Received: by 2002:a05:7412:8598:b0:f9:33c2:5753 with SMTP id n24csp244707rdh;
        Mon, 18 Dec 2023 18:50:30 -0800 (PST)
X-Google-Smtp-Source: AGHT+IHQfuBVf+yTSdz2LJTzxHTD6cPAq6PoVI9W2geq5huNG3nCW5O9KQdA7nkcR499WzRGdqJo
X-Received: by 2002:a05:6a00:1ad1:b0:6cd:d6c0:d8d0 with SMTP id f17-20020a056a001ad100b006cdd6c0d8d0mr23390280pfv.24.1702954229813;
        Mon, 18 Dec 2023 18:50:29 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1702954229; cv=none;
        d=google.com; s=arc-20160816;
        b=UwnCGG2kH1Pn1vhRIdL52o6DFGt0seMOVEyWSn0Frg18JGsTVR01oMQORoyJ37SdjP
         n0QHLoGIbXVLTvi+g34e7wsIpPRPrDWFmoP/5eWnS4EMVKHcIXUVV4SVhWITeFvrDJE8
         Rn9Iqpf5uN0OIMHT6kQtyDYUVTy40aEar98roJ+7e2kw4DN/yArcJyxaSPAWhQwlYjRe
         V6nihqJj1/Fw9hHL3rdnHiO52DODzBq4j4M+mjt5POdhlokQnjUoCPF67N5v1Pr5enKs
         OLACBmXbs80AxY72IbW/mDABTEE+Pr5RuCTHEDDcYWfik+JLQcMVWuqaom3JdRvEzRrk
         Ad9Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:in-reply-to:date
         :subject:cc:to:from:message-id:dkim-signature;
        bh=fx4Vq1IRsoxvEZorGn+e25uwOhwhE3vurKzrsuuY8xE=;
        fh=KOBm+RVWGa5IGbyIIZbgWSLWhZqxMkUNFW5/rXvn0Bk=;
        b=QbnboAp1W8V2VJLJbSVYZcQut3i8H+uZRtq1Qj5VjORPuUJ20wsjqLyLrBdDgP/7HE
         9jjmpifutCrjeFywGAowllGMfJ4ta+hyQ8AiYmxmnnLGtVvUci4c8k6O2IPBGpIIR+DT
         AO/dz2snb5Lv2NnBC6GxdYGBgGSplsZ/Ql6WtLyyAEOUGgqP6kgtU/e7ke86HYtbhM2Y
         ApdrcOa9pK2LHxEPgDYlOqv7/9mSCFSVEeqloNg4+nMkccTZOvsAemGDTkuJs3m73DQj
         Wsl4rJOJUROiqh4r8dyVydFNwHfg1+ZJE118H6xtXWvOu/N9B61ZxahcaVfQFezatBMF
         bSug==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@qq.com header.s=s201512 header.b=AdBz5rUb;
       spf=pass (google.com: domain of linux-kernel+bounces-4616-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-4616-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=qq.com
Return-Path: <linux-kernel+bounces-4616-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161])
        by mx.google.com with ESMTPS id i7-20020a63e907000000b005897813624fsi18361542pgh.476.2023.12.18.18.50.29
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 18 Dec 2023 18:50:29 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-4616-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@qq.com header.s=s201512 header.b=AdBz5rUb;
       spf=pass (google.com: domain of linux-kernel+bounces-4616-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-4616-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=qq.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sy.mirrors.kernel.org (Postfix) with ESMTPS id D108EB22F19
	for <linux.lists.archive@gmail.com>; Tue, 19 Dec 2023 02:50:27 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id B725F79C2;
	Tue, 19 Dec 2023 02:50:22 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=qq.com header.i=@qq.com header.b="AdBz5rUb"
X-Original-To: linux-kernel@vger.kernel.org
Received: from out203-205-251-60.mail.qq.com (out203-205-251-60.mail.qq.com [203.205.251.60])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id B16806FB4
	for <linux-kernel@vger.kernel.org>; Tue, 19 Dec 2023 02:50:19 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=qq.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=qq.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qq.com; s=s201512;
	t=1702954211; bh=fx4Vq1IRsoxvEZorGn+e25uwOhwhE3vurKzrsuuY8xE=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=AdBz5rUbq9xM0IhO7sJc5Po8qLSkPYx1sCtUwk3K3LPHeH+jjlGhhXW9QONPWqvE1
	 GSONWVgqi1pNG7HmIbWGfpJx9dewCB8odYa8GqHrUj909gZmvW0Kc4HVUDLIEkls7J
	 avR4quLD9OKzfAItEtabrqn4fSzmA7Nk+EJvmuNA=
Received: from pek-lxu-l1.wrs.com ([111.198.225.215])
	by newxmesmtplogicsvrszb9-1.qq.com (NewEsmtp) with SMTP
	id B08AA66F; Tue, 19 Dec 2023 10:44:08 +0800
X-QQ-mid: xmsmtpt1702953848td32815ne
Message-ID: <tencent_6AF1DDEC19024FA58DF5A59C8D8D1263DD07@qq.com>
X-QQ-XMAILINFO: OQhZ3T0tjf0aO645nJ9CGVGCZ0peyCcOfUaHu+z1G2hkBfNYqSB4zFQ9uaT41o
	 B4s03/R4AYmnwsEKje1NuFoJJG8jhBb19IL7bRP0qWh/lNZ4M3Y8+zU4je5rrUig0SoUK0HkZNIX
	 L1fhIoaxrT5k8XUrneEZ8TAmwf/BWhOX71sguovwvk/ne2Aue5Xx6tDO9OT6rzB7gZXym7AY/vGy
	 KJjINiVyU5uZix2ztbfoA/qY7IaVmS85CWkfg71GJfcKPCSUd7YDJg3/Ll7vpYquEYXIue+4lihg
	 FSPC176NsC93z9uOrpJfw2KsClW8YA1R9XRofRz1c8QW0gU5yG7xBymZFaVJlFiMG73pQrdPMNRe
	 YDheZfGZVLJ8rHRwJ9J8J+gNMnDgiFHZEh+sVv4Wf8F9RJyFCxbIAJECEW8ilIBkBddZovbR8N0L
	 btC25yPyo2UFFRBbV/J6P23LJ51gVvDwHPMqCTNp9O2Ro7+RIwEmozNaBI55tQwl1K6DRxj4bJqw
	 k9Jxpz00BuLda1ZspE1PY0vxvTpPg5PoS8D0k8vj/MX4MmTV/b5yZMsGZgrkDFCZrvsyhkmqJzg9
	 xvYWCnvcPDGem5oUh5t9TGGj1At6t55I4Zq/oDDrE9WPeuJU+6/SGzf/8XZ00CEp4YyS3ir03MI5
	 rzKDbQbm8+UonNchLUz5A2dgjtriC6AirnyIPGyQ7rCE2mo2Ea3DIAaio8XwlHj05be/YdAas+O8
	 6RLOf2HqQxp029C1w/Kx7QteTTo8v0d4uEHA2mVboEpr2Smda3gjLC1KZUXbrbhTpx5p85Dx90zI
	 DsSKoTNkEOHUOLzKnttksWkiz1fDO1+Wi2WSeZfmQpaZsBQlJssw5b9ArPuPp5TG5jh0rgyjeOMB
	 GtJgVBPN/qanC+zyXMoQ3ItSqyddKjdWg9ZPaVEz2yDsL1jjCZuNw=
X-QQ-XMRINFO: M/715EihBoGSf6IYSX1iLFg=
From: Edward Adam Davis <eadavis@qq.com>
To: syzbot+33f23b49ac24f986c9e8@syzkaller.appspotmail.com
Cc: linux-kernel@vger.kernel.org,
	syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [btrfs?] KASAN: slab-out-of-bounds Read in getname_kernel (2)
Date: Tue, 19 Dec 2023 10:44:09 +0800
X-OQ-MSGID: <20231219024408.1603815-2-eadavis@qq.com>
X-Mailer: git-send-email 2.42.0
In-Reply-To: <000000000000d1a1d1060cc9c5e7@google.com>
References: <000000000000d1a1d1060cc9c5e7@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

please test slab-out-of-bounds Read in getname_kernel

#syz test https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 3bd7d7488169

diff --git a/fs/btrfs/dev-replace.c b/fs/btrfs/dev-replace.c
index f9544fda38e9..b7e8392d34dc 100644
--- a/fs/btrfs/dev-replace.c
+++ b/fs/btrfs/dev-replace.c
@@ -741,7 +741,8 @@ int btrfs_dev_replace_by_ioctl(struct btrfs_fs_info *fs_info,
 	}
 
 	if ((args->start.srcdevid == 0 && args->start.srcdev_name[0] == '\0') ||
-	    args->start.tgtdev_name[0] == '\0')
+	    args->start.tgtdev_name[0] == '\0' ||
+	    args->start.tgtdev_name[0] == '')
 		return -EINVAL;
 
 	ret = btrfs_dev_replace_start(fs_info, args->start.tgtdev_name,