On Fri, May 17, 2019 at 3:48 PM Al Viro <viro@xxxxxxxxxxxxxxxxxx> wrote: > > On Fri, May 17, 2019 at 03:17:02AM -0700, syzbot wrote: > > This bug is marked as fixed by commit: > > vfs: namespace: error pointer dereference in do_remount() > > But I can't find it in any tested tree for more than 90 days. > > Is it a correct commit? Please update it by replying: > > #syz fix: exact-commit-title > > Until then the bug is still considered open and > > new crashes with the same signature are ignored. > > Could somebody explain how the following situation is supposed to > be handled: > > 1) branch B1 with commits C1, C2, C3, C4 is pushed out > 2) C2 turns out to have a bug, which gets caught and fixed > 3) fix is folded in and branch B2 with C1, C2', C3', C4' is > pushed out. The bug is not in it anymore. > 4) B1 is left mouldering (or is entirely removed); B2 is > eventually merged into other trees. > > This is normal and it appears to be problematic for syzbot. > How to deal with that? One thing I will *NOT* do in such > situations is giving up on folding the fixes in. Bisection > hazards alone make that a bad idea. linux-next creates a bit of a havoc. The ideal way of handling this is including Tested-by: tag into C2'. Reported-by: would work too, but people suggested that Reported-by: is confusing in this situation because it suggests that the commit fixes a bug in some previous commit. Technically, syzbot now accepts any tag, so With-inputs-from: syzbot+73c7fe4f77776505299b@xxxxxxxxxxxxxxxxxxxxxxxxx would work too. At this point we obvious can't fix up C2'. For such cases syzbot accepts #syz fix command to associate bugs with fixes. So replying with "#syz fix: C2'-commit-title" should do.
