[syzbot] [overlayfs?] WARNING in ovl_encode_real_fh
45 views
Skip to first unread message
syzbot
Oct 28, 2024, 2:12:30 PM10/28/24
to amir...@gmail.com, linux-...@vger.kernel.org, linux-...@vger.kernel.org, mik...@szeredi.hu, syzkall...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: c2ee9f594da8 KVM: selftests: Fix build on on non-x86 archi..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=178bf640580000
kernel config: https://syzkaller.appspot.com/x/.config?x=fc6f8ce8c5369043
dashboard link: https://syzkaller.appspot.com/bug?extid=ec07f6f5ce62b858579f
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=112628a7980000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=104bf640580000
Downloadable assets:
disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/7feb34a89c2a/non_bootable_disk-c2ee9f59.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/8a3541902b13/vmlinux-c2ee9f59.xz
kernel image: https://storage.googleapis.com/syzbot-assets/a00efacc2604/bzImage-c2ee9f59.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+ec07f6...@syzkaller.appspotmail.com
RDX: 0000000000000000 RSI: 0000000020000440 RDI: 00000000ffffff9c
RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000003932
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc9b4e42fc
R13: 0000000000000004 R14: 431bde82d7b634db R15: 00007ffc9b4e4330
</TASK>
------------[ cut here ]------------
WARNING: CPU: 0 PID: 5103 at fs/overlayfs/copy_up.c:448 ovl_encode_real_fh+0x2e2/0x410 fs/overlayfs/copy_up.c:448
Modules linked in:
CPU: 0 UID: 0 PID: 5103 Comm: syz-executor195 Not tainted 6.12.0-rc4-syzkaller-00047-gc2ee9f594da8 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
RIP: 0010:ovl_encode_real_fh+0x2e2/0x410 fs/overlayfs/copy_up.c:448
Code: 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 05 b6 75 fe 90 0f 0b 90 eb 14 e8 fa b5 75 fe 90 0f 0b 90 eb 09 e8 ef b5 75 fe 90 <0f> 0b 90 4c 89 ff e8 b3 6a d3 fe 49 c7 c7 fb ff ff ff eb 8b 89 d1
RSP: 0018:ffffc9000b1f73c0 EFLAGS: 00010293
RAX: ffffffff831f21f1 RBX: 1ffff9200163ee80 RCX: ffff88801fbc2440
RDX: 0000000000000000 RSI: 00000000000000ff RDI: 00000000000000ff
RBP: ffffc9000b1f7470 R08: ffffffff831f208c R09: 1ffffffff2039fdd
R10: dffffc0000000000 R11: fffffbfff2039fde R12: 00000000000000ff
R13: 0000000000000080 R14: 1ffff9200163ee7c R15: ffff888036790300
FS: 0000555590223480(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f6fdf3d7709 CR3: 0000000040e6e000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
ovl_get_origin_fh fs/overlayfs/copy_up.c:484 [inline]
ovl_do_copy_up fs/overlayfs/copy_up.c:961 [inline]
ovl_copy_up_one fs/overlayfs/copy_up.c:1203 [inline]
ovl_copy_up_flags+0x1068/0x46f0 fs/overlayfs/copy_up.c:1258
ovl_setattr+0x11d/0x5a0 fs/overlayfs/inode.c:40
notify_change+0xbca/0xe90 fs/attr.c:503
chown_common+0x501/0x850 fs/open.c:793
do_fchownat+0x16a/0x240 fs/open.c:824
__do_sys_fchownat fs/open.c:839 [inline]
__se_sys_fchownat fs/open.c:836 [inline]
__x64_sys_fchownat+0xb5/0xd0 fs/open.c:836
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f6fdf3812f9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 1b 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffc9b4e42a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000104
RAX: ffffffffffffffda RBX: 00007ffc9b4e42b0 RCX: 00007f6fdf3812f9
RDX: 0000000000000000 RSI: 0000000020000440 RDI: 00000000ffffff9c
RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000003932
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc9b4e42fc
R13: 0000000000000004 R14: 431bde82d7b634db R15: 00007ffc9b4e4330
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: c2ee9f594da8 KVM: selftests: Fix build on on non-x86 archi..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=178bf640580000
kernel config: https://syzkaller.appspot.com/x/.config?x=fc6f8ce8c5369043
dashboard link: https://syzkaller.appspot.com/bug?extid=ec07f6f5ce62b858579f
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=112628a7980000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=104bf640580000
Downloadable assets:
disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/7feb34a89c2a/non_bootable_disk-c2ee9f59.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/8a3541902b13/vmlinux-c2ee9f59.xz
kernel image: https://storage.googleapis.com/syzbot-assets/a00efacc2604/bzImage-c2ee9f59.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+ec07f6...@syzkaller.appspotmail.com
RDX: 0000000000000000 RSI: 0000000020000440 RDI: 00000000ffffff9c
RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000003932
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc9b4e42fc
R13: 0000000000000004 R14: 431bde82d7b634db R15: 00007ffc9b4e4330
</TASK>
------------[ cut here ]------------
WARNING: CPU: 0 PID: 5103 at fs/overlayfs/copy_up.c:448 ovl_encode_real_fh+0x2e2/0x410 fs/overlayfs/copy_up.c:448
Modules linked in:
CPU: 0 UID: 0 PID: 5103 Comm: syz-executor195 Not tainted 6.12.0-rc4-syzkaller-00047-gc2ee9f594da8 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
RIP: 0010:ovl_encode_real_fh+0x2e2/0x410 fs/overlayfs/copy_up.c:448
Code: 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 05 b6 75 fe 90 0f 0b 90 eb 14 e8 fa b5 75 fe 90 0f 0b 90 eb 09 e8 ef b5 75 fe 90 <0f> 0b 90 4c 89 ff e8 b3 6a d3 fe 49 c7 c7 fb ff ff ff eb 8b 89 d1
RSP: 0018:ffffc9000b1f73c0 EFLAGS: 00010293
RAX: ffffffff831f21f1 RBX: 1ffff9200163ee80 RCX: ffff88801fbc2440
RDX: 0000000000000000 RSI: 00000000000000ff RDI: 00000000000000ff
RBP: ffffc9000b1f7470 R08: ffffffff831f208c R09: 1ffffffff2039fdd
R10: dffffc0000000000 R11: fffffbfff2039fde R12: 00000000000000ff
R13: 0000000000000080 R14: 1ffff9200163ee7c R15: ffff888036790300
FS: 0000555590223480(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f6fdf3d7709 CR3: 0000000040e6e000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
ovl_get_origin_fh fs/overlayfs/copy_up.c:484 [inline]
ovl_do_copy_up fs/overlayfs/copy_up.c:961 [inline]
ovl_copy_up_one fs/overlayfs/copy_up.c:1203 [inline]
ovl_copy_up_flags+0x1068/0x46f0 fs/overlayfs/copy_up.c:1258
ovl_setattr+0x11d/0x5a0 fs/overlayfs/inode.c:40
notify_change+0xbca/0xe90 fs/attr.c:503
chown_common+0x501/0x850 fs/open.c:793
do_fchownat+0x16a/0x240 fs/open.c:824
__do_sys_fchownat fs/open.c:839 [inline]
__se_sys_fchownat fs/open.c:836 [inline]
__x64_sys_fchownat+0xb5/0xd0 fs/open.c:836
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f6fdf3812f9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 1b 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffc9b4e42a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000104
RAX: ffffffffffffffda RBX: 00007ffc9b4e42b0 RCX: 00007f6fdf3812f9
RDX: 0000000000000000 RSI: 0000000020000440 RDI: 00000000ffffff9c
RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000003932
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc9b4e42fc
R13: 0000000000000004 R14: 431bde82d7b634db R15: 00007ffc9b4e4330
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Edward Adam Davis
Oct 30, 2024, 6:38:18 AM10/30/24
to syzbot+ec07f6...@syzkaller.appspotmail.com, amir...@gmail.com, linux-...@vger.kernel.org, linux-...@vger.kernel.org, mik...@szeredi.hu, syzkall...@googlegroups.com
When the memory is insufficient, the allocation of fh fails, which causes
the failure to obtain the dentry fid, and finally causes the dentry encoding
to fail.
Retry is used to avoid the failure of fh allocation caused by temporary
insufficient memory.
#syz test
diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c
index 2ed6ad641a20..1e027a3cf084 100644
--- a/fs/overlayfs/copy_up.c
+++ b/fs/overlayfs/copy_up.c
@@ -423,15 +423,22 @@ struct ovl_fh *ovl_encode_real_fh(struct ovl_fs *ofs, struct dentry *real,
int fh_type, dwords;
int buflen = MAX_HANDLE_SZ;
uuid_t *uuid = &real->d_sb->s_uuid;
- int err;
+ int err, rtt = 0;
/* Make sure the real fid stays 32bit aligned */
BUILD_BUG_ON(OVL_FH_FID_OFFSET % 4);
BUILD_BUG_ON(MAX_HANDLE_SZ + OVL_FH_FID_OFFSET > 255);
+retry:
fh = kzalloc(buflen + OVL_FH_FID_OFFSET, GFP_KERNEL);
- if (!fh)
+ if (!fh) {
+ if (!rtt) {
+ cond_resched();
+ rtt++;
+ goto retry;
+ }
return ERR_PTR(-ENOMEM);
+ }
/*
* We encode a non-connectable file handle for non-dir, because we
the failure to obtain the dentry fid, and finally causes the dentry encoding
to fail.
Retry is used to avoid the failure of fh allocation caused by temporary
insufficient memory.
#syz test
diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c
index 2ed6ad641a20..1e027a3cf084 100644
--- a/fs/overlayfs/copy_up.c
+++ b/fs/overlayfs/copy_up.c
@@ -423,15 +423,22 @@ struct ovl_fh *ovl_encode_real_fh(struct ovl_fs *ofs, struct dentry *real,
int fh_type, dwords;
int buflen = MAX_HANDLE_SZ;
uuid_t *uuid = &real->d_sb->s_uuid;
- int err;
+ int err, rtt = 0;
/* Make sure the real fid stays 32bit aligned */
BUILD_BUG_ON(OVL_FH_FID_OFFSET % 4);
BUILD_BUG_ON(MAX_HANDLE_SZ + OVL_FH_FID_OFFSET > 255);
+retry:
fh = kzalloc(buflen + OVL_FH_FID_OFFSET, GFP_KERNEL);
- if (!fh)
+ if (!fh) {
+ if (!rtt) {
+ cond_resched();
+ rtt++;
+ goto retry;
+ }
return ERR_PTR(-ENOMEM);
+ }
/*
* We encode a non-connectable file handle for non-dir, because we
syzbot
Oct 30, 2024, 6:52:11 AM10/30/24
to amir...@gmail.com, ead...@qq.com, linux-...@vger.kernel.org, linux-...@vger.kernel.org, mik...@szeredi.hu, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-by: syzbot+ec07f6...@syzkaller.appspotmail.com
Tested-by: syzbot+ec07f6...@syzkaller.appspotmail.com
Tested on:
commit: c1e939a2 Merge tag 'cgroup-for-6.12-rc5-fixes' of git:..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=123ee2a7980000
kernel config: https://syzkaller.appspot.com/x/.config?x=35698c25466f388c
Note: testing is done by a robot and is best-effort only.
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-by: syzbot+ec07f6...@syzkaller.appspotmail.com
Tested-by: syzbot+ec07f6...@syzkaller.appspotmail.com
Tested on:
commit: c1e939a2 Merge tag 'cgroup-for-6.12-rc5-fixes' of git:..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=123ee2a7980000
kernel config: https://syzkaller.appspot.com/x/.config?x=35698c25466f388c
dashboard link: https://syzkaller.appspot.com/bug?extid=ec07f6f5ce62b858579f
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=123c8630580000
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Note: testing is done by a robot and is best-effort only.
Edward Adam Davis
Oct 30, 2024, 9:30:46 AM10/30/24
to syzbot+ec07f6...@syzkaller.appspotmail.com, amir...@gmail.com, linux-...@vger.kernel.org, linux-...@vger.kernel.org, mik...@szeredi.hu, syzkall...@googlegroups.com
Syzbot report a WARNING in ovl_encode_real_fh.
Closes: https://syzkaller.appspot.com/bug?extid=ec07f6f5ce62b858579f
Signed-off-by: Edward Adam Davis <ead...@qq.com>
---
fs/overlayfs/copy_up.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
--
2.43.0
When the memory is insufficient, the allocation of fh fails, which causes
the failure to obtain the dentry fid, and finally causes the dentry encoding
to fail.
Retry is used to avoid the failure of fh allocation caused by temporary
insufficient memory.
Reported-and-tested-by: syzbot+ec07f6...@syzkaller.appspotmail.com
the failure to obtain the dentry fid, and finally causes the dentry encoding
to fail.
Retry is used to avoid the failure of fh allocation caused by temporary
insufficient memory.
Closes: https://syzkaller.appspot.com/bug?extid=ec07f6f5ce62b858579f
Signed-off-by: Edward Adam Davis <ead...@qq.com>
---
fs/overlayfs/copy_up.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
2.43.0
Amir Goldstein
Oct 30, 2024, 2:34:12 PM10/30/24
to Edward Adam Davis, syzbot+ec07f6...@syzkaller.appspotmail.com, linux-kernel, overlayfs, Miklos Szeredi, syzkaller-bugs
On Wed, Oct 30, 2024, 2:30 PM Edward Adam Davis <ead...@qq.com> wrote:
Syzbot report a WARNING in ovl_encode_real_fh.
When the memory is insufficient, the allocation of fh fails, which causes
the failure to obtain the dentry fid, and finally causes the dentry encoding
to fail.
Retry is used to avoid the failure of fh allocation caused by temporary
insufficient memory.
Memory allocation can fail.
It sould not cause a WARNING.
Can you fix the warning instead of retry allocation forever?
Amir Goldstein
Nov 4, 2024, 2:30:53 PM11/4/24
to Edward Adam Davis, syzbot+ec07f6...@syzkaller.appspotmail.com, linux-...@vger.kernel.org, linux-...@vger.kernel.org, mik...@szeredi.hu, syzkall...@googlegroups.com
a WARN_ON in line 448:
WARN_ON(fh_type == FILEID_INVALID))
How does that have to do with memory allocation failure?
What am I missing?
Probably this WARN_ON as well as the one in line 446 should be
relaxed because it is perfectly possible for fs to return negative or
FILEID_INVALID for encoding a file handle even if fs supports encoding
file handles.
Thanks,
Amir.
Edward Adam Davis
Nov 5, 2024, 9:43:47 PM11/5/24
to amir...@gmail.com, ead...@qq.com, linux-...@vger.kernel.org, linux-...@vger.kernel.org, mik...@szeredi.hu, syzbot+ec07f6...@syzkaller.appspotmail.com, syzkall...@googlegroups.com
[ 64.050342][ T5103] FAULT_INJECTION: forcing a failure.
[ 64.050342][ T5103] name failslab, interval 1, probability 0, space 0, times 0
[ 64.055933][ T5103] CPU: 0 UID: 0 PID: 5103 Comm: syz-executor195 Not tainted 6.12.0-rc4-syzkaller-00047-gc2ee9f594da8 #0
[ 64.060023][ T5103] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 64.063941][ T5103] Call Trace:
[ 64.065199][ T5103] <TASK>
[ 64.066296][ T5103] dump_stack_lvl+0x241/0x360
[ 64.068028][ T5103] ? __pfx_dump_stack_lvl+0x10/0x10
[ 64.069939][ T5103] ? __pfx__printk+0x10/0x10
[ 64.071667][ T5103] ? __kmalloc_cache_noprof+0x44/0x2c0
[ 64.073756][ T5103] ? __pfx___might_resched+0x10/0x10
[ 64.075720][ T5103] should_fail_ex+0x3b0/0x4e0
[ 64.077525][ T5103] should_failslab+0xac/0x100
[ 64.079341][ T5103] ? ovl_encode_real_fh+0xdf/0x410
[ 64.081295][ T5103] __kmalloc_cache_noprof+0x6c/0x2c0
[ 64.083282][ T5103] ? dput+0x37/0x2b0
[ 64.084758][ T5103] ovl_encode_real_fh+0xdf/0x410
[ 64.086578][ T5103] ? __pfx_ovl_encode_real_fh+0x10/0x10
[ 64.088687][ T5103] ? _raw_spin_unlock+0x28/0x50
[ 64.090550][ T5103] ovl_encode_fh+0x388/0xc20
[ 64.092281][ T5103] exportfs_encode_fh+0x1bd/0x3e0
[ 64.094122][ T5103] ovl_encode_real_fh+0x129/0x410
[ 64.095883][ T5103] ? __pfx_ovl_encode_real_fh+0x10/0x10
[ 64.097852][ T5103] ? bpf_lsm_capable+0x9/0x10
[ 64.099620][ T5103] ? capable+0x89/0xe0
[ 64.101064][ T5103] ovl_copy_up_flags+0x1068/0x46f0
>
> Probably this WARN_ON as well as the one in line 446 should be
> relaxed because it is perfectly possible for fs to return negative or
> FILEID_INVALID for encoding a file handle even if fs supports encoding
> file handles.
>
BR,
> Probably this WARN_ON as well as the one in line 446 should be
> relaxed because it is perfectly possible for fs to return negative or
> FILEID_INVALID for encoding a file handle even if fs supports encoding
> file handles.
>
Edward
Amir Goldstein
Nov 6, 2024, 3:20:38 AM11/6/24
to Edward Adam Davis, linux-...@vger.kernel.org, linux-...@vger.kernel.org, mik...@szeredi.hu, syzbot+ec07f6...@syzkaller.appspotmail.com, syzkall...@googlegroups.com
overlayfs, causes ovl_encode_fh() to return FILEID_INVALID.
> >
> > Probably this WARN_ON as well as the one in line 446 should be
> > relaxed because it is perfectly possible for fs to return negative or
> > FILEID_INVALID for encoding a file handle even if fs supports encoding
> > file handles.
> >
fh_type == FILEID_INVALID and fh_type < 0 conditions because
those are valid return values from filesystems.
Thanks,
Amir,
Edward Adam Davis
Nov 6, 2024, 5:19:16 AM11/6/24
to amir...@gmail.com, ead...@qq.com, linux-...@vger.kernel.org, linux-...@vger.kernel.org, mik...@szeredi.hu, syzbot+ec07f6...@syzkaller.appspotmail.com, syzkall...@googlegroups.com
diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c
index 2ed6ad641a20..32890cc0dd4a 100644
--- a/fs/overlayfs/copy_up.c
+++ b/fs/overlayfs/copy_up.c
@@ -443,9 +443,7 @@ struct ovl_fh *ovl_encode_real_fh(struct ovl_fs *ofs, struct dentry *real,
buflen = (dwords << 2);
err = -EIO;
- if (WARN_ON(fh_type < 0) ||
- WARN_ON(buflen > MAX_HANDLE_SZ) ||
- WARN_ON(fh_type == FILEID_INVALID))
+ if (WARN_ON(buflen > MAX_HANDLE_SZ))
goto out_err;
fh->fb.version = OVL_FH_VERSION;
BR,
Edward
Amir Goldstein
Nov 6, 2024, 5:34:26 AM11/6/24
to Edward Adam Davis, linux-...@vger.kernel.org, linux-...@vger.kernel.org, mik...@szeredi.hu, syzbot+ec07f6...@syzkaller.appspotmail.com, syzkall...@googlegroups.com
err = -EIO;
if (fh_type < 0 || fh_type == FILEID_INVALID ||
WARN_ON(buflen > MAX_HANDLE_SZ))
goto out_err;
Meaning that error should definitely be returned in those cases,
but there is no reason for the assertion which is what syzbot
was complaining about.
Thanks,
Amir.
Edward Adam Davis
Nov 6, 2024, 5:45:40 AM11/6/24
to amir...@gmail.com, ead...@qq.com, linux-...@vger.kernel.org, linux-...@vger.kernel.org, mik...@szeredi.hu, syzbot+ec07f6...@syzkaller.appspotmail.com, syzkall...@googlegroups.com
BR,
Edward
Amir Goldstein
Dec 19, 2024, 6:18:12 AM12/19/24
to syzbot, linux-...@vger.kernel.org, linux-...@vger.kernel.org, mik...@szeredi.hu, syzkall...@googlegroups.com, linux-fsdevel
syzbot
Dec 19, 2024, 6:38:04 AM12/19/24
to amir...@gmail.com, linux-...@vger.kernel.org, linux-...@vger.kernel.org, linux-...@vger.kernel.org, mik...@szeredi.hu, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-by: syzbot+ec07f6...@syzkaller.appspotmail.com
Tested-by: syzbot+ec07f6...@syzkaller.appspotmail.com
Tested on:
commit: e42bb34c fs: relax assertions on failure to encode fil..
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-by: syzbot+ec07f6...@syzkaller.appspotmail.com
Tested-by: syzbot+ec07f6...@syzkaller.appspotmail.com
Tested on:
git tree: https://github.com/amir73il/linux fsnotify-fixes
console output: https://syzkaller.appspot.com/x/log.txt?x=10674cf8580000
kernel config: https://syzkaller.appspot.com/x/.config?x=c9e486c6802437cf
dashboard link: https://syzkaller.appspot.com/bug?extid=ec07f6f5ce62b858579f
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Note: no patches were applied.
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Reply all
Reply to author
Forward
0 new messages