Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp1280442pxj; Fri, 4 Jun 2021 10:14:25 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzmK1YtJPXS2SENfSUtYhfXcJyGNftIGr/2Mfa8Hw7GfLiKrdsXitwysSCBe864ThGRhK6K X-Received: by 2002:a17:906:2b85:: with SMTP id m5mr5286699ejg.141.1622826865117; Fri, 04 Jun 2021 10:14:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1622826865; cv=none; d=google.com; s=arc-20160816; b=BbraTzGNojX5lMS5SMupBtRlQHBepRo8fyaIZT1Ogw0p4xIzWfVsvq6TC7uPdU7Qxj QpAtUsUn/q5jWAjJxZyuvgCOVYpREhjiSyYk/h872h7vTD3VQGpIrV4AR00SBRXSt9nO 9759eZQVBboKpuJ8PzMbQ6aeLzDdYLh9DwXN3Oifxx4YlKhznXwVxnKL7X3JZo/+ZxiH Hn10LDjasJ+fqgq1+ebqjJI/8H0CE3Ho2E0QksdW5M6Mp3a92WsS8uNxn5ktQ9EJ26Iv UR3Bej107egnO4oD/vbl/9HQLHwyitFo8gBrxBNictBCiVUmTbP4SdYuqQFlHvaCPhN+ fwhQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-language:content-transfer-encoding :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject:dkim-signature; bh=A8tbCM6Wzc7qo6yZiGdsvIizSfEsRxnGz4O8sqiJL1E=; b=KNfVGHPRcm16zpCcrPPq01uU8HB/f113kilxiFX6VxGD1AA63WAEcJNZHuy41Gb6Bn MPJYh36mC2o5hKiyykqdr4u/Zr0ridzHSWbYxoRtDccGYILSLsKqZZBrdnjDTy77bAXG Czj5FUEah8u1KgvXyeRhWfSi1Yt/HCSM49naxq5RN3ZvKJkpn8srL6VwYoB68zjRakcV PB0U9PMsTf8lct7AIGS5s6VKgUXA2N07+G9zfxQd0WqBznrztPAtAlih1rj9lbeFzABm kP8YzPdnwsRKqV8M0HmYltNx4CKk8iHgkmFonA7qmvdbBWtz8FS03kzcDX8Mhmo2mLKw eehw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=U2sHcJfD; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id l22si4875793edw.387.2021.06.04.10.13.46; Fri, 04 Jun 2021 10:14:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=U2sHcJfD; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230172AbhFDRMw (ORCPT + 99 others); Fri, 4 Jun 2021 13:12:52 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55162 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230291AbhFDRMw (ORCPT ); Fri, 4 Jun 2021 13:12:52 -0400 Received: from mail-pf1-x430.google.com (mail-pf1-x430.google.com [IPv6:2607:f8b0:4864:20::430]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B7897C061766; Fri, 4 Jun 2021 10:11:05 -0700 (PDT) Received: by mail-pf1-x430.google.com with SMTP id d16so7878949pfn.12; Fri, 04 Jun 2021 10:11:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding:content-language; bh=A8tbCM6Wzc7qo6yZiGdsvIizSfEsRxnGz4O8sqiJL1E=; b=U2sHcJfDvHRybYlqmBWoVOc2kUbloM0Fj22U0ID75V71unSVKnOkV1n7gWwKHuiR3i KDyk7b54zI9xQ8FjwgiXk9atJErIuQQb6FKVB7Eb77BJ2+9gBFUHDXHlACorNGyHLRf8 eJ/qvlujsTM3Uio1PVUQNnHYeP9UOLvPTw82KOcd0zidGop7+os19OrEanYTQy7BRwpG m6kQTnOA361m57UZWBsjyNK9T52/5xjGf+Ktw+J/0gh4Z8ncdFaqju0wA9wU++A9YNtx h3lH0Oy8rn4NImDq2O7iaOehec7WogPd20Uievoc1/odZFlPOMlHOx0nZNPN3jmsDLYG ZKDQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=A8tbCM6Wzc7qo6yZiGdsvIizSfEsRxnGz4O8sqiJL1E=; b=MMfBRrnVhu87/rzWMV5re0aikDmKWjzSPhoiiRfwCsxE00kvM7Z2M1EAgUsF8c2/jJ i8e+aOEZZX9nfL6JoObBC9Lc8u8TKGeEboFG848wcVYbfheJp8ATS94awbHoX/41Ea/U 8zWHokKLhAJvZK84EtPJQM2gQhzJEm50+Dz8KhO8Ssr5mPE0myEheqFq6LD7dWydy+Wd Gr2k8AMW5pUwvP1+hlId2JxGSZUSjPwFJwJMoyYWB/IhV7veR81vdhDYwGqJey0Prlrd o2DL4pfQJxt6S0oEgRvsJjQfmiR36WdUh7qUjAaNUuEX5IAyYb8Q9mq0nhv5xclcnb7r dSdw== X-Gm-Message-State: AOAM533tDaIRsL7qSYwu+5uKpOepmq3a3r6HWYbltMR3ydzp1MM3sa+b hIccAt8nyqUW1u0Ksg1Yy6FOhyABtudzDw== X-Received: by 2002:aa7:8888:0:b029:2ec:763f:4bcc with SMTP id z8-20020aa788880000b02902ec763f4bccmr5473095pfe.35.1622826665260; Fri, 04 Jun 2021 10:11:05 -0700 (PDT) Received: from [192.168.1.41] (096-040-190-174.res.spectrum.com. [96.40.190.174]) by smtp.gmail.com with ESMTPSA id x15sm2279010pfd.121.2021.06.04.10.11.03 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 04 Jun 2021 10:11:04 -0700 (PDT) Subject: Re: KASAN: use-after-free Read in hci_chan_del To: Greg KH Cc: davem@davemloft.net, johan.hedberg@gmail.com, kuba@kernel.org, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org, netdev@vger.kernel.org, syzkaller-bugs@googlegroups.com References: <000000000000adea7f05abeb19cf@google.com> From: SyzScope Message-ID: <0f489a64-f080-2f89-6e4a-d066aeaea519@gmail.com> Date: Fri, 4 Jun 2021 10:11:03 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org Hi Greg, > Who is working on and doing this "reseach project"? We are a group of researchers from University of California, Riverside (we introduced ourselves in an earlier email to security@kernel.org if you recall).  Please allow us to articulate the goal of our research. We'd be happy to hear your feedback and suggestions. > And what is it > doing to actually fix the issues that syzbot finds? Seems like that > would be a better solution instead of just trying to send emails saying, > in short "why isn't this reported issue fixed yet?" From our limited understanding, we know a key problem with syzbot bugs is that there are too many of them - more than what can be handled by developers and maintainers. Therefore, it seems some form of prioritization on bug fixing would be helpful. The goal of the SyzScope project is to *automatically* analyze the security impact of syzbot bugs, which helps with prioritizing bug fixes. In other words, when a syzbot bug is reported, we aim to attach a corresponding security impact "signal" to help developers make an informed decision on which ones to fix first. Currently,  SyzScope is a standalone prototype system that we plan to open source. We hope to keep developing it to make it more and more useful and have it eventually integrated into syzbot (we are in talks with Dmitry). We are happy to talk more offline (perhaps even in a zoom meeting if you would like). Thanks in advance for any feedback and suggestions you may have. On 6/4/2021 2:48 AM, Greg KH wrote: > On Tue, May 04, 2021 at 02:50:03PM -0700, ETenal wrote: >> Hi, >> >> This is SyzScope, a research project that aims to reveal high-risk >> primitives from a seemingly low-risk bug (UAF/OOB read, WARNING, BUG, etc.). > Who is working on and doing this "reseach project"? And what is it > doing to actually fix the issues that syzbot finds? Seems like that > would be a better solution instead of just trying to send emails saying, > in short "why isn't this reported issue fixed yet?" > > thanks, > > greg k-h >