| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 17 Aug 2018 14:38:40 -0400
From: "J. Bruce Fields" <bfields@...ldses.org>
To: "Eric W. Biederman" <ebiederm@...ssion.com>
Cc: Dmitry Vyukov <dvyukov@...gle.com>,
Stephen Rothwell <sfr@...b.auug.org.au>,
syzbot <syzbot+1f371ca19b341a276761@...kaller.appspotmail.com>,
jlayton@...nel.org, linux-fsdevel <linux-fsdevel@...r.kernel.org>,
LKML <linux-kernel@...r.kernel.org>,
syzkaller-bugs <syzkaller-bugs@...glegroups.com>,
Al Viro <viro@...iv.linux.org.uk>
Subject: Re: general protection fault in send_sigurg_to_task
On Fri, Aug 17, 2018 at 01:22:31PM -0500, Eric W. Biederman wrote:
> Dmitry Vyukov <dvyukov@...gle.com> writes:
>
> > On Wed, Aug 15, 2018 at 9:01 PM, Eric W. Biederman
> > <ebiederm@...ssion.com> wrote:
> >> Dmitry Vyukov <dvyukov@...gle.com> writes:
> >>
> >>> On Tue, Aug 14, 2018 at 12:11 PM, J. Bruce Fields <bfields@...ldses.org> wrote:
> >>>> On Mon, Aug 13, 2018 at 06:33:02AM -0700, syzbot wrote:
> >>>>> syzbot has found a reproducer for the following crash on:
> >>>>>
> >>>>> HEAD commit: 5ed5da74de9e Add linux-next specific files for 20180813
> >>>>> git tree: linux-next
> >>>>
> >>>> I fetched linux-next but don't have 5ed5da74de9e.
> >>>
> >>> Hi Bruce,
> >>>
> >>> +Stephen for the disappeared linux-next commit.
> >>>
> >>> On the dashboard link you can see that it also happened on a more
> >>> recent commit 4e8b38549b50459a22573d756dd1f4e1963c2a8d that I do see
> >>> now in linux-next.
> >>>
> >>>> I'm also not sure why I'm on the cc for this.
> >>>
> >>> You've been pointed to by "./scripts/get_maintainer.pl -f fs/fcntl.c"
> >>> as maintainer of the file, which is the file where the crash happened.
> >>
> >> You need to use your reproducer to bisect and find the commit that
> >> caused this. Otherwise you will continue to confuse people.
> >>
> >> get_maintainer.pl is not a good target for automated reporting
> >> especially against linux-next.
> >
> > Hi Eric,
> >
> > We will do bisection.
> > But I afraid it will not give perfect attribution for a number of reasons:
> > - broken build/boot which happens sometimes for prolonged periods and
> > prohibits bisection
> > - elusive races that can't be reproduced reliably and thus bisection
> > can give wrong results
> > - bugs introduced too long ago (e.g. author email is not even valid today)
> > - reproducers triggering more than 1 bug, so base bisection commit
> > can actually be for another bug, or bisection can switch from one bug
> > to another
> > - last but not least, bugs without reproducers
> > Bisection will add useful information to the bug report, but it will
> > not necessary make attribution better than it is now.
> >
> > Do you have more examples where bugs were misreported? From what I see
> > current attrition works well. There are episodic fallouts, but well,
> > nothing is perfect in this world. Humans don't bisect frequently and
> > misreport sometimes. I think we just need to re-route bugs in such
> > cases.
>
> I have yet to see syzbot make a good report. Especially against
> linux-next.
It did result in a fix (thanks!): https://lkml.org/lkml/2018/8/16/47
So I'd call that a better-than-nothing report if not a great report?
There's some value just in timeliness; it's a lot easier for me to fix a
bug that I introduced in the last few days, with the change still fresh
in my mind....
--b.
Powered by blists - more mailing lists