Context
Carlini has hundreds of unvalidated kernel crashes. A kernel oracle that can:
- Parse the crash report
- Boot a matching kernel in QEMU
- Run the reproducer
- Check if KASAN/crash output matches the original report
...would reduce validation from hours (manual) to minutes (automated).
What to build
packages/core/src/triage/kernel-oracle.ts- Follows existing oracle pattern (
OracleResult interface)
- QEMU-based execution via Docker (reuses DockerExecutor pattern)
- Crash reproduction: compile reproducer, boot kernel, run, capture dmesg
- Matching: compare KASAN signatures, faulting function, crash type
- Severity classification: remote vs local, privilege boundary, heap vs stack
MVP scope
Start with a Docker container that has:
- Pre-built kernel with KASAN enabled
- QEMU + virtme for fast boot
- GCC for compiling C reproducers
- Script to run reproducer and capture output
none
Context
Carlini has hundreds of unvalidated kernel crashes. A kernel oracle that can:
...would reduce validation from hours (manual) to minutes (automated).
What to build
packages/core/src/triage/kernel-oracle.tsOracleResultinterface)MVP scope
Start with a Docker container that has:
none