From: Al Viro <viro@zeniv.linux.org.uk>
To: Dmitry Vyukov <dvyukov@google.com>
Cc: syzbot <syzbot+73c7fe4f77776505299b@syzkaller.appspotmail.com>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
sabin.rapan@gmail.com,
syzkaller-bugs <syzkaller-bugs@googlegroups.com>
Subject: Re: BUG: unable to handle kernel paging request in do_mount
Date: Sat, 18 May 2019 17:26:03 +0100 [thread overview]
Message-ID: <20190518162602.GA24337@ZenIV.linux.org.uk> (raw)
In-Reply-To: <20190518162142.GH17978@ZenIV.linux.org.uk>
On Sat, May 18, 2019 at 05:21:42PM +0100, Al Viro wrote:
> On Sat, May 18, 2019 at 05:00:39PM +0200, Dmitry Vyukov wrote:
> > On Fri, May 17, 2019 at 4:08 PM Dmitry Vyukov <dvyukov@google.com> wrote:
> > >
> > > On Fri, May 17, 2019 at 3:48 PM Al Viro <viro@zeniv.linux.org.uk> wrote:
> > > >
> > > > On Fri, May 17, 2019 at 03:17:02AM -0700, syzbot wrote:
> > > > > This bug is marked as fixed by commit:
> > > > > vfs: namespace: error pointer dereference in do_remount()
> > > > > But I can't find it in any tested tree for more than 90 days.
> > > > > Is it a correct commit? Please update it by replying:
> > > > > #syz fix: exact-commit-title
> > > > > Until then the bug is still considered open and
> > > > > new crashes with the same signature are ignored.
> > > >
> > > > Could somebody explain how the following situation is supposed to
> > > > be handled:
> > > >
> > > > 1) branch B1 with commits C1, C2, C3, C4 is pushed out
> > > > 2) C2 turns out to have a bug, which gets caught and fixed
> > > > 3) fix is folded in and branch B2 with C1, C2', C3', C4' is
> > > > pushed out. The bug is not in it anymore.
> > > > 4) B1 is left mouldering (or is entirely removed); B2 is
> > > > eventually merged into other trees.
> > > >
> > > > This is normal and it appears to be problematic for syzbot.
> > > > How to deal with that? One thing I will *NOT* do in such
> > > > situations is giving up on folding the fixes in. Bisection
> > > > hazards alone make that a bad idea.
> > >
> > > linux-next creates a bit of a havoc.
> > >
> > > The ideal way of handling this is including Tested-by: tag into C2'.
> > > Reported-by: would work too, but people suggested that Reported-by: is
> > > confusing in this situation because it suggests that the commit fixes
> > > a bug in some previous commit. Technically, syzbot now accepts any
> > > tag, so With-inputs-from:
> > > syzbot+73c7fe4f77776505299b@syzkaller.appspotmail.com would work too.
> > >
> > > At this point we obvious can't fix up C2'. For such cases syzbot
> > > accepts #syz fix command to associate bugs with fixes. So replying
> > > with "#syz fix: C2'-commit-title" should do.
> >
> > What is that C2'?
>
> In this case? Take a look at
>
> commit fd0002870b453c58d0d8c195954f5049bc6675fb
> Author: David Howells <dhowells@redhat.com>
> Date: Tue Aug 28 14:45:06 2018 +0100
>
> vfs: Implement a filesystem superblock creation/configuration context
>
> and compare with
>
> commit f18edd10d3c7d6127b1fa97c8f3299629cf58ed5
> Author: David Howells <dhowells@redhat.com>
> Date: Thu Nov 1 23:07:25 2018 +0000
>
> vfs: Implement a filesystem superblock creation/configuration context
>
> There might have been intermediate forms, but that should illustrate what
> happened.
While we are at it, even the latter form has *not* made it into the
mainline. It got split, reordered and massaged quite a bit; the counterpart
of the code in question that went into mainline is
+ fc = fs_context_for_reconfigure(path->dentry, sb_flags, MS_RMT_MASK);
+ if (IS_ERR(fc))
+ return PTR_ERR(fc);
in commit 8d0347f6c3a9d4953ddd636a31c6584da082e084
Author: David Howells <dhowells@redhat.com>
Date: Sun Nov 4 09:28:36 2018 -0500
convert do_remount_sb() to fs_context
next prev parent reply other threads:[~2019-05-18 16:26 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-21 6:44 BUG: unable to handle kernel paging request in do_mount syzbot
2018-09-24 16:09 ` Sabin Rapan
2019-02-22 10:13 ` syzbot
2019-03-08 10:14 ` syzbot
2019-03-22 10:14 ` syzbot
2019-04-05 10:15 ` syzbot
2019-04-19 10:16 ` syzbot
2019-05-03 10:16 ` syzbot
2019-05-17 10:17 ` syzbot
2019-05-17 13:48 ` Al Viro
2019-05-17 14:08 ` Dmitry Vyukov
2019-05-18 15:00 ` Dmitry Vyukov
2019-05-18 16:21 ` Al Viro
2019-05-18 16:26 ` Al Viro [this message]
2019-05-18 20:18 ` Theodore Ts'o
2019-05-18 21:41 ` Al Viro
2019-05-20 14:22 ` Dmitry Vyukov
2019-05-20 16:22 ` Dmitry Vyukov
2019-05-20 14:12 ` Dmitry Vyukov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190518162602.GA24337@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=dvyukov@google.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=sabin.rapan@gmail.com \
--cc=syzbot+73c7fe4f77776505299b@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.