From: "Theodore Y. Ts'o" <tytso@mit.edu>
To: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Cc: syzbot <syzbot+a9a45987b8b2daabdc88@syzkaller.appspotmail.com>,
syzkaller-bugs@googlegroups.com, syzkaller@googlegroups.com,
adilger.kernel@dilger.ca, linux-ext4@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: kernel panic: EXT4-fs (device loop0): panic forced after error
Date: Sun, 6 May 2018 09:31:54 -0400 [thread overview]
Message-ID: <20180506133154.GS29205@thunk.org> (raw)
In-Reply-To: <d295f575-ba4b-b0ba-a856-405f9d393c9d@I-love.SAKURA.ne.jp>
On Sun, May 06, 2018 at 02:03:57PM +0900, Tetsuo Handa wrote:
>
> Since syzbot is hitting this error path inside mount() request, calling
> panic() when something went wrong inside mount() request might be
> overkill. We can recover without shutting down the system, can't we?
We could add a full kernel-mode fsck which gets run before mount ---
the question is how much complexity we want to add. If SELinux is
enabled, then we have to check xattr consinsistency, etc., etc.
> > I could mark this as a one-off invalid bug, but if syzkaller is going
> > to be generating classes of corrupted file systems like this, and are
> > going to be complaing about how this causes the kernel to crash, then
> > we have a fundamental syzkaller BUG.
> >
> If we won't try to recover this case, this specific report would be
> marked as "#syz invalid".
I can do that for this specific case. Howevre, I'd rather not have to
mark a large number of reports as invalid, if syz is going to produce
a large number of such things. Which is why I'm raising the questihon
--- is there any way we can make syz smart enough to not raise false
positvies in this case?
In the future I can see the repro attempting to actually do stuff with
the mounted file system, which is why I want to put my foot down now
before the only answer really is adding a kernel-mode fsck before the
file system is allowed to be mounted.
Root is always going to be able to crash the system. For example,
suppose syzkaller creates a repros which opens /dev/mem and starts
scribbling all over it. Would we be happy if it started creating
large number of reports for that class of "bug"?
- Ted
next prev parent reply other threads:[~2018-05-06 13:31 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-06 0:57 kernel panic: EXT4-fs (device loop0): panic forced after error syzbot
2018-05-06 2:24 ` Theodore Y. Ts'o
2018-05-06 5:03 ` Tetsuo Handa
2018-05-06 9:15 ` Dmitry Vyukov
2018-05-06 13:50 ` Theodore Y. Ts'o
2018-05-06 13:31 ` Theodore Y. Ts'o [this message]
2018-05-06 14:40 ` Tetsuo Handa
2018-05-06 20:30 ` Theodore Y. Ts'o
2018-05-14 9:12 ` Dmitry Vyukov
2018-06-12 14:01 ` Dmitry Vyukov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180506133154.GS29205@thunk.org \
--to=tytso@mit.edu \
--cc=adilger.kernel@dilger.ca \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=penguin-kernel@I-love.SAKURA.ne.jp \
--cc=syzbot+a9a45987b8b2daabdc88@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
--cc=syzkaller@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.