similar to: KASAN: use-after-free Read in vhost_transport_send_pkt

On Thu, Jul 26, 2018 at 11:29 AM, syzbot <syzbot+604f8271211546f5b3c7 at syzkaller.appspotmail.com> wrote: > Hello, > > syzbot found the following crash on: > > HEAD commit: dc66fe43b7eb rds: send: Fix dead code in rds_sendmsg > git tree: net-next > console output: https://syzkaller.appspot.com/x/log.txt?x=127874c8400000 > kernel config:

On Thu, Jul 26, 2018 at 11:29 AM, syzbot <syzbot+604f8271211546f5b3c7 at syzkaller.appspotmail.com> wrote: > Hello, > > syzbot found the following crash on: > > HEAD commit: dc66fe43b7eb rds: send: Fix dead code in rds_sendmsg > git tree: net-next > console output: https://syzkaller.appspot.com/x/log.txt?x=127874c8400000 > kernel config:

On Mon, Apr 6, 2020 at 8:46 AM syzbot <syzbot+d3a7951ed361037407db at syzkaller.appspotmail.com> wrote: > > Hello, > > syzbot found the following crash on: > > HEAD commit: ffc1c20c Merge tag 'for-5.7/dm-changes' of git://git.kerne.. > git tree: upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=1690471fe00000 > kernel config:

On Mon, Apr 6, 2020 at 8:46 AM syzbot <syzbot+d3a7951ed361037407db at syzkaller.appspotmail.com> wrote: > > Hello, > > syzbot found the following crash on: > > HEAD commit: ffc1c20c Merge tag 'for-5.7/dm-changes' of git://git.kerne.. > git tree: upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=1690471fe00000 > kernel config:

On 2018?08?07? 19:16, syzbot wrote: > Hello, > > syzbot found the following crash on: > > HEAD commit:??? e30cb13c5a09 Merge > git://git.kernel.org/pub/scm/linux/kern.. > git tree:?????? upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=10a153e0400000 > kernel config: https://syzkaller.appspot.com/x/.config?x=2dc0cd7c2eefb46f > dashboard link:

On Tue, May 30, 2023 at 12:30:06AM -0700, syzbot wrote: > Hello, > > syzbot found the following issue on: > > HEAD commit: 933174ae28ba Merge tag 'spi-fix-v6.4-rc3' of git://git.ker.. > git tree: upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=138d4ae5280000 > kernel config: https://syzkaller.appspot.com/x/.config?x=f389ffdf4e9ba3f0

On 2019/7/24 ??10:38, Eric Biggers wrote: > [This email was generated by a script. Let me know if you have any suggestions > to make it better, or if you want it re-generated with the latest status.] > > Of the currently open syzbot reports against the upstream kernel, I've manually > marked 3 of them as possibly being bugs in the vhost subsystem. I've listed > these

On Thu, Aug 06, 2020 at 03:46:23AM -0700, syzbot wrote: > Hello, > > syzbot found the following issue on: > > HEAD commit: 47ec5303 Merge git://git.kernel.org/pub/scm/linux/kernel/g.. > git tree: upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=16fe1dea900000 > kernel config: https://syzkaller.appspot.com/x/.config?x=7c06047f622c5724 >

On Sat, Apr 7, 2018 at 3:02 AM, syzbot <syzbot+65a84dde0214b0387ccd at syzkaller.appspotmail.com> wrote: > syzbot hit the following crash on upstream commit > 38c23685b273cfb4ccf31a199feccce3bdcb5d83 (Fri Apr 6 04:29:35 2018 +0000) > Merge tag 'armsoc-drivers' of > git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc > syzbot dashboard link: >

On Sat, Apr 7, 2018 at 3:02 AM, syzbot <syzbot+65a84dde0214b0387ccd at syzkaller.appspotmail.com> wrote: > syzbot hit the following crash on upstream commit > 38c23685b273cfb4ccf31a199feccce3bdcb5d83 (Fri Apr 6 04:29:35 2018 +0000) > Merge tag 'armsoc-drivers' of > git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc > syzbot dashboard link: >

[ Added Thomas Gleixner ] On Thu, 26 Jul 2018 11:34:39 +0200 Dmitry Vyukov <dvyukov at google.com> wrote: > On Thu, Jul 26, 2018 at 11:29 AM, syzbot > <syzbot+604f8271211546f5b3c7 at syzkaller.appspotmail.com> wrote: > > Hello, > > > > syzbot found the following crash on: > > > > HEAD commit: dc66fe43b7eb rds: send: Fix dead code in rds_sendmsg

On Thu, Jul 5, 2018 at 6:59 AM, syzbot <syzbot+4e955f82549d361ed655 at syzkaller.appspotmail.com> wrote: > Hello, > > syzbot found the following crash on: > > HEAD commit: 2bdea157b999 Merge branch 'sctp-fully-support-for-dscp-and.. > git tree: bpf-next > console output: https://syzkaller.appspot.com/x/log.txt?x=178c5e68400000 > kernel config:

On 2018?05?17? 21:45, DaeRyong Jeong wrote: > We report the crash: KASAN: use-after-free Read in vhost_chr_write_iter > > This crash has been found in v4.17-rc1 using RaceFuzzer (a modified > version of Syzkaller), which we describe more at the end of this > report. Our analysis shows that the race occurs when invoking two > syscalls concurrently, write$vnet and

On 2018?05?17? 21:45, DaeRyong Jeong wrote: > We report the crash: KASAN: use-after-free Read in vhost_chr_write_iter > > This crash has been found in v4.17-rc1 using RaceFuzzer (a modified > version of Syzkaller), which we describe more at the end of this > report. Our analysis shows that the race occurs when invoking two > syscalls concurrently, write$vnet and

On Fri, Sep 21, 2018 at 12:31:05AM -0700, Jorgen Hansen wrote: > When adding a VMCI resource, the check for an existing entry > would ignore that the new entry could be a wildcard. This could > result in multiple resource entries that would match a given > handle. One disastrous outcome of this is that the > refcounting used to ensure that delayed callbacks for VMCI > datagrams

On Fri, Sep 21, 2018 at 12:31:05AM -0700, Jorgen Hansen wrote: > When adding a VMCI resource, the check for an existing entry > would ignore that the new entry could be a wildcard. This could > result in multiple resource entries that would match a given > handle. One disastrous outcome of this is that the > refcounting used to ensure that delayed callbacks for VMCI > datagrams

On Mon, May 21, 2018 at 10:38:10AM +0800, Jason Wang wrote: > > > On 2018?05?18? 17:24, Jason Wang wrote: > > > > > > On 2018?05?17? 21:45, DaeRyong Jeong wrote: > > > We report the crash: KASAN: use-after-free Read in vhost_chr_write_iter > > > > > > This crash has been found in v4.17-rc1 using RaceFuzzer (a modified > > >

On Mon, May 21, 2018 at 10:38:10AM +0800, Jason Wang wrote: > > > On 2018?05?18? 17:24, Jason Wang wrote: > > > > > > On 2018?05?17? 21:45, DaeRyong Jeong wrote: > > > We report the crash: KASAN: use-after-free Read in vhost_chr_write_iter > > > > > > This crash has been found in v4.17-rc1 using RaceFuzzer (a modified > > >

On Wed, Oct 2, 2019 at 5:45 PM syzbot <syzbot+3f3e5e77d793c7a6fe6c at syzkaller.appspotmail.com> wrote: > > Hello, > > syzbot found the following crash on: > > HEAD commit: a32db7e1 Add linux-next specific files for 20191002 > git tree: linux-next > console output: https://syzkaller.appspot.com/x/log.txt?x=175ab7cd600000 > kernel config:

#syz test: https://github.com/google/kmsan.git/master d2d741e5d1898dfde1a75ea3d29a9a3e2edf0617 Subject: vhost: fix info leak Fixes: CVE-2018-1118 Signed-off-by: Michael S. Tsirkin <mst at redhat.com> --- diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c index f0be5f35ab28..9beefa6ed1ce 100644 --- a/drivers/vhost/vhost.c +++ b/drivers/vhost/vhost.c @@ -2345,6 +2345,9 @@ struct