lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 03 Sep 2018 17:00:28 +0200
From:   Takashi Iwai <tiwai@...e.de>
To:     Dmitry Vyukov <dvyukov@...gle.com>
Cc:     syzbot <syzbot+194dffdb8b22fc5d207a@...kaller.appspotmail.com>,
        alsa-devel-bounces@...a-project.org, alsa-devel@...a-project.org,
        LKML <linux-kernel@...r.kernel.org>,
        Jaroslav Kysela <perex@...ex.cz>,
        syzkaller-bugs <syzkaller-bugs@...glegroups.com>
Subject: Re: KMSAN: uninit-value in snd_midi_event_encode_byte

On Mon, 03 Sep 2018 16:54:23 +0200,
Dmitry Vyukov wrote:
> 
> https://github.com/google/syzkaller/blob/master/docs/syzbot.md#kmsan-bugs
> is meant to be a complement to the previous generic descriptions of
> patch testing process, which is:
> https://github.com/google/syzkaller/blob/master/docs/syzbot.md#testing-patches
> 
> So, you always reply to the syzbot+HASH email address so that syzbot
> understands which bug we are talking about.
> Then you do either (omitting # so that syzbot won't consider that as
> actual test requests):
> 
> syz test: git://repo/address.git branch
> 
> or:
> 
> syz test: git://repo/address.git commit-hash
> 
> And then you can either attach a patch that needs to be applied on
> top, or not attach it (if it's already in the tree, or you just want
> to get another crash report).

OK, so far, so good, it's what I knew and have done a few times.


> For KMSAN you need to issue test request against
> "https//github.com/google/kmsan.git master" (that's the only tree that
> has KMSAN tool in it) and you need to attach/inline the patch (because
> your patch is obviously not there yet).
> 
> Does this make things more clear?

Sorry, the part "issue test request against https..." still isn't
clear.

Do you mean to open an issue entry on github, and attach the patch
there?


Takashi

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ