[Linux-NTFS-Dev] kernel BUG in ntfs_read_folio

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hello,
When using modified Syzkaller (G-Fuzz) to fuzz the Linux kernel-6.0.1, the
following crash was triggered.

Linux version: 6.0.1config: https://github.com/google/syzkaller/blob/aea5da898f473385f3b66c94f8aa49ca9a1c9744/dashboard/config/linux/upstream-apparmor-kasan.configC reproducer: https://drive.google.com/file/d/1YahC17jEmhmtGkyuqdcBk_415m71Xizu/view?usp=sharing

If you fix this issue, please add the following tag to the commit:
Reported-by: Yuan Chen<che...@zj...>
[ 7848.372581][ T9506] ------------[ cut here ]------------
[ 7848.373167][ T9506] kernel BUG at fs/ntfs/aops.c:186!
[ 7848.373744][ T9506] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[ 7848.376962][ T9506] CPU: 0 PID: 9506 Comm: a.out Not tainted 6.0.1 #2
[ 7848.377665][ T9506] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014
[ 7848.378792][ T9506] RIP: 0010:ntfs_read_folio+0x22dc/0x2e40
[ 7848.379428][ T9506] Code: 00 48 8b 44 24 48 31 ff 48 8b 98 30 fd ff ff 48 c1 eb 03 83 e3 01 89 de e8 51 f4 de fe 84 db 0f 85 a9 eb ff ff e8 24 f3 de fe <0f> 0b e8 1d f3 de fe 48 c7 c6 60 36 21 8a 4c 89 ff e8 ee a3 14 ff
[ 7848.381374][ T9506] RSP: 0018:ffffc90001b3f768 EFLAGS: 00010246
[ 7848.382024][ T9506] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff888013cfd4c0
[ 7848.382839][ T9506] RDX: 0000000000000000 RSI: ffff888013cfd4c0 RDI: 0000000000000002
[ 7848.383656][ T9506] RBP: ffff888023d98050 R08: ffffffff829e029c R09: 0000000000000000
[ 7848.384476][ T9506] R10: 0000000000000001 R11: ffffed10047b300a R12: ffff888023d98050
[ 7848.385298][ T9506] R13: ffffea0000946de0 R14: fffff94000128db9 R15: ffffea0000946dc0
[ 7848.386125][ T9506] FS:  00007f2285b18440(0000) GS:ffff88802cc00000(0000) knlGS:0000000000000000
[ 7848.387046][ T9506] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 7848.387730][ T9506] CR2: 00000000013d8008 CR3: 0000000045bd7000 CR4: 00000000000006f0
[ 7848.388547][ T9506] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 7848.389360][ T9506] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 7848.390180][ T9506] Call Trace:
[ 7848.390536][ T9506]  <TASK>
[ 7848.390860][ T9506]  ? __sanitizer_cov_trace_pc+0x1a/0x40
[ 7848.391464][ T9506]  ? ntfs_end_buffer_async_read+0x1810/0x1810
[ 7848.392109][ T9506]  ? write_comp_data+0x1c/0x70
[ 7848.392626][ T9506]  ? folio_add_lru+0x377/0x680
[ 7848.393141][ T9506]  ? __sanitizer_cov_trace_pc+0x1a/0x40
[ 7848.393796][ T9506]  ? filemap_add_folio+0x138/0x1d0
[ 7848.394352][ T9506]  ? __filemap_add_folio+0x1440/0x1440
[ 7848.394928][ T9506]  ? __sanitizer_cov_trace_pc+0x1a/0x40
[ 7848.395515][ T9506]  ? ntfs_end_buffer_async_read+0x1810/0x1810
[ 7848.396148][ T9506]  filemap_read_folio+0x3c/0x1d0
[ 7848.396680][ T9506]  do_read_cache_folio+0x1df/0x510
[ 7848.397228][ T9506]  ? ntfs_end_buffer_async_read+0x1810/0x1810
[ 7848.397871][ T9506]  read_cache_page+0x62/0x2b0
[ 7848.398377][ T9506]  map_mft_record+0x1db/0x940
[ 7848.398885][ T9506]  ntfs_read_locked_inode+0x19c/0x5ab0
[ 7848.399464][ T9506]  ? ntfs_attr_get_search_ctx+0x41/0x200
[ 7848.400058][ T9506]  ntfs_read_inode_mount+0xd72/0x2560
[ 7848.400635][ T9506]  ntfs_fill_super+0x179d/0x8590
[ 7848.401167][ T9506]  ? snprintf+0xbb/0xf0
[ 7848.401642][ T9506]  ? vsprintf+0x30/0x30
[ 7848.402102][ T9506]  ? wait_for_completion+0x360/0x360
[ 7848.402680][ T9506]  ? load_and_init_usnjrnl+0x1370/0x1370
[ 7848.403278][ T9506]  ? __sanitizer_cov_trace_pc+0x1a/0x40
[ 7848.403864][ T9506]  ? set_blocksize+0x264/0x2d0
[ 7848.404379][ T9506]  mount_bdev+0x34d/0x410
[ 7848.404870][ T9506]  ? load_and_init_usnjrnl+0x1370/0x1370
[ 7848.405465][ T9506]  ? ntfs_rl_punch_nolock+0x1d10/0x1d10
[ 7848.406058][ T9506]  legacy_get_tree+0x105/0x220
[ 7848.406576][ T9506]  ? __sanitizer_cov_trace_pc+0x1a/0x40
[ 7848.407159][ T9506]  ? ns_capable_common+0xdd/0x100
[ 7848.407698][ T9506]  vfs_get_tree+0x89/0x2f0
[ 7848.408173][ T9506]  path_mount+0x121b/0x1cb0
[ 7848.408662][ T9506]  ? finish_automount+0x8b0/0x8b0
[ 7848.409318][ T9506]  ? putname+0xfe/0x140
[ 7848.409907][ T9506]  do_mount+0xf3/0x110
[ 7848.410470][ T9506]  ? path_mount+0x1cb0/0x1cb0
[ 7848.411113][ T9506]  ? _copy_from_user+0xf7/0x170
[ 7848.411668][ T9506]  ? __sanitizer_cov_trace_pc+0x1a/0x40
[ 7848.412255][ T9506]  __x64_sys_mount+0x18f/0x230
[ 7848.412764][ T9506]  do_syscall_64+0x35/0xb0
[ 7848.413247][ T9506]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 7848.413876][ T9506] RIP: 0033:0x7f22854e948a
[ 7848.414359][ T9506] Code: 48 8b 0d 11 fa 2a 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d de f9 2a 00 f7 d8 64 89 01 48
[ 7848.416292][ T9506] RSP: 002b:00007ffd7b39a878 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 7848.417156][ T9506] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f22854e948a
[ 7848.417976][ T9506] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 00007ffd7b39a8f0
[ 7848.418782][ T9506] RBP: 00007ffd7b39aa40 R08: 00007ffd7b39a930 R09: 0000000000000000
[ 7848.419595][ T9506] R10: 0000000000000000 R11: 0000000000000206 R12: 00000000004009a0
[ 7848.420407][ T9506] R13: 00007ffd7b39ab40 R14: 0000000000000000 R15: 0000000000000000
[ 7848.421224][ T9506]  </TASK>
[ 7848.421558][ T9506] Modules linked in:
[ 7848.422911][ T9506] ---[ end trace 0000000000000000 ]---
[ 7848.423492][ T9506] RIP: 0010:ntfs_read_folio+0x22dc/0x2e40
[ 7848.424095][ T9506] Code: 00 48 8b 44 24 48 31 ff 48 8b 98 30 fd ff ff 48 c1 eb 03 83 e3 01 89 de e8 51 f4 de fe 84 db 0f 85 a9 eb ff ff e8 24 f3 de fe <0f> 0b e8 1d f3 de fe 48 c7 c6 60 36 21 8a 4c 89 ff e8 ee a3 14 ff
[ 7848.426041][ T9506] RSP: 0018:ffffc90001b3f768 EFLAGS: 00010246
[ 7848.426680][ T9506] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff888013cfd4c0
[ 7848.427487][ T9506] RDX: 0000000000000000 RSI: ffff888013cfd4c0 RDI: 0000000000000002
[ 7848.428295][ T9506] RBP: ffff888023d98050 R08: ffffffff829e029c R09: 0000000000000000
[ 7848.429103][ T9506] R10: 0000000000000001 R11: ffffed10047b300a R12: ffff888023d98050
[ 7848.429918][ T9506] R13: ffffea0000946de0 R14: fffff94000128db9 R15: ffffea0000946dc0
[ 7848.430898][ T9506] FS:  00007f2285b18440(0000) GS:ffff88802cc00000(0000) knlGS:0000000000000000
[ 7848.431827][ T9506] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 7848.432512][ T9506] CR2: 00000000013d8008 CR3: 0000000045bd7000 CR4: 00000000000006f0
[ 7848.433335][ T9506] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 7848.434162][ T9506] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 7848.434983][ T9506] Kernel panic - not syncing: Fatal exception
[ 7848.436049][ T9506] Kernel Offset: disabled
[ 7848.436510][ T9506] Rebooting in 86400 seconds..

[Linux-NTFS-Dev] kernel BUG in ntfs_read_folio

Development moved to https://sourceforge.net/projects/ntfs-3g/

[Linux-NTFS-Dev] kernel BUG in ntfs_read_folio