On Wed, Jan 24, 2018 at 11:06:02AM -0600, Eric W. Biederman wrote: > Alan Cox <gno...@lxorguk.ukuu.org.uk> writes: > > > On Tue, 16 Jan 2018 09:34:01 +0100 > > Dmitry Vyukov <dvyu...@google.com> wrote: > > > >> On Tue, Jan 16, 2018 at 8:12 AM, Theodore Ts'o <ty...@mit.edu> wrote: > >> >> Outside of the bugs being considered as considered as security issues, > >> >> the bugs syzbot finds are generally things that don't affect anyone in > >> >> practice. So are very low on the priority of things to get fixed. > >> > >> Not sure why are you saying this, but syzbot has found lots of > >> hundreds of use-after-free's, out-of-bounds, information leaks, > >> deadlocks, vm escapes, etc. They have very direct stability and > >> security impact. > > > > Agreed - there may be some UI and presentation issues but it's found some > > really nasty little bugs. > > I am not certain it has always really found the bugs it hits. > > My experience tends towards a bug report with too little information > in the Oops to guess what went wrong, that I can not reproduce the > issue locally, that the no can reproduce, that was produced on a weird > tree, and with a reporter telling you they are only interested in > testing fixes. > > Which is a long way of saying if the UI issues are bad enough the issue > can not be identified in the code I am not certain we have actually > found a bug. > > So while I can see lots of potential in syzbot. I can't say if the it > is greater potential to get bugs fixed or to annoy developers with > complaints they can't do anything about.
I'm with Alan here, syzbot has found lots of nasty bugs in the areas of the kernel I maintain. Many of which are still on my TODO list to fix :) So yes, it's annoying to me at times as well, but it is good work here, and I hope to see it continue. greg k-h
