lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20190724190305.GG213255@gmail.com>
Date:   Wed, 24 Jul 2019 12:03:06 -0700
From:   Eric Biggers <ebiggers@...nel.org>
To:     Eric Dumazet <edumazet@...gle.com>
Cc:     David Miller <davem@...emloft.net>,
        Eric Dumazet <eric.dumazet@...il.com>,
        Dmitry Vyukov <dvyukov@...gle.com>,
        netdev <netdev@...r.kernel.org>, Florian Westphal <fw@...len.de>,
        i.maximets@...sung.com, David Ahern <dsahern@...il.com>,
        LKML <linux-kernel@...r.kernel.org>,
        syzkaller-bugs <syzkaller-bugs@...glegroups.com>
Subject: Re: Reminder: 99 open syzbot bugs in net subsystem

On Wed, Jul 24, 2019 at 08:52:54PM +0200, 'Eric Dumazet' via syzkaller-bugs wrote:
> On Wed, Jul 24, 2019 at 8:37 PM Eric Biggers <ebiggers@...nel.org> wrote:
> 
> > A huge number of valid open bugs are not being fixed, which is a fact.  We can
> > argue about what words to use to describe this situation, but it doesn't change
> > the situation itself.
> >
> > What is your proposed solution?
> 
> syzbot sends emails, plenty  of them, with many wrong bisection
> results, increasing the noise.
> 
> If nobody is interested, I am not sure sending copies of them
> repeatedly will be of any help.
> 
> Maybe a simple monthly reminder with one URL to go to the list of bugs
> would be less intrusive.
> 

The bogus bisection results is a known issue (which I'm trying to convince
Dmitry is important enough to fix...), which is why I manually reviewed all of
them and discarded out all the obviously incorrect ones.  My reminders only
include manually reviewed bisection results.  Obviously there will still be some
looked plausible but are actualy wrong, but I suspect the accuracy is around
80-90% rather than the 40-50% of the raw syzbot bisection results.

- Eric

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ