Received: by 2002:a05:7412:8d09:b0:fa:4c10:6cad with SMTP id bj9csp147666rdb;
        Mon, 15 Jan 2024 15:59:06 -0800 (PST)
X-Google-Smtp-Source: AGHT+IGF51aSBXPHCyFYva8GP5vSrAJNzgl+CIE72TnT2IAIGbnMrTCqtxuthQC6rEwFxRmZjF/7
X-Received: by 2002:a17:906:b788:b0:a28:cbe3:3bdd with SMTP id dt8-20020a170906b78800b00a28cbe33bddmr3004644ejb.115.1705363146440;
        Mon, 15 Jan 2024 15:59:06 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1705363146; cv=none;
        d=google.com; s=arc-20160816;
        b=f6xJ7k5MmnNNvy2ngp7AdT0Eazsjb2kfV2BOBIzlMyUPDtKVBgtLkkga9HitFRtg2V
         TNnvP5/MnavOjeFpUwp6q08pnnFkgb2x+qWfOCs5VinoauwDUVm7CVOB3HQyCaSzFkJY
         L7uQpdzphsXJOJF0RwxiHJqe2dyIuEItABD4LVJxvepudUazENJUlwcTQ4qAqi3zhed+
         S/o+Xvy+GUgH4kBWhipFatV6Rl2tXFyAWPJsk14gUhXxerRysdpbGiDdTyeyw91Ep60Q
         OGSq6RLV98IdiltQh+JmKiezfuXmMg4PdUQwZuq7JtD4tH0TuxnD6LH8P0izMS0lildL
         FzXg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:in-reply-to:date
         :subject:cc:to:from:message-id:dkim-signature;
        bh=Jb5O5MGflDvcfNpuHjcT/KRKcHZFWEHaF82bFDCdDv8=;
        fh=KOBm+RVWGa5IGbyIIZbgWSLWhZqxMkUNFW5/rXvn0Bk=;
        b=w+wfyjSAXlDtfA66G9I4pZlQ8qjusqn5egcR+ApAoLbrfcy+d6ZIOvWTQ1g5ajSnS+
         lUG4BAul+y2fTo8Etgyqdd/bntf76R1axGBdY6Jbsis4iB6arYvN6q4tBKmwFaM/7hMX
         Yl1Ulr80/ZXUibN+41RPqSUn06zmy5QP6gM9QNKRMt7IrWar5FLgHP0pGLvN5r10CFlq
         SUwlOZ519k5Pd38dy4mJbV+2yE7VeWA1dypwGBCYqdLODrnrHJnYJA2BEiNp0qcWql8H
         e4TAkRVLSBLXhyMwexojF5gO+wh3gKv5E3x/JMDQE5sKEUNAMJo7yXTPcQWKIyVTpxPp
         UPhQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@qq.com header.s=s201512 header.b=raE6CprY;
       spf=pass (google.com: domain of linux-kernel+bounces-26609-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-26609-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=qq.com
Return-Path: <linux-kernel+bounces-26609-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249])
        by mx.google.com with ESMTPS id a24-20020a17090640d800b00a2de58581e6si1125073ejk.926.2024.01.15.15.59.06
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 15 Jan 2024 15:59:06 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-26609-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@qq.com header.s=s201512 header.b=raE6CprY;
       spf=pass (google.com: domain of linux-kernel+bounces-26609-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-26609-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=qq.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by am.mirrors.kernel.org (Postfix) with ESMTPS id 06C151F220F7
	for <linux.lists.archive@gmail.com>; Mon, 15 Jan 2024 23:59:06 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 8B74C1B7F2;
	Mon, 15 Jan 2024 23:58:57 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=qq.com header.i=@qq.com header.b="raE6CprY"
Received: from out162-62-58-216.mail.qq.com (out162-62-58-216.mail.qq.com [162.62.58.216])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 582EB1B7E2
	for <linux-kernel@vger.kernel.org>; Mon, 15 Jan 2024 23:58:53 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=qq.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=qq.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qq.com; s=s201512;
	t=1705363130; bh=Jb5O5MGflDvcfNpuHjcT/KRKcHZFWEHaF82bFDCdDv8=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=raE6CprYuUxJ4VIpfSw4/181rOJeAM6Ph0hNKtB4IEjDYFBMO+gAoJ8ya8W24L1vZ
	 JqpIx61zxw8z3E5bNR5zKkQkAMXr2u4n1B/YVntxjs1kHdXmSbSlPBvgvEPt1Pdytr
	 R9wj9+9s0L2SXbBF3Luru69+rUuT0xeb0mXKKPzI=
Received: from pek-lxu-l1.wrs.com ([111.198.225.215])
	by newxmesmtplogicsvrsza1-0.qq.com (NewEsmtp) with SMTP
	id EAE816B1; Tue, 16 Jan 2024 07:58:46 +0800
X-QQ-mid: xmsmtpt1705363126tvwdgz4i9
Message-ID: <tencent_6C6006C093630366C97083A2C44897777705@qq.com>
X-QQ-XMAILINFO: OZZSS56D9fAjvwR1Hog5YpqyMwOCXzzfnsG9Rl6NX6g67J+7lG2za6gFQtCsLC
	 MTNRNzQqhlfJLt6wrkiw83QMoU+gpXEykf3LipgCpi9/fllztdXgEmRve/xHTb0kdJMGfpbMii3Y
	 BOFic0Jygqu/BdJEeU2qH0NFqFD9Yfykp+auV0kCuq3EKBT6oAd3WEbJ+dJsMyF85QthXoXg5s8s
	 b1XtRG0UtTwkY7EQnA6oZUQlDCnVmp/YNmC8+JFQ94i78X6HQXyppr443No5pK0BRTBvaq+JuZqJ
	 7OuX+ohvD33hQB82VKQfmp/MNovi8zqY8jmy4xvBmcU534jwV9Am3oTvAo+EOKAIA/Wdxo+3llpv
	 77GvJUxC8A9b+tG6c1EjxSzEc8QKV5YHzXaHp7GVgDGAWSM8iwDgroq9VMqQxO8cf5tYG1eqiVCM
	 iuQKL+dvf0Hr4Je/MqHTeth7pilf02Lo+rmnL3YkQfYD1Otrw+n1G1Spb15f8dIZTRCYra9ebnS1
	 F41HhtuO4MVpFmFQsKYEJ6L/3GsD56epkYg1vlQfRL1CxvMxv8IfDPS/E8pOG2oRM+en/+li7j6M
	 j7tJoq08DPOTd6bS74uDDCxcI1S5W7807FsHlsM1SdsoDbGVW+1q6bsMzReOPBstfFp+NrhzA4ih
	 0+VLhOVbEWteRHQDIws/crmoY17Hwb7S8v5xRchEMIJ86+8v2Qi8mABzktAuUfn/MPa6BkZk49cl
	 XB7myc31LCBRkiTrjk7nCUcq6B0U4kkFT+a1+nfN51oN7O1jrZ253eUz1nkU0fOjTtbt3MxS1z1O
	 jxfZi4qdkYRRvPzQP5IIcyRGnjet/CIycN0vyw37tixP7ZQAeRhhBbP4yJlypj+CteW3T1DxaPWW
	 cHm4PoY/9qsWwbyUjspT0zOhfeaN9AVvRMXfB00spgdB7pNFXyFsonWBMyIgH+4uvnz8E0a8Olq0
	 y7Y01tiboOhroExEkJFGAkurcde+KmwBbTjmomJK0=
X-QQ-XMRINFO: OD9hHCdaPRBwq3WW+NvGbIU=
From: Edward Adam Davis <eadavis@qq.com>
To: syzbot+33f23b49ac24f986c9e8@syzkaller.appspotmail.com
Cc: linux-kernel@vger.kernel.org,
	syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [btrfs?] KASAN: slab-out-of-bounds Read in getname_kernel (2)
Date: Tue, 16 Jan 2024 07:58:47 +0800
X-OQ-MSGID: <20240115235846.4186025-2-eadavis@qq.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <000000000000d1a1d1060cc9c5e7@google.com>
References: <000000000000d1a1d1060cc9c5e7@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

please test slab-out-of-bounds Read in getname_kernel

#syz test https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 3bd7d7488169

diff --git a/fs/btrfs/dev-replace.c b/fs/btrfs/dev-replace.c
index 1502d664c892..7a1d3c7a895b 100644
--- a/fs/btrfs/dev-replace.c
+++ b/fs/btrfs/dev-replace.c
@@ -741,6 +741,7 @@ int btrfs_dev_replace_by_ioctl(struct btrfs_fs_info *fs_info,
 	if ((args->start.srcdevid == 0 && args->start.srcdev_name[0] == '\0') ||
 	    args->start.tgtdev_name[0] == '\0')
 		return -EINVAL;
+	args->start.tgtdev_name[BTRFS_PATH_NAME_MAX] = '\0';
 
 	ret = btrfs_dev_replace_start(fs_info, args->start.tgtdev_name,
 					args->start.srcdevid,