You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
ext4: bail out when EXT4_INLINE_DATA_FL lacks system.data xattr
A syzbot-generated disk image triggered a BUG_ON in
ext4_update_inline_data() when an inode had the EXT4_INLINE_DATA_FL flag
set but lacked the required system.data extended attribute.
ext4_prepare_inline_data() now checks for the presence of this xattr and
returns -EFSCORRUPTED if it is missing. This prevents corrupted inodes
from reaching the update path and causing a crash.
[1] Syzbot crash log:
EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
fscrypt: AES-256-XTS using implementation "xts-aes-aesni-avx"
loop0: detected capacity change from 512 to 64
------------[ cut here ]------------
kernel BUG at fs/ext4/inline.c:357!
Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI
CPU: 0 UID: 0 PID: 5499 Comm: syz.0.16 Not tainted 6.16.0-rc4-syzkaller-00348-g772b78c2abd8 #0 PREEMPT(full)
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
RIP: 0010:ext4_update_inline_data+0x4e8/0x4f0 fs/ext4/inline.c:357
Code: ...
Call Trace:
<TASK>
ext4_prepare_inline_data+0x141/0x1d0 fs/ext4/inline.c:415
ext4_generic_write_inline_data+0x207/0xc90 fs/ext4/inline.c:692
ext4_try_to_write_inline_data+0x80/0xa0 fs/ext4/inline.c:763
ext4_write_begin+0x2d8/0x1680 fs/ext4/inode.c:1281
generic_perform_write+0x2c7/0x910 mm/filemap.c:4112
ext4_buffered_write_iter+0xce/0x3a0 fs/ext4/file.c:299
ext4_file_write_iter+0x298/0x1bc0 fs/ext4/file.c:-1
new_sync_write fs/read_write.c:593 [inline]
vfs_write+0x548/0xa90 fs/read_write.c:686
ksys_write+0x145/0x250 fs/read_write.c:738
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: ...
</TASK>
[2] Reproducer image:
https://storage.googleapis.com/syzbot-assets/f97118969515/mount_0.gz
[3] e2fsck output on the provided image:
$ e2fsck -fn mount_0
e2fsck 1.47.0 (5-Feb-2023)
One or more block group descriptor checksums are invalid. Fix? no
Group descriptor 0 checksum is 0x8245, should be 0x353a. IGNORED.
Pass 1: Checking inodes, blocks, and sizes
Inode 12 has INLINE_DATA_FL flag but extended attribute not found. Truncate? no
Inode 16, i_blocks is 3298534883346, should be 18. Fix? no
Inode 17, i_blocks is 17592186044416, should be 0. Fix? no
Pass 2: Checking directory structure
Symlink /file0/file1 (inode torvalds#14) is invalid.
Clear? no
Entry 'file1' in /file0 (12) has an incorrect filetype (was 7, should be 0).
Fix? no
Directory inode 11, block #5, offset 0: directory corrupted
Salvage? no
e2fsck: aborted
syzkaller: ********** WARNING: Filesystem still has errors **********
Reported-by: [email protected]
Closes: https://syzkaller.appspot.com/bug?extid=544248a761451c0df72f
Fixes: 67cf5b0 ("ext4: add the basic function for inline data support")
Tested-by: [email protected]
Signed-off-by: Moon Hee Lee <[email protected]>
0 commit comments