syzbot

IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
EXT4-fs error (device sda1): ext4_xattr_set_entry:1605: inode #16496: comm syz-executor526: corrupted xattr entries
==================================================================
BUG: KASAN: use-after-free in ext4_xattr_set_entry+0x3149/0x3230 fs/ext4/xattr.c:1602
Read of size 4 at addr ffff88808681a483 by task syz-executor526/7015

CPU: 0 PID: 7015 Comm: syz-executor526 Not tainted 4.14.158-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x142/0x197 lib/dump_stack.c:58
device hsr_slave_0 entered promiscuous mode
 print_address_description.cold+0x7c/0x1dc mm/kasan/report.c:252
 kasan_report_error mm/kasan/report.c:351 [inline]
 kasan_report mm/kasan/report.c:409 [inline]
 kasan_report.cold+0xa9/0x2af mm/kasan/report.c:393
 __asan_report_load4_noabort+0x14/0x20 mm/kasan/report.c:429
 ext4_xattr_set_entry+0x3149/0x3230 fs/ext4/xattr.c:1602
 ext4_xattr_ibody_set+0x7a/0x2a0 fs/ext4/xattr.c:2238
 ext4_xattr_set_handle+0x4f5/0xda0 fs/ext4/xattr.c:2394
 ext4_initxattrs+0xc0/0x130 fs/ext4/xattr_security.c:43
 security_inode_init_security security/security.c:492 [inline]
 security_inode_init_security+0x26d/0x360 security/security.c:465
 ext4_init_security+0x34/0x40 fs/ext4/xattr_security.c:57
 __ext4_new_inode+0x3385/0x4860 fs/ext4/ialloc.c:1166
 ext4_mkdir+0x331/0xc20 fs/ext4/namei.c:2657
 vfs_mkdir+0x3ca/0x610 fs/namei.c:3846
 SYSC_mkdirat fs/namei.c:3869 [inline]
 SyS_mkdirat fs/namei.c:3853 [inline]
 SYSC_mkdir fs/namei.c:3880 [inline]
 SyS_mkdir+0x1b7/0x200 fs/namei.c:3878
 do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x44cc57
RSP: 002b:00007ffdb7b64348 EFLAGS: 00000206 ORIG_RAX: 0000000000000053
RAX: ffffffffffffffda RBX: 000000000000bc1c RCX: 000000000044cc57
RDX: 00007ffdb7b643b3 RSI: 00000000000001ff RDI: 00007ffdb7b643b0
RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003
R10: 0000000000000064 R11: 0000000000000206 R12: 0000000000000001
R13: 000000000040a5d0 R14: 0000000000000000 R15: 0000000000000000

The buggy address belongs to the page:
page:ffffea00021a0680 count:0 mapcount:0 mapping:          (null) index:0x1
flags: 0xfffe0000000000()
raw: 00fffe0000000000 0000000000000000 0000000000000001 00000000ffffffff
raw: ffffea00021849e0 ffffea00025e2720 0000000000000000 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff88808681a380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
 ffff88808681a400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
>ffff88808681a480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                   ^
 ffff88808681a500: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
 ffff88808681a580: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
==================================================================