lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CACT4Y+adoSOyhLNuWF7ZCS-e7SxZu89O1VLXV5NZjg_c6U3B-w@mail.gmail.com>
Date:   Fri, 15 Jun 2018 11:54:16 +0200
From:   Dmitry Vyukov <dvyukov@...gle.com>
To:     "Theodore Y. Ts'o" <tytso@....edu>,
        Dmitry Vyukov <dvyukov@...gle.com>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        "Eric W. Biederman" <ebiederm@...ssion.com>,
        Guenter Roeck <groeck@...gle.com>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        syzkaller <syzkaller@...glegroups.com>,
        Stephen Rothwell <sfr@...b.auug.org.au>,
        David Miller <davem@...emloft.net>,
        Wu Fengguang <fengguang.wu@...el.com>
Subject: Re: what trees/branches to test on syzbot

On Mon, Jun 11, 2018 at 3:22 AM, Theodore Y. Ts'o <tytso@....edu> wrote:
> On Sun, Jun 10, 2018 at 08:11:05AM +0200, Dmitry Vyukov wrote:
>>
>> The set of trees where a crash happened is visible on dashboard, so
>> one can see if it's only linux-next or whole set of trees. Potentially
>> syzbot can act differently depending on this predicate, but I don't
>> see what should be the difference.  However, this does not fully save
>> from falsely assessing bugs as linux-next-only just because they
>> happened few times and only on linux-next so far.
>
> So how about this, only report something as being a linux-next
> regression if (a) there is a reproducer, and (b) the reproducer does
> not trigger any kind of crash on mainline?
>
>> There is also a problem with rebasing of linux-next: reported commit
>> hashes do not make sense and we can forget about bisection.
>
> If there is a valid reproducer, bisection should simply be a matter ofu
> running and if we know the reproducer doesn't trigger on mainline,
> then the bisection should only require no more than 8-10 VM runs.  For
> Linux-next, this would be *super* valuable.  Reporting the commit ID
> and the one-line commit summary will be enough for most maintainers,
> since even if they are using a rewinding head, so long as the
> bisection can be done quickly enough (e.g., within a few days), it
> will still be in their git repository.
>
> And if you have a reproducer, then once it's identified as a
> linux-next reproducer with a guilty commit, that can be confirmed by
> either (a) seeing if you can revert the commit and if it makes the
> problem go away, or (b) figure out which subsystem git tree the commit
> was introduced via, and then verify that the reproducer triggers on
> the tip of the subsystem git tree.
>
> All of this will require development effort, so I suspect it's not
> something we'll see from syzbot tomorrow --- but it's not
> *impossible*.
>
> I think though that sending e-mail about a linux-next syzbot crash if
> there is a reproducer and the reproducer doesn't trigger a crash on
> mainline should be really simple to implement, and it would add huge
> value without spamming the subsystem maintainers.


But if this also happens on upstream, then we want to report it
twofold. So this predicate can be reduced to "report crashes that
happen only on linux-next iff they have reproducers", right?
We will probably also need something that will auto-invalidate old
bugs that were never reported.

Re backwards bisection (when bug is introduced), we can actually test
linux-next-history instead of linux-next, right?
But forward bisection (when bug is fixed) unfortunately won't work
because these commits are not connected to HEAD. And forward bisection
is very important, otherwise who will bring order to all these
hundreds of open bugs?
https://syzkaller.appspot.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ