CVE-2025-68261

In the Linux kernel, the following vulnerability has been resolved:

ext4: add idatasem protection in ext4destroyinlinedatanolock()

Fix a race between inline data destruction and block mapping.

The function ext4destroyinlinedatanolock() changes the inode data layout by clearing EXT4INODEINLINEDATA and setting EXT4INODEEXTENTS. At the same time, another thread may execute ext4mapblocks(), which tests EXT4INODEEXTENTS to decide whether to call ext4extmapblocks() or ext4indmap_blocks().

Without idatasem protection, ext4indmapblocks() may receive inode with EXT4INODE_EXTENTS flag and triggering assert.

kernel BUG at fs/ext4/indirect.c:546! EXT4-fs (loop2): unmounting filesystem. invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:ext4indmap_blocks.cold+0x2b/0x5a fs/ext4/indirect.c:546

Call Trace: <TASK> ext4mapblocks+0xb9b/0x16f0 fs/ext4/inode.c:681 ext4getblock+0x242/0x590 fs/ext4/inode.c:822 ext4blockwritebegin+0x48b/0x12c0 fs/ext4/inode.c:1124 ext4writebegin+0x598/0xef0 fs/ext4/inode.c:1255 ext4dawritebegin+0x21e/0x9c0 fs/ext4/inode.c:3000 genericperformwrite+0x259/0x5d0 mm/filemap.c:3846 ext4bufferedwriteiter+0x15b/0x470 fs/ext4/file.c:285 ext4filewriteiter+0x8e0/0x17f0 fs/ext4/file.c:679 callwriteiter include/linux/fs.h:2271 [inline] doiterreadvwritev+0x212/0x3c0 fs/readwrite.c:735 doiterwrite+0x186/0x710 fs/readwrite.c:861 vfsiterwrite+0x70/0xa0 fs/readwrite.c:902 iterfilesplicewrite+0x73b/0xc90 fs/splice.c:685 dosplicefrom fs/splice.c:763 [inline] directspliceactor+0x10f/0x170 fs/splice.c:950 splicedirecttoactor+0x33a/0xa10 fs/splice.c:896 dosplicedirect+0x1a9/0x280 fs/splice.c:1002 dosendfile+0xb13/0x12c0 fs/read_write.c:1255 __dosyssendfile64 fs/read_write.c:1323 [inline] __sesyssendfile64 fs/read_write.c:1309 [inline] _x64syssendfile64+0x1cf/0x210 fs/readwrite.c:1309 dosyscallx64 arch/x86/entry/common.c:51 [inline] dosyscall64+0x35/0x80 arch/x86/entry/common.c:81 entrySYSCALL64afterhwframe+0x6e/0xd8