==================================================================
BUG: KASAN: global-out-of-bounds in __read_once_size include/linux/compiler.h:218 [inline]
BUG: KASAN: global-out-of-bounds in PageTail include/linux/page-flags.h:400 [inline]
BUG: KASAN: global-out-of-bounds in get_page include/linux/mm.h:508 [inline]
BUG: KASAN: global-out-of-bounds in submit_page_section fs/direct-io.c:813 [inline]
BUG: KASAN: global-out-of-bounds in do_direct_IO fs/direct-io.c:1033 [inline]
BUG: KASAN: global-out-of-bounds in do_blockdev_direct_IO fs/direct-io.c:1256 [inline]
BUG: KASAN: global-out-of-bounds in __blockdev_direct_IO+0x9209/0xb030 fs/direct-io.c:1342
Read of size 8 at addr ffffffff8284b220 by task syz-executor533/2057
CPU: 0 PID: 2057 Comm: syz-executor533 Not tainted 4.4.174+ #4
0000000000000000 394af2dd16140742 ffff8800b72c71d0 ffffffff81aad1a1
0000000000000000 0000000000000000 ffffffff8284b220 0000000000000008
ffff8800b6c34000 ffff8800b72c7208 ffffffff81490120 0000000000000000
Call Trace:
[<ffffffff81aad1a1>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81aad1a1>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
[<ffffffff81490120>] print_address_description+0x6f/0x21b mm/kasan/report.c:252
[<ffffffff81490358>] kasan_report_error mm/kasan/report.c:351 [inline]
[<ffffffff81490358>] kasan_report mm/kasan/report.c:408 [inline]
[<ffffffff81490358>] kasan_report.cold+0x8c/0x2be mm/kasan/report.c:393
[<ffffffff81484ed4>] __asan_report_load8_noabort+0x14/0x20 mm/kasan/report.c:429
[<ffffffff8155cfa9>] __read_once_size include/linux/compiler.h:218 [inline]
[<ffffffff8155cfa9>] PageTail include/linux/page-flags.h:400 [inline]
[<ffffffff8155cfa9>] get_page include/linux/mm.h:508 [inline]
[<ffffffff8155cfa9>] submit_page_section fs/direct-io.c:813 [inline]
[<ffffffff8155cfa9>] do_direct_IO fs/direct-io.c:1033 [inline]
[<ffffffff8155cfa9>] do_blockdev_direct_IO fs/direct-io.c:1256 [inline]
[<ffffffff8155cfa9>] __blockdev_direct_IO+0x9209/0xb030 fs/direct-io.c:1342
[<ffffffff8173cf01>] blockdev_direct_IO include/linux/fs.h:2789 [inline]
[<ffffffff8173cf01>] ext4_ind_direct_IO+0x3e1/0xb90 fs/ext4/indirect.c:709
[<ffffffff8163fe21>] ext4_ext_direct_IO fs/ext4/inode.c:3233 [inline]
[<ffffffff8163fe21>] ext4_direct_IO+0x8c1/0x2a80 fs/ext4/inode.c:3405
[<ffffffff813bcae6>] generic_file_direct_write+0x276/0x4f0 mm/filemap.c:2493
[<ffffffff813bcfa5>] __generic_file_write_iter+0x245/0x540 mm/filemap.c:2673
[<ffffffff81633d3c>] ext4_file_write_iter+0x9ec/0xc70 fs/ext4/file.c:171
[<ffffffff81496220>] vfs_iter_write+0x1d0/0x3f0 fs/read_write.c:364
[<ffffffff81534731>] iter_file_splice_write+0x5c1/0xb30 fs/splice.c:1024
[<ffffffff81537d31>] do_splice_from fs/splice.c:1128 [inline]
[<ffffffff81537d31>] do_splice fs/splice.c:1404 [inline]
[<ffffffff81537d31>] SYSC_splice fs/splice.c:1707 [inline]
[<ffffffff81537d31>] SyS_splice+0xd71/0x13a0 fs/splice.c:1690
[<ffffffff82718ba1>] entry_SYSCALL_64_fastpath+0x1e/0x9a
The buggy address belongs to the variable:
sched_tunable_scaling_names+0x380/0x4740
Memory state around the buggy address:
ffffffff8284b100: 00 00 00 00 00 01 fa fa fa fa fa fa 00 00 07 fa
ffffffff8284b180: fa fa fa fa 00 00 00 00 00 04 fa fa fa fa fa fa
>ffffffff8284b200: 00 00 00 03 fa fa fa fa 00 07 fa fa fa fa fa fa
^
ffffffff8284b280: 00 00 00 fa fa fa fa fa 00 00 07 fa fa fa fa fa
ffffffff8284b300: 00 06 fa fa fa fa fa fa 00 00 05 fa fa fa fa fa
==================================================================