On Sun, Mar 22, 2020 at 11:11:06PM +0100, Jean Delvare wrote: > Definitely not correct. The first byte of the block data array MUST be > the size of the block read. Even if the code above does not do the > right thing, removing the line will not help. > Yeah. I misread the code. > Is it possible that kasan got this wrong due to the convoluted logic? > It's late and I'll check again tomorrow morning but the code looks OK > to me. KASan doesn't work like that. It works at runtime and doesn't care about the logic. https://syzkaller.appspot.com/bug?id=426fc8b1c1b63fb0af524d839dfcf452f2d858e2 At the bottom of the report it shows that we're in a field of f9 poisoned data so it's not priv->len which is wrong. (My patch was way off). mm/kasan/kasan.h:#define KASAN_VMALLOC_INVALID 0xF9 /* unallocated space in vmapped page */ The logic looks okay to me too. So possibly this was a race condition or even memory corruption in an unrelated part of the kernel. regards, dan carpenter
