Re: [syzbot] general protection fault in ntfs_update_mftmirr

[Pavel Skripkin]

On 4/21/22 11:17, syzbot wrote:
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit:    b253435746d9 Merge tag 'xtensa-20220416' of https://github..
> git tree:       upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=11588ba2f00000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=4cdc9619f45633df
> dashboard link: https://syzkaller.appspot.com/bug?extid=c95173762127ad76a824
> compiler:       Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=175b13c0f00000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=1502f854f00000
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+c95173762127ad76a824@xxxxxxxxxxxxxxxxxxxxxxxxx

If ntfs_fill_super wasn't called then sbi->sb is NULL.

#syz test:
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master





With regards,
Pavel Skripkin
diff --git a/fs/ntfs3/fsntfs.c b/fs/ntfs3/fsntfs.c
index 3de5700a9b83..891125ca6848 100644
--- a/fs/ntfs3/fsntfs.c
+++ b/fs/ntfs3/fsntfs.c
@@ -831,10 +831,15 @@ int ntfs_update_mftmirr(struct ntfs_sb_info *sbi, int wait)
 {
 	int err;
 	struct super_block *sb = sbi->sb;
-	u32 blocksize = sb->s_blocksize;
+	u32 blocksize;
 	sector_t block1, block2;
 	u32 bytes;
 
+	if (!sb)
+		return -EINVAL;
+
+	blocksize = sb->s_blocksize;
+
 	if (!(sbi->flags & NTFS_FLAGS_MFTMIRR))
 		return 0;

Attachment: OpenPGP_signature
Description: OpenPGP digital signature