lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 24 Nov 2023 18:46:53 -0800
From:   syzbot <syzbot+c5b339d16ffa61fd512d@...kaller.appspotmail.com>
To:     linux-kernel@...r.kernel.org
Subject: Re: [syzbot] [ntfs3?] WARNING in indx_insert_into_buffer

For archival purposes, forwarding an incoming command email to
linux-kernel@...r.kernel.org.

***

Subject: [ntfs3?] WARNING in indx_insert_into_buffer
Author: eadavis@...com

please test WARNING in indx_insert_into_buffer

#syz test https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 037266a5f723

diff --git a/fs/ntfs3/index.c b/fs/ntfs3/index.c
index cf92b2433f7a..67c27e6ce497 100644
--- a/fs/ntfs3/index.c
+++ b/fs/ntfs3/index.c
@@ -1816,6 +1816,9 @@ indx_insert_into_buffer(struct ntfs_index *indx, struct ntfs_inode *ni,
 	 * - Insert sp into parent buffer (or root)
 	 * - Make sp a parent for new buffer
 	 */
+	printk("l: %d, u1: %d, t: %d, do: %d\n", 
+		level, le32_to_cpu(hdr1->used), le32_to_cpu(hdr1->total), 
+		le32_to_cpu(hdr1->de_off));
 	sp = hdr_find_split(hdr1);
 	if (!sp)
 		return -EINVAL;
@@ -1833,6 +1836,8 @@ indx_insert_into_buffer(struct ntfs_index *indx, struct ntfs_inode *ni,
 		goto out;
 	}
 
+	printk("l: %d, u1: %d, sps: %d, t: %d, do: %d\n", 
+		level, used1, sp_size, le32_to_cpu(hdr1->total), le32_to_cpu(hdr1->de_off));
 	if (!hdr1->flags) {
 		up_e->flags |= NTFS_IE_HAS_SUBNODES;
 		up_e->size = cpu_to_le16(sp_size + sizeof(u64));
@@ -1895,6 +1900,8 @@ indx_insert_into_buffer(struct ntfs_index *indx, struct ntfs_inode *ni,
 	if (!level) {
 		/* Insert in root. */
 		err = indx_insert_into_root(indx, ni, up_e, NULL, ctx, fnd, 0);
+		//if (err == -ENOMEM)
+		//	goto out;
 	} else {
 		/*
 		 * The target buffer's parent is another index buffer.
@@ -1909,6 +1916,8 @@ indx_insert_into_buffer(struct ntfs_index *indx, struct ntfs_inode *ni,
 		 * Undo critical operations.
 		 */
 		indx_mark_free(indx, ni, new_vbn >> indx->idx2vbn_bits);
+		printk("%d, u1: %d, sps: %d, t: %d, do: %d\n", 
+		level, used1, sp_size, le32_to_cpu(hdr1->total), le32_to_cpu(hdr1->de_off));
 		memcpy(hdr1, hdr1_saved, used1);
 		indx_write(indx, ni, n1, 0);
 	}
diff --git a/fs/ntfs3/ntfs.h b/fs/ntfs3/ntfs.h
index 86aecbb01a92..67d0fd8f5b7d 100644
--- a/fs/ntfs3/ntfs.h
+++ b/fs/ntfs3/ntfs.h
@@ -759,7 +759,7 @@ static inline bool hdr_has_subnode(const struct INDEX_HDR *hdr)
 struct INDEX_BUFFER {
 	struct NTFS_RECORD_HEADER rhdr; // 'INDX'
 	__le64 vbn; // 0x10: vcn if index >= cluster or vsn id index < cluster
-	struct INDEX_HDR ihdr; // 0x18:
+	DECLARE_FLEX_ARRAY(struct INDEX_HDR, ihdr); // 0x18:
 };
 
 static_assert(sizeof(struct INDEX_BUFFER) == 0x28);

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ