[syzbot] KMSAN: kernel-infoleak in iommufd_vfio_ioctl
13 views
Skip to first unread message
syzbot
Feb 13, 2023, 5:50:39 AM2/13/23
to gli...@google.com, io...@lists.linux.dev, j...@ziepe.ca, jo...@8bytes.org, kevin...@intel.com, linux-...@vger.kernel.org, robin....@arm.com, syzkall...@googlegroups.com, wi...@kernel.org
Hello,
syzbot found the following issue on:
HEAD commit: 8c89ecf5c13b kmsan: silence -Wmissing-prototypes warnings
git tree: https://github.com/google/kmsan.git master
console output: https://syzkaller.appspot.com/x/log.txt?x=1592ac0b480000
kernel config: https://syzkaller.appspot.com/x/.config?x=91d3152219aa6b45
dashboard link: https://syzkaller.appspot.com/bug?extid=cb1e0978f6bf46b83a58
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/c9d1327adc33/disk-8c89ecf5.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/8a07e8c41800/vmlinux-8c89ecf5.xz
kernel image: https://storage.googleapis.com/syzbot-assets/fe36dc6c869b/bzImage-8c89ecf5.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+cb1e09...@syzkaller.appspotmail.com
=====================================================
BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:121 [inline]
BUG: KMSAN: kernel-infoleak in _copy_to_user+0x1c5/0x270 lib/usercopy.c:33
instrument_copy_to_user include/linux/instrumented.h:121 [inline]
_copy_to_user+0x1c5/0x270 lib/usercopy.c:33
copy_to_user include/linux/uaccess.h:169 [inline]
iommufd_vfio_iommu_get_info drivers/iommu/iommufd/vfio_compat.c:437 [inline]
iommufd_vfio_ioctl+0x1e57/0x2330 drivers/iommu/iommufd/vfio_compat.c:462
iommufd_fops_ioctl+0x254/0xb10 drivers/iommu/iommufd/main.c:315
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__se_sys_ioctl+0x2dd/0x4b0 fs/ioctl.c:856
__x64_sys_ioctl+0xdc/0x120 fs/ioctl.c:856
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Local variable info.i created at:
iommufd_vfio_iommu_get_info drivers/iommu/iommufd/vfio_compat.c:384 [inline]
iommufd_vfio_ioctl+0x423/0x2330 drivers/iommu/iommufd/vfio_compat.c:462
iommufd_fops_ioctl+0x254/0xb10 drivers/iommu/iommufd/main.c:315
Bytes 20-23 of 24 are uninitialized
Memory access of size 24 starts at ffff8880ab237cb0
Data copied to user address 0000000020000000
CPU: 0 PID: 7156 Comm: syz-executor.5 Not tainted 6.2.0-rc7-syzkaller-80760-g8c89ecf5c13b #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
=====================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 8c89ecf5c13b kmsan: silence -Wmissing-prototypes warnings
git tree: https://github.com/google/kmsan.git master
console output: https://syzkaller.appspot.com/x/log.txt?x=1592ac0b480000
kernel config: https://syzkaller.appspot.com/x/.config?x=91d3152219aa6b45
dashboard link: https://syzkaller.appspot.com/bug?extid=cb1e0978f6bf46b83a58
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/c9d1327adc33/disk-8c89ecf5.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/8a07e8c41800/vmlinux-8c89ecf5.xz
kernel image: https://storage.googleapis.com/syzbot-assets/fe36dc6c869b/bzImage-8c89ecf5.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+cb1e09...@syzkaller.appspotmail.com
=====================================================
BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:121 [inline]
BUG: KMSAN: kernel-infoleak in _copy_to_user+0x1c5/0x270 lib/usercopy.c:33
instrument_copy_to_user include/linux/instrumented.h:121 [inline]
_copy_to_user+0x1c5/0x270 lib/usercopy.c:33
copy_to_user include/linux/uaccess.h:169 [inline]
iommufd_vfio_iommu_get_info drivers/iommu/iommufd/vfio_compat.c:437 [inline]
iommufd_vfio_ioctl+0x1e57/0x2330 drivers/iommu/iommufd/vfio_compat.c:462
iommufd_fops_ioctl+0x254/0xb10 drivers/iommu/iommufd/main.c:315
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__se_sys_ioctl+0x2dd/0x4b0 fs/ioctl.c:856
__x64_sys_ioctl+0xdc/0x120 fs/ioctl.c:856
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Local variable info.i created at:
iommufd_vfio_iommu_get_info drivers/iommu/iommufd/vfio_compat.c:384 [inline]
iommufd_vfio_ioctl+0x423/0x2330 drivers/iommu/iommufd/vfio_compat.c:462
iommufd_fops_ioctl+0x254/0xb10 drivers/iommu/iommufd/main.c:315
Bytes 20-23 of 24 are uninitialized
Memory access of size 24 starts at ffff8880ab237cb0
Data copied to user address 0000000020000000
CPU: 0 PID: 7156 Comm: syz-executor.5 Not tainted 6.2.0-rc7-syzkaller-80760-g8c89ecf5c13b #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
=====================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Feb 13, 2023, 4:14:41 PM2/13/23
to eric....@redhat.com, gli...@google.com, io...@lists.linux.dev, j...@nvidia.com, j...@ziepe.ca, jo...@8bytes.org, kevin...@intel.com, linux-...@vger.kernel.org, lixia...@intel.com, mjro...@linux.ibm.com, nico...@nvidia.com, robin....@arm.com, syzkall...@googlegroups.com, wi...@kernel.org, yi.l...@intel.com
syzbot has found a reproducer for the following issue on:
HEAD commit: da13c00eebfb kmsan: silence -Wmissing-prototypes warnings
kernel config: https://syzkaller.appspot.com/x/.config?x=41295d7e980cccef
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=109a7207480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/316f273df601/disk-da13c00e.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/c2802e9a4fe3/vmlinux-da13c00e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/6211b8a40cab/bzImage-da13c00e.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+cb1e09...@syzkaller.appspotmail.com
=====================================================
BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:121 [inline]
BUG: KMSAN: kernel-infoleak in _copy_to_user+0x1c5/0x270 lib/usercopy.c:33
instrument_copy_to_user include/linux/instrumented.h:121 [inline]
_copy_to_user+0x1c5/0x270 lib/usercopy.c:33
copy_to_user include/linux/uaccess.h:169 [inline]
iommufd_vfio_iommu_get_info drivers/iommu/iommufd/vfio_compat.c:437 [inline]
iommufd_vfio_ioctl+0x1e57/0x2330 drivers/iommu/iommufd/vfio_compat.c:462
iommufd_fops_ioctl+0x254/0xb10 drivers/iommu/iommufd/main.c:315
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__se_sys_ioctl+0x2dd/0x4b0 fs/ioctl.c:856
__x64_sys_ioctl+0xdc/0x120 fs/ioctl.c:856
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Local variable info.i created at:
iommufd_vfio_iommu_get_info drivers/iommu/iommufd/vfio_compat.c:384 [inline]
iommufd_vfio_ioctl+0x423/0x2330 drivers/iommu/iommufd/vfio_compat.c:462
iommufd_fops_ioctl+0x254/0xb10 drivers/iommu/iommufd/main.c:315
Bytes 20-23 of 24 are uninitialized
Memory access of size 24 starts at ffff88810ed3bcb0
Data copied to user address 0000000020000100
CPU: 0 PID: 5039 Comm: syz-executor178 Not tainted 6.2.0-rc8-syzkaller-80994-gda13c00eebfb #0
HEAD commit: da13c00eebfb kmsan: silence -Wmissing-prototypes warnings
git tree: https://github.com/google/kmsan.git master
console+strace: https://syzkaller.appspot.com/x/log.txt?x=10d56c2b480000
kernel config: https://syzkaller.appspot.com/x/.config?x=41295d7e980cccef
dashboard link: https://syzkaller.appspot.com/bug?extid=cb1e0978f6bf46b83a58
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16560c43480000
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=109a7207480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/316f273df601/disk-da13c00e.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/c2802e9a4fe3/vmlinux-da13c00e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/6211b8a40cab/bzImage-da13c00e.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+cb1e09...@syzkaller.appspotmail.com
=====================================================
BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:121 [inline]
BUG: KMSAN: kernel-infoleak in _copy_to_user+0x1c5/0x270 lib/usercopy.c:33
instrument_copy_to_user include/linux/instrumented.h:121 [inline]
_copy_to_user+0x1c5/0x270 lib/usercopy.c:33
copy_to_user include/linux/uaccess.h:169 [inline]
iommufd_vfio_iommu_get_info drivers/iommu/iommufd/vfio_compat.c:437 [inline]
iommufd_vfio_ioctl+0x1e57/0x2330 drivers/iommu/iommufd/vfio_compat.c:462
iommufd_fops_ioctl+0x254/0xb10 drivers/iommu/iommufd/main.c:315
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__se_sys_ioctl+0x2dd/0x4b0 fs/ioctl.c:856
__x64_sys_ioctl+0xdc/0x120 fs/ioctl.c:856
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Local variable info.i created at:
iommufd_vfio_iommu_get_info drivers/iommu/iommufd/vfio_compat.c:384 [inline]
iommufd_vfio_ioctl+0x423/0x2330 drivers/iommu/iommufd/vfio_compat.c:462
iommufd_fops_ioctl+0x254/0xb10 drivers/iommu/iommufd/main.c:315
Bytes 20-23 of 24 are uninitialized
Data copied to user address 0000000020000100
CPU: 0 PID: 5039 Comm: syz-executor178 Not tainted 6.2.0-rc8-syzkaller-80994-gda13c00eebfb #0
Reply all
Reply to author
Forward
0 new messages