https://bugzilla.kernel.org/show_bug.cgi?id=200401 Theodore Tso (tytso@xxxxxxx) changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |tytso@xxxxxxx --- Comment #2 from Theodore Tso (tytso@xxxxxxx) --- Here's an even simpler repro: # mkdir mnt # mount -t ext4 final.img mnt # touch mnt/foo <crash> This is another case of "we're trying to expand the inode's extra i_size". Interestingly, e2fsck does *not* report the file system as corrupted. The abnormality of the file system is found here: % debugfs /tmp/poc-200401.img debugfs 1.44.3 (10-July-2018) debugfs: idump -x foo magic = ea020000, length = 96, value_start =4 offset = 4 (0004), name_len = 4, name_index = 7 value_offset = 0 (0004), value_inum = 0, value_size = 0 name = data offset = 24 (0030), name_len = 30, name_index = 0 value_offset = 0 (0004), value_inum = 0, value_size = 0 name = ^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ last entry found at offset 72 (0110) The problem is that name_len is 30, but the name contains a NUL character, which the xattr code is not expecting, and fails to handle correctly. The simple fix is to add the sanity check, and refuse to deal with an xattr entry with an embedded NUL in the name. -- You are receiving this mail because: You are watching the assignee of the bug.
