| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 21 Mar 2018 17:11:21 +0100 From: Dmitry Vyukov <dvyukov@...gle.com> To: LKML <linux-kernel@...r.kernel.org> Cc: syzkaller <syzkaller@...glegroups.com> Subject: syzbot dashboard Hi, syzkaller/syzbot dashboard is now live at: https://syzkaller.appspot.com syzbot is continuous fuzzing/reporting system based on syzkaller fuzzer, currently it tests mainline tree and well as net-next and bpf-next trees. The dashboard shows info about active bugs reported by syzbot. There are ~130 active bugs and I think ~2/3 of them are actionable (still happen and have a reproducer or are simple enough to debug). For active bugs you can see a bunch of additional info (when it started happening, when it last happened, how frequently, on what branches/commits and more crash reports, reproducers and duplicates). For example: https://syzkaller.appspot.com/bug?id=26cb120b31cd24d984fc16da67f50fb375c432a7 The report is now probably lost on LKML, but the crash still happens and have a reproducer. There are bugs in various pars of net subsystem, some in KVM, crypto, keys, perf, tty, block, android drivers, loop device and a long tail in other subsystems. If you are interested in health of a particular subsystem, take a look for relevant bugs. Some of the active bugs can be in fact already fixed. If so it makes sense to tell syzbot about fixes to keep dashboard clean and enable discovery of new similar bugs. syzbot uses Reported-by tags in commits and #syz directives in emails to track these statuses. More details are available at https://github.com/google/syzkaller/blob/master/docs/syzbot.md If syzkaller is not finding bugs in your subsystem, that's most likely because it's not testing it. To test a particular subsystem syzkaller needs some help in the form of interface descriptions (which are not too hard to write, e.g. https://github.com/google/syzkaller/blob/master/sys/linux/ipc.txt). There is also source coverage report available at https://storage.googleapis.com/syzkaller/cover/upstream.html (50MB), so you can check if syzkaller currently covers your code or not and how well. And there is also a list of all fixed bugs so far: https://syzkaller.appspot.com/?fixed=upstream Thanks
Powered by blists - more mailing lists