lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 4 Jan 2018 22:38:10 +0100
From:   Pavel Machek <pavel@....cz>
To:     Dmitry Vyukov <dvyukov@...gle.com>
Cc:     Mike Galbraith <efault@....de>,
        LKML <linux-kernel@...r.kernel.org>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        syzkaller <syzkaller@...glegroups.com>
Subject: Re: LKML admins (syzbot emails are not delivered)

On Thu 2018-01-04 12:09:26, Dmitry Vyukov wrote:
> On Thu, Jan 4, 2018 at 10:56 AM, Pavel Machek <pavel@....cz> wrote:
> >> On Thu, 2018-01-04 at 10:25 +0100, Pavel Machek wrote:
> >> > Hi!
> >> > >
> >> > > Some of syzbot emails don't appear on LKML mailing lists, while they
> >> > > were mailed as any other emails. Here are few examples:
> >> > >
> >> > > "KASAN: use-after-free Read in rds_tcp_dev_event"
> >> > > https://groups.google.com/d/msg/syzkaller-bugs/nEeIAsNLWL4/1GzamOmRAwAJ
> >> > >
> >> > > "general protection fault in __wake_up_common"
> >> > > https://groups.google.com/d/msg/syzkaller-bugs/4TrrZ0bIViw/rBcYLUJHAgAJ
> >> > >
> >> > > Does anybody know how to get in contact with real people behind LKML
> >> > > and/or bugzilla?
> >> >
> >> > Not delivering syzbot emails might be good thing?
> >>
> >> Nah, the thing is finding and reporting bugs just like a human would,
> >> it just doesn't need sleep etc, so sometimes reports more than humans
> >> can keep up with.  It needs a smarter brother.. but then again, maybe
> >> not, if bots start fixing things too, a lot of meatware hackers would
> >> have to go find real jobs.
> >
> > Sending random, unrepeatable Oopses to lkml is not what humans would
> > do, and perhaps not something bots should do, either.
> 
> 
> Hi Pavel,
> 
> I've answered this question here in full detail. In short, this is
> useful and actionable.
> https://groups.google.com/d/msg/syzkaller/2nVn_XkVhEE/GjjfISejCgAJ

Unfortantely, some of the reports are making it to the lkml.

200KB each! Due to attached .config files. I believe you should not be
spamming lkml in the first place. If you insist on sending to lkml and
list admins are okay with that, please gzip the config file.

								Pavel


>  do_syscall_32_irqs_on arch/x86/entry/common.c:327 [inline]
>  do_fast_syscall_32+0x3ee/0xf9d arch/x86/entry/common.c:389
>  entry_SYSENTER_compat+0x54/0x63
arch/x86/entry/entry_64_compat.S:129

Looks like the same bug I sent out a fix for yesterday.

#syz fix: capabilities: fix buffer overread on very short xattr

https://marc.info/?l=linux-kernel&m=151488700301705


-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

Download attachment "signature.asc" of type "application/pgp-signature" (182 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ