From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.3 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 08BF6C76186 for ; Wed, 24 Jul 2019 03:05:25 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id D5A2E2238C for ; Wed, 24 Jul 2019 03:05:24 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726408AbfGXDFV (ORCPT ); Tue, 23 Jul 2019 23:05:21 -0400 Received: from mx1.redhat.com ([209.132.183.28]:49076 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725497AbfGXDFV (ORCPT ); Tue, 23 Jul 2019 23:05:21 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 14C00C03BC91; Wed, 24 Jul 2019 03:05:21 +0000 (UTC) Received: from [10.72.12.117] (ovpn-12-117.pek2.redhat.com [10.72.12.117]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3968F19C67; Wed, 24 Jul 2019 03:05:15 +0000 (UTC) Subject: Re: Reminder: 3 open syzbot bugs in vhost subsystem To: kvm@vger.kernel.org, virtualization@lists.linux-foundation.org, netdev@vger.kernel.org, "Michael S. Tsirkin" , linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com References: <20190724023835.GY643@sol.localdomain> From: Jason Wang Message-ID: Date: Wed, 24 Jul 2019 11:05:14 +0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 MIME-Version: 1.0 In-Reply-To: <20190724023835.GY643@sol.localdomain> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Wed, 24 Jul 2019 03:05:21 +0000 (UTC) Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org On 2019/7/24 上午10:38, Eric Biggers wrote: > [This email was generated by a script. Let me know if you have any suggestions > to make it better, or if you want it re-generated with the latest status.] > > Of the currently open syzbot reports against the upstream kernel, I've manually > marked 3 of them as possibly being bugs in the vhost subsystem. I've listed > these reports below, sorted by an algorithm that tries to list first the reports > most likely to be still valid, important, and actionable. > > Of these 3 bugs, 2 were seen in mainline in the last week. > > Of these 3 bugs, 2 were bisected to commits from the following person: > > Jason Wang > > If you believe a bug is no longer valid, please close the syzbot report by > sending a '#syz fix', '#syz dup', or '#syz invalid' command in reply to the > original thread, as explained at https://goo.gl/tpsmEJ#status > > If you believe I misattributed a bug to the vhost subsystem, please let me know, > and if possible forward the report to the correct people or mailing list. > > Here are the bugs: > > -------------------------------------------------------------------------------- > Title: KASAN: use-after-free Write in tlb_finish_mmu > Last occurred: 5 days ago > Reported: 4 days ago > Branches: Mainline > Dashboard link: https://syzkaller.appspot.com/bug?id=d57b94f89e48c85ef7d95acc208209ea4bdc10de > Original thread: https://lkml.kernel.org/lkml/00000000000045e7a1058e02458a@google.com/T/#u > > This bug has a syzkaller reproducer only. > > This bug was bisected to: > > commit 7f466032dc9e5a61217f22ea34b2df932786bbfc > Author: Jason Wang > Date: Fri May 24 08:12:18 2019 +0000 > >   vhost: access vq metadata through kernel virtual address > > No one has replied to the original thread for this bug yet. > > If you fix this bug, please add the following tag to the commit: > Reported-by: syzbot+8267e9af795434ffadad@syzkaller.appspotmail.com > > If you send any email or patch for this bug, please reply to the original > thread. For the git send-email command to use, or tips on how to reply if the > thread isn't in your mailbox, see the "Reply instructions" at > https://lkml.kernel.org/r/00000000000045e7a1058e02458a@google.com > > -------------------------------------------------------------------------------- > Title: KASAN: use-after-free Read in finish_task_switch (2) > Last occurred: 5 days ago > Reported: 4 days ago > Branches: Mainline > Dashboard link: https://syzkaller.appspot.com/bug?id=9a98fcad6c8bd31f5c3afbdc6c75de9f082c0ffa > Original thread: https://lkml.kernel.org/lkml/000000000000490679058e0245ee@google.com/T/#u > > This bug has a syzkaller reproducer only. > > This bug was bisected to: > > commit 7f466032dc9e5a61217f22ea34b2df932786bbfc > Author: Jason Wang > Date: Fri May 24 08:12:18 2019 +0000 > >   vhost: access vq metadata through kernel virtual address > > No one has replied to the original thread for this bug yet. Hi: We believe above two bugs are duplicated with the report "WARNING in __mmdrop". Can I just dup them with #syz dup "WARNING in __mmdrop" (If yes, just wonder how syzbot differ bugs, technically, several different bug can hit the same warning). > > If you fix this bug, please add the following tag to the commit: > Reported-by: syzbot+7f067c796eee2acbc57a@syzkaller.appspotmail.com > > If you send any email or patch for this bug, please reply to the original > thread. For the git send-email command to use, or tips on how to reply if the > thread isn't in your mailbox, see the "Reply instructions" at > https://lkml.kernel.org/r/000000000000490679058e0245ee@google.com > > -------------------------------------------------------------------------------- > Title: memory leak in vhost_net_ioctl > Last occurred: 22 days ago > Reported: 48 days ago > Branches: Mainline > Dashboard link: https://syzkaller.appspot.com/bug?id=12ba349d7e26ccfe95317bc376e812ebbae2ee0f > Original thread: https://lkml.kernel.org/lkml/000000000000188da1058a9c25e3@google.com/T/#u > > This bug has a C reproducer. > > The original thread for this bug has received 4 replies; the last was 39 days > ago. > > If you fix this bug, please add the following tag to the commit: > Reported-by: syzbot+0789f0c7e45efd7bb643@syzkaller.appspotmail.com I do remember it can not be reproduced upstream, let me double check and close this one. Thanks > > If you send any email or patch for this bug, please consider replying to the > original thread. For the git send-email command to use, or tips on how to reply > if the thread isn't in your mailbox, see the "Reply instructions" at > https://lkml.kernel.org/r/000000000000188da1058a9c25e3@google.com >