[{"id":3683197,"web_url":"http://patchwork.ozlabs.org/comment/3683197/","msgid":"<qnbtbpu4awi3hktmfkmmrng7jaa4df42mpruuiiynyux6ua7ky@ba5mlsy5fst4>","list_archive_url":null,"date":"2026-04-28T07:38:21","subject":"Re: [PATCH] ext4: avoid BUG_ON() in ext4_get_inline_entry()","submitter":{"id":363,"url":"http://patchwork.ozlabs.org/api/people/363/","name":"Jan Kara","email":"jack@suse.cz"},"content":"On Mon 27-04-26 21:50:20, Vineet Agarwal wrote:\n> Corrupted inline directory metadata can cause offset to exceed\n> the inline data size through rec_len processing in\n> empty_inline_dir().\n> \n> This triggers BUG_ON() in ext4_get_inline_entry(), causing a\n> kernel panic before ext4_check_dir_entry() can handle the\n> corruption gracefully.\n> \n> Replace BUG_ON() with a NULL return and handle the invalid\n> offset in the caller by emitting a warning and exiting safely.\n> \n> This prevents a kernel panic from corrupted inline directory\n> metadata.\n> \n> Signed-off-by: Vineet Agarwal <agarwal.vineet2006@gmail.com>\n\nI guess this is motivated by some syskaller fuzzing (would be good to\nreference). It however doesn't explain how the BUG_ON can trigger when\nempty_inline_dir() just did:\n\n\tinline_len = ext4_get_inline_size(dir);\n\t...\n\twhile (offset < inline_len) {\n\t\tde = ext4_get_inline_entry(dir, &iloc, offset, ...)\n\nI suspect modification of the fs image while being mounted which is not\nsomething we care about.\n\n\t\t\t\t\t\t\t\tHonza\n\n> ---\n>  fs/ext4/inline.c | 9 ++++++++-\n>  1 file changed, 8 insertions(+), 1 deletion(-)\n> \n> diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c\n> index 8045e4ff270c..bca9936ed6d0 100644\n> --- a/fs/ext4/inline.c\n> +++ b/fs/ext4/inline.c\n> @@ -1718,7 +1718,8 @@ ext4_get_inline_entry(struct inode *inode,\n>  {\n>  \tvoid *inline_pos;\n>  \n> -\tBUG_ON(offset > ext4_get_inline_size(inode));\n> +\tif (offset > ext4_get_inline_size(inode))\n> +\t\treturn NULL;\n>  \n>  \tif (offset < EXT4_MIN_INLINE_DATA_SIZE) {\n>  \t\tinline_pos = (void *)ext4_raw_inode(iloc)->i_block;\n> @@ -1773,6 +1774,12 @@ bool empty_inline_dir(struct inode *dir, int *has_inline_data)\n>  \twhile (offset < inline_len) {\n>  \t\tde = ext4_get_inline_entry(dir, &iloc, offset,\n>  \t\t\t\t\t   &inline_pos, &inline_size);\n> +\t\tif (!de) {\n> +\t\t\text4_warning(dir->i_sb,\n> +\t\t\t\t     \"bad inline directory (dir #%llu) - invalid offset\",\n> +\t\t\t\t     dir->i_ino);\n> +\t\t\tgoto out;\n> +\t\t}\n>  \t\tif (ext4_check_dir_entry(dir, NULL, de,\n>  \t\t\t\t\t iloc.bh, inline_pos,\n>  \t\t\t\t\t inline_size, offset)) {\n> -- \n> 2.54.0\n>","headers":{"Return-Path":"\n <SRS0=f7sJ=C3=vger.kernel.org=linux-ext4+bounces-16145-patchwork-incoming=ozlabs.org@ozlabs.org>","X-Original-To":["incoming@patchwork.ozlabs.org","linux-ext4@vger.kernel.org"],"Delivered-To":["patchwork-incoming@legolas.ozlabs.org","patchwork-incoming@ozlabs.org"],"Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=suse.cz header.i=@suse.cz header.a=rsa-sha256\n header.s=susede2_rsa header.b=oRd5T5bJ;\n\tdkim=pass header.d=suse.cz header.i=@suse.cz header.a=ed25519-sha256\n header.s=susede2_ed25519 header.b=+6T+yg+E;\n\tdkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz\n header.a=rsa-sha256 header.s=susede2_rsa header.b=oRd5T5bJ;\n\tdkim=neutral header.d=suse.cz header.i=@suse.cz header.a=ed25519-sha256\n header.s=susede2_ed25519 header.b=+6T+yg+E;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=ozlabs.org\n (client-ip=150.107.74.76; helo=mail.ozlabs.org;\n envelope-from=srs0=f7sj=c3=vger.kernel.org=linux-ext4+bounces-16145-patchwork-incoming=ozlabs.org@ozlabs.org;\n receiver=patchwork.ozlabs.org)","gandalf.ozlabs.org;\n arc=pass smtp.remote-ip=104.64.211.4 arc.chain=subspace.kernel.org","gandalf.ozlabs.org;\n dmarc=none (p=none dis=none) header.from=suse.cz","gandalf.ozlabs.org;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=suse.cz header.i=@suse.cz header.a=rsa-sha256\n header.s=susede2_rsa header.b=oRd5T5bJ;\n\tdkim=pass header.d=suse.cz header.i=@suse.cz header.a=ed25519-sha256\n header.s=susede2_ed25519 header.b=+6T+yg+E;\n\tdkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz\n header.a=rsa-sha256 header.s=susede2_rsa header.b=oRd5T5bJ;\n\tdkim=neutral header.d=suse.cz header.i=@suse.cz header.a=ed25519-sha256\n header.s=susede2_ed25519 header.b=+6T+yg+E;\n\tdkim-atps=neutral","gandalf.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=104.64.211.4; helo=sin.lore.kernel.org;\n envelope-from=linux-ext4+bounces-16145-patchwork-incoming=ozlabs.org@vger.kernel.org;\n receiver=ozlabs.org)","smtp.subspace.kernel.org;\n\tdkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz\n header.b=\"oRd5T5bJ\";\n\tdkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz\n header.b=\"+6T+yg+E\";\n\tdkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz\n header.b=\"oRd5T5bJ\";\n\tdkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz\n header.b=\"+6T+yg+E\"","smtp.subspace.kernel.org;\n arc=none smtp.client-ip=195.135.223.130","smtp.subspace.kernel.org;\n dmarc=none (p=none dis=none) header.from=suse.cz","smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=suse.cz","smtp-out1.suse.de;\n\tdkim=pass header.d=suse.cz header.s=susede2_rsa header.b=oRd5T5bJ;\n\tdkim=pass header.d=suse.cz header.s=susede2_ed25519 header.b=+6T+yg+E"],"Received":["from mail.ozlabs.org (gandalf.ozlabs.org [150.107.74.76])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g4XQ80sQNz1yHX\n\tfor <incoming@patchwork.ozlabs.org>; Tue, 28 Apr 2026 17:39:44 +1000 (AEST)","from mail.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3])\n\tby gandalf.ozlabs.org (Postfix) with ESMTP id 4g4XQ762Kzz4wLV\n\tfor <incoming@patchwork.ozlabs.org>; Tue, 28 Apr 2026 17:39:43 +1000 (AEST)","by gandalf.ozlabs.org (Postfix)\n\tid 4g4XQ75wTgz4wLR; Tue, 28 Apr 2026 17:39:43 +1000 (AEST)","from sin.lore.kernel.org (sin.lore.kernel.org [104.64.211.4])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby gandalf.ozlabs.org (Postfix) with ESMTPS id 4g4XQ44xwKz4wLV\n\tfor <patchwork-incoming@ozlabs.org>; Tue, 28 Apr 2026 17:39:40 +1000 (AEST)","from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sin.lore.kernel.org (Postfix) with ESMTP id 2500F300F78F\n\tfor <patchwork-incoming@ozlabs.org>; Tue, 28 Apr 2026 07:38:30 +0000 (UTC)","from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 4EB51343D8A;\n\tTue, 28 Apr 2026 07:38:29 +0000 (UTC)","from smtp-out1.suse.de (smtp-out1.suse.de [195.135.223.130])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 9F933340A62\n\tfor <linux-ext4@vger.kernel.org>; Tue, 28 Apr 2026 07:38:27 +0000 (UTC)","from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org\n [IPv6:2a07:de40:b281:104:10:150:64:97])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest\n SHA256)\n\t(No client certificate requested)\n\tby smtp-out1.suse.de (Postfix) with ESMTPS id BCAE46A81D;\n\tTue, 28 Apr 2026 07:38:25 +0000 (UTC)","from imap1.dmz-prg2.suse.org (localhost [127.0.0.1])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest\n SHA256)\n\t(No client certificate requested)\n\tby imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id AE54A593B0;\n\tTue, 28 Apr 2026 07:38:25 +0000 (UTC)","from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167])\n\tby imap1.dmz-prg2.suse.org with ESMTPSA\n\tid IQWJKvFj8GltAwAAD6G6ig\n\t(envelope-from <jack@suse.cz>); Tue, 28 Apr 2026 07:38:25 +0000","by quack3.suse.cz (Postfix, from userid 1000)\n\tid 66A73A0B62; Tue, 28 Apr 2026 09:38:21 +0200 (CEST)"],"ARC-Seal":["i=2; a=rsa-sha256; d=ozlabs.org; s=201707; t=1777361983; cv=pass;\n\tb=DoTNKDxXYQ5/J74PAd4jvQyXEca7NMnzJ0DZ6k/xKSXA1wtwiuCU/b1pvulghoRpTaBlDyviewJSB0JFUcLE80iqIwOJm9oJcAwUKqPRZ9Q7XbczalZgJpkhNBy7SwikdVVlL56JtL543sqhXlW6vI9OzqEQDD9mPuagE2b+9hR1EP5buZW8vpeEGoUCM0/Gly2wjqP1IFmBljsw9OgNMLqB4cw5lcWc/HF6UZEnRDlIB/J0awPgfnr50ivORMZOdmDaowfykWkdG5NB2l+hGyLUDjZQRRX6z/D7NmSM/v1kpGRdKDGkC/WDSSI9ScfEIv3MiM3olMzJV89I5alzaA==","i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1777361909; cv=none;\n b=Vdoq+VnuwVmJKpF6t2fHqBAQUtAKazEWUvRdrK40BB5qJ2l373QaPHpFuOdktB2IeORSOS/UbMuNJyi+n8i8X6nT9CZs+OrvT9fgJDG+kBq/piZv3qKMGGydITnXrRbOj33cUUjfbKmCIcsQyCgMQWvjvrbUzCyqgVMit3HOIKI="],"ARC-Message-Signature":["i=2; a=rsa-sha256; d=ozlabs.org; s=201707;\n\tt=1777361983; c=relaxed/relaxed;\n\tbh=xwdulIiaaKLgZrV/lJNHyJbHzx0M+9VluyBt041n3GE=;\n\th=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:\n\t Content-Type:Content-Disposition:In-Reply-To;\n b=Ca72cplqrM44OpRK8s7dlu19eQWtsYNPQKvFKTvwWtrDBaNLmOpJn9Jk8LM9F4B3WZjSSjv+eGY55Iu4jmXeeGQ7rV61hzdHkp70VerUH0bZE86F+/A6JLxoNQe+4mZbdOqyyWroHSpQ8Oe8/YA/D41tpGsVXWwXPsswsXdtiOUoTloI8x8fBijRKXVI7+eJZSTwt9u7YAsgU1ry7Ik1oU3AClhSqKU+xV0A0wcH+QFEyCEKK/sDAi0DyOiPX8UmGLRIPpXGA5ApnJpl2rYySJTxwJAHLXAFH/6X0t5CJ6G1vpZSkoATM1i9c4dkcZ+ha4Pz+F8OicvAO+fAriaDoQ==","i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1777361909; c=relaxed/simple;\n\tbh=ORllD8SYxqg8ONkBeCCdm+Q/TcPESEZ+9T1Rjt6Yc0A=;\n\th=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:\n\t Content-Type:Content-Disposition:In-Reply-To;\n b=bqd0ATjrhkYPnCNUWSRN/i6BO+kFaFGCJ7kSymmS1lRSrQVuQ9cuSnA2oCtGqIbETvvPZbYa+BrEoqMd+oVvViyI97m/vI9Ps2WrxseDFz017XAnBtYtyK2lHJRweOldeHva4EbjZjl9RGf7n2FgxK4QUXwfp0gNEtZL8ljvV3Y="],"ARC-Authentication-Results":["i=2; gandalf.ozlabs.org;\n dmarc=none (p=none dis=none) header.from=suse.cz; dkim=pass (1024-bit key;\n unprotected) header.d=suse.cz header.i=@suse.cz header.a=rsa-sha256\n header.s=susede2_rsa header.b=oRd5T5bJ;\n dkim=pass header.d=suse.cz header.i=@suse.cz header.a=ed25519-sha256\n header.s=susede2_ed25519 header.b=+6T+yg+E;\n dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz\n header.a=rsa-sha256 header.s=susede2_rsa header.b=oRd5T5bJ;\n dkim=neutral header.d=suse.cz header.i=@suse.cz header.a=ed25519-sha256\n header.s=susede2_ed25519 header.b=+6T+yg+E; dkim-atps=neutral;\n spf=pass (client-ip=104.64.211.4; helo=sin.lore.kernel.org;\n envelope-from=linux-ext4+bounces-16145-patchwork-incoming=ozlabs.org@vger.kernel.org;\n receiver=ozlabs.org) smtp.mailfrom=vger.kernel.org","i=1; smtp.subspace.kernel.org;\n dmarc=none (p=none dis=none) header.from=suse.cz;\n spf=pass smtp.mailfrom=suse.cz;\n dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz\n header.b=oRd5T5bJ;\n dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz\n header.b=+6T+yg+E;\n dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz\n header.b=oRd5T5bJ;\n dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz\n header.b=+6T+yg+E; arc=none smtp.client-ip=195.135.223.130"],"DKIM-Signature":["v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz;\n s=susede2_rsa;\n\tt=1777361905;\n h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:\n\t mime-version:mime-version:content-type:content-type:\n\t in-reply-to:in-reply-to:references:references;\n\tbh=xwdulIiaaKLgZrV/lJNHyJbHzx0M+9VluyBt041n3GE=;\n\tb=oRd5T5bJrx05M3ar5uu5WNIx2dBQ0j+ye1lRHPm1s/6alc3tU7b8kLYmejPyTjEvNZotDb\n\tCZB3IHM7jX8DSiC81c/kv7ukWwrCkJaJX3X2mat/7dyGexyLnoNECTcl9TDCm6mYavgddk\n\th0uwFkHV+B+AXo4My6GW0IRGdmT88F4=","v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz;\n\ts=susede2_ed25519; t=1777361905;\n\th=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:\n\t mime-version:mime-version:content-type:content-type:\n\t in-reply-to:in-reply-to:references:references;\n\tbh=xwdulIiaaKLgZrV/lJNHyJbHzx0M+9VluyBt041n3GE=;\n\tb=+6T+yg+ELr+MAv2u6UoEu4XVbCVbqTcSDnpS9WgLt2/7CGcNClHk7mlOq6hXzc5ryj+1i6\n\tcJz4Jmtfv93pucDw==","v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz;\n s=susede2_rsa;\n\tt=1777361905;\n h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:\n\t mime-version:mime-version:content-type:content-type:\n\t in-reply-to:in-reply-to:references:references;\n\tbh=xwdulIiaaKLgZrV/lJNHyJbHzx0M+9VluyBt041n3GE=;\n\tb=oRd5T5bJrx05M3ar5uu5WNIx2dBQ0j+ye1lRHPm1s/6alc3tU7b8kLYmejPyTjEvNZotDb\n\tCZB3IHM7jX8DSiC81c/kv7ukWwrCkJaJX3X2mat/7dyGexyLnoNECTcl9TDCm6mYavgddk\n\th0uwFkHV+B+AXo4My6GW0IRGdmT88F4=","v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz;\n\ts=susede2_ed25519; t=1777361905;\n\th=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:\n\t mime-version:mime-version:content-type:content-type:\n\t in-reply-to:in-reply-to:references:references;\n\tbh=xwdulIiaaKLgZrV/lJNHyJbHzx0M+9VluyBt041n3GE=;\n\tb=+6T+yg+ELr+MAv2u6UoEu4XVbCVbqTcSDnpS9WgLt2/7CGcNClHk7mlOq6hXzc5ryj+1i6\n\tcJz4Jmtfv93pucDw=="],"Date":"Tue, 28 Apr 2026 09:38:21 +0200","From":"Jan Kara <jack@suse.cz>","To":"Vineet Agarwal <agarwal.vineet2006@gmail.com>","Cc":"linux-ext4@vger.kernel.org, linux-kernel@vger.kernel.org,\n\ttytso@mit.edu, adilger.kernel@dilger.ca, libaokun1@huawei.com, jack@suse.cz,\n\tojaswin@linux.ibm.com, ritesh.list@gmail.com, yi.zhang@huawei.com","Subject":"Re: [PATCH] ext4: avoid BUG_ON() in ext4_get_inline_entry()","Message-ID":"<qnbtbpu4awi3hktmfkmmrng7jaa4df42mpruuiiynyux6ua7ky@ba5mlsy5fst4>","References":"<20260427162020.49723-1-agarwal.vineet2006@gmail.com>","Precedence":"bulk","X-Mailing-List":"linux-ext4@vger.kernel.org","List-Id":"<linux-ext4.vger.kernel.org>","List-Subscribe":"<mailto:linux-ext4+subscribe@vger.kernel.org>","List-Unsubscribe":"<mailto:linux-ext4+unsubscribe@vger.kernel.org>","MIME-Version":"1.0","Content-Type":"text/plain; charset=us-ascii","Content-Disposition":"inline","In-Reply-To":"<20260427162020.49723-1-agarwal.vineet2006@gmail.com>","X-Rspamd-Action":"no action","X-Rspamd-Server":"rspamd2.dmz-prg2.suse.org","X-Spamd-Result":"default: False [-2.51 / 50.00];\n\tBAYES_HAM(-3.00)[100.00%];\n\tSUSPICIOUS_RECIPS(1.50)[];\n\tNEURAL_HAM_LONG(-1.00)[-1.000];\n\tMID_RHS_NOT_FQDN(0.50)[];\n\tNEURAL_HAM_SHORT(-0.20)[-1.000];\n\tR_DKIM_ALLOW(-0.20)[suse.cz:s=susede2_rsa,suse.cz:s=susede2_ed25519];\n\tMIME_GOOD(-0.10)[text/plain];\n\tMX_GOOD(-0.01)[];\n\tRCVD_COUNT_THREE(0.00)[3];\n\tDKIM_SIGNED(0.00)[suse.cz:s=susede2_rsa,suse.cz:s=susede2_ed25519];\n\tFREEMAIL_TO(0.00)[gmail.com];\n\tARC_NA(0.00)[];\n\tFUZZY_RATELIMITED(0.00)[rspamd.com];\n\tTO_DN_SOME(0.00)[];\n\tMIME_TRACE(0.00)[0:+];\n\tRCVD_TLS_LAST(0.00)[];\n\tFREEMAIL_ENVRCPT(0.00)[gmail.com];\n\tSPAMHAUS_XBL(0.00)[2a07:de40:b281:104:10:150:64:97:from];\n\tRCPT_COUNT_SEVEN(0.00)[10];\n\tFROM_EQ_ENVFROM(0.00)[];\n\tFROM_HAS_DN(0.00)[];\n\tTO_MATCH_ENVRCPT_ALL(0.00)[];\n\tTAGGED_RCPT(0.00)[];\n\tMISSING_XM_UA(0.00)[];\n\tRCVD_VIA_SMTP_AUTH(0.00)[];\n\tFREEMAIL_CC(0.00)[vger.kernel.org,mit.edu,dilger.ca,huawei.com,suse.cz,linux.ibm.com,gmail.com];\n\tDKIM_TRACE(0.00)[suse.cz:+];\n\tDBL_BLOCKED_OPENRESOLVER(0.00)[suse.com:email,imap1.dmz-prg2.suse.org:helo,imap1.dmz-prg2.suse.org:rdns,suse.cz:dkim]","X-Rspamd-Queue-Id":"BCAE46A81D","X-Spam-Score":"-2.51","X-Spam-Level":"","X-Spam-Status":"No, score=-1.2 required=5.0 tests=ARC_SIGNED,ARC_VALID,\n\tDKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DMARC_MISSING,\n\tHEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,\n\tSPF_PASS autolearn=disabled version=4.0.1","X-Spam-Checker-Version":"SpamAssassin 4.0.1 (2024-03-25) on gandalf.ozlabs.org"}}]