* [net-next 2/2] tipc: fix changeover issues due to large packet
From: Tuong Lien @ 2019-07-24 1:56 UTC (permalink / raw)
To: davem, jon.maloy, maloy, ying.xue, netdev; +Cc: tipc-discussion
In-Reply-To: <20190724015612.2518-1-tuong.t.lien@dektech.com.au>
In conjunction with changing the interfaces' MTU (e.g. especially in
the case of a bonding) where the TIPC links are brought up and down
in a short time, a couple of issues were detected with the current link
changeover mechanism:
1) When one link is up but immediately forced down again, the failover
procedure will be carried out in order to failover all the messages in
the link's transmq queue onto the other working link. The link and node
state is also set to FAILINGOVER as part of the process. The message
will be transmited in form of a FAILOVER_MSG, so its size is plus of 40
bytes (= the message header size). There is no problem if the original
message size is not larger than the link's MTU - 40, and indeed this is
the max size of a normal payload messages. However, in the situation
above, because the link has just been up, the messages in the link's
transmq are almost SYNCH_MSGs which had been generated by the link
synching procedure, then their size might reach the max value already!
When the FAILOVER_MSG is built on the top of such a SYNCH_MSG, its size
will exceed the link's MTU. As a result, the messages are dropped
silently and the failover procedure will never end up, the link will
not be able to exit the FAILINGOVER state, so cannot be re-established.
2) The same scenario above can happen more easily in case the MTU of
the links is set differently or when changing. In that case, as long as
a large message in the failure link's transmq queue was built and
fragmented with its link's MTU > the other link's one, the issue will
happen (there is no need of a link synching in advance).
3) The link synching procedure also faces with the same issue but since
the link synching is only started upon receipt of a SYNCH_MSG, dropping
the message will not result in a state deadlock, but it is not expected
as design.
The 1) & 3) issues are resolved by the last commit that only a dummy
SYNCH_MSG (i.e. without data) is generated at the link synching, so the
size of a FAILOVER_MSG if any then will never exceed the link's MTU.
For the 2) issue, the only solution is trying to fragment the messages
in the failure link's transmq queue according to the working link's MTU
so they can be failovered then. A new function is made to accomplish
this, it will still be a TUNNEL PROTOCOL/FAILOVER MSG but if the
original message size is too large, it will be fragmented & reassembled
at the receiving side.
Acked-by: Ying Xue <ying.xue@windriver.com>
Acked-by: Jon Maloy <jon.maloy@ericsson.com>
Signed-off-by: Tuong Lien <tuong.t.lien@dektech.com.au>
---
net/tipc/link.c | 93 ++++++++++++++++++++++++++++++++++++++++++++++++---------
net/tipc/msg.c | 59 ++++++++++++++++++++++++++++++++++++
net/tipc/msg.h | 18 ++++++++++-
3 files changed, 155 insertions(+), 15 deletions(-)
diff --git a/net/tipc/link.c b/net/tipc/link.c
index e215b4ba6a4b..2c274777b2dd 100644
--- a/net/tipc/link.c
+++ b/net/tipc/link.c
@@ -180,6 +180,7 @@ struct tipc_link {
/* Fragmentation/reassembly */
struct sk_buff *reasm_buf;
+ struct sk_buff *reasm_tnlmsg;
/* Broadcast */
u16 ackers;
@@ -897,8 +898,10 @@ void tipc_link_reset(struct tipc_link *l)
l->backlog[TIPC_CRITICAL_IMPORTANCE].len = 0;
l->backlog[TIPC_SYSTEM_IMPORTANCE].len = 0;
kfree_skb(l->reasm_buf);
+ kfree_skb(l->reasm_tnlmsg);
kfree_skb(l->failover_reasm_skb);
l->reasm_buf = NULL;
+ l->reasm_tnlmsg = NULL;
l->failover_reasm_skb = NULL;
l->rcv_unacked = 0;
l->snd_nxt = 1;
@@ -940,6 +943,9 @@ int tipc_link_xmit(struct tipc_link *l, struct sk_buff_head *list,
int rc = 0;
if (unlikely(msg_size(hdr) > mtu)) {
+ pr_warn("Too large msg, purging xmit list %d %d %d %d %d!\n",
+ skb_queue_len(list), msg_user(hdr),
+ msg_type(hdr), msg_size(hdr), mtu);
skb_queue_purge(list);
return -EMSGSIZE;
}
@@ -1233,6 +1239,7 @@ static int tipc_link_tnl_rcv(struct tipc_link *l, struct sk_buff *skb,
struct sk_buff_head *inputq)
{
struct sk_buff **reasm_skb = &l->failover_reasm_skb;
+ struct sk_buff **reasm_tnlmsg = &l->reasm_tnlmsg;
struct sk_buff_head *fdefq = &l->failover_deferdq;
struct tipc_msg *hdr = buf_msg(skb);
struct sk_buff *iskb;
@@ -1240,40 +1247,56 @@ static int tipc_link_tnl_rcv(struct tipc_link *l, struct sk_buff *skb,
int rc = 0;
u16 seqno;
- /* SYNCH_MSG */
- if (msg_type(hdr) == SYNCH_MSG)
- goto drop;
+ if (msg_type(hdr) == SYNCH_MSG) {
+ kfree_skb(skb);
+ return 0;
+ }
- /* FAILOVER_MSG */
- if (!tipc_msg_extract(skb, &iskb, &ipos)) {
- pr_warn_ratelimited("Cannot extract FAILOVER_MSG, defq: %d\n",
- skb_queue_len(fdefq));
- return rc;
+ /* Not a fragment? */
+ if (likely(!msg_nof_fragms(hdr))) {
+ if (unlikely(!tipc_msg_extract(skb, &iskb, &ipos))) {
+ pr_warn_ratelimited("Unable to extract msg, defq: %d\n",
+ skb_queue_len(fdefq));
+ return 0;
+ }
+ kfree_skb(skb);
+ } else {
+ /* Set fragment type for buf_append */
+ if (msg_fragm_no(hdr) == 1)
+ msg_set_type(hdr, FIRST_FRAGMENT);
+ else if (msg_fragm_no(hdr) < msg_nof_fragms(hdr))
+ msg_set_type(hdr, FRAGMENT);
+ else
+ msg_set_type(hdr, LAST_FRAGMENT);
+
+ if (!tipc_buf_append(reasm_tnlmsg, &skb)) {
+ /* Successful but non-complete reassembly? */
+ if (*reasm_tnlmsg || link_is_bc_rcvlink(l))
+ return 0;
+ pr_warn_ratelimited("Unable to reassemble tunnel msg\n");
+ return tipc_link_fsm_evt(l, LINK_FAILURE_EVT);
+ }
+ iskb = skb;
}
do {
seqno = buf_seqno(iskb);
-
if (unlikely(less(seqno, l->drop_point))) {
kfree_skb(iskb);
continue;
}
-
if (unlikely(seqno != l->drop_point)) {
__tipc_skb_queue_sorted(fdefq, seqno, iskb);
continue;
}
l->drop_point++;
-
if (!tipc_data_input(l, iskb, inputq))
rc |= tipc_link_input(l, iskb, inputq, reasm_skb);
if (unlikely(rc))
break;
} while ((iskb = __tipc_skb_dequeue(fdefq, l->drop_point)));
-drop:
- kfree_skb(skb);
return rc;
}
@@ -1663,15 +1686,18 @@ void tipc_link_tnl_prepare(struct tipc_link *l, struct tipc_link *tnl,
struct sk_buff *skb, *tnlskb;
struct tipc_msg *hdr, tnlhdr;
struct sk_buff_head *queue = &l->transmq;
- struct sk_buff_head tmpxq, tnlq;
+ struct sk_buff_head tmpxq, tnlq, frags;
u16 pktlen, pktcnt, seqno = l->snd_nxt;
+ bool pktcnt_need_update = false;
u16 syncpt;
+ int rc;
if (!tnl)
return;
skb_queue_head_init(&tnlq);
skb_queue_head_init(&tmpxq);
+ skb_queue_head_init(&frags);
/* At least one packet required for safe algorithm => add dummy */
skb = tipc_msg_create(TIPC_LOW_IMPORTANCE, TIPC_DIRECT_MSG,
@@ -1727,6 +1753,39 @@ void tipc_link_tnl_prepare(struct tipc_link *l, struct tipc_link *tnl,
if (queue == &l->backlogq)
msg_set_seqno(hdr, seqno++);
pktlen = msg_size(hdr);
+
+ /* Tunnel link MTU is not large enough? This could be
+ * due to:
+ * 1) Link MTU has just changed or set differently;
+ * 2) Or FAILOVER on the top of a SYNCH message
+ *
+ * The 2nd case should not happen if peer supports
+ * TIPC_TUNNEL_ENHANCED
+ */
+ if (pktlen > tnl->mtu - INT_H_SIZE) {
+ if (mtyp == FAILOVER_MSG &&
+ (tnl->peer_caps & TIPC_TUNNEL_ENHANCED)) {
+ rc = tipc_msg_fragment(skb, &tnlhdr, tnl->mtu,
+ &frags);
+ if (rc) {
+ pr_warn("%sunable to frag msg: rc %d\n",
+ link_co_err, rc);
+ return;
+ }
+ pktcnt += skb_queue_len(&frags) - 1;
+ pktcnt_need_update = true;
+ skb_queue_splice_tail_init(&frags, &tnlq);
+ continue;
+ }
+ /* Unluckily, peer doesn't have TIPC_TUNNEL_ENHANCED
+ * => Just warn it and return!
+ */
+ pr_warn_ratelimited("%stoo large msg <%d, %d>: %d!\n",
+ link_co_err, msg_user(hdr),
+ msg_type(hdr), msg_size(hdr));
+ return;
+ }
+
msg_set_size(&tnlhdr, pktlen + INT_H_SIZE);
tnlskb = tipc_buf_acquire(pktlen + INT_H_SIZE, GFP_ATOMIC);
if (!tnlskb) {
@@ -1742,6 +1801,12 @@ void tipc_link_tnl_prepare(struct tipc_link *l, struct tipc_link *tnl,
goto tnl;
}
+ if (pktcnt_need_update)
+ skb_queue_walk(&tnlq, skb) {
+ hdr = buf_msg(skb);
+ msg_set_msgcnt(hdr, pktcnt);
+ }
+
tipc_link_xmit(tnl, &tnlq, xmitq);
if (mtyp == FAILOVER_MSG) {
diff --git a/net/tipc/msg.c b/net/tipc/msg.c
index f48e5857210f..e6d49cdc61b4 100644
--- a/net/tipc/msg.c
+++ b/net/tipc/msg.c
@@ -244,6 +244,65 @@ bool tipc_msg_validate(struct sk_buff **_skb)
}
/**
+ * tipc_msg_fragment - build a fragment skb list for TIPC message
+ *
+ * @skb: TIPC message skb
+ * @hdr: internal msg header to be put on the top of the fragments
+ * @pktmax: max size of a fragment incl. the header
+ * @frags: returned fragment skb list
+ *
+ * Returns 0 if the fragmentation is successful, otherwise: -EINVAL
+ * or -ENOMEM
+ */
+int tipc_msg_fragment(struct sk_buff *skb, const struct tipc_msg *hdr,
+ int pktmax, struct sk_buff_head *frags)
+{
+ int pktno, nof_fragms, dsz, dmax, eat;
+ struct tipc_msg *_hdr;
+ struct sk_buff *_skb;
+ u8 *data;
+
+ /* Non-linear buffer? */
+ if (skb_linearize(skb))
+ return -ENOMEM;
+
+ data = (u8 *)skb->data;
+ dsz = msg_size(buf_msg(skb));
+ dmax = pktmax - INT_H_SIZE;
+ if (dsz <= dmax || !dmax)
+ return -EINVAL;
+
+ nof_fragms = dsz / dmax + 1;
+ for (pktno = 1; pktno <= nof_fragms; pktno++) {
+ if (pktno < nof_fragms)
+ eat = dmax;
+ else
+ eat = dsz % dmax;
+ /* Allocate a new fragment */
+ _skb = tipc_buf_acquire(INT_H_SIZE + eat, GFP_ATOMIC);
+ if (!_skb)
+ goto error;
+ skb_orphan(_skb);
+ __skb_queue_tail(frags, _skb);
+ /* Copy header & data to the fragment */
+ skb_copy_to_linear_data(_skb, hdr, INT_H_SIZE);
+ skb_copy_to_linear_data_offset(_skb, INT_H_SIZE, data, eat);
+ data += eat;
+ /* Update the fragment's header */
+ _hdr = buf_msg(_skb);
+ msg_set_fragm_no(_hdr, pktno);
+ msg_set_nof_fragms(_hdr, nof_fragms);
+ msg_set_size(_hdr, INT_H_SIZE + eat);
+ }
+ return 0;
+
+error:
+ __skb_queue_purge(frags);
+ __skb_queue_head_init(frags);
+ return -ENOMEM;
+}
+
+/**
* tipc_msg_build - create buffer chain containing specified header and data
* @mhdr: Message header, to be prepended to data
* @m: User message
diff --git a/net/tipc/msg.h b/net/tipc/msg.h
index fca042cdff88..1c8c8dd32a4e 100644
--- a/net/tipc/msg.h
+++ b/net/tipc/msg.h
@@ -721,12 +721,26 @@ static inline void msg_set_last_bcast(struct tipc_msg *m, u32 n)
msg_set_bits(m, 4, 16, 0xffff, n);
}
+static inline u32 msg_nof_fragms(struct tipc_msg *m)
+{
+ return msg_bits(m, 4, 0, 0xffff);
+}
+
+static inline void msg_set_nof_fragms(struct tipc_msg *m, u32 n)
+{
+ msg_set_bits(m, 4, 0, 0xffff, n);
+}
+
+static inline u32 msg_fragm_no(struct tipc_msg *m)
+{
+ return msg_bits(m, 4, 16, 0xffff);
+}
+
static inline void msg_set_fragm_no(struct tipc_msg *m, u32 n)
{
msg_set_bits(m, 4, 16, 0xffff, n);
}
-
static inline u16 msg_next_sent(struct tipc_msg *m)
{
return msg_bits(m, 4, 0, 0xffff);
@@ -1045,6 +1059,8 @@ bool tipc_msg_bundle(struct sk_buff *skb, struct tipc_msg *msg, u32 mtu);
bool tipc_msg_make_bundle(struct sk_buff **skb, struct tipc_msg *msg,
u32 mtu, u32 dnode);
bool tipc_msg_extract(struct sk_buff *skb, struct sk_buff **iskb, int *pos);
+int tipc_msg_fragment(struct sk_buff *skb, const struct tipc_msg *hdr,
+ int pktmax, struct sk_buff_head *frags);
int tipc_msg_build(struct tipc_msg *mhdr, struct msghdr *m,
int offset, int dsz, int mtu, struct sk_buff_head *list);
bool tipc_msg_lookup_dest(struct net *net, struct sk_buff *skb, int *err);
--
2.13.7
^ permalink raw reply related
* Re: [PATCH] rpcrdma_decode_msg: check xdr_inline_decode result
From: Chuck Lever @ 2019-07-24 2:02 UTC (permalink / raw)
To: Navid Emamdoost
Cc: emamd001, kjlu, smccaman, secalert, Trond Myklebust,
Anna Schumaker, J. Bruce Fields, David S. Miller, linux-nfs,
netdev, linux-kernel
In-Reply-To: <20190724015115.3493-1-navid.emamdoost@gmail.com>
> On Jul 23, 2019, at 9:51 PM, Navid Emamdoost <navid.emamdoost@gmail.com> wrote:
>
> xdr_inline_decode may return NULL, so the check is necessary. The base
> pointer will be dereferenced later in rpcrdma_inline_fixup.
NACK. When xdr_inline_decode is passed a zero “length” argument, it can never return NULL.
> Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com>
> ---
> net/sunrpc/xprtrdma/rpc_rdma.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/net/sunrpc/xprtrdma/rpc_rdma.c b/net/sunrpc/xprtrdma/rpc_rdma.c
> index 4345e6912392..d0479efe0e72 100644
> --- a/net/sunrpc/xprtrdma/rpc_rdma.c
> +++ b/net/sunrpc/xprtrdma/rpc_rdma.c
> @@ -1160,6 +1160,9 @@ rpcrdma_decode_msg(struct rpcrdma_xprt *r_xprt, struct rpcrdma_rep *rep,
>
> /* Build the RPC reply's Payload stream in rqst->rq_rcv_buf */
> base = (char *)xdr_inline_decode(xdr, 0);
> + if (!base)
> + return -EIO;
> +
> rpclen = xdr_stream_remaining(xdr);
> r_xprt->rx_stats.fixup_copy_count +=
> rpcrdma_inline_fixup(rqst, base, rpclen, writelist & 3);
> --
> 2.17.1
>
^ permalink raw reply
* Re: [PATCH v2] tun: mark small packets as owned by the tap sock
From: Jason Wang @ 2019-07-24 2:11 UTC (permalink / raw)
To: Alexis Bauvin, stephen, davem; +Cc: netdev
In-Reply-To: <20190723142301.39568-1-abauvin@scaleway.com>
On 2019/7/23 下午10:23, Alexis Bauvin wrote:
> - v1 -> v2: Move skb_set_owner_w to __tun_build_skb to reduce patch size
>
> Small packets going out of a tap device go through an optimized code
> path that uses build_skb() rather than sock_alloc_send_pskb(). The
> latter calls skb_set_owner_w(), but the small packet code path does not.
>
> The net effect is that small packets are not owned by the userland
> application's socket (e.g. QEMU), while large packets are.
> This can be seen with a TCP session, where packets are not owned when
> the window size is small enough (around PAGE_SIZE), while they are once
> the window grows (note that this requires the host to support virtio
> tso for the guest to offload segmentation).
> All this leads to inconsistent behaviour in the kernel, especially on
> netfilter modules that uses sk->socket (e.g. xt_owner).
>
> Signed-off-by: Alexis Bauvin <abauvin@scaleway.com>
> Fixes: 66ccbc9c87c2 ("tap: use build_skb() for small packet")
Acked-by: Jason Wang <jasowang@redhat.com>
> ---
> drivers/net/tun.c | 9 ++++++---
> 1 file changed, 6 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/net/tun.c b/drivers/net/tun.c
> index 3d443597bd04..db16d7a13e00 100644
> --- a/drivers/net/tun.c
> +++ b/drivers/net/tun.c
> @@ -1599,7 +1599,8 @@ static bool tun_can_build_skb(struct tun_struct *tun, struct tun_file *tfile,
> return true;
> }
>
> -static struct sk_buff *__tun_build_skb(struct page_frag *alloc_frag, char *buf,
> +static struct sk_buff *__tun_build_skb(struct tun_file *tfile,
> + struct page_frag *alloc_frag, char *buf,
> int buflen, int len, int pad)
> {
> struct sk_buff *skb = build_skb(buf, buflen);
> @@ -1609,6 +1610,7 @@ static struct sk_buff *__tun_build_skb(struct page_frag *alloc_frag, char *buf,
>
> skb_reserve(skb, pad);
> skb_put(skb, len);
> + skb_set_owner_w(skb, tfile->socket.sk);
>
> get_page(alloc_frag->page);
> alloc_frag->offset += buflen;
> @@ -1686,7 +1688,8 @@ static struct sk_buff *tun_build_skb(struct tun_struct *tun,
> */
> if (hdr->gso_type || !xdp_prog) {
> *skb_xdp = 1;
> - return __tun_build_skb(alloc_frag, buf, buflen, len, pad);
> + return __tun_build_skb(tfile, alloc_frag, buf, buflen, len,
> + pad);
> }
>
> *skb_xdp = 0;
> @@ -1723,7 +1726,7 @@ static struct sk_buff *tun_build_skb(struct tun_struct *tun,
> rcu_read_unlock();
> local_bh_enable();
>
> - return __tun_build_skb(alloc_frag, buf, buflen, len, pad);
> + return __tun_build_skb(tfile, alloc_frag, buf, buflen, len, pad);
>
> err_xdp:
> put_page(alloc_frag->page);
^ permalink raw reply
* Reminder: 10 open syzbot bugs in "net/sctp" subsystem
From: Eric Biggers @ 2019-07-24 2:27 UTC (permalink / raw)
To: linux-sctp, netdev, Vlad Yasevich, Neil Horman,
Marcelo Ricardo Leitner, David S. Miller, Xin Long
Cc: linux-kernel, syzkaller-bugs
[This email was generated by a script. Let me know if you have any suggestions
to make it better, or if you want it re-generated with the latest status.]
Of the currently open syzbot reports against the upstream kernel, I've manually
marked 10 of them as possibly being bugs in the "net/sctp" subsystem. I've
listed these reports below, sorted by an algorithm that tries to list first the
reports most likely to be still valid, important, and actionable.
Of these 10 bugs, 2 were seen in mainline in the last week.
Of these 10 bugs, 1 was bisected to a commit from the following person:
Xin Long <lucien.xin@gmail.com>
If you believe a bug is no longer valid, please close the syzbot report by
sending a '#syz fix', '#syz dup', or '#syz invalid' command in reply to the
original thread, as explained at https://goo.gl/tpsmEJ#status
If you believe I misattributed a bug to the "net/sctp" subsystem, please let me
know, and if possible forward the report to the correct people or mailing list.
Here are the bugs:
--------------------------------------------------------------------------------
Title: memory leak in sctp_send_reset_streams
Last occurred: 2 days ago
Reported: 53 days ago
Branches: Mainline
Dashboard link: https://syzkaller.appspot.com/bug?id=ecedaad28cb6bb86a08d6dcabd93ef76f875bfaf
Original thread: https://lkml.kernel.org/lkml/000000000000f7a443058a358cb4@google.com/T/#u
This bug has a C reproducer.
The original thread for this bug has received 2 replies; the last was 52 days
ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+6ad9c3bd0a218a2ab41d@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000f7a443058a358cb4@google.com
--------------------------------------------------------------------------------
Title: memory leak in sctp_stream_init_ext
Last occurred: 4 days ago
Reported: 53 days ago
Branches: Mainline
Dashboard link: https://syzkaller.appspot.com/bug?id=bbfa653205516be2a33b51c381ef827c534ba596
Original thread: https://lkml.kernel.org/lkml/000000000000f122ab058a303d94@google.com/T/#u
This bug has a C reproducer.
The original thread for this bug has received 2 replies; the last was 49 days
ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+7f3b6b106be8dcdcdeec@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000f122ab058a303d94@google.com
--------------------------------------------------------------------------------
Title: KASAN: use-after-free Read in __lock_sock
Last occurred: 37 days ago
Reported: 248 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=27934d200d11e2fbae5c715bfefad252f41785fb
Original thread: https://lkml.kernel.org/lkml/000000000000b98a67057ad7158a@google.com/T/#u
This bug has a syzkaller reproducer only.
This bug was bisected to:
commit 8f840e47f190cbe61a96945c13e9551048d42cef
Author: Xin Long <lucien.xin@gmail.com>
Date: Thu Apr 14 07:35:33 2016 +0000
sctp: add the sctp_diag.c file
The original thread for this bug received 6 replies; the last was 229 days ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+9276d76e83e3bcde6c99@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000b98a67057ad7158a@google.com
--------------------------------------------------------------------------------
Title: KASAN: use-after-free Read in ip6_hold_safe (3)
Last occurred: 30 days ago
Reported: 77 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=b30a8ecdfbefe331ff4d3a0a601ae28d91a430e3
Original thread: https://lkml.kernel.org/lkml/000000000000eba333058848fcc1@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one has replied to the original thread for this bug yet.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+1de7f57dd018a516ae89@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000eba333058848fcc1@google.com
--------------------------------------------------------------------------------
Title: BUG: unable to handle kernel paging request in sctp_v6_get_dst
Last occurred: 37 days ago
Reported: 205 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=b44ed5bb06a257ee2649272a08d7b68c184a7bfe
Original thread: https://lkml.kernel.org/lkml/000000000000aa968f057e372583@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+ae70faffd84f05295f27@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000aa968f057e372583@google.com
--------------------------------------------------------------------------------
Title: KASAN: user-memory-access Read in ip6_hold_safe (3)
Last occurred: 33 days ago
Reported: 52 days ago
Branches: bpf-next, linux-next, and net-next
Dashboard link: https://syzkaller.appspot.com/bug?id=1707ac302b38aaceb5b3df470b198244fe0205d0
Original thread: https://lkml.kernel.org/lkml/000000000000a7776f058a3ce9db@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
The original thread for this bug has received 3 replies; the last was 29 days
ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+a5b6e01ec8116d046842@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000a7776f058a3ce9db@google.com
--------------------------------------------------------------------------------
Title: BUG: unable to handle kernel paging request in dst_release (2)
Last occurred: 41 days ago
Reported: 119 days ago
Branches: net and net-next
Dashboard link: https://syzkaller.appspot.com/bug?id=1457062b2884c65d9c089e0abee144e7a6de1006
Original thread: https://lkml.kernel.org/lkml/0000000000008cc65f0584fba1c4@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+f7b46bf869b6ace2ea45@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000008cc65f0584fba1c4@google.com
--------------------------------------------------------------------------------
Title: general protection fault in sctp_v6_get_dst (2)
Last occurred: 46 days ago
Reported: 126 days ago
Branches: bpf-next, net, and net-next
Dashboard link: https://syzkaller.appspot.com/bug?id=f30835c913a031ac302f0124763139ec0eb4b5d3
Original thread: https://lkml.kernel.org/lkml/000000000000e8335605846f099f@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+5aab5972d41ebaa03f25@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000e8335605846f099f@google.com
--------------------------------------------------------------------------------
Title: KASAN: slab-out-of-bounds Read in fib6_rule_action
Last occurred: 99 days ago
Reported: 91 days ago
Branches: net
Dashboard link: https://syzkaller.appspot.com/bug?id=9b73c38d6e1905753dad5374ca51271b6787a124
Original thread: https://lkml.kernel.org/lkml/0000000000001645670587350783@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+3edc8b0bf48d614ae4ef@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000001645670587350783@google.com
--------------------------------------------------------------------------------
Title: general protection fault in reuseport_add_sock
Last occurred: 158 days ago
Reported: 157 days ago
Branches: net
Dashboard link: https://syzkaller.appspot.com/bug?id=aae414b4366f2bb8cb759da428861e6e81942046
Original thread: https://lkml.kernel.org/lkml/0000000000009e38f10581fd7499@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+675ee297acac988852c1@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000009e38f10581fd7499@google.com
^ permalink raw reply
* Reminder: 6 open syzbot bugs in "net/dccp" subsystem
From: Eric Biggers @ 2019-07-24 2:28 UTC (permalink / raw)
To: dccp, netdev, Gerrit Renker, David S. Miller; +Cc: linux-kernel, syzkaller-bugs
[This email was generated by a script. Let me know if you have any suggestions
to make it better, or if you want it re-generated with the latest status.]
Of the currently open syzbot reports against the upstream kernel, I've manually
marked 6 of them as possibly being bugs in the "net/dccp" subsystem. I've
listed these reports below, sorted by an algorithm that tries to list first the
reports most likely to be still valid, important, and actionable.
If you believe a bug is no longer valid, please close the syzbot report by
sending a '#syz fix', '#syz dup', or '#syz invalid' command in reply to the
original thread, as explained at https://goo.gl/tpsmEJ#status
If you believe I misattributed a bug to the "net/dccp" subsystem, please let me
know, and if possible forward the report to the correct people or mailing list.
Here are the bugs:
--------------------------------------------------------------------------------
Title: KASAN: use-after-free Read in ccid2_hc_tx_packet_recv
Last occurred: 26 days ago
Reported: 477 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=31f032fe94df7aca6ce5d45455f6acefa26515e4
Original thread: https://lkml.kernel.org/lkml/0000000000003872fd0568da185f@google.com/T/#u
This bug has a C reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+554ccde221001ab5479a@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000003872fd0568da185f@google.com
--------------------------------------------------------------------------------
Title: BUG: please report to dccp@vger.kernel.org => prev = 0, last = 0 at net/dccp/ccids/lib/packet_history.c:LINE/tfrc_rx_hist_sample_rtt()
Last occurred: 21 days ago
Reported: 625 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=0881c535c265ca965edc49c0ac3d0a9850d26eb1
Original thread: https://groups.google.com/d/msgid/syzkaller-bugs/94eb2c05611406f6a5055d38a272%40google.com
This bug has a C reproducer.
For some reason the original report email for this bug is missing from the LKML
archive at lore.kernel.org, so my script couldn't check whether anyone has
replied to it or not. The Google Groups link above should still work, though.
Also try searching for the bug title.
--------------------------------------------------------------------------------
Title: KASAN: use-after-free Read in ccid_hc_tx_delete
Last occurred: 66 days ago
Reported: 330 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=3e769c60cb2d1cab692fd541dae957b1fd31bde4
Original thread: https://lkml.kernel.org/lkml/000000000000de3c7705746dcbb7@google.com/T/#u
This bug has a C reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+3967c1caf256f4d5aefe@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000de3c7705746dcbb7@google.com
--------------------------------------------------------------------------------
Title: KMSAN: uninit-value in dccp_invalid_packet
Last occurred: 458 days ago
Reported: 460 days ago
Branches: Mainline (with KMSAN patches)
Dashboard link: https://syzkaller.appspot.com/bug?id=89916fdba284272cdbd0bf00de942f41d052c3f4
Original thread: https://lkml.kernel.org/lkml/0000000000000e2bf3056a36962d@google.com/T/#u
This bug has a C reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+00763607efc31f91b276@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000000e2bf3056a36962d@google.com
--------------------------------------------------------------------------------
Title: suspicious RCU usage at ./include/net/inet_sock.h:LINE
Last occurred: 535 days ago
Reported: 625 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=78f9fe251de26a75a60690bc2384d62d2db32299
Original thread: https://groups.google.com/d/msgid/syzkaller-bugs/001a1140ad88c4f006055d3836d2%40google.com
This bug has a C reproducer.
For some reason the original report email for this bug is missing from the LKML
archive at lore.kernel.org, so my script couldn't check whether anyone has
replied to it or not. The Google Groups link above should still work, though.
Also try searching for the bug title.
--------------------------------------------------------------------------------
Title: WARNING: suspicious RCU usage in pid_task
Last occurred: 302 days ago
Reported: 402 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=5b9f20bfdfb67155f627c5e13c258ca56eff026a
Original thread: https://lkml.kernel.org/lkml/0000000000002b532a056ebcb3eb@google.com/T/#u
This bug has a C reproducer.
The original thread for this bug received 1 reply, 323 days ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+c2d4c3ae3fd90bbaf059@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000002b532a056ebcb3eb@google.com
^ permalink raw reply
* Reminder: 5 open syzbot bugs in "net/x25" subsystem
From: Eric Biggers @ 2019-07-24 2:28 UTC (permalink / raw)
To: linux-x25, netdev, David S. Miller; +Cc: linux-kernel, syzkaller-bugs
[This email was generated by a script. Let me know if you have any suggestions
to make it better, or if you want it re-generated with the latest status.]
Of the currently open syzbot reports against the upstream kernel, I've manually
marked 5 of them as possibly being bugs in the "net/x25" subsystem. I've listed
these reports below, sorted by an algorithm that tries to list first the reports
most likely to be still valid, important, and actionable.
If you believe a bug is no longer valid, please close the syzbot report by
sending a '#syz fix', '#syz dup', or '#syz invalid' command in reply to the
original thread, as explained at https://goo.gl/tpsmEJ#status
If you believe I misattributed a bug to the "net/x25" subsystem, please let me
know, and if possible forward the report to the correct people or mailing list.
Here are the bugs:
--------------------------------------------------------------------------------
Title: KASAN: null-ptr-deref Read in x25_connect
Last occurred: 0 days ago
Reported: 42 days ago
Branches: net and net-next
Dashboard link: https://syzkaller.appspot.com/bug?id=5b0ecf0386f56be7fe7210a14d0f62df765c0c39
Original thread: https://lkml.kernel.org/lkml/0000000000007ce6f5058b0715ea@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
The original thread for this bug has received 2 replies; the last was 42 days
ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+777a2aab6ffd397407b5@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000007ce6f5058b0715ea@google.com
--------------------------------------------------------------------------------
Title: general protection fault in x25_connect
Last occurred: 23 days ago
Reported: 42 days ago
Branches: net and net-next
Dashboard link: https://syzkaller.appspot.com/bug?id=65f107a71a1cb5637149cd163a2919dd622f0d30
Original thread: https://lkml.kernel.org/lkml/000000000000800bf0058b07151d@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one has replied to the original thread for this bug yet.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+2fde26e61fda58e5f88b@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000800bf0058b07151d@google.com
--------------------------------------------------------------------------------
Title: general protection fault in refcount_sub_and_test_checked
Last occurred: 59 days ago
Reported: 113 days ago
Branches: net and net-next
Dashboard link: https://syzkaller.appspot.com/bug?id=909a75efeca0594a7dd4356d84f147891407cda8
Original thread: https://lkml.kernel.org/lkml/0000000000008424a205857b74ef@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+31b6a0f5d6d5c3b75948@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000008424a205857b74ef@google.com
--------------------------------------------------------------------------------
Title: KASAN: use-after-free Read in x25_write_internal
Last occurred: 154 days ago
Reported: 202 days ago
Branches: net and net-next
Dashboard link: https://syzkaller.appspot.com/bug?id=4f2fbe41c46efe42fad560f74913604ca8011d2d
Original thread: https://lkml.kernel.org/lkml/0000000000006ee231057e779375@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+426b913e690764e50c83@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000006ee231057e779375@google.com
--------------------------------------------------------------------------------
Title: INFO: rcu detected stall in x25_connect
Last occurred: 152 days ago
Reported: 204 days ago
Branches: net and net-next
Dashboard link: https://syzkaller.appspot.com/bug?id=56a3e28b7cbfd2255f7b8c6483e7f7f9523a1a47
Original thread: https://lkml.kernel.org/lkml/0000000000009b5ae5057e4cd7d1@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+564c57b4bf1df3ce1c94@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000009b5ae5057e4cd7d1@google.com
^ permalink raw reply
* Reminder: 5 open syzbot bugs in "net/smc" subsystem
From: Eric Biggers @ 2019-07-24 2:29 UTC (permalink / raw)
To: linux-s390, netdev, Ursula Braun, Karsten Graul, David S. Miller
Cc: linux-kernel, syzkaller-bugs
[This email was generated by a script. Let me know if you have any suggestions
to make it better, or if you want it re-generated with the latest status.]
Of the currently open syzbot reports against the upstream kernel, I've manually
marked 5 of them as possibly being bugs in the "net/smc" subsystem. I've listed
these reports below, sorted by an algorithm that tries to list first the reports
most likely to be still valid, important, and actionable.
Of these 5 bugs, 4 were seen in mainline in the last week.
Of these 5 bugs, 1 was bisected to a commit from the following person:
Ursula Braun <ubraun@linux.ibm.com>
If you believe a bug is no longer valid, please close the syzbot report by
sending a '#syz fix', '#syz dup', or '#syz invalid' command in reply to the
original thread, as explained at https://goo.gl/tpsmEJ#status
If you believe I misattributed a bug to the "net/smc" subsystem, please let me
know, and if possible forward the report to the correct people or mailing list.
Here are the bugs:
--------------------------------------------------------------------------------
Title: WARNING in smc_unhash_sk (2)
Last occurred: 0 days ago
Reported: 101 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=f650845a184aed6947c0dd0f4d99d561335a7c31
Original thread: https://lkml.kernel.org/lkml/000000000000ac48ed05866bbc2c@google.com/T/#u
This bug has a C reproducer.
This bug was bisected to:
commit 50717a37db032ce783f50685a73bb2ac68471a5a
Author: Ursula Braun <ubraun@linux.ibm.com>
Date: Fri Apr 12 10:57:23 2019 +0000
net/smc: nonblocking connect rework
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+bd8cc73d665590a1fcad@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000ac48ed05866bbc2c@google.com
--------------------------------------------------------------------------------
Title: WARNING: ODEBUG bug in __sk_destruct
Last occurred: 0 days ago
Reported: 450 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=591666b46bf0d9e2fbb8dbb386982d12ba804648
Original thread: https://lkml.kernel.org/lkml/000000000000451f9d056aff4397@google.com/T/#u
This bug has a C reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+92209502e7aab127c75f@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000451f9d056aff4397@google.com
--------------------------------------------------------------------------------
Title: memory leak in new_inode_pseudo (2)
Last occurred: 1 day ago
Reported: 7 days ago
Branches: Mainline
Dashboard link: https://syzkaller.appspot.com/bug?id=911dac8eb1de0c09979e8e0054cb6cbe198cd5bb
Original thread: https://lkml.kernel.org/lkml/000000000000111cbe058dc7754d@google.com/T/#u
This bug has a C reproducer.
No one has replied to the original thread for this bug yet.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+e682cca30bc101a4d9d9@syzkaller.appspotmail.com
If you send any email or patch for this bug, please reply to the original
thread. For the git send-email command to use, or tips on how to reply if the
thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000111cbe058dc7754d@google.com
--------------------------------------------------------------------------------
Title: WARNING in debug_check_no_obj_freed
Last occurred: 0 days ago
Reported: 33 days ago
Branches: Mainline
Dashboard link: https://syzkaller.appspot.com/bug?id=83687867d4a435fce7c6045b34425b1cfb3bf2d6
Original thread: https://lkml.kernel.org/lkml/00000000000090ae7a058bc12946@google.com/T/#u
This bug has a C reproducer.
syzbot has bisected this bug, but I think the bisection result is incorrect.
No one has replied to the original thread for this bug yet.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+b972214bb803a343f4fe@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/00000000000090ae7a058bc12946@google.com
--------------------------------------------------------------------------------
Title: BUG: workqueue leaked lock or atomic in smc_tx_work
Last occurred: 27 days ago
Reported: 29 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=dd71ec2acfdd198626ec8e914f70afc70cf35c72
Original thread: https://lkml.kernel.org/lkml/0000000000006a28b5058c0d7e17@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one has replied to the original thread for this bug yet.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+8759e3927fd85a7c520a@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000006a28b5058c0d7e17@google.com
^ permalink raw reply
* Re: [net-next 6/6] e1000e: disable force K1-off feature
From: Jeff Kirsher @ 2019-07-24 2:30 UTC (permalink / raw)
To: David Miller; +Cc: kai.heng.feng, netdev, nhorman, sassmann, aaron.f.brown
In-Reply-To: <20190723.140444.1126474066269131522.davem@davemloft.net>
[-- Attachment #1: Type: text/plain, Size: 939 bytes --]
On Tue, 2019-07-23 at 14:04 -0700, David Miller wrote:
> From: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
> Date: Tue, 23 Jul 2019 10:36:50 -0700
>
> > diff --git a/drivers/net/ethernet/intel/e1000e/hw.h
> > b/drivers/net/ethernet/intel/e1000e/hw.h
> > index eff75bd8a8f0..e3c71fd093ee 100644
> > --- a/drivers/net/ethernet/intel/e1000e/hw.h
> > +++ b/drivers/net/ethernet/intel/e1000e/hw.h
> > @@ -662,6 +662,7 @@ struct e1000_dev_spec_ich8lan {
> > bool kmrn_lock_loss_workaround_enabled;
> > struct e1000_shadow_ram shadow_ram[E1000_ICH8_SHADOW_RAM_WORDS];
> > bool nvm_k1_enabled;
> > + bool disable_k1_off;
> > bool eee_disable;
>
> I don't see any code actually setting this boolean, how does it work?
I am trying to find the answer Dave. The original author of the code
change is no longer with Intel and the notes point to this being set via
the NVM, but I am confirming with the client engineers.
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply
* [PATCH net 1/1] bnx2x: Disable multi-cos feature.
From: Sudarsana Reddy Kalluru @ 2019-07-24 2:32 UTC (permalink / raw)
To: davem; +Cc: netdev, manishc, mkalderon
Commit 3968d38917eb ("bnx2x: Fix Multi-Cos.") which enabled multi-cos
feature after prolonged time in driver added some regression causing
numerous issues (sudden reboots, tx timeout etc.) reported by customers.
We plan to backout this commit and submit proper fix once we have root
cause of issues reported with this feature enabled.
Fixes: 3968d38917eb ("bnx2x: Fix Multi-Cos.")
Signed-off-by: Sudarsana Reddy Kalluru <skalluru@marvell.com>
Signed-off-by: Manish Chopra <manishc@marvell.com>
---
drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c
index e2be5a6..e47ea92 100644
--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c
+++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c
@@ -1934,8 +1934,7 @@ u16 bnx2x_select_queue(struct net_device *dev, struct sk_buff *skb,
}
/* select a non-FCoE queue */
- return netdev_pick_tx(dev, skb, NULL) %
- (BNX2X_NUM_ETH_QUEUES(bp) * bp->max_cos);
+ return netdev_pick_tx(dev, skb, NULL) % (BNX2X_NUM_ETH_QUEUES(bp));
}
void bnx2x_set_num_queues(struct bnx2x *bp)
--
1.8.3.1
^ permalink raw reply related
* Reminder: 4 open syzbot bugs in "net/rds" subsystem
From: Eric Biggers @ 2019-07-24 2:34 UTC (permalink / raw)
To: netdev, linux-rdma, rds-devel, Santosh Shilimkar, David S. Miller,
Dennis Dalessandro
Cc: linux-kernel, syzkaller-bugs
[This email was generated by a script. Let me know if you have any suggestions
to make it better, or if you want it re-generated with the latest status.]
Of the currently open syzbot reports against the upstream kernel, I've manually
marked 4 of them as possibly being bugs in the "net/rds" subsystem. I've listed
these reports below, sorted by an algorithm that tries to list first the reports
most likely to be still valid, important, and actionable.
Of these 4 bugs, 1 was seen in mainline in the last week.
Of these 4 bugs, 1 was bisected to a commit from the following person:
Dennis Dalessandro <dennis.dalessandro@intel.com>
If you believe a bug is no longer valid, please close the syzbot report by
sending a '#syz fix', '#syz dup', or '#syz invalid' command in reply to the
original thread, as explained at https://goo.gl/tpsmEJ#status
If you believe I misattributed a bug to the "net/rds" subsystem, please let me
know, and if possible forward the report to the correct people or mailing list.
Here are the bugs:
--------------------------------------------------------------------------------
Title: general protection fault in rds_recv_rcvbuf_delta
Last occurred: 26 days ago
Reported: 253 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=e1d2492507fca6102dbce03c16b40a21130c8dbf
Original thread: https://lkml.kernel.org/lkml/000000000000445dd9057a7149f1@google.com/T/#u
This bug has a C reproducer.
This bug was bisected to:
commit b534875d5ab348fb9193692589e2ee82ae768e3a
Author: Dennis Dalessandro <dennis.dalessandro@intel.com>
Date: Wed Jan 6 18:02:59 2016 +0000
IB/rdmavt: Add device specific info prints
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+4b4f8163c2e246df3c4c@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000445dd9057a7149f1@google.com
--------------------------------------------------------------------------------
Title: memory leak in rds_send_probe
Last occurred: 0 days ago
Reported: 0 days ago
Branches: Mainline
Dashboard link: https://syzkaller.appspot.com/bug?id=39b72114839a6dbd66c1d2104522698a813f9ae2
Original thread: https://lkml.kernel.org/lkml/000000000000ad1dfe058e5b89ab@google.com/T/#u
This bug has a C reproducer.
syzbot has bisected this bug, but I think the bisection result is incorrect.
The original thread for this bug has received 4 replies; the last was 3 hours
ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+5134cdf021c4ed5aaa5f@syzkaller.appspotmail.com
If you send any email or patch for this bug, please reply to the original
thread, which had activity only 3 hours ago. For the git send-email command to
use, or tips on how to reply if the thread isn't in your mailbox, see the "Reply
instructions" at https://lkml.kernel.org/r/000000000000ad1dfe058e5b89ab@google.com
--------------------------------------------------------------------------------
Title: KASAN: use-after-free Read in rds_cong_queue_updates (2)
Last occurred: 112 days ago
Reported: 365 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=6f435350bd496374955b3aeba9e313d16db4b30b
Original thread: https://lkml.kernel.org/lkml/000000000000cdb5450571adfe40@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
The original thread for this bug received 1 reply, 365 days ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+470ae97a39f16146af45@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000cdb5450571adfe40@google.com
--------------------------------------------------------------------------------
Title: KASAN: slab-out-of-bounds Read in rds_cong_queue_updates (2)
Last occurred: 110 days ago
Reported: 377 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=58c0193d54290dfe8266db64b482b0e796f0d611
Original thread: https://lkml.kernel.org/lkml/0000000000005274c40570be9f48@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
The original thread for this bug received 1 reply, 377 days ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+0570fef57a5e020bdc87@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000005274c40570be9f48@google.com
^ permalink raw reply
* Reminder: 4 open syzbot bugs in "net/hsr" subsystem
From: Eric Biggers @ 2019-07-24 2:35 UTC (permalink / raw)
To: netdev, Arvid Brodin, David S. Miller; +Cc: linux-kernel, syzkaller-bugs
[This email was generated by a script. Let me know if you have any suggestions
to make it better, or if you want it re-generated with the latest status.]
Of the currently open syzbot reports against the upstream kernel, I've manually
marked 4 of them as possibly being bugs in the "net/hsr" subsystem. I've listed
these reports below, sorted by an algorithm that tries to list first the reports
most likely to be still valid, important, and actionable.
Of these 4 bugs, 3 were seen in mainline in the last week.
If you believe a bug is no longer valid, please close the syzbot report by
sending a '#syz fix', '#syz dup', or '#syz invalid' command in reply to the
original thread, as explained at https://goo.gl/tpsmEJ#status
If you believe I misattributed a bug to the "net/hsr" subsystem, please let me
know, and if possible forward the report to the correct people or mailing list.
Here are the bugs:
--------------------------------------------------------------------------------
Title: WARNING in hsr_addr_subst_dest
Last occurred: 0 days ago
Reported: 202 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=924b5574f42ebeddc94fad06f2fa329b199d58d3
Original thread: https://lkml.kernel.org/lkml/0000000000001b1a1d057e776c92@google.com/T/#u
This bug has a C reproducer.
syzbot has bisected this bug, but I think the bisection result is incorrect.
The original thread for this bug received 2 replies; the last was 133 days ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+b92e4f1472a54e1c7dec@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000001b1a1d057e776c92@google.com
--------------------------------------------------------------------------------
Title: KMSAN: uninit-value in hsr_register_frame_in
Last occurred: 5 days ago
Reported: 162 days ago
Branches: Mainline (with KMSAN patches)
Dashboard link: https://syzkaller.appspot.com/bug?id=2ad30d6cef7180728e401174df99d001bae578fe
Original thread: https://lkml.kernel.org/lkml/0000000000003bb1540581a55575@google.com/T/#u
This bug has a C reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+b8152ab439b9c5174ffd@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000003bb1540581a55575@google.com
--------------------------------------------------------------------------------
Title: WARNING in hsr_forward_skb
Last occurred: 0 days ago
Reported: 202 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=13de4605e86ebcf39093017dc255aa0fd6c2f12d
Original thread: https://lkml.kernel.org/lkml/0000000000009f94c1057e772431@google.com/T/#u
This bug has a C reproducer.
syzbot has bisected this bug, but I think the bisection result is incorrect.
The original thread for this bug received 4 replies; the last was 132 days ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+fdce8f2a8903f3ba0e6b@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000009f94c1057e772431@google.com
--------------------------------------------------------------------------------
Title: BUG: corrupted list in hsr_prune_nodes
Last occurred: 100 days ago
Reported: 100 days ago
Branches: bpf-next
Dashboard link: https://syzkaller.appspot.com/bug?id=583fd57905151af7bc057ec47208d4873e953db7
Original thread: https://lkml.kernel.org/lkml/000000000000ca5ede0586804c42@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+99ad9e40137a83c70ee3@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000ca5ede0586804c42@google.com
^ permalink raw reply
* Reminder: 3 open syzbot bugs in vhost subsystem
From: Eric Biggers @ 2019-07-24 2:38 UTC (permalink / raw)
To: kvm, virtualization, netdev, Michael S. Tsirkin, Jason Wang
Cc: linux-kernel, syzkaller-bugs
[This email was generated by a script. Let me know if you have any suggestions
to make it better, or if you want it re-generated with the latest status.]
Of the currently open syzbot reports against the upstream kernel, I've manually
marked 3 of them as possibly being bugs in the vhost subsystem. I've listed
these reports below, sorted by an algorithm that tries to list first the reports
most likely to be still valid, important, and actionable.
Of these 3 bugs, 2 were seen in mainline in the last week.
Of these 3 bugs, 2 were bisected to commits from the following person:
Jason Wang <jasowang@redhat.com>
If you believe a bug is no longer valid, please close the syzbot report by
sending a '#syz fix', '#syz dup', or '#syz invalid' command in reply to the
original thread, as explained at https://goo.gl/tpsmEJ#status
If you believe I misattributed a bug to the vhost subsystem, please let me know,
and if possible forward the report to the correct people or mailing list.
Here are the bugs:
--------------------------------------------------------------------------------
Title: KASAN: use-after-free Write in tlb_finish_mmu
Last occurred: 5 days ago
Reported: 4 days ago
Branches: Mainline
Dashboard link: https://syzkaller.appspot.com/bug?id=d57b94f89e48c85ef7d95acc208209ea4bdc10de
Original thread: https://lkml.kernel.org/lkml/00000000000045e7a1058e02458a@google.com/T/#u
This bug has a syzkaller reproducer only.
This bug was bisected to:
commit 7f466032dc9e5a61217f22ea34b2df932786bbfc
Author: Jason Wang <jasowang@redhat.com>
Date: Fri May 24 08:12:18 2019 +0000
vhost: access vq metadata through kernel virtual address
No one has replied to the original thread for this bug yet.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+8267e9af795434ffadad@syzkaller.appspotmail.com
If you send any email or patch for this bug, please reply to the original
thread. For the git send-email command to use, or tips on how to reply if the
thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/00000000000045e7a1058e02458a@google.com
--------------------------------------------------------------------------------
Title: KASAN: use-after-free Read in finish_task_switch (2)
Last occurred: 5 days ago
Reported: 4 days ago
Branches: Mainline
Dashboard link: https://syzkaller.appspot.com/bug?id=9a98fcad6c8bd31f5c3afbdc6c75de9f082c0ffa
Original thread: https://lkml.kernel.org/lkml/000000000000490679058e0245ee@google.com/T/#u
This bug has a syzkaller reproducer only.
This bug was bisected to:
commit 7f466032dc9e5a61217f22ea34b2df932786bbfc
Author: Jason Wang <jasowang@redhat.com>
Date: Fri May 24 08:12:18 2019 +0000
vhost: access vq metadata through kernel virtual address
No one has replied to the original thread for this bug yet.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+7f067c796eee2acbc57a@syzkaller.appspotmail.com
If you send any email or patch for this bug, please reply to the original
thread. For the git send-email command to use, or tips on how to reply if the
thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000490679058e0245ee@google.com
--------------------------------------------------------------------------------
Title: memory leak in vhost_net_ioctl
Last occurred: 22 days ago
Reported: 48 days ago
Branches: Mainline
Dashboard link: https://syzkaller.appspot.com/bug?id=12ba349d7e26ccfe95317bc376e812ebbae2ee0f
Original thread: https://lkml.kernel.org/lkml/000000000000188da1058a9c25e3@google.com/T/#u
This bug has a C reproducer.
The original thread for this bug has received 4 replies; the last was 39 days
ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+0789f0c7e45efd7bb643@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000188da1058a9c25e3@google.com
^ permalink raw reply
* Reminder: 3 open syzbot bugs in "net/rose" subsystem
From: Eric Biggers @ 2019-07-24 2:39 UTC (permalink / raw)
To: linux-hams, netdev, Ralf Baechle, David S. Miller
Cc: linux-kernel, syzkaller-bugs
[This email was generated by a script. Let me know if you have any suggestions
to make it better, or if you want it re-generated with the latest status.]
Of the currently open syzbot reports against the upstream kernel, I've manually
marked 3 of them as possibly being bugs in the "net/rose" subsystem. I've
listed these reports below, sorted by an algorithm that tries to list first the
reports most likely to be still valid, important, and actionable.
Of these 3 bugs, 1 was seen in mainline in the last week.
If you believe a bug is no longer valid, please close the syzbot report by
sending a '#syz fix', '#syz dup', or '#syz invalid' command in reply to the
original thread, as explained at https://goo.gl/tpsmEJ#status
If you believe I misattributed a bug to the "net/rose" subsystem, please let me
know, and if possible forward the report to the correct people or mailing list.
Here are the bugs:
--------------------------------------------------------------------------------
Title: general protection fault in rose_send_frame
Last occurred: 2 days ago
Reported: 194 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=f46c94afb217ab49c75350adbd467d86ae2b59a6
Original thread: https://lkml.kernel.org/lkml/00000000000089904d057f1e0ae0@google.com/T/#u
This bug has a C reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+7078ae989d857fe17988@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/00000000000089904d057f1e0ae0@google.com
--------------------------------------------------------------------------------
Title: INFO: rcu detected stall in rose_loopback_timer (2)
Last occurred: 46 days ago
Reported: 44 days ago
Branches: net
Dashboard link: https://syzkaller.appspot.com/bug?id=42c06438fe5956ab9978486a1898ca2f23b1fc1f
Original thread: https://lkml.kernel.org/lkml/000000000000cf98fa058adf3615@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one has replied to the original thread for this bug yet.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+d37efb0ca1b82682326e@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000cf98fa058adf3615@google.com
--------------------------------------------------------------------------------
Title: INFO: rcu detected stall in rose_connect
Last occurred: 52 days ago
Reported: 49 days ago
Branches: net-next
Dashboard link: https://syzkaller.appspot.com/bug?id=0b258dc8ece5bb93dfb5a137ae25a6db300d5892
Original thread: https://lkml.kernel.org/lkml/00000000000017b026058a785790@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one has replied to the original thread for this bug yet.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+af81c7a21a31b18bec0e@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/00000000000017b026058a785790@google.com
^ permalink raw reply
* Reminder: 3 open syzbot bugs in "net/llc" subsystem
From: Eric Biggers @ 2019-07-24 2:39 UTC (permalink / raw)
To: netdev, David S. Miller; +Cc: linux-kernel, syzkaller-bugs
[This email was generated by a script. Let me know if you have any suggestions
to make it better, or if you want it re-generated with the latest status.]
Of the currently open syzbot reports against the upstream kernel, I've manually
marked 3 of them as possibly being bugs in the "net/llc" subsystem. I've listed
these reports below, sorted by an algorithm that tries to list first the reports
most likely to be still valid, important, and actionable.
Of these 3 bugs, 3 were seen in mainline in the last week.
If you believe a bug is no longer valid, please close the syzbot report by
sending a '#syz fix', '#syz dup', or '#syz invalid' command in reply to the
original thread, as explained at https://goo.gl/tpsmEJ#status
If you believe I misattributed a bug to the "net/llc" subsystem, please let me
know, and if possible forward the report to the correct people or mailing list.
Here are the bugs:
--------------------------------------------------------------------------------
Title: memory leak in llc_conn_ac_send_sabme_cmd_p_set_x
Last occurred: 0 days ago
Reported: 63 days ago
Branches: Mainline
Dashboard link: https://syzkaller.appspot.com/bug?id=1c2132cc5a2f0d05091adc4f2ed088020522f73a
Original thread: https://lkml.kernel.org/lkml/0000000000005974af0589660739@google.com/T/#u
This bug has a C reproducer.
No one has replied to the original thread for this bug yet.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+6b825a6494a04cc0e3f7@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000005974af0589660739@google.com
--------------------------------------------------------------------------------
Title: memory leak in llc_ui_sendmsg
Last occurred: 1 day ago
Reported: 63 days ago
Branches: Mainline
Dashboard link: https://syzkaller.appspot.com/bug?id=4e8b3190d51a3b721b554f103da5399613748ea0
Original thread: https://lkml.kernel.org/lkml/0000000000009382e7058965fc65@google.com/T/#u
This bug has a C reproducer.
No one has replied to the original thread for this bug yet.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+31c16aa4202dace3812e@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000009382e7058965fc65@google.com
--------------------------------------------------------------------------------
Title: memory leak in llc_ui_create (2)
Last occurred: 6 days ago
Reported: 32 days ago
Branches: Mainline
Dashboard link: https://syzkaller.appspot.com/bug?id=ecc7f04cd94b5c062c000865d43bfb682d718b8e
Original thread: https://lkml.kernel.org/lkml/000000000000058a0f058bd50068@google.com/T/#u
This bug has a C reproducer.
No one has replied to the original thread for this bug yet.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+6bf095f9becf5efef645@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000058a0f058bd50068@google.com
^ permalink raw reply
* Reminder: 3 open syzbot bugs in "net/kcm" subsystem
From: Eric Biggers @ 2019-07-24 2:39 UTC (permalink / raw)
To: netdev, David S. Miller; +Cc: linux-kernel, syzkaller-bugs
[This email was generated by a script. Let me know if you have any suggestions
to make it better, or if you want it re-generated with the latest status.]
Of the currently open syzbot reports against the upstream kernel, I've manually
marked 3 of them as possibly being bugs in the "net/kcm" subsystem. I've listed
these reports below, sorted by an algorithm that tries to list first the reports
most likely to be still valid, important, and actionable.
Of these 3 bugs, 1 was seen in mainline in the last week.
If you believe a bug is no longer valid, please close the syzbot report by
sending a '#syz fix', '#syz dup', or '#syz invalid' command in reply to the
original thread, as explained at https://goo.gl/tpsmEJ#status
If you believe I misattributed a bug to the "net/kcm" subsystem, please let me
know, and if possible forward the report to the correct people or mailing list.
Here are the bugs:
--------------------------------------------------------------------------------
Title: KMSAN: uninit-value in ip_tunnel_xmit (2)
Last occurred: 0 days ago
Reported: 347 days ago
Branches: Mainline (with KMSAN patches)
Dashboard link: https://syzkaller.appspot.com/bug?id=b0e069ac9b03eab43b106c22fcc8bd778a7ccfb5
Original thread: https://lkml.kernel.org/lkml/0000000000005012b605731594e3@google.com/T/#u
This bug has a C reproducer.
The original thread for this bug received 1 reply, 347 days ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+4a2c52677a8a1aa283cb@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000005012b605731594e3@google.com
--------------------------------------------------------------------------------
Title: general protection fault in skb_unlink
Last occurred: 182 days ago
Reported: 418 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=2d6d1853e26eb3b70cd558298ebf0c98157fcccf
Original thread: https://lkml.kernel.org/lkml/000000000000fdc15c056d7c13ae@google.com/T/#u
This bug has a C reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+278279efdd2730dd14bf@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000fdc15c056d7c13ae@google.com
--------------------------------------------------------------------------------
Title: general protection fault in requeue_rx_msgs
Last occurred: 419 days ago
Reported: 418 days ago
Branches: Mainline
Dashboard link: https://syzkaller.appspot.com/bug?id=da9b672629747f28e76eca9949696c410cb75d7b
Original thread: https://lkml.kernel.org/lkml/0000000000000482ce056d7c1436@google.com/T/#u
This bug has a syzkaller reproducer only.
syzbot has bisected this bug, but I think the bisection result is incorrect.
The original thread for this bug received 1 reply, 418 days ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+554266c04a41d1f9754d@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000000482ce056d7c1436@google.com
^ permalink raw reply
* Reminder: 3 open syzbot bugs in "net/ax25" subsystem
From: Eric Biggers @ 2019-07-24 2:40 UTC (permalink / raw)
To: linux-hams, netdev, Ralf Baechle, David S. Miller
Cc: linux-kernel, syzkaller-bugs
[This email was generated by a script. Let me know if you have any suggestions
to make it better, or if you want it re-generated with the latest status.]
Of the currently open syzbot reports against the upstream kernel, I've manually
marked 3 of them as possibly being bugs in the "net/ax25" subsystem. I've
listed these reports below, sorted by an algorithm that tries to list first the
reports most likely to be still valid, important, and actionable.
If you believe a bug is no longer valid, please close the syzbot report by
sending a '#syz fix', '#syz dup', or '#syz invalid' command in reply to the
original thread, as explained at https://goo.gl/tpsmEJ#status
If you believe I misattributed a bug to the "net/ax25" subsystem, please let me
know, and if possible forward the report to the correct people or mailing list.
Here are the bugs:
--------------------------------------------------------------------------------
Title: general protection fault in ax25_send_frame
Last occurred: 0 days ago
Reported: 204 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=1cdd5b120f129364fc8e9b2b027826cf99fa696e
Original thread: https://lkml.kernel.org/lkml/0000000000009ea37c057e58d787@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+e0b81535a27b8be39502@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000009ea37c057e58d787@google.com
--------------------------------------------------------------------------------
Title: KASAN: stack-out-of-bounds Write in ax25_getname
Last occurred: 90 days ago
Reported: 206 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=fb195f91dc044978c1b186f1288b1eff61edcc20
Original thread: https://lkml.kernel.org/lkml/000000000000ed4120057e2df0c6@google.com/T/#u
This bug has a syzkaller reproducer only.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+6a29097222b4d3b8617c@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000ed4120057e2df0c6@google.com
--------------------------------------------------------------------------------
Title: inconsistent lock state in ax25_std_heartbeat_expiry
Last occurred: 122 days ago
Reported: 120 days ago
Branches: net
Dashboard link: https://syzkaller.appspot.com/bug?id=9086a8eac930890b2730d6441093bd478e32913f
Original thread: https://lkml.kernel.org/lkml/0000000000001b07250584efbee3@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
The original thread for this bug received 2 replies; the last was 119 days ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+e350b81e95a6a214da8a@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000001b07250584efbee3@google.com
^ permalink raw reply
* Reminder: 2 open syzbot bugs in "net/rxrpc" subsystem
From: Eric Biggers @ 2019-07-24 2:44 UTC (permalink / raw)
To: linux-afs, netdev, David Howells, David S. Miller
Cc: linux-kernel, syzkaller-bugs
[This email was generated by a script. Let me know if you have any suggestions
to make it better, or if you want it re-generated with the latest status.]
Of the currently open syzbot reports against the upstream kernel, I've manually
marked 2 of them as possibly being bugs in the "net/rxrpc" subsystem. I've
listed these reports below, sorted by an algorithm that tries to list first the
reports most likely to be still valid, important, and actionable.
Of these 2 bugs, 1 was seen in mainline in the last week.
Of these 2 bugs, 1 was bisected to a commit from the following person:
David Howells <dhowells@redhat.com>
If you believe a bug is no longer valid, please close the syzbot report by
sending a '#syz fix', '#syz dup', or '#syz invalid' command in reply to the
original thread, as explained at https://goo.gl/tpsmEJ#status
If you believe I misattributed a bug to the "net/rxrpc" subsystem, please let me
know, and if possible forward the report to the correct people or mailing list.
Here are the bugs:
--------------------------------------------------------------------------------
Title: kernel BUG at net/rxrpc/local_object.c:LINE!
Last occurred: 2 days ago
Reported: 25 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=53b6555b27af2cae74e2fbdac6cadc73f9cb18aa
Original thread: https://lkml.kernel.org/lkml/0000000000004c2416058c594b30@google.com/T/#u
This bug has a syzkaller reproducer only.
This bug was bisected to:
commit 46894a13599a977ac35411b536fb3e0b2feefa95
Author: David Howells <dhowells@redhat.com>
Date: Thu Oct 4 08:32:28 2018 +0000
rxrpc: Use IPv4 addresses throught the IPv6
The original thread for this bug has received 3 replies; the last was 18 days
ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+1e0edc4b8b7494c28450@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000004c2416058c594b30@google.com
--------------------------------------------------------------------------------
Title: WARNING: locking bug in flush_workqueue_prep_pwqs
Last occurred: 30 days ago
Reported: 158 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=4ae48f9c43f87ccf9f2f270b14d5b9284dadd05c
Original thread: https://lkml.kernel.org/lkml/0000000000005c7e6f0581f1b86a@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+0c4264acb66ea0484d11@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000005c7e6f0581f1b86a@google.com
^ permalink raw reply
* Reminder: 2 open syzbot bugs in "net/l2tp" subsystem
From: Eric Biggers @ 2019-07-24 2:45 UTC (permalink / raw)
To: netdev, David S. Miller; +Cc: linux-kernel, syzkaller-bugs
[This email was generated by a script. Let me know if you have any suggestions
to make it better, or if you want it re-generated with the latest status.]
Of the currently open syzbot reports against the upstream kernel, I've manually
marked 2 of them as possibly being bugs in the "net/l2tp" subsystem. I've
listed these reports below, sorted by an algorithm that tries to list first the
reports most likely to be still valid, important, and actionable.
Of these 2 bugs, 1 was seen in mainline in the last week.
If you believe a bug is no longer valid, please close the syzbot report by
sending a '#syz fix', '#syz dup', or '#syz invalid' command in reply to the
original thread, as explained at https://goo.gl/tpsmEJ#status
If you believe I misattributed a bug to the "net/l2tp" subsystem, please let me
know, and if possible forward the report to the correct people or mailing list.
Here are the bugs:
--------------------------------------------------------------------------------
Title: WARNING: locking bug in inet_autobind
Last occurred: 1 day ago
Reported: 68 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=a7d678fba80c34b5770cc1b5638b8a2709ae9f3f
Original thread: https://lkml.kernel.org/lkml/00000000000033a0120588fac894@google.com/T/#u
This bug has a syzkaller reproducer only.
syzbot has bisected this bug, but I think the bisection result is incorrect.
No one has replied to the original thread for this bug yet.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+94cc2a66fc228b23f360@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/00000000000033a0120588fac894@google.com
--------------------------------------------------------------------------------
Title: WARNING: locking bug in do_ipv6_setsockopt
Last occurred: 4 days ago
Reported: 62 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=6a970baf20aa5a64455be86fb920f468def703c6
Original thread: https://lkml.kernel.org/lkml/000000000000f7707805897c071f@google.com/T/#u
This bug has a syzkaller reproducer only.
No one has replied to the original thread for this bug yet.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+f28170ca1ee366e97283@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000f7707805897c071f@google.com
^ permalink raw reply
* Reminder: 1 open syzbot bug in "net/sunrpc" subsystem
From: Eric Biggers @ 2019-07-24 2:51 UTC (permalink / raw)
To: linux-nfs, netdev, Trond Myklebust, Anna Schumaker,
J. Bruce Fields, Chuck Lever, David S. Miller
Cc: linux-kernel, syzkaller-bugs
[This email was generated by a script. Let me know if you have any suggestions
to make it better, or if you want it re-generated with the latest status.]
Of the currently open syzbot reports against the upstream kernel, I've manually
marked 1 of them as possibly being a bug in the "net/sunrpc" subsystem.
If you believe this bug is no longer valid, please close the syzbot report by
sending a '#syz fix', '#syz dup', or '#syz invalid' command in reply to the
original thread, as explained at https://goo.gl/tpsmEJ#status
If you believe I misattributed this bug to the "net/sunrpc" subsystem, please
let me know, and if possible forward the report to the correct people or mailing
list.
Here is the bug:
--------------------------------------------------------------------------------
Title: linux-next test error: WARNING in remove_proc_entry
Last occurred: 69 days ago
Reported: 71 days ago
Branches: linux-next
Dashboard link: https://syzkaller.appspot.com/bug?id=0b23d0049d5af6699d68ff17e2db121569b78fd4
Original thread: https://lkml.kernel.org/lkml/00000000000055d6590588bf90bf@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one has replied to the original thread for this bug yet.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+4887e9dd9042fae2a9c2@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/00000000000055d6590588bf90bf@google.com
^ permalink raw reply
* Reminder: 1 open syzbot bug in "net/strparser" subsystem
From: Eric Biggers @ 2019-07-24 2:51 UTC (permalink / raw)
To: netdev, David S. Miller; +Cc: linux-kernel, syzkaller-bugs
[This email was generated by a script. Let me know if you have any suggestions
to make it better, or if you want it re-generated with the latest status.]
Of the currently open syzbot reports against the upstream kernel, I've manually
marked 1 of them as possibly being a bug in the "net/strparser" subsystem.
If you believe this bug is no longer valid, please close the syzbot report by
sending a '#syz fix', '#syz dup', or '#syz invalid' command in reply to the
original thread, as explained at https://goo.gl/tpsmEJ#status
If you believe I misattributed this bug to the "net/strparser" subsystem, please
let me know, and if possible forward the report to the correct people or mailing
list.
Here is the bug:
--------------------------------------------------------------------------------
Title: WARNING in strp_done (2)
Last occurred: 163 days ago
Reported: 174 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=95997d9e84b5e2f966ac13c3ccf01670e77ca4f6
Original thread: https://lkml.kernel.org/lkml/0000000000007c36aa0580b16b56@google.com/T/#u
This bug has a syzkaller reproducer only.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+ea38a133bb90dd367b6e@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000007c36aa0580b16b56@google.com
^ permalink raw reply
* Reminder: 1 open syzbot bug in "net/ppp" subsystem
From: Eric Biggers @ 2019-07-24 2:52 UTC (permalink / raw)
To: netdev; +Cc: linux-kernel, syzkaller-bugs
[This email was generated by a script. Let me know if you have any suggestions
to make it better, or if you want it re-generated with the latest status.]
Of the currently open syzbot reports against the upstream kernel, I've manually
marked 1 of them as possibly being a bug in the "net/ppp" subsystem.
If you believe this bug is no longer valid, please close the syzbot report by
sending a '#syz fix', '#syz dup', or '#syz invalid' command in reply to the
original thread, as explained at https://goo.gl/tpsmEJ#status
If you believe I misattributed this bug to the "net/ppp" subsystem, please let
me know, and if possible forward the report to the correct people or mailing
list.
Here is the bug:
--------------------------------------------------------------------------------
Title: memory leak in pppoe_sendmsg
Last occurred: 6 days ago
Reported: 53 days ago
Branches: Mainline
Dashboard link: https://syzkaller.appspot.com/bug?id=68fe3119847862315e52aa14961144b5a909bc23
Original thread: https://lkml.kernel.org/lkml/000000000000d981f1058a26e1a8@google.com/T/#u
This bug has a C reproducer.
No one has replied to the original thread for this bug yet.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+6bdfd184eac7709e5cc9@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000d981f1058a26e1a8@google.com
^ permalink raw reply
* Reminder: 1 open syzbot bug in "net/pfkey" subsystem
From: Eric Biggers @ 2019-07-24 2:52 UTC (permalink / raw)
To: netdev, Steffen Klassert, Herbert Xu, David S. Miller
Cc: linux-kernel, syzkaller-bugs
[This email was generated by a script. Let me know if you have any suggestions
to make it better, or if you want it re-generated with the latest status.]
Of the currently open syzbot reports against the upstream kernel, I've manually
marked 1 of them as possibly being a bug in the "net/pfkey" subsystem.
If you believe this bug is no longer valid, please close the syzbot report by
sending a '#syz fix', '#syz dup', or '#syz invalid' command in reply to the
original thread, as explained at https://goo.gl/tpsmEJ#status
If you believe I misattributed this bug to the "net/pfkey" subsystem, please let
me know, and if possible forward the report to the correct people or mailing
list.
Here is the bug:
--------------------------------------------------------------------------------
Title: WARNING in pfkey_sock_destruct
Last occurred: 168 days ago
Reported: 300 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=6dc52e859d5ccc5fdce168973ab63b97ac7e41ba
Original thread: https://lkml.kernel.org/lkml/0000000000002b8eb70576c15840@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+4acf0d9092f91bb60431@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000002b8eb70576c15840@google.com
^ permalink raw reply
* Re: Reminder: 3 open syzbot bugs in vhost subsystem
From: Jason Wang @ 2019-07-24 3:05 UTC (permalink / raw)
To: kvm, virtualization, netdev, Michael S. Tsirkin, linux-kernel,
syzkaller-bugs
In-Reply-To: <20190724023835.GY643@sol.localdomain>
On 2019/7/24 上午10:38, Eric Biggers wrote:
> [This email was generated by a script. Let me know if you have any suggestions
> to make it better, or if you want it re-generated with the latest status.]
>
> Of the currently open syzbot reports against the upstream kernel, I've manually
> marked 3 of them as possibly being bugs in the vhost subsystem. I've listed
> these reports below, sorted by an algorithm that tries to list first the reports
> most likely to be still valid, important, and actionable.
>
> Of these 3 bugs, 2 were seen in mainline in the last week.
>
> Of these 3 bugs, 2 were bisected to commits from the following person:
>
> Jason Wang <jasowang@redhat.com>
>
> If you believe a bug is no longer valid, please close the syzbot report by
> sending a '#syz fix', '#syz dup', or '#syz invalid' command in reply to the
> original thread, as explained at https://goo.gl/tpsmEJ#status
>
> If you believe I misattributed a bug to the vhost subsystem, please let me know,
> and if possible forward the report to the correct people or mailing list.
>
> Here are the bugs:
>
> --------------------------------------------------------------------------------
> Title: KASAN: use-after-free Write in tlb_finish_mmu
> Last occurred: 5 days ago
> Reported: 4 days ago
> Branches: Mainline
> Dashboard link: https://syzkaller.appspot.com/bug?id=d57b94f89e48c85ef7d95acc208209ea4bdc10de
> Original thread: https://lkml.kernel.org/lkml/00000000000045e7a1058e02458a@google.com/T/#u
>
> This bug has a syzkaller reproducer only.
>
> This bug was bisected to:
>
> commit 7f466032dc9e5a61217f22ea34b2df932786bbfc
> Author: Jason Wang <jasowang@redhat.com>
> Date: Fri May 24 08:12:18 2019 +0000
>
> vhost: access vq metadata through kernel virtual address
>
> No one has replied to the original thread for this bug yet.
>
> If you fix this bug, please add the following tag to the commit:
> Reported-by: syzbot+8267e9af795434ffadad@syzkaller.appspotmail.com
>
> If you send any email or patch for this bug, please reply to the original
> thread. For the git send-email command to use, or tips on how to reply if the
> thread isn't in your mailbox, see the "Reply instructions" at
> https://lkml.kernel.org/r/00000000000045e7a1058e02458a@google.com
>
> --------------------------------------------------------------------------------
> Title: KASAN: use-after-free Read in finish_task_switch (2)
> Last occurred: 5 days ago
> Reported: 4 days ago
> Branches: Mainline
> Dashboard link: https://syzkaller.appspot.com/bug?id=9a98fcad6c8bd31f5c3afbdc6c75de9f082c0ffa
> Original thread: https://lkml.kernel.org/lkml/000000000000490679058e0245ee@google.com/T/#u
>
> This bug has a syzkaller reproducer only.
>
> This bug was bisected to:
>
> commit 7f466032dc9e5a61217f22ea34b2df932786bbfc
> Author: Jason Wang <jasowang@redhat.com>
> Date: Fri May 24 08:12:18 2019 +0000
>
> vhost: access vq metadata through kernel virtual address
>
> No one has replied to the original thread for this bug yet.
Hi:
We believe above two bugs are duplicated with the report "WARNING in
__mmdrop". Can I just dup them with
#syz dup "WARNING in __mmdrop"
(If yes, just wonder how syzbot differ bugs, technically, several
different bug can hit the same warning).
>
> If you fix this bug, please add the following tag to the commit:
> Reported-by: syzbot+7f067c796eee2acbc57a@syzkaller.appspotmail.com
>
> If you send any email or patch for this bug, please reply to the original
> thread. For the git send-email command to use, or tips on how to reply if the
> thread isn't in your mailbox, see the "Reply instructions" at
> https://lkml.kernel.org/r/000000000000490679058e0245ee@google.com
>
> --------------------------------------------------------------------------------
> Title: memory leak in vhost_net_ioctl
> Last occurred: 22 days ago
> Reported: 48 days ago
> Branches: Mainline
> Dashboard link: https://syzkaller.appspot.com/bug?id=12ba349d7e26ccfe95317bc376e812ebbae2ee0f
> Original thread: https://lkml.kernel.org/lkml/000000000000188da1058a9c25e3@google.com/T/#u
>
> This bug has a C reproducer.
>
> The original thread for this bug has received 4 replies; the last was 39 days
> ago.
>
> If you fix this bug, please add the following tag to the commit:
> Reported-by: syzbot+0789f0c7e45efd7bb643@syzkaller.appspotmail.com
I do remember it can not be reproduced upstream, let me double check and
close this one.
Thanks
>
> If you send any email or patch for this bug, please consider replying to the
> original thread. For the git send-email command to use, or tips on how to reply
> if the thread isn't in your mailbox, see the "Reply instructions" at
> https://lkml.kernel.org/r/000000000000188da1058a9c25e3@google.com
>
^ permalink raw reply
* Re: Re: Reminder: 3 open syzbot bugs in vhost subsystem
From: syzbot @ 2019-07-24 3:05 UTC (permalink / raw)
To: Jason Wang
Cc: jasowang, kvm, linux-kernel, mst, netdev, syzkaller-bugs,
virtualization
In-Reply-To: <fabf96ac-e472-c7fd-07ff-486fe03e6433@redhat.com>
> On 2019/7/24 上午10:38, Eric Biggers wrote:
>> [This email was generated by a script. Let me know if you have any
>> suggestions
>> to make it better, or if you want it re-generated with the latest
>> status.]
>> Of the currently open syzbot reports against the upstream kernel, I've
>> manually
>> marked 3 of them as possibly being bugs in the vhost subsystem. I've
>> listed
>> these reports below, sorted by an algorithm that tries to list first the
>> reports
>> most likely to be still valid, important, and actionable.
>> Of these 3 bugs, 2 were seen in mainline in the last week.
>> Of these 3 bugs, 2 were bisected to commits from the following person:
>> Jason Wang <jasowang@redhat.com>
>> If you believe a bug is no longer valid, please close the syzbot report
>> by
>> sending a '#syz fix', '#syz dup', or '#syz invalid' command in reply to
>> the
>> original thread, as explained at https://goo.gl/tpsmEJ#status
>> If you believe I misattributed a bug to the vhost subsystem, please let
>> me know,
>> and if possible forward the report to the correct people or mailing list.
>> Here are the bugs:
>> --------------------------------------------------------------------------------
>> Title: KASAN: use-after-free Write in tlb_finish_mmu
>> Last occurred: 5 days ago
>> Reported: 4 days ago
>> Branches: Mainline
>> Dashboard link:
>> https://syzkaller.appspot.com/bug?id=d57b94f89e48c85ef7d95acc208209ea4bdc10de
>> Original thread:
>> https://lkml.kernel.org/lkml/00000000000045e7a1058e02458a@google.com/T/#u
>> This bug has a syzkaller reproducer only.
>> This bug was bisected to:
>> commit 7f466032dc9e5a61217f22ea34b2df932786bbfc
>> Author: Jason Wang <jasowang@redhat.com>
>> Date: Fri May 24 08:12:18 2019 +0000
>> vhost: access vq metadata through kernel virtual address
>> No one has replied to the original thread for this bug yet.
>> If you fix this bug, please add the following tag to the commit:
>> Reported-by: syzbot+8267e9af795434ffadad@syzkaller.appspotmail.com
>> If you send any email or patch for this bug, please reply to the original
>> thread. For the git send-email command to use, or tips on how to reply
>> if the
>> thread isn't in your mailbox, see the "Reply instructions" at
>> https://lkml.kernel.org/r/00000000000045e7a1058e02458a@google.com
>> --------------------------------------------------------------------------------
>> Title: KASAN: use-after-free Read in finish_task_switch (2)
>> Last occurred: 5 days ago
>> Reported: 4 days ago
>> Branches: Mainline
>> Dashboard link:
>> https://syzkaller.appspot.com/bug?id=9a98fcad6c8bd31f5c3afbdc6c75de9f082c0ffa
>> Original thread:
>> https://lkml.kernel.org/lkml/000000000000490679058e0245ee@google.com/T/#u
>> This bug has a syzkaller reproducer only.
>> This bug was bisected to:
>> commit 7f466032dc9e5a61217f22ea34b2df932786bbfc
>> Author: Jason Wang <jasowang@redhat.com>
>> Date: Fri May 24 08:12:18 2019 +0000
>> vhost: access vq metadata through kernel virtual address
>> No one has replied to the original thread for this bug yet.
> Hi:
> We believe above two bugs are duplicated with the report "WARNING in
> __mmdrop". Can I just dup them with
> #syz dup "WARNING in __mmdrop"
I see the command but can't find the corresponding bug.
Please resend the email to syzbot+HASH@syzkaller.appspotmail.com address
that is the sender of the bug report (also present in the Reported-by tag).
> (If yes, just wonder how syzbot differ bugs, technically, several
> different bug can hit the same warning).
>> If you fix this bug, please add the following tag to the commit:
>> Reported-by: syzbot+7f067c796eee2acbc57a@syzkaller.appspotmail.com
>> If you send any email or patch for this bug, please reply to the original
>> thread. For the git send-email command to use, or tips on how to reply
>> if the
>> thread isn't in your mailbox, see the "Reply instructions" at
>> https://lkml.kernel.org/r/000000000000490679058e0245ee@google.com
>> --------------------------------------------------------------------------------
>> Title: memory leak in vhost_net_ioctl
>> Last occurred: 22 days ago
>> Reported: 48 days ago
>> Branches: Mainline
>> Dashboard link:
>> https://syzkaller.appspot.com/bug?id=12ba349d7e26ccfe95317bc376e812ebbae2ee0f
>> Original thread:
>> https://lkml.kernel.org/lkml/000000000000188da1058a9c25e3@google.com/T/#u
>> This bug has a C reproducer.
>> The original thread for this bug has received 4 replies; the last was 39
>> days
>> ago.
>> If you fix this bug, please add the following tag to the commit:
>> Reported-by: syzbot+0789f0c7e45efd7bb643@syzkaller.appspotmail.com
> I do remember it can not be reproduced upstream, let me double check and
> close this one.
> Thanks
>> If you send any email or patch for this bug, please consider replying to
>> the
>> original thread. For the git send-email command to use, or tips on how
>> to reply
>> if the thread isn't in your mailbox, see the "Reply instructions" at
>> https://lkml.kernel.org/r/000000000000188da1058a9c25e3@google.com
> --
> You received this message because you are subscribed to the Google
> Groups "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to syzkaller-bugs+unsubscribe@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/syzkaller-bugs/fabf96ac-e472-c7fd-07ff-486fe03e6433%40redhat.com.
^ permalink raw reply
* Re: Reminder: 3 open syzbot bugs in vhost subsystem
From: Eric Biggers @ 2019-07-24 3:13 UTC (permalink / raw)
To: Jason Wang
Cc: kvm, virtualization, netdev, Michael S. Tsirkin, linux-kernel,
syzkaller-bugs
In-Reply-To: <fabf96ac-e472-c7fd-07ff-486fe03e6433@redhat.com>
On Wed, Jul 24, 2019 at 11:05:14AM +0800, Jason Wang wrote:
> > --------------------------------------------------------------------------------
> > Title: KASAN: use-after-free Write in tlb_finish_mmu
> > Last occurred: 5 days ago
> > Reported: 4 days ago
> > Branches: Mainline
> > Dashboard link: https://syzkaller.appspot.com/bug?id=d57b94f89e48c85ef7d95acc208209ea4bdc10de
> > Original thread: https://lkml.kernel.org/lkml/00000000000045e7a1058e02458a@google.com/T/#u
> >
> > This bug has a syzkaller reproducer only.
> >
> > This bug was bisected to:
> >
> > commit 7f466032dc9e5a61217f22ea34b2df932786bbfc
> > Author: Jason Wang <jasowang@redhat.com>
> > Date: Fri May 24 08:12:18 2019 +0000
> >
> > vhost: access vq metadata through kernel virtual address
> >
> > No one has replied to the original thread for this bug yet.
> >
> > If you fix this bug, please add the following tag to the commit:
> > Reported-by: syzbot+8267e9af795434ffadad@syzkaller.appspotmail.com
> >
> > If you send any email or patch for this bug, please reply to the original
> > thread. For the git send-email command to use, or tips on how to reply if the
> > thread isn't in your mailbox, see the "Reply instructions" at
> > https://lkml.kernel.org/r/00000000000045e7a1058e02458a@google.com
> >
> > --------------------------------------------------------------------------------
> > Title: KASAN: use-after-free Read in finish_task_switch (2)
> > Last occurred: 5 days ago
> > Reported: 4 days ago
> > Branches: Mainline
> > Dashboard link: https://syzkaller.appspot.com/bug?id=9a98fcad6c8bd31f5c3afbdc6c75de9f082c0ffa
> > Original thread: https://lkml.kernel.org/lkml/000000000000490679058e0245ee@google.com/T/#u
> >
> > This bug has a syzkaller reproducer only.
> >
> > This bug was bisected to:
> >
> > commit 7f466032dc9e5a61217f22ea34b2df932786bbfc
> > Author: Jason Wang <jasowang@redhat.com>
> > Date: Fri May 24 08:12:18 2019 +0000
> >
> > vhost: access vq metadata through kernel virtual address
> >
> > No one has replied to the original thread for this bug yet.
>
>
> Hi:
>
> We believe above two bugs are duplicated with the report "WARNING in
> __mmdrop". Can I just dup them with
>
> #syz dup "WARNING in __mmdrop"
>
> (If yes, just wonder how syzbot differ bugs, technically, several different
> bug can hit the same warning).
>
Yes, please mark them as duplicates; see https://goo.gl/tpsmEJ#status for
correct syntax. You need to send the command to the syzbot email address
specific to each bug. Easiest way is to reply to the original threads.
- Eric
^ permalink raw reply
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox