Re: general protection fault in kernfs_kill_sb (2)

Hi Al, On Mon, 14 May 2018 05:04:15 +0100 Al Viro wrote: > > On Mon, May 14, 2018 at 12:20:16PM +0900, Tetsuo Handa wrote: > > > But there remains a refcount bug because deactivate_locked_super() from > > kernfs_mount_ns() triggers kobj_ns_drop() from sysfs_kill_sb()

Re: general protection fault in kernfs_kill_sb (2)

Hi Al, On Mon, 14 May 2018 05:04:15 +0100 Al Viro wrote: > > On Mon, May 14, 2018 at 12:20:16PM +0900, Tetsuo Handa wrote: > > > But there remains a refcount bug because deactivate_locked_super() from > > kernfs_mount_ns() triggers kobj_ns_drop() from sysfs_kill_sb() via > > sb->kill_sb() when

Re: general protection fault in kernfs_kill_sb (2)

On Mon, May 14, 2018 at 05:04:15AM +0100, Al Viro wrote: > diff --git a/fs/sysfs/mount.c b/fs/sysfs/mount.c > index b428d317ae92..92682fcc41f6 100644 > --- a/fs/sysfs/mount.c > +++ b/fs/sysfs/mount.c > @@ -25,7 +25,7 @@ static struct dentry *sysfs_mount(struct file_system_type > *fs_type, > { >

Re: general protection fault in kernfs_kill_sb (2)

On Mon, May 14, 2018 at 05:04:15AM +0100, Al Viro wrote: > diff --git a/fs/sysfs/mount.c b/fs/sysfs/mount.c > index b428d317ae92..92682fcc41f6 100644 > --- a/fs/sysfs/mount.c > +++ b/fs/sysfs/mount.c > @@ -25,7 +25,7 @@ static struct dentry *sysfs_mount(struct file_system_type > *fs_type, > { >

Re: general protection fault in kernfs_kill_sb (2)

On Mon, May 14, 2018 at 12:20:16PM +0900, Tetsuo Handa wrote: > But there remains a refcount bug because deactivate_locked_super() from > kernfs_mount_ns() triggers kobj_ns_drop() from sysfs_kill_sb() via > sb->kill_sb() when kobj_ns_drop() is always called by sysfs_mount() > if kernfs_mount_ns()

Re: general protection fault in kernfs_kill_sb (2)

On Mon, May 14, 2018 at 12:20:16PM +0900, Tetsuo Handa wrote: > But there remains a refcount bug because deactivate_locked_super() from > kernfs_mount_ns() triggers kobj_ns_drop() from sysfs_kill_sb() via > sb->kill_sb() when kobj_ns_drop() is always called by sysfs_mount() > if kernfs_mount_ns()

Re: general protection fault in kernfs_kill_sb (2)

On Sun, May 13, 2018 at 11:19:46AM +0900, Tetsuo Handa wrote: > This is what I reported at > https://groups.google.com/d/msg/syzkaller-bugs/ISOJlV2I2QM/qHslGMi3AwAJ . > > We are currently waiting for comments from Al Viro. 1) the damn thing is unusable without javashit. Which gets about the

Re: general protection fault in kernfs_kill_sb (2)

On Sun, May 13, 2018 at 11:19:46AM +0900, Tetsuo Handa wrote: > This is what I reported at > https://groups.google.com/d/msg/syzkaller-bugs/ISOJlV2I2QM/qHslGMi3AwAJ . > > We are currently waiting for comments from Al Viro. 1) the damn thing is unusable without javashit. Which gets about the

Re: general protection fault in kernfs_kill_sb (2)

On 2018/05/13 2:01, syzbot wrote: > Call Trace: >  __list_del_entry include/linux/list.h:117 [inline] >  list_del include/linux/list.h:125 [inline] >  kernfs_kill_sb+0xa0/0x350 fs/kernfs/mount.c:361 >  sysfs_kill_sb+0x22/0x40 fs/sysfs/mount.c:50 >  deactivate_locked_super+0x97/0x100 fs/super.c:316

Re: general protection fault in kernfs_kill_sb (2)

On 2018/05/13 2:01, syzbot wrote: > Call Trace: >  __list_del_entry include/linux/list.h:117 [inline] >  list_del include/linux/list.h:125 [inline] >  kernfs_kill_sb+0xa0/0x350 fs/kernfs/mount.c:361 >  sysfs_kill_sb+0x22/0x40 fs/sysfs/mount.c:50 >  deactivate_locked_super+0x97/0x100 fs/super.c:316

general protection fault in kernfs_kill_sb (2)

Hello, syzbot found the following crash on: HEAD commit:f0ab773f5c96 Merge branch 'akpm' (patches from Andrew) git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=140ce81780 kernel config: https://syzkaller.appspot.com/x/.config?x=fcce42b221691ff9

general protection fault in kernfs_kill_sb (2)

Hello, syzbot found the following crash on: HEAD commit:f0ab773f5c96 Merge branch 'akpm' (patches from Andrew) git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=140ce81780 kernel config: https://syzkaller.appspot.com/x/.config?x=fcce42b221691ff9