lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <87d0ugc0pk.fsf@xmission.com>
Date:   Fri, 17 Aug 2018 13:22:31 -0500
From:   ebiederm@...ssion.com (Eric W. Biederman)
To:     Dmitry Vyukov <dvyukov@...gle.com>
Cc:     "J. Bruce Fields" <bfields@...ldses.org>,
        Stephen Rothwell <sfr@...b.auug.org.au>,
        syzbot <syzbot+1f371ca19b341a276761@...kaller.appspotmail.com>,
        jlayton@...nel.org, linux-fsdevel <linux-fsdevel@...r.kernel.org>,
        LKML <linux-kernel@...r.kernel.org>,
        syzkaller-bugs <syzkaller-bugs@...glegroups.com>,
        Al Viro <viro@...iv.linux.org.uk>
Subject: Re: general protection fault in send_sigurg_to_task

Dmitry Vyukov <dvyukov@...gle.com> writes:

> On Wed, Aug 15, 2018 at 9:01 PM, Eric W. Biederman
> <ebiederm@...ssion.com> wrote:
>> Dmitry Vyukov <dvyukov@...gle.com> writes:
>>
>>> On Tue, Aug 14, 2018 at 12:11 PM, J. Bruce Fields <bfields@...ldses.org> wrote:
>>>> On Mon, Aug 13, 2018 at 06:33:02AM -0700, syzbot wrote:
>>>>> syzbot has found a reproducer for the following crash on:
>>>>>
>>>>> HEAD commit:    5ed5da74de9e Add linux-next specific files for 20180813
>>>>> git tree:       linux-next
>>>>
>>>> I fetched linux-next but don't have 5ed5da74de9e.
>>>
>>> Hi Bruce,
>>>
>>> +Stephen for the disappeared linux-next commit.
>>>
>>> On the dashboard link you can see that it also happened on a more
>>> recent commit 4e8b38549b50459a22573d756dd1f4e1963c2a8d that I do see
>>> now in linux-next.
>>>
>>>> I'm also not sure why I'm on the cc for this.
>>>
>>> You've been pointed to by "./scripts/get_maintainer.pl -f fs/fcntl.c"
>>> as maintainer of the file, which is the file where the crash happened.
>>
>> You need to use your reproducer to bisect and find the commit that
>> caused this.  Otherwise you will continue to confuse people.
>>
>> get_maintainer.pl is not a good target for automated reporting
>> especially against linux-next.
>
> Hi Eric,
>
> We will do bisection.
> But I afraid it will not give perfect attribution for a number of reasons:
>  - broken build/boot which happens sometimes for prolonged periods and
> prohibits bisection
>  - elusive races that can't be reproduced reliably and thus bisection
> can give wrong results
>  - bugs introduced too long ago (e.g. author email is not even valid today)
>  - reproducers triggering more than 1 bug, so base bisection commit
> can actually be for another bug, or bisection can switch from one bug
> to another
>  - last but not least, bugs without reproducers
> Bisection will add useful information to the bug report, but it will
> not necessary make attribution better than it is now.
>
> Do you have more examples where bugs were misreported? From what I see
> current attrition works well. There are episodic fallouts, but well,
> nothing is perfect in this world. Humans don't bisect frequently and
> misreport sometimes. I think we just need to re-route bugs in such
> cases.

I have yet to see syzbot make a good report.  Especially against
linux-next.

Eric

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ