EXT4-fs (sda1): Unrecognized mount option "euid=00000000000000000000" or missing value ================================================================== BUG: KASAN: use-after-free in memset include/linux/string.h:332 [inline] BUG: KASAN: use-after-free in __ext4_expand_extra_isize.isra.0+0x10b/0x1c0 fs/ext4/inode.c:5796 Write of size 1091502048 at addr ffff8881d1fc81a0 by task rs:main Q:Reg/1631 CPU: 0 PID: 1631 Comm: rs:main Q:Reg Not tainted 4.14.142+ #0 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0xca/0x134 lib/dump_stack.c:53 print_address_description+0x60/0x226 mm/kasan/report.c:187 __kasan_report.cold+0x1a/0x41 mm/kasan/report.c:316 memset+0x20/0x40 mm/kasan/common.c:113 memset include/linux/string.h:332 [inline] __ext4_expand_extra_isize.isra.0+0x10b/0x1c0 fs/ext4/inode.c:5796 ext4_try_to_expand_extra_isize fs/ext4/inode.c:5848 [inline] ext4_mark_inode_dirty+0x471/0x7f0 fs/ext4/inode.c:5924 kasan: CONFIG_KASAN_INLINE enabled ext4_da_write_end+0x5ab/0xc40 fs/ext4/inode.c:3190 generic_perform_write+0x281/0x460 mm/filemap.c:3143 kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] PREEMPT SMP KASAN NOPTI Modules linked in: __generic_file_write_iter+0x32e/0x550 mm/filemap.c:3257 CPU: 1 PID: 7755 Comm: syz-executor.2 Not tainted 4.14.142+ #0 ext4_file_write_iter+0x58f/0xdb0 fs/ext4/file.c:268 task: 0000000038df89c0 task.stack: 00000000ae5a8b37 RIP: 0010:__read_once_size include/linux/compiler.h:183 [inline] RIP: 0010:mm_update_next_owner+0x391/0x610 kernel/exit.c:451 RSP: 0018:ffff8881c64afd28 EFLAGS: 00010202 call_write_iter include/linux/fs.h:1788 [inline] new_sync_write fs/read_write.c:471 [inline] __vfs_write+0x401/0x5a0 fs/read_write.c:484 RAX: 0000000000000002 RBX: dffffc0000000000 RCX: ffffffffaa40f55b RDX: 0000000000000000 RSI: 0000000000000100 RDI: ffff8881d0c69e30 RBP: 0000000000000000 R08: ffff8881d226cab8 R09: fffffbfff58c1219 R10: fffffbfff58c1218 R11: ffffffffac6090c3 R12: ffff888195c6c780 R13: 0000000000000010 R14: ffff88819e6ac680 R15: ffff8881d2ed5800 vfs_write+0x17f/0x4d0 fs/read_write.c:546 FS: 0000000000000000(0000) GS:ffff8881dbb00000(0000) knlGS:0000000000000000 SYSC_write fs/read_write.c:594 [inline] SyS_write+0x102/0x250 fs/read_write.c:586 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000402780 CR3: 000000009bc26006 CR4: 00000000001606a0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600 Call Trace: exit_mm kernel/exit.c:544 [inline] do_exit+0x8fd/0x2a20 kernel/exit.c:862 do_syscall_64+0x19b/0x520 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x7ffa594f719d RSP: 002b:00007ffa57a98000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 do_group_exit+0x100/0x2e0 kernel/exit.c:978 RAX: ffffffffffffffda RBX: 0000000000000088 RCX: 00007ffa594f719d SYSC_exit_group kernel/exit.c:989 [inline] SyS_exit_group+0x19/0x20 kernel/exit.c:987 RDX: 0000000000000088 RSI: 0000000000c87a90 RDI: 0000000000000001 RBP: 0000000000c87a90 R08: 303030303030303d R09: 3030303030303030 R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 do_syscall_64+0x19b/0x520 arch/x86/entry/common.c:292 R13: 00007ffa57a98480 R14: 0000000000000001 R15: 0000000000c87890 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x4598e9 The buggy address belongs to the page: RSP: 002b:00007ffc19025848 EFLAGS: 00000246 page:ffffea000747f200 count:2 mapcount:0 mapping:ffff8881da4170d0 index:0x427 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00000000004598e9 flags: 0x400000000000203a(referenced|dirty|lru|active|private) RDX: 0000000000457db1 RSI: 00007ffc19025880 RDI: 000000000000000b raw: 400000000000203a ffff8881da4170d0 0000000000000427 00000002ffffffff RBP: 0000000000000001 R08: ffffffffffffffff R09: 0000000000000000 raw: ffffea000747f260 ffffea0007478c20 ffff8881ce762d20 ffff8881da81aa80 R10: 00000000cb652bc0 R11: 0000000000000246 R12: 000000000075bf20 page dumped because: kasan: bad access detected R13: 000000000075c9a0 R14: 0000000000761010 R15: ffffffffffffffff page->mem_cgroup:ffff8881da81aa80 Code: 00 Memory state around the buggy address: 48 ffff8881d1ffff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8d ffff8881d1ffff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bd >ffff8881d2000000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb c8 ^ 02 ffff8881d2000080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb 00 ffff8881d2000100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb 00 ================================================================== 48 kasan: CONFIG_KASAN_INLINE enabled 89 kasan: GPF could be caused by NULL-ptr deref or user memory access f8 48 c1 e8 03 80 3c 18 00 0f 85 44 02 00 00 48 8b ad c8 02 00 00 4c 8d 6d 10 4c 89 e8 48 c1 e8 03 <80> 3c 18 00 0f 85 1b 02 00 00 48 8b 45 10 48 8d a8 58 fa ff ff RIP: __read_once_size include/linux/compiler.h:183 [inline] RSP: ffff8881c64afd28 RIP: mm_update_next_owner+0x391/0x610 kernel/exit.c:451 RSP: ffff8881c64afd28 general protection fault: 0000 [#2] PREEMPT SMP KASAN NOPTI ---[ end trace f1fba5dd7f02f13d ]--- Modules linked in: CPU: 0 PID: 1631 Comm: rs:main Q:Reg Tainted: G B D 4.14.142+ #0 task: 00000000afae39d7 task.stack: 00000000663034d5