Received: by 2002:a05:6a10:a852:0:0:0:0 with SMTP id d18csp1440632pxy;
        Thu, 6 May 2021 08:04:17 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxetDtMVfHKGNcVjQ5ydexoAvU5IXj3tC1G8S0kOoz1JRGjq+Q5ujg6sycy0rCpKAF/s39c
X-Received: by 2002:a17:902:b109:b029:ef:1ee:9d02 with SMTP id q9-20020a170902b109b02900ef01ee9d02mr732106plr.85.1620313457558;
        Thu, 06 May 2021 08:04:17 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1620313457; cv=none;
        d=google.com; s=arc-20160816;
        b=BX+b0BAYXLOgo0UEv6NmiVHyDpUVo80cZLUTsWsHQQEp2SqAE+v2K/7oW9h0yCF1RU
         cRnYtWdDx0LQYKDbQYSMz6ttJGuQ8rFsvyZCcCsXBQ/h1OEr0hFAwByQAVY6uzwgIAhI
         IoA5P3HKDakQ9cWGUUd1BXxWbvgICC/iRhbQpBQpt7H1Etut2mYJUZDbiIg7Jfe/mzGC
         veTMPLuV/PlWBV2aScHidY/F/NMKNPIqWuFR5OXW3eMuvKr9/UnaDEBwYDGyBgBewKvj
         FnKg81IURFLKa4qDYzdF31BjPJj3paMP+g+x/OWvco5rONBr/jdij2pgRjRHXiHL+l/C
         WFvw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:dkim-signature;
        bh=wnPWvebsLpWqkrgssMxxziUnTuI2lMgL+wHmlHihUo0=;
        b=v0XDjuXZPtTiWZWDkgEtvOFzq3hSxncc5V4fbuZtID7YtINtOwXZM8acEtPbwFIQQf
         UszEEyCxMDuMtdHbXTD9eqfMmPXyVmyEO9MD4loHgb+hkIvVHcalpfEeVdWbHiVT3btq
         A6ZPUWk1UojxGdk8K+D6KHGjrReaAzRGx7rE1hdz2pSKHg1jHH/aC+q4oqewJq5k943g
         xP+H+l+T75rFNH1OyyfhabvRk0ssB0aUvZhbYU40Gh7BTf9cEQydTNZfZfocJVclLWvJ
         TAKBQPtL8tdWpxU6KnT40FoCBoO5eIrm7yjq5SAiUs/ZREcihUrL8s36db6jVfOrz0qd
         xFAg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=ZatXpqHI;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id y5si3530706pfy.195.2021.05.06.08.04.02;
        Thu, 06 May 2021 08:04:17 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=ZatXpqHI;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S235079AbhEFPBx (ORCPT <rfc822;li.zhiang.cn@gmail.com>
        + 99 others); Thu, 6 May 2021 11:01:53 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54524 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S235052AbhEFPBw (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 6 May 2021 11:01:52 -0400
Received: from mail-qk1-x72e.google.com (mail-qk1-x72e.google.com [IPv6:2607:f8b0:4864:20::72e])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E9791C061761
        for <linux-kernel@vger.kernel.org>; Thu,  6 May 2021 08:00:53 -0700 (PDT)
Received: by mail-qk1-x72e.google.com with SMTP id q127so5202178qkb.1
        for <linux-kernel@vger.kernel.org>; Thu, 06 May 2021 08:00:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=wnPWvebsLpWqkrgssMxxziUnTuI2lMgL+wHmlHihUo0=;
        b=ZatXpqHIBpF4zhWfm4wG0j3tasAauayBHHJLd5R4AUda+bkDSsfL/haw69SivVlKfz
         q/euFcBEhT/sWxTPsKy8Wvb7mOUGGR3g/NFaE/+VRoKgbaSUu560Brc6iuuRqRApAnbj
         6tLRAUYgTn6cAY9xz7iRDp0gWdl0ZgLk69gS3sLGU2WECmJVm9JW3bHywc7YUoZV3IJo
         2zFKoM1gvv2lqgytki5oO11b7FY0Bi1m/pqt2la6zxoZ5cHuBqopKtcbVdUI8oERbYfB
         Il4qyf3IwZ1DUJINyoGqVfMzP6PSsIBx1apn9tbvyuKbIiyC3upYb48J2dwU7TKSFf7G
         3zig==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=wnPWvebsLpWqkrgssMxxziUnTuI2lMgL+wHmlHihUo0=;
        b=JV4b9GiWFL/WfWjj1NZy6Nl203FiCCzqgmO7h4JXaTjOlzfu/fgDc28uW4abVco9s4
         yofW6qIuLPD4YzTT+DlunmgW6y0QdieengXCrzOeJTvtECdEVKO/qbRg6Ho8IXS+JebG
         k4GZa7E1ca4+Vs6qDnnQBIgl9WCXy4uj06RVgsOQsqFf5dC/QJkrEC3FLmhoV4FqS/iU
         rCBbtN1jw2rsHx3PAKFwaKB6ti2fhr8xrbX4JXiDhm9ypwzjLB27FauZCyyuiNbneKXB
         Nln0erEvUVrQknzP5zuAEgW0nHqrto5TjnwvTIvRPxPYi42eTZ+f51r6eQ9LVj2IiNGj
         IcFg==
X-Gm-Message-State: AOAM532/3ryZyH1NNGLoIHlTF3tgjkaioVYN+YdiuIwGW+fBWfEJQGiI
        iK5pLtWgBbaGhghc4Te9AWYulzPUwHt7chJPMpB7aA==
X-Received: by 2002:a37:c20a:: with SMTP id i10mr4479130qkm.350.1620313252874;
 Thu, 06 May 2021 08:00:52 -0700 (PDT)
MIME-Version: 1.0
References: <000000000000fdc0be05c1a6d68f@google.com> <20210506142210.GA37570@pc638.lan>
 <20210506145722.GC1955@kadam>
In-Reply-To: <20210506145722.GC1955@kadam>
From:   Dmitry Vyukov <dvyukov@google.com>
Date:   Thu, 6 May 2021 17:00:41 +0200
Message-ID: <CACT4Y+bEpri=MaveEOSeGGa3i-hwVgt3Cq13GMQxPLWu7g+ThA@mail.gmail.com>
Subject: Re: [syzbot] WARNING in __vmalloc_node_range
To:     Dan Carpenter <dan.carpenter@oracle.com>
Cc:     Uladzislau Rezki <urezki@gmail.com>,
        USB list <linux-usb@vger.kernel.org>,
        Linux Media Mailing List <linux-media@vger.kernel.org>,
        LKML <linux-kernel@vger.kernel.org>,
        Mauro Carvalho Chehab <mchehab@kernel.org>,
        syzkaller-bugs <syzkaller-bugs@googlegroups.com>
Content-Type: text/plain; charset="UTF-8"
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, May 6, 2021 at 4:57 PM Dan Carpenter <dan.carpenter@oracle.com> wrote:
>
> On Thu, May 06, 2021 at 04:22:10PM +0200, Uladzislau Rezki wrote:
> > Seems like vmalloc() is called with zero size passed:
> >
> > <snip>
> > void *__vmalloc_node_range(unsigned long size, unsigned long align,
> >                       unsigned long start, unsigned long end, gfp_t gfp_mask,
> >                       pgprot_t prot, unsigned long vm_flags, int node,
> >                       const void *caller)
> > {
> >       struct vm_struct *area;
> >       void *addr;
> >       unsigned long real_size = size;
> >       unsigned long real_align = align;
> >       unsigned int shift = PAGE_SHIFT;
> >
> > 2873  if (WARN_ON_ONCE(!size))
> >               return NULL;
> > <snip>
> >
> > from the dvb_dmx_init() driver:
> >
> > <snip>
> > int dvb_dmx_init(struct dvb_demux *dvbdemux)
> > {
> >       int i;
> >       struct dmx_demux *dmx = &dvbdemux->dmx;
> >
> >       dvbdemux->cnt_storage = NULL;
> >       dvbdemux->users = 0;
> > 1251  dvbdemux->filter = vmalloc(array_size(sizeof(struct dvb_demux_filter),
> > <snip>                                              dvbdemux->filternum));
>
> Indeed.
>
> It is a mystery because array_size() should never return less than
> sizeof(struct dvb_demux_filter).  That's the whole point of the
> array_size() function is that it returns ULONG_MAX if there is an
> integer overflow.

But it will return 0 if dvbdemux->filternum==0, right?