On Thu, Jul 10, 2025 at 01:01:04AM -0700, Moon Hee Lee wrote: > From 4c910ac989e7a6d97565a67677a1ee88e2d1a9ad Mon Sep 17 00:00:00 2001 > From: Moon Hee Lee > Date: Thu, 10 Jul 2025 00:36:59 -0700 > Subject: [PATCH] ext4: bail out when INLINE_DATA_FL lacks system.data xattr > > A syzbot fuzzed image triggered a BUG_ON in ext4_update_inline_data() > when an inode had the INLINE_DATA_FL flag set but was missing the > system.data extended attribute. > > ext4_prepare_inline_data() now checks for the presence of that xattr > and returns -EFSCORRUPTED if it is missing, preventing corrupted inodes > from reaching the update path and triggering a crash. Thanks ofor the patch! However, instead of doing an xattr lookup in ext4_prepare_inline_data(), we can more simply and more efficiently just not BUG in ext4_update_inline_data, like this: From eedfada9eb51541fe72f19350503890da522212d Mon Sep 17 00:00:00 2001 From: Theodore Ts'o Date: Thu, 17 Jul 2025 10:54:34 -0400 Subject: [PATCH] ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr A syzbot fuzzed image triggered a BUG_ON in ext4_update_inline_data() when an inode had the INLINE_DATA_FL flag set but was missing the system.data extended attribute. Since this can happen due to a maiciouly fuzzed file system, we shouldn't BUG, but rather, report it as a corrupted file system. Reported-by: syzbot+544248a761451c0df72f@syzkaller.appspotmail.com Signed-off-by: Theodore Ts'o --- fs/ext4/inline.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c index d5b32d242495..424c40c768de 100644 --- a/fs/ext4/inline.c +++ b/fs/ext4/inline.c @@ -354,6 +354,12 @@ static int ext4_update_inline_data(handle_t *handle, struct inode *inode, if (error) goto out; + if (is.s.not_found) { + EXT4_ERROR_INODE(inode, "missing inline data xattr"); + error = -EFSCORRUPTED; + goto out; + } + BUG_ON(is.s.not_found); len -= EXT4_MIN_INLINE_DATA_SIZE; -- 2.47.2