lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <11ccf63c-2822-1e1e-6f4b-833136d46628@kernel.dk>
Date:   Mon, 27 Mar 2023 14:00:29 -0600
From:   Jens Axboe <axboe@...nel.dk>
To:     Eric Biggers <ebiggers@...nel.org>
Cc:     Aleksandr Nogikh <nogikh@...gle.com>, io-uring@...r.kernel.org,
        linux-kernel@...r.kernel.org, syzkaller-bugs@...glegroups.com,
        syzbot <syzbot+lista29bb0eabb2ddbae6f4a@...kaller.appspotmail.com>
Subject: Re: [syzbot] Monthly io-uring report

On 3/27/23 1:56 PM, Eric Biggers wrote:
> On Mon, Mar 27, 2023 at 01:25:14PM -0600, Jens Axboe wrote:
>> On 3/27/23 1:21?PM, Eric Biggers wrote:
>>> On Mon, Mar 27, 2023 at 04:01:54AM -0700, syzbot wrote:
>>>> Hello io-uring maintainers/developers,
>>>>
>>>> This is a 30-day syzbot report for the io-uring subsystem.
>>>> All related reports/information can be found at:
>>>> https://syzkaller.appspot.com/upstream/s/io-uring
>>>>
>>>> During the period, 5 new issues were detected and 0 were fixed.
>>>> In total, 49 issues are still open and 105 have been fixed so far.
>>>>
>>>> Some of the still happening issues:
>>>>
>>>> Crashes Repro Title
>>>> 3393    Yes   WARNING in io_ring_exit_work
>>>>               https://syzkaller.appspot.com/bug?extid=00e15cda746c5bc70e24
>>>> 3241    Yes   general protection fault in try_to_wake_up (2)
>>>>               https://syzkaller.appspot.com/bug?extid=b4a81dc8727e513f364d
>>>> 1873    Yes   WARNING in split_huge_page_to_list (2)
>>>>               https://syzkaller.appspot.com/bug?extid=07a218429c8d19b1fb25
>>>> 772     Yes   INFO: task hung in io_ring_exit_work
>>>>               https://syzkaller.appspot.com/bug?extid=93f72b3885406bb09e0d
>>>> 718     Yes   KASAN: use-after-free Read in io_poll_remove_entries
>>>>               https://syzkaller.appspot.com/bug?extid=cd301bb6523ea8cc8ca2
>>>> 443     Yes   KMSAN: uninit-value in io_req_cqe_overflow
>>>>               https://syzkaller.appspot.com/bug?extid=12dde80bf174ac8ae285
>>>> 73      Yes   INFO: task hung in io_wq_put_and_exit (3)
>>>>               https://syzkaller.appspot.com/bug?extid=adb05ed2853417be49ce
>>>> 38      Yes   KASAN: use-after-free Read in nfc_llcp_find_local
>>>>               https://syzkaller.appspot.com/bug?extid=e7ac69e6a5d806180b40
>>>>
>>>> ---
>>>> This report is generated by a bot. It may contain errors.
>>>> See https://goo.gl/tpsmEJ for more information about syzbot.
>>>> syzbot engineers can be reached at syzkaller@...glegroups.com.
>>>
>>> Thanks for getting syzbot to classify reports by subsystem and send these
>>> reminders!  These should be very helpful over time.
>>>
>>> One thing that is missing in these reminders is a mention of how to change the
>>> subsystem of miscategorized bugs.  Yes, it's in https://goo.gl/tpsmEJ halfway
>>> down the page, but it's not obvious.
>>>
>>> I think adding something like "See https://goo.gl/tpsmEJ#subsystems for how to
>>> change the subsystem of miscategorized reports" would be helpful.  Probably not
>>> in all syzbot emails, but just in these remainder emails.
>>
>> I did go poke, it is listed off the reports too. But it'd be really
>> handy if you could do this on the web page. When I see a report like
>> that that's not for me, I just archive it. And like any chatter with
>> syzbot, I have to look up what to reply to it every time. It'd be a lot
>> easy if I could just click on that page to either mark as invalid
>> (providing the info there) or move it to another subsystem.
>>
> 
> Well, one problem that syzbot has to deal with is that to meet the kernel
> community's needs, it can't require authentication to issue commands.
> 
> I understand that the current email-only interface, where all commands are Cc'ed
> to the syzkaller-bug mailing list, makes that not a complete disaster currently.
> 
> I'd imagine that if anyone could just go to a web page and mess around with bug
> statuses with no authentication, that might be more problematic.

What prevents anyone from just sending an email to the syzbot issue email
and modifying it?

I love using email as it's easier when you're replying anyway, but the
problem is that I can never remember the magic incantations that I need
to send it. So I invariably click the link ANYWAY to find out what to
reply, and now it's more hassle using email. Maybe we can solve this by
making the email footer actually contain the common responses? Then
I would not have to click, switch desktops, scroll to find, copy part
of it, switch desktops, paste into email, open terminal to generate
the rest, switch back to email, paste in, click send. It really isn't
a very pleasurable experience.

-- 
Jens Axboe


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ