Bug 199183

Summary: Invalid pointer dereference in ext4_xattr_inode_hash when mounting and later operating on a crafted image
Product: File System Reporter: Wen Xu (wen.xu)
Component: ext4Assignee: fs_ext4 (fs_ext4)
Status: RESOLVED CODE_FIX    
Severity: normal CC: tytso, vt, wen.xu
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: 4.15.x Subsystem:
Regression: No Bisected commit-id:
Attachments: The crafted image which causes kernel panic
poc.c
0001-ext4-always-initialize-the-crc32c-checksum-driver.patch
0002-ext4-don-t-allow-r-w-mounts-if-metadata-blocks-overl.patch

Description Wen Xu 2018-03-22 20:46:22 UTC 
Created attachment 274883 [details]
The crafted image which causes kernel panic

- Overview
Invalid pointer dereference in ext4_xattr_inode_hash, when mounting and later operating on a crafted ext4 image

- Reproduce (requires root)
# mkdir mnt
# mount -t ext4 35.img mnt
# gcc -o poc poc.c
# ./poc ./mnt

- Reason
https://elixir.bootlin.com/linux/v4.15/source/fs/ext4/xattr.c#L1493

hash = ext4_xattr_inode_hash(EXT4_SB(inode->i_sb), value, value_len);

kernel seems missing sanitary check on EXT4_SB(inode->i_sb), which may be NULL

- Kernel dump (generated on Ubuntu 18.04 which uses Linux 4.15)
[  326.708075] EXT4-fs warning (device loop0): ext4_fill_super:3906: fragment/cluster size (268435456) != block size (1024)
[  326.708135] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock
[  326.709379] EXT4-fs (loop0): warning: mounting unchecked fs, running e2fsck is recommended
[  326.709582] [EXT4 FS bs=1024, gc=9, bpg=255, ipg=256, mo=e000e01c, mo2=0000]
[  326.709592] System zones: 0-31, 11-43, 255-256, 510-511, 765-766, 1020-1021, 1275-1276, 1530-1531, 1785-1786, 2040-2041
[  326.711742] EXT4-fs (loop0): mounted filesystem without journal. Opts: (null)
[  349.637318] EXT4-fs error (device loop0): ext4_readdir:183: inode #2: comm ls: path /home/wen/data/ext4-kernel/20180311/ext4_xattr_inode_hash/mnt: directory contains a hole at offset 1024
[  349.637575] EXT4-fs error (device loop0): ext4_readdir:183: inode #2: comm ls: path /home/wen/data/ext4-kernel/20180311/ext4_xattr_inode_hash/mnt: directory contains a hole at offset 2048
[  365.048877] EXT4-fs error (device loop0): ext4_readdir:183: inode #2: comm poc: path /home/wen/data/ext4-kernel/20180311/ext4_xattr_inode_hash/mnt: directory contains a hole at offset 1024
[  365.064510] EXT4-fs error (device loop0): ext4_mb_generate_buddy:756: group 6, block bitmap and bg descriptor inconsistent: 255 vs 65535 free clusters
[  365.064597] EXT4-fs error (device loop0): ext4_mb_generate_buddy:756: group 7, block bitmap and bg descriptor inconsistent: 255 vs 0 free clusters
[  365.064695] EXT4-fs error (device loop0): ext4_mb_generate_buddy:756: group 4, block bitmap and bg descriptor inconsistent: 255 vs 246 free clusters
[  365.064754] EXT4-fs error (device loop0): ext4_mb_generate_buddy:756: group 5, block bitmap and bg descriptor inconsistent: 255 vs 0 free clusters
[  365.064841] WARNING: CPU: 0 PID: 1410 at /build/linux-LL9XfP/linux-4.15.0/fs/ext4/ext4.h:2692 ext4_block_bitmap_csum_set+0xa1/0xb0
[  365.064842] Modules linked in: vmw_balloon coretemp intel_rapl_perf input_leds joydev serio_raw snd_ens1371 btusb snd_ac97_codec uvcvideo btrtl videobuf2_vmalloc btbcm btintel gameport snd_rawmidi videobuf2_memops bluetooth videobuf2_v4l2 videobuf2_core snd_seq_device ac97_bus snd_pcm videodev media ecdh_generic snd_timer snd soundcore shpchp mac_hid vmw_vsock_vmci_transport vsock vmw_vmci sch_fq_codel ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear hid_generic usbhid hid crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc aesni_intel aes_x86_64 crypto_simd glue_helper cryptd vmwgfx
[  365.065016]  psmouse ttm drm_kms_helper mptspi mptscsih ahci libahci e1000 mptbase scsi_transport_spi syscopyarea sysfillrect sysimgblt fb_sys_fops drm i2c_piix4 pata_acpi
[  365.065034] CPU: 0 PID: 1410 Comm: poc Not tainted 4.15.0-12-generic #13-Ubuntu
[  365.065035] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/02/2015
[  365.065038] RIP: 0010:ext4_block_bitmap_csum_set+0xa1/0xb0
[  365.065038] RSP: 0018:ffffb90740caf6d0 EFLAGS: 00010246
[  365.065039] RAX: 0000000000000000 RBX: ffff8b4bb91a7800 RCX: ffff8b4bb8dc5340
[  365.065040] RDX: ffff8b4bb80e2800 RSI: 0000000000000000 RDI: ffff8b4bb91a6000
[  365.065040] RBP: ffffb90740caf700 R08: ffff8b4bb91a7800 R09: 0000000000000000
[  365.065042] R10: ffff8b4bb80e2420 R11: ffffb90740caf5e0 R12: ffff8b4bb80e2800
[  365.065043] R13: 0000000000000000 R14: 0000000000000000 R15: ffff8b4bb8dc5340
[  365.065044] FS:  00007f301ea94540(0000) GS:ffff8b4bbc600000(0000) knlGS:0000000000000000
[  365.065045] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  365.065045] CR2: 00007f8281371d50 CR3: 0000000038294005 CR4: 00000000001606f0
[  365.065081] Call Trace:
[  365.065087]  ? ext4_num_base_meta_clusters+0x6e/0x90
[  365.065092]  ext4_read_block_bitmap_nowait+0x4a2/0x5e0
[  365.065095]  ext4_mb_init_cache+0x14c/0x720
[  365.065101]  ? pagecache_get_page+0xdf/0x2a0
[  365.065102]  ext4_mb_init_group+0x1c4/0x2c0
[  365.065104]  ext4_mb_good_group+0x153/0x170
[  365.065105]  ext4_mb_regular_allocator+0x1a8/0x430
[  365.065107]  ext4_mb_new_blocks+0x6c5/0xc30
[  365.065113]  ? _cond_resched+0x19/0x40
[  365.065116]  ? __kmalloc+0x19b/0x220
[  365.065117]  ? ext4_find_extent+0x243/0x2b0
[  365.065118]  ? ext4_find_extent+0x243/0x2b0
[  365.065120]  ext4_ext_map_blocks+0xad5/0xec0
[  365.065121]  ext4_map_blocks+0x3b2/0x5d0
[  365.065134]  ? alloc_buffer_head+0x21/0x60
[  365.065135]  _ext4_get_block+0x75/0x100
[  365.065136]  ext4_get_block+0x16/0x20
[  365.065137]  ext4_block_write_begin+0x135/0x460
[  365.065138]  ? add_to_page_cache_lru+0x79/0xe0
[  365.065139]  ? _ext4_get_block+0x100/0x100
[  365.065141]  ? __ext4_journal_start_sb+0x36/0x120
[  365.065142]  ext4_write_begin+0x16e/0x5b0
[  365.065145]  generic_perform_write+0xb3/0x1b0
[  365.065147]  __generic_file_write_iter+0x1aa/0x1d0
[  365.065149]  ext4_file_write_iter+0x203/0x3f0
[  365.065153]  new_sync_write+0xe7/0x140
[  365.065155]  __vfs_write+0x29/0x40
[  365.065156]  vfs_write+0xb1/0x1a0
[  365.065158]  SyS_write+0x55/0xc0
[  365.065163]  do_syscall_64+0x73/0x130
[  365.065166]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[  365.065170] RIP: 0033:0x7f301e596154
[  365.065170] RSP: 002b:00007ffd93f01868 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  365.065171] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f301e596154
[  365.065172] RDX: 0000000000000205 RSI: 0000000000602140 RDI: 0000000000000003
[  365.065172] RBP: 00007ffd93f019d0 R08: 0000000000000003 R09: 0000000000000000
[  365.065173] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000400c20
[  365.065174] R13: 00007ffd93f01ad0 R14: 0000000000000000 R15: 0000000000000000
[  365.065174] Code: 89 44 24 18 48 83 3b 39 76 09 c1 e8 10 66 41 89 44 24 38 48 8b 45 e8 65 48 33 04 25 28 00 00 00 75 11 48 83 c4 20 5b 41 5c 5d c3 <0f> 0b eb e4 0f 0b 0f 0b e8 22 20 d8 ff 90 90 0f 1f 44 00 00 55
[  365.065193] ---[ end trace 1ecf08f3cdf242f0 ]---
[  365.065212] WARNING: CPU: 0 PID: 1410 at /build/linux-LL9XfP/linux-4.15.0/fs/ext4/ext4.h:2692 ext4_group_desc_csum+0x16e/0x210
[  365.065213] Modules linked in: vmw_balloon coretemp intel_rapl_perf input_leds joydev serio_raw snd_ens1371 btusb snd_ac97_codec uvcvideo btrtl videobuf2_vmalloc btbcm btintel gameport snd_rawmidi videobuf2_memops bluetooth videobuf2_v4l2 videobuf2_core snd_seq_device ac97_bus snd_pcm videodev media ecdh_generic snd_timer snd soundcore shpchp mac_hid vmw_vsock_vmci_transport vsock vmw_vmci sch_fq_codel ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear hid_generic usbhid hid crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc aesni_intel aes_x86_64 crypto_simd glue_helper cryptd vmwgfx
[  365.065236]  psmouse ttm drm_kms_helper mptspi mptscsih ahci libahci e1000 mptbase scsi_transport_spi syscopyarea sysfillrect sysimgblt fb_sys_fops drm i2c_piix4 pata_acpi
[  365.065242] CPU: 0 PID: 1410 Comm: poc Tainted: G        W        4.15.0-12-generic #13-Ubuntu
[  365.065242] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/02/2015
[  365.065245] RIP: 0010:ext4_group_desc_csum+0x16e/0x210
[  365.065246] RSP: 0018:ffffb90740caf6a8 EFLAGS: 00010246
[  365.065246] RAX: ffff8b4bb91a7800 RBX: ffff8b4bb91a7800 RCX: ffff8b4bb91a7800
[  365.065247] RDX: ffff8b4bb80e2400 RSI: 0000000000000000 RDI: ffff8b4bb91a6000
[  365.065248] RBP: ffffb90740caf6e8 R08: ffff8b4bb91a7800 R09: 0000000000000000
[  365.065248] R10: ffff8b4bb80e2420 R11: ffffb90740caf5e0 R12: ffff8b4bb80e2800
[  365.065249] R13: ffff8b4bb91a6000 R14: 0000000000000000 R15: ffff8b4bb8dc5340
[  365.065250] FS:  00007f301ea94540(0000) GS:ffff8b4bbc600000(0000) knlGS:0000000000000000
[  365.065250] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  365.065251] CR2: 00007f8281371d50 CR3: 0000000038294005 CR4: 00000000001606f0
[  365.065273] Call Trace:
[  365.065275]  ext4_group_desc_csum_set+0x33/0x40
[  365.065277]  ext4_read_block_bitmap_nowait+0x4b0/0x5e0
[  365.065278]  ext4_mb_init_cache+0x14c/0x720
[  365.065280]  ? pagecache_get_page+0xdf/0x2a0
[  365.065281]  ext4_mb_init_group+0x1c4/0x2c0
[  365.065282]  ext4_mb_good_group+0x153/0x170
[  365.065284]  ext4_mb_regular_allocator+0x1a8/0x430
[  365.065285]  ext4_mb_new_blocks+0x6c5/0xc30
[  365.065287]  ? _cond_resched+0x19/0x40
[  365.065288]  ? __kmalloc+0x19b/0x220
[  365.065289]  ? ext4_find_extent+0x243/0x2b0
[  365.065290]  ? ext4_find_extent+0x243/0x2b0
[  365.065291]  ext4_ext_map_blocks+0xad5/0xec0
[  365.065293]  ext4_map_blocks+0x3b2/0x5d0
[  365.065294]  ? alloc_buffer_head+0x21/0x60
[  365.065295]  _ext4_get_block+0x75/0x100
[  365.065296]  ext4_get_block+0x16/0x20
[  365.065297]  ext4_block_write_begin+0x135/0x460
[  365.065299]  ? add_to_page_cache_lru+0x79/0xe0
[  365.065299]  ? _ext4_get_block+0x100/0x100
[  365.065301]  ? __ext4_journal_start_sb+0x36/0x120
[  365.065302]  ext4_write_begin+0x16e/0x5b0
[  365.065303]  generic_perform_write+0xb3/0x1b0
[  365.065305]  __generic_file_write_iter+0x1aa/0x1d0
[  365.065307]  ext4_file_write_iter+0x203/0x3f0
[  365.065308]  new_sync_write+0xe7/0x140
[  365.065310]  __vfs_write+0x29/0x40
[  365.065311]  vfs_write+0xb1/0x1a0
[  365.065313]  SyS_write+0x55/0xc0
[  365.065314]  do_syscall_64+0x73/0x130
[  365.065316]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[  365.065317] RIP: 0033:0x7f301e596154
[  365.065318] RSP: 002b:00007ffd93f01868 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  365.065318] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f301e596154
[  365.065319] RDX: 0000000000000205 RSI: 0000000000602140 RDI: 0000000000000003
[  365.065320] RBP: 00007ffd93f019d0 R08: 0000000000000003 R09: 0000000000000000
[  365.065320] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000400c20
[  365.065321] R13: 00007ffd93f01ad0 R14: 0000000000000000 R15: 0000000000000000
[  365.065321] Code: 89 c2 8b 45 d8 85 d2 0f 85 a0 00 00 00 48 8b 4d e0 65 48 33 0c 25 28 00 00 00 0f 85 9b 00 00 00 48 83 c4 28 5b 41 5c 41 5d 5d c3 <0f> 0b 48 8b 73 68 31 c0 f6 46 64 10 74 d4 48 83 c6 68 ba 10 00
[  365.065339] ---[ end trace 1ecf08f3cdf242f1 ]---
[  365.065519] WARNING: CPU: 0 PID: 1410 at /build/linux-LL9XfP/linux-4.15.0/fs/ext4/ext4.h:2692 ext4_block_bitmap_csum_verify+0xae/0xd0
[  365.065519] Modules linked in: vmw_balloon coretemp intel_rapl_perf input_leds joydev serio_raw snd_ens1371 btusb snd_ac97_codec uvcvideo btrtl videobuf2_vmalloc btbcm btintel gameport snd_rawmidi videobuf2_memops bluetooth videobuf2_v4l2 videobuf2_core snd_seq_device ac97_bus snd_pcm videodev media ecdh_generic snd_timer snd soundcore shpchp mac_hid vmw_vsock_vmci_transport vsock vmw_vmci sch_fq_codel ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear hid_generic usbhid hid crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc aesni_intel aes_x86_64 crypto_simd glue_helper cryptd vmwgfx
[  365.065542]  psmouse ttm drm_kms_helper mptspi mptscsih ahci libahci e1000 mptbase scsi_transport_spi syscopyarea sysfillrect sysimgblt fb_sys_fops drm i2c_piix4 pata_acpi
[  365.065549] CPU: 0 PID: 1410 Comm: poc Tainted: G        W        4.15.0-12-generic #13-Ubuntu
[  365.065549] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/02/2015
[  365.065550] RIP: 0010:ext4_block_bitmap_csum_verify+0xae/0xd0
[  365.065551] RSP: 0018:ffffb90740caf668 EFLAGS: 00010246
[  365.065552] RAX: 0000000000000000 RBX: ffff8b4bb91a7800 RCX: ffff8b4bb8dc5340
[  365.065552] RDX: ffff8b4bb80e2800 RSI: 0000000000000000 RDI: ffff8b4bb91a6000
[  365.065553] RBP: ffffb90740caf6a0 R08: ffff8b4bb68e0c58 R09: 0000000000000000
[  365.065553] R10: ffff8b4bb80e2420 R11: ffffb90740caf5e0 R12: 0000000000000000
[  365.065554] R13: ffff8b4bb8dc5340 R14: 0000000000000000 R15: ffff8b4bb91a7800
[  365.065555] FS:  00007f301ea94540(0000) GS:ffff8b4bbc600000(0000) knlGS:0000000000000000
[  365.065555] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  365.065556] CR2: 00007f8281371d50 CR3: 0000000038294005 CR4: 00000000001606f0
[  365.065594] Call Trace:
[  365.065597]  ? ext4_group_desc_csum+0x170/0x210
[  365.065598]  ext4_validate_block_bitmap+0xee/0x350
[  365.065599]  ext4_read_block_bitmap_nowait+0xa5/0x5e0
[  365.065601]  ext4_mb_init_cache+0x14c/0x720
[  365.065602]  ? pagecache_get_page+0xdf/0x2a0
[  365.065603]  ext4_mb_init_group+0x1c4/0x2c0
[  365.065605]  ext4_mb_good_group+0x153/0x170
[  365.065606]  ext4_mb_regular_allocator+0x1a8/0x430
[  365.065608]  ext4_mb_new_blocks+0x6c5/0xc30
[  365.065609]  ? _cond_resched+0x19/0x40
[  365.065610]  ? __kmalloc+0x19b/0x220
[  365.065611]  ? ext4_find_extent+0x243/0x2b0
[  365.065612]  ? ext4_find_extent+0x243/0x2b0
[  365.065614]  ext4_ext_map_blocks+0xad5/0xec0
[  365.065615]  ext4_map_blocks+0x3b2/0x5d0
[  365.065617]  ? alloc_buffer_head+0x21/0x60
[  365.065618]  _ext4_get_block+0x75/0x100
[  365.065619]  ext4_get_block+0x16/0x20
[  365.065620]  ext4_block_write_begin+0x135/0x460
[  365.065621]  ? add_to_page_cache_lru+0x79/0xe0
[  365.065622]  ? _ext4_get_block+0x100/0x100
[  365.065623]  ? __ext4_journal_start_sb+0x36/0x120
[  365.065624]  ext4_write_begin+0x16e/0x5b0
[  365.065626]  generic_perform_write+0xb3/0x1b0
[  365.065627]  __generic_file_write_iter+0x1aa/0x1d0
[  365.065629]  ext4_file_write_iter+0x203/0x3f0
[  365.065630]  new_sync_write+0xe7/0x140
[  365.065632]  __vfs_write+0x29/0x40
[  365.065633]  vfs_write+0xb1/0x1a0
[  365.065635]  SyS_write+0x55/0xc0
[  365.065636]  do_syscall_64+0x73/0x130
[  365.065638]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[  365.065639] RIP: 0033:0x7f301e596154
[  365.065639] RSP: 002b:00007ffd93f01868 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  365.065640] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f301e596154
[  365.065641] RDX: 0000000000000205 RSI: 0000000000602140 RDI: 0000000000000003
[  365.065641] RBP: 00007ffd93f019d0 R08: 0000000000000003 R09: 0000000000000000
[  365.065642] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000400c20
[  365.065642] R13: 00007ffd93f01ad0 R14: 0000000000000000 R15: 0000000000000000
[  365.065643] Code: c0 41 39 c5 0f 94 c0 0f b6 c0 eb 05 b8 01 00 00 00 48 8b 75 e0 65 48 33 34 25 28 00 00 00 75 26 48 83 c4 20 5b 41 5c 41 5d 5d c3 <0f> 0b b8 01 00 00 00 eb dd 41 0f b7 54 24 38 c1 e2 10 41 09 d5
[  365.065663] ---[ end trace 1ecf08f3cdf242f2 ]---
[  365.066256] EXT4-fs error (device loop0): ext4_mb_generate_buddy:756: group 0, block bitmap and bg descriptor inconsistent: 220 vs 213 free clusters
[  365.066326] WARNING: CPU: 0 PID: 1410 at /build/linux-LL9XfP/linux-4.15.0/fs/ext4/ext4.h:2692 ext4_superblock_csum_set+0x85/0xa0
[  365.066326] Modules linked in: vmw_balloon coretemp intel_rapl_perf input_leds joydev serio_raw snd_ens1371 btusb snd_ac97_codec uvcvideo btrtl videobuf2_vmalloc btbcm btintel gameport snd_rawmidi videobuf2_memops bluetooth videobuf2_v4l2 videobuf2_core snd_seq_device ac97_bus snd_pcm videodev media ecdh_generic snd_timer snd soundcore shpchp mac_hid vmw_vsock_vmci_transport vsock vmw_vmci sch_fq_codel ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear hid_generic usbhid hid crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc aesni_intel aes_x86_64 crypto_simd glue_helper cryptd vmwgfx
[  365.066351]  psmouse ttm drm_kms_helper mptspi mptscsih ahci libahci e1000 mptbase scsi_transport_spi syscopyarea sysfillrect sysimgblt fb_sys_fops drm i2c_piix4 pata_acpi
[  365.066357] CPU: 0 PID: 1410 Comm: poc Tainted: G        W        4.15.0-12-generic #13-Ubuntu
[  365.066358] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/02/2015
[  365.066359] RIP: 0010:ext4_superblock_csum_set+0x85/0xa0
[  365.066360] RSP: 0018:ffffb90740caf598 EFLAGS: 00010246
[  365.066361] RAX: 0000000000000000 RBX: ffff8b4bb80e2400 RCX: 0000000000000000
[  365.066361] RDX: 0000000000000000 RSI: 0000000000000286 RDI: ffff8b4bb91a6000
[  365.066362] RBP: ffffb90740caf5c0 R08: fffffffffffffffe R09: 0000000000000001
[  365.066362] R10: ffffb90740caf6d8 R11: 00000000ffffffff R12: ffff8b4bb91a6000
[  365.066363] R13: ffffffffa785e220 R14: ffff8b4bb80e2400 R15: 0000000000000043
[  365.066364] FS:  00007f301ea94540(0000) GS:ffff8b4bbc600000(0000) knlGS:0000000000000000
[  365.066365] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  365.066365] CR2: 00007f3030025098 CR3: 0000000038294005 CR4: 00000000001606f0
[  365.066369] Call Trace:
[  365.066375]  ? __percpu_counter_sum+0x5d/0x70
[  365.066377]  ext4_commit_super+0x187/0x2b0
[  365.066378]  __ext4_grp_locked_error+0x16e/0x260
[  365.066380]  ext4_mb_generate_buddy+0x2c6/0x320
[  365.066382]  ext4_mb_init_cache+0x338/0x720
[  365.066384]  ? pagecache_get_page+0xdf/0x2a0
[  365.066385]  ext4_mb_init_group+0x1c4/0x2c0
[  365.066387]  ext4_mb_good_group+0x153/0x170
[  365.066388]  ext4_mb_regular_allocator+0x1a8/0x430
[  365.066390]  ext4_mb_new_blocks+0x6c5/0xc30
[  365.066391]  ? _cond_resched+0x19/0x40
[  365.066392]  ? __kmalloc+0x19b/0x220
[  365.066393]  ? ext4_find_extent+0x243/0x2b0
[  365.066394]  ? ext4_find_extent+0x243/0x2b0
[  365.066396]  ext4_ext_map_blocks+0xad5/0xec0
[  365.066397]  ext4_map_blocks+0x3b2/0x5d0
[  365.066399]  ? alloc_buffer_head+0x21/0x60
[  365.066400]  _ext4_get_block+0x75/0x100
[  365.066401]  ext4_get_block+0x16/0x20
[  365.066402]  ext4_block_write_begin+0x135/0x460
[  365.066404]  ? add_to_page_cache_lru+0x79/0xe0
[  365.066404]  ? _ext4_get_block+0x100/0x100
[  365.066406]  ? __ext4_journal_start_sb+0x36/0x120
[  365.066407]  ext4_write_begin+0x16e/0x5b0
[  365.066409]  generic_perform_write+0xb3/0x1b0
[  365.066410]  __generic_file_write_iter+0x1aa/0x1d0
[  365.066412]  ext4_file_write_iter+0x203/0x3f0
[  365.066414]  new_sync_write+0xe7/0x140
[  365.066416]  __vfs_write+0x29/0x40
[  365.066417]  vfs_write+0xb1/0x1a0
[  365.066418]  SyS_write+0x55/0xc0
[  365.066420]  do_syscall_64+0x73/0x130
[  365.066422]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[  365.066423] RIP: 0033:0x7f301e596154
[  365.066423] RSP: 002b:00007ffd93f01868 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  365.066424] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f301e596154
[  365.066425] RDX: 0000000000000205 RSI: 0000000000602140 RDI: 0000000000000003
[  365.066425] RBP: 00007ffd93f019d0 R08: 0000000000000003 R09: 0000000000000000
[  365.066426] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000400c20
[  365.066427] R13: 00007ffd93f01ad0 R14: 0000000000000000 R15: 0000000000000000
[  365.066427] Code: ff ff ff e8 2e 62 0d 00 85 c0 75 25 8b 45 e8 89 83 fc 03 00 00 48 8b 45 f0 65 48 33 04 25 28 00 00 00 75 0f 48 83 c4 20 5b 5d c3 <0f> 0b eb e6 0f 0b 0f 0b e8 3e 59 d3 ff 0f 1f 40 00 66 2e 0f 1f
[  365.066446] ---[ end trace 1ecf08f3cdf242f3 ]---
[  365.066450] EXT4-fs error (device loop0): ext4_mb_generate_buddy:756: group 1, block bitmap and bg descriptor inconsistent: 255 vs 0 free clusters
[  365.066919] WARNING: CPU: 0 PID: 1410 at /build/linux-LL9XfP/linux-4.15.0/fs/ext4/ext4.h:2692 ext4_add_entry+0x26a/0x430
[  365.066919] Modules linked in: vmw_balloon coretemp intel_rapl_perf input_leds joydev serio_raw snd_ens1371 btusb snd_ac97_codec uvcvideo btrtl videobuf2_vmalloc btbcm btintel gameport snd_rawmidi videobuf2_memops bluetooth videobuf2_v4l2 videobuf2_core snd_seq_device ac97_bus snd_pcm videodev media ecdh_generic snd_timer snd soundcore shpchp mac_hid vmw_vsock_vmci_transport vsock vmw_vmci sch_fq_codel ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear hid_generic usbhid hid crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc aesni_intel aes_x86_64 crypto_simd glue_helper cryptd vmwgfx
[  365.066944]  psmouse ttm drm_kms_helper mptspi mptscsih ahci libahci e1000 mptbase scsi_transport_spi syscopyarea sysfillrect sysimgblt fb_sys_fops drm i2c_piix4 pata_acpi
[  365.066952] CPU: 0 PID: 1410 Comm: poc Tainted: G        W        4.15.0-12-generic #13-Ubuntu
[  365.066953] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/02/2015
[  365.066955] RIP: 0010:ext4_add_entry+0x26a/0x430
[  365.066956] RSP: 0018:ffffb90740cafc00 EFLAGS: 00010246
[  365.066958] RAX: ffff8b4bb91a7800 RBX: ffff8b4bb8e2e6e8 RCX: 000000000000000d
[  365.066959] RDX: ffff8b4bb80e2400 RSI: ffff8b4bb8d640c0 RDI: 0000000000000001
[  365.066959] RBP: ffffb90740cafc98 R08: 0000000000000000 R09: 0000000000000000
[  365.066960] R10: ffff8b4bb8e28528 R11: 0000000000000001 R12: ffff8b4bb8e29628
[  365.066961] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[  365.066963] FS:  00007f301ea94540(0000) GS:ffff8b4bbc600000(0000) knlGS:0000000000000000
[  365.066964] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  365.066964] CR2: 00007f3030025098 CR3: 0000000038294005 CR4: 00000000001606f0
[  365.066968] Call Trace:
[  365.066970]  ? _cond_resched+0x19/0x40
[  365.066972]  ? ext4_journal_check_start+0x12/0x80
[  365.066973]  ? __ext4_journal_start_sb+0x36/0x120
[  365.066975]  ext4_rename+0x6ae/0x860
[  365.066977]  ext4_rename2+0x8d/0xc0
[  365.066980]  vfs_rename+0x46e/0x960
[  365.066982]  SyS_rename+0x362/0x3c0
[  365.066985]  do_syscall_64+0x73/0x130
[  365.066986]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[  365.066987] RIP: 0033:0x7f301e501d37
[  365.066988] RSP: 002b:00007ffd93f01868 EFLAGS: 00000202 ORIG_RAX: 0000000000000052
[  365.066989] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f301e501d37
[  365.066989] RDX: 0000000000cb82f0 RSI: 0000000000cb82f0 RDI: 0000000000cb82d0
[  365.066990] RBP: 00007ffd93f019d0 R08: 0000000000000003 R09: 0000000000000000
[  365.066991] R10: 0000000000000003 R11: 0000000000000202 R12: 0000000000400c20
[  365.066991] R13: 00007ffd93f01ad0 R14: 0000000000000000 R15: 0000000000000000
[  365.066992] Code: 00 00 00 00 48 c7 45 90 00 00 00 00 48 c7 45 98 00 00 00 00 e9 76 ff ff ff 31 d2 e9 83 fe ff ff 89 85 7c ff ff ff e9 6e ff ff ff <0f> 0b c7 85 70 ff ff ff 00 00 00 00 e9 f0 fd ff ff 48 8b 7d 80
[  365.067019] ---[ end trace 1ecf08f3cdf242f4 ]---
[  365.067025] WARNING: CPU: 0 PID: 1410 at /build/linux-LL9XfP/linux-4.15.0/fs/ext4/ext4.h:2692 __ext4_read_dirblock+0x10a/0x260
[  365.067025] Modules linked in: vmw_balloon coretemp intel_rapl_perf input_leds joydev serio_raw snd_ens1371 btusb snd_ac97_codec uvcvideo btrtl videobuf2_vmalloc btbcm btintel gameport snd_rawmidi videobuf2_memops bluetooth videobuf2_v4l2 videobuf2_core snd_seq_device ac97_bus snd_pcm videodev media ecdh_generic snd_timer snd soundcore shpchp mac_hid vmw_vsock_vmci_transport vsock vmw_vmci sch_fq_codel ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear hid_generic usbhid hid crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc aesni_intel aes_x86_64 crypto_simd glue_helper cryptd vmwgfx
[  365.067059]  psmouse ttm drm_kms_helper mptspi mptscsih ahci libahci e1000 mptbase scsi_transport_spi syscopyarea sysfillrect sysimgblt fb_sys_fops drm i2c_piix4 pata_acpi
[  365.067065] CPU: 0 PID: 1410 Comm: poc Tainted: G        W        4.15.0-12-generic #13-Ubuntu
[  365.067066] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/02/2015
[  365.067067] RIP: 0010:__ext4_read_dirblock+0x10a/0x260
[  365.067068] RSP: 0018:ffffb90740cafbc0 EFLAGS: 00010246
[  365.067069] RAX: ffff8b4bb80e2400 RBX: ffff8b4bb8ddaa90 RCX: ffff8b4bb91a6000
[  365.067069] RDX: ffff8b4bb91a7800 RSI: ffff8b4ba0d10800 RDI: 0000000000000000
[  365.067070] RBP: ffffb90740cafbf0 R08: 0000000000000000 R09: 0000000000000000
[  365.067070] R10: ffff8b4bb8e28528 R11: 0000000000000001 R12: ffff8b4bb8e2e6e8
[  365.067071] R13: 0000000000000002 R14: 0000000000000000 R15: 000000000000081b
[  365.067072] FS:  00007f301ea94540(0000) GS:ffff8b4bbc600000(0000) knlGS:0000000000000000
[  365.067073] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  365.067073] CR2: 00007f3030025098 CR3: 0000000038294005 CR4: 00000000001606f0
[  365.067076] Call Trace:
[  365.067078]  ext4_add_entry+0x18d/0x430
[  365.067079]  ext4_rename+0x6ae/0x860
[  365.067082]  ext4_rename2+0x8d/0xc0
[  365.067083]  vfs_rename+0x46e/0x960
[  365.067084]  SyS_rename+0x362/0x3c0
[  365.067086]  do_syscall_64+0x73/0x130
[  365.067088]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[  365.067088] RIP: 0033:0x7f301e501d37
[  365.067089] RSP: 002b:00007ffd93f01868 EFLAGS: 00000202 ORIG_RAX: 0000000000000052
[  365.067090] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f301e501d37
[  365.067090] RDX: 0000000000cb82f0 RSI: 0000000000cb82f0 RDI: 0000000000cb82d0
[  365.067091] RBP: 00007ffd93f019d0 R08: 0000000000000003 R09: 0000000000000000
[  365.067092] R10: 0000000000000003 R11: 0000000000000202 R12: 0000000000400c20
[  365.067092] R13: 00007ffd93f01ad0 R14: 0000000000000000 R15: 0000000000000000
[  365.067093] Code: a9 00 00 00 04 75 cf 85 ff 74 05 45 84 c0 75 66 85 ff 75 c2 4c 89 e7 e8 25 fe ff ff 85 c0 0f 84 b6 00 00 00 3e 80 4b 03 04 eb ab <0f> 0b eb a7 41 83 fd 01 bf 01 00 00 00 41 0f 94 c0 eb af 48 8b
[  365.067110] ---[ end trace 1ecf08f3cdf242f5 ]---
[  365.067157] WARNING: CPU: 0 PID: 1410 at /build/linux-LL9XfP/linux-4.15.0/fs/ext4/ext4.h:2692 add_dirent_to_buf+0x185/0x1a0
[  365.067157] Modules linked in: vmw_balloon coretemp intel_rapl_perf input_leds joydev serio_raw snd_ens1371 btusb snd_ac97_codec uvcvideo btrtl videobuf2_vmalloc btbcm btintel gameport snd_rawmidi videobuf2_memops bluetooth videobuf2_v4l2 videobuf2_core snd_seq_device ac97_bus snd_pcm videodev media ecdh_generic snd_timer snd soundcore shpchp mac_hid vmw_vsock_vmci_transport vsock vmw_vmci sch_fq_codel ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear hid_generic usbhid hid crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc aesni_intel aes_x86_64 crypto_simd glue_helper cryptd vmwgfx
[  365.067178]  psmouse ttm drm_kms_helper mptspi mptscsih ahci libahci e1000 mptbase scsi_transport_spi syscopyarea sysfillrect sysimgblt fb_sys_fops drm i2c_piix4 pata_acpi
[  365.067184] CPU: 0 PID: 1410 Comm: poc Tainted: G        W        4.15.0-12-generic #13-Ubuntu
[  365.067186] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/02/2015
[  365.067187] RIP: 0010:add_dirent_to_buf+0x185/0x1a0
[  365.067188] RSP: 0018:ffffb90740cafbb0 EFLAGS: 00010246
[  365.067189] RAX: ffff8b4bb91a7800 RBX: ffff8b4bb8e2e6e8 RCX: ffff8b4bb8e29628
[  365.067189] RDX: ffff8b4bb80e2400 RSI: 000000000000000c RDI: 0000000000000001
[  365.067190] RBP: ffffb90740cafbf0 R08: 0000000000000000 R09: ffff8b4bb8ddaa90
[  365.067190] R10: ffff8b4bb8e28528 R11: 0000000000000001 R12: ffff8b4bb8ddaa90
[  365.067191] R13: 0000000000000001 R14: ffff8b4bb8e29628 R15: ffffb90740cafc28
[  365.067191] FS:  00007f301ea94540(0000) GS:ffff8b4bbc600000(0000) knlGS:0000000000000000
[  365.067192] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  365.067192] CR2: 00007f3030025098 CR3: 0000000038294005 CR4: 00000000001606f0
[  365.067195] Call Trace:
[  365.067197]  ext4_add_entry+0x126/0x430
[  365.067198]  ext4_rename+0x6ae/0x860
[  365.067200]  ext4_rename2+0x8d/0xc0
[  365.067201]  vfs_rename+0x46e/0x960
[  365.067203]  SyS_rename+0x362/0x3c0
[  365.067205]  do_syscall_64+0x73/0x130
[  365.067206]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[  365.067207] RIP: 0033:0x7f301e501d37
[  365.067208] RSP: 002b:00007ffd93f01868 EFLAGS: 00000202 ORIG_RAX: 0000000000000052
[  365.067208] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f301e501d37
[  365.067209] RDX: 0000000000cb82f0 RSI: 0000000000cb82f0 RDI: 0000000000cb82d0
[  365.067209] RBP: 00007ffd93f019d0 R08: 0000000000000003 R09: 0000000000000000
[  365.067210] R10: 0000000000000003 R11: 0000000000000202 R12: 0000000000400c20
[  365.067210] R13: 00007ffd93f01ad0 R14: 0000000000000000 R15: 0000000000000000
[  365.067211] Code: 45 c8 49 8b 4c 24 28 4c 89 e2 4d 89 f9 48 89 df 50 44 8b 45 c0 41 29 f0 4c 89 f6 e8 66 fc ff ff 85 c0 5a 0f 84 e9 fe ff ff eb c2 <0f> 0b 31 f6 e9 d3 fe ff ff 3e 80 a3 69 ff ff ff ef e9 36 ff ff
[  365.067227] ---[ end trace 1ecf08f3cdf242f6 ]---
[  365.067293] WARNING: CPU: 0 PID: 1410 at /build/linux-LL9XfP/linux-4.15.0/fs/ext4/ext4.h:2692 ext4_handle_dirty_dirent_node+0xc5/0x110
[  365.067309] Modules linked in: vmw_balloon coretemp intel_rapl_perf input_leds joydev serio_raw snd_ens1371 btusb snd_ac97_codec uvcvideo btrtl videobuf2_vmalloc btbcm btintel gameport snd_rawmidi videobuf2_memops bluetooth videobuf2_v4l2 videobuf2_core snd_seq_device ac97_bus snd_pcm videodev media ecdh_generic snd_timer snd soundcore shpchp mac_hid vmw_vsock_vmci_transport vsock vmw_vmci sch_fq_codel ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear hid_generic usbhid hid crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc aesni_intel aes_x86_64 crypto_simd glue_helper cryptd vmwgfx
[  365.067331]  psmouse ttm drm_kms_helper mptspi mptscsih ahci libahci e1000 mptbase scsi_transport_spi syscopyarea sysfillrect sysimgblt fb_sys_fops drm i2c_piix4 pata_acpi
[  365.067337] CPU: 0 PID: 1410 Comm: poc Tainted: G        W        4.15.0-12-generic #13-Ubuntu
[  365.067337] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/02/2015
[  365.067339] RIP: 0010:ext4_handle_dirty_dirent_node+0xc5/0x110
[  365.067339] RSP: 0018:ffffb90740cafb60 EFLAGS: 00010246
[  365.067340] RAX: ffff8b4bb91a6000 RBX: ffff8b4bb8e2e6e8 RCX: 0000000000000000
[  365.067340] RDX: ffff8b4bb91a7800 RSI: ffff8b4bb8e2e6e8 RDI: 0000000000000001
[  365.067341] RBP: ffffb90740cafba0 R08: ffff8b4bb8dc6f70 R09: 0000000000000000
[  365.067341] R10: 0000000000000000 R11: 00000000000000a9 R12: ffff8b4bb8ddaa90
[  365.067342] R13: 0000000000000001 R14: ffff8b4bb8e2e770 R15: ffffb90740cafc28
[  365.067343] FS:  00007f301ea94540(0000) GS:ffff8b4bbc600000(0000) knlGS:0000000000000000
[  365.067344] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  365.067346] CR2: 00007f3030025098 CR3: 0000000038294005 CR4: 00000000001606f0
[  365.067348] Call Trace:
[  365.067351]  add_dirent_to_buf+0x10b/0x1a0
[  365.067352]  ext4_add_entry+0x126/0x430
[  365.067354]  ext4_rename+0x6ae/0x860
[  365.067356]  ext4_rename2+0x8d/0xc0
[  365.067357]  vfs_rename+0x46e/0x960
[  365.067358]  SyS_rename+0x362/0x3c0
[  365.067360]  do_syscall_64+0x73/0x130
[  365.067362]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[  365.067362] RIP: 0033:0x7f301e501d37
[  365.067363] RSP: 002b:00007ffd93f01868 EFLAGS: 00000202 ORIG_RAX: 0000000000000052
[  365.067364] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f301e501d37
[  365.067364] RDX: 0000000000cb82f0 RSI: 0000000000cb82f0 RDI: 0000000000cb82d0
[  365.067365] RBP: 00007ffd93f019d0 R08: 0000000000000003 R09: 0000000000000000
[  365.067365] R10: 0000000000000003 R11: 0000000000000202 R12: 0000000000400c20
[  365.067366] R13: 00007ffd93f01ad0 R14: 0000000000000000 R15: 0000000000000000
[  365.067366] Code: 89 d9 4c 89 ea be 83 01 00 00 e8 27 ef fc ff 48 8b 7d d8 65 48 33 3c 25 28 00 00 00 75 44 48 83 c4 20 5b 41 5c 41 5d 41 5e 5d c3 <0f> 0b eb c6 83 39 04 8b 83 48 03 00 00 75 24 48 8d 7d c0 48 89
[  365.067383] ---[ end trace 1ecf08f3cdf242f7 ]---
[  365.069051] WARNING: CPU: 0 PID: 1410 at /build/linux-LL9XfP/linux-4.15.0/fs/ext4/ext4.h:2692 ext4_delete_entry+0xd8/0x140
[  365.069051] Modules linked in: vmw_balloon coretemp intel_rapl_perf input_leds joydev serio_raw snd_ens1371 btusb snd_ac97_codec uvcvideo btrtl videobuf2_vmalloc btbcm btintel gameport snd_rawmidi videobuf2_memops bluetooth videobuf2_v4l2 videobuf2_core snd_seq_device ac97_bus snd_pcm videodev media ecdh_generic snd_timer snd soundcore shpchp mac_hid vmw_vsock_vmci_transport vsock vmw_vmci sch_fq_codel ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear hid_generic usbhid hid crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc aesni_intel aes_x86_64 crypto_simd glue_helper cryptd vmwgfx
[  365.069072]  psmouse ttm drm_kms_helper mptspi mptscsih ahci libahci e1000 mptbase scsi_transport_spi syscopyarea sysfillrect sysimgblt fb_sys_fops drm i2c_piix4 pata_acpi
[  365.069078] CPU: 0 PID: 1410 Comm: poc Tainted: G        W        4.15.0-12-generic #13-Ubuntu
[  365.069079] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/02/2015
[  365.069080] RIP: 0010:ext4_delete_entry+0xd8/0x140
[  365.069081] RSP: 0000:ffffb90740cafc58 EFLAGS: 00010246
[  365.069082] RAX: ffff8b4bb91a7800 RBX: ffff8b4bb8e28528 RCX: ffff8b4bb8dda750
[  365.069082] RDX: ffff8b4bb80e2400 RSI: ffff8b4bb8e28528 RDI: 0000000000000001
[  365.069083] RBP: ffffb90740cafc98 R08: ffff8b4ba0d10c18 R09: ffff8b4bb8e28528
[  365.069083] R10: 0000000000000000 R11: 0000000000027ec0 R12: ffff8b4bb8dda750
[  365.069084] R13: 0000000000000001 R14: ffff8b4ba0d10c18 R15: 000000000000000c
[  365.069085] FS:  00007f301ea94540(0000) GS:ffff8b4bbc600000(0000) knlGS:0000000000000000
[  365.069085] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  365.069086] CR2: 00007f827d8132a0 CR3: 0000000038294005 CR4: 00000000001606f0
[  365.069089] Call Trace:
[  365.069091]  ext4_rename+0x824/0x860
[  365.069093]  ext4_rename2+0x8d/0xc0
[  365.069094]  vfs_rename+0x46e/0x960
[  365.069095]  SyS_rename+0x362/0x3c0
[  365.069097]  do_syscall_64+0x73/0x130
[  365.069099]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[  365.069100] RIP: 0033:0x7f301e501d37
[  365.069100] RSP: 002b:00007ffd93f01868 EFLAGS: 00000202 ORIG_RAX: 0000000000000052
[  365.069101] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f301e501d37
[  365.069102] RDX: 0000000000cb82f0 RSI: 0000000000cb82f0 RDI: 0000000000cb82d0
[  365.069102] RBP: 00007ffd93f019d0 R08: 0000000000000003 R09: 0000000000000000
[  365.069103] R10: 0000000000000003 R11: 0000000000000202 R12: 0000000000400c20
[  365.069104] R13: 00007ffd93f01ad0 R14: 0000000000000000 R15: 0000000000000000
[  365.069105] Code: d0 65 48 33 0c 25 28 00 00 00 75 79 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 48 83 b8 a8 03 00 00 00 41 bf 0c 00 00 00 75 8d <0f> 0b 45 31 ff eb 86 4c 8d 45 cc c7 45 cc 01 00 00 00 e8 51 06
[  365.069121] ---[ end trace 1ecf08f3cdf242f8 ]---
[  365.069154] WARNING: CPU: 0 PID: 1410 at /build/linux-LL9XfP/linux-4.15.0/fs/ext4/ext4.h:2692 ext4_dirent_csum_verify+0x97/0xe0
[  365.069154] Modules linked in: vmw_balloon coretemp intel_rapl_perf input_leds joydev serio_raw snd_ens1371 btusb snd_ac97_codec uvcvideo btrtl videobuf2_vmalloc btbcm btintel gameport snd_rawmidi videobuf2_memops bluetooth videobuf2_v4l2 videobuf2_core snd_seq_device ac97_bus snd_pcm videodev media ecdh_generic snd_timer snd soundcore shpchp mac_hid vmw_vsock_vmci_transport vsock vmw_vmci sch_fq_codel ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear hid_generic usbhid hid crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc aesni_intel aes_x86_64 crypto_simd glue_helper cryptd vmwgfx
[  365.069173]  psmouse ttm drm_kms_helper mptspi mptscsih ahci libahci e1000 mptbase scsi_transport_spi syscopyarea sysfillrect sysimgblt fb_sys_fops drm i2c_piix4 pata_acpi
[  365.069178] CPU: 0 PID: 1410 Comm: poc Tainted: G        W        4.15.0-12-generic #13-Ubuntu
[  365.069178] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/02/2015
[  365.069179] RIP: 0010:ext4_dirent_csum_verify+0x97/0xe0
[  365.069180] RSP: 0018:ffffb90740cafcd8 EFLAGS: 00010246
[  365.069181] RAX: ffff8b4bb91a6000 RBX: 0000000000000001 RCX: 0000000000000000
[  365.069181] RDX: ffff8b4bb91a7800 RSI: ffff8b4ba0d12000 RDI: ffff8b4bb8e28528
[  365.069182] RBP: ffffb90740cafd00 R08: ffffb90740cafd68 R09: 0000000000000000
[  365.069182] R10: ffffb90740cafea8 R11: 0000000000000001 R12: 0000000000000008
[  365.069182] R13: ffff8b4bb8e28528 R14: ffff8b4bb8dda0d0 R15: 0000000000000002
[  365.069183] FS:  00007f301ea94540(0000) GS:ffff8b4bbc600000(0000) knlGS:0000000000000000
[  365.069184] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  365.069184] CR2: 00007f827d8132a0 CR3: 0000000038294005 CR4: 00000000001606f0
[  365.069186] Call Trace:
[  365.069188]  ext4_find_entry+0x29f/0x4e0
[  365.069190]  ext4_lookup+0x81/0x210
[  365.069193]  __lookup_hash+0x6a/0xa0
[  365.069194]  do_unlinkat+0x137/0x320
[  365.069195]  SyS_unlink+0x1f/0x30
[  365.069196]  do_syscall_64+0x73/0x130
[  365.069198]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[  365.069199] RIP: 0033:0x7f301e597d47
[  365.069199] RSP: 002b:00007ffd93f01868 EFLAGS: 00000202 ORIG_RAX: 0000000000000057
[  365.069200] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f301e597d47
[  365.069200] RDX: 0000000000000001 RSI: 0000000000000001 RDI: 0000000000cb82d0
[  365.069201] RBP: 00007ffd93f019d0 R08: 0000000000000003 R09: 0000000000000000
[  365.069201] R10: 0000000000000003 R11: 0000000000000202 R12: 0000000000400c20
[  365.069202] R13: 00007ffd93f01ad0 R14: 0000000000000000 R15: 0000000000000000
[  365.069202] Code: 48 c7 c6 a0 ed 04 a7 e8 98 d6 01 00 31 c0 eb 05 b8 01 00 00 00 48 8b 5d f0 65 48 33 1c 25 28 00 00 00 75 47 48 83 c4 20 5b 5d c3 <0f> 0b b8 01 00 00 00 eb e1 83 39 04 8b 58 08 8b 87 48 03 00 00
[  365.069218] ---[ end trace 1ecf08f3cdf242f9 ]---
[  365.069238] WARNING: CPU: 0 PID: 1410 at /build/linux-LL9XfP/linux-4.15.0/fs/ext4/ext4.h:2692 ext4_inode_bitmap_csum_set+0x9c/0xb0
[  365.069239] Modules linked in: vmw_balloon coretemp intel_rapl_perf input_leds joydev serio_raw snd_ens1371 btusb snd_ac97_codec uvcvideo btrtl videobuf2_vmalloc btbcm btintel gameport snd_rawmidi videobuf2_memops bluetooth videobuf2_v4l2 videobuf2_core snd_seq_device ac97_bus snd_pcm videodev media ecdh_generic snd_timer snd soundcore shpchp mac_hid vmw_vsock_vmci_transport vsock vmw_vmci sch_fq_codel ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear hid_generic usbhid hid crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc aesni_intel aes_x86_64 crypto_simd glue_helper cryptd vmwgfx
[  365.069258]  psmouse ttm drm_kms_helper mptspi mptscsih ahci libahci e1000 mptbase scsi_transport_spi syscopyarea sysfillrect sysimgblt fb_sys_fops drm i2c_piix4 pata_acpi
[  365.069263] CPU: 0 PID: 1410 Comm: poc Tainted: G        W        4.15.0-12-generic #13-Ubuntu
[  365.069263] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/02/2015
[  365.069264] RIP: 0010:ext4_inode_bitmap_csum_set+0x9c/0xb0
[  365.069265] RSP: 0018:ffffb90740cafd10 EFLAGS: 00010246
[  365.069265] RAX: 0000000000000000 RBX: ffff8b4bb91a7800 RCX: ffff8b4bb8dc6af8
[  365.069266] RDX: ffff8b4bb80e28c0 RSI: 0000000000000006 RDI: ffff8b4bb91a6000
[  365.069266] RBP: ffffb90740cafd40 R08: 0000000000000020 R09: 0000000000000000
[  365.069267] R10: 0000000000000000 R11: ffff8b4bb91a7800 R12: ffff8b4bb8e2e6e8
[  365.069267] R13: 0000000000008000 R14: ffff8b4bb8e3bce0 R15: ffff8b4bb80e28c0
[  365.069268] FS:  00007f301ea94540(0000) GS:ffff8b4bbc600000(0000) knlGS:0000000000000000
[  365.069269] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  365.069269] CR2: 00007f827d8132a0 CR3: 0000000038294005 CR4: 00000000001606f0
[  365.069271] Call Trace:
[  365.069272]  ? __ext4_journal_get_write_access+0x25/0xb0
[  365.069274]  __ext4_new_inode+0xd1f/0x1400
[  365.069276]  ext4_create+0xa9/0x1b0
[  365.069277]  vfs_create+0x10a/0x1b0
[  365.069278]  SyS_mknod+0x1f1/0x210
[  365.069280]  do_syscall_64+0x73/0x130
[  365.069281]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[  365.069282] RIP: 0033:0x7f301e59586d
[  365.069282] RSP: 002b:00007ffd93f01848 EFLAGS: 00000246 ORIG_RAX: 0000000000000085
[  365.069283] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f301e59586d
[  365.069283] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000000cb82f0
[  365.069284] RBP: 00007ffd93f019d0 R08: 0000000000cb82f0 R09: 0000000000000000
[  365.069284] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000400c20
[  365.069285] R13: 00007ffd93f01ad0 R14: 0000000000000000 R15: 0000000000000000
[  365.069285] Code: 89 44 24 1a 48 83 3b 3b 76 09 c1 e8 10 66 41 89 44 24 3a 48 8b 45 e8 65 48 33 04 25 28 00 00 00 75 11 48 83 c4 20 5b 41 5c 5d c3 <0f> 0b eb e4 0f 0b 0f 0b e8 a7 21 d8 ff 0f 1f 80 00 00 00 00 0f
[  365.069301] ---[ end trace 1ecf08f3cdf242fa ]---
[  365.069500] WARNING: CPU: 0 PID: 1410 at /build/linux-LL9XfP/linux-4.15.0/fs/ext4/ext4.h:2692 ext4_has_metadata_csum+0x21/0x3b
[  365.069500] Modules linked in: vmw_balloon coretemp intel_rapl_perf input_leds joydev serio_raw snd_ens1371 btusb snd_ac97_codec uvcvideo btrtl videobuf2_vmalloc btbcm btintel gameport snd_rawmidi videobuf2_memops bluetooth videobuf2_v4l2 videobuf2_core snd_seq_device ac97_bus snd_pcm videodev media ecdh_generic snd_timer snd soundcore shpchp mac_hid vmw_vsock_vmci_transport vsock vmw_vmci sch_fq_codel ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear hid_generic usbhid hid crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc aesni_intel aes_x86_64 crypto_simd glue_helper cryptd vmwgfx
[  365.069520]  psmouse ttm drm_kms_helper mptspi mptscsih ahci libahci e1000 mptbase scsi_transport_spi syscopyarea sysfillrect sysimgblt fb_sys_fops drm i2c_piix4 pata_acpi
[  365.069526] CPU: 0 PID: 1410 Comm: poc Tainted: G        W        4.15.0-12-generic #13-Ubuntu
[  365.069527] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/02/2015
[  365.069528] RIP: 0010:ext4_has_metadata_csum+0x21/0x3b
[  365.069529] RSP: 0018:ffffb90740cafd40 EFLAGS: 00010246
[  365.069530] RAX: 0000000000000000 RBX: ffff8b4bb91a6000 RCX: ffff8b4bb80e2400
[  365.069530] RDX: ffff8b4bb91a7800 RSI: 0000000010083248 RDI: ffff8b4bb91a6000
[  365.069531] RBP: ffffb90740cafd40 R08: 00000000adaf9ab5 R09: ffff8b4bb8e280f4
[  365.069531] R10: 0000000000000000 R11: ffff8b4bb91a7800 R12: ffff8b4bb8e2e6e8
[  365.069531] R13: 0000000000008000 R14: ffff8b4bb8e280e8 R15: ffff8b4bb80e28c0
[  365.069532] FS:  00007f301ea94540(0000) GS:ffff8b4bbc600000(0000) knlGS:0000000000000000
[  365.069533] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  365.069533] CR2: 00007f827d8132a0 CR3: 0000000038294005 CR4: 00000000001606f0
[  365.069535] Call Trace:
[  365.069537]  __ext4_new_inode+0xf43/0x1400
[  365.069539]  ext4_create+0xa9/0x1b0
[  365.069540]  vfs_create+0x10a/0x1b0
[  365.069541]  SyS_mknod+0x1f1/0x210
[  365.069543]  do_syscall_64+0x73/0x130
[  365.069544]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[  365.069545] RIP: 0033:0x7f301e59586d
[  365.069545] RSP: 002b:00007ffd93f01848 EFLAGS: 00000246 ORIG_RAX: 0000000000000085
[  365.069546] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f301e59586d
[  365.069546] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000000cb82f0
[  365.069547] RBP: 00007ffd93f019d0 R08: 0000000000cb82f0 R09: 0000000000000000
[  365.069547] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000400c20
[  365.069548] R13: 00007ffd93f01ad0 R14: 0000000000000000 R15: 0000000000000000
[  365.069548] Code: ff 44 8b 45 b0 e9 91 fd ff ff 48 8b 97 08 04 00 00 48 8b 4a 68 f6 41 65 04 74 1d 48 8b 82 a8 03 00 00 48 85 c0 75 14 55 48 89 e5 <0f> 0b 48 85 c0 0f 95 c0 0f b6 c0 5d c3 31 c0 c3 48 85 c0 0f 95
[  365.069564] ---[ end trace 1ecf08f3cdf242fb ]---
[  365.069586] WARNING: CPU: 0 PID: 1410 at /build/linux-LL9XfP/linux-4.15.0/fs/ext4/ext4.h:2692 ext4_iget+0x720/0xb90
[  365.069587] Modules linked in: vmw_balloon coretemp intel_rapl_perf input_leds joydev serio_raw snd_ens1371 btusb snd_ac97_codec uvcvideo btrtl videobuf2_vmalloc btbcm btintel gameport snd_rawmidi videobuf2_memops bluetooth videobuf2_v4l2 videobuf2_core snd_seq_device ac97_bus snd_pcm videodev media ecdh_generic snd_timer snd soundcore shpchp mac_hid vmw_vsock_vmci_transport vsock vmw_vmci sch_fq_codel ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear hid_generic usbhid hid crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc aesni_intel aes_x86_64 crypto_simd glue_helper cryptd vmwgfx
[  365.069605]  psmouse ttm drm_kms_helper mptspi mptscsih ahci libahci e1000 mptbase scsi_transport_spi syscopyarea sysfillrect sysimgblt fb_sys_fops drm i2c_piix4 pata_acpi
[  365.069609] CPU: 0 PID: 1410 Comm: poc Tainted: G        W        4.15.0-12-generic #13-Ubuntu
[  365.069610] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/02/2015
[  365.069611] RIP: 0010:ext4_iget+0x720/0xb90
[  365.069611] RSP: 0018:ffffb90740cafb70 EFLAGS: 00010246
[  365.069612] RAX: ffff8b4bb91a7800 RBX: ffff8b4bb8e2a728 RCX: ffff8b4bb80e2400
[  365.069612] RDX: ffff8b4bb91a6000 RSI: 000000000000000d RDI: fffff966008798c0
[  365.069613] RBP: ffffb90740cafbe8 R08: ffff8b4bb8ddac30 R09: 0000000000000000
[  365.069613] R10: ffff8b4ba1e63700 R11: 0000000000000005 R12: ffff8b4bb91a6000
[  365.069614] R13: 000000000000000f R14: ffff8b4bb91a7800 R15: 0000000000000000
[  365.069615] FS:  00007f301ea94540(0000) GS:ffff8b4bbc600000(0000) knlGS:0000000000000000
[  365.069615] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  365.069616] CR2: 00007f827d8132a0 CR3: 0000000038294005 CR4: 00000000001606f0
[  365.069618] Call Trace:
[  365.069620]  ext4_iget_normal+0x30/0x40
[  365.069621]  ext4_lookup+0xf0/0x210
[  365.069622]  lookup_slow+0xab/0x170
[  365.069623]  walk_component+0x1c3/0x350
[  365.069624]  path_lookupat+0x84/0x1f0
[  365.069625]  ? _cond_resched+0x19/0x40
[  365.069626]  filename_lookup+0xb6/0x190
[  365.069628]  ? d_instantiate+0x42/0x60
[  365.069630]  ? __check_object_size+0xaf/0x1b0
[  365.069633]  ? strncpy_from_user+0x4d/0x170
[  365.069635]  user_path_at_empty+0x36/0x40
[  365.069635]  ? user_path_at_empty+0x36/0x40
[  365.069638]  path_listxattr+0x4b/0xb0
[  365.069639]  SyS_listxattr+0x13/0x20
[  365.069640]  do_syscall_64+0x73/0x130
[  365.069642]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[  365.069642] RIP: 0033:0x7f301e5a5907
[  365.069643] RSP: 002b:00007ffd93f01868 EFLAGS: 00000202 ORIG_RAX: 00000000000000c2
[  365.069643] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f301e5a5907
[  365.069644] RDX: 0000000000000071 RSI: 00007ffd93f01950 RDI: 0000000000cb8310
[  365.069644] RBP: 00007ffd93f019d0 R08: 0000000000cb82f0 R09: 0000000000000000
[  365.069645] R10: 0000000000000003 R11: 0000000000000202 R12: 0000000000400c20
[  365.069645] R13: 00007ffd93f01ad0 R14: 0000000000000000 R15: 0000000000000000
[  365.069646] Code: 28 48 8b 86 08 04 00 00 f6 80 a0 00 00 00 04 0f 85 c1 fb ff ff 49 83 fd 05 49 c7 c6 8c ff ff ff 0f 85 67 ff ff ff e9 a7 fb ff ff <0f> 0b e9 9c fa ff ff 41 8b 42 6c 48 c1 e0 20 49 09 c1 4d 85 c9
[  365.069663] ---[ end trace 1ecf08f3cdf242fc ]---
[  365.070479] BUG: unable to handle kernel NULL pointer dereference at           (null)
[  365.070512] IP: ext4_xattr_set_entry+0x77f/0x1090
[  365.070533] PGD 8000000038072067 P4D 8000000038072067 PUD 38073067 PMD 0
[  365.070599] Oops: 0000 [#1] SMP PTI
[  365.070622] Modules linked in: vmw_balloon coretemp intel_rapl_perf input_leds joydev serio_raw snd_ens1371 btusb snd_ac97_codec uvcvideo btrtl videobuf2_vmalloc btbcm btintel gameport snd_rawmidi videobuf2_memops bluetooth videobuf2_v4l2 videobuf2_core snd_seq_device ac97_bus snd_pcm videodev media ecdh_generic snd_timer snd soundcore shpchp mac_hid vmw_vsock_vmci_transport vsock vmw_vmci sch_fq_codel ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear hid_generic usbhid hid crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc aesni_intel aes_x86_64 crypto_simd glue_helper cryptd vmwgfx
[  365.070902]  psmouse ttm drm_kms_helper mptspi mptscsih ahci libahci e1000 mptbase scsi_transport_spi syscopyarea sysfillrect sysimgblt fb_sys_fops drm i2c_piix4 pata_acpi
[  365.072144] CPU: 0 PID: 1410 Comm: poc Tainted: G        W        4.15.0-12-generic #13-Ubuntu
[  365.072739] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/02/2015
[  365.074959] RIP: 0010:ext4_xattr_set_entry+0x77f/0x1090
[  365.075822] RSP: 0018:ffffb90740caf948 EFLAGS: 00010246
[  365.076411] RAX: 0000000000000000 RBX: ffffb90740cafb40 RCX: 0000000000000000
[  365.076977] RDX: 0000000000000000 RSI: 0000000000000071 RDI: ffff8b4bb8e2a7b0
[  365.077550] RBP: ffffb90740cafa40 R08: 0000000000000001 R09: 0000000000000000
[  365.078255] R10: 0000000000000000 R11: 0000000000000400 R12: ffffb90740cafac0
[  365.078966] R13: ffff8b4bb85b5020 R14: ffff8b4bb85b5020 R15: 0000000000000071
[  365.079650] FS:  00007f301ea94540(0000) GS:ffff8b4bbc600000(0000) knlGS:0000000000000000
[  365.080319] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  365.080976] CR2: 0000000000000000 CR3: 0000000038294005 CR4: 00000000001606f0
[  365.081633] Call Trace:
[  365.082290]  ? ext4_new_meta_blocks+0xcb/0x110
[  365.082867]  ? _cond_resched+0x19/0x40
[  365.083430]  ? __kmalloc+0x19b/0x220
[  365.083983]  ext4_xattr_block_set+0x578/0xf00
[  365.084564]  ? __ext4_journal_get_write_access+0x25/0xb0
[  365.085049]  ext4_xattr_set_handle+0x456/0x5a0
[  365.085518]  ? ext4_xattr_user_list+0x20/0x20
[  365.085974]  ext4_xattr_set+0xbd/0x140
[  365.086423]  ext4_xattr_user_set+0x34/0x40
[  365.086841]  __vfs_setxattr+0x6b/0x90
[  365.087252]  __vfs_setxattr_noperm+0x72/0x1a0
[  365.087675]  vfs_setxattr+0xa7/0xb0
[  365.088095]  setxattr+0x158/0x1c0
[  365.088497]  ? _cond_resched+0x19/0x40
[  365.088894]  ? __check_object_size+0xaf/0x1b0
[  365.089271]  ? strncpy_from_user+0x4d/0x170
[  365.089686]  ? _cond_resched+0x19/0x40
[  365.090030]  path_setxattr+0xbd/0xd0
[  365.090361]  SyS_setxattr+0x14/0x20
[  365.090683]  do_syscall_64+0x73/0x130
[  365.090992]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[  365.091295] RIP: 0033:0x7f301e5a5a2a
[  365.091652] RSP: 002b:00007ffd93f01868 EFLAGS: 00000202 ORIG_RAX: 00000000000000bc
[  365.092028] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f301e5a5a2a
[  365.092408] RDX: 00007ffd93f01950 RSI: 0000000000401498 RDI: 0000000000cb8310
[  365.092692] RBP: 00007ffd93f019d0 R08: 0000000000000001 R09: 0000000000000000
[  365.092967] R10: 0000000000000071 R11: 0000000000000202 R12: 0000000000400c20
[  365.093238] R13: 00007ffd93f01ad0 R14: 0000000000000000 R15: 0000000000000000
[  365.093506] Code: 8b 85 70 ff ff ff 48 89 b5 48 ff ff ff 89 b5 0c ff ff ff 48 8b 40 28 48 8b 80 08 04 00 00 8b 90 b0 03 00 00 48 8b 80 a8 03 00 00 <83> 38 04 0f 85 4f 06 00 00 89 55 c8 48 8b b5 40 ff ff ff 48 8d
[  365.094360] RIP: ext4_xattr_set_entry+0x77f/0x1090 RSP: ffffb90740caf948
[  365.094652] CR2: 0000000000000000
[  365.094983] ---[ end trace 1ecf08f3cdf242fd ]---

Reported by Wen Xu from SSLab, Gatech
Comment 1 Wen Xu 2018-03-22 20:46:48 UTC 
Created attachment 274885 [details]
poc.c
Comment 2 Theodore Tso 2018-03-25 06:29:12 UTC 
I can't replicate the BUG with the latest version of linux.

What makes you think inode->i_sb is NULL?   That field is one of the first to be set up....
[
Comment 3 Wen Xu 2018-03-25 17:23:18 UTC 
Sorry, it was my mistake. 

After debugging the kernel again, I found that it crashes here:
https://elixir.bootlin.com/linux/v4.15/source/fs/ext4/ext4.h#L2005

static inline u32 ext4_chksum(struct ext4_sb_info *sbi, u32 crc,
			      const void *address, unsigned int length)
{
	struct {
		struct shash_desc shash;
		char ctx[4];
	} desc;
	int err;

	BUG_ON(crypto_shash_descsize(sbi->s_chksum_driver)!=sizeof(desc.ctx)); <-

sbi->s_chksum_driver may not always be set up and can be NULL, while 

static inline unsigned int crypto_shash_descsize(struct crypto_shash *tfm)
{
	return tfm->descsize;
}

the function crypto_shash_descsize() directly dereferences the pointer. 

By the way, I reproduce it on Linux 4.15.0-12-generic used by latest Ubuntu 18.04.
Comment 4 Theodore Tso 2018-03-26 04:08:16 UTC 
OK, I was able to replicate this on 4.15, but it's not replicating on 4.16-rc1.  However, the underlying issue was NOT that inode->i_sb is NULL, but rather that s_chksum_driver (found in EXT4_SBI(inode->i_sb)->s_chksum_driver) was NULL.

I'm not sure why we're not ending up calling ext4_chksum() in 4.16-rc1, but the xattr code can try to calculate a crc32c, and so we should just initialize the s_chksum_driver() unconditionally.  It will make things simpler, and avoid a bunch of problems.

In addition, the file system should have never been allowed to have been mounted in the first place, since one of the block allocation bitmaps overlapped with the superblock, and this means that as blocks got allocated, the superblock was getting corrupted.
Comment 5 Theodore Tso 2018-03-26 04:46:12 UTC 
Created attachment 274935 [details]
0001-ext4-always-initialize-the-crc32c-checksum-driver.patch
Comment 6 Theodore Tso 2018-03-26 04:46:48 UTC 
Created attachment 274937 [details]
0002-ext4-don-t-allow-r-w-mounts-if-metadata-blocks-overl.patch
Comment 7 Vitaly Chikunov 2018-04-28 21:35:53 UTC 
Theodore, your patch 0001-ext4-always-initialize-the-crc32c-checksum-driver.patch (which is v4.16-rc1-18-ga45403b51582) introduces strong dependency on having crc32c modules preloaded before ext4, otherwise it's goto failed_mount. This dependency is invisible for modinfo/depmod, thus some dependency resolvers for initrd fail to properly adjust crc32c modules for boot.

Is it intentional or could be fixed?

Thanks,