lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <000000000000912425058e6494cb@google.com>
Date:   Tue, 23 Jul 2019 20:05:23 -0700
From:   syzbot <syzbot+@...kaller.appspotmail.com>
To:     Jason Wang <jasowang@...hat.com>
Cc:     jasowang@...hat.com, kvm@...r.kernel.org,
        linux-kernel@...r.kernel.org, mst@...hat.com,
        netdev@...r.kernel.org, syzkaller-bugs@...glegroups.com,
        virtualization@...ts.linux-foundation.org
Subject: Re: Re: Reminder: 3 open syzbot bugs in vhost subsystem


> On 2019/7/24 上午10:38, Eric Biggers wrote:
>> [This email was generated by a script.  Let me know if you have any  
>> suggestions
>> to make it better, or if you want it re-generated with the latest  
>> status.]

>> Of the currently open syzbot reports against the upstream kernel, I've  
>> manually
>> marked 3 of them as possibly being bugs in the vhost subsystem.  I've  
>> listed
>> these reports below, sorted by an algorithm that tries to list first the  
>> reports
>> most likely to be still valid, important, and actionable.

>> Of these 3 bugs, 2 were seen in mainline in the last week.

>> Of these 3 bugs, 2 were bisected to commits from the following person:

>> 	Jason Wang <jasowang@...hat.com>

>> If you believe a bug is no longer valid, please close the syzbot report  
>> by
>> sending a '#syz fix', '#syz dup', or '#syz invalid' command in reply to  
>> the
>> original thread, as explained at https://goo.gl/tpsmEJ#status

>> If you believe I misattributed a bug to the vhost subsystem, please let  
>> me know,
>> and if possible forward the report to the correct people or mailing list.

>> Here are the bugs:

>> --------------------------------------------------------------------------------
>> Title:              KASAN: use-after-free Write in tlb_finish_mmu
>> Last occurred:      5 days ago
>> Reported:           4 days ago
>> Branches:           Mainline
>> Dashboard link:      
>> https://syzkaller.appspot.com/bug?id=d57b94f89e48c85ef7d95acc208209ea4bdc10de
>> Original thread:     
>> https://lkml.kernel.org/lkml/00000000000045e7a1058e02458a@google.com/T/#u

>> This bug has a syzkaller reproducer only.

>> This bug was bisected to:

>> 	commit 7f466032dc9e5a61217f22ea34b2df932786bbfc
>> 	Author: Jason Wang <jasowang@...hat.com>
>> 	Date:   Fri May 24 08:12:18 2019 +0000

>> 	  vhost: access vq metadata through kernel virtual address

>> No one has replied to the original thread for this bug yet.

>> If you fix this bug, please add the following tag to the commit:
>>       Reported-by: syzbot+8267e9af795434ffadad@...kaller.appspotmail.com

>> If you send any email or patch for this bug, please reply to the original
>> thread.  For the git send-email command to use, or tips on how to reply  
>> if the
>> thread isn't in your mailbox, see the "Reply instructions" at
>> https://lkml.kernel.org/r/00000000000045e7a1058e02458a@google.com

>> --------------------------------------------------------------------------------
>> Title:              KASAN: use-after-free Read in finish_task_switch (2)
>> Last occurred:      5 days ago
>> Reported:           4 days ago
>> Branches:           Mainline
>> Dashboard link:      
>> https://syzkaller.appspot.com/bug?id=9a98fcad6c8bd31f5c3afbdc6c75de9f082c0ffa
>> Original thread:     
>> https://lkml.kernel.org/lkml/000000000000490679058e0245ee@google.com/T/#u

>> This bug has a syzkaller reproducer only.

>> This bug was bisected to:

>> 	commit 7f466032dc9e5a61217f22ea34b2df932786bbfc
>> 	Author: Jason Wang <jasowang@...hat.com>
>> 	Date:   Fri May 24 08:12:18 2019 +0000

>> 	  vhost: access vq metadata through kernel virtual address

>> No one has replied to the original thread for this bug yet.


> Hi:

> We believe above two bugs are duplicated with the report "WARNING in
> __mmdrop". Can I just dup them with

> #syz dup "WARNING in __mmdrop"

I see the command but can't find the corresponding bug.
Please resend the email to syzbot+HASH@...kaller.appspotmail.com address
that is the sender of the bug report (also present in the Reported-by tag).


> (If yes, just wonder how syzbot differ bugs, technically, several
> different bug can hit the same warning).



>> If you fix this bug, please add the following tag to the commit:
>>       Reported-by: syzbot+7f067c796eee2acbc57a@...kaller.appspotmail.com

>> If you send any email or patch for this bug, please reply to the original
>> thread.  For the git send-email command to use, or tips on how to reply  
>> if the
>> thread isn't in your mailbox, see the "Reply instructions" at
>> https://lkml.kernel.org/r/000000000000490679058e0245ee@google.com

>> --------------------------------------------------------------------------------
>> Title:              memory leak in vhost_net_ioctl
>> Last occurred:      22 days ago
>> Reported:           48 days ago
>> Branches:           Mainline
>> Dashboard link:      
>> https://syzkaller.appspot.com/bug?id=12ba349d7e26ccfe95317bc376e812ebbae2ee0f
>> Original thread:     
>> https://lkml.kernel.org/lkml/000000000000188da1058a9c25e3@google.com/T/#u

>> This bug has a C reproducer.

>> The original thread for this bug has received 4 replies; the last was 39  
>> days
>> ago.

>> If you fix this bug, please add the following tag to the commit:
>>       Reported-by: syzbot+0789f0c7e45efd7bb643@...kaller.appspotmail.com


> I do remember it can not be reproduced upstream, let me double check and
> close this one.

> Thanks



>> If you send any email or patch for this bug, please consider replying to  
>> the
>> original thread.  For the git send-email command to use, or tips on how  
>> to reply
>> if the thread isn't in your mailbox, see the "Reply instructions" at
>> https://lkml.kernel.org/r/000000000000188da1058a9c25e3@google.com


> --
> You received this message because you are subscribed to the Google  
> Groups "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an  
> email to syzkaller-bugs+unsubscribe@...glegroups.com.
> To view this discussion on the web visit  
> https://groups.google.com/d/msgid/syzkaller-bugs/fabf96ac-e472-c7fd-07ff-486fe03e6433%40redhat.com.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ