Received: by 2002:a05:7412:e794:b0:fa:551:50a7 with SMTP id o20csp130002rdd;
        Mon, 8 Jan 2024 21:41:02 -0800 (PST)
X-Google-Smtp-Source: AGHT+IFgkN5cA2HvN9wcT49BiddfTYFAj/LjkL1ZPA+Ralwn3pe50lRbmmwyw7AVcwC70DcuB9Y/
X-Received: by 2002:a05:6214:234e:b0:680:c74d:1c5c with SMTP id hu14-20020a056214234e00b00680c74d1c5cmr5163862qvb.59.1704778862357;
        Mon, 08 Jan 2024 21:41:02 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1704778862; cv=none;
        d=google.com; s=arc-20160816;
        b=ZK67HnQidSGXJz1NNvbUPVKeOrxPN+TzrCVFHZKIdB3CzquaGhN7j/La/bm9/4qoTL
         FYlwfVWbqzQMf935w1ToCAPZipYkmg2yXgRB/H2OTxqi4GUckCEoUT8Bqk//YVlVKL+X
         qw3i2Ov0pk0NnX8eTaHRboudtYL0sKavrPER5faYGxHHgtNR1uxKCbmznWi2SRatGSe8
         j6gcUUgRGZOcOy3kU/kq0uuAkxA0tOLvOAxl9nNaRU0hNryji2sfguu4RvrrbAJ36q3p
         FGITFwgmwB/JIMCWB6HMtRnDWnN2jdH5VV5tJ5pbp70dsSCNi7HzjFXZdJ6uS/GN1z6D
         80aQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:in-reply-to:date
         :subject:cc:to:from:message-id:dkim-signature;
        bh=gJh5yin306KBoz/bFQCRnrcKDcw76xEERZMrtRO7bn0=;
        fh=R6ET1Fft5aLllXmCHvN88ub8vCEH6yWS6bbuMPvFDHw=;
        b=a8462q6B3Cowh68PAYXZraZoQwRBFDKonirGvduoMGvUz5eX1tc8SMz2i/kQBNas/Q
         LVC0h+mpPuOCKTSiLvzJYvz3W8PBkstaxNdaJbiAcBWRhX/pmMT2ciAChEVv0OjL71s8
         Wj0I/qqpY7VKxSIqdMsF/U46hFDkuqUsJwAAH3P9suAOrzGXgepo+2tve9HoKXxXSpXO
         cxEfJVgCgpENhpxV4zDgq0WXKJxXLVrkAiKAlAcFTC3OWov+8RzopefUKJQd/Ds/L9WT
         Q4TdEbjhiQYtzDh/EFaoys4ko9qzjedyUPtLZrquCVNvKA7W9jonyGEnBqGxse5SJ+p+
         FqJA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@qq.com header.s=s201512 header.b=CquAayhZ;
       spf=pass (google.com: domain of linux-kernel+bounces-20410-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-20410-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=qq.com
Return-Path: <linux-kernel+bounces-20410-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223])
        by mx.google.com with ESMTPS id p15-20020a0c8c8f000000b0067aa7c0f61csi1486296qvb.359.2024.01.08.21.41.02
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 08 Jan 2024 21:41:02 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-20410-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@qq.com header.s=s201512 header.b=CquAayhZ;
       spf=pass (google.com: domain of linux-kernel+bounces-20410-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-20410-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=qq.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ny.mirrors.kernel.org (Postfix) with ESMTPS id 21BD41C23593
	for <linux.lists.archive@gmail.com>; Tue,  9 Jan 2024 05:41:02 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 9589120F0;
	Tue,  9 Jan 2024 05:40:56 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=qq.com header.i=@qq.com header.b="CquAayhZ"
Received: from out203-205-221-149.mail.qq.com (out203-205-221-149.mail.qq.com [203.205.221.149])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 64046EB8
	for <linux-kernel@vger.kernel.org>; Tue,  9 Jan 2024 05:40:52 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=qq.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=qq.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qq.com; s=s201512;
	t=1704778850; bh=gJh5yin306KBoz/bFQCRnrcKDcw76xEERZMrtRO7bn0=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=CquAayhZLmaY6iLYygVwYzObPrx6XM6t4xHyESDPR0wGyznXHwNhrSv+yfu4wEs1q
	 A3tehJgry9dKdAK9zZlH/whRrCZBGi4WzuoWi/i7PnfQKbgk6KlOeTbqCeN7b0q/Lf
	 hSFQRMPKChUP2fVMINidp8ERfXF8feXsR6VT8mIU=
Received: from pek-lxu-l1.wrs.com ([111.198.225.215])
	by newxmesmtplogicsvrszb6-0.qq.com (NewEsmtp) with SMTP
	id 8AF96472; Tue, 09 Jan 2024 13:34:47 +0800
X-QQ-mid: xmsmtpt1704778487timnr9dol
Message-ID: <tencent_0A35775D67883DED3600968C369A4A207409@qq.com>
X-QQ-XMAILINFO: OZZSS56D9fAjvwR1Hog5YppyTRZuz+8R+CGNZSQR1PidRmQMGAvlgDs0Cb2H8d
	 /ljY7rwIym4oGgjpolJ70jbg3jf1VLHsGFEIm8yznJrUF+jjjmSQ0sv6JRnaaoYwLWhkcmM4MWW0
	 VvVn+YpNiwtITUU5Q52oEz+CL/3ed8LoNX+ZjnwhHlprACHXSMr5xbMJqcZNdhx96y4y5o0xc0hE
	 +JS5k1L2182lYdv+Y/u2HPWOQ8OT7Zvp6ZJyprdZXi/SOdOpS471NXvjLm28Och8GPahibEv0+nT
	 6qNaljuUeZgMDP/YyetxxpSxeFWtjMgyvRdKZuysRO+CEWAW83QJIN8RU1tgowYtRLP9xFksb4PJ
	 RNsMuTUO47Vy3VM+bZRn+hXBbT4FeqWv9GPQ+PH2vzCcGRwYtzslZCa0Qc7RV0vo5qwfWziEjgR2
	 RdFZMuEPz4iIHPBn1P2ZJDUADG8cT9PnuPPL/bnL8fj0BXF3DdsWTx+aRPdZpE40eIehqpiyxD+y
	 NXMC/cImLVXhV4qvBGrO3Z4sqYdVtyaGTkW6sluVk6zK37DfhOK/8ZV6QeaW5aPYnJnDXliTTzSi
	 Q97lWFu6NKIk2TX2ia7Zv3FHT6flHrNLXamYL5eitrjo1CGzXFO3A8YrSL4m0+kQhB81vyil27e4
	 I8ofV4FhTlaJwf/QInC5cj61znKwYqWKARC6mJAAhuuba1mIUhZ5qmIOAXSI25WBIOvIZam/Eb9a
	 fj9ANtFAUc1lIT0KXbrbLmkm9T8dtmPJkjnxQ42s2Tw1CbcxVAD8h3GVZJvyJwqklzJeDi9R+0ev
	 Pi/R1Bbi3nJVD0bDrRlbQtBe4APrCtbE3scWv62Hn8/LB9R8FySsLxd0J5m6Y8711DC1Rl5oj+8Z
	 MElsKa+QCKjiXFEbM8r6GQBs5HAjL3DM5lQv1fH7QsR8d5xDKbkeeA5OrMJPJVGw==
X-QQ-XMRINFO: NI4Ajvh11aEj8Xl/2s1/T8w=
From: Edward Adam Davis <eadavis@qq.com>
To: syzbot+f2977222e0e95cec15c8@syzkaller.appspotmail.com
Cc: linux-kernel@vger.kernel.org,
	syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [bpf?] [net?] WARNING in __sk_msg_free
Date: Tue,  9 Jan 2024 13:34:48 +0800
X-OQ-MSGID: <20240109053447.297284-2-eadavis@qq.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <000000000000aa2f41060e363b2b@google.com>
References: <000000000000aa2f41060e363b2b@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

please test WARNING in __sk_msg_free

#syz test https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master

diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index e37b4d2e2acd..68dbe821f61d 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -1016,6 +1016,8 @@ static int tls_sw_sendmsg_locked(struct sock *sk, struct msghdr *msg,
 
 		msg_pl = &rec->msg_plaintext;
 		msg_en = &rec->msg_encrypted;
+		if (msg_pl->sg.end >= MAX_MSG_FRAGS)
+			return -EINVAL;
 
 		orig_size = msg_pl->sg.size;
 		full_record = false;