binder: send failed reply for transaction 22, target dead
EXT4-fs error (device sda1): ext4_xattr_set_entry:1604: inode #16641: comm syz-executor0: corrupted xattr entries
binder: send failed reply for transaction 23, target dead
==================================================================
binder: send failed reply for transaction 25, target dead
BUG: KASAN: use-after-free in memset include/linux/string.h:329 [inline]
BUG: KASAN: use-after-free in __ext4_expand_extra_isize.isra.0+0x10b/0x1c0 fs/ext4/inode.c:5787
Write of size 97 at addr ffff888177143fa0 by task syz-executor5/21918

CPU: 0 PID: 21918 Comm: syz-executor5 Not tainted 4.14.94+ #12
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0xb9/0x10e lib/dump_stack.c:53
 print_address_description+0x60/0x226 mm/kasan/report.c:252
 kasan_report_error mm/kasan/report.c:351 [inline]
 kasan_report mm/kasan/report.c:409 [inline]
 kasan_report.cold+0x88/0x2a5 mm/kasan/report.c:393

The buggy address belongs to the page:
page:ffffea0005dc50c0 count:2 mapcount:0 mapping:ffff8881d9ea8950 index:0x475
flags: 0x4000000000001074(referenced|dirty|lru|active|private)
raw: 4000000000001074 ffff8881d9ea8950 0000000000000475 00000002ffffffff
raw: ffffea0005ef1120 ffffea0005d44460 ffff8881950cd9d8 ffff8881da81aa80
page dumped because: kasan: bad access detected
page->mem_cgroup:ffff8881da81aa80

Memory state around the buggy address:
 ffff888177143f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff888177143f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff888177144000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                   ^
 ffff888177144080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
 ffff888177144100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
==================================================================
kauditd_printk_skb: 326 callbacks suppressed
audit: type=1400 audit(1548079255.176:23164): avc:  denied  { map } for  pid=3165 comm="blkid" path="/lib/x86_64-linux-gnu/libc-2.13.so" dev="sda1" ino=2784 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
binder: send failed reply for transaction 26, target dead
audit: type=1400 audit(1548079255.176:23165): avc:  denied  { map } for  pid=3165 comm="blkid" path="/lib/x86_64-linux-gnu/libc-2.13.so" dev="sda1" ino=2784 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
binder: undelivered TRANSACTION_COMPLETE
binder: undelivered TRANSACTION_ERROR: 29189
audit: type=1400 audit(1548079255.176:23166): avc:  denied  { map } for  pid=3165 comm="blkid" path="/lib/x86_64-linux-gnu/libuuid.so.1.3.0" dev="sda1" ino=2819 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
audit: type=1400 audit(1548079255.176:23167): avc:  denied  { map } for  pid=3165 comm="blkid" path="/lib/x86_64-linux-gnu/libuuid.so.1.3.0" dev="sda1" ino=2819 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
audit: type=1400 audit(1548079255.306:23168): avc:  denied  { map } for  pid=3166 comm="blkid" path="/lib/x86_64-linux-gnu/libblkid.so.1.1.0" dev="sda1" ino=2825 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
audit: type=1400 audit(1548079255.306:23169): avc:  denied  { map } for  pid=3166 comm="blkid" path="/lib/x86_64-linux-gnu/libblkid.so.1.1.0" dev="sda1" ino=2825 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1