Re: [PATCH] ext4: skip split extent recovery on corruption

Next message: honjow: "[PATCH] HID: gpd: fix report descriptor on GPD Win handheld (2f24:0137)"
Previous message: Kumar Kartikeya Dwivedi: "Re: [PATCH v10 05/12] arm64: rqspinlock: Remove private copy of smp_cond_load_acquire_timewait()"
In reply to: Zhang Yi: "Re: [PATCH] ext4: skip split extent recovery on corruption"
Next in thread: hongao: "[PATCH v2] ext4: skip split extent recovery on corruption"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: hongao

Date: Mon Mar 23 2026 - 21:42:31 EST

Hi Jan, Yi, Ojaswin,

Thank you for reviewing the patch.

I will send a v2 that moves the p_ext validation before
ext4_ext_get_access(), as Yi suggested.

Also, thanks for the Reviewed-by tags:
Reviewed-by: Jan Kara <jack@xxxxxxx>
Reviewed-by: Zhang Yi <yi.zhang@xxxxxxxxxx>

Regarding Ojaswin's questions:

I do not have a local reproducer at the moment. My analysis was based on
the syzbot report, the crash trace, and code inspection.

For the p_ext == NULL case, a successful ext4_find_extent() only means
that we were able to walk the tree down to a leaf. It does not guarantee
that the leaf still contains a valid extent entry for the target logical
block.

path[depth].p_ext is derived from the extent entries stored in that leaf.
If the leaf metadata is already corrupted, ext4_find_extent() may still
return a non-error path, but p_ext can be NULL because there is no usable
extent entry there anymore.

So in the corruption case, a valid path is not enough to continue the
recovery path safely. Returning -EFSCORRUPTED is safer than
dereferencing p_ext and crashing while trying to repair already-broken
metadata.

Thanks,
Hongao