
First crash: 644d, last: 606d
Discussions (6)
Title Replies (including bot) Last reply
[PATCH 5.18 000/231] 5.18.13-rc1 review 257 (257) 2022/07/21 18:36
[PATCH 5.10 000/112] 5.10.132-rc1 review 118 (118) 2022/07/20 14:49
[PATCH 5.15 000/167] 5.15.56-rc1 review 174 (174) 2022/07/20 14:48
[PATCH v2] KVM: x86: Fully initialize 'struct kvm_lapic_irq' in kvm_pv_kick_cpu_op() 4 (4) 2022/07/14 16:09
[PATCH] KVM: x86: Fully initialize 'struct kvm_lapic_irq' in kvm_pv_kick_cpu_op() 3 (3) 2022/07/08 12:44
[syzbot] KMSAN: uninit-value in kvm_irq_delivery_to_apic_fast 1 (2) 2022/06/28 13:01

Sample crash report:
L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
=====================================================
BUG: KMSAN: uninit-value in kvm_apic_set_irq arch/x86/kvm/lapic.c:634 [inline]
BUG: KMSAN: uninit-value in kvm_irq_delivery_to_apic_fast+0x7a7/0x990 arch/x86/kvm/lapic.c:1044
 kvm_apic_set_irq arch/x86/kvm/lapic.c:634 [inline]
 kvm_irq_delivery_to_apic_fast+0x7a7/0x990 arch/x86/kvm/lapic.c:1044
 kvm_irq_delivery_to_apic+0xdb/0xe40 arch/x86/kvm/irq_comm.c:54
 kvm_pv_kick_cpu_op+0xd1/0x100 arch/x86/kvm/x86.c:9155
 kvm_emulate_hypercall+0xee7/0x1340 arch/x86/kvm/x86.c:9285
 __vmx_handle_exit+0x101f/0x1710 arch/x86/kvm/vmx/vmx.c:6237
 vmx_handle_exit+0x38/0x1f0 arch/x86/kvm/vmx/vmx.c:6254
 vcpu_enter_guest+0x4733/0x52d0 arch/x86/kvm/x86.c:10366
 vcpu_run+0x794/0x1230 arch/x86/kvm/x86.c:10455
 kvm_arch_vcpu_ioctl_run+0x11fe/0x1b30 arch/x86/kvm/x86.c:10659
 kvm_vcpu_ioctl+0xcd4/0x1980 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3948
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:870 [inline]
 __se_sys_ioctl+0x222/0x400 fs/ioctl.c:856
 __x64_sys_ioctl+0x92/0xd0 fs/ioctl.c:856
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x46/0xb0

Local variable lapic_irq created at:
 kvm_pv_kick_cpu_op+0x46/0x100 arch/x86/kvm/x86.c:9146
 kvm_emulate_hypercall+0xee7/0x1340 arch/x86/kvm/x86.c:9285

CPU: 1 PID: 3490 Comm: syz-executor407 Not tainted 5.19.0-rc3-syzkaller-30868-g4b28366af7d9 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
=====================================================

Crashes (20):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/06/24 12:15 https://github.com/google/kmsan.git master 4b28366af7d9 a5dbd430 .config strace log report syz C ci-upstream-kmsan-gce KMSAN: uninit-value in kvm_irq_delivery_to_apic_fast
2022/08/01 00:30 https://github.com/google/kmsan.git master 97117d69c353 fef302b1 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in kvm_irq_delivery_to_apic_fast
2022/07/20 19:57 https://github.com/google/kmsan.git master 97117d69c353 88cb1383 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in kvm_irq_delivery_to_apic_fast
2022/07/16 07:23 https://github.com/google/kmsan.git master 97117d69c353 95cb00d1 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in kvm_irq_delivery_to_apic_fast
2022/07/15 10:32 https://github.com/google/kmsan.git master 97117d69c353 5d921b08 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in kvm_irq_delivery_to_apic_fast
2022/07/14 09:10 https://github.com/google/kmsan.git master 97117d69c353 5d921b08 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in kvm_irq_delivery_to_apic_fast
2022/07/11 21:56 https://github.com/google/kmsan.git master 97117d69c353 da3d6955 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in kvm_irq_delivery_to_apic_fast
2022/07/03 23:31 https://github.com/google/kmsan.git master 97117d69c353 1434eec0 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in kvm_irq_delivery_to_apic_fast
2022/06/26 19:33 https://github.com/google/kmsan.git master 4b28366af7d9 a371c43c .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in kvm_irq_delivery_to_apic_fast
2022/06/26 07:05 https://github.com/google/kmsan.git master 4b28366af7d9 a371c43c .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in kvm_irq_delivery_to_apic_fast
2022/06/26 06:33 https://github.com/google/kmsan.git master 4b28366af7d9 a371c43c .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in kvm_irq_delivery_to_apic_fast
2022/06/25 09:37 https://github.com/google/kmsan.git master 4b28366af7d9 a371c43c .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in kvm_irq_delivery_to_apic_fast
2022/06/24 10:47 https://github.com/google/kmsan.git master 4b28366af7d9 a5dbd430 .config console log report info ci-upstream-kmsan-gce KMSAN: uninit-value in kvm_irq_delivery_to_apic_fast
2022/07/19 05:36 https://github.com/google/kmsan.git master 97117d69c353 ff988920 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in kvm_irq_delivery_to_apic_fast
2022/07/16 07:20 https://github.com/google/kmsan.git master 97117d69c353 95cb00d1 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in kvm_irq_delivery_to_apic_fast
2022/07/13 23:15 https://github.com/google/kmsan.git master 97117d69c353 5d921b08 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in kvm_irq_delivery_to_apic_fast
2022/07/11 21:55 https://github.com/google/kmsan.git master 97117d69c353 da3d6955 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in kvm_irq_delivery_to_apic_fast
2022/07/07 10:39 https://github.com/google/kmsan.git master 97117d69c353 bff65f44 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in kvm_irq_delivery_to_apic_fast
2022/07/07 10:33 https://github.com/google/kmsan.git master 97117d69c353 bff65f44 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in kvm_irq_delivery_to_apic_fast
2022/07/03 22:33 https://github.com/google/kmsan.git master ec1cbf8b060e 1434eec0 .config console log report info ci-upstream-kmsan-gce-386 KMSAN: uninit-value in kvm_irq_delivery_to_apic_fast
* Struck through repros no longer work on HEAD.