bisecting fixing commit since 19bb613acb9ad8e57593cad5118acaee117cc303
building syzkaller on b617407b25b37a7a8efa47127005d1f20dd0abe1
testing commit 19bb613acb9ad8e57593cad5118acaee117cc303 with gcc (GCC) 8.1.0
kernel signature: 09c675c0d5c6230fb172c69254217b69a7625c13
all runs: crashed: WARNING in ovl_rename
testing current HEAD 312017a460d5ea31d646e7148e400e13db799ddc
testing commit 312017a460d5ea31d646e7148e400e13db799ddc with gcc (GCC) 8.1.0
kernel signature: 1c5e85159c1fe5f33981e0d852a1e871e2316498
all runs: OK
# git bisect start 312017a460d5ea31d646e7148e400e13db799ddc 19bb613acb9ad8e57593cad5118acaee117cc303
Bisecting: 2885 revisions left to test after this (roughly 12 steps)
[5f147150b75307c8c0220ec4a4bd4f9a82018a54] riscv: remove unused variable in ftrace
testing commit 5f147150b75307c8c0220ec4a4bd4f9a82018a54 with gcc (GCC) 8.1.0
kernel signature: a9007435bdca2a356d05d63d0f8ae6e985fc7c43
all runs: OK
# git bisect bad 5f147150b75307c8c0220ec4a4bd4f9a82018a54
Bisecting: 1442 revisions left to test after this (roughly 11 steps)
[fb48fb155e1b86a3c6d3a5cd67942e0513a267f0] s390/jump_label: Use "jdd" constraint on gcc9
testing commit fb48fb155e1b86a3c6d3a5cd67942e0513a267f0 with gcc (GCC) 8.1.0
kernel signature: ed14da976f63c38dfbd7e54ab924e6c945ae0881
all runs: OK
# git bisect bad fb48fb155e1b86a3c6d3a5cd67942e0513a267f0
Bisecting: 720 revisions left to test after this (roughly 10 steps)
[7aea2f94cc64623e4caacc01c3a7afb133ec1906] perf bench numa: Add define for RUSAGE_THREAD if not present
testing commit 7aea2f94cc64623e4caacc01c3a7afb133ec1906 with gcc (GCC) 8.1.0
kernel signature: 7564e5830f6a2a5ed8cadc8b808e4d7e53158a73
all runs: crashed: BUG: corrupted list in proto_register
# git bisect good 7aea2f94cc64623e4caacc01c3a7afb133ec1906
Bisecting: 360 revisions left to test after this (roughly 9 steps)
[8b057ad846c5919ec4e3462fa373a86e75594a41] memcg: make it work on sparse non-0-node systems
testing commit 8b057ad846c5919ec4e3462fa373a86e75594a41 with gcc (GCC) 8.1.0
kernel signature: 378fb145cb4497e6cd2921cd15136df9ac8fc721
all runs: crashed: WARNING in ovl_rename
# git bisect good 8b057ad846c5919ec4e3462fa373a86e75594a41
Bisecting: 180 revisions left to test after this (roughly 8 steps)
[5a286ced49117a29e65e47cb43fa878ade7a2a70] power: supply: max14656: fix potential use-before-alloc
testing commit 5a286ced49117a29e65e47cb43fa878ade7a2a70 with gcc (GCC) 8.1.0
kernel signature: a6a040d52e9813cf1a42e8e4060893239561448e
all runs: crashed: WARNING in ovl_rename
# git bisect good 5a286ced49117a29e65e47cb43fa878ade7a2a70
Bisecting: 90 revisions left to test after this (roughly 7 steps)
[63feb7e69fdcd4342c4fec9543cf72f9d97ba1a0] usb: dwc2: Fix DMA cache alignment issues
testing commit 63feb7e69fdcd4342c4fec9543cf72f9d97ba1a0 with gcc (GCC) 8.1.0
kernel signature: d76a5568514ce50f3f384a505bad35c1d0f4d788
all runs: crashed: WARNING in ovl_rename
# git bisect good 63feb7e69fdcd4342c4fec9543cf72f9d97ba1a0
Bisecting: 45 revisions left to test after this (roughly 6 steps)
[c133c9db233d12b83d405d285b9d95a60b747fa6] perf/ring_buffer: Add ordering to rb->nest increment
testing commit c133c9db233d12b83d405d285b9d95a60b747fa6 with gcc (GCC) 8.1.0
kernel signature: ab9d934d289636a53a9fca71bd6497be124c902c
all runs: crashed: WARNING in ovl_rename
# git bisect good c133c9db233d12b83d405d285b9d95a60b747fa6
Bisecting: 22 revisions left to test after this (roughly 5 steps)
[8fb2c7969009b16c85fcb4d3a423cc4a4d435a6e] net: sh_eth: fix mdio access in sh_eth_close() for R-Car Gen2 and RZ/A1 SoCs
testing commit 8fb2c7969009b16c85fcb4d3a423cc4a4d435a6e with gcc (GCC) 8.1.0
kernel signature: 7f6d6a1d968767311e666b8541bf5476976b8594
all runs: crashed: WARNING in ovl_rename
# git bisect good 8fb2c7969009b16c85fcb4d3a423cc4a4d435a6e
Bisecting: 11 revisions left to test after this (roughly 4 steps)
[63bbbcd8ed53c404649e0b4248c1e5d42c41ac97] Linux 4.19.54
testing commit 63bbbcd8ed53c404649e0b4248c1e5d42c41ac97 with gcc (GCC) 8.1.0
kernel signature: 1d802ec50faabaa8ffa94473a41546a591104161
all runs: crashed: WARNING in ovl_rename
# git bisect good 63bbbcd8ed53c404649e0b4248c1e5d42c41ac97
Bisecting: 5 revisions left to test after this (roughly 3 steps)
[3cb5d7fa8f7db47cf4c0016df87c7589474ed09b] ovl: support the FS_IOC_FS[SG]ETXATTR ioctls
testing commit 3cb5d7fa8f7db47cf4c0016df87c7589474ed09b with gcc (GCC) 8.1.0
kernel signature: 53a6863281603123da6d41b61e9db7ff8e71bca5
all runs: crashed: WARNING in ovl_rename
# git bisect good 3cb5d7fa8f7db47cf4c0016df87c7589474ed09b
Bisecting: 2 revisions left to test after this (roughly 2 steps)
[f1c5aa5eda08710c2ba619d93126380881fa1114] ovl: detect overlapping layers
testing commit f1c5aa5eda08710c2ba619d93126380881fa1114 with gcc (GCC) 8.1.0
kernel signature: 87e6568b89b49ce9b688496a0018ce93957608dd
all runs: OK
# git bisect bad f1c5aa5eda08710c2ba619d93126380881fa1114
Bisecting: 0 revisions left to test after this (roughly 1 step)
[a00f405e133fb486a34fb7cc1bdc64deab4d4fa0] ovl: make i_ino consistent with st_ino in more cases
testing commit a00f405e133fb486a34fb7cc1bdc64deab4d4fa0 with gcc (GCC) 8.1.0
kernel signature: 69c1653a993d0cc0e9186c24703d6faf52c7d53e
all runs: crashed: WARNING in ovl_rename
# git bisect good a00f405e133fb486a34fb7cc1bdc64deab4d4fa0
f1c5aa5eda08710c2ba619d93126380881fa1114 is the first bad commit
commit f1c5aa5eda08710c2ba619d93126380881fa1114
Author: Amir Goldstein <amir73il@gmail.com>
Date:   Thu Apr 18 17:42:08 2019 +0300

    ovl: detect overlapping layers
    
    [ Upstream commit 146d62e5a5867fbf84490d82455718bfb10fe824 ]
    
    Overlapping overlay layers are not supported and can cause unexpected
    behavior, but overlayfs does not currently check or warn about these
    configurations.
    
    User is not supposed to specify the same directory for upper and
    lower dirs or for different lower layers and user is not supposed to
    specify directories that are descendants of each other for overlay
    layers, but that is exactly what this zysbot repro did:
    
        https://syzkaller.appspot.com/x/repro.syz?x=12c7a94f400000
    
    Moving layer root directories into other layers while overlayfs
    is mounted could also result in unexpected behavior.
    
    This commit places "traps" in the overlay inode hash table.
    Those traps are dummy overlay inodes that are hashed by the layers
    root inodes.
    
    On mount, the hash table trap entries are used to verify that overlay
    layers are not overlapping.  While at it, we also verify that overlay
    layers are not overlapping with directories "in-use" by other overlay
    instances as upperdir/workdir.
    
    On lookup, the trap entries are used to verify that overlay layers
    root inodes have not been moved into other layers after mount.
    
    Some examples:
    
    $ ./run --ov --samefs -s
    ...
    ( mkdir -p base/upper/0/u base/upper/0/w base/lower lower upper mnt
      mount -o bind base/lower lower
      mount -o bind base/upper upper
      mount -t overlay none mnt ...
            -o lowerdir=lower,upperdir=upper/0/u,workdir=upper/0/w)
    
    $ umount mnt
    $ mount -t overlay none mnt ...
            -o lowerdir=base,upperdir=upper/0/u,workdir=upper/0/w
    
      [   94.434900] overlayfs: overlapping upperdir path
      mount: mount overlay on mnt failed: Too many levels of symbolic links
    
    $ mount -t overlay none mnt ...
            -o lowerdir=upper/0/u,upperdir=upper/0/u,workdir=upper/0/w
    
      [  151.350132] overlayfs: conflicting lowerdir path
      mount: none is already mounted or mnt busy
    
    $ mount -t overlay none mnt ...
            -o lowerdir=lower:lower/a,upperdir=upper/0/u,workdir=upper/0/w
    
      [  201.205045] overlayfs: overlapping lowerdir path
      mount: mount overlay on mnt failed: Too many levels of symbolic links
    
    $ mount -t overlay none mnt ...
            -o lowerdir=lower,upperdir=upper/0/u,workdir=upper/0/w
    $ mv base/upper/0/ base/lower/
    $ find mnt/0
      mnt/0
      mnt/0/w
      find: 'mnt/0/w/work': Too many levels of symbolic links
      find: 'mnt/0/u': Too many levels of symbolic links
    
    Reported-by: syzbot+9c69c282adc4edd2b540@syzkaller.appspotmail.com
    Signed-off-by: Amir Goldstein <amir73il@gmail.com>
    Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 fs/overlayfs/inode.c     |  48 ++++++++++++++
 fs/overlayfs/namei.c     |   8 +++
 fs/overlayfs/overlayfs.h |   3 +
 fs/overlayfs/ovl_entry.h |   6 ++
 fs/overlayfs/super.c     | 169 ++++++++++++++++++++++++++++++++++++++++++-----
 fs/overlayfs/util.c      |  12 ++++
 6 files changed, 229 insertions(+), 17 deletions(-)
culprit signature: 87e6568b89b49ce9b688496a0018ce93957608dd
parent  signature: 69c1653a993d0cc0e9186c24703d6faf52c7d53e
revisions tested: 14, total time: 3h29m24.461195822s (build: 1h58m58.819145152s, test: 1h29m0.718112568s)
first good commit: f1c5aa5eda08710c2ba619d93126380881fa1114 ovl: detect overlapping layers
cc: ["amir73il@gmail.com" "mszeredi@redhat.com" "sashal@kernel.org"]