WARNING in ext4_xattr_set

WARNING in ext4_xattr_set_entry
Status: upstream: reported C repro on 2020/12/12 14:13
Reported-by: syzbot+98b881fdd8ebf45ab4ae@syzkaller.appspotmail.com
Fix commit: 6b22489911b7 ext4: do not try to set xattr into ea_inode if value is empty
Patched on: [ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-qemu2-riscv64 ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-leak ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce ci-upstream-kmsan-gce-386 ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-kcsan-gce ci2-upstream-usb], missing on: [ci-qemu2-arm32]
First crash: 229d, last: 142d

Cause bisection: introduced by (bisect log) [no-op commit]:
commit e0cb35095753c038f42d1b6bf68c4cd063b3fd21
Author: Eric Anholt <eric@anholt.net>
Date: Mon Oct 3 18:52:08 2016 +0000

ARM: bcm2835: Add #define for VCHIQ property message.

Crash: WARNING in nf_unregister_net_hook (log)
Repro: C syz .config

similar bugs (2):
Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
linux-4.19	WARNING in ext4_xattr_set_entry	C		done	12	139d	273d	1/1	fixed on 2021/04/07 11:11
linux-4.14	WARNING in ext4_xattr_set_entry	C		done	19	141d	297d	1/1	fixed on 2021/04/07 11:21

Sample crash report:

loop0: detected capacity change from 512 to 0
EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
ext4 filesystem being mounted at /root/file0 supports timestamps until 2038 (0x7fffffff)
------------[ cut here ]------------
WARNING: CPU: 0 PID: 8479 at fs/ext4/xattr.c:1640 ext4_xattr_set_entry+0x29f5/0x37b0 fs/ext4/xattr.c:1640
Modules linked in:
CPU: 0 PID: 8479 Comm: syz-executor006 Not tainted 5.11.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:ext4_xattr_set_entry+0x29f5/0x37b0 fs/ext4/xattr.c:1640
Code: 00 e9 dc da ff ff e8 6a 52 5b ff 48 8b 7c 24 10 45 31 ff e8 ad 29 cd ff 4c 8b b4 24 20 01 00 00 e9 bd da ff ff e8 4b 52 5b ff <0f> 0b e9 8f e6 ff ff e8 3f 52 5b ff 48 8b 54 24 48 31 f6 4c 89 e7
RSP: 0018:ffffc9000164f3a0 EFLAGS: 00010293
RAX: 0000000000000000 RBX: ffff888012286020 RCX: 0000000000000000
RDX: ffff888020538000 RSI: ffffffff82172245 RDI: 0000000000000003
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffff821708d2 R11: 0000000000000000 R12: 00000000000003dc
R13: 00000000ffffffc3 R14: ffffc9000164f818 R15: 0000000000000001
FS:  0000000001044880(0000) GS:ffff8880b9e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000559d041583f8 CR3: 000000001c4ad000 CR4: 0000000000350ef0
Call Trace:
 ext4_xattr_block_set+0x837/0x2f30 fs/ext4/xattr.c:1941
 ext4_xattr_set_handle+0xcb6/0x1260 fs/ext4/xattr.c:2389
 ext4_xattr_set+0x13a/0x340 fs/ext4/xattr.c:2490
 __vfs_setxattr+0x10e/0x170 fs/xattr.c:177
 __vfs_setxattr_noperm+0x11a/0x4c0 fs/xattr.c:208
 __vfs_setxattr_locked+0x1bf/0x250 fs/xattr.c:266
 vfs_setxattr+0x135/0x320 fs/xattr.c:291
 setxattr+0x1ff/0x290 fs/xattr.c:553
 path_setxattr+0x170/0x190 fs/xattr.c:572
 __do_sys_lsetxattr fs/xattr.c:594 [inline]
 __se_sys_lsetxattr fs/xattr.c:590 [inline]
 __x64_sys_lsetxattr+0xbd/0x150 fs/xattr.c:590
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x4445a9
Code: 8d d7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b d7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffc699e74a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd
RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00000000004445a9
RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000020000140
RBP: 00000000006cf018 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402190
R13: 0000000000402220 R14: 0000000000000000 R15: 0000000000000000

Fix bisection attempts:
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Title
ci-upstream-kasan-gce-root	2021/03/05 12:46	upstream	280d542f6ffa	79264ae3	.config	log	report	syz	C
ci-upstream-kasan-gce-root	2021/01/31 03:57	upstream	6642d600b541	79264ae3	.config	log	report	syz	C

Crashes (7):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro
ci-upstream-kasan-gce-root	2021/01/01 00:36	upstream	f6e1ea196492	79264ae3	.config	log	report	syz	C
ci-upstream-kasan-gce-root	2021/01/01 00:15	upstream	f6e1ea196492	79264ae3	.config	log	report	syz	C
ci-upstream-kasan-gce-selinux-root	2020/12/24 13:03	upstream	58cf05f597b0	c2c1d1dd	.config	log	report	syz	C
ci-upstream-kasan-gce-selinux-root	2020/12/24 12:27	upstream	58cf05f597b0	c2c1d1dd	.config	log	report	syz	C
ci-upstream-kasan-gce-smack-root	2020/12/08 14:27	upstream	cd796ed33450	51a9082e	.config	log	report	syz	C
ci-upstream-kasan-gce-smack-root	2020/12/08 14:06	upstream	cd796ed33450	51a9082e	.config	log	report	syz	C
ci-upstream-linux-next-kasan-gce-root	2020/12/13 16:56	linux-next	14240d4c5b25	bca53db9	.config	log	report	syz	C