Received: by 2002:a05:7412:bc1a:b0:d7:7d3a:4fe2 with SMTP id ki26csp650431rdb; Sat, 19 Aug 2023 18:24:05 -0700 (PDT) X-Google-Smtp-Source: AGHT+IED+Q+Kk1sluSTo3MkAqRpY8x4mr8Zbs83FI4rKSunAC9Wgn3w4J54EZgkjws0J9LlLDj27 X-Received: by 2002:a17:902:ea04:b0:1b8:811:b079 with SMTP id s4-20020a170902ea0400b001b80811b079mr3919911plg.0.1692494645268; Sat, 19 Aug 2023 18:24:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1692494645; cv=none; d=google.com; s=arc-20160816; b=QNRnUWY10SgO7Z8p2XQHgVc13Hb2nYdQGTd6A429EOMyKijSjvS4LeEm0/Lof/R+50 mO8jrpAJ6BSo+a2kadlrGLhZvlwLDMt1T3JnkldFNsGa+5DSDilndG/Hj+4FWOeD59L8 qFMFNoNAQD3Zu7SoFtdT/fth+yyFOTPk5TcsRhhKWagr8T6oL01ssiNn/uzIBk0jXJ6R oebtfyzMvVvN1NtYaz+pgL+NYi8jgH5NAQys4UAVEwACVXWCIE/baF+LCzhdjE8NjF2Z z3tqY33rqB2UNX0weUk59p4UmUyt0VCh/mQD7zq6NnO57cMZGiEZP3kr1tR5dzsirrmL 4YZg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=iRv8SucL4d4OYoE5Cj7E+7EpEmUPiTYhpKfXfCItRcc=; fh=MxDcnNWUdVo6OAoiSvBuyVWFsH8FG28+VMQX12bbOFg=; b=wEpRcFsxh7BHzgeyNrIHM9G90evACyhR2a8TTGKuP/Dk+tY3P8+GWNYHu0sLxPvN4c 2NK0iERYAJlpgUu0IbrPMcccEpp/plkJJ6Ekb5dn2RAa2t4RMuDRcKYRJ0pHGz1BaUAM NTGOzuSQY3/u1MJLtMDGJuTCOz628rvnk5TheC9GCqyQkOzQpqjy2erEpDyiW4a1IKV0 Cjm6JSpSQGmH9fvh9ioIK6DcXYyiB1Y98SS1w6pXgF0+zQSnNnn1Dy5aCrpm6sW7axZH si87W36G1OQDUl2/bSXD89/Mn7jR7R1180NhRcmH5RYey47OGj6647lctgtoZtrBfP3I eTuQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@mit.edu header.s=outgoing header.b=W2X1E7Tg; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=mit.edu Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id y21-20020a170902e19500b001b86671b3f1si4215517pla.190.2023.08.19.18.24.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 19 Aug 2023 18:24:05 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@mit.edu header.s=outgoing header.b=W2X1E7Tg; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=mit.edu Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 5B6ED1CAEA7; Sat, 19 Aug 2023 11:22:46 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233024AbjHNWGi (ORCPT + 99 others); Mon, 14 Aug 2023 18:06:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59208 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233009AbjHNWGP (ORCPT ); Mon, 14 Aug 2023 18:06:15 -0400 Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EE392D1 for ; Mon, 14 Aug 2023 15:06:14 -0700 (PDT) Received: from cwcc.thunk.org (pool-173-48-82-92.bstnma.fios.verizon.net [173.48.82.92]) (authenticated bits=0) (User authenticated as tytso@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 37EM5bBe007191 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 14 Aug 2023 18:05:38 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=outgoing; t=1692050740; bh=iRv8SucL4d4OYoE5Cj7E+7EpEmUPiTYhpKfXfCItRcc=; h=Date:From:Subject:Message-ID:MIME-Version:Content-Type; b=W2X1E7TgU6mM3iJA/os2+pKqmvzRMoOPS3llA/P9Ez3p2GCHiUEAj7/sH5iP1sxdl 8+QP12zP/F9KvBlytY+gn8IJqUQdtdjJl9TYtHXc/Poi6wf7wYSYm6ssF0FETsCsv0 LiNHbOGL0fsRYl+8HivQQz4n7VC7OhlyuYa37J5AGVnqEQ+2xk8ZUGkLar+jAqf9fA gcfYFrFCRRYCRqK4Hqzod7wghhHGqL7UjALL01UdX0a64Gf8rmKBouPOwVPcqosr6j Jeu+I8Ac3GPoc9CLqxbYFTY9mWm9ERe0TzP7o5QJg3hywDYJ9VTuKmlHXSVcbFd5SM Ro5WIpBPqj2cQ== Received: by cwcc.thunk.org (Postfix, from userid 15806) id E75E415C0292; Mon, 14 Aug 2023 18:05:36 -0400 (EDT) Date: Mon, 14 Aug 2023 18:05:36 -0400 From: "Theodore Ts'o" To: Muhammad Usama Anjum Cc: syzbot , syzkaller-lts-bugs@googlegroups.com, linux-ext4@vger.kernel.org, linux-kernel@vger.kernel.org, linux-stable , regressions@lists.linux.dev, Baokun Li , Andreas Dilger , Jan Kara Subject: Re: [v6.1] kernel BUG in ext4_writepages Message-ID: <20230814220536.GE2247938@mit.edu> References: <00000000000081f8c905f6c24e0d@google.com> <87dcdf62-8a74-1fbf-5f10-f4f3231f774f@collabora.com> <4637f58c-1cf3-0691-4fc1-6fbc38ec47ce@collabora.com> <0fc2546b-da7c-aac4-b402-3ef4970a1789@collabora.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <0fc2546b-da7c-aac4-b402-3ef4970a1789@collabora.com> X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_NONE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Aug 14, 2023 at 10:35:57AM +0500, Muhammad Usama Anjum wrote: > > The last refactoring was done by 4e7ea81db53465 on this code in 2013. The > > code segment in question is present from even before that. It means that > > this bug is present for several years. 4.14 is the most old kernel being > > maintained today. So it affects all current LTS and mainline kernels. I'll > > report 4e7ea81db53465 with regzbot for proper tracking. Thus probably the > > bug report will get associated with all LTS kernels as well. > > > > #regzbot title: Race condition between buffer write and page_mkwrite > > #regzbot title: ext4: Race condition between buffer write and page_mkwrite If it's a long-standing bug, then it's really not something I consider a regression. That being said, you're assuming that the refactoring is what has introduced the bug; that's not necessarily case. *Especially* if it requires a maliciously fuzzed file system, since you have to be root to mount a file system. That's the other thing; the different reports at the console have different reproducers, and at least one of them has a very badly corrupted file system --- and since you need to have root to mount the a maliciously fuzzed file system, these are treated with a much lower priority as far as I'm concerned. (If you think it should be higher priority, and your company is willing to fund such work, patches are greatfully appreciated. :-) I tried to reproduce this using one of the reproducers on a modern kernel, and it doesn't reproduce there. That being said, it's not entirely what the reproducer is doing, since (a) passing -1 to the in_fd and out_fd to sendfile *should* just cause sendfile to to return an EBADF error, and (b) when I ran it, it just segfaulted on an mmap() before it executed anything interesting. Please let me know (a) if you can replicate this on the latest upstream kernel, and (b) if the reproducer doesn't require a maliciously fuzzed kernel, or where the reproducer is scribbling on the file system image while it is mounted. Cheers, - Ted