bisecting fixing commit since 768292d053619b2725b846ed2bf556bf40f43de2
building syzkaller on 3f4e812b87c43b6cdc98b4d66673f6575d63d4fb
testing commit 768292d053619b2725b846ed2bf556bf40f43de2 with gcc (GCC) 8.1.0
kernel signature: 5054353bb3749bf9731e487199d836eab2ed9767
all runs: crashed: possible deadlock in do_io_accounting
testing current HEAD fb683b5e3f53a73e761952735736180939a313df
testing commit fb683b5e3f53a73e761952735736180939a313df with gcc (GCC) 8.1.0
kernel signature: f7c97420a1e7e466bd57fe0f8e144fd27466fe0c
all runs: OK
# git bisect start fb683b5e3f53a73e761952735736180939a313df 768292d053619b2725b846ed2bf556bf40f43de2
Bisecting: 2174 revisions left to test after this (roughly 11 steps)
[7e19b7e0d640d94583eb5b96609d398fcf20d0ed] PM / devfreq: passive: Use non-devm notifiers
testing commit 7e19b7e0d640d94583eb5b96609d398fcf20d0ed with gcc (GCC) 8.1.0
kernel signature: 02c0f5528595c874d68da5e13ca99eff67bbc70b
all runs: OK
# git bisect bad 7e19b7e0d640d94583eb5b96609d398fcf20d0ed
Bisecting: 1086 revisions left to test after this (roughly 10 steps)
[e907b1314481c8586ff3793fd92c7dbd8aa841ae] binder: prevent transactions to context manager from its own process.
testing commit e907b1314481c8586ff3793fd92c7dbd8aa841ae with gcc (GCC) 8.1.0
kernel signature: 2621f1d130f1794a2be97d36982159637b788072
all runs: OK
# git bisect bad e907b1314481c8586ff3793fd92c7dbd8aa841ae
Bisecting: 543 revisions left to test after this (roughly 9 steps)
[374180b11b299779893ad14553bb49e0e0242bdc] net: phy: rename Asix Electronics PHY driver
testing commit 374180b11b299779893ad14553bb49e0e0242bdc with gcc (GCC) 8.1.0
kernel signature: 7f6148ce350ea24fca14a0fb9b8fc09b155b0592
all runs: OK
# git bisect bad 374180b11b299779893ad14553bb49e0e0242bdc
Bisecting: 271 revisions left to test after this (roughly 8 steps)
[f1c5aa5eda08710c2ba619d93126380881fa1114] ovl: detect overlapping layers
testing commit f1c5aa5eda08710c2ba619d93126380881fa1114 with gcc (GCC) 8.1.0
kernel signature: 0670da4a823e9b29a263462e2da67ddb1a575709
all runs: OK
# git bisect bad f1c5aa5eda08710c2ba619d93126380881fa1114
Bisecting: 135 revisions left to test after this (roughly 7 steps)
[786b1b40dfb9ce96c94a56e913a258bce5f558ce] ALSA: hda/realtek - Update headset mode for ALC256
testing commit 786b1b40dfb9ce96c94a56e913a258bce5f558ce with gcc (GCC) 8.1.0
kernel signature: f641d4b4941dbcde9fe2247942c0a2b261a23864
all runs: crashed: possible deadlock in do_io_accounting
# git bisect good 786b1b40dfb9ce96c94a56e913a258bce5f558ce
Bisecting: 67 revisions left to test after this (roughly 6 steps)
[a5ae5920426e9166af78658bb3e2a12b9fbf53e4] hv_netvsc: Set probe mode to sync
testing commit a5ae5920426e9166af78658bb3e2a12b9fbf53e4 with gcc (GCC) 8.1.0
kernel signature: 1f871974a83b4aeced1e6908e645db172a88a2e9
all runs: crashed: possible deadlock in do_io_accounting
# git bisect good a5ae5920426e9166af78658bb3e2a12b9fbf53e4
Bisecting: 33 revisions left to test after this (roughly 5 steps)
[7bea5618eaf9fbff3fa9a75989995042cf4cce21] i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr
testing commit 7bea5618eaf9fbff3fa9a75989995042cf4cce21 with gcc (GCC) 8.1.0
kernel signature: 804b361ee335f6906ec142fe2c8b042a8d312a12
all runs: crashed: possible deadlock in do_io_accounting
# git bisect good 7bea5618eaf9fbff3fa9a75989995042cf4cce21
Bisecting: 16 revisions left to test after this (roughly 4 steps)
[214c5933ffcf703112656f5e3d98505fbfb97cb3] scsi: libcxgbi: add a check for NULL pointer in cxgbi_check_route()
testing commit 214c5933ffcf703112656f5e3d98505fbfb97cb3 with gcc (GCC) 8.1.0
kernel signature: 4684b5546091c4386af73f9c46e6bad3c8fc5433
all runs: crashed: possible deadlock in do_io_accounting
# git bisect good 214c5933ffcf703112656f5e3d98505fbfb97cb3
Bisecting: 8 revisions left to test after this (roughly 3 steps)
[63bbbcd8ed53c404649e0b4248c1e5d42c41ac97] Linux 4.19.54
testing commit 63bbbcd8ed53c404649e0b4248c1e5d42c41ac97 with gcc (GCC) 8.1.0
kernel signature: 729494e08316509ef84b33967a27001e4e69aced
all runs: crashed: possible deadlock in do_io_accounting
# git bisect good 63bbbcd8ed53c404649e0b4248c1e5d42c41ac97
Bisecting: 4 revisions left to test after this (roughly 2 steps)
[6a997c3a239ab7adda6a74196b4b8f5e333465e6] objtool: Support per-function rodata sections
testing commit 6a997c3a239ab7adda6a74196b4b8f5e333465e6 with gcc (GCC) 8.1.0
kernel signature: 4a1acc593700955561b8b8d2197bae934fb3beae
all runs: crashed: possible deadlock in do_io_accounting
# git bisect good 6a997c3a239ab7adda6a74196b4b8f5e333465e6
Bisecting: 2 revisions left to test after this (roughly 1 step)
[3cb5d7fa8f7db47cf4c0016df87c7589474ed09b] ovl: support the FS_IOC_FS[SG]ETXATTR ioctls
testing commit 3cb5d7fa8f7db47cf4c0016df87c7589474ed09b with gcc (GCC) 8.1.0
kernel signature: b6385b0412c424b442978d32620022d3d7399d47
run #0: crashed: possible deadlock in do_io_accounting
run #1: crashed: possible deadlock in do_io_accounting
run #2: crashed: possible deadlock in do_io_accounting
run #3: crashed: possible deadlock in do_io_accounting
run #4: crashed: possible deadlock in do_io_accounting
run #5: crashed: possible deadlock in do_io_accounting
run #6: crashed: possible deadlock in do_io_accounting
run #7: crashed: possible deadlock in do_io_accounting
run #8: crashed: possible deadlock in do_io_accounting
run #9: crashed: possible deadlock in path_openat
# git bisect good 3cb5d7fa8f7db47cf4c0016df87c7589474ed09b
Bisecting: 0 revisions left to test after this (roughly 1 step)
[a00f405e133fb486a34fb7cc1bdc64deab4d4fa0] ovl: make i_ino consistent with st_ino in more cases
testing commit a00f405e133fb486a34fb7cc1bdc64deab4d4fa0 with gcc (GCC) 8.1.0
kernel signature: 16c578306510e2fc3dd1a25704c0fb62eb9d8f95
all runs: crashed: possible deadlock in do_io_accounting
# git bisect good a00f405e133fb486a34fb7cc1bdc64deab4d4fa0
f1c5aa5eda08710c2ba619d93126380881fa1114 is the first bad commit
commit f1c5aa5eda08710c2ba619d93126380881fa1114
Author: Amir Goldstein <amir73il@gmail.com>
Date:   Thu Apr 18 17:42:08 2019 +0300

    ovl: detect overlapping layers
    
    [ Upstream commit 146d62e5a5867fbf84490d82455718bfb10fe824 ]
    
    Overlapping overlay layers are not supported and can cause unexpected
    behavior, but overlayfs does not currently check or warn about these
    configurations.
    
    User is not supposed to specify the same directory for upper and
    lower dirs or for different lower layers and user is not supposed to
    specify directories that are descendants of each other for overlay
    layers, but that is exactly what this zysbot repro did:
    
        https://syzkaller.appspot.com/x/repro.syz?x=12c7a94f400000
    
    Moving layer root directories into other layers while overlayfs
    is mounted could also result in unexpected behavior.
    
    This commit places "traps" in the overlay inode hash table.
    Those traps are dummy overlay inodes that are hashed by the layers
    root inodes.
    
    On mount, the hash table trap entries are used to verify that overlay
    layers are not overlapping.  While at it, we also verify that overlay
    layers are not overlapping with directories "in-use" by other overlay
    instances as upperdir/workdir.
    
    On lookup, the trap entries are used to verify that overlay layers
    root inodes have not been moved into other layers after mount.
    
    Some examples:
    
    $ ./run --ov --samefs -s
    ...
    ( mkdir -p base/upper/0/u base/upper/0/w base/lower lower upper mnt
      mount -o bind base/lower lower
      mount -o bind base/upper upper
      mount -t overlay none mnt ...
            -o lowerdir=lower,upperdir=upper/0/u,workdir=upper/0/w)
    
    $ umount mnt
    $ mount -t overlay none mnt ...
            -o lowerdir=base,upperdir=upper/0/u,workdir=upper/0/w
    
      [   94.434900] overlayfs: overlapping upperdir path
      mount: mount overlay on mnt failed: Too many levels of symbolic links
    
    $ mount -t overlay none mnt ...
            -o lowerdir=upper/0/u,upperdir=upper/0/u,workdir=upper/0/w
    
      [  151.350132] overlayfs: conflicting lowerdir path
      mount: none is already mounted or mnt busy
    
    $ mount -t overlay none mnt ...
            -o lowerdir=lower:lower/a,upperdir=upper/0/u,workdir=upper/0/w
    
      [  201.205045] overlayfs: overlapping lowerdir path
      mount: mount overlay on mnt failed: Too many levels of symbolic links
    
    $ mount -t overlay none mnt ...
            -o lowerdir=lower,upperdir=upper/0/u,workdir=upper/0/w
    $ mv base/upper/0/ base/lower/
    $ find mnt/0
      mnt/0
      mnt/0/w
      find: 'mnt/0/w/work': Too many levels of symbolic links
      find: 'mnt/0/u': Too many levels of symbolic links
    
    Reported-by: syzbot+9c69c282adc4edd2b540@syzkaller.appspotmail.com
    Signed-off-by: Amir Goldstein <amir73il@gmail.com>
    Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 fs/overlayfs/inode.c     |  48 ++++++++++++++
 fs/overlayfs/namei.c     |   8 +++
 fs/overlayfs/overlayfs.h |   3 +
 fs/overlayfs/ovl_entry.h |   6 ++
 fs/overlayfs/super.c     | 169 ++++++++++++++++++++++++++++++++++++++++++-----
 fs/overlayfs/util.c      |  12 ++++
 6 files changed, 229 insertions(+), 17 deletions(-)
kernel signature:   0670da4a823e9b29a263462e2da67ddb1a575709
previous signature: 16c578306510e2fc3dd1a25704c0fb62eb9d8f95
revisions tested: 14, total time: 3h18m54.467678707s (build: 1h57m7.765328183s, test: 1h20m29.184908335s)
first good commit: f1c5aa5eda08710c2ba619d93126380881fa1114 ovl: detect overlapping layers
cc: ["amir73il@gmail.com" "linux-kernel@vger.kernel.org" "linux-unionfs@vger.kernel.org" "miklos@szeredi.hu" "mszeredi@redhat.com" "sashal@kernel.org"]