From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S966757AbcA1Kcy (ORCPT <rfc822;w@1wt.eu>);
	Thu, 28 Jan 2016 05:32:54 -0500
Received: from mail-wm0-f46.google.com ([74.125.82.46]:34243 "EHLO
	mail-wm0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S965960AbcA1Kcs (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Thu, 28 Jan 2016 05:32:48 -0500
MIME-Version: 1.0
In-Reply-To: <alpine.LNX.2.00.1601272125570.21446@cbobk.fhfr.pm>
References: <CACT4Y+YFG2T=uCd4VPa8KFagf2+UgVTV4--Fk9ozuUcdps_4rA@mail.gmail.com>
 <alpine.LNX.2.00.1601251448410.21446@cbobk.fhfr.pm> <CACT4Y+YOWzuiUQ96EqvP1Ca7c52uiLKbBR020_f6PbxH_zXdjA@mail.gmail.com>
 <alpine.LNX.2.00.1601271745230.21446@cbobk.fhfr.pm> <CACT4Y+ZoPYvyA4+gcepYVrCPBePOsJaPNoUgRDNBN+6HuO5Dyw@mail.gmail.com>
 <alpine.LNX.2.00.1601272125570.21446@cbobk.fhfr.pm>
From: Dmitry Vyukov <dvyukov@google.com>
Date: Thu, 28 Jan 2016 11:32:27 +0100
Message-ID: <CACT4Y+boTwHo-sLJc8apwyF6=7FTCsDRQ9nwR1Vf7HpzGGj-BA@mail.gmail.com>
Subject: Re: floppy: GPF in floppy_rb0_cb
To: Jiri Kosina <jikos@kernel.org>
Cc: NeilBrown <neilb@suse.com>, Takashi Iwai <tiwai@suse.de>,
        Jens Axboe <axboe@fb.com>, Hannes Reinecke <hare@suse.de>,
        Rasmus Villemoes <linux@rasmusvillemoes.dk>,
        LKML <linux-kernel@vger.kernel.org>,
        syzkaller <syzkaller@googlegroups.com>,
        Kostya Serebryany <kcc@google.com>,
        Alexander Potapenko <glider@google.com>,
        Sasha Levin <sasha.levin@oracle.com>
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Jan 27, 2016 at 9:27 PM, Jiri Kosina <jikos@kernel.org> wrote:
> On Wed, 27 Jan 2016, Dmitry Vyukov wrote:
>
>> > Alright, there is a serious issue with how floppy_revalidate() handles
>> > error from lock_fdc() (in-depth explanation for the curious: it doesn't).
>> >
>> > In case wait_for_event_interruptible() is actually interrupted without
>> > succesfully claiming fdc, we proceed with revalidation, causing all kinds
>> > of havoc (because another parallel request is still in progress).
>> >
>> > The whole story with the 'interruptible' parameter to lock_fdc() is funny
>> > as well, because we always wait interruptibly anyway. So it can be nuked.
>> > Most of the lock_fdc() callsites do properly handle error (and propagate
>> > EINTR), but floppy_revalidate() and floppy_check_events() don't.
>> >
>> > Could you please let syzkaller retest with the patch below? It fixes all
>> > the oopses I am able to trigger here.
>>
>> Done. I will get back to you if I see any other oops.
>
> Please also get to me in case you don't see any other oops after the
> timeframe you have been able to reproduce the original problem, so that we
> could consider the issue resolved and I can make proper patch from this
> and send it upstream.


I have not seen any /dev/fd0 related crashes over night. Previously I
seen tons of them, so I guess this bug is fixed.
Please send this upstream.
Thanks