Received: by 2002:a05:7412:419a:b0:f3:1519:9f41 with SMTP id i26csp1213481rdh; Fri, 24 Nov 2023 07:29:11 -0800 (PST) X-Google-Smtp-Source: AGHT+IE18nwC+q/XAQJ+i99PuwQMKYnKUG+AJV5fWptoQ2z67QGGcPvTsXlsnXubl0aTt+M/2sfU X-Received: by 2002:a17:902:ce89:b0:1cf:59c0:7e05 with SMTP id f9-20020a170902ce8900b001cf59c07e05mr3238365plg.17.1700839750655; Fri, 24 Nov 2023 07:29:10 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700839750; cv=none; d=google.com; s=arc-20160816; b=XcC+AlInxEmy+ta36jP5NiE0xoRCFJmtVns70euJALQi9YIVYLhL7yjyfD80bgo9uu AxCfuXxhpjYaa8dfOapCH7HLxgzFLflz7e66WQ/nRG9FnQZFijqisvB0OwcPqjmAU7dg Mclmni2fGHT1jAJeWLfNlOrkCr1INC9Ej7Du78cW/uAsaK+stSC6Eb7Aa4mWy1h12TBn Qot+obhK2bBzVy5knYbWLjZBvtXq2a+4JFq+cBdLM0oUuxx79uXHO2kgHXVyKo8ywbkB 0j7KJ18YiPtBRuILGIzWol9YD5BTx6YmbeB9rVnkLrmx2uDxusVOGRj7caOC3+bZo9RA oX1A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=w9eOTiJRT5tAYEp6WQwpb4QnKWMhr1jjUH9P1tvXDqE=; fh=Z85uMs57ywqE6Z4M3de7w55vRDxUbLhtx9FbTkhaIys=; b=GXmQ3gesTxCemSLt0z/jtFD/1D6onlm51yvpE51I9Lmrc106oOsT6pzHPjtHu/xWol ZTQifmIcLWLRbkvndFpNY1ZEkDhiUFfuQYhw5hr8yPsKPMtlf2Pf+CWIla67L4bbG5sP 8wkWDjJQ3In0zfUz8era1HmUTmDv/cF84h69Oyl5KqU85cIlQ94q3IDoFGbbWeTro4Mb V1zA/XBbilp5GbjZFGtAj/WczkwUWGY4hgwYueikFAxHlX36SyVjzoKi9z/8cTMwQ3Nh HP23eWZPECinry4tyHizdYtjKU/CBdqs4UIOpzCIodgBlAtnNrwbCtPfMxdq6JEU1AfM GDKg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=wHtmdvQI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7]) by mx.google.com with ESMTPS id e21-20020a170902d39500b001cfaeeb91a3si278637pld.474.2023.11.24.07.29.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Nov 2023 07:29:10 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=wHtmdvQI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id DEC3C80C9C84; Fri, 24 Nov 2023 07:26:48 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231282AbjKXP0f (ORCPT + 99 others); Fri, 24 Nov 2023 10:26:35 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47478 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231232AbjKXP0e (ORCPT ); Fri, 24 Nov 2023 10:26:34 -0500 Received: from mail-ed1-x52e.google.com (mail-ed1-x52e.google.com [IPv6:2a00:1450:4864:20::52e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EC7BE1735 for ; Fri, 24 Nov 2023 07:26:39 -0800 (PST) Received: by mail-ed1-x52e.google.com with SMTP id 4fb4d7f45d1cf-548ae9a5eeaso22471a12.1 for ; Fri, 24 Nov 2023 07:26:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1700839598; x=1701444398; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=w9eOTiJRT5tAYEp6WQwpb4QnKWMhr1jjUH9P1tvXDqE=; b=wHtmdvQI5ZYbCxdqnJi/A5AV8/Q5mw8vxg5b1ubxcELBLAJ1B01Z+tPzu47bb0+Gj/ Gt9+qo4TfcKOcdlozug0DM/0HWxxD0woYoEeuhUtkl/CrsQVOHChrl7QaZ4pP6iuyLRv LUND/2qDPcFLkiku4i5+RpWxZgZgMhvZ8/6YoHVleHtj7H8xl15vclxMamwDF0a3tN9a 1SQNg0roxxWt8TJ6ysa6aljdGBvIApZS7nL6PKM0PaB5zoNpcAxVWdsstBLtqEk4aUHW tBpEanQRP+3DSIqSoYjG1qSi2dZFPqJVzNLxFW267UtoWpvNIYGeTxSPjavzQQZYoE8K BYog== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1700839598; x=1701444398; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=w9eOTiJRT5tAYEp6WQwpb4QnKWMhr1jjUH9P1tvXDqE=; b=nSYUNE0CngLlmziAxQWn1q+bs+pY0r23uoTN6RXf6RwC5ZQsA7YbnQMLXQDEgCxv74 Bxrfz4uYnRdGh7rcLyfVbeTqqadJC+omzaGxFKRt6WME1Rq6IbYI+cNJYG0HuxFiFE67 MAZx3/xIZEiC9FspKwhXC9pqWVVFtVAFSl+UfP9wiFk8Mnt1iV1zy/Jj6ggMpSqIj9uP ZZH6b0L3S75G57aQpNDQHKPjgvRAADfw8gd7vlkrtAi7QlIsk9bVjt4gzC/Yfvbb5R1V 593tncMlS4/nR9+wywILzRFiKzXrZsLJ0fzOT0rdg0pD5WtWqpbIt9L3MGZ59XjgTeiq UwHA== X-Gm-Message-State: AOJu0Yz6tixmgrE5swXhVMG/UwWWPtIYXRdMijlkDznFpv73XJ98joQT KQ0CDH60yitbHx9sENmKo+Mtbz714cn13VVltoPtP0NLQDO3ARXgpv0cIISdaDM= X-Received: by 2002:a05:6402:b4c:b0:54a:e781:ce76 with SMTP id bx12-20020a0564020b4c00b0054ae781ce76mr116550edb.6.1700839598271; Fri, 24 Nov 2023 07:26:38 -0800 (PST) MIME-Version: 1.0 References: <000000000000258ac60606589787@google.com> In-Reply-To: From: Jann Horn Date: Fri, 24 Nov 2023 16:26:02 +0100 Message-ID: Subject: Re: [syzbot] [overlayfs?] KASAN: invalid-free in ovl_copy_up_one To: amir73il@gmail.com, syzbot Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-unionfs@vger.kernel.org, miklos@szeredi.hu, syzkaller-bugs@googlegroups.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED,USER_IN_DEF_DKIM_WL, USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Fri, 24 Nov 2023 07:26:49 -0800 (PST) On Fri, Nov 24, 2023 at 4:11=E2=80=AFPM Jann Horn wrote: > > On Wed, Sep 27, 2023 at 5:10=E2=80=AFPM syzbot > wrote: > > syzbot has tested the proposed patch and the reproducer did not trigger= any issue: > > > > Reported-and-tested-by: syzbot+477d8d8901756d1cbba1@syzkaller.appspotma= il.com > > > > Tested on: > > > > commit: 8e9b46c4 ovl: do not encode lower fh with upper sb_wri.= . > > git tree: https://github.com/amir73il/linux.git ovl_want_write > > console output: https://syzkaller.appspot.com/x/log.txt?x=3D10d10ffa680= 000 > > kernel config: https://syzkaller.appspot.com/x/.config?x=3Dbb54ecdfa19= 7f132 > > dashboard link: https://syzkaller.appspot.com/bug?extid=3D477d8d8901756= d1cbba1 > > compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for= Debian) 2.40 > > It looks like the fix was submitted without the Reported-by tag, so > syzkaller doesn't recognize that the fix has landed... I'll tell > syzkaller now which commit the fix is supposed to be in, please > correct me if this is wrong: > > #syz fix: ovl: do not encode lower fh with upper sb_writers held (Ah, and just for the record: I hadn't realized when writing this that the fix was actually in a newer version of the same patch... "git range-diff 44ef23e481b02df2f17599a24f81cf0045dc5256~1..44ef23e481b02df2f175= 99a24f81cf0045dc5256 5b02bfc1e7e3811c5bf7f0fa626a0694d0dbbd77~1..5b02bfc1e7e3811c5bf7f0fa626a069= 4d0dbbd77" shows an added "ovl_get_index_name", I guess that's the fix?)