lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 26 Jul 2019 16:57:32 +0100
From:   Catalin Marinas <catalin.marinas@....com>
To:     Dmitry Vyukov <dvyukov@...gle.com>
Cc:     syzbot <syzbot+a871c1e6ea00685e73d7@...kaller.appspotmail.com>,
        alexandre.belloni@...e-electrons.com,
        LKML <linux-kernel@...r.kernel.org>,
        Linux-MM <linux-mm@...ck.org>, nicolas.ferre@...el.com,
        Rob Herring <robh@...nel.org>, sre@...nel.org,
        syzkaller-bugs <syzkaller-bugs@...glegroups.com>
Subject: Re: memory leak in vq_meta_prefetch

On Fri, Jul 26, 2019 at 05:20:55PM +0200, Dmitry Vyukov wrote:
> On Fri, Jul 26, 2019 at 3:00 PM Catalin Marinas <catalin.marinas@....com> wrote:
> > On Wed, Jul 24, 2019 at 12:18:07PM -0700, syzbot wrote:
> > > syzbot found the following crash on:
> > >
> > > HEAD commit:    c6dd78fc Merge branch 'x86-urgent-for-linus' of git://git...
> > > git tree:       upstream
> > > console output: https://syzkaller.appspot.com/x/log.txt?x=15fffef4600000
> > > kernel config:  https://syzkaller.appspot.com/x/.config?x=8de7d700ea5ac607
> > > dashboard link: https://syzkaller.appspot.com/bug?extid=a871c1e6ea00685e73d7
> > > compiler:       gcc (GCC) 9.0.0 20181231 (experimental)
> > > syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=127b0334600000
> > > C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=12609e94600000
> > >
> > > The bug was bisected to:
> > >
> > > commit 0e5f7d0b39e1f184dc25e3adb580c79e85332167
> > > Author: Nicolas Ferre <nicolas.ferre@...el.com>
> > > Date:   Wed Mar 16 13:19:49 2016 +0000
> > >
> > >     ARM: dts: at91: shdwc binding: add new shutdown controller documentation
> >
> > That's another wrong commit identification (a documentation patch should
> > not cause a memory leak).
> >
> > I don't really think kmemleak, with its relatively high rate of false
> > positives, is suitable for automated testing like syzbot. You could
> 
> Do you mean automated testing in general, or bisection only?
> The wrong commit identification is related to bisection only, but you
> generalized it to automated testing in general. So which exactly you
> mean?

I probably meant both. In terms of automated testing and reporting, if
the false positives rate is high, people start ignoring the reports. So
it requires some human checking first (or make the tool more robust).

W.r.t. bisection, the false negatives (rather than positives) will cause
the tool to miss the problematic commit and misreport. I'm not sure you
can make the reporting deterministic on successive runs given that you
changed the kernel HEAD (for bisection). But it may get better if you
have a "stopscan" kmemleak option which freezes the machine during
scanning (it has been discussed in the past but I really struggle to
find time to work on it; any help appreciated ;)).

-- 
Catalin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ