Bug 206879 - "extent tree corrupted" after several syscalls involving EXT4_IOC_SWAP_BOOT on a sparse file
Summary: "extent tree corrupted" after several syscalls involving EXT4_IOC_SWAP_BOOT o...
Status: NEW
Alias: None
Product: File System
Classification: Unclassified
Component: ext4 (show other bugs)
Hardware: All Linux
: P1 normal
Assignee: fs_ext4@kernel-bugs.osdl.org
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-03-18 15:07 UTC by Anatoly Trosinenko
Modified: 2020-03-18 15:07 UTC (History)
0 users

See Also:
Kernel Version: tytso/ext4/dev (dce8e2371)
Subsystem:
Regression: No
Bisected commit-id:

Attachments
Reproducer (673 bytes, text/x-csrc)
2020-03-18 15:07 UTC, Anatoly Trosinenko 		Details
Add an attachment (proposed patch, testcase, etc.)

Description Anatoly Trosinenko 2020-03-18 15:07:32 UTC 
Created attachment 287969 [details]
Reproducer

Hello,

By fuzzing, I have found an "extent tree corrupted" message after invoking several syscalls on a clean ext4 file system image. Some of these are quite special ioctls probably mis-used by my fuzzer, still I report this just in case.

How to reproduce (with kvm-xfstests):

1) Checkout tytso/ext4 branch dev (commit dce8e2371)
2) cp /path/to/fstests/kernel-configs/x86_64-config-5.4 .config
3) make olddefconfig
4) make
5) Compile the attached reproducer:

   gcc ext4-test.c -o /tmp/kvm-xfstests-USER/repro -static

   In my case, the kernel was built for amd64, so reproducer is for amd64, too. With `-m32`, I get a ENOTTY error on EXT4_IOC_SWAP_BOOT
6) Run `./kvm-xfstests shell`
7) Inside the shell:
   mke2fs -t ext4 test.img 1024M
   mount test.img /mnt
   /vtmp/repro /mnt/123 /mnt/abc
8) Observe in dmesg:
   [  114.760535] EXT4-fs error (device loop0): ext4_ext_precache:579: inode #12: comm repro: pblk 32897 bad header/extent: extent tree corrupted - magic f30a, entries 5, max 340(340), depth 0(0)
Note You need to log in before you can comment on or make changes to this bug.