On Tue, Nov 20, 2018 at 1:05 PM, Greg Kroah-Hartman
wrote:
> On Tue, Nov 20, 2018 at 12:34:40PM +0100, Dmitry Vyukov wrote:
>> On Thu, Nov 15, 2018 at 1:56 AM, Greg Kroah-Hartman
>> wrote:
>> > On Thu, Nov 15, 2018 at 08:36:17AM +0800, Ming Lei wrote:
>> >>
On Thu, Nov 15, 2018 at 1:56 AM, Greg Kroah-Hartman
wrote:
> On Thu, Nov 15, 2018 at 08:36:17AM +0800, Ming Lei wrote:
>> > So even if you think the kernel is not going to do this, remember, you
>> > have no control over it. Reference counted objects are done this way
>> > for a reason, you reall
On Sun, Feb 4, 2018 at 10:07 AM, Eric Biggers wrote:
> On Thu, Feb 01, 2018 at 05:21:12PM +0100, 'Dmitry Vyukov' via syzkaller wrote:
>> On Thu, Feb 1, 2018 at 5:17 PM, Ben Hutchings
>> wrote:
>> > On Thu, 2018-02-01 at 08:04 +0100, Dmitry Vyukov wrote:
&g
On Thu, Feb 1, 2018 at 5:17 PM, Ben Hutchings
wrote:
> On Thu, 2018-02-01 at 08:04 +0100, Dmitry Vyukov wrote:
>> On Thu, Feb 1, 2018 at 7:03 AM, Douglas Gilbert
>> wrote:
>> > On 2018-01-30 07:22 AM, Dmitry Vyukov wrote:
> [...]
>> > > [1:0:0:0]cd/dv
On Thu, Feb 1, 2018 at 7:03 AM, Douglas Gilbert wrote:
> On 2018-01-30 07:22 AM, Dmitry Vyukov wrote:
>>
>> Uh, I've answered this a week ago, but did not notice that Doug
>> dropped everybody from CC. Reporting to all.
>>
>> On Mon, Jan 22, 2018 at 8:16 PM,
On Mon, Jan 22, 2018 at 7:57 PM, Douglas Gilbert wrote:
> On 2018-01-22 11:30 AM, Bart Van Assche wrote:
>>
>> On Mon, 2018-01-22 at 12:06 +0100, Dmitry Vyukov wrote:
>>>
>>> general protection fault: [#1] SMP KASAN
>>
>>
>> How about
Hello,
The following program triggers assorted memory corruptions on 4.15-rc9:
// autogenerated by syzkaller (http://github.com/google/syzkaller)
#include
#include
#include
#include
#include
#define SG_NEXT_CMD_LEN 0x2283
int main()
{
int fd = open("/dev/sg0", O_RDWR);
long len = 9;
On Thu, Jan 11, 2018 at 7:04 AM, Douglas Gilbert wrote:
> On 2018-01-09 11:05 AM, Dmitry Vyukov wrote:
>>
>> Hello,
>>
>> syzkaller has found the following memory leak:
>>
>> unreferenced object 0x88004c19 (size 8328):
>>comm "syz-ex
Hello,
syzkaller has found the following memory leak:
unreferenced object 0x88004c19 (size 8328):
comm "syz-executor", pid 4627, jiffies 4294749150 (age 45.507s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
20 00 00 00 22 01 00 0
Hello,
The following program causes random assorted memory corruptions:
https://gist.githubusercontent.com/dvyukov/da3463af2d1ff8c7d3624891b5d7427f/raw/09cf0f4af529f4506f9e0a9fa6bdb066a8777b9d/gistfile1.txt
It does some ioctl's on /dev/sg0.
general protection fault: [#1] SMP KASAN
Modules
On Fri, Mar 17, 2017 at 12:48 AM, Martin K. Petersen
wrote:
> Peter Chang writes:
>
> Applied to 4.11/scsi-fixes.
>
> Thanks!
>
> --
> Martin K. Petersen Oracle Linux Engineering
Hi,
Can you point to the commit/tree? I don't see it here:
https://git.kernel.org/pub/scm/linux/kernel/git/mkp/
On Thu, Mar 2, 2017 at 7:29 PM, Peter Chang wrote:
> now that i think i've got gmail not marking everything as spam...
+syzkaller mailing list as this does not seem to appear anywhere on open web
From 93409c62db49d15105390315a685e54083029bee Mon Sep 17 00:00:00 2001
From: peter chang
Date: Wed,
ving us to allocate pages per request.
>>> However, the 'reserved' array is only capable of holding one
>>> request, so we need to protect it against concurrent accesses.
>>>
>>> Cc: sta...@vger.kernel.org
>>> Reported-by: Dmitry Vyukov
>>
On Tue, Jan 31, 2017 at 10:58 AM, Johannes Thumshirn wrote:
>
> [...]
>
>> Please-please-please, let's not use WARN for something that is not a
>> kernel bug and is user-triggerable. This makes it impossible to
>> automate kernel testing and requires hiring an army of people doing
>> mechanical jo
On Tue, Jan 31, 2017 at 10:20 AM, Johannes Thumshirn wrote:
> On Tue, Jan 31, 2017 at 09:55:52AM +0100, Dmitry Vyukov wrote:
>> Hello,
>>
>> The following program triggers BUG in scsi_init_io:
>
> Well crashing a machine just because of an empty dma transfer is a bit
Hello,
The following program triggers BUG in scsi_init_io:
kernel BUG at drivers/scsi/scsi_lib.c:1043!
invalid opcode: [#1] SMP KASAN
Modules linked in:
CPU: 0 PID: 2899 Comm: a.out Not tainted 4.10.0-rc5+ #201
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
task
On Mon, Jan 30, 2017 at 5:36 PM, Bart Van Assche
wrote:
> On Mon, 2017-01-30 at 08:25 +0100, Dmitry Vyukov wrote:
>> On commit ca63ff9b11f958efafd8c8fa60fda14baec6149c
>
> What kernel have you been testing? That commit is not in any upstream kernel.
This is mmotm
git://git.ker
Hello,
The following program triggers use-after-free in sg_start_req:
https://gist.githubusercontent.com/dvyukov/be6561d2819fe30a78711234e53866b8/raw/1d75d4508f7a8ebb0b1ec0d18c0054fbffbc0708/gistfile1.txt
BUG: KASAN: use-after-free in bio_copy_user_iov+0xee1/0xf00
block/bio.c:1248 at addr 880
On Tue, Dec 6, 2016 at 4:38 PM, Johannes Thumshirn wrote:
> On Tue, Dec 06, 2016 at 10:43:57AM +0100, Dmitry Vyukov wrote:
>> On Tue, Dec 6, 2016 at 10:32 AM, Johannes Thumshirn
>> wrote:
>> > On Mon, Dec 05, 2016 at 07:03:39PM +, Al Viro wrote:
>> >>
On Tue, Dec 6, 2016 at 10:32 AM, Johannes Thumshirn wrote:
> On Mon, Dec 05, 2016 at 07:03:39PM +, Al Viro wrote:
>> On Mon, Dec 05, 2016 at 04:17:53PM +0100, Johannes Thumshirn wrote:
>> > 633 hp = &srp->header;
>> > [...]
>> > 646 hp->dxferp = (char __user *)buf + cmd
On Sat, Dec 3, 2016 at 7:19 PM, Johannes Thumshirn wrote:
> On Sat, Dec 03, 2016 at 04:22:39PM +0100, Dmitry Vyukov wrote:
>> On Sat, Dec 3, 2016 at 11:38 AM, Johannes Thumshirn
>> wrote:
>> > On Fri, Dec 02, 2016 at 05:50:39PM +0100, Dmitry Vyukov wrote:
>> >
On Sat, Dec 3, 2016 at 11:38 AM, Johannes Thumshirn wrote:
> On Fri, Dec 02, 2016 at 05:50:39PM +0100, Dmitry Vyukov wrote:
>> On Fri, Nov 25, 2016 at 8:08 PM, Dmitry Vyukov wrote:
>
> [...]
>
>>
>> +David did some debugging of a similar case. His 0x400 at location
On Fri, Nov 25, 2016 at 8:08 PM, Dmitry Vyukov wrote:
> Hello,
>
> The following program triggers use-after-free in bio_copy_from_iter:
> https://gist.githubusercontent.com/dvyukov/80cd94b4e4c288f16ee4c787d404118b/raw/10536069562444da51b758bb39655b514ff93b45/g
Hello,
The following program triggers use-after-free in bio_copy_from_iter:
https://gist.githubusercontent.com/dvyukov/80cd94b4e4c288f16ee4c787d404118b/raw/10536069562444da51b758bb39655b514ff93b45/gistfile1.txt
==
BUG: KASAN: use-af
Hello,
I am not sure whether there is some to fix or not, since it can be
triggered only by root. But still if I run the following program
several times in a row, whole machine becomes unusable for several
minutes (ssh, ps and pretty much everything hangs):
// autogenerated by syzkaller (http://
On Fri, Jan 29, 2016 at 1:35 PM, Kirill A. Shutemov
wrote:
> From 691a961bb401c5815ed741dac63591efbc6027e3 Mon Sep 17 00:00:00 2001
> From: "Kirill A. Shutemov"
> Date: Fri, 29 Jan 2016 15:06:17 +0300
> Subject: [PATCH 2/2] mempolicy: do not try to queue pages from
> !vma_migratable()
>
> Maybe
On Thu, Jan 28, 2016 at 12:40 PM, Kirill A. Shutemov
wrote:
> On Thu, Jan 28, 2016 at 11:55:14AM +0100, Dmitry Vyukov wrote:
>> On Thu, Jan 28, 2016 at 11:51 AM, Kirill A. Shutemov
>> wrote:
>> > On Thu, Jan 28, 2016 at 11:27:11AM +0100, Dmitry Vyukov wrote:
>
Hello,
The following program triggers VM_BUG_ON_PAGE(PageTail(page)):
// autogenerated by syzkaller (http://github.com/google/syzkaller)
#include
#include
#include
#include
int main()
{
int fd;
mmap((void*)0x2000, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1,
Hello,
The following program causes NULL deref in sg_start_req:
// autogenerated by syzkaller (http://github.com/google/syzkaller)
#include
#include
#include
#include
#include
#ifndef SYS_memfd_create
#define SYS_memfd_create 319
#endif
int main()
{
long r[26];
syscall(SYS_mmap, 0x200
worker_thread+0xb0/0x900 kernel/workqueue.c:2170
[] kthread+0x150/0x170 kernel/kthread.c:209
[] ret_from_fork+0x3f/0x70 arch/x86/entry/entry_64.S:529
The race is between:
if (q->kobj.sd) {
and:
kobj->sd = kn;
On Mon, Sep 21, 2015 at 11:58 AM, Dmitry Vyukov wrote:
>
d_disk+0x688/0x760 block/genhd.c:619
[] sd_probe_async+0x298/0x370 drivers/scsi/sd.c:2896
[] async_run_entry_fn+0x7d/0x1e0 kernel/async.c:123
[] process_one_work+0x47e/0x930 kernel/workqueue.c:2036
[] worker_thread+0xb0/0x900 kernel/workqueue.c:2170
[] kthread+0x150/0x170 kernel/kthread
On Sun, Sep 22, 2013 at 2:47 PM, Tejun Heo wrote:
> Hello,
>
> On Sun, Sep 22, 2013 at 11:59:53AM -0700, Dmitry Vyukov wrote:
>> I've noticed that free happens in scsi_error_handler thread, so maybe
>> a timeout or some other error condition is involved here.
>
On Sun, Sep 22, 2013 at 11:24 AM, Dmitry Vyukov wrote:
> On Sun, Sep 22, 2013 at 9:39 AM, Tejun Heo wrote:
>>
>> (cc'ing SCSI people)
>>
>> On Wed, Sep 18, 2013 at 11:45:22AM -0700, Dmitry Vyukov wrote:
>> > Hi!
>> >
>> > I am workin
On Sun, Sep 22, 2013 at 9:39 AM, Tejun Heo wrote:
>
> (cc'ing SCSI people)
>
> On Wed, Sep 18, 2013 at 11:45:22AM -0700, Dmitry Vyukov wrote:
> > Hi!
> >
> > I am working on AddressSanitizer -- a tool that detects use-after-free
> > and out-of-bounds bu
On Wed, Sep 4, 2013 at 6:32 PM, Alan Stern wrote:
> On Wed, 4 Sep 2013, Dmitry Vyukov wrote:
>
>> Hi,
>>
>> We are working on a memory error detector AddressSanitizer for Linux
>> kernel
>> (https://code.google.com/p/address-sanitizer/wiki/AddressSanitizerFo
Hi,
We are working on a memory error detector AddressSanitizer for Linux
kernel
(https://code.google.com/p/address-sanitizer/wiki/AddressSanitizerForKernel),
it can detect use-after-free and buffer-overflow errors.
Here one of the reports from the tool:
[ 166.124485] ERROR: AddressSanitizer: h
36 matches
Mail list logo
