device bridge_slave_1 left promiscuous mode bridge0: port 2(bridge_slave_1) entered disabled state device bridge_slave_0 left promiscuous mode bridge0: port 1(bridge_slave_0) entered disabled state ================================================================== BUG: KASAN: use-after-free in ext4_xattr_set_entry+0x2f6a/0x3d70 fs/ext4/xattr.c:1600 Read of size 4 at addr ffff8801a5c16070 by task syz-executor4/27719 CPU: 1 PID: 27719 Comm: syz-executor4 Not tainted 4.19.0+ #92 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x244/0x39d lib/dump_stack.c:113 print_address_description.cold.7+0x9/0x1ff mm/kasan/report.c:256 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report.cold.8+0x242/0x309 mm/kasan/report.c:412 __asan_report_load4_noabort+0x14/0x20 mm/kasan/report.c:432 ext4_xattr_set_entry+0x2f6a/0x3d70 fs/ext4/xattr.c:1600 ext4_xattr_ibody_set+0x81/0x2b0 fs/ext4/xattr.c:2240 ext4_xattr_set_handle+0xb8f/0x1650 fs/ext4/xattr.c:2394 ext4_initxattrs+0xbd/0x120 fs/ext4/xattr_security.c:43 security_inode_init_security+0x1d1/0x3d0 security/security.c:513 ext4_init_security+0x34/0x40 fs/ext4/xattr_security.c:57 __ext4_new_inode+0x4a61/0x65a0 fs/ext4/ialloc.c:1160 ext4_mkdir+0x2e1/0xe60 fs/ext4/namei.c:2625 vfs_mkdir+0x42e/0x6b0 fs/namei.c:3817 do_mkdirat+0x27a/0x310 fs/namei.c:3840 __do_sys_mkdir fs/namei.c:3856 [inline] __se_sys_mkdir fs/namei.c:3854 [inline] __x64_sys_mkdir+0x5c/0x80 fs/namei.c:3854 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x456987 Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd bf fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad bf fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007ffed33fc0e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 0000000000456987 RDX: 000000000000001d RSI: 00000000000001c0 RDI: 00007ffed33fc2a0 RBP: 0000000000000001 R08: 000000000000f8f8 R09: 000000000001c2c0 R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 R13: 00007ffed33fc2a0 R14: 8421084210842109 R15: 00007ffed33fc2ac The buggy address belongs to the page: page:ffffea0006970580 count:0 mapcount:-128 mapping:0000000000000000 index:0x1 flags: 0x2fffc0000000000() raw: 02fffc0000000000 ffffea000686ce08 ffffea0006f02d88 0000000000000000 raw: 0000000000000001 0000000000000001 00000000ffffff7f 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8801a5c15f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff8801a5c15f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff8801a5c16000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff8801a5c16080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff8801a5c16100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ==================================================================