Dave Jones <da...@codemonkey.org.uk> writes: > On Mon, Dec 18, 2017 at 03:50:52PM -0800, Linus Torvalds wrote: > > > But I don't see what would have changed in this area recently. > > > > Do you end up saving the seeds that cause crashes? Is this > > reproducible? (Other than seeing it twoce, of course) > > Only clue so far, is every time I'm able to trigger it, the last thing > the child process that triggers it did, was an execveat.
Is there any chance the excveat might be called from a child thread? That switching pids between tasks of a process during exec can get a little bit tricky. > Telling it to just fuzz execveat doesn't instantly trigger it, so it > must be a combination of some other syscall. I'll leave a script running > overnight to see if I can binary search the other syscalls in > combination with it. Could we have a buggy syscall that is stomping something? > One other thing: I said this was rc4, but it was actually rc4 + all the > x86 stuff from today. There's enough creepy stuff in that pile, that > I'll try with just plain rc4 tomorrow too. Eric