lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Sun, 11 Dec 2022 08:39:18 +0000
From:   Al Viro <viro@...iv.linux.org.uk>
To:     Hillf Danton <hdanton@...a.com>
Cc:     syzbot <syzbot+919c5a9be8433b8bf201@...kaller.appspotmail.com>,
        linux-kernel@...r.kernel.org, linux-mm@...ck.org,
        syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] WARNING in do_mkdirat

On Sun, Dec 11, 2022 at 03:56:12PM +0800, Hillf Danton wrote:
> On 11 Dec 2022 02:52:57 +0000 Al Viro <viro@...iv.linux.org.uk>
> > On Sat, Dec 10, 2022 at 06:30:22PM -0800, syzbot wrote:
> > > Hello,
> > > 
> > > syzbot has tested the proposed patch but the reproducer is still triggering an issue:
> > > WARNING in done_path_create
> > 
> > How many times does it need to be repeated that ANY BUG REPORTS INVOLVING NTFS3 IN
> > REPRODUCER NEED TO BE CCED TO MAINTAINERS OF NTFS3?
> > 
> > I'm done with any syzbot output.  From now on it's getting triaged
> > straight to /dev/null here.
> 
> Calm downnnnnn Sir even if this is not the east ender style.
> 
> Frankly no interest here at all wasting any network bandwidth just to get you
> interrupted if it would take less than 72 hours to discover one of the beatles
> you created. And actually more than double check is needed to ensure who
> did that.

	The first iterations of the same suggestion had been a lot calmer...
One of the earlier examples: https://lore.kernel.org/all/YzEJ2D8kga+ZRDZx@ZenIV/
And I distinctly remember similar attempts from other folks.

	It's really a matter of triage; as it is, syzkaller folks are
expecting that any mail from the bot will be looked into by everyone
on fsdevel, on the off-chance that it's relevant for them.  What's
more, it's not just "read the mail" - information in the mail body
is next to useless in such situations.  So you are asking to
	* start a browser
	* cut'n'paste the URL from MUA
	* dig around in the files linked to the damn thing
... all of that for an fs maintainer to see if his filesystem is
even present?  Seriously?  For each syzbot fsdevel posting?

	I would have looked at it anyway; granted, seeing ntfs3 I'd chalked
it up to ntfs bugs (fs/ntfs3 has not been there for long and it didn't get
outright memory corruptors beaten out of it yet).

	But how the bleeding hell are ntfs folks supposed to guess that
this report might be relevant for them?  Same for XFS, ext4, orangefs,
et sodding cetera - and for most of those any of such reports would've
ended up wasted time for the good and simple reasons that it's not
any fs they'd been involved with.

	What really pisses me off is that on the sending side the
required check is trivial - if you are going to fuzz a filesystem,
put a note into report, preferably in subject.  Sure, it's your
code, you get to decide what to spend your time upon (you == syzkaller
maintainers).  But please keep in mind that for recepients it's
a lot of recurring work, worthless for the majority of those who
end up bothering with it.  Every time they receive a mail from
that source.

	Ignore polite suggestions enough times, earn a mix of
impolite ones and .procmailrc recipes, it's that simple...

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ