lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <900A37C1-9A21-46DF-8416-B8ABF1D0667C@m.fudan.edu.cn>
Date: Fri, 24 Jan 2025 20:22:57 +0800
From: Kun Hu <huk23@...udan.edu.cn>
To: Kent Overstreet <kent.overstreet@...ux.dev>
Cc: Dmitry Vyukov <dvyukov@...gle.com>,
 Jan Kara <jack@...e.cz>,
 linux-fsdevel@...r.kernel.org,
 linux-kernel@...r.kernel.org,
 linux-bcachefs@...r.kernel.org,
 syzkaller@...glegroups.com
Subject: Re: Bug: INFO_ task hung in lock_two_nondirectories


> 
> Again: the standard mantra is "work wth upstream". If you forked syzbot
> and you're working on fuzzing, syzbot is your upstream, not the kernel.
> 
> If you work with the syzbot people on getting your fuzz testing
> improvements merged, the process of reporting the bugs fuzzing finds to
> us kernel folks won't be on your plate anymore, and you get to focus on
> the stuff you actually want to be doing. :)
> 
>> Link: https://github.com/google/syzkaller/blob/master/docs/linux/reporting_kernel_bugs.md
>> 
>> It is often suggested that researchers collaborate with syzbot. What
>> should such collaboration look like in terms of form and content? From
>> a maintainer's perspective, how would you prefer to see researchers
>> who report bugs work with syzbot? Since I’m new to this field, I’m not
>> very familiar with the process and would greatly appreciate your
>> guidance.
> 
> Talk to the syzbot folks, they're a friendly bunch :)
> 
> The main thing to keep in mind is that it's never _just_ about getting
> your code merged, you need to spend some time learning the lay of the
> land so you can understand where your work fits in, and what people need
> and are interested in - you want to make sure that you're not
> duplicating work, and you want your code to be as maintainable and
> broadly useful to everone else as it can be.
> 
> Have you shared with them what your research interests are?


Sorry for late. Thank you very much for your advice, we’ll try to work with the syzbot community. 

But an interesting interaction relationship is that for researchers from academia to prove the advanced technology of their fuzzer, they seem to need to use their personal finding of real-world bugs as an important experimental metric. I think that's why you get reports that are modeled after syzbot (the official description of syzkaller describes the process for independent reports). If the quality of the individual reports is low, it does affect the judgment of the maintainer, but also it is also a waste of everyone's time.

This seems to be a problem that exists in the linux, syzbot community and academia….

———————————
Best,
Kun

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ