syzbot

EXT4-fs (sda1): Ignoring removed nomblk_io_submit option
==================================================================
EXT4-fs (sda1): Unrecognized mount option "mask=>\O����NO���>��	�c�����E�j��57" or missing value
BUG: KASAN: use-after-free in memset include/linux/string.h:332 [inline]
BUG: KASAN: use-after-free in __ext4_expand_extra_isize.isra.0+0x10b/0x1c0 fs/ext4/inode.c:5832
Write of size 4063 at addr ffff88819589e0a0 by task syz-executor.3/20036

CPU: 0 PID: 20036 Comm: syz-executor.3 Not tainted 4.14.157-syzkaller #0
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0xe5/0x154 lib/dump_stack.c:58
 print_address_description+0x60/0x226 mm/kasan/report.c:187
 __kasan_report.cold+0x1a/0x41 mm/kasan/report.c:316
 memset+0x20/0x40 mm/kasan/common.c:113
 memset include/linux/string.h:332 [inline]
 __ext4_expand_extra_isize.isra.0+0x10b/0x1c0 fs/ext4/inode.c:5832
 ext4_try_to_expand_extra_isize fs/ext4/inode.c:5884 [inline]
 ext4_mark_inode_dirty+0x471/0x7f0 fs/ext4/inode.c:5960
 ext4_evict_inode+0x6a6/0x1560 fs/ext4/inode.c:282
 evict+0x2cb/0x5f0 fs/inode.c:554
 iput_final fs/inode.c:1516 [inline]
 iput fs/inode.c:1543 [inline]
 iput+0x385/0x7f0 fs/inode.c:1528
 dentry_unlink_inode+0x25f/0x320 fs/dcache.c:387
 d_delete+0x1c5/0x280 fs/dcache.c:2414
 vfs_rmdir2 fs/namei.c:4044 [inline]
 vfs_rmdir2+0x32c/0x410 fs/namei.c:4010
 do_rmdir+0x28a/0x340 fs/namei.c:4098
 do_syscall_64+0x19b/0x520 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45a3e7
RSP: 002b:00007fffd39209c8 EFLAGS: 00000207 ORIG_RAX: 0000000000000054
RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 000000000045a3e7
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007fffd3921b60
RBP: 0000000000000053 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000005 R11: 0000000000000207 R12: 00007fffd3921b60
R13: 0000000000e42980 R14: 0000000000000000 R15: 00007fffd3922bf0

The buggy address belongs to the page:
page:ffffea0006562780 count:2 mapcount:0 mapping:ffff8881d9ab8950 index:0x466
flags: 0x400000000000203a(referenced|dirty|lru|active|private)
raw: 400000000000203a ffff8881d9ab8950 0000000000000466 00000002ffffffff
raw: ffffea00064205a0 ffffea000660ffe0 ffff8881d5242540 ffff8881da81aa80
page dumped because: kasan: bad access detected
page->mem_cgroup:ffff8881da81aa80

Memory state around the buggy address:
 ffff88819589ef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff88819589ef80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff88819589f000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                   ^
 ffff88819589f080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
 ffff88819589f100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
==================================================================