Received: by 2002:ab2:2994:0:b0:1ef:ca3e:3cd5 with SMTP id n20csp218076lqb; Thu, 14 Mar 2024 09:22:19 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUwL8UI9CdEmMOQVaZ/spfdB/8ZDVAmGYFPWYt2DXYFNi7BG0+RH/PsBKqzzZVhn6+/GaqPYvN2wZWIl+QPHhwarIIbe4cvz6vEl/wBDA== X-Google-Smtp-Source: AGHT+IE8E/5tdVde20lE9nk2vKoy4RSh8h+LEdP92gMzE/sovzN+HpGjaeGcYOAEDKubGbesqKzN X-Received: by 2002:a05:6402:2486:b0:566:4dc1:522c with SMTP id q6-20020a056402248600b005664dc1522cmr1840179eda.15.1710433338947; Thu, 14 Mar 2024 09:22:18 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1710433338; cv=pass; d=google.com; s=arc-20160816; b=Ui9TukIRBohBRlX+QC4gfL+gfDGIgmzz36RAK7VIaupayqMCSlb/crXCMPmTPAnFc7 CIf9UzRxpK8D9c9dMJTpxcKPmap7vaaLbfJ/ZVTyjdwMIEp0GbHEuvkZTbHjGXZElB0X s+GQt3NdnIZ517PtPK4WtVMz8WrAVsO47pBTJgVgTInuZIXR8x11yUpxMPC7+C8kmcAk ExWHu2ZcVrBB8uifyp6+e69ockBHfcS5pjfMLOCfIv02UXu9aPDb5TpMs5vl0Z5d8f8u L+eymnpqAmUGjOySGRQPlYMgvs1Xna8Ue9vWSSxAAWiaIij7zAXdlyofGVpGheo12F5l epMA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:dkim-signature; bh=PJ68UZwVcoWaT5D2Sog/IJyxkieGnJ4JStLD6iUO2SQ=; fh=3Kd2U9sm/m5U0bVkIAVhIgm5qXaUa0TEhgWBRkvE0XA=; b=DbU6f27tdOMObG0eWc/LTUOSFjF/4EsNUve1tX2GaL0p7Im+GOHOd7Okn5Wl4+Y6dq NqLf0zxL4IP5FTyaS883LUS4Njoutjy26MWn45GNmBnAATGO+KSAp7G9qCYpPXwfUwuO qEzGvlz/8CrXBmlNJOm8KB9fhWeU5eOW4TX+XmBt5S/qQhr2/6rVKW7AVgjxt9exxOK6 LDUZ69trEuWt6aIDs7WWk5vOkwFGE4zKxiXE8j4zSQoetdGGOvBxxJAcAQEwpgWmavzG Lp8C4f3+y3RH2IugyIETcmY+f+9Ao/mhtLJxDWPbWDQHhmv8Ylre7uHrRJJRZdxm71j5 ZA+A==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=loHsxWyI; arc=pass (i=1 spf=pass spfdomain=google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-103564-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-103564-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id g16-20020a056402091000b0056856a0fa5esi907515edz.213.2024.03.14.09.22.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Mar 2024 09:22:18 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-103564-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=loHsxWyI; arc=pass (i=1 spf=pass spfdomain=google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-103564-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-103564-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 6B3BE1F232EE for ; Thu, 14 Mar 2024 16:22:02 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id CE1D47352C; Thu, 14 Mar 2024 16:21:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="loHsxWyI" Received: from mail-pl1-f171.google.com (mail-pl1-f171.google.com [209.85.214.171]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5DAC373500 for ; Thu, 14 Mar 2024 16:21:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.171 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710433308; cv=none; b=ecukX5fASFhJkG7hg9sZf/4cLRO5pZcs+eEeukiSmAHSWbydpCNiyOfsIWcnMoiQbhfa6hvNDTbdIgLtIzs4gMtmcxdPJAbl62lQVGgTb5XX0tR9jIl/ZzP2VqP7zjrGN41jksU5KUl9eTpVtj7UupsHzh/JF2bI3paDCdKH2hc= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710433308; c=relaxed/simple; bh=E0WHFlMETLpSJSDGXdITboRvbijf17hs+2XRjfCgCQs=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=TMdKR4/v/WgQbGqG+s6kldXngDMZnoZHwTkqdJLT/7inEIoHnVs2XbniLI2aE0PF6h93ahTv/zm0hpnIEtBWDhKP373PMx+oDmjGbZGTOeIxHYEm6u9ger7eIL5ksv7NeCZYY3nT/ewpSRzB9yHNKn+tffJ4p6R7UDssn/BCyb0= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=loHsxWyI; arc=none smtp.client-ip=209.85.214.171 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=google.com Received: by mail-pl1-f171.google.com with SMTP id d9443c01a7336-1deddb82b43so108995ad.0 for ; Thu, 14 Mar 2024 09:21:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1710433306; x=1711038106; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=PJ68UZwVcoWaT5D2Sog/IJyxkieGnJ4JStLD6iUO2SQ=; b=loHsxWyI5rYBPfLr2X1p0iPzcorW/aB+toK85giHSy5pD+hmyieamsfZJHqPRefrq/ kLxna13JZXs0LHUzJryzU21XqB34e9Tsy2wuWxtyBghou70MtUUWQdfhqsKw/4GzdtOG rthXUj7+fiL+s2687tf68let7TuSF1MEGDVJSqZmSULeuCGF3dtpGlaxHR13U3h1Oe3f VWK36uTtkqC8/ghVJxXhcOsbJaMVqja/RtN6qxy82wqz9jt69b4A5CEvHGQl9mNKwWyh RvgpBOtjGp1rUEeu24K2E/Ub9roc8UM5tjeOVGxdWCi9I6UgfB4yQtPgDlgrwVVHauxW a3wA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710433306; x=1711038106; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=PJ68UZwVcoWaT5D2Sog/IJyxkieGnJ4JStLD6iUO2SQ=; b=UR1Ze9Bit/SnAmVR3NtniZB1kqzH2eUXws413jkmRAbmrqgjhyBogbnUW61td5B4nO 0GEJKMx1o0PgBZ8M8PcIPBcwUMMDSvX4Axhg5FqjPNvmP3Pv61l9tkr+gstEcBDMb1N+ 5cJQiJjGtvmT+umtPsfIGsyJJuPcY3BcnxOxqnGSAVFaku8VdyylfsnpC9aOPbPJWvTP fBeeGrOCP50HythuSr5keyg33VeF5NmWUhZvUCj/PrCPithLd120/HarXknVMS4Pfpz2 Q4NX2IVz+ImMIQTJ8potkEzkLHhepYUQ9kBriMv0b3N7O/GIBCiHwETBsBeOhU1ep3Iv ysag== X-Forwarded-Encrypted: i=1; AJvYcCWDtTzc/lV06YOktIF6yqJMtChbu7raDme0p7sTp2CUspDFuUOhu/JS7lmQQA4YmLcdbbhwPbT2xm6ZALfp6timeTQwpYRUFNfEYpec X-Gm-Message-State: AOJu0Yy48gTfnm/6j58o/ErvdeKWkuTsR703cmN5ERPy0PNsxSWhO6ve SKe85tbWZLsYXl3H9Mft2olDQ1fMUB+XF/h9Xmv7W/BC9W9Rwzs4JqvZoUiDJrSFwqaooNPf7FN wzoH5LiCvmw4TCqv1XCslMGRtlIFEe4Wt58pB X-Received: by 2002:a17:903:2449:b0:1dd:7800:94e1 with SMTP id l9-20020a170903244900b001dd780094e1mr236440pls.14.1710433306354; Thu, 14 Mar 2024 09:21:46 -0700 (PDT) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <000000000000fcfb4a05ffe48213@google.com> <0000000000009e1b00060ea5df51@google.com> <20240111092147.ywwuk4vopsml3plk@quack3> <20240314155417.aysvaktvvqxc34zb@quack3> In-Reply-To: <20240314155417.aysvaktvvqxc34zb@quack3> From: Aleksandr Nogikh Date: Thu, 14 Mar 2024 17:21:30 +0100 Message-ID: Subject: Re: [syzbot] [hfs] general protection fault in tomoyo_check_acl (3) To: Jan Kara Cc: syzbot , axboe@kernel.dk, brauner@kernel.org, jmorris@namei.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, paul@paul-moore.com, serge@hallyn.com, syzkaller-bugs@googlegroups.com, Tetsuo Handa , Dmitry Vyukov Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Jan, Yes, the CONFIG_BLK_DEV_WRITE_MOUNTED=3Dn change did indeed break our C executor code (and therefore our C reproducers). I posted a fix[1] soon afterwards, but the problem is that syzbot will keep on using old reproducers for old bugs. Syzkaller descriptions change over time, so during bisection and patch testing we have to use the exact syzkaller revision that detected the original bug. All older syzkaller revisions now neither find nor reproduce fs bugs on newer Linux kernel revisions with CONFIG_BLK_DEV_WRITE_MOUNTED=3Dn. If the stream of such bisection results is already bothering you and other fs people, a very quick fix could be to ban this commit from the possible bisection results (it's just a one line change in the syzbot config). Then such bugs would just get gradually obsoleted by syzbot without any noise. [1] https://github.com/google/syzkaller/commit/551587c192ecb4df26fcdab775ed= 145ee69c07d4 --=20 Aleksandr On Thu, Mar 14, 2024 at 4:54=E2=80=AFPM Jan Kara wrote: > > On Sun 10-03-24 09:52:01, Tetsuo Handa wrote: > > On 2024/01/11 18:21, Jan Kara wrote: > > > On Wed 10-01-24 22:44:04, syzbot wrote: > > >> syzbot suspects this issue was fixed by commit: > > >> > > >> commit 6f861765464f43a71462d52026fbddfc858239a5 > > >> Author: Jan Kara > > >> Date: Wed Nov 1 17:43:10 2023 +0000 > > >> > > >> fs: Block writes to mounted block devices > > >> > > >> bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=3D15135= c0be80000 > > >> start commit: a901a3568fd2 Merge tag 'iomap-6.5-merge-1' of git://= git.ke.. > > >> git tree: upstream > > >> kernel config: https://syzkaller.appspot.com/x/.config?x=3D7406f415= f386e786 > > >> dashboard link: https://syzkaller.appspot.com/bug?extid=3D28aaddd5a3= 221d7fd709 > > >> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=3D17b5bb= 80a80000 > > >> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=3D10193ee7= 280000 > > >> > > >> If the result looks correct, please mark the issue as fixed by reply= ing with: > > > > > > Makes some sense since fs cannot be corrupted by anybody while it is > > > mounted. I just don't see how the reproducer would be corrupting the > > > image... Still probably: > > > > > > #syz fix: fs: Block writes to mounted block devices > > > > > > and we'll see if syzbot can find new ways to tickle some similar prob= lem. > > > > > > Honza > > > > Since the reproducer is doing open(O_RDWR) before switching loop device= s > > using ioctl(LOOP_SET_FD/LOOP_CLR_FD), I think that that commit converte= d > > a run many times, multi threaded program into a run once, single thread= ed > > program. That will likely hide all race bugs. > > > > Does that commit also affect open(3) (i.e. open for ioctl only) case? > > If that commit does not affect open(3) case, the reproducer could conti= nue > > behaving as run many times, multi threaded program that overwrites > > filesystem images using ioctl(LOOP_SET_FD/LOOP_CLR_FD), by replacing > > open(O_RDWR) with open(3) ? > > Hum, that's a good point. I had a look into details how syskaller sets up > loop devices and indeed it gets broken by CONFIG_BLK_DEV_WRITE_MOUNTED=3D= n. > Strace confirms that: > > openat(AT_FDCWD, "/dev/loop0", O_RDWR) =3D 4 > ioctl(4, LOOP_SET_FD, 3) =3D 0 > close(3) =3D 0 > mkdir("./file0", 0777) =3D -1 EEXIST (File exists) > mount("/dev/loop0", "./file0", "reiserfs", 0, "") =3D -1 EBUSY (Device or= resource busy) > ioctl(4, LOOP_CLR_FD) =3D 0 > close(4) =3D 0 > > which explains why syzbot was not able to reproduce some problems for whi= ch > CONFIG_BLK_DEV_WRITE_MOUNTED=3Dn should have made no difference (I wanted= to > have a look into that but other things kept getting higher priority). > > It should be easily fixable by opening /dev/loop0 with O_RDONLY instead o= f > O_RDWR. Aleksandr? > > Honza > > -- > Jan Kara > SUSE Labs, CR