lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <63f12327-dd4b-5210-4de2-705af6bc4ba4@gmail.com>
Date:   Wed, 24 Jul 2019 08:39:05 +0200
From:   Eric Dumazet <eric.dumazet@...il.com>
To:     netdev@...r.kernel.org, "David S. Miller" <davem@...emloft.net>,
        Florian Westphal <fw@...len.de>,
        Ilya Maximets <i.maximets@...sung.com>,
        Eric Dumazet <edumazet@...gle.com>,
        David Ahern <dsahern@...il.com>, linux-kernel@...r.kernel.org,
        syzkaller-bugs@...glegroups.com
Subject: Re: Reminder: 99 open syzbot bugs in net subsystem



On 7/24/19 3:38 AM, Eric Biggers wrote:
> [This email was generated by a script.  Let me know if you have any suggestions
> to make it better, or if you want it re-generated with the latest status.]
> 
> Of the currently open syzbot reports against the upstream kernel, I've manually
> marked 99 of them as possibly being bugs in the net subsystem.  This category
> only includes the networking bugs that I couldn't assign to a more specific
> component (bpf, xfrm, bluetooth, tls, tipc, sctp, wireless, etc.).  I've listed
> these reports below, sorted by an algorithm that tries to list first the reports
> most likely to be still valid, important, and actionable.
> 
> Of these 99 bugs, 17 were seen in mainline in the last week.
> 
> Of these 99 bugs, 4 were bisected to commits from the following people:
> 
> 	Florian Westphal <fw@...len.de>
> 	Ilya Maximets <i.maximets@...sung.com>
> 	Eric Dumazet <edumazet@...gle.com>
> 	David Ahern <dsahern@...il.com>
> 
> If you believe a bug is no longer valid, please close the syzbot report by
> sending a '#syz fix', '#syz dup', or '#syz invalid' command in reply to the
> original thread, as explained at https://goo.gl/tpsmEJ#status
> 
> If you believe I misattributed a bug to the net subsystem, please let me know,
> and if possible forward the report to the correct people or mailing list.
>

Some of the bugs have been fixed already, before syzbot found them.

Why force human to be gentle to bots and actually replying to them ?

I usually simply wait that syzbot is finding the bug does not repro anymore,
but now if you send these emails, we will have even more pressure on us.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ