https://bugzilla.kernel.org/show_bug.cgi?id=206879 Bug ID: 206879 Summary: "extent tree corrupted" after several syscalls involving EXT4_IOC_SWAP_BOOT on a sparse file Product: File System Version: 2.5 Kernel Version: tytso/ext4/dev (dce8e2371) Hardware: All OS: Linux Tree: Mainline Status: NEW Severity: normal Priority: P1 Component: ext4 Assignee: fs_ext4@xxxxxxxxxxxxxxxxxxxx Reporter: anatoly.trosinenko@xxxxxxxxx Regression: No Created attachment 287969 --> https://bugzilla.kernel.org/attachment.cgi?id=287969&action=edit Reproducer Hello, By fuzzing, I have found an "extent tree corrupted" message after invoking several syscalls on a clean ext4 file system image. Some of these are quite special ioctls probably mis-used by my fuzzer, still I report this just in case. How to reproduce (with kvm-xfstests): 1) Checkout tytso/ext4 branch dev (commit dce8e2371) 2) cp /path/to/fstests/kernel-configs/x86_64-config-5.4 .config 3) make olddefconfig 4) make 5) Compile the attached reproducer: gcc ext4-test.c -o /tmp/kvm-xfstests-USER/repro -static In my case, the kernel was built for amd64, so reproducer is for amd64, too. With `-m32`, I get a ENOTTY error on EXT4_IOC_SWAP_BOOT 6) Run `./kvm-xfstests shell` 7) Inside the shell: mke2fs -t ext4 test.img 1024M mount test.img /mnt /vtmp/repro /mnt/123 /mnt/abc 8) Observe in dmesg: [ 114.760535] EXT4-fs error (device loop0): ext4_ext_precache:579: inode #12: comm repro: pblk 32897 bad header/extent: extent tree corrupted - magic f30a, entries 5, max 340(340), depth 0(0) -- You are receiving this mail because: You are watching the assignee of the bug.
