lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20180817183840.GA12582@fieldses.org>
Date:   Fri, 17 Aug 2018 14:38:40 -0400
From:   "J. Bruce Fields" <bfields@...ldses.org>
To:     "Eric W. Biederman" <ebiederm@...ssion.com>
Cc:     Dmitry Vyukov <dvyukov@...gle.com>,
        Stephen Rothwell <sfr@...b.auug.org.au>,
        syzbot <syzbot+1f371ca19b341a276761@...kaller.appspotmail.com>,
        jlayton@...nel.org, linux-fsdevel <linux-fsdevel@...r.kernel.org>,
        LKML <linux-kernel@...r.kernel.org>,
        syzkaller-bugs <syzkaller-bugs@...glegroups.com>,
        Al Viro <viro@...iv.linux.org.uk>
Subject: Re: general protection fault in send_sigurg_to_task

On Fri, Aug 17, 2018 at 01:22:31PM -0500, Eric W. Biederman wrote:
> Dmitry Vyukov <dvyukov@...gle.com> writes:
> 
> > On Wed, Aug 15, 2018 at 9:01 PM, Eric W. Biederman
> > <ebiederm@...ssion.com> wrote:
> >> Dmitry Vyukov <dvyukov@...gle.com> writes:
> >>
> >>> On Tue, Aug 14, 2018 at 12:11 PM, J. Bruce Fields <bfields@...ldses.org> wrote:
> >>>> On Mon, Aug 13, 2018 at 06:33:02AM -0700, syzbot wrote:
> >>>>> syzbot has found a reproducer for the following crash on:
> >>>>>
> >>>>> HEAD commit:    5ed5da74de9e Add linux-next specific files for 20180813
> >>>>> git tree:       linux-next
> >>>>
> >>>> I fetched linux-next but don't have 5ed5da74de9e.
> >>>
> >>> Hi Bruce,
> >>>
> >>> +Stephen for the disappeared linux-next commit.
> >>>
> >>> On the dashboard link you can see that it also happened on a more
> >>> recent commit 4e8b38549b50459a22573d756dd1f4e1963c2a8d that I do see
> >>> now in linux-next.
> >>>
> >>>> I'm also not sure why I'm on the cc for this.
> >>>
> >>> You've been pointed to by "./scripts/get_maintainer.pl -f fs/fcntl.c"
> >>> as maintainer of the file, which is the file where the crash happened.
> >>
> >> You need to use your reproducer to bisect and find the commit that
> >> caused this.  Otherwise you will continue to confuse people.
> >>
> >> get_maintainer.pl is not a good target for automated reporting
> >> especially against linux-next.
> >
> > Hi Eric,
> >
> > We will do bisection.
> > But I afraid it will not give perfect attribution for a number of reasons:
> >  - broken build/boot which happens sometimes for prolonged periods and
> > prohibits bisection
> >  - elusive races that can't be reproduced reliably and thus bisection
> > can give wrong results
> >  - bugs introduced too long ago (e.g. author email is not even valid today)
> >  - reproducers triggering more than 1 bug, so base bisection commit
> > can actually be for another bug, or bisection can switch from one bug
> > to another
> >  - last but not least, bugs without reproducers
> > Bisection will add useful information to the bug report, but it will
> > not necessary make attribution better than it is now.
> >
> > Do you have more examples where bugs were misreported? From what I see
> > current attrition works well. There are episodic fallouts, but well,
> > nothing is perfect in this world. Humans don't bisect frequently and
> > misreport sometimes. I think we just need to re-route bugs in such
> > cases.
> 
> I have yet to see syzbot make a good report.  Especially against
> linux-next.

It did result in a fix (thanks!): https://lkml.org/lkml/2018/8/16/47

So I'd call that a better-than-nothing report if not a great report?

There's some value just in timeliness; it's a lot easier for me to fix a
bug that I introduced in the last few days, with the change still fresh
in my mind....

--b.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ