CVE-2022-49347

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-49347
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49347.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-49347
Downstream
Related
Published
2025-02-26T02:11:01.983Z
Modified
2026-03-20T12:22:22.196510Z
Summary
ext4: fix bug_on in ext4_writepages
Details

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix bugon in ext4writepages

we got issue as follows: EXT4-fs error (device loop0): ext4mbgeneratebuddy:1141: group 0, block bitmap and bg descriptor inconsistent: 25 vs 31513 free cls ------------[ cut here ]------------ kernel BUG at fs/ext4/inode.c:2708! invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 2 PID: 2147 Comm: rep Not tainted 5.18.0-rc2-next-20220413+ #155 RIP: 0010:ext4writepages+0x1977/0x1c10 RSP: 0018:ffff88811d3e7880 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffff88811c098000 RDX: 0000000000000000 RSI: ffff88811c098000 RDI: 0000000000000002 RBP: ffff888128140f50 R08: ffffffffb1ff6387 R09: 0000000000000000 R10: 0000000000000007 R11: ffffed10250281ea R12: 0000000000000001 R13: 00000000000000a4 R14: ffff88811d3e7bb8 R15: ffff888128141028 FS: 00007f443aed9740(0000) GS:ffff8883aef00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020007200 CR3: 000000011c2a4000 CR4: 00000000000006e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> dowritepages+0x130/0x3a0 filemapfdatawritewbc+0x83/0xa0 filemapflush+0xab/0xe0 ext4allocda_blocks+0x51/0x120 __ext4_ioctl+0x1534/0x3210 __x64sysioctl+0x12c/0x170 dosyscall64+0x3b/0x90

It may happen as follows: 1. write inlinedata inode vfswrite newsyncwrite ext4filewriteiter ext4bufferedwriteiter genericperformwrite ext4dawritebegin ext4dawriteinlinedatabegin -> If inline data size too small will allocate block to write, then mapping will has dirty page ext4daconvertinlinedatatoextent ->clear EXT4STATEMAYINLINEDATA 2. fallocate dovfsioctl ioctlpreallocate vfsfallocate ext4fallocate ext4convertinlinedata ext4convertinlinedatanolock ext4mapblocks -> fail will goto restore data ext4restoreinlinedata ext4createinlinedata ext4writeinlinedata ext4setinodestate -> set inode EXT4STATEMAYINLINEDATA 3. writepages __ext4ioctl ext4allocdablocks filemapflush filemapfdatawritewbc dowritepages ext4writepages if (ext4hasinlinedata(inode)) BUGON(ext4testinodestate(inode, EXT4STATEMAYINLINEDATA))

The root cause of this issue is we destory inline data until call ext4writepages under delay allocation mode. But there maybe already convert from inline to extent. To solve this issue, we call filemapflush first..

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49347.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
3c47d54170b6a678875566b1b8d6dcf57904e49b
Fixed
19918ec7717d87d5ab825884a46b26b21375d7ce
Fixed
b2b78f5bf2d453dda3903955efee059260787a42
Fixed
de1732b5c1693ad489c5d254f124f67cb775f37d
Fixed
73fd5b19285197078ee8a2e651d75d5b094a4de9
Fixed
1b061af037646c9cdb0afd8a8d2f1e1c06285866
Fixed
18a759f7f99f0b65a08ff5b7e745fc405a42bde4
Fixed
1cde35417edc0370fb0179a4e38b78a15350a8d0
Fixed
013f12bdedb96816aaa27ee04349f4433d361f52
Fixed
ef09ed5d37b84d18562b30cf7253e57062d0db05

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49347.json"