Alan Cox <gno...@lxorguk.ukuu.org.uk> writes: > On Tue, 16 Jan 2018 09:34:01 +0100 > Dmitry Vyukov <dvyu...@google.com> wrote: > >> On Tue, Jan 16, 2018 at 8:12 AM, Theodore Ts'o <ty...@mit.edu> wrote: >> >> Outside of the bugs being considered as considered as security issues, >> >> the bugs syzbot finds are generally things that don't affect anyone in >> >> practice. So are very low on the priority of things to get fixed. >> >> Not sure why are you saying this, but syzbot has found lots of >> hundreds of use-after-free's, out-of-bounds, information leaks, >> deadlocks, vm escapes, etc. They have very direct stability and >> security impact. > > Agreed - there may be some UI and presentation issues but it's found some > really nasty little bugs.
I am not certain it has always really found the bugs it hits. My experience tends towards a bug report with too little information in the Oops to guess what went wrong, that I can not reproduce the issue locally, that the no can reproduce, that was produced on a weird tree, and with a reporter telling you they are only interested in testing fixes. Which is a long way of saying if the UI issues are bad enough the issue can not be identified in the code I am not certain we have actually found a bug. So while I can see lots of potential in syzbot. I can't say if the it is greater potential to get bugs fixed or to annoy developers with complaints they can't do anything about. Eric
