lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20180115135327.GA2206@amd>
Date:   Mon, 15 Jan 2018 14:53:27 +0100
From:   Pavel Machek <pavel@....cz>
To:     Dmitry Vyukov <dvyukov@...gle.com>
Cc:     Mike Galbraith <efault@....de>,
        LKML <linux-kernel@...r.kernel.org>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        syzkaller <syzkaller@...glegroups.com>
Subject: Re: LKML admins (syzbot emails are not delivered)

Hi!

> >> In lots of cases (~50%) quality of syzbot reports is equal to human
> >> reports, or _higher_.
> >> It provides exact kernel commit, config, compiler, stand-alone C
> >> reproducer and a nice, symbolized report even with inline frames. You
> >> don't always get all of this from human reports.
> >>
> >> In the remaining cases (no reproducer), quality of syzbot reports is
> >> the _same_ as for human reports.
> >> Say, your machine randomly crashes. You reboot it, but it crashes
> >> again after some time. You try to repeat what you did before the crash
> >> (say, opened a particular web page), but it does not reproduce the
> >> crash. But one way or another, it happened and it's a kernel bug
> >
> > I have not seen a good quality report from syzbot, yet.
> 
> I don't know how many you checked, so I don't know how to interpret this.
> If you want to see one, grep kernel commit log for syzbot, get bug id,
> search for it in
> https://groups.google.com/forum/#!forum/syzkaller-bugs
> 
> 
> > Normally, humans agregate test reports, and test patches etc. Can you
> > step between robot and lkml, and provide same services humans usually
> > provide?
> 
> syzbot does all of this already.

Does it? Because its documentation says otherwise:

syzbot will keep track of this bug report.
Once a fix for this bug is merged into any tree, reply to this email
with:
#syz fix: exact-commit-title
To mark this as a duplicate of another syzbot report, please reply
with:
#syz dup: exact-subject-of-another-report
If it's a one-off invalid bug report, please reply with:
#syz invalid
Note: if the crash happens again, it will cause creation of a new bug
report.
Note: all commands must start from beginning of the line in the email
body.

_You_ should be doing duplicates processing, and preferably you should
also take care to translate replies into something syzbot
understand. Reports should come from your email adress, and you should
really handle replies that do not come in required format.

									Pavel

-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

Download attachment "signature.asc" of type "application/pgp-signature" (182 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ