lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CACT4Y+YHObUEbmf4UYopmjCceN6nd4nck_iV0JtpBO6zGixm5A@mail.gmail.com>
Date:   Fri, 17 Aug 2018 11:42:40 -0700
From:   Dmitry Vyukov <dvyukov@...gle.com>
To:     "Eric W. Biederman" <ebiederm@...ssion.com>
Cc:     "J. Bruce Fields" <bfields@...ldses.org>,
        Stephen Rothwell <sfr@...b.auug.org.au>,
        syzbot <syzbot+1f371ca19b341a276761@...kaller.appspotmail.com>,
        jlayton@...nel.org, linux-fsdevel <linux-fsdevel@...r.kernel.org>,
        LKML <linux-kernel@...r.kernel.org>,
        syzkaller-bugs <syzkaller-bugs@...glegroups.com>,
        Al Viro <viro@...iv.linux.org.uk>
Subject: Re: general protection fault in send_sigurg_to_task

On Fri, Aug 17, 2018 at 11:22 AM, Eric W. Biederman
<ebiederm@...ssion.com> wrote:
> Dmitry Vyukov <dvyukov@...gle.com> writes:
>
>> On Wed, Aug 15, 2018 at 9:01 PM, Eric W. Biederman
>> <ebiederm@...ssion.com> wrote:
>>> Dmitry Vyukov <dvyukov@...gle.com> writes:
>>>
>>>> On Tue, Aug 14, 2018 at 12:11 PM, J. Bruce Fields <bfields@...ldses.org> wrote:
>>>>> On Mon, Aug 13, 2018 at 06:33:02AM -0700, syzbot wrote:
>>>>>> syzbot has found a reproducer for the following crash on:
>>>>>>
>>>>>> HEAD commit:    5ed5da74de9e Add linux-next specific files for 20180813
>>>>>> git tree:       linux-next
>>>>>
>>>>> I fetched linux-next but don't have 5ed5da74de9e.
>>>>
>>>> Hi Bruce,
>>>>
>>>> +Stephen for the disappeared linux-next commit.
>>>>
>>>> On the dashboard link you can see that it also happened on a more
>>>> recent commit 4e8b38549b50459a22573d756dd1f4e1963c2a8d that I do see
>>>> now in linux-next.
>>>>
>>>>> I'm also not sure why I'm on the cc for this.
>>>>
>>>> You've been pointed to by "./scripts/get_maintainer.pl -f fs/fcntl.c"
>>>> as maintainer of the file, which is the file where the crash happened.
>>>
>>> You need to use your reproducer to bisect and find the commit that
>>> caused this.  Otherwise you will continue to confuse people.
>>>
>>> get_maintainer.pl is not a good target for automated reporting
>>> especially against linux-next.
>>
>> Hi Eric,
>>
>> We will do bisection.
>> But I afraid it will not give perfect attribution for a number of reasons:
>>  - broken build/boot which happens sometimes for prolonged periods and
>> prohibits bisection
>>  - elusive races that can't be reproduced reliably and thus bisection
>> can give wrong results
>>  - bugs introduced too long ago (e.g. author email is not even valid today)
>>  - reproducers triggering more than 1 bug, so base bisection commit
>> can actually be for another bug, or bisection can switch from one bug
>> to another
>>  - last but not least, bugs without reproducers
>> Bisection will add useful information to the bug report, but it will
>> not necessary make attribution better than it is now.
>>
>> Do you have more examples where bugs were misreported? From what I see
>> current attrition works well. There are episodic fallouts, but well,
>> nothing is perfect in this world. Humans don't bisect frequently and
>> misreport sometimes. I think we just need to re-route bugs in such
>> cases.
>
> I have yet to see syzbot make a good report.  Especially against
> linux-next.

Well, first of all, we are not aware of any massive problems because
nobody tells us. What are the systematic problems that affect lots of
reports?

I took few recent ones. Anything wrong with them?

https://lkml.org/lkml/2018/7/15/230
https://lkml.org/lkml/2018/7/18/992
https://lkml.org/lkml/2018/4/19/705
https://groups.google.com/forum/#!msg/syzkaller-bugs/F7KnbAmMa7E/VSbaYHyQCAAJ

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ