From: Greg KH <gregkh@linuxfoundation.org>
To: SyzScope <syzscope@gmail.com>
Cc: davem@davemloft.net, johan.hedberg@gmail.com, kuba@kernel.org,
linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org,
marcel@holtmann.org, netdev@vger.kernel.org,
syzkaller-bugs@googlegroups.com
Subject: Re: KASAN: use-after-free Read in hci_chan_del
Date: Sun, 6 Jun 2021 07:16:00 +0200 [thread overview]
Message-ID: <YLxaEJQ5CR3xMLnC@kroah.com> (raw)
In-Reply-To: <d37fecad-eed3-5eb8-e30a-ebb912e3a073@gmail.com>
On Sat, Jun 05, 2021 at 11:12:49AM -0700, SyzScope wrote:
> Hi Greg,
>
> > I do not recall that, sorry, when was that?
> We sent an email to security@kernel.org from xzou017@ucr.edu account on May
> 20, the title is "KASAN: use-after-free Read in hci_chan_del has dangerous
> security impact".
So you used a different email address and we were supposed to know how
to correlate between the two? How?
> > Is that really the reason why syzbot-reported problems are not being
> > fixed? Just because we don't know which ones are more "important"?
> >
> > As someone who has been managing many interns for a year or so working
> > on these, I do not think that is the problem, but hey, what do I know...
>
> Perhaps we misunderstood the problem of syzbot-generated bugs. Our
> understanding is that if a syzbot-generated bug is exploited in the wild
> and/or the exploit code is made publicly available somehow, then the bug
> will be fixed in a prioritized fashion. If our understanding is correct,
> wouldn't it be nice if we, as good guys, can figure out which bugs are
> security-critical and patch them before the bad guys exploit them.
The "problem" is that no one seems willing to provide the resources to
fix the issues being found as quickly as they are being found. It
usually takes an exponentially longer amount of time for a fix than to
find the problem. Try it yourself and see! Fix these issues that your
tool is somehow categorizing as "more important" and let us know how it
goes.
Or is just fixing found bugs somehow not as much fun as writing new
tools?
good luck!
greg k-h
next prev parent reply other threads:[~2021-06-06 5:16 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-02 20:45 KASAN: use-after-free Read in hci_chan_del syzbot
2020-08-03 17:08 ` syzbot
2021-05-04 21:50 ` ETenal
2021-05-06 6:01 ` Dan Carpenter
2021-05-06 6:42 ` SyzScope
2021-06-04 9:48 ` Greg KH
2021-06-04 17:11 ` SyzScope
2021-06-05 7:43 ` Greg KH
2021-06-05 18:12 ` SyzScope
2021-06-06 5:16 ` Greg KH [this message]
2021-06-06 5:29 ` Leon Romanovsky
2021-06-06 5:06 ` Leon Romanovsky
[not found] ` <20210606085004.12212-1-hdanton@sina.com>
2021-06-06 9:54 ` Greg KH
[not found] ` <20210607074828.3259-1-hdanton@sina.com>
2021-06-07 7:55 ` Greg KH
[not found] ` <20210607100201.3345-1-hdanton@sina.com>
2021-06-07 10:31 ` Greg KH
[not found] ` <20210608081800.3484-1-hdanton@sina.com>
2021-06-08 8:40 ` Greg KH
2021-05-28 21:12 ` SyzScope
2021-06-03 18:30 ` SyzScope
2021-06-03 18:36 ` Greg KH
2021-06-07 10:21 ` Jason A. Donenfeld
2021-06-07 10:28 ` Dmitry Vyukov
2021-06-07 11:20 ` Greg KH
2021-06-07 18:26 ` SyzScope
2021-06-08 8:46 ` Greg KH
2021-06-08 8:53 ` Dan Carpenter
2021-06-07 22:25 ` [syzbot] " syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YLxaEJQ5CR3xMLnC@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=johan.hedberg@gmail.com \
--cc=kuba@kernel.org \
--cc=linux-bluetooth@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=marcel@holtmann.org \
--cc=netdev@vger.kernel.org \
--cc=syzkaller-bugs@googlegroups.com \
--cc=syzscope@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).