Re: [syzbot] [ntfs3?] WARNING in indx_insert_into_buffer

From: syzbot
Date: Fri Nov 24 2023 - 21:46:59 EST

Next message: Guo Ren: "Re: [RFC PATCH 0/5] RISC-V: Add dynamic TSO support"
Previous message: syzbot: "[syzbot] [can?] memory leak in j1939_netdev_start"
In reply to: syzbot: "Re: [syzbot] [ntfs3?] WARNING in indx_insert_into_buffer"
Next in thread: syzbot: "Re: [syzbot] [ntfs3?] WARNING in indx_insert_into_buffer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

For archival purposes, forwarding an incoming command email to
linux-kernel@xxxxxxxxxxxxxxx.

***

Subject: [ntfs3?] WARNING in indx_insert_into_buffer
Author: eadavis@xxxxxx

please test WARNING in indx_insert_into_buffer

#syz test https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 037266a5f723

diff --git a/fs/ntfs3/index.c b/fs/ntfs3/index.c
index cf92b2433f7a..67c27e6ce497 100644
--- a/fs/ntfs3/index.c
+++ b/fs/ntfs3/index.c
@@ -1816,6 +1816,9 @@ indx_insert_into_buffer(struct ntfs_index *indx, struct ntfs_inode *ni,
* - Insert sp into parent buffer (or root)
* - Make sp a parent for new buffer
*/
+ printk("l: %d, u1: %d, t: %d, do: %d\n",
+ level, le32_to_cpu(hdr1->used), le32_to_cpu(hdr1->total),
+ le32_to_cpu(hdr1->de_off));
sp = hdr_find_split(hdr1);
if (!sp)
return -EINVAL;
@@ -1833,6 +1836,8 @@ indx_insert_into_buffer(struct ntfs_index *indx, struct ntfs_inode *ni,
goto out;
}

+ printk("l: %d, u1: %d, sps: %d, t: %d, do: %d\n",
+ level, used1, sp_size, le32_to_cpu(hdr1->total), le32_to_cpu(hdr1->de_off));
if (!hdr1->flags) {
up_e->flags |= NTFS_IE_HAS_SUBNODES;
up_e->size = cpu_to_le16(sp_size + sizeof(u64));
@@ -1895,6 +1900,8 @@ indx_insert_into_buffer(struct ntfs_index *indx, struct ntfs_inode *ni,
if (!level) {
/* Insert in root. */
err = indx_insert_into_root(indx, ni, up_e, NULL, ctx, fnd, 0);
+ //if (err == -ENOMEM)
+ // goto out;
} else {
/*
* The target buffer's parent is another index buffer.
@@ -1909,6 +1916,8 @@ indx_insert_into_buffer(struct ntfs_index *indx, struct ntfs_inode *ni,
* Undo critical operations.
*/
indx_mark_free(indx, ni, new_vbn >> indx->idx2vbn_bits);
+ printk("%d, u1: %d, sps: %d, t: %d, do: %d\n",
+ level, used1, sp_size, le32_to_cpu(hdr1->total), le32_to_cpu(hdr1->de_off));
memcpy(hdr1, hdr1_saved, used1);
indx_write(indx, ni, n1, 0);
}
diff --git a/fs/ntfs3/ntfs.h b/fs/ntfs3/ntfs.h
index 86aecbb01a92..67d0fd8f5b7d 100644
--- a/fs/ntfs3/ntfs.h
+++ b/fs/ntfs3/ntfs.h
@@ -759,7 +759,7 @@ static inline bool hdr_has_subnode(const struct INDEX_HDR *hdr)
struct INDEX_BUFFER {
struct NTFS_RECORD_HEADER rhdr; // 'INDX'
__le64 vbn; // 0x10: vcn if index >= cluster or vsn id index < cluster
- struct INDEX_HDR ihdr; // 0x18:
+ DECLARE_FLEX_ARRAY(struct INDEX_HDR, ihdr); // 0x18:
};

static_assert(sizeof(struct INDEX_BUFFER) == 0x28);

Next message: Guo Ren: "Re: [RFC PATCH 0/5] RISC-V: Add dynamic TSO support"
Previous message: syzbot: "[syzbot] [can?] memory leak in j1939_netdev_start"
In reply to: syzbot: "Re: [syzbot] [ntfs3?] WARNING in indx_insert_into_buffer"
Next in thread: syzbot: "Re: [syzbot] [ntfs3?] WARNING in indx_insert_into_buffer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]