similar to: upstream boot error: KASAN: slab-out-of-bounds Write in virtio_gpu_object_create

On Mon, Apr 6, 2020 at 10:06 AM Gerd Hoffmann <kraxel at redhat.com> wrote: > > On Mon, Apr 06, 2020 at 09:07:44AM +0200, Dmitry Vyukov wrote: > > On Mon, Apr 6, 2020 at 8:46 AM syzbot > > <syzbot+d3a7951ed361037407db at syzkaller.appspotmail.com> wrote: > > > > > > Hello, > > > > > > syzbot found the following crash on: > >

On Mon, Apr 6, 2020 at 10:06 AM Gerd Hoffmann <kraxel at redhat.com> wrote: > > On Mon, Apr 06, 2020 at 09:07:44AM +0200, Dmitry Vyukov wrote: > > On Mon, Apr 6, 2020 at 8:46 AM syzbot > > <syzbot+d3a7951ed361037407db at syzkaller.appspotmail.com> wrote: > > > > > > Hello, > > > > > > syzbot found the following crash on: > >

On Thu, Aug 06, 2020 at 03:46:23AM -0700, syzbot wrote: > Hello, > > syzbot found the following issue on: > > HEAD commit: 47ec5303 Merge git://git.kernel.org/pub/scm/linux/kernel/g.. > git tree: upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=16fe1dea900000 > kernel config: https://syzkaller.appspot.com/x/.config?x=7c06047f622c5724 >

On Mon, Apr 06, 2020 at 09:07:44AM +0200, Dmitry Vyukov wrote: > On Mon, Apr 6, 2020 at 8:46 AM syzbot > <syzbot+d3a7951ed361037407db at syzkaller.appspotmail.com> wrote: > > > > Hello, > > > > syzbot found the following crash on: > > > > HEAD commit: ffc1c20c Merge tag 'for-5.7/dm-changes' of git://git.kerne.. > > git tree:

Hi, > > > +drivers/gpu/drm/virtio/virtgpu_object.c maintainers > > > Now we have both mainline and linux-next boot broken (linux-next is > > > broken for the past 40 days). > > > No testing of new code happens. > > > > > > > virtio_gpu_object_shmem_init drivers/gpu/drm/virtio/virtgpu_object.c:151 [inline] > > > >

On Mon, Jul 30, 2018 at 11:15:03AM -0700, syzbot wrote: > Hello, > > syzbot found the following crash on: > > HEAD commit: acb1872577b3 Linux 4.18-rc7 > git tree: upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=14eb932c400000 > kernel config: https://syzkaller.appspot.com/x/.config?x=2dc0cd7c2eefb46f > dashboard link:

Looks like more iotlb locking mess? On Tue, Mar 19, 2019 at 10:21:00PM -0700, syzbot wrote: > syzbot has bisected this bug to: > > commit 6b1e6cc7855b09a0a9bfa1d9f30172ba366f161c > Author: Jason Wang <jasowang at redhat.com> > Date: Thu Jun 23 06:04:32 2016 +0000 > > vhost: new device IOTLB API > > bisection log:

Looks like more iotlb locking mess? On Tue, Mar 19, 2019 at 10:21:00PM -0700, syzbot wrote: > syzbot has bisected this bug to: > > commit 6b1e6cc7855b09a0a9bfa1d9f30172ba366f161c > Author: Jason Wang <jasowang at redhat.com> > Date: Thu Jun 23 06:04:32 2016 +0000 > > vhost: new device IOTLB API > > bisection log:

Fri, 26 Jul 2019 08:26:01 -0700 (PDT) > syzbot has bisected this bug to: > > commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 > Author: Linus Torvalds <torvalds at linux-foundation.org> > Date: Sun Jul 7 22:41:56 2019 +0000 > > Linux 5.2 > > bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=118810bfa00000 > start commit: 13bf6d6a Add

On 2019/7/24 ??10:38, Eric Biggers wrote: > [This email was generated by a script. Let me know if you have any suggestions > to make it better, or if you want it re-generated with the latest status.] > > Of the currently open syzbot reports against the upstream kernel, I've manually > marked 3 of them as possibly being bugs in the vhost subsystem. I've listed > these

On Sat, Apr 7, 2018 at 3:02 AM, syzbot <syzbot+65a84dde0214b0387ccd at syzkaller.appspotmail.com> wrote: > syzbot hit the following crash on upstream commit > 38c23685b273cfb4ccf31a199feccce3bdcb5d83 (Fri Apr 6 04:29:35 2018 +0000) > Merge tag 'armsoc-drivers' of > git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc > syzbot dashboard link: >

On Sat, Apr 7, 2018 at 3:02 AM, syzbot <syzbot+65a84dde0214b0387ccd at syzkaller.appspotmail.com> wrote: > syzbot hit the following crash on upstream commit > 38c23685b273cfb4ccf31a199feccce3bdcb5d83 (Fri Apr 6 04:29:35 2018 +0000) > Merge tag 'armsoc-drivers' of > git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc > syzbot dashboard link: >

On Wed, 05 Jun 2019 16:42:05 -0700 (PDT) syzbot wrote: > Hello, > > syzbot found the following crash on: > > HEAD commit: 788a0249 Merge tag 'arc-5.2-rc4' of git://git.kernel.org/p.. > git tree: upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=15dc9ea6a00000 > kernel config: https://syzkaller.appspot.com/x/.config?x=d5c73825cbdc7326

On Wed, 05 Jun 2019 16:42:05 -0700 (PDT) syzbot wrote: > Hello, > > syzbot found the following crash on: > > HEAD commit: 788a0249 Merge tag 'arc-5.2-rc4' of git://git.kernel.org/p.. > git tree: upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=15dc9ea6a00000 > kernel config: https://syzkaller.appspot.com/x/.config?x=d5c73825cbdc7326

On Tue, May 30, 2023 at 12:30:06AM -0700, syzbot wrote: > Hello, > > syzbot found the following issue on: > > HEAD commit: 933174ae28ba Merge tag 'spi-fix-v6.4-rc3' of git://git.ker.. > git tree: upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=138d4ae5280000 > kernel config: https://syzkaller.appspot.com/x/.config?x=f389ffdf4e9ba3f0

Hello Dmitry On Thu, 13 Jun 2019 20:12:06 +0800 Dmitry Vyukov wrote: > On Thu, Jun 13, 2019 at 2:07 PM Hillf Danton <hdanton at sina.com> wrote: > > > > Hello Jason > > > > On Thu, 13 Jun 2019 17:10:39 +0800 Jason Wang wrote: > > > > > > This is basically a kfree(ubuf) after the second vhost_net_flush() in > > > vhost_net_release(). >

Hello Dmitry On Thu, 13 Jun 2019 20:12:06 +0800 Dmitry Vyukov wrote: > On Thu, Jun 13, 2019 at 2:07 PM Hillf Danton <hdanton at sina.com> wrote: > > > > Hello Jason > > > > On Thu, 13 Jun 2019 17:10:39 +0800 Jason Wang wrote: > > > > > > This is basically a kfree(ubuf) after the second vhost_net_flush() in > > > vhost_net_release(). >

On Mon, Apr 09, 2018 at 05:44:36AM +0300, Michael S. Tsirkin wrote: > On Mon, Apr 09, 2018 at 10:37:45AM +0800, Stefan Hajnoczi wrote: > > On Sat, Apr 7, 2018 at 3:02 AM, syzbot > > <syzbot+65a84dde0214b0387ccd at syzkaller.appspotmail.com> wrote: > > > syzbot hit the following crash on upstream commit > > > 38c23685b273cfb4ccf31a199feccce3bdcb5d83 (Fri Apr 6

We tried to remove vq poll from wait queue, but do not check whether or not it was in a list before. This will lead double free. Fixing this by switching to use vhost_poll_stop() which zeros poll->wqh after removing poll from waitqueue to make sure it won't be freed twice. Cc: Darren Kenny <darren.kenny at oracle.com> Reported-by: syzbot+c0272972b01b872e604a at

We tried to remove vq poll from wait queue, but do not check whether or not it was in a list before. This will lead double free. Fixing this by switching to use vhost_poll_stop() which zeros poll->wqh after removing poll from waitqueue to make sure it won't be freed twice. Cc: Darren Kenny <darren.kenny at oracle.com> Reported-by: syzbot+c0272972b01b872e604a at