Received: by 2002:ab2:7903:0:b0:1fb:b500:807b with SMTP id a3csp376067lqj; Sun, 2 Jun 2024 02:35:07 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCXuK+JRkjWNkTTzXdXw/gujjTDTE9M5K1OSoHWTEpkvQ2haKLHM0rx4pgVsfOQMPhuXESTZJ1jnCgqO0nU842Jod3HdBLMKWMEmASXVSg== X-Google-Smtp-Source: AGHT+IFDp4QkYlAk4afX0IhCewWdlh8U+iUcQe88+6Ngfwd41yb5Mc2MUEnlLjEgZkbJh0EUWz24 X-Received: by 2002:a05:6358:891:b0:192:5b28:1ace with SMTP id e5c5f4694b2df-19b490d3bdemr772828455d.29.1717320907534; Sun, 02 Jun 2024 02:35:07 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1717320907; cv=pass; d=google.com; s=arc-20160816; b=UG7k6vz4O95N1oz9fA5Gv+HjSchAZgseGAGjg/2uYMMVCkj6nYsn/lL5WbPnjXWnfr wy5mmY1KJXcnESmYy3pZ3iJtmP3YwJ5z2JpJq2DNsUF5smTX+0CmIN/yuPMSsI7RBjgs kZxwr31dNgZ/kUycdatlhTxQ/ub9kkGAS614emqinnZI05ksBbk6HIyKPsc13TR6aB0r sAOwWlpZ/mOSIsp4j0/IEyNHOFq1DEHM4LroHw6FQL9pN6sjLUqeo+nmm4BqlREOAbC7 1lKEZRLWhDehcjMmDh2zS4+hBNC7wcOlHBoNtmwu9+GKEs7eXzlQbSygY5hM96BEFXnH 329g== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:date :subject:cc:to:from:message-id:dkim-signature; bh=1eR/ssQy8r6gHuYs6EKlYygeauTKQA7qHnuWA58hTXA=; fh=T+dRCZWYA5AOQKkiXm+tXzdD+yKtJhMA4qYPe/iw6Gk=; b=YYGH7764ooAGAhdodaNrg364oJw8MH5ooSxVVNXlXY22KHRFPTcoLGPNrQ3Dz/aRik LG36zGvdsOLQj4ADPfj/qkj83QbLMBInWt3zFif1Qx3HBMZaLAXsHUplPLj7t/tMTQez HzUjP7neY1tbmGEa87vAQrE3lUr5wRu4fqTeabmwNGXy3XcIBFk6RDN8c8tn6EJUJOYo zKnsYtEsk7zkDN2/RlWulGEs3t9BkihTXp7okuY9OHD7nzq5Y1mODYcGrJcynFQFovXm VlEn9sdQbsWSBv3buCaYJ6wGkHDgMcRMkQ3NEJ/ScEbJO+qd5p9niOAoGD726NQeiTUW 1wCg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@qq.com header.s=s201512 header.b=IbovmvmQ; arc=pass (i=1 spf=pass spfdomain=qq.com dkim=pass dkdomain=qq.com dmarc=pass fromdomain=qq.com); spf=pass (google.com: domain of linux-kernel+bounces-198182-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-198182-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=qq.com Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id 41be03b00d2f7-6c359e0729bsi4534550a12.291.2024.06.02.02.35.06 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 02 Jun 2024 02:35:07 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-198182-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; dkim=pass header.i=@qq.com header.s=s201512 header.b=IbovmvmQ; arc=pass (i=1 spf=pass spfdomain=qq.com dkim=pass dkdomain=qq.com dmarc=pass fromdomain=qq.com); spf=pass (google.com: domain of linux-kernel+bounces-198182-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-198182-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=qq.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 68478B2126B for ; Sun, 2 Jun 2024 09:35:04 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 6FE362B9DD; Sun, 2 Jun 2024 09:34:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=qq.com header.i=@qq.com header.b="IbovmvmQ" Received: from out162-62-58-216.mail.qq.com (out162-62-58-216.mail.qq.com [162.62.58.216]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AEA20374EA for ; Sun, 2 Jun 2024 09:34:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=162.62.58.216 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717320894; cv=none; b=OdHUlq2t6qhM8QwGV9cbKYUBqFYomY9AysDbLntkbyoGxJDRQFKiSTWhILri3T3BIqkL0mAVD3TivdDUycbmCQR5n5EnHwpgCm6XpCmP6OVEYY+BdCfmHYAjYEwiFK91yvlrZLRbV+dPVhVjI/cmopdDeNP2YlbhuWvk2SnKZMQ= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717320894; c=relaxed/simple; bh=DG07kVu5uLEH6rCgib444jqlM+vqDCQhpyzL5KaG49A=; h=Message-ID:From:To:Cc:Subject:Date:In-Reply-To:References: MIME-Version; b=aNXVTnrNfdzLZTqQv3e7xaFu8IyOvhhBU7CM9rvY4rfXbxNUDSrqDMzAIqbedhs3Hy2VriuSR5UdP8l5Rx0IaqtwCI7vrAZAEJcASudM3ICMToR3Bvbnx6wnhEL0/KLP/9g/KP/F+bExF3qJmdxztbhBacDnAu0R1rfMudzQ3Ak= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=qq.com; spf=pass smtp.mailfrom=qq.com; dkim=pass (1024-bit key) header.d=qq.com header.i=@qq.com header.b=IbovmvmQ; arc=none smtp.client-ip=162.62.58.216 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=qq.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=qq.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qq.com; s=s201512; t=1717320880; bh=1eR/ssQy8r6gHuYs6EKlYygeauTKQA7qHnuWA58hTXA=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=IbovmvmQ26KIsyr/hvym0GhvKK7giLtcq2e1HS69PEWtjlVENH2lo8T1a2+ZzgRhP qNgQHYEI8Y44FOZMU2FJs6jzKHAzm+M4vnZ7rTMiAS7kQX06YO7EC/ZTqtEPucKcGT jaaeikoskX4x0SDCvUXDrKzZQ3iLKt5v0jkgQLFw= Received: from pek-lxu-l1.wrs.com ([111.198.228.153]) by newxmesmtplogicsvrszb9-0.qq.com (NewEsmtp) with SMTP id 5943AE37; Sun, 02 Jun 2024 17:22:20 +0800 X-QQ-mid: xmsmtpt1717320140taqnx0a2i Message-ID: X-QQ-XMAILINFO: MgAERLP4sJkUfzd64tplZ5GwFRzfCv0BJcRDVT8fxbNsZuZQqDOCRiYgepdP2G JLl66RoogXXcA3ZnsbvX23tSk2w4nqhuLIkJuq4rbvDXo7UcapWemHti0VP7Li231iOqzCiyy0te E+3liaTV6KWTG5NPtgb1d7dwSt2p7AruImFi7G3rH/SGkp2CyQkoHj3zvum6r4IXPHueF8SAKzoA As0HlGIESubZH/jbvyoPc6SSLCpH/GLm9EXAe7XyTCxShutNjabubqfkyFDmM5VhUVNcpaEBm3r/ 8bqHDLcy8orwyCglbYKx/MRx1LtD0RzhDFRSbJi6LEttWmH+WAghepz1nZjjUTpV0V6m303t0YCp qgqmjyGPqryRlm2x/ciAZtd/uUbPZry+LweB1lCotC0DfZ+JYTFG2b1+7Z4P9KZMGxkYqNKdzlxN u7EgrjR4fiTYRCViA+BMo79yZFKfREp8VJS1i4FwQZkl2pVD1OkJ2D7DpaIk82KNrWBz4lly1PYy 22z9wkBdHxJ22NO1VLexl69uOm6hZppljdYTfuVsBOj+M2LDx81j1xIUXUxy6ee+LZ2wbHR0VBVC 9O3SI2DX2M/Y3sjB6uMIbVSNdDF0NlkYmYpUctmN1d7YeGN8hd9Y/bu7MEXnGo5MGFJL6g1PiGcZ /eINv/K8xERpEwVwdVtk1q3VtcA2mbPEu5xFqg4FuZmHY0RJNJal1vLKSDrcWUvQwFcZPmNkCT3S aH1GJ2WnsIJ7BRVFXBovRAY0LLxPd2JpGVt7X0LhWZmrdM75xelLl+zip/jhsUNKRLnwuiIa1rpX 1W6MRqbv72RG1QfDjvZV64fCPivBLc4ftauR1yzBaTwOefs9aekxWtr0VcgLRoh1cdbEMR8Ra0/b 5dDVAcuWcEa68GSkIB9sDw8kBXxGTPCwF58Dr4WmQi5WJtpvCm4/SvJ4M+AjzA9F7JEMLG6sVgKB QWoUWGW34= X-QQ-XMRINFO: MPJ6Tf5t3I/ycC2BItcBVIA= From: Edward Adam Davis To: syzbot+5d34cc6474499a5ff516@syzkaller.appspotmail.com Cc: linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com Subject: Re: [syzbot] [ntfs3?] KASAN: slab-use-after-free Read in chrdev_open Date: Sun, 2 Jun 2024 17:22:21 +0800 X-OQ-MSGID: <20240602092220.1495349-2-eadavis@qq.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <000000000000f386f90616fea5ef@google.com> References: <000000000000f386f90616fea5ef@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit please test uaf chrdev_open #syz test https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git e33c4963bf53 diff --git a/fs/ntfs3/namei.c b/fs/ntfs3/namei.c index 084d19d78397..293c37171d97 100644 --- a/fs/ntfs3/namei.c +++ b/fs/ntfs3/namei.c @@ -93,7 +93,7 @@ static struct dentry *ntfs_lookup(struct inode *dir, struct dentry *dentry, * If the MFT record of ntfs inode is not a base record, inode->i_op can be NULL. * This causes null pointer dereference in d_splice_alias(). */ - if (!IS_ERR_OR_NULL(inode) && !inode->i_op) { + if (IS_ERR_OR_NULL(inode) || !inode->i_op) { iput(inode); inode = ERR_PTR(-EINVAL); }