lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <CACT4Y+babw_2NJa+oym2VN7-Z4Bt_rZx2sMi68AD+1KzNpr=KQ@mail.gmail.com>
Date:   Wed, 21 Mar 2018 17:11:21 +0100
From:   Dmitry Vyukov <dvyukov@...gle.com>
To:     LKML <linux-kernel@...r.kernel.org>
Cc:     syzkaller <syzkaller@...glegroups.com>
Subject: syzbot dashboard

Hi,

syzkaller/syzbot dashboard is now live at:
https://syzkaller.appspot.com

syzbot is continuous fuzzing/reporting system based on syzkaller
fuzzer, currently it tests mainline tree and well as net-next and
bpf-next trees.

The dashboard shows info about active bugs reported by syzbot. There
are ~130 active bugs and I think ~2/3 of them are actionable (still
happen and have a reproducer or are simple enough to debug). For
active bugs you can see a bunch of additional info (when it started
happening, when it last happened, how frequently, on what
branches/commits and more crash reports, reproducers and duplicates).
For example:
https://syzkaller.appspot.com/bug?id=26cb120b31cd24d984fc16da67f50fb375c432a7
The report is now probably lost on LKML, but the crash still happens
and have a reproducer.

There are bugs in various pars of net subsystem, some in KVM, crypto,
keys, perf, tty, block, android drivers, loop device and a long tail
in other subsystems. If you are interested in health of a particular
subsystem, take a look for relevant bugs.

Some of the active bugs can be in fact already fixed. If so it makes
sense to tell syzbot about fixes to keep dashboard clean and enable
discovery of new similar bugs. syzbot uses Reported-by tags in commits
and #syz directives in emails to track these statuses. More details
are available at
https://github.com/google/syzkaller/blob/master/docs/syzbot.md

If syzkaller is not finding bugs in your subsystem, that's most likely
because it's not testing it. To test a particular subsystem syzkaller
needs some help in the form of interface descriptions (which are not
too hard to write, e.g.
https://github.com/google/syzkaller/blob/master/sys/linux/ipc.txt).
There is also source coverage report available at
https://storage.googleapis.com/syzkaller/cover/upstream.html (50MB),
so you can check if syzkaller currently covers your code or not and
how well.

And there is also a list of all fixed bugs so far:
https://syzkaller.appspot.com/?fixed=upstream

Thanks

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ