Re: [syzbot] kernel BUG in ntfs_read_inode_mount

From: Pavel Skripkin
Date: Mon Jan 17 2022 - 14:02:24 EST

Next message: Pavel Skripkin: "Re: [syzbot] kernel BUG in ntfs_read_inode_mount"
Previous message: kernel test robot: "[ammarfaizi2-block:dhowells/linux-fs/netfs-lib 20/24] fs/fscache/stats.c:100: undefined reference to `netfs_stats_show'"
In reply to: syzbot: "[syzbot] kernel BUG in ntfs_read_inode_mount"
Next in thread: Pavel Skripkin: "Re: [syzbot] kernel BUG in ntfs_read_inode_mount"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 1/17/22 13:09, syzbot wrote:

Hello,

syzbot found the following issue on:

HEAD commit: d0a231f01e5b Merge tag 'pci-v5.17-changes' of git://git.ke..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=11f83837b00000
kernel config: https://syzkaller.appspot.com/x/.config?x=986ed422f1741853
dashboard link: https://syzkaller.appspot.com/bug?extid=3c765c5248797356edaa
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2

Unfortunately, I don't have any reproducer for this issue yet.

Sad :(

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+3c765c5248797356edaa@xxxxxxxxxxxxxxxxxxxxxxxxx

__ntfs_malloc() calls BUG_ON() in case of requested size is equal to zero. Seems like syzbot has once again crafted malicious fs image that has attr_list_size == 0

Just for thoughts

With regards,
Pavel Skripkin

Next message: Pavel Skripkin: "Re: [syzbot] kernel BUG in ntfs_read_inode_mount"
Previous message: kernel test robot: "[ammarfaizi2-block:dhowells/linux-fs/netfs-lib 20/24] fs/fscache/stats.c:100: undefined reference to `netfs_stats_show'"
In reply to: syzbot: "[syzbot] kernel BUG in ntfs_read_inode_mount"
Next in thread: Pavel Skripkin: "Re: [syzbot] kernel BUG in ntfs_read_inode_mount"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]