Received: by 2002:ab2:5d18:0:b0:1ef:7a0f:c32d with SMTP id j24csp408792lqk; Sat, 9 Mar 2024 16:53:20 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCXyCT5YH6J4/0gu7iWwiPKXHlSeGX/SQ9ietMq0mPQvCA7CU99cE5eFERXYRSmxtWH8ZMhIF/HYMUvGjJgu30FJcTTcTxA4K+StKvcoag== X-Google-Smtp-Source: AGHT+IECEmq5hTj0om7cu26xkwZGoSD13F8o+fV7ZbWgRTMHR5kTZWGkZn1wMRDGEO9mEu1A07Iu X-Received: by 2002:a17:903:22c5:b0:1dc:d642:aacd with SMTP id y5-20020a17090322c500b001dcd642aacdmr2880505plg.67.1710031999731; Sat, 09 Mar 2024 16:53:19 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1710031999; cv=pass; d=google.com; s=arc-20160816; b=T+jX9Nm2Yh26o2ziPCG585ca0JyMSryft7tZoUjCtFwyC5wf32uDji48GqH+B8eHjz 0as8WksI2sZKtdsp6At+SJwYO5kkJ7TDa/DPQJUUPvYo8oPXqXNsPGu9gCIcy9PjQYk8 Gx0cHysaJwdgZ1FuCXOhSrNChaF04+faBhKrpFSeEZA27hfsgrlU430NYsCGbuQME4EZ Y4aIzBfARM9xEGXddnXTfjbqJzy2BfWQTBasp72f7EKE4UXRZcir9WUMH0cnbqfktvo0 yeSdwikBl5DgV5kt6QFckX7bLVPA508Pupb91apSuYHgsFuFnHu7s+acHpKebbXxQCS1 1NUA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:date:message-id; bh=cJxTCRhA2zEpED2m6bEBKnRtgNsTQGYFa+OCwuS6gDo=; fh=GuYHUrzxMgBQpIF/ho03sryuWneba3+c9u/5TDrF1Tc=; b=bBs25rXmKKA7E6VY6c4E4Att6hJj4cX9kR4tgkxBV00ysH1LlnPUoUTK4sQsxPdFoX /SZdllm8Kef0nMbWdyPixxLxSmXDJ6O/mogNTtUIDRDNL6AXl1k1XyyL8r4plgu4I1UF 2WEvFdrEu/jBEy/YrBYWXbEYt2d75ZGXQ9sg0ftnEsrdDsuIYPOhUum1w1pQIS5MjfKx fanrTxEgG5xHX3JbtxlEJgOmkdoKbIwxgOgg5Gqqzxyxzbpb/a02lMBGdhnPy0D6lblO EXmP9TQ3qYZU6XE8TvAMqaLt78W2lqfqRwJear38ae6TgMQFnKcs2Q+sU4uSAlONsf77 nA4g==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=i-love.sakura.ne.jp); spf=pass (google.com: domain of linux-kernel+bounces-98061-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-98061-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id l21-20020a170903005500b001d9b7514757si2075712pla.332.2024.03.09.16.53.19 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 09 Mar 2024 16:53:19 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-98061-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=i-love.sakura.ne.jp); spf=pass (google.com: domain of linux-kernel+bounces-98061-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-98061-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 67FD528146D for ; Sun, 10 Mar 2024 00:53:19 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 7E2FE10E9; Sun, 10 Mar 2024 00:53:13 +0000 (UTC) Received: from www262.sakura.ne.jp (www262.sakura.ne.jp [202.181.97.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8F7F923A7; Sun, 10 Mar 2024 00:53:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=202.181.97.72 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710031993; cv=none; b=LdT6N9JVkq4OM5RFgSQixXvWcHTHQeQby0irNpXncghJHw7D8zWw7fsFl6r9dYUFd5P88hvZaFV2HvCGjs2SXvU0D6GqrMvncg34dXSXY7MJHKoLqBjBgu26uYOlbsQ8p39IE4info7k0luJ12fQuJqRwY0MDdSe3Q5qtEWKOqQ= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710031993; c=relaxed/simple; bh=CWXYMjrzDwMXF+i9CzxDios6eRxwiesf/wiAEwACNe4=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=ZDPfiobncZbXMUvyaPCaQ13zwzShcqT5gmbXuhHgp7Kn+mLhM6TSJFseA8xRZgnh0FNIiOGRujVt0lTkb6IEGvW400MMg2Mh1NJOMXl/sta710X0/ghqKmhqEWpt6rI0ROhaXTHyS6HwSLah0poUMZGgOxM3TaBT3bi9xpc1h80= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=I-love.SAKURA.ne.jp; spf=pass smtp.mailfrom=I-love.SAKURA.ne.jp; arc=none smtp.client-ip=202.181.97.72 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=I-love.SAKURA.ne.jp Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=I-love.SAKURA.ne.jp Received: from fsav111.sakura.ne.jp (fsav111.sakura.ne.jp [27.133.134.238]) by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTP id 42A0q2ve086726; Sun, 10 Mar 2024 09:52:02 +0900 (JST) (envelope-from penguin-kernel@I-love.SAKURA.ne.jp) Received: from www262.sakura.ne.jp (202.181.97.72) by fsav111.sakura.ne.jp (F-Secure/fsigk_smtp/550/fsav111.sakura.ne.jp); Sun, 10 Mar 2024 09:52:02 +0900 (JST) X-Virus-Status: clean(F-Secure/fsigk_smtp/550/fsav111.sakura.ne.jp) Received: from [192.168.1.6] (M106072142033.v4.enabler.ne.jp [106.72.142.33]) (authenticated bits=0) by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTPSA id 42A0q2cj086721 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NO); Sun, 10 Mar 2024 09:52:02 +0900 (JST) (envelope-from penguin-kernel@I-love.SAKURA.ne.jp) Message-ID: Date: Sun, 10 Mar 2024 09:52:01 +0900 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [syzbot] [hfs] general protection fault in tomoyo_check_acl (3) Content-Language: en-US To: Jan Kara , syzbot Cc: axboe@kernel.dk, brauner@kernel.org, jmorris@namei.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, paul@paul-moore.com, serge@hallyn.com, syzkaller-bugs@googlegroups.com References: <000000000000fcfb4a05ffe48213@google.com> <0000000000009e1b00060ea5df51@google.com> <20240111092147.ywwuk4vopsml3plk@quack3> From: Tetsuo Handa In-Reply-To: <20240111092147.ywwuk4vopsml3plk@quack3> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit On 2024/01/11 18:21, Jan Kara wrote: > On Wed 10-01-24 22:44:04, syzbot wrote: >> syzbot suspects this issue was fixed by commit: >> >> commit 6f861765464f43a71462d52026fbddfc858239a5 >> Author: Jan Kara >> Date: Wed Nov 1 17:43:10 2023 +0000 >> >> fs: Block writes to mounted block devices >> >> bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=15135c0be80000 >> start commit: a901a3568fd2 Merge tag 'iomap-6.5-merge-1' of git://git.ke.. >> git tree: upstream >> kernel config: https://syzkaller.appspot.com/x/.config?x=7406f415f386e786 >> dashboard link: https://syzkaller.appspot.com/bug?extid=28aaddd5a3221d7fd709 >> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17b5bb80a80000 >> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10193ee7280000 >> >> If the result looks correct, please mark the issue as fixed by replying with: > > Makes some sense since fs cannot be corrupted by anybody while it is > mounted. I just don't see how the reproducer would be corrupting the > image... Still probably: > > #syz fix: fs: Block writes to mounted block devices > > and we'll see if syzbot can find new ways to tickle some similar problem. > > Honza Since the reproducer is doing open(O_RDWR) before switching loop devices using ioctl(LOOP_SET_FD/LOOP_CLR_FD), I think that that commit converted a run many times, multi threaded program into a run once, single threaded program. That will likely hide all race bugs. Does that commit also affect open(3) (i.e. open for ioctl only) case? If that commit does not affect open(3) case, the reproducer could continue behaving as run many times, multi threaded program that overwrites filesystem images using ioctl(LOOP_SET_FD/LOOP_CLR_FD), by replacing open(O_RDWR) with open(3) ?