EXT4-fs (sda1): Unrecognized mount option "fowner=00000000000000003327" or missing value ================================================================== BUG: KASAN: use-after-free in memset include/linux/string.h:332 [inline] BUG: KASAN: use-after-free in __ext4_expand_extra_isize.isra.0+0x10b/0x1c0 fs/ext4/inode.c:5832 Write of size 213664719 at addr ffff8881c80611a0 by task rs:main Q:Reg/1633 CPU: 1 PID: 1633 Comm: rs:main Q:Reg Not tainted 4.14.150+ #0 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0xca/0x134 lib/dump_stack.c:53 print_address_description+0x60/0x226 mm/kasan/report.c:187 kasan: CONFIG_KASAN_INLINE enabled __kasan_report.cold+0x1a/0x41 mm/kasan/report.c:316 memset+0x20/0x40 mm/kasan/common.c:113 memset include/linux/string.h:332 [inline] __ext4_expand_extra_isize.isra.0+0x10b/0x1c0 fs/ext4/inode.c:5832 ext4_try_to_expand_extra_isize fs/ext4/inode.c:5884 [inline] ext4_mark_inode_dirty+0x471/0x7f0 fs/ext4/inode.c:5960 ext4_dirty_inode+0x6c/0x90 fs/ext4/inode.c:5994 __mark_inode_dirty+0x69c/0x1080 fs/fs-writeback.c:2141 mark_inode_dirty include/linux/fs.h:2050 [inline] generic_write_end+0x19a/0x250 fs/buffer.c:2218 ext4_da_write_end+0x25b/0xc40 fs/ext4/inode.c:3214 generic_perform_write+0x281/0x460 mm/filemap.c:3143 __generic_file_write_iter+0x32e/0x550 mm/filemap.c:3257 ext4_file_write_iter+0x58f/0xdb0 fs/ext4/file.c:268 call_write_iter include/linux/fs.h:1798 [inline] new_sync_write fs/read_write.c:471 [inline] __vfs_write+0x401/0x5a0 fs/read_write.c:484 vfs_write+0x17f/0x4d0 fs/read_write.c:546 SYSC_write fs/read_write.c:594 [inline] SyS_write+0x102/0x250 fs/read_write.c:586 do_syscall_64+0x19b/0x520 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x7fd7a04da19d RSP: 002b:00007fd79ea7b000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000000000000008a RCX: 00007fd7a04da19d RDX: 000000000000008a RSI: 00000000010f2a90 RDI: 0000000000000005 RBP: 00000000010f2a90 R08: 30303030303d7265 R09: 3030303030303030 R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 R13: 00007fd79ea7b480 R14: 0000000000000001 R15: 00000000010f2890 The buggy address belongs to the page: kasan: GPF could be caused by NULL-ptr deref or user memory access page:ffffea0007201840 count:2 mapcount:0 mapping:ffff8881d55f6550 index:0x427 general protection fault: 0000 [#1] PREEMPT SMP KASAN NOPTI flags: 0x400000000000203a(referenced|dirty|lru|active|private) Modules linked in: raw: 400000000000203a ffff8881d55f6550 0000000000000427 00000002ffffffff CPU: 0 PID: 3608 Comm: syz-executor.2 Not tainted 4.14.150+ #0 raw: ffffea0007201820 ffffea0007202260 ffff8881cafab2a0 ffff8881d641aa80 task: 000000004ea18c2a task.stack: 000000004650dea5 page dumped because: kasan: bad access detected RIP: 0010:__rb_insert lib/rbtree.c:131 [inline] RIP: 0010:rb_insert_color_cached+0x97/0x9d0 lib/rbtree.c:469 page->mem_cgroup:ffff8881d641aa80 RSP: 0000:ffff8881d7407b08 EFLAGS: 00010002 Memory state around the buggy address: RAX: 0000000000000001 RBX: 0000000000000000 RCX: 1ffff1103acc85f2 ffff8881c86f7f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 RDX: 0000000000000000 RSI: ffff8881d7429308 RDI: ffff8881d6642f90 ffff8881c86f7f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 RBP: ffff8881c41aaf90 R08: 00000000a9a15ab4 R09: fffffbfff1dc847d >ffff8881c86f8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 R10: fffffbfff1dc847c R11: 0000000000000003 R12: ffff8881d6642f90 ^ R13: dffffc0000000000 R14: 0000000000000008 R15: 00000000005b8d80 ffff8881c86f8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FS: 0000000001b72940(0000) GS:ffff8881d7400000(0000) knlGS:0000000000000000 ffff8881c86f8100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b2e622000 CR3: 00000001c29d6002 CR4: 00000000001606b0 ================================================================== DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: enqueue_entity kernel/sched/fair.c:4005 [inline] enqueue_task_fair+0xbf4/0x6300 kernel/sched/fair.c:5354 ttwu_activate kernel/sched/core.c:1686 [inline] ttwu_do_activate+0xd3/0x200 kernel/sched/core.c:1745 ttwu_queue kernel/sched/core.c:1890 [inline] try_to_wake_up+0x803/0x1290 kernel/sched/core.c:2130 call_timer_fn+0x15b/0x6a0 kernel/time/timer.c:1279 expire_timers+0x227/0x4c0 kernel/time/timer.c:1318 __run_timers kernel/time/timer.c:1636 [inline] run_timer_softirq+0x1eb/0x5d0 kernel/time/timer.c:1649 __do_softirq+0x234/0x9ec kernel/softirq.c:288 invoke_softirq kernel/softirq.c:368 [inline] irq_exit+0x114/0x150 kernel/softirq.c:409 exiting_irq arch/x86/include/asm/apic.h:648 [inline] smp_apic_timer_interrupt+0x1a7/0x650 arch/x86/kernel/apic/apic.c:1102 apic_timer_interrupt+0x8c/0xa0 arch/x86/entry/entry_64.S:792 RIP: 0010:memset_erms+0x9/0x10 arch/x86/lib/memset_64.S:66 RSP: 0000:ffff888197e8f938 EFLAGS: 00010282 ORIG_RAX: ffffffffffffff10 RAX: 0000000000000000 RBX: 0000000000000020 RCX: 000000000b31bf2f RDX: 000000000cbc43cf RSI: 0000000000000000 RDI: ffff8881c4927f40 RBP: ffff8881be5d5af8 R08: ffffed103866a808 R09: ffff8881c307faa0 R10: ffffed1039f887cd R11: ffff8881cfc43e6e R12: 0000000000000000 R13: 000000000cbc43ef R14: ffff8881c307faa0 R15: 0000000000000001 memset include/linux/string.h:332 [inline] __ext4_expand_extra_isize.isra.0+0x10b/0x1c0 fs/ext4/inode.c:5832 ext4_try_to_expand_extra_isize fs/ext4/inode.c:5884 [inline] ext4_mark_inode_dirty+0x471/0x7f0 fs/ext4/inode.c:5960 ext4_dirty_inode+0x6c/0x90 fs/ext4/inode.c:5994 __mark_inode_dirty+0x69c/0x1080 fs/fs-writeback.c:2141 generic_update_time+0x1b0/0x270 fs/inode.c:1650 update_time fs/inode.c:1666 [inline] file_update_time+0x269/0x390 fs/inode.c:1882 ext4_page_mkwrite+0x1d9/0x1030 fs/ext4/inode.c:6145 do_page_mkwrite+0xd9/0x2f0 mm/memory.c:2383 do_shared_fault mm/memory.c:3698 [inline] do_fault mm/memory.c:3763 [inline] handle_pte_fault mm/memory.c:3989 [inline] __handle_mm_fault+0x1054/0x2700 mm/memory.c:4113 handle_mm_fault+0x2f1/0x6da mm/memory.c:4150 __do_page_fault+0x477/0xbb0 arch/x86/mm/fault.c:1420 page_fault+0x42/0x50 arch/x86/entry/entry_64.S:1122 RIP: 80000000:0x7fe743694008 RSP: ed8dd53e:0000000000000396 EFLAGS: 0075c050 Code: 00 48 89 e8 48 c1 e8 03 42 80 3c 28 00 0f 85 30 06 00 00 48 8b 5d 00 f6 c3 01 0f 85 80 01 00 00 4c 8d 73 08 4c 89 f0 48 c1 e8 03 <42> 80 3c 28 00 0f 85 f8 05 00 00 4c 8b 7b 08 49 39 ef 0f 84 6c RIP: __rb_insert lib/rbtree.c:131 [inline] RSP: ffff8881d7407b08 RIP: rb_insert_color_cached+0x97/0x9d0 lib/rbtree.c:469 RSP: ffff8881d7407b08 ---[ end trace d9f5fa1ce2f9903b ]---