WARNING in kvfree (2)

similar bugs (1):
Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
upstream	WARNING in kvfree				1	905d	904d	0/24	auto-closed as invalid on 2021/01/29 15:55

------------[ cut here ]------------
WARNING: CPU: 1 PID: 12351 at mm/slab_common.c:935 free_large_kmalloc+0x34/0x138 mm/slab_common.c:936
Modules linked in:
CPU: 1 PID: 12351 Comm: syz-executor.3 Not tainted 6.3.0-rc3-syzkaller-ge8d018dd0257 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : free_large_kmalloc+0x34/0x138 mm/slab_common.c:936
lr : kfree+0x104/0x1a8 mm/slab_common.c:1013
sp : ffff800021f174e0
x29: ffff800021f174e0 x28: ffff00012d8e48e8 x27: ffff00013eda25a4
x26: dfff800000000000 x25: 0000000000000020 x24: ffff0000d8105a00
x23: ffff0000d8105000 x22: 0000000000000000 x21: ffff80000880e804
x20: ffff00013eda25a4 x19: fffffc0004fb6880 x18: ffff800021f16e80
x17: ffff800015b3d000 x16: ffff8000122e1788 x15: ffff800008a6fd14
x14: ffff800008a6f8e4 x13: ffff800008063218 x12: 0000000000000003
x11: ff8080000809a054 x10: 0000000000000000 x9 : 05ffc0000000203a
x8 : ffff800018539000 x7 : ffff800008063484 x6 : ffff800008063694
x5 : ffff0000cb6795e8 x4 : ffff800021f172b0 x3 : 0000000000000000
x2 : 0000000000000006 x1 : ffff00013eda25a4 x0 : fffffc0004fb6880
Call trace:
 free_large_kmalloc+0x34/0x138 mm/slab_common.c:936
 kfree+0x104/0x1a8 mm/slab_common.c:1013
 kvfree+0x40/0x50 mm/util.c:649
 ext4_xattr_move_to_block fs/ext4/xattr.c:2680 [inline]
 ext4_xattr_make_inode_space fs/ext4/xattr.c:2743 [inline]
 ext4_expand_extra_isize_ea+0xcec/0x16b4 fs/ext4/xattr.c:2835
 __ext4_expand_extra_isize+0x290/0x348 fs/ext4/inode.c:5960
 ext4_try_to_expand_extra_isize fs/ext4/inode.c:6003 [inline]
 __ext4_mark_inode_dirty+0x460/0x85c fs/ext4/inode.c:6081
 __ext4_unlink+0x768/0x998 fs/ext4/namei.c:3255
 ext4_unlink+0x1b4/0x6a0 fs/ext4/namei.c:3298
 vfs_unlink+0x2f0/0x508 fs/namei.c:4250
 do_unlinkat+0x4c8/0x82c fs/namei.c:4316
 __do_sys_unlinkat fs/namei.c:4359 [inline]
 __se_sys_unlinkat fs/namei.c:4352 [inline]
 __arm64_sys_unlinkat+0xcc/0xfc fs/namei.c:4352
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x64/0x198 arch/arm64/kernel/syscall.c:193
 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:591
irq event stamp: 4994
hardirqs last  enabled at (4993): [<ffff80000896b4d8>] kasan_quarantine_put+0x1a0/0x1c8 mm/kasan/quarantine.c:242
hardirqs last disabled at (4994): [<ffff8000122dd31c>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last  enabled at (4756): [<ffff800008033428>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (4754): [<ffff8000080333f4>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
---[ end trace 0000000000000000 ]---
object pointer: 0x000000004da339b2
==================================================================
BUG: KASAN: invalid-free in kfree+0x104/0x1a8 mm/slab_common.c:1013
Free of addr ffff00013eda25a4 by task syz-executor.3/12351

CPU: 1 PID: 12351 Comm: syz-executor.3 Tainted: G        W          6.3.0-rc3-syzkaller-ge8d018dd0257 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
Call trace:
 dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106
 print_address_description mm/kasan/report.c:319 [inline]
 print_report+0x174/0x514 mm/kasan/report.c:430
 kasan_report_invalid_free+0xc4/0x114 mm/kasan/report.c:501
 __kasan_kfree_large+0xa4/0xc0 mm/kasan/common.c:272
 kasan_kfree_large include/linux/kasan.h:170 [inline]
 free_large_kmalloc+0x70/0x138 mm/slab_common.c:939
 kfree+0x104/0x1a8 mm/slab_common.c:1013
 kvfree+0x40/0x50 mm/util.c:649
 ext4_xattr_move_to_block fs/ext4/xattr.c:2680 [inline]
 ext4_xattr_make_inode_space fs/ext4/xattr.c:2743 [inline]
 ext4_expand_extra_isize_ea+0xcec/0x16b4 fs/ext4/xattr.c:2835
 __ext4_expand_extra_isize+0x290/0x348 fs/ext4/inode.c:5960
 ext4_try_to_expand_extra_isize fs/ext4/inode.c:6003 [inline]
 __ext4_mark_inode_dirty+0x460/0x85c fs/ext4/inode.c:6081
 __ext4_unlink+0x768/0x998 fs/ext4/namei.c:3255
 ext4_unlink+0x1b4/0x6a0 fs/ext4/namei.c:3298
 vfs_unlink+0x2f0/0x508 fs/namei.c:4250
 do_unlinkat+0x4c8/0x82c fs/namei.c:4316
 __do_sys_unlinkat fs/namei.c:4359 [inline]
 __se_sys_unlinkat fs/namei.c:4352 [inline]
 __arm64_sys_unlinkat+0xcc/0xfc fs/namei.c:4352
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x64/0x198 arch/arm64/kernel/syscall.c:193
 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:591

The buggy address belongs to the physical page:
page:00000000e908e67b refcount:2 mapcount:0 mapping:000000000b2fd6ab index:0x1 pfn:0x17eda2
memcg:ffff00012bf7e000
aops:def_blk_aops ino:700003
flags: 0x5ffc0000000203a(referenced|dirty|lru|active|private|node=0|zone=2|lastcpupid=0x7ff)
raw: 05ffc0000000203a fffffc000353ef88 fffffc000503eb08 ffff0000c0494a10
raw: 0000000000000001 ffff00012afef910 00000002ffffffff ffff00012bf7e000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff00013eda2480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff00013eda2500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff00013eda2580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                               ^
 ffff00013eda2600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff00013eda2680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================

Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	VM info	Assets	Title
ci-upstream-gce-arm64	2023/03/25 15:08	git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci	e8d018dd0257	fbf0499a	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	WARNING in kvfree
ci-upstream-gce-arm64	2023/03/16 04:08	git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci	fe15c26ee26e	18b58603	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	WARNING in kvfree
ci-upstream-gce-arm64	2023/03/16 01:11	git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci	fe15c26ee26e	18b58603	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	WARNING in kvfree
ci-upstream-gce-arm64	2023/03/15 10:54	git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci	fe15c26ee26e	0d5c4377	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	WARNING in kvfree
ci-upstream-gce-arm64	2023/03/13 13:26	git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci	fe15c26ee26e	5205ef30	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	WARNING in kvfree
ci-upstream-gce-arm64	2023/03/11 18:38	git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci	fe15c26ee26e	5205ef30	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	WARNING in kvfree
ci-upstream-gce-arm64	2023/03/11 17:50	git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci	fe15c26ee26e	5205ef30	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	WARNING in kvfree