lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <fabf96ac-e472-c7fd-07ff-486fe03e6433@redhat.com>
Date:   Wed, 24 Jul 2019 11:05:14 +0800
From:   Jason Wang <jasowang@...hat.com>
To:     kvm@...r.kernel.org, virtualization@...ts.linux-foundation.org,
        netdev@...r.kernel.org, "Michael S. Tsirkin" <mst@...hat.com>,
        linux-kernel@...r.kernel.org, syzkaller-bugs@...glegroups.com
Subject: Re: Reminder: 3 open syzbot bugs in vhost subsystem


On 2019/7/24 上午10:38, Eric Biggers wrote:
> [This email was generated by a script.  Let me know if you have any suggestions
> to make it better, or if you want it re-generated with the latest status.]
>
> Of the currently open syzbot reports against the upstream kernel, I've manually
> marked 3 of them as possibly being bugs in the vhost subsystem.  I've listed
> these reports below, sorted by an algorithm that tries to list first the reports
> most likely to be still valid, important, and actionable.
>
> Of these 3 bugs, 2 were seen in mainline in the last week.
>
> Of these 3 bugs, 2 were bisected to commits from the following person:
>
> 	Jason Wang <jasowang@...hat.com>
>
> If you believe a bug is no longer valid, please close the syzbot report by
> sending a '#syz fix', '#syz dup', or '#syz invalid' command in reply to the
> original thread, as explained at https://goo.gl/tpsmEJ#status
>
> If you believe I misattributed a bug to the vhost subsystem, please let me know,
> and if possible forward the report to the correct people or mailing list.
>
> Here are the bugs:
>
> --------------------------------------------------------------------------------
> Title:              KASAN: use-after-free Write in tlb_finish_mmu
> Last occurred:      5 days ago
> Reported:           4 days ago
> Branches:           Mainline
> Dashboard link:     https://syzkaller.appspot.com/bug?id=d57b94f89e48c85ef7d95acc208209ea4bdc10de
> Original thread:    https://lkml.kernel.org/lkml/00000000000045e7a1058e02458a@google.com/T/#u
>
> This bug has a syzkaller reproducer only.
>
> This bug was bisected to:
>
> 	commit 7f466032dc9e5a61217f22ea34b2df932786bbfc
> 	Author: Jason Wang <jasowang@...hat.com>
> 	Date:   Fri May 24 08:12:18 2019 +0000
>
> 	  vhost: access vq metadata through kernel virtual address
>
> No one has replied to the original thread for this bug yet.
>
> If you fix this bug, please add the following tag to the commit:
>      Reported-by: syzbot+8267e9af795434ffadad@...kaller.appspotmail.com
>
> If you send any email or patch for this bug, please reply to the original
> thread.  For the git send-email command to use, or tips on how to reply if the
> thread isn't in your mailbox, see the "Reply instructions" at
> https://lkml.kernel.org/r/00000000000045e7a1058e02458a@google.com
>
> --------------------------------------------------------------------------------
> Title:              KASAN: use-after-free Read in finish_task_switch (2)
> Last occurred:      5 days ago
> Reported:           4 days ago
> Branches:           Mainline
> Dashboard link:     https://syzkaller.appspot.com/bug?id=9a98fcad6c8bd31f5c3afbdc6c75de9f082c0ffa
> Original thread:    https://lkml.kernel.org/lkml/000000000000490679058e0245ee@google.com/T/#u
>
> This bug has a syzkaller reproducer only.
>
> This bug was bisected to:
>
> 	commit 7f466032dc9e5a61217f22ea34b2df932786bbfc
> 	Author: Jason Wang <jasowang@...hat.com>
> 	Date:   Fri May 24 08:12:18 2019 +0000
>
> 	  vhost: access vq metadata through kernel virtual address
>
> No one has replied to the original thread for this bug yet.


Hi:

We believe above two bugs are duplicated with the report "WARNING in 
__mmdrop". Can I just dup them with

#syz dup "WARNING in __mmdrop"

(If yes, just wonder how syzbot differ bugs, technically, several 
different bug can hit the same warning).


>
> If you fix this bug, please add the following tag to the commit:
>      Reported-by: syzbot+7f067c796eee2acbc57a@...kaller.appspotmail.com
>
> If you send any email or patch for this bug, please reply to the original
> thread.  For the git send-email command to use, or tips on how to reply if the
> thread isn't in your mailbox, see the "Reply instructions" at
> https://lkml.kernel.org/r/000000000000490679058e0245ee@google.com
>
> --------------------------------------------------------------------------------
> Title:              memory leak in vhost_net_ioctl
> Last occurred:      22 days ago
> Reported:           48 days ago
> Branches:           Mainline
> Dashboard link:     https://syzkaller.appspot.com/bug?id=12ba349d7e26ccfe95317bc376e812ebbae2ee0f
> Original thread:    https://lkml.kernel.org/lkml/000000000000188da1058a9c25e3@google.com/T/#u
>
> This bug has a C reproducer.
>
> The original thread for this bug has received 4 replies; the last was 39 days
> ago.
>
> If you fix this bug, please add the following tag to the commit:
>      Reported-by: syzbot+0789f0c7e45efd7bb643@...kaller.appspotmail.com


I do remember it can not be reproduced upstream, let me double check and 
close this one.

Thanks


>
> If you send any email or patch for this bug, please consider replying to the
> original thread.  For the git send-email command to use, or tips on how to reply
> if the thread isn't in your mailbox, see the "Reply instructions" at
> https://lkml.kernel.org/r/000000000000188da1058a9c25e3@google.com
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ