similar to: memory leak in vhost_net_ioctl

On Wed, 05 Jun 2019 16:42:05 -0700 (PDT) syzbot wrote: > Hello, > > syzbot found the following crash on: > > HEAD commit: 788a0249 Merge tag 'arc-5.2-rc4' of git://git.kernel.org/p.. > git tree: upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=15dc9ea6a00000 > kernel config: https://syzkaller.appspot.com/x/.config?x=d5c73825cbdc7326

On Wed, 05 Jun 2019 16:42:05 -0700 (PDT) syzbot wrote: > Hello, > > syzbot found the following crash on: > > HEAD commit: 788a0249 Merge tag 'arc-5.2-rc4' of git://git.kernel.org/p.. > git tree: upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=15dc9ea6a00000 > kernel config: https://syzkaller.appspot.com/x/.config?x=d5c73825cbdc7326

Hello Syzbot On Fri, 14 Jun 2019 02:26:02 +0800 syzbot wrote: > > Hello, > > syzbot has tested the proposed patch but the reproducer still triggered crash: > memory leak in vhost_net_ioctl > Oh sorry for my poor patch. > ANGE): hsr_slave_1: link becomes ready > 2019/06/13 18:24:57 executed programs: 18 > BUG: memory leak > unreferenced object 0xffff88811cbc6ac0

Hello Syzbot On Fri, 14 Jun 2019 02:26:02 +0800 syzbot wrote: > > Hello, > > syzbot has tested the proposed patch but the reproducer still triggered crash: > memory leak in vhost_net_ioctl > Oh sorry for my poor patch. > ANGE): hsr_slave_1: link becomes ready > 2019/06/13 18:24:57 executed programs: 18 > BUG: memory leak > unreferenced object 0xffff88811cbc6ac0

Hello, syzbot found the following crash on: HEAD commit: 788a0249 Merge tag 'arc-5.2-rc4' of git://git.kernel.org/p.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=15dc9ea6a00000 kernel config: https://syzkaller.appspot.com/x/.config?x=d5c73825cbdc7326 dashboard link: https://syzkaller.appspot.com/bug?extid=0789f0c7e45efd7bb643 compiler: gcc

On 2019/6/6 ??10:40, Hillf Danton wrote: > > On Wed, 05 Jun 2019 16:42:05 -0700 (PDT) syzbot wrote: >> Hello, >> >> syzbot found the following crash on: >> >> HEAD commit:??? 788a0249 Merge tag 'arc-5.2-rc4' of >> git://git.kernel.org/p.. >> git tree:?????? upstream >> console output:

On Thu, Jun 13, 2019 at 4:15 PM Hillf Danton <hdanton at sina.com> wrote: > > > Hello Dmitry > > On Thu, 13 Jun 2019 20:12:06 +0800 Dmitry Vyukov wrote: > > On Thu, Jun 13, 2019 at 2:07 PM Hillf Danton <hdanton at sina.com> wrote: > > > > > > Hello Jason > > > > > > On Thu, 13 Jun 2019 17:10:39 +0800 Jason Wang wrote: > >

Hello, syzbot has tested the proposed patch but the reproducer still triggered crash: memory leak in batadv_tvlv_handler_register 484.626788][ T156] bond0 (unregistering): Releasing backup interface bond_slave_1 Warning: Permanently added '10.128.0.87' (ECDSA) to the list of known hosts. BUG: memory leak unreferenced object 0xffff88811d25c4c0 (size 64): comm

Hello Syzbot On Fri, 14 Jun 2019 11:04:03 +0800 syzbot wrote: > >Hello, > >syzbot has tested the proposed patch but the reproducer still triggered crash: >memory leak in batadv_tvlv_handler_register > It is not ubuf leak which is addressed in this thread. Good news. I will see this new leak soon. > 484.626788][ T156] bond0 (unregistering): Releasing backup interface

Hello Syzbot On Fri, 14 Jun 2019 11:04:03 +0800 syzbot wrote: > >Hello, > >syzbot has tested the proposed patch but the reproducer still triggered crash: >memory leak in batadv_tvlv_handler_register > > 484.626788][ T156] bond0 (unregistering): Releasing backup interface bond_slave_1 >Warning: Permanently added '10.128.0.87' (ECDSA) to the list of known hosts.

Hi! Seems we're facing some memory leak here. This is vanilla 2.6.19-rc6 on a x86_64 box, 4GB RAM. A simple `ls -Rn' on a filesystem with lots of files makes the box leak so much RAM that the OOM killer starts to kick in. With slab alloc debugging turned on, we see this: # mount; ls -Rn; wait some seconds; Ctrl-C [root@lnxp-1038:/backend1]$ cat /proc/slab_allocators | egrep

Looks like more iotlb locking mess? On Tue, Mar 19, 2019 at 10:21:00PM -0700, syzbot wrote: > syzbot has bisected this bug to: > > commit 6b1e6cc7855b09a0a9bfa1d9f30172ba366f161c > Author: Jason Wang <jasowang at redhat.com> > Date: Thu Jun 23 06:04:32 2016 +0000 > > vhost: new device IOTLB API > > bisection log:

Looks like more iotlb locking mess? On Tue, Mar 19, 2019 at 10:21:00PM -0700, syzbot wrote: > syzbot has bisected this bug to: > > commit 6b1e6cc7855b09a0a9bfa1d9f30172ba366f161c > Author: Jason Wang <jasowang at redhat.com> > Date: Thu Jun 23 06:04:32 2016 +0000 > > vhost: new device IOTLB API > > bisection log:

#syz test: https://github.com/google/kmsan.git/master d2d741e5d1898dfde1a75ea3d29a9a3e2edf0617 Subject: vhost: fix info leak Fixes: CVE-2018-1118 Signed-off-by: Michael S. Tsirkin <mst at redhat.com> --- diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c index f0be5f35ab28..9beefa6ed1ce 100644 --- a/drivers/vhost/vhost.c +++ b/drivers/vhost/vhost.c @@ -2345,6 +2345,9 @@ struct

#syz test: https://github.com/google/kmsan.git/master d2d741e5d1898dfde1a75ea3d29a9a3e2edf0617 Subject: vhost: fix info leak Fixes: CVE-2018-1118 Signed-off-by: Michael S. Tsirkin <mst at redhat.com> --- diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c index f0be5f35ab28..9beefa6ed1ce 100644 --- a/drivers/vhost/vhost.c +++ b/drivers/vhost/vhost.c @@ -2345,6 +2345,9 @@ struct

On 2019/7/24 ??10:38, Eric Biggers wrote: > [This email was generated by a script. Let me know if you have any suggestions > to make it better, or if you want it re-generated with the latest status.] > > Of the currently open syzbot reports against the upstream kernel, I've manually > marked 3 of them as possibly being bugs in the vhost subsystem. I've listed > these

We're currently support two paths from VFS to preallocate unwritten extents(from FS_IOC_RESVSP, or fallocate()), likewise, behavior of punching-hole should be treated as the same, this patch tries to teach file_ioctl() to handle FS_IOC_UNRESVSP, underlying filesystem like ocfs2 is wise enough to do the rest of work;-) Signed-off-by: Tristan Ye <tristan.ye at oracle.com> --- fs/ioctl.c

We're currently support two paths from VFS to preallocate unwritten extents(from FS_IOC_RESVSP, or fallocate()), likewise, behavior of punching-hole should be treated as the same, this patch tries to teach file_ioctl() to handle FS_IOC_UNRESVSP, underlying filesystem like ocfs2 is wise enough to do the rest of work;-) Signed-off-by: Tristan Ye <tristan.ye at oracle.com> --- fs/ioctl.c

Fri, 26 Jul 2019 08:26:01 -0700 (PDT) > syzbot has bisected this bug to: > > commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 > Author: Linus Torvalds <torvalds at linux-foundation.org> > Date: Sun Jul 7 22:41:56 2019 +0000 > > Linux 5.2 > > bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=118810bfa00000 > start commit: 13bf6d6a Add

On Thu, Jun 07, 2018 at 06:43:55PM +0100, Al Viro wrote: > On Thu, Jun 07, 2018 at 06:38:48PM +0300, Michael S. Tsirkin wrote: > > #syz test: https://github.com/google/kmsan.git/master d2d741e5d1898dfde1a75ea3d29a9a3e2edf0617 > > > > Subject: vhost: fix info leak > > > > Fixes: CVE-2018-1118 > > Signed-off-by: Michael S. Tsirkin <mst at redhat.com>