Syzbot reported an issue with ext4 extents. The reproducer creates a corrupted ext4 fs image in memory, and mounts it as a loop device. It invokes the ext4_cache_extents() and ext4_find_extent(), which eventually triggers a BUG() in ext4_es_end() causing a kernel crash. It triggers on mainline, and every kernel version back to v4.14. Add a call ext4_ext_check_inode() in ext4_find_extent() to prevent the crash. To: "Theodore Ts'o" <tytso@xxxxxxx> Cc: "Andreas Dilger" <adilger.kernel@xxxxxxxxx> Cc: <linux-ext4@xxxxxxxxxxxxxxx> Cc: <linux-kernel@xxxxxxxxxxxxxxx> Cc: <stable@xxxxxxxxxxxxxxx> Link: https://syzkaller.appspot.com/bug?id=641e7a4b900015c5d7a729d6cc1fba7a928a88f9 Reported-by: syzbot+a22dc4b0744ac658ed9b@xxxxxxxxxxxxxxxxxxxxxxxxx Signed-off-by: Tadeusz Struk <tadeusz.struk@xxxxxxxxxx> --- fs/ext4/extents.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c index 5235974126bd..c7b5a11e1abc 100644 --- a/fs/ext4/extents.c +++ b/fs/ext4/extents.c @@ -897,6 +897,12 @@ ext4_find_extent(struct inode *inode, ext4_lblk_t block, goto err; } + ret = ext4_ext_check_inode(inode); + if (ret) { + EXT4_ERROR_INODE(inode, "inode has invalid extent"); + goto err; + } + if (path) { ext4_ext_drop_refs(path); if (depth > path[0].p_maxdepth) { -- 2.37.3
