bisecting fixing commit since 4b0e041c9dada60197efc1697928cd32c2c70cd2
building syzkaller on b0e8efcb4b0aac61f4647a76bbe54a5d38a370ba
testing commit 4b0e041c9dada60197efc1697928cd32c2c70cd2 with gcc (GCC) 8.1.0
kernel signature: c8ace3f786364903f9d82cdb42e91c38539bfe88
run #0: crashed: WARNING in ovl_instantiate
run #1: crashed: WARNING in ovl_instantiate
run #2: crashed: WARNING in ovl_instantiate
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
testing current HEAD 312017a460d5ea31d646e7148e400e13db799ddc
testing commit 312017a460d5ea31d646e7148e400e13db799ddc with gcc (GCC) 8.1.0
kernel signature: fb938fe78862c5ee752b5c8e97ca053245cc7fd7
all runs: OK
# git bisect start 312017a460d5ea31d646e7148e400e13db799ddc 4b0e041c9dada60197efc1697928cd32c2c70cd2
Bisecting: 2989 revisions left to test after this (roughly 12 steps)
[c7615333645de572cae573da0a92dd3fc8e099e0] drm/i915: Don't deballoon unused ggtt drm_mm_node in linux guest
testing commit c7615333645de572cae573da0a92dd3fc8e099e0 with gcc (GCC) 8.1.0
kernel signature: 060ff05cea4078319e73b6401ec3a85eb141be55
all runs: OK
# git bisect bad c7615333645de572cae573da0a92dd3fc8e099e0
Bisecting: 1494 revisions left to test after this (roughly 11 steps)
[b323914cd033f975b5d544b188a3ed1948f02936] ALSA: seq: Cover unsubscribe_port() in list_mutex
testing commit b323914cd033f975b5d544b188a3ed1948f02936 with gcc (GCC) 8.1.0
kernel signature: 31458ffea6a901b14edaab97f027ed632a510364
run #0: crashed: kernel BUG at fs/namei.c:LINE!
run #1: crashed: kernel BUG at fs/namei.c:LINE!
run #2: crashed: kernel BUG at fs/namei.c:LINE!
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect good b323914cd033f975b5d544b188a3ed1948f02936
Bisecting: 747 revisions left to test after this (roughly 10 steps)
[eb6c84e4b4f2cf23e2cbd6e358703b1675ff8bec] raid5-cache: Need to do start() part job after adding journal device
testing commit eb6c84e4b4f2cf23e2cbd6e358703b1675ff8bec with gcc (GCC) 8.1.0
kernel signature: c411512593b5157eff8af556e7a3da57a86542df
all runs: OK
# git bisect bad eb6c84e4b4f2cf23e2cbd6e358703b1675ff8bec
Bisecting: 373 revisions left to test after this (roughly 9 steps)
[c854d9b6ef8d167f7d719ed53cf6ddeda852e84c] ftrace/x86: Remove possible deadlock between register_kprobe() and ftrace_run_update_code()
testing commit c854d9b6ef8d167f7d719ed53cf6ddeda852e84c with gcc (GCC) 8.1.0
kernel signature: 590b71ebda027631a402795f258d3f8a5bde7937
all runs: OK
# git bisect bad c854d9b6ef8d167f7d719ed53cf6ddeda852e84c
Bisecting: 186 revisions left to test after this (roughly 8 steps)
[830991121773d2c937e8c9d0ac3659a87e6796f1] IB/hfi1: Insure freeze_work work_struct is canceled on shutdown
testing commit 830991121773d2c937e8c9d0ac3659a87e6796f1 with gcc (GCC) 8.1.0
kernel signature: 8691e7edbe978daba61445b70379e515447e07a8
all runs: OK
# git bisect bad 830991121773d2c937e8c9d0ac3659a87e6796f1
Bisecting: 92 revisions left to test after this (roughly 7 steps)
[e1b0c311b790dc5a89188014f915e6ad06e2e076] sunhv: Fix device naming inconsistency between sunhv_console and sunhv_reg
testing commit e1b0c311b790dc5a89188014f915e6ad06e2e076 with gcc (GCC) 8.1.0
kernel signature: b6574e8f78743e11cc21edb49ee48ce67f7d82a7
run #0: crashed: kernel BUG at fs/namei.c:LINE!
run #1: crashed: kernel BUG at fs/namei.c:LINE!
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect good e1b0c311b790dc5a89188014f915e6ad06e2e076
Bisecting: 46 revisions left to test after this (roughly 6 steps)
[114e8135ae0031556ead1bcb67249ecb84b804de] scsi: libsas: delete sas port if expander discover failed
testing commit 114e8135ae0031556ead1bcb67249ecb84b804de with gcc (GCC) 8.1.0
kernel signature: e01d830d78022538bde698b0be615c5d5312c9fc
run #0: crashed: kernel BUG at fs/namei.c:LINE!
run #1: crashed: kernel BUG at fs/namei.c:LINE!
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect good 114e8135ae0031556ead1bcb67249ecb84b804de
Bisecting: 23 revisions left to test after this (roughly 5 steps)
[0746b2f501428d01fc45e36023aaf58c43b18650] scsi: ufs: Avoid runtime suspend possibly being blocked forever
testing commit 0746b2f501428d01fc45e36023aaf58c43b18650 with gcc (GCC) 8.1.0
kernel signature: 90a7b4f4fa01d8d330022c1ca51a9396439b1a44
all runs: OK
# git bisect bad 0746b2f501428d01fc45e36023aaf58c43b18650
Bisecting: 11 revisions left to test after this (roughly 4 steps)
[3cb5d7fa8f7db47cf4c0016df87c7589474ed09b] ovl: support the FS_IOC_FS[SG]ETXATTR ioctls
testing commit 3cb5d7fa8f7db47cf4c0016df87c7589474ed09b with gcc (GCC) 8.1.0
kernel signature: f39d4a8dc485250ec237f11ed56bb3b4581f00a9
run #0: crashed: kernel BUG at fs/namei.c:LINE!
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect good 3cb5d7fa8f7db47cf4c0016df87c7589474ed09b
Bisecting: 5 revisions left to test after this (roughly 3 steps)
[fb48fb155e1b86a3c6d3a5cd67942e0513a267f0] s390/jump_label: Use "jdd" constraint on gcc9
testing commit fb48fb155e1b86a3c6d3a5cd67942e0513a267f0 with gcc (GCC) 8.1.0
kernel signature: b5db7d7ecde5baf1326f34f5c729db3a3fbf185b
all runs: OK
# git bisect bad fb48fb155e1b86a3c6d3a5cd67942e0513a267f0
Bisecting: 2 revisions left to test after this (roughly 2 steps)
[f1c5aa5eda08710c2ba619d93126380881fa1114] ovl: detect overlapping layers
testing commit f1c5aa5eda08710c2ba619d93126380881fa1114 with gcc (GCC) 8.1.0
kernel signature: 3fe8797a89c873ba04bfdff86109bdbbea6957b7
all runs: OK
# git bisect bad f1c5aa5eda08710c2ba619d93126380881fa1114
Bisecting: 0 revisions left to test after this (roughly 1 step)
[a00f405e133fb486a34fb7cc1bdc64deab4d4fa0] ovl: make i_ino consistent with st_ino in more cases
testing commit a00f405e133fb486a34fb7cc1bdc64deab4d4fa0 with gcc (GCC) 8.1.0
kernel signature: a57a9af4b7bad3a5e56d7cfebba6762e672485e3
run #0: crashed: kernel BUG at fs/namei.c:LINE!
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect good a00f405e133fb486a34fb7cc1bdc64deab4d4fa0
f1c5aa5eda08710c2ba619d93126380881fa1114 is the first bad commit
commit f1c5aa5eda08710c2ba619d93126380881fa1114
Author: Amir Goldstein <amir73il@gmail.com>
Date:   Thu Apr 18 17:42:08 2019 +0300

    ovl: detect overlapping layers
    
    [ Upstream commit 146d62e5a5867fbf84490d82455718bfb10fe824 ]
    
    Overlapping overlay layers are not supported and can cause unexpected
    behavior, but overlayfs does not currently check or warn about these
    configurations.
    
    User is not supposed to specify the same directory for upper and
    lower dirs or for different lower layers and user is not supposed to
    specify directories that are descendants of each other for overlay
    layers, but that is exactly what this zysbot repro did:
    
        https://syzkaller.appspot.com/x/repro.syz?x=12c7a94f400000
    
    Moving layer root directories into other layers while overlayfs
    is mounted could also result in unexpected behavior.
    
    This commit places "traps" in the overlay inode hash table.
    Those traps are dummy overlay inodes that are hashed by the layers
    root inodes.
    
    On mount, the hash table trap entries are used to verify that overlay
    layers are not overlapping.  While at it, we also verify that overlay
    layers are not overlapping with directories "in-use" by other overlay
    instances as upperdir/workdir.
    
    On lookup, the trap entries are used to verify that overlay layers
    root inodes have not been moved into other layers after mount.
    
    Some examples:
    
    $ ./run --ov --samefs -s
    ...
    ( mkdir -p base/upper/0/u base/upper/0/w base/lower lower upper mnt
      mount -o bind base/lower lower
      mount -o bind base/upper upper
      mount -t overlay none mnt ...
            -o lowerdir=lower,upperdir=upper/0/u,workdir=upper/0/w)
    
    $ umount mnt
    $ mount -t overlay none mnt ...
            -o lowerdir=base,upperdir=upper/0/u,workdir=upper/0/w
    
      [   94.434900] overlayfs: overlapping upperdir path
      mount: mount overlay on mnt failed: Too many levels of symbolic links
    
    $ mount -t overlay none mnt ...
            -o lowerdir=upper/0/u,upperdir=upper/0/u,workdir=upper/0/w
    
      [  151.350132] overlayfs: conflicting lowerdir path
      mount: none is already mounted or mnt busy
    
    $ mount -t overlay none mnt ...
            -o lowerdir=lower:lower/a,upperdir=upper/0/u,workdir=upper/0/w
    
      [  201.205045] overlayfs: overlapping lowerdir path
      mount: mount overlay on mnt failed: Too many levels of symbolic links
    
    $ mount -t overlay none mnt ...
            -o lowerdir=lower,upperdir=upper/0/u,workdir=upper/0/w
    $ mv base/upper/0/ base/lower/
    $ find mnt/0
      mnt/0
      mnt/0/w
      find: 'mnt/0/w/work': Too many levels of symbolic links
      find: 'mnt/0/u': Too many levels of symbolic links
    
    Reported-by: syzbot+9c69c282adc4edd2b540@syzkaller.appspotmail.com
    Signed-off-by: Amir Goldstein <amir73il@gmail.com>
    Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 fs/overlayfs/inode.c     |  48 ++++++++++++++
 fs/overlayfs/namei.c     |   8 +++
 fs/overlayfs/overlayfs.h |   3 +
 fs/overlayfs/ovl_entry.h |   6 ++
 fs/overlayfs/super.c     | 169 ++++++++++++++++++++++++++++++++++++++++++-----
 fs/overlayfs/util.c      |  12 ++++
 6 files changed, 229 insertions(+), 17 deletions(-)
culprit signature: 3fe8797a89c873ba04bfdff86109bdbbea6957b7
parent  signature: a57a9af4b7bad3a5e56d7cfebba6762e672485e3
revisions tested: 14, total time: 4h20m45.164145321s (build: 2h0m20.894060362s, test: 2h19m5.059306606s)
first good commit: f1c5aa5eda08710c2ba619d93126380881fa1114 ovl: detect overlapping layers
cc: ["amir73il@gmail.com" "mszeredi@redhat.com" "sashal@kernel.org"]