Received: by 2002:a05:7412:8598:b0:f9:33c2:5753 with SMTP id n24csp381435rdh; Tue, 19 Dec 2023 01:32:17 -0800 (PST) X-Google-Smtp-Source: AGHT+IGtqd/lUuipn2lLYsUHDttR/EWQZFYWGjAnObRv7SDGy965vbJxYXpqwV6/GJDdDHf3vh1Z X-Received: by 2002:ae9:f512:0:b0:77f:604b:b269 with SMTP id o18-20020ae9f512000000b0077f604bb269mr15764365qkg.156.1702978336880; Tue, 19 Dec 2023 01:32:16 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702978336; cv=none; d=google.com; s=arc-20160816; b=cQSwdc2GSL23qCDTKwfpmg6y7I8DfR8tTaPoB+8lg/ucWD7cDALFN7Phvsb1pBUIRG Xhsepn89nlLjS25i27fBJnoDcy05muADm8Pd1bRh+UsdV6OLrJUc2BDBVzQERSDAfLtG dDVZDYZVQ6F36OB1QHo6wpam+hPuY1rrbFjWhhsLoaeq7NhmvfTzSSlRgbPz0UTqulE+ MwnYuzTT/oJtoUZ67PuXBiH4hCTfW76Kb5Vf0EskR9QwFIQzjgYF54D1agGqwtpLK5Qa nihkHbJ9Vrtfype/mM8wVOlJmzAYgGGuUulK6hhMSPH18D6i5JS9nKhq84DOGn1AMNiu Ue8A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:date :subject:cc:to:from:message-id:dkim-signature; bh=elkpKXS1pqxcZhfNDJmp+MGflnUCTd0/G4iZBGkHaCo=; fh=KOBm+RVWGa5IGbyIIZbgWSLWhZqxMkUNFW5/rXvn0Bk=; b=sC0/OYmlXUQzVa0BuJh5Dr5FXfI3S3GOteyPTO2vzElMh85E+a25UY2E0ebK6exNdU qGWf73umHrFEQLmPCUjN3AZiMBGWNprmllf9yLnKYx9GngN2/oBOzEeo+hVUioWj6hPs 9yHhwOa+p7PdyMKhO+iThNflW8x2Ub5sa067F3ewd6RXYw2eeZRVLSIjCGcw6832y8TC wUlYin8aIE5dG/uIVm7Mx/VFF6ko20hcw+whq3EQcN4zh/qIt7V6doATmfi1U5j3vpCg RXtp279hHsjtI7fxRbo3z0p3LJ50wqzPVtjSCxQfgliNLxXHYlofV06bJSdbX3knguCm Uybg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@qq.com header.s=s201512 header.b=wbbvqYUa; spf=pass (google.com: domain of linux-kernel+bounces-4966-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-4966-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=qq.com Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id g3-20020a05620a40c300b00775787784bfsi27457550qko.67.2023.12.19.01.32.16 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 Dec 2023 01:32:16 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-4966-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@qq.com header.s=s201512 header.b=wbbvqYUa; spf=pass (google.com: domain of linux-kernel+bounces-4966-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-4966-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=qq.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id A030D1C23D84 for ; Tue, 19 Dec 2023 09:32:16 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 508E314003; Tue, 19 Dec 2023 09:32:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=qq.com header.i=@qq.com header.b="wbbvqYUa" X-Original-To: linux-kernel@vger.kernel.org Received: from out203-205-251-66.mail.qq.com (out203-205-251-66.mail.qq.com [203.205.251.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CB9AE14A92 for ; Tue, 19 Dec 2023 09:31:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=qq.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=qq.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qq.com; s=s201512; t=1702978008; bh=elkpKXS1pqxcZhfNDJmp+MGflnUCTd0/G4iZBGkHaCo=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=wbbvqYUazWaZ9CmCGP9dlPlO8O26fHMO53sgcFy2kAlsAAN3d2Cg7+q4/f4H+9sGA 5yQ6YlzC9m+P5YdfUL02NSykgecOPDifJHNBzUQ32nTP603Ar76Ez3U8n1tMdDggHN LPc0JNpqw4Jzd9LC08ShihsHKvirROInSBPvlPuU= Received: from pek-lxu-l1.wrs.com ([111.198.225.215]) by newxmesmtplogicsvrsza7-0.qq.com (NewEsmtp) with SMTP id 6AE86075; Tue, 19 Dec 2023 17:26:46 +0800 X-QQ-mid: xmsmtpt1702978006toi2n32kk Message-ID: X-QQ-XMAILINFO: OKkKo7I1HxIer+hWI+RaEvjHLg66dkCGkHYkIx4HgcYr6AhsvKTCuQFy6jjg5N kw3pPgQCZ+hIj6RO0+QG694ghKABHyGjmlTWD42/esNbCjNYG0EuzHq7yLAaFE7gD4ZzD77tmk6b Jeo5Su/UCSSSyJmPx2tXxEHQIo1yLJRLJtA3v0l21FawBt63v+jwQnfv5aJWK++iHA0R4Aia8rCq aNV2m/nVC+Dffb1whJJR7iJBwGDHt8zj3gFEFoNyyhFlujg/JTtThNWTIYKR/WELKckQg3E5p69r mMx03bHTrprWAH4nQ6jSoeMA0eI0RiXj48TSn5ZuCZqCRU+1q9UfHg6K+bioi9eml5botDxN/hYl AJwJoNdqrO8blKXHCbY2SM6zAoz5nA28KcFQu//YOfA2kJMQGMNsU82/Un/IjtWXNy85nwlUnCv5 e7LJfmrwdbH4ylIRkwbXjL+I+3sKRZ+4y8L6gwO6qyPcKWEnP6jjSqsXfoR5g7faM8BUWAFytz6r Prgy2S4inzYq/gaNawz7SAf7yYVERQaNS331ngVM5v9/u4RHSForHAviV17f7eO98OTFmds8BfrQ AapabImiQhG9uS36cEsh/m9rkon5Zn49OqpN2vO3y8AgfiAMRXNzhPQm52tEAyiTIU6+rTZAojVf s7mwcjv1c4kCLhNOhtE6OvvXU/gLqdKK1cOvHBTz+mwDT4ED9/hRPvUX40hlbqxG3LicCaEyPjHO KMDN5azqNbO5IivzbQdKSOQYfJR4tfOPiUCc4JyqcjsFB7tatccg882Pr0FJViOPMGr4pMCVyJg/ zBxNOKvyw8G+YKDD/poDFLwJn5UK6RMxzi4FXDcJ7iGa/b1U0cR7YgMsJODzx2IOezdPIywJ69AW Pf9tncsSiXfPrAPoCbCqO+mEj/BI4g8sKmhEgVXOPXCCR8UUF5XU7VbROwYdQp/KsvbEIHYT5PVV vHmSBMEGG6nH2Ds1a16kV8cGFZ1QkSCZREww/HcnVpOGxwe3tARMtwjNJMrUMP X-QQ-XMRINFO: NI4Ajvh11aEj8Xl/2s1/T8w= From: Edward Adam Davis To: syzbot+33f23b49ac24f986c9e8@syzkaller.appspotmail.com Cc: linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com Subject: Re: [syzbot] [btrfs?] KASAN: slab-out-of-bounds Read in getname_kernel (2) Date: Tue, 19 Dec 2023 17:26:47 +0800 X-OQ-MSGID: <20231219092646.2015274-2-eadavis@qq.com> X-Mailer: git-send-email 2.42.0 In-Reply-To: <000000000000d1a1d1060cc9c5e7@google.com> References: <000000000000d1a1d1060cc9c5e7@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit please test slab-out-of-bounds Read in getname_kernel #syz test https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 3bd7d7488169 diff --git a/mm/util.c b/mm/util.c index 744b4d7e3fae..2581d687df87 100644 --- a/mm/util.c +++ b/mm/util.c @@ -194,7 +194,7 @@ void *memdup_user(const void __user *src, size_t len) { void *p; - p = kmalloc_track_caller(len, GFP_USER | __GFP_NOWARN); + p = kmalloc_track_caller(len, GFP_USER | __GFP_NOWARN | __GFP_ZERO); if (!p) return ERR_PTR(-ENOMEM); diff --git a/fs/btrfs/dev-replace.c b/fs/btrfs/dev-replace.c index f9544fda38e9..8318f6a21b3d 100644 --- a/fs/btrfs/dev-replace.c +++ b/fs/btrfs/dev-replace.c @@ -730,7 +730,7 @@ static int btrfs_dev_replace_start(struct btrfs_fs_info *fs_info, int btrfs_dev_replace_by_ioctl(struct btrfs_fs_info *fs_info, struct btrfs_ioctl_dev_replace_args *args) { - int ret; + int ret, len; switch (args->start.cont_reading_from_srcdev_mode) { case BTRFS_IOCTL_DEV_REPLACE_CONT_READING_FROM_SRCDEV_MODE_ALWAYS: @@ -740,8 +740,11 @@ int btrfs_dev_replace_by_ioctl(struct btrfs_fs_info *fs_info, return -EINVAL; } + len = strnlen(args->start.tgtdev_name, BTRFS_DEVICE_PATH_NAME_MAX + 1); + printk("l: %d, >%s<, %s\n", len, args->start.tgtdev_name, __func__); if ((args->start.srcdevid == 0 && args->start.srcdev_name[0] == '\0') || - args->start.tgtdev_name[0] == '\0') + args->start.tgtdev_name[0] == '\0' || + len == BTRFS_DEVICE_PATH_NAME_MAX + 1) return -EINVAL; ret = btrfs_dev_replace_start(fs_info, args->start.tgtdev_name,