EXT4-fs error (device sda1): ext4_xattr_set_entry:1607: inode #17281: comm syz-executor.5: corrupted xattr entries ================================================================== BUG: KASAN: use-after-free in memset include/linux/string.h:333 [inline] BUG: KASAN: use-after-free in __ext4_expand_extra_isize+0x175/0x250 fs/ext4/inode.c:5916 Write of size 3586 at addr ffff8880890253a0 by task syz-executor.0/8204 CPU: 1 PID: 8204 Comm: syz-executor.0 Not tainted 4.19.81 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 EXT4-fs error (device sda1): ext4_xattr_set_entry:1607: inode #16530: comm syz-executor.4: corrupted xattr entries Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x172/0x1f0 lib/dump_stack.c:113 print_address_description.cold+0x7c/0x20d mm/kasan/report.c:256 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report mm/kasan/report.c:412 [inline] kasan_report.cold+0x8c/0x2ba mm/kasan/report.c:396 check_memory_region_inline mm/kasan/kasan.c:260 [inline] check_memory_region+0x123/0x190 mm/kasan/kasan.c:267 memset+0x24/0x40 mm/kasan/kasan.c:285 memset include/linux/string.h:333 [inline] __ext4_expand_extra_isize+0x175/0x250 fs/ext4/inode.c:5916 ext4_try_to_expand_extra_isize fs/ext4/inode.c:5968 [inline] ext4_mark_inode_dirty+0x6f0/0x940 fs/ext4/inode.c:6044 EXT4-fs error (device sda1): ext4_xattr_set_entry:1607: inode #16530: comm syz-executor.4: corrupted xattr entries EXT4-fs error (device sda1): ext4_xattr_set_entry:1607: inode #16530: comm syz-executor.4: corrupted xattr entries EXT4-fs error (device sda1): ext4_xattr_set_entry:1607: inode #16531: comm syz-executor.2: corrupted xattr entries add_dirent_to_buf+0x402/0x680 fs/ext4/namei.c:1907 ext4_add_entry+0x554/0xba0 fs/ext4/namei.c:2105 EXT4-fs error (device sda1): ext4_xattr_set_entry:1607: inode #16530: comm syz-executor.2: corrupted xattr entries ext4_mkdir+0x73f/0xdf0 fs/ext4/namei.c:2663 EXT4-fs error (device sda1): ext4_xattr_set_entry:1607: inode #16491: comm syz-executor.2: corrupted xattr entries vfs_mkdir+0x42e/0x690 fs/namei.c:3816 do_mkdirat+0x234/0x2a0 fs/namei.c:3839 EXT4-fs error (device sda1): ext4_xattr_set_entry:1607: inode #16491: comm syz-executor.1: corrupted xattr entries __do_sys_mkdir fs/namei.c:3855 [inline] __se_sys_mkdir fs/namei.c:3853 [inline] __x64_sys_mkdir+0x5c/0x80 fs/namei.c:3853 do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x459367 Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007ffd04bf7b28 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 RAX: ffffffffffffffda RBX: 00000000001e64b4 RCX: 0000000000459367 RDX: 00007ffd04bf7b76 RSI: 00000000000001ff RDI: 00007ffd04bf7b70 RBP: 0000000000003d14 R08: 0000000000000000 R09: 0000000000000006 R10: 0000000000000064 R11: 0000000000000206 R12: 0000000000000006 R13: 00007ffd04bf7b60 R14: 00000000001e6425 R15: 00007ffd04bf7b70 The buggy address belongs to the page: page:ffffea0002240940 count:2 mapcount:0 mapping:ffff88821994db58 index:0x42d flags: 0x1fffc0000001074(referenced|dirty|lru|active|private) raw: 01fffc0000001074 ffffea0001b96348 ffffea0002709a08 ffff88821994db58 raw: 000000000000042d ffff88809651f3f0 00000002ffffffff ffff888055eb6100 page dumped because: kasan: bad access detected page->mem_cgroup:ffff888055eb6100 Memory state around the buggy address: ffff888089025f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff888089025f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff888089026000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff888089026080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff888089026100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ==================================================================