CVE-2026-43068

In the Linux kernel, the following vulnerability has been resolved:

ext4: avoid allocate block from corrupted group in ext4 mb find by goal()

There's issue as follows: ... EXT4-fs (mmcblk0p1): Delayed block allocation failed for inode 206 at logical offset 0 with max blocks 1 with error 117 EXT4-fs (mmcblk0p1): This should not happen!! Data will be lost

EXT4-fs (mmcblk0p1): Delayed block allocation failed for inode 206 at logical offset 0 with max blocks 1 with error 117 EXT4-fs (mmcblk0p1): This should not happen!! Data will be lost

EXT4-fs (mmcblk0p1): Delayed block allocation failed for inode 206 at logical offset 0 with max blocks 1 with error 117 EXT4-fs (mmcblk0p1): This should not happen!! Data will be lost

EXT4-fs (mmcblk0p1): Delayed block allocation failed for inode 206 at logical offset 0 with max blocks 1 with error 117 EXT4-fs (mmcblk0p1): This should not happen!! Data will be lost

EXT4-fs (mmcblk0p1): Delayed block allocation failed for inode 2243 at logical offset 0 with max blocks 1 with error 117 EXT4-fs (mmcblk0p1): This should not happen!! Data will be lost

EXT4-fs (mmcblk0p1): Delayed block allocation failed for inode 2239 at logical offset 0 with max blocks 1 with error 117 EXT4-fs (mmcblk0p1): This should not happen!! Data will be lost

EXT4-fs (mmcblk0p1): error count since last fsck: 1 EXT4-fs (mmcblk0p1): initial error at time 1765597433: ext4 mb generate buddy:760 EXT4-fs (mmcblk0p1): last error at time 1765597433: ext4 mb generate buddy:760 ...

According to the log analysis, blocks are always requested from the corrupted block group. This may happen as follows: ext4 mb find by goal ext4 mb load buddy ext4 mb load buddy gfp ext4 mb init cache ext4 read block bitmap nowait ext4 wait block bitmap ext4 validate block bitmap if (!grp || EXT4 MB GRP BBITMAP CORRUPT(grp)) return -EFSCORRUPTED; // There's no logs. if (err) return err; // Will return error ext4 lock group(ac->ac sb, group); if (unlikely(EXT4 MB GRP BBITMAP CORRUPT(e4b->bd info))) // Unreachable goto out;

After commit 9008a58e5dce ("ext4: make the bitmap read routines return real error codes") merged, Commit 163a203ddb36 ("ext4: mark block group as corrupt on block bitmap error") is no real solution for allocating blocks from corrupted block groups. This is because if 'EXT4 MB GRP BBITMAP CORRUPT(e4b->bd info)' is true, then 'ext4 mb load buddy()' may return an error. This means that the block allocation will fail. Therefore, check block group if corrupted when ext4 mb load buddy() returns error.