Re: Bug: Invalid Input Handling in ntfs_get_block_vbo Causes Warning

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 10.01.2025 12:31, Kun Hu wrote:

2025年1月6日 17:01,Kun Hu <huk23@xxxxxxxxxxxxxx> 写道:

Hello,

When using our customized fuzzer tool to fuzz the latest Linux kernel, the following issue
was triggered.

HEAD commit: fc033cf25e612e840e545f8d5ad2edd6ba613ed5
git tree: upstream
Console output: https://drive.google.com/file/d/12lk8-oiUpEIFaIaEiWLCDySysQhGGzAb/view?usp=sharing
Kernel config: https://drive.google.com/file/d/1n2sLNg-YcIgZqhhQqyMPTDWM_N1Pqz73/view?usp=sharing
C reproducer: https://drive.google.com/file/d/12olymggtarPukCm_JXl9ah2dSMWJb831/view?usp=sharing
Syzlang reproducer: https://drive.google.com/file/d/1gBjsTeUPl9UHiJfxn5KXEQF70GUddhux/view?usp=sharing


If you fix this issue, please add the following tag to the commit:
Reported-by: Kun Hu <huk23@xxxxxxxxxxxxxx>, Jiaji Qin <jjtan24@xxxxxxxxxxxxxx>

WARNING: CPU: 1 PID: 38 at fs/ntfs3/inode.c:619 ntfs_get_block_vbo+0x346/0xf50 fs/ntfs3/inode.c:619
Modules linked in:
CPU: 1 UID: 0 PID: 38 Comm: kworker/u18:0 Not tainted 6.13.0-rc5 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014
Workqueue: writeback wb_workfn (flush-7:0)
RIP: 0010:ntfs_get_block_vbo+0x346/0xf50 fs/ntfs3/inode.c:619
Code: 07 e9 fe 4d 39 ef 72 25 e8 c7 05 e9 fe 44 8b 2c 24 31 ff 44 89 ee e8 e9 07 e9 fe 45 85 ed 0f 84 d6 03 00 00 e8 ab 05 e9 fe 90 <0f> 0b 90 e8 a2 05 e9 fe 44 0f b6 6c 24 70 31 ff 44 89 ee e8 62 07
RSP: 0018:ffa00000002b7070 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffa00000002b7268 RCX: ffffffff98a09a87
RDX: 0000000000000001 RSI: ff11000001df2340 RDI: 0000000000000002
RBP: ff1100001601f650 R08: 0000000000000000 R09: fff3fc0000056db5
R10: fff3fc0000056db4 R11: ffa00000002b6da7 R12: ff11000010e8c000
R13: 0000000000000001 R14: 000000000000000a R15: 00000000fffffffd
FS:  0000000000000000(0000) GS:ff1100006a280000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f6093bdfe00 CR3: 0000000008df6004 CR4: 0000000000771ef0
PKRU: 55555554
Call Trace:
<TASK>
__mpage_writepage+0x952/0x1970 fs/mpage.c:543
write_cache_pages+0xa6/0x120 mm/page-writeback.c:2659
mpage_writepages+0xc1/0x170 fs/mpage.c:666
ntfs_writepages+0x122/0x1a0 fs/ntfs3/inode.c:898
do_writepages+0x19d/0x7d0 mm/page-writeback.c:2702
__writeback_single_inode+0x135/0x1010 fs/fs-writeback.c:1680
writeback_sb_inodes+0x5ee/0xf00 fs/fs-writeback.c:1976
__writeback_inodes_wb+0xbe/0x270 fs/fs-writeback.c:2047
wb_writeback+0x72f/0xb50 fs/fs-writeback.c:2158
wb_check_background_flush fs/fs-writeback.c:2228 [inline]
wb_do_writeback fs/fs-writeback.c:2316 [inline]
wb_workfn+0x8b8/0xe10 fs/fs-writeback.c:2343
process_one_work kernel/workqueue.c:3229 [inline]
process_scheduled_works+0x5ee/0x1ba0 kernel/workqueue.c:3310
worker_thread+0x59f/0xcf0 kernel/workqueue.c:3391
kthread+0x345/0x450 kernel/kthread.c:389
ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
irq event stamp: 13825
hardirqs last  enabled at (13847): [<ffffffff9769dc8e>] __up_console_sem+0xae/0xc0 kernel/printk/printk.c:344
hardirqs last disabled at (13860): [<ffffffff9769dc73>] __up_console_sem+0x93/0xc0 kernel/printk/printk.c:342
softirqs last  enabled at (13842): [<ffffffff9750f554>] softirq_handle_end kernel/softirq.c:407 [inline]
softirqs last  enabled at (13842): [<ffffffff9750f554>] handle_softirqs+0x544/0x870 kernel/softirq.c:589
softirqs last disabled at (13881): [<ffffffff9751120e>] __do_softirq kernel/softirq.c:595 [inline]
softirqs last disabled at (13881): [<ffffffff9751120e>] invoke_softirq kernel/softirq.c:435 [inline]
softirqs last disabled at (13881): [<ffffffff9751120e>] __irq_exit_rcu kernel/softirq.c:662 [inline]
softirqs last disabled at (13881): [<ffffffff9751120e>] irq_exit_rcu+0xee/0x140 kernel/softirq.c:678
---[ end trace 0000000000000000 ]---


---------------
thanks,
Kun Hu

Hi  Konstantin,

I’m not sure if this is sufficient to help locate the bug? If you need additional information, please let me know.

Thanks,
Kun Hu

Hello Kun Hu,
I was able to reproduce the issue with extended debugging information. I will update you on the results here. 
Thank you for highlighting the issue.

Regards,
Konstantin
[Index of Archives]     [Linux Driver Backports]     [DMA Engine]     [Linux GPIO]     [Linux SPI]     [Video for Linux]     [Linux USB Devel]     [Linux Coverity]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Yosemite Backpacking]
  Powered by Linux