syzbot


WARNING in ovl_instantiate

Status: fixed on 2019/12/16 09:09
Reported-by: syzbot+f6d89fa8799c648d0811@syzkaller.appspotmail.com
Fix commit: f1c5aa5eda08 ovl: detect overlapping layers
First crash: 1258d, last: 1253d

Fix bisection: fixed by (bisect log) :
commit f1c5aa5eda08710c2ba619d93126380881fa1114
Author: Amir Goldstein <amir73il@gmail.com>
Date: Thu Apr 18 14:42:08 2019 +0000

  ovl: detect overlapping layers

similar bugs (1):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream WARNING in ovl_instantiate syz done 75 1246d 1414d 13/24 fixed on 2019/06/23 12:03

Sample crash report:
overlayfs: filesystem on './file0' not supported as upperdir
overlayfs: filesystem on './file0' not supported as upperdir
overlayfs: filesystem on './file0' not supported as upperdir
overlayfs: filesystem on './file0' not supported as upperdir
overlayfs: filesystem on './file0' not supported as upperdir
WARNING: CPU: 1 PID: 11619 at fs/overlayfs/dir.c:263 ovl_instantiate+0x293/0x2f0 fs/overlayfs/dir.c:263
Kernel panic - not syncing: panic_on_warn set ...

CPU: 1 PID: 11619 Comm: syz-executor.1 Not tainted 4.19.35 #3
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x172/0x1f0 lib/dump_stack.c:113
 panic+0x263/0x51d kernel/panic.c:185
 __warn.cold+0x20/0x54 kernel/panic.c:540
 report_bug+0x263/0x2b0 lib/bug.c:186
 fixup_bug arch/x86/kernel/traps.c:178 [inline]
 fixup_bug arch/x86/kernel/traps.c:173 [inline]
 do_error_trap+0x204/0x360 arch/x86/kernel/traps.c:296
 do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:316
 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:997
RIP: 0010:ovl_instantiate+0x293/0x2f0 fs/overlayfs/dir.c:263
Code: 04 31 ff 89 c3 89 c6 e8 2b 64 1f ff 85 db 75 63 e8 a2 62 1f ff 4c 89 e7 45 31 e4 e8 57 8b 64 ff e9 20 ff ff ff e8 8d 62 1f ff <0f> 0b 41 89 dc e9 11 ff ff ff e8 7e 62 1f ff 0f 0b eb 86 48 89 85
RSP: 0018:ffff8880785efaa0 EFLAGS: 00010293
RAX: ffff888099ba8380 RBX: ffffffffffffff8c RCX: ffffffff824bd14d
RDX: 0000000000000000 RSI: ffffffff824bd283 RDI: 0000000000000007
RBP: ffff8880785efb78 R08: ffff888099ba8380 R09: ffffed100f0bdf2d
R10: ffffed100f0bdf2c R11: 0000000000000003 R12: ffff88808f64c720
R13: ffff88807989f760 R14: 0000000000000000 R15: ffff8880785efb50
 ovl_create_over_whiteout fs/overlayfs/dir.c:519 [inline]
 ovl_create_or_link+0xac3/0x1210 fs/overlayfs/dir.c:583
 ovl_create_object+0x231/0x2c0 fs/overlayfs/dir.c:617
 ovl_symlink+0x25/0x30 fs/overlayfs/dir.c:652
 vfs_symlink fs/namei.c:4126 [inline]
 vfs_symlink+0x378/0x5d0 fs/namei.c:4112
 do_symlinkat+0x22b/0x290 fs/namei.c:4153
 __do_sys_symlink fs/namei.c:4172 [inline]
 __se_sys_symlink fs/namei.c:4170 [inline]
 __x64_sys_symlink+0x59/0x80 fs/namei.c:4170
 do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x458c29
Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fa09281ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000058
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 0000000000458c29
RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000020000040
RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa09281b6d4
R13: 00000000004c74d3 R14: 00000000004dd3a0 R15: 00000000ffffffff
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (5):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci2-linux-4-19 2019/04/20 08:04 linux-4.19.y 4b0e041c9dad b0e8efcb .config log report syz
ci2-linux-4-19 2019/04/16 01:09 linux-4.19.y 4d552acf3370 505ab413 .config log report syz
ci2-linux-4-19 2019/04/20 03:18 linux-4.19.y 4b0e041c9dad b0e8efcb .config log report
ci2-linux-4-19 2019/04/19 01:39 linux-4.19.y 4b0e041c9dad b0e8efcb .config log report
ci2-linux-4-19 2019/04/19 00:03 linux-4.19.y 4b0e041c9dad b0e8efcb .config log report
* Struck through repros no longer work on HEAD.