From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-io1-f77.google.com (mail-io1-f77.google.com [209.85.166.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AA3C3256F for ; Mon, 13 Feb 2023 10:50:38 +0000 (UTC) Received: by mail-io1-f77.google.com with SMTP id n85-20020a6b8b58000000b0073a2fb71d15so8082744iod.6 for ; Mon, 13 Feb 2023 02:50:38 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:from:subject:message-id:date:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=imWoWn1wOb/vHQ2rwIhB6EiQHzFH9YLuSzF5fLaP5a8=; b=cotCYunlxKc5WIXhHZ+erb4GJqGQLg+urA3ao90ZjbiLQNpcAFkAU0bWvQ5ATtS7Wz OLUQ61FMpWWa1SyjCsLYy+8zwxhtkNChDoV6oaLiIRnDbajXrIxFxLX3EYhS1L/AFvtE 4I7o2mjS9Ecwa2SZ0Vvsakx7j7uj7cbW1rcZKs+xXcLXKUb+u9IuBQFKeXzLMULA07cX pQscONSOWqZUsuA/hw3ZLbVHZxt9h8rIwWS8BOlcwuuCHaxCLIs5sUz/tck8OTBkpOdy g1u+i5iSHaiSar2Ylw46ucimVqjTloUk6zlk2PaF6qKj+ds0Fo1B+CS6/eIyud31g1lk MJMA== X-Gm-Message-State: AO0yUKXWEW/t1ClsxEgkmTtuj1iQx231JTFm7AJdcyD8kfQVIcGNeeAZ m2dLdB0PvmJB6lv4ZxXCl82q7t3NTSxg6jMTCX6JBoAllTLB X-Google-Smtp-Source: AK7set/WN+UOLOs4DAALUK/amyT8Wo5FY+PLHjMTrHUAcbxEpBKP6hQ4Cs3EKhHICCncrcOqnn41I/NywnTL42T1vEEuHy46ZJn5 Precedence: bulk X-Mailing-List: iommu@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Received: by 2002:a02:c8da:0:b0:3c4:aa6f:6de3 with SMTP id q26-20020a02c8da000000b003c4aa6f6de3mr3784746jao.136.1676285437668; Mon, 13 Feb 2023 02:50:37 -0800 (PST) Date: Mon, 13 Feb 2023 02:50:37 -0800 X-Google-Appengine-App-Id: s~syzkaller X-Google-Appengine-App-Id-Alias: syzkaller Message-ID: <0000000000000df2c105f4929eb5@google.com> Subject: [syzbot] KMSAN: kernel-infoleak in iommufd_vfio_ioctl From: syzbot To: glider@google.com, iommu@lists.linux.dev, jgg@ziepe.ca, joro@8bytes.org, kevin.tian@intel.com, linux-kernel@vger.kernel.org, robin.murphy@arm.com, syzkaller-bugs@googlegroups.com, will@kernel.org Content-Type: text/plain; charset="UTF-8" Hello, syzbot found the following issue on: HEAD commit: 8c89ecf5c13b kmsan: silence -Wmissing-prototypes warnings git tree: https://github.com/google/kmsan.git master console output: https://syzkaller.appspot.com/x/log.txt?x=1592ac0b480000 kernel config: https://syzkaller.appspot.com/x/.config?x=91d3152219aa6b45 dashboard link: https://syzkaller.appspot.com/bug?extid=cb1e0978f6bf46b83a58 compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 Unfortunately, I don't have any reproducer for this issue yet. Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/c9d1327adc33/disk-8c89ecf5.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/8a07e8c41800/vmlinux-8c89ecf5.xz kernel image: https://storage.googleapis.com/syzbot-assets/fe36dc6c869b/bzImage-8c89ecf5.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+cb1e0978f6bf46b83a58@syzkaller.appspotmail.com ===================================================== BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:121 [inline] BUG: KMSAN: kernel-infoleak in _copy_to_user+0x1c5/0x270 lib/usercopy.c:33 instrument_copy_to_user include/linux/instrumented.h:121 [inline] _copy_to_user+0x1c5/0x270 lib/usercopy.c:33 copy_to_user include/linux/uaccess.h:169 [inline] iommufd_vfio_iommu_get_info drivers/iommu/iommufd/vfio_compat.c:437 [inline] iommufd_vfio_ioctl+0x1e57/0x2330 drivers/iommu/iommufd/vfio_compat.c:462 iommufd_fops_ioctl+0x254/0xb10 drivers/iommu/iommufd/main.c:315 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl+0x2dd/0x4b0 fs/ioctl.c:856 __x64_sys_ioctl+0xdc/0x120 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Local variable info.i created at: iommufd_vfio_iommu_get_info drivers/iommu/iommufd/vfio_compat.c:384 [inline] iommufd_vfio_ioctl+0x423/0x2330 drivers/iommu/iommufd/vfio_compat.c:462 iommufd_fops_ioctl+0x254/0xb10 drivers/iommu/iommufd/main.c:315 Bytes 20-23 of 24 are uninitialized Memory access of size 24 starts at ffff8880ab237cb0 Data copied to user address 0000000020000000 CPU: 0 PID: 7156 Comm: syz-executor.5 Not tainted 6.2.0-rc7-syzkaller-80760-g8c89ecf5c13b #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 ===================================================== --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot.