The attached ntfs image causes a Redzone violation when creating a new
file. The problem is that tail is 5 bytes too large in mi_pack_runs():
u32 tail = used - aoff - asize;
...;
memmove(next + new_run_size - run_size, next + dsize, tail);
Perhaps tail should be adjusted after new_run_size is computed:
tail -= (new_run_size - run_size);
# uname -a
Linux ubuntu66 6.8.0-rc2-00047-g1bbb19b6eb1b #6 SMP PREEMPT_DYNAMIC Wed Jan 31 13:13:25 EST 2024 x86_64 x86_64 x86_64 GNU/Linux
# while :
> do
> gunzip -c < ntfs11c.img.gz > junk
> mount -t ntfs3 -o loop,rw junk /mnt
> echo z > /mnt/z
> rm /mnt/z
> umount /mnt
> done
...
ntfs3: loop0: ino=0, attr_set_size
ntfs3: loop0: MFT: r=4, expect seq=4 instead of 0!
ntfs3: loop0: Failed to load $AttrDef (-22)
=============================================================================
BUG kmalloc-1k (Not tainted): Right Redzone overwritten
-----------------------------------------------------------------------------
0xffff888120728800-0xffff888120728804 @offset=2048. First byte 0x0 instead of 0xcc
Allocated in mi_init+0x7c/0x110 age=51447 cpu=10 pid=1422
Freed in qlist_free_all+0x56/0x170 age=86843 cpu=2 pid=1
Slab 0xffffea000481ca00 objects=10 used=10 fp=0x0000000000000000 flags=0x2000000
00000840(slab|head|node=0|zone=2)
Object 0xffff888120728400 @offset=1024 fp=0xffff888120729c00
Robert Morris
rtm@xxxxxxxxxxxxx
Attachment:
ntfs11c.img.gz
Description: Binary data
