lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 21 Jan 2021 13:49:43 +0100
From:   Lukas Bulwahn <lukas.bulwahn@...il.com>
To:     慕冬亮 <mudongliangabcd@...il.com>
Cc:     Greg KH <gregkh@...uxfoundation.org>, jirislaby@...nel.org,
        linux-kernel <linux-kernel@...r.kernel.org>,
        syzkaller-bugs <syzkaller-bugs@...glegroups.com>,
        syzkaller <syzkaller@...glegroups.com>
Subject: Re: "possible deadlock in console_lock_spinning_enable" and "possible
 deadlock in console_unlock" should be duplicate crash behaviors

On Thu, Jan 21, 2021 at 6:37 AM 慕冬亮 <mudongliangabcd@...il.com> wrote:
>
> Dear kernel developers,
>
> I found that on the syzbot dashboard, “possible deadlock in
> console_lock_spinning_enable”[1] and "possible deadlock in
> console_unlock"[2] should share the same root cause.
>
> The reasons for the above statement:
> 1) the stack trace is the same, and this title difference is due to
> the inline property of "console_lock_spinning_enable";
> 2) their PoCs are the same as each other;
>
> If you can have any issues with this statement or our information is
> useful to you, please let us know. Thanks very much.
>
> [1] “possible deadlock in console_lock_spinning_enable” -
> https://syzkaller.appspot.com/bug?id=2820deb61d92a8d7ab17a56ced58e963e65d76d0
> [2] “possible deadlock in console_unlock” -
> https://syzkaller.appspot.com/bug?id=39ea6caa479af471183997376dc7e90bc7d64a6a
>
>

Dongliang, what is the purpose of this activity?

Why do inform the kernel maintainers that two issues share the root cause?

How does this activity contribute to fixing the bugs? Why does it
become easier to fix the issue/create a patch with the information you
provide?
(Honestly, I do not see how it does. I believe if anyone becomes
active and fixes the issue due to either one of the two reports, the
one report would be closed by the reported-by tag and the other report
would simply disappear after time because it could never be reproduced
and hence, syzbot would close it.)

Would it not be more reasonable to fix issues rather than identifying
duplicates in the automatically filled and managed database?

Best regards,

Lukas

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ