From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.6 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1F6F8C76186 for ; Wed, 24 Jul 2019 02:38:42 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id EB40121670 for ; Wed, 24 Jul 2019 02:38:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1563935922; bh=SJ8HOYXskGJcQbN0HHR9MJbtHEEl5bWT/UwWTI+ZXC4=; h=Date:From:To:Cc:Subject:List-ID:From; b=yeOtIXdDSRDkviG5DBtuXQaEAalT1hWbVwl2e2ek6/wQa0+Sb+XO1TdH3JyOwzrQ3 dhrAtx1IB5U+y7YSuR1dNgyIkcIl3GTh9etCdgqn7MkYQxiUMVwdChLzh5hI5UEj/j Ko274WbFC9LRW3u/Zt2oBfV7z4futGSAwZVqbXJA= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726184AbfGXCih (ORCPT ); Tue, 23 Jul 2019 22:38:37 -0400 Received: from mail.kernel.org ([198.145.29.99]:45376 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725827AbfGXCih (ORCPT ); Tue, 23 Jul 2019 22:38:37 -0400 Received: from sol.localdomain (c-24-5-143-220.hsd1.ca.comcast.net [24.5.143.220]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 7181C21670; Wed, 24 Jul 2019 02:38:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1563935916; bh=SJ8HOYXskGJcQbN0HHR9MJbtHEEl5bWT/UwWTI+ZXC4=; h=Date:From:To:Cc:Subject:From; b=pwn6tftdEp9TkO88UQkPfWmYR1owz0Pz4WD6WBt9OaYLEQyNhcsslA3cWjIAL5pml DCiqJGBP6ao9Kfhp2d7RiZaWc6ldHIKDC4EGV0jRJ1gKzPtMKLTL4fYeigZ0JZ6f40 JOq4VwGYbnyk46SnZbYzpRrIrL4AeN6ugwYBqiHU= Date: Tue, 23 Jul 2019 19:38:35 -0700 From: Eric Biggers To: kvm@vger.kernel.org, virtualization@lists.linux-foundation.org, netdev@vger.kernel.org, "Michael S. Tsirkin" , Jason Wang Cc: linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com Subject: Reminder: 3 open syzbot bugs in vhost subsystem Message-ID: <20190724023835.GY643@sol.localdomain> Mail-Followup-To: kvm@vger.kernel.org, virtualization@lists.linux-foundation.org, netdev@vger.kernel.org, "Michael S. Tsirkin" , Jason Wang , linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.12.1 (2019-06-15) Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org [This email was generated by a script. Let me know if you have any suggestions to make it better, or if you want it re-generated with the latest status.] Of the currently open syzbot reports against the upstream kernel, I've manually marked 3 of them as possibly being bugs in the vhost subsystem. I've listed these reports below, sorted by an algorithm that tries to list first the reports most likely to be still valid, important, and actionable. Of these 3 bugs, 2 were seen in mainline in the last week. Of these 3 bugs, 2 were bisected to commits from the following person: Jason Wang If you believe a bug is no longer valid, please close the syzbot report by sending a '#syz fix', '#syz dup', or '#syz invalid' command in reply to the original thread, as explained at https://goo.gl/tpsmEJ#status If you believe I misattributed a bug to the vhost subsystem, please let me know, and if possible forward the report to the correct people or mailing list. Here are the bugs: -------------------------------------------------------------------------------- Title: KASAN: use-after-free Write in tlb_finish_mmu Last occurred: 5 days ago Reported: 4 days ago Branches: Mainline Dashboard link: https://syzkaller.appspot.com/bug?id=d57b94f89e48c85ef7d95acc208209ea4bdc10de Original thread: https://lkml.kernel.org/lkml/00000000000045e7a1058e02458a@google.com/T/#u This bug has a syzkaller reproducer only. This bug was bisected to: commit 7f466032dc9e5a61217f22ea34b2df932786bbfc Author: Jason Wang Date: Fri May 24 08:12:18 2019 +0000   vhost: access vq metadata through kernel virtual address No one has replied to the original thread for this bug yet. If you fix this bug, please add the following tag to the commit: Reported-by: syzbot+8267e9af795434ffadad@syzkaller.appspotmail.com If you send any email or patch for this bug, please reply to the original thread. For the git send-email command to use, or tips on how to reply if the thread isn't in your mailbox, see the "Reply instructions" at https://lkml.kernel.org/r/00000000000045e7a1058e02458a@google.com -------------------------------------------------------------------------------- Title: KASAN: use-after-free Read in finish_task_switch (2) Last occurred: 5 days ago Reported: 4 days ago Branches: Mainline Dashboard link: https://syzkaller.appspot.com/bug?id=9a98fcad6c8bd31f5c3afbdc6c75de9f082c0ffa Original thread: https://lkml.kernel.org/lkml/000000000000490679058e0245ee@google.com/T/#u This bug has a syzkaller reproducer only. This bug was bisected to: commit 7f466032dc9e5a61217f22ea34b2df932786bbfc Author: Jason Wang Date: Fri May 24 08:12:18 2019 +0000   vhost: access vq metadata through kernel virtual address No one has replied to the original thread for this bug yet. If you fix this bug, please add the following tag to the commit: Reported-by: syzbot+7f067c796eee2acbc57a@syzkaller.appspotmail.com If you send any email or patch for this bug, please reply to the original thread. For the git send-email command to use, or tips on how to reply if the thread isn't in your mailbox, see the "Reply instructions" at https://lkml.kernel.org/r/000000000000490679058e0245ee@google.com -------------------------------------------------------------------------------- Title: memory leak in vhost_net_ioctl Last occurred: 22 days ago Reported: 48 days ago Branches: Mainline Dashboard link: https://syzkaller.appspot.com/bug?id=12ba349d7e26ccfe95317bc376e812ebbae2ee0f Original thread: https://lkml.kernel.org/lkml/000000000000188da1058a9c25e3@google.com/T/#u This bug has a C reproducer. The original thread for this bug has received 4 replies; the last was 39 days ago. If you fix this bug, please add the following tag to the commit: Reported-by: syzbot+0789f0c7e45efd7bb643@syzkaller.appspotmail.com If you send any email or patch for this bug, please consider replying to the original thread. For the git send-email command to use, or tips on how to reply if the thread isn't in your mailbox, see the "Reply instructions" at https://lkml.kernel.org/r/000000000000188da1058a9c25e3@google.com