lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <68edf095.050a0220.91a22.01fe.GAE@google.com>
Date: Mon, 13 Oct 2025 23:41:25 -0700
From: syzbot <syzbot+3e58a7dc1a8c00243999@...kaller.appspotmail.com>
To: linux-kernel@...r.kernel.org, syzkaller-bugs@...glegroups.com
Subject: Forwarded: [PATCH] ntfs3: initialize run_lock for MFT inode in ntfs_read_mft

For archival purposes, forwarding an incoming command email to
linux-kernel@...r.kernel.org, syzkaller-bugs@...glegroups.com.

***

Subject: [PATCH] ntfs3: initialize run_lock for MFT inode in ntfs_read_mft
Author: kartikey406@...il.com

#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master

The run_lock rwsem was not being initialized for MFT inodes when
accessed outside the initial mount path. This caused lockdep warnings
when operations like truncate tried to acquire the uninitialized lock.

During initial mount (!sb->s_root), the MFT inode's run_lock is
correctly initialized. However, if the MFT inode is accessed later
through the regular S_ISREG path in ntfs_read_mft, the condition
"if (ino != MFT_REC_MFT)" skips initialization, leading to an
uninitialized lock being used.

Remove the MFT check so run_lock is always initialized for regular
files, ensuring the lock is properly initialized in all code paths.

Reported-by: syzbot+3e58a7dc1a8c00243999@...kaller.appspotmail.com
Signed-off-by: Deepanshu Kartikey <kartikey406@...il.com>
---
 fs/ntfs3/inode.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/fs/ntfs3/inode.c b/fs/ntfs3/inode.c
index 3959f23c487a..80d80dfad308 100644
--- a/fs/ntfs3/inode.c
+++ b/fs/ntfs3/inode.c
@@ -461,8 +461,7 @@ static struct inode *ntfs_read_mft(struct inode *inode,
 				       &ntfs_file_operations;
 		inode->i_mapping->a_ops = is_compressed(ni) ? &ntfs_aops_cmpr :
 							      &ntfs_aops;
-		if (ino != MFT_REC_MFT)
-			init_rwsem(&ni->file.run_lock);
+		init_rwsem(&ni->file.run_lock);
 	} else if (S_ISCHR(mode) || S_ISBLK(mode) || S_ISFIFO(mode) ||
 		   S_ISSOCK(mode)) {
 		inode->i_op = &ntfs_special_inode_operations;
-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ