EXT4-fs error (device sda): ext4_xattr_set_entry:1589: inode #16012: comm syz-executor.7: corrupted xattr entries EXT4-fs error (device sda): ext4_xattr_set_entry:1589: inode #16012: comm syz-executor.0: corrupted xattr entries ================================================================== BUG: KASAN: use-after-free in ext4_xattr_set_entry+0x342c/0x3850 fs/ext4/xattr.c:1586 Read of size 4 at addr ffff888031660004 by task syz-executor.1/112489 CPU: 1 PID: 112489 Comm: syz-executor.1 Not tainted 5.10.79 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x107/0x163 lib/dump_stack.c:118 print_address_description.constprop.0+0x1c/0x210 mm/kasan/report.c:385 __kasan_report mm/kasan/report.c:545 [inline] kasan_report.cold+0x37/0x7c mm/kasan/report.c:562 ext4_xattr_set_entry+0x342c/0x3850 fs/ext4/xattr.c:1586 ext4_xattr_ibody_set+0x78/0x2b0 fs/ext4/xattr.c:2225 ext4_xattr_set_handle+0x947/0x1310 fs/ext4/xattr.c:2382 ext4_initxattrs+0xb5/0x120 fs/ext4/xattr_security.c:43 security_inode_init_security+0x1a7/0x350 security/security.c:1054 __ext4_new_inode+0x383b/0x5400 fs/ext4/ialloc.c:1319 ext4_mkdir+0x32c/0xb10 fs/ext4/namei.c:2801 vfs_mkdir+0x41f/0x660 fs/namei.c:3641 do_mkdirat+0x145/0x2a0 fs/namei.c:3664 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7f5a9f5b0c27 Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffe27fca658 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f5a9f5b0c27 RDX: 0000000000002139 RSI: 00000000000001c0 RDI: 00007ffe27fca850 RBP: 00007ffe27fca85c R08: 0000000000000027 R09: 00007ffe27fd1090 R10: 00000000005e8ccc R11: 0000000000000246 R12: 00007ffe27fca850 R13: 00007f5a9f631720 R14: 00007ffe27fca680 R15: 8421084210842109 The buggy address belongs to the page: page:00000000dc0a4273 refcount:0 mapcount:-128 mapping:0000000000000000 index:0x1 pfn:0x31660 flags: 0x100000000000000() raw: 0100000000000000 ffffea0000c65908 ffffea0000c64408 0000000000000000 raw: 0000000000000001 0000000000000002 00000000ffffff7f 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff88803165ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff88803165ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff888031660000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff888031660080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff888031660100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ================================================================== Bluetooth: hci0: command 0x0409 tx timeout Bluetooth: hci1: command 0x0409 tx timeout wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready EXT4-fs error (device sda): ext4_xattr_set_entry:1589: inode #15972: comm syz-executor.1: corrupted xattr entries wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready Bluetooth: hci1: command 0x041b tx timeout EXT4-fs error (device sda): ext4_xattr_set_entry:1589: inode #15972: comm syz-executor.4: corrupted xattr entries Bluetooth: hci0: command 0x0409 tx timeout