lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <bug-200109-13602-G9inpFM2j2@https.bugzilla.kernel.org/>
Date:   Mon, 18 Jun 2018 05:39:54 +0000
From:   bugzilla-daemon@...zilla.kernel.org
To:     linux-ext4@...nel.org
Subject: [Bug 200109] BUG: KASAN: use-after-free in ext4_xattr_set_entry
 fs/ext4/xattr.c:1598

https://bugzilla.kernel.org/show_bug.cgi?id=200109

--- Comment #3 from icytxw (icytxw@...il.com) ---
Thanks for your advise, I also know that syzkaller's log file is not so easy to
understand.
And because the possibility of some bug being triggered is very small, it is
not so easy to 
generate a .c file. In the next time, I will work on how to reproduce possible
bugs just like 
Wen Xu’s fuzzing system.

Thanks again

发件人: bugzilla-daemon@...zilla.kernel.org
发送时间: 2018年6月18日 12:57
收件人: icytxw@...il.com
主题: [Bug 200109] BUG: KASAN: use-after-free in
ext4_xattr_set_entryfs/ext4/xattr.c:1598

https://bugzilla.kernel.org/show_bug.cgi?id=200109

Theodore Tso (tytso@....edu) changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |tytso@....edu

--- Comment #2 from Theodore Tso (tytso@....edu) ---
Thanks for reporting this bug and marking it as a duplicate.   Please note that
Syzkaller is really terrible at creating an actionable bug report.   But at
least the mainline Syzkaller creates a repro.c file which a developer can run
--- instead of having to paw through a one megabyte log file which apparently
has a huge number of unrelated test programs.

Syzkaller programs are also not in as stable language, so unless you know
exactly what version of syzkaller was used to create a syzkaller repro, it's
mostly useless.   Indeed, Dmitry has essentially advised me to ignore the
syzkaller repro, since otherwise you have to check out the precise version of
syzkaller used to create the repro, and use it to run the syzkaller repro.   I
personally think that's a terrible design, but at least there is the
alternative of using the repro.c file.

I'd strongly encourage that you work on enhancing Syzkaller so it can generate
a sample image file combined with a poc.c file, the way Wen Xu's fuzzing system
works.  It results in a much more developer-friendly report that is much easier
for me to act upon --- with the result that his work has far more impact.

See:

https://bugzilla.kernel.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=RESOLVED&component=ext4&email1=wen.xu%40gatech.edu&emailreporter1=1&emailtype1=substring&known_name=Open%20Wen%27s%20problems&list_id=990219&query_based_on=Open%20Wen%27s%20problems&query_format=advanced

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ