syzbot


KMSAN: uninit-value in ntfs_iomap_begin (2)

Status: upstream: reported on 2026/06/29 19:21
Subsystems: ntfs3
Labels: prio:high
[Documentation on labels]
Reported-by: syzbot+4b4ec878e25fafefa70f@syzkaller.appspotmail.com
First crash: 9d03h, last: 21h42m
✨ AI Jobs (1)
ID Workflow Result Correct Bug Created Started Finished Revision Error
d181d195-c223-4967-9ffe-9588163dc92f assessment-security DenialOfService: ✅ Exploitable: ✅ FilesystemTrigger: ✅ NetworkTrigger: ❌ PeripheralTrigger: ✅ RemoteTrigger: ❌ Unprivileged: ❌ UserNamespace: ❌ VMGuestTrigger: ❌ VMHostTrigger: ❌ KMSAN: uninit-value in ntfs_iomap_begin (2) 2026/06/27 01:51 2026/06/27 01:51 2026/06/27 02:32 7ff32d8bb9773a5f02d3db4c8207fc9251ebedc5

			
		
Discussions (2)
Title Replies (including bot) Last reply
[PATCH] ntfs3: reject empty iomap before reading its LCN 1 (1) 2026/06/30 21:17
[syzbot] [ntfs3?] KMSAN: uninit-value in ntfs_iomap_begin (2) 0 (1) 2026/06/29 19:21
Similar bugs (1)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in ntfs_iomap_begin ntfs3 prio:high 7 C 191 81d 132d 29/29 fixed on 2026/05/21 07:50

Sample crash report:
loop2: detected capacity change from 0 to 4096
=====================================================
BUG: KMSAN: uninit-value in ntfs_iomap_begin+0x8a3/0x1550 fs/ntfs3/inode.c:781
 ntfs_iomap_begin+0x8a3/0x1550 fs/ntfs3/inode.c:781
 iomap_iter+0x9d9/0x14f0 fs/iomap/iter.c:110
 iomap_read_folio+0x67c/0xb20 fs/iomap/buffered-io.c:645
 ntfs_read_folio+0x74f/0x770 fs/ntfs3/inode.c:652
 filemap_read_folio mm/filemap.c:2510 [inline]
 do_read_cache_folio+0x96d/0x13d0 mm/filemap.c:4140
 do_read_cache_page mm/filemap.c:4206 [inline]
 read_cache_page+0x63/0x1e0 mm/filemap.c:4215
 read_mapping_page include/linux/pagemap.h:1009 [inline]
 inode_read_data+0xbb/0x560 fs/ntfs3/inode.c:1058
 ntfs_fill_super+0x720c/0x8820 fs/ntfs3/super.c:1582
 get_tree_bdev_flags+0x6ef/0x930 fs/super.c:1634
 get_tree_bdev+0x38/0x50 fs/super.c:1657
 ntfs_fs_get_tree+0x35/0x40 fs/ntfs3/super.c:1819
 vfs_get_tree+0xae/0x5d0 fs/super.c:1694
 fc_mount fs/namespace.c:1198 [inline]
 do_new_mount_fc fs/namespace.c:3765 [inline]
 do_new_mount+0x885/0x1dc0 fs/namespace.c:3841
 path_mount+0x7a2/0x20a0 fs/namespace.c:4161
 do_mount fs/namespace.c:4174 [inline]
 __do_sys_mount fs/namespace.c:4390 [inline]
 __se_sys_mount+0x704/0x7f0 fs/namespace.c:4367
 __x64_sys_mount+0xed/0x180 fs/namespace.c:4367
 x64_sys_call+0x39f0/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:166
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x15d/0x3c0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Local variable lcn created at:
 ntfs_iomap_begin+0x157/0x1550 fs/ntfs3/inode.c:742
 iomap_iter+0x9d9/0x14f0 fs/iomap/iter.c:110

CPU: 1 UID: 0 PID: 5980 Comm: syz.2.70 Not tainted syzkaller #0 PREEMPT(lazy) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
=====================================================

Crashes (21):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/07/04 01:10 upstream 4a50a141f05a fcece630 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in ntfs_iomap_begin
2026/07/03 23:49 upstream 4a50a141f05a fcece630 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in ntfs_iomap_begin
2026/07/03 07:42 upstream 4a50a141f05a 58bf2096 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in ntfs_iomap_begin
2026/07/03 07:41 upstream 4a50a141f05a 58bf2096 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in ntfs_iomap_begin
2026/07/03 07:39 upstream 4a50a141f05a 58bf2096 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in ntfs_iomap_begin
2026/07/02 18:33 upstream 4a50a141f05a 2b70b115 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in ntfs_iomap_begin
2026/07/02 16:08 upstream 4a50a141f05a 2b70b115 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in ntfs_iomap_begin
2026/07/01 18:51 upstream 962528fef902 27192279 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in ntfs_iomap_begin
2026/07/01 16:00 upstream 962528fef902 27192279 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in ntfs_iomap_begin
2026/07/01 08:35 upstream 962528fef902 00a5cf1c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in ntfs_iomap_begin
2026/07/01 07:53 upstream 962528fef902 00a5cf1c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in ntfs_iomap_begin
2026/06/30 23:59 upstream 962528fef902 00e8b0fd .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in ntfs_iomap_begin
2026/06/30 21:27 upstream 962528fef902 00e8b0fd .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in ntfs_iomap_begin
2026/06/30 12:08 upstream 962528fef902 fff8d0a0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in ntfs_iomap_begin
2026/06/30 11:58 upstream 962528fef902 fff8d0a0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in ntfs_iomap_begin
2026/06/29 16:40 upstream 962528fef902 6a0c72dc .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in ntfs_iomap_begin
2026/06/29 15:41 upstream 962528fef902 6a0c72dc .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in ntfs_iomap_begin
2026/06/27 00:00 upstream 962528fef902 fb92f11c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in ntfs_iomap_begin
2026/06/26 23:23 upstream 962528fef902 fb92f11c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in ntfs_iomap_begin
2026/06/25 19:33 upstream 962528fef902 432fd51a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in ntfs_iomap_begin
2026/06/25 19:14 upstream 962528fef902 432fd51a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in ntfs_iomap_begin
* Struck through repros no longer work on HEAD.