[syzbot] [ntfs3?] WARNING in ni_rename

From: Moon Hee Lee
Date: Tue Jul 08 2025 - 17:46:03 EST

Next message: Reinette Chatre: "Re: [PATCH v6 14/30] x86,fs/resctrl: Support binary fixed point event counters"
Previous message: Jiaxun Yang: "Re: [PATCH v3 2/2] MIPS: CPS: Optimise delay CPU calibration for SMP"
In reply to: syzbot: "Re: [syzbot] [ntfs3?] WARNING in ni_rename"
Next in thread: syzbot: "Re: [syzbot] [ntfs3?] WARNING in ni_rename"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

#syz test
From 7fa1f4b399c2d47d1ab301c2662f6a60c2098c45 Mon Sep 17 00:00:00 2001
From: Moon Hee Lee <moonhee.lee.ca@xxxxxxxxx>
Date: Tue, 8 Jul 2025 14:39:43 -0700
Subject: [PATCH] ntfs3: validate $BITMAP size when index blocks are present

Reject directories with allocated index blocks but zero-length $BITMAP,
as this indicates an inconsistent on-disk structure.

Signed-off-by: Moon Hee Lee <moonhee.lee.ca@xxxxxxxxx>
---
fs/ntfs3/index.c | 10 ++++++++++
1 file changed, 10 insertions(+)

diff --git a/fs/ntfs3/index.c b/fs/ntfs3/index.c
index 1bf2a6593dec..6d1bf890929d 100644
--- a/fs/ntfs3/index.c
+++ b/fs/ntfs3/index.c
@@ -1508,6 +1508,16 @@ static int indx_add_allocate(struct ntfs_index *indx, struct ntfs_inode *ni,
bmp_size = bmp_size_v = le32_to_cpu(bmp->res.data_size);
}

+ /*
+ * Index blocks exist, but $BITMAP has zero valid bits.
+ * This implies an on-disk corruption and must be rejected.
+ */
+ if (in->name == I30_NAME &&
+ unlikely(bmp_size_v == 0 && indx->alloc_run.count)) {
+ err = -EINVAL;
+ goto out1;
+ }
+
bit = bmp_size << 3;
}

--
2.43.0

Next message: Reinette Chatre: "Re: [PATCH v6 14/30] x86,fs/resctrl: Support binary fixed point event counters"
Previous message: Jiaxun Yang: "Re: [PATCH v3 2/2] MIPS: CPS: Optimise delay CPU calibration for SMP"
In reply to: syzbot: "Re: [syzbot] [ntfs3?] WARNING in ni_rename"
Next in thread: syzbot: "Re: [syzbot] [ntfs3?] WARNING in ni_rename"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]