syzbot

 sign-in | mailing list | source | docs
🐞 Open [967] 🐞 Fixed [4037] 🐞 Invalid [8997] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

WARNING in ext4_xattr_set_entry

Status: fixed on 2021/11/10 00:50
Reported-by: syzbot+98b881fdd8ebf45ab4ae@syzkaller.appspotmail.com
Fix commit: 6b22489911b7 ext4: do not try to set xattr into ea_inode if value is empty
First crash: 666d, last: 579d

Cause bisection: introduced by (bisect log) [no-op commit]:
commit e0cb35095753c038f42d1b6bf68c4cd063b3fd21
Author: Eric Anholt <eric@anholt.net>
Date: Mon Oct 3 18:52:08 2016 +0000

  ARM: bcm2835: Add #define for VCHIQ property message.

Crash: WARNING in nf_unregister_net_hook (log)
Repro: C syz .config
similar bugs (2):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 WARNING in ext4_xattr_set_entry C done 12 577d 711d 1/1 fixed on 2021/04/07 11:11
linux-4.14 WARNING in ext4_xattr_set_entry C done 19 579d 735d 1/1 fixed on 2021/04/07 11:21

Sample crash report:
loop0: detected capacity change from 512 to 0
EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
ext4 filesystem being mounted at /root/file0 supports timestamps until 2038 (0x7fffffff)
------------[ cut here ]------------
WARNING: CPU: 0 PID: 8479 at fs/ext4/xattr.c:1640 ext4_xattr_set_entry+0x29f5/0x37b0 fs/ext4/xattr.c:1640
Modules linked in:
CPU: 0 PID: 8479 Comm: syz-executor006 Not tainted 5.11.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:ext4_xattr_set_entry+0x29f5/0x37b0 fs/ext4/xattr.c:1640
Code: 00 e9 dc da ff ff e8 6a 52 5b ff 48 8b 7c 24 10 45 31 ff e8 ad 29 cd ff 4c 8b b4 24 20 01 00 00 e9 bd da ff ff e8 4b 52 5b ff <0f> 0b e9 8f e6 ff ff e8 3f 52 5b ff 48 8b 54 24 48 31 f6 4c 89 e7
RSP: 0018:ffffc9000164f3a0 EFLAGS: 00010293
RAX: 0000000000000000 RBX: ffff888012286020 RCX: 0000000000000000
RDX: ffff888020538000 RSI: ffffffff82172245 RDI: 0000000000000003
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffff821708d2 R11: 0000000000000000 R12: 00000000000003dc
R13: 00000000ffffffc3 R14: ffffc9000164f818 R15: 0000000000000001
FS:  0000000001044880(0000) GS:ffff8880b9e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000559d041583f8 CR3: 000000001c4ad000 CR4: 0000000000350ef0
Call Trace:
 ext4_xattr_block_set+0x837/0x2f30 fs/ext4/xattr.c:1941
 ext4_xattr_set_handle+0xcb6/0x1260 fs/ext4/xattr.c:2389
 ext4_xattr_set+0x13a/0x340 fs/ext4/xattr.c:2490
 __vfs_setxattr+0x10e/0x170 fs/xattr.c:177
 __vfs_setxattr_noperm+0x11a/0x4c0 fs/xattr.c:208
 __vfs_setxattr_locked+0x1bf/0x250 fs/xattr.c:266
 vfs_setxattr+0x135/0x320 fs/xattr.c:291
 setxattr+0x1ff/0x290 fs/xattr.c:553
 path_setxattr+0x170/0x190 fs/xattr.c:572
 __do_sys_lsetxattr fs/xattr.c:594 [inline]
 __se_sys_lsetxattr fs/xattr.c:590 [inline]
 __x64_sys_lsetxattr+0xbd/0x150 fs/xattr.c:590
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x4445a9
Code: 8d d7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b d7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffc699e74a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd
RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00000000004445a9
RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000020000140
RBP: 00000000006cf018 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402190
R13: 0000000000402220 R14: 0000000000000000 R15: 0000000000000000

Fix bisection attempts:
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-root 2021/03/05 12:46 upstream 280d542f6ffa 79264ae3 .config log report syz C
ci-upstream-kasan-gce-root 2021/01/31 03:57 upstream 6642d600b541 79264ae3 .config log report syz C
* Struck through repros no longer work on HEAD.
Crashes (7):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-root 2021/01/01 00:36 upstream f6e1ea196492 79264ae3 .config log report syz C
ci-upstream-kasan-gce-root 2021/01/01 00:15 upstream f6e1ea196492 79264ae3 .config log report syz C
ci-upstream-kasan-gce-selinux-root 2020/12/24 13:03 upstream 58cf05f597b0 c2c1d1dd .config log report syz C
ci-upstream-kasan-gce-selinux-root 2020/12/24 12:27 upstream 58cf05f597b0 c2c1d1dd .config log report syz C
ci-upstream-kasan-gce-smack-root 2020/12/08 14:27 upstream cd796ed33450 51a9082e .config log report syz C
ci-upstream-kasan-gce-smack-root 2020/12/08 14:06 upstream cd796ed33450 51a9082e .config log report syz C
ci-upstream-linux-next-kasan-gce-root 2020/12/13 16:56 linux-next 14240d4c5b25 bca53db9 .config log report syz C
* Struck through repros no longer work on HEAD.