lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <Y5y824gPqZo+vcxb@mit.edu> Date: Fri, 16 Dec 2022 13:45:47 -0500 From: "Theodore Ts'o" <tytso@....edu> To: Aleksandr Nogikh <nogikh@...gle.com> Cc: Lee Jones <lee@...nel.org>, syzbot <syzbot+15cd994e273307bf5cfa@...kaller.appspotmail.com>, adilger.kernel@...ger.ca, gregkh@...uxfoundation.org, lczerner@...hat.com, linux-ext4@...r.kernel.org, linux-kernel@...r.kernel.org, sashal@...nel.org, stable@...r.kernel.org, syzkaller-android-bugs@...glegroups.com, tadeusz.struk@...aro.org Subject: Re: kernel BUG in ext4_free_blocks (2) On Fri, Dec 16, 2022 at 06:14:50PM +0100, Aleksandr Nogikh wrote: > > Thanks for the clarification; stupid question, though -- I see > > "upstream" is listed on the dashboard link above. Assuming that > > "usptream" is "Linus's tree", why was it still saying, "I can't find > > this patch in any of my trees"? What about the upstream tree? > > Bugs from different namespaces are treated independently, so in this > particular case syzbot was expecting the fixing commit to reach the > Android trees that it fuzzes. Is there a way someone can look at the dashboard link to determine which (a) what namespace a particular syzkaller report is in, and (b) what trees are included in a particular namespace? Adding a link to the e-mail to the dashboard page may not help if it's not obvious why the dashboard mentions "upstream" and yet it's not in "any of the trees". Maybe the e-mail should explicitly list the trees that syzkaller will be searching? And it would seem that it would be a *feature* if looking at a syzbot dashboard from Android namespace could expose the fact that particular patch is in any of the LTS trees or Linus's upstream tree, no? Also, what is the reason for Android for being in a separate namespace? Is it running on a separate syzbot VM? I can understand why from a feature perspective, that Fuschia and OpenBSD should be in separate namespaces; but what are the reasons that there are separate namespaces for Android versus the upstream kernel? Especially since the Android dashboard is apparently referencing the upstream kernel? What's up with that? Put another way, while I think it's super useful to have a link to Syzbot dashboard page, in the e-mail, I'm not sure it's going to be a complete solution to the confusion that was inspired by this case. That being said, in general I think a link to the Dashboard is useful; in fact, it might be nice if we could encourage upstream developers put in the commit trailer: Link: https://syzkaller.appspot.com/bug?id=5266d464285a03cee9dbfda7d2452a72c3c2ae7c in addition to, or better yet, instead of: Reported-by: syzbot+15cd994e273307bf5cfa@...kaller.appspotmail.com ... and have Syzbot be able to translate from the Link: tag as being equivalent to the Reported-by: link. That's becase the Link is going to be much more useful to humans than the Reported-by --- we've had a number of cases where as part of the patch review, we really wanted to get back to the Dashboard page, and it's not easy to get to the Dashboard from the Reported-by tag. Thanks, - Ted
Powered by blists - more mailing lists