Re: BUG: WARNING in retire_sysctl_set

Re: BUG: WARNING in retire_sysctl_set

[Kees Cook]

Hi,

On Wed, Aug 28, 2024 at 02:16:34PM -0700, Xingyu Li wrote:
> We found a bug in Linux 6.10. It is possibly a logic   bug.
> The bug report is as follows, but unfortunately there is no generated
> syzkaller reproducer.

I see you've sent 44 reports like this recently[1], but only have
reproducers for 4 of them[2].

Without reproducers these reports aren't very helpful. There
are hundreds like them (many with reproducers) already at:
https://syzkaller.appspot.com/upstream

Please only send these kind of reports if you have a fix for them
(preferred) or a reproducer for an actual problem. This has been mentioned
a few times already[3][4]; have you seen these replies?

-Kees

[1] https://lore.kernel.org/all/?q=f%3Axli399%40
[2] https://lore.kernel.org/all/?q=f%3Axli399%40+%22The+reproducer%22
[3] https://lore.kernel.org/netdev/CANn89iK6rq0XWO5-R5CzA5YAv2ygaTA==EVh+O74VHGDBNqUoA@mail.gmail.com/
[4] https://lore.kernel.org/all/20240829011805.92574-1-kuniyu@amazon.com/

-- 
Kees Cook

Re: BUG: WARNING in retire_sysctl_set

[Xingyu Li]

This has been mentioned
a few times already[3][4]; have you seen these replies?

Sorry, I did not see this email
https://lore.kernel.org/netdev/CANn89iK6rq0XWO5-R5CzA5YAv2ygaTA==EVh+O74VHGDBNqUoA@mail.gmail.com/.
And I received this reply
https://lore.kernel.org/all/20240829011805.92574-1-kuniyu@amazon.com/
just 8 minutes before your response.
Previously, I did not have the experience to send emails about bug
reporting. Later, I will take care that I only send bug reports with
reproducer or with a patch.

but only have
reproducers for 4 of them[2].

Your search words may ignore some of my emails. In fact, it has 16 bug
reports with the C reproducer(previously, some of them is only given a
syzkaller reproducer, and I just checked to confirm that C reproducer
is given for each bug).

https://lore.kernel.org/all/CALAgD-4M6bv53fpWnb2vdu4kxnCe_7H3kbOvs3DBAd8DeRHYuw@mail.gmail.com/
https://lore.kernel.org/all/CALAgD-5cKJnWRsS_2rjL1P9pC0dbNX66b8x09p=DUx1kD+p6PQ@mail.gmail.com/
https://lore.kernel.org/all/CALAgD-7TsMdA7rjxfpheXc=MNqikEXY9TZNxJt4z9vm6Yfs5qQ@mail.gmail.com/
https://lore.kernel.org/all/CALAgD-6miPB6F2=89m90HzEGT4dmCX_ws1r26w7Vr8rtD8Z96Q@mail.gmail.com/
https://lore.kernel.org/all/CALAgD-6Uy-2kVrj05SeCiN4wZu75Vq5-TCEsiUGzYwzjO4+Ahg@mail.gmail.com/
https://lore.kernel.org/all/CALAgD-5myPieAa_9BY6RVfBjWT_8g48+S0CX7c=EihMzdwakxw@mail.gmail.com/
https://lore.kernel.org/all/CALAgD-718DVmcVHtgSFGKbgr0ePoUjN2ST=gBtdYtGX5GUqBQg@mail.gmail.com/
https://lore.kernel.org/all/CALAgD-5kt+F6S1aAwRhKMKb0KwFGzfJCWyHguotEvJGBBBvFkA@mail.gmail.com/
https://lore.kernel.org/all/CALAgD-7JNKw5m0wpGAN+ezCL-qn7LcTL5vgyBmQZKbf5BTNUCw@mail.gmail.com/
https://lore.kernel.org/all/CALAgD-6MJC+D0DzxLOpVvCbYzHE-r1YzNORtpOh-f+hgEkMjzg@mail.gmail.com/
https://lore.kernel.org/all/CALAgD-7hbfOzovnPqVqo6bqb1nHZ2WciUOTsz0Dtwsgr+yx04w@mail.gmail.com/
https://lore.kernel.org/all/CALAgD-4hkHVcCq2ycdwnA2hYDBMqijLUOfZgvf1WfFpU-8+42w@mail.gmail.com/
https://lore.kernel.org/all/CALAgD-6gJ4W1rPj=CWG7bFUPpEJnUjEhQd3uvH=7C=aGKb=CUQ@mail.gmail.com/
https://lore.kernel.org/all/CALAgD-7C3t=vRTvpnVvsZ_1YhgiiynDaX_ud0O6pxSBn3suADQ@mail.gmail.com/
https://lore.kernel.org/all/CALAgD-4b_yFdN4fwPxpXEpJkcxEwXBxRHeQjeA3x3rMX4JpUwA@mail.gmail.com/
https://lore.kernel.org/all/CALAgD-58VEomA47Srga5H-p6cZa0zPj+y3E1se0rHb3gj4UvyA@mail.gmail.com/


There
are hundreds like them (many with reproducers) already at:
https://syzkaller.appspot.com/upstream

In fact, the bugs that I report are fuzzed by the syzkaller templates
that we generated, but not those from the syzkaller official
templates. We want to find bugs that do not have the corresponding
official syzkaller template.
I also checked to make sure that the bugs I reported did not occur on syzbot.



On Wed, Aug 28, 2024 at 6:26 PM Kees Cook <kees@kernel.org> wrote:
>
> Hi,
>
> On Wed, Aug 28, 2024 at 02:16:34PM -0700, Xingyu Li wrote:
> > We found a bug in Linux 6.10. It is possibly a logic   bug.
> > The bug report is as follows, but unfortunately there is no generated
> > syzkaller reproducer.
>
> I see you've sent 44 reports like this recently[1], but only have
> reproducers for 4 of them[2].
>
> Without reproducers these reports aren't very helpful. There
> are hundreds like them (many with reproducers) already at:
> https://syzkaller.appspot.com/upstream
>
> Please only send these kind of reports if you have a fix for them
> (preferred) or a reproducer for an actual problem. This has been mentioned
> a few times already[3][4]; have you seen these replies?
>
> -Kees
>
> [1] https://lore.kernel.org/all/?q=f%3Axli399%40
> [2] https://lore.kernel.org/all/?q=f%3Axli399%40+%22The+reproducer%22
> [3] https://lore.kernel.org/netdev/CANn89iK6rq0XWO5-R5CzA5YAv2ygaTA==EVh+O74VHGDBNqUoA@mail.gmail.com/
> [4] https://lore.kernel.org/all/20240829011805.92574-1-kuniyu@amazon.com/
>
> --
> Kees Cook



--
Yours sincerely,
Xingyu

Re: BUG: WARNING in retire_sysctl_set

[Kees Cook]

On August 28, 2024 10:02:00 PM PDT, Xingyu Li <xli399@ucr.edu> wrote:
>In fact, the bugs that I report are fuzzed by the syzkaller templates
>that we generated, but not those from the syzkaller official
>templates. We want to find bugs that do not have the corresponding
>official syzkaller template.
>I also checked to make sure that the bugs I reported did not occur on syzbot.

That's excellent that you've developed better templates! Can you submit these to syzkaller upstream? Then the automated fuzzing CI dashboard will benefit (and save you the work of running and reporting the new finds).

-Kees

-- 
Kees Cook

Re: BUG: WARNING in retire_sysctl_set

[Yu Hao]

On Wed, Aug 28, 2024 at 10:33 PM Kees Cook <kees@kernel.org> wrote:
> That's excellent that you've developed better templates! Can you submit these to syzkaller upstream? Then the automated fuzzing CI dashboard will benefit (and save you the work of running and reporting the new finds).
Yes, we are also working on this.
And it also takes some time to figure out the differences in the
syscall descriptions and to satisfy syzkaller's style requirements.
So we are still working on the patch of syscall descriptions for Syzkaller.

Once again, we apologize for our mistakes of some helpless report
emails and thank you for your reminder and understanding.