EXT4-fs (sda1): Cannot specify journal on remount EXT4-fs error (device sda1): ext4_expand_extra_isize_ea:2730: inode #16914: comm syz-executor.4: corrupted in-inode xattr ================================================================== BUG: KASAN: use-after-free in memset include/linux/string.h:332 [inline] BUG: KASAN: use-after-free in __ext4_expand_extra_isize.isra.0+0x10b/0x1c0 fs/ext4/inode.c:5832 EXT4-fs error (device sda1): ext4_expand_extra_isize_ea:2730: inode #16505: comm syz-executor.3: corrupted in-inode xattr Write of size 2147483615 at addr ffff8881d1b901a0 by task rs:main Q:Reg/1633 CPU: 0 PID: 1633 Comm: rs:main Q:Reg Not tainted 4.14.150+ #0 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0xca/0x134 lib/dump_stack.c:53 print_address_description+0x60/0x226 mm/kasan/report.c:187 __kasan_report.cold+0x1a/0x41 mm/kasan/report.c:316 EXT4-fs (sda1): Remounting filesystem read-only memset+0x20/0x40 mm/kasan/common.c:113 EXT4-fs (sda1): Remounting filesystem read-only memset include/linux/string.h:332 [inline] __ext4_expand_extra_isize.isra.0+0x10b/0x1c0 fs/ext4/inode.c:5832 EXT4-fs warning (device sda1): ext4_expand_extra_isize_ea:2796: Unable to expand inode 16505. Delete some EAs or run e2fsck. ext4_try_to_expand_extra_isize fs/ext4/inode.c:5884 [inline] ext4_mark_inode_dirty+0x471/0x7f0 fs/ext4/inode.c:5960 ext4_da_write_end+0x5ab/0xc40 fs/ext4/inode.c:3204 generic_perform_write+0x281/0x460 mm/filemap.c:3143 EXT4-fs warning (device sda1): ext4_expand_extra_isize_ea:2796: Unable to expand inode 16914. Delete some EAs or run e2fsck. __generic_file_write_iter+0x32e/0x550 mm/filemap.c:3257 ext4_file_write_iter+0x58f/0xdb0 fs/ext4/file.c:268 call_write_iter include/linux/fs.h:1798 [inline] new_sync_write fs/read_write.c:471 [inline] __vfs_write+0x401/0x5a0 fs/read_write.c:484 vfs_write+0x17f/0x4d0 fs/read_write.c:546 SYSC_write fs/read_write.c:594 [inline] SyS_write+0x102/0x250 fs/read_write.c:586 do_syscall_64+0x19b/0x520 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x7f419691a19d RSP: 002b:00007f4194ebb000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000000000000010e RCX: 00007f419691a19d RDX: 000000000000010e RSI: 00000000011cea90 RDI: 0000000000000005 RBP: 00000000011cea90 R08: 00000000011ceaf3 R09: 00007f4196297b27 R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 R13: 00007f4194ebb480 R14: 0000000000000002 R15: 00000000011ce890 The buggy address belongs to the page: page:ffffea000746e400 count:2 mapcount:0 mapping:ffff8881d99f6550 index:0x427 flags: 0x400000000000203a(referenced|dirty|lru|active|private) raw: 400000000000203a ffff8881d99f6550 0000000000000427 00000002ffffffff raw: ffffea000744abe0 ffffea00074323e0 ffff8881ced66930 ffff8881da81aa80 page dumped because: kasan: bad access detected page->mem_cgroup:ffff8881da81aa80 Memory state around the buggy address: ffff8881d1c02f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff8881d1c02f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff8881d1c03000: fb fb fb fb fb fb fb fb fc fc fc fc fb fb fb fb ^ ffff8881d1c03080: fb fb fb fb fc fc fc fc fb fb fb fb fb fb fb fb ffff8881d1c03100: fc fc fc fc fb fb fb fb fb fb fb fb fc fc fc fc ================================================================== EXT4-fs error (device sda1): ext4_expand_extra_isize_ea:2730: inode #17041: comm syz-executor.2: corrupted in-inode xattr EXT4-fs error (device sda1): ext4_expand_extra_isize_ea:2730: inode #16506: comm syz-executor.1: corrupted in-inode xattr EXT4-fs error (device sda1): ext4_expand_extra_isize_ea:2730: inode #16786: comm syz-executor.5: corrupted in-inode xattr EXT4-fs error (device sda1): ext4_expand_extra_isize_ea:2730: inode #16769: comm syz-executor.1: corrupted in-inode xattr EXT4-fs error (device sda1): ext4_expand_extra_isize_ea:2730: inode #16610: comm syz-executor.2: corrupted in-inode xattr EXT4-fs error (device sda1): ext4_expand_extra_isize_ea:2730: inode #16945: comm syz-executor.5: corrupted in-inode xattr EXT4-fs error (device sda1): ext4_expand_extra_isize_ea:2730: inode #16508: comm syz-executor.0: corrupted in-inode xattr EXT4-fs error (device sda1): ext4_expand_extra_isize_ea:2730: inode #16885: comm syz-executor.1: corrupted in-inode xattr kasan: CONFIG_KASAN_INLINE enabled list_del corruption. next->prev should be 00000000897039a6, but was (null) kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] PREEMPT SMP KASAN NOPTI Modules linked in: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 5330 at lib/list_debug.c:54 __list_del_entry_valid.cold+0x45/0x6e lib/list_debug.c:54 CPU: 1 PID: 1866 Comm: syz-executor.2 Tainted: G B 4.14.150+ #0