On Mon, Nov 18, 2024 at 3:17 PM Vasiliy Kovalev <kovalev@xxxxxxxxxxxx> wrote: > > Ensure that the lookup operation is present for the inode in the overlay > filesystem. If the operation is missing, log a warning and return an EIO > error to prevent further issues in the lookup process. > > Reported-by: syzbot+a8c9d476508bd14a90e5@xxxxxxxxxxxxxxxxxxxxxxxxx > Link: https://syzkaller.appspot.com/bug?extid=a8c9d476508bd14a90e5 > Signed-off-by: Vasiliy Kovalev <kovalev@xxxxxxxxxxxx> > --- > fs/overlayfs/namei.c | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/fs/overlayfs/namei.c b/fs/overlayfs/namei.c > index 5764f91d283e7..a73f37e401cf0 100644 > --- a/fs/overlayfs/namei.c > +++ b/fs/overlayfs/namei.c > @@ -1115,6 +1115,13 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, > for (i = 0; !d.stop && i < ovl_numlower(poe); i++) { > struct ovl_path lower = ovl_lowerstack(poe)[i]; > > + if (!lower.dentry->d_inode->i_op->lookup) { > + err = -EIO; > + pr_warn_ratelimited("missing lookup operation for inode %p\n", > + lower.dentry->d_inode); > + goto out_put; > + } > + This looks like it is papering over a bug. The dentries in the poe lower stack are supposed to be d_can_lookup(), which means that they should have a ->lookup op. See in ovl_lookup_single(): if (!d_can_lookup(this)) { if (d->is_dir || !last_element) { d->stop = true; goto put_and_out; } Can you analyse what went wrong with the reproducer? How did we get to a state where lowerstack of parent has a dentry which is !d_can_lookup? Thanks, Amir.