================================================================== BUG: KASAN: use-after-free in ext4_xattr_set_entry+0x355c/0x3b60 fs/ext4/xattr.c:1600 Read of size 4 at addr ffff88818fe1e004 by task syz-executor.4/20986 CPU: 0 PID: 20986 Comm: syz-executor.4 Not tainted 5.4.31-syzkaller-00071-g4be750f34531 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x14a/0x1ce lib/dump_stack.c:118 print_address_description+0x93/0x620 mm/kasan/report.c:374 __kasan_report+0x16d/0x1e0 mm/kasan/report.c:506 kasan_report+0x34/0x60 mm/kasan/common.c:634 ext4_xattr_set_entry+0x355c/0x3b60 fs/ext4/xattr.c:1600 ext4_xattr_ibody_set fs/ext4/xattr.c:2236 [inline] ext4_xattr_set_handle+0xdc3/0x1ed0 fs/ext4/xattr.c:2392 ext4_initxattrs+0xa2/0x100 fs/ext4/xattr_security.c:43 security_inode_init_security+0x27c/0x3c0 security/security.c:996 __ext4_new_inode+0x46c0/0x5cf0 fs/ext4/ialloc.c:1160 ext4_mkdir+0x41e/0x1530 fs/ext4/namei.c:2770 vfs_mkdir2+0x448/0x620 fs/namei.c:3934 do_mkdirat+0x1e7/0x310 fs/namei.c:3963 do_syscall_64+0xcb/0x150 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x45bca7 Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f7071065a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 RAX: ffffffffffffffda RBX: 00007f70710666d4 RCX: 000000000045bca7 RDX: 0000000000000003 RSI: 00000000000001ff RDI: 0000000020000000 RBP: 000000000076bf00 R08: 0000000000000000 R09: 000000000000000a R10: 0000000000000075 R11: 0000000000000246 R12: 00000000ffffffff R13: 0000000000000bdc R14: 00000000004cdfe2 R15: 000000000076bf0c The buggy address belongs to the page: page:ffffea00063f8780 refcount:0 mapcount:-128 mapping:0000000000000000 index:0x1 flags: 0x8000000000000000() raw: 8000000000000000 ffffea0006b77f88 ffffea0006383108 0000000000000000 raw: 0000000000000001 0000000000000001 00000000ffffff7f 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff88818fe1df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff88818fe1df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff88818fe1e000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff88818fe1e080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff88818fe1e100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ================================================================== EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended EXT4-fs (loop4): Couldn't mount because of unsupported optional features (1)