Latest working kernel version: NA Earliest failing kernel version: NA Distribution: Ubuntu Hardware Environment: Dell Optiplex 740 Software Environment: NA Hi, playing around with crafted ext4 fs raised a kernel oops (see attached extract from kern.log) Steps to reproduce: *gunzip the poc enclosed *mount -t ext4 ext4.poc.img /media/here -o loop *touch /media/here/test Regards, David Maciejak Fortinet's FortiGuard Global Security Research Team
Created attachment 20189 [details] kern.log extract
Created attachment 20190 [details] gzip ext4 poc
I can't reproduce this on a recent kernel. Even after removing the bogus indirect and triple indirect block which causes modern kernels to refuse to mount the filesystem, it still doesn't crash, even after giving all of the ext4_claim_inode() errors caused by the very large s_first_ino value. So it looks like this problem is no longer an issue on 2.6.30-rc6 kernels.