================================================================== BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x9c1/0x1e20 fs/ext4/xattr.c:1763 Read of size 18446744073709551600 at addr ffff88801fcb12b8 by task kworker/u4:2/24 CPU: 0 UID: 0 PID: 24 Comm: kworker/u4:2 Not tainted syzkaller #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 Workqueue: writeback wb_workfn (flush-7:0) Call Trace: dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120 print_address_description+0x55/0x1e0 mm/kasan/report.c:378 print_report+0x58/0x70 mm/kasan/report.c:482 kasan_report+0x117/0x150 mm/kasan/report.c:595 check_region_inline mm/kasan/generic.c:-1 [inline] kasan_check_range+0x264/0x2c0 mm/kasan/generic.c:200 __asan_memmove+0x29/0x70 mm/kasan/shadow.c:94 ext4_xattr_set_entry+0x9c1/0x1e20 fs/ext4/xattr.c:1763 ext4_xattr_ibody_set+0x254/0x6a0 fs/ext4/xattr.c:2275 ext4_destroy_inline_data_nolock+0x23a/0x5e0 fs/ext4/inline.c:472 ext4_destroy_inline_data+0x83/0xe0 fs/ext4/inline.c:1806 ext4_do_writepages+0x51e/0x4670 fs/ext4/inode.c:2827 ext4_writepages+0x241/0x3b0 fs/ext4/inode.c:3042 do_writepages+0x32e/0x550 mm/page-writeback.c:2571 __writeback_single_inode+0x133/0x10e0 fs/fs-writeback.c:1764 writeback_sb_inodes+0x979/0x19d0 fs/fs-writeback.c:2056 __writeback_inodes_wb+0x111/0x240 fs/fs-writeback.c:2132 wb_writeback+0x459/0xb00 fs/fs-writeback.c:2243 wb_check_start_all fs/fs-writeback.c:2369 [inline] wb_do_writeback fs/fs-writeback.c:2395 [inline] wb_workfn+0x921/0xf10 fs/fs-writeback.c:2428 process_one_work kernel/workqueue.c:3314 [inline] process_scheduled_works+0xb5d/0x1860 kernel/workqueue.c:3397 worker_thread+0xa53/0xfc0 kernel/workqueue.c:3478 kthread+0x389/0x470 kernel/kthread.c:436 ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 The buggy address belongs to the physical page: page: refcount:2 mapcount:0 mapping:ffff88801cc25940 index:0x2 pfn:0x1fcb1 memcg:ffff888036e9da00 aops:def_blk_aops ino:700000 dentry name(?):"" flags: 0xfff80000004226(referenced|lru|workingset|private|writeback|node=0|zone=1|lastcpupid=0x7ff) raw: 00fff80000004226 ffffea00007f6c88 ffffea00004c89c8 ffff88801cc25940 raw: 0000000000000002 ffff888047a29d98 00000002ffffffff ffff888036e9da00 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 0, migratetype Movable, gfp_mask 0x148c48(GFP_NOFS|__GFP_MOVABLE|__GFP_NOFAIL|__GFP_COMP|__GFP_HARDWALL), pid 5331, tgid 5329 (syz.0.0), ts 85144618340, free_ts 85063809594 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x22d/0x280 mm/page_alloc.c:1853 prep_new_page mm/page_alloc.c:1861 [inline] get_page_from_freelist+0x2593/0x2610 mm/page_alloc.c:3941 __alloc_frozen_pages_noprof+0x18d/0x380 mm/page_alloc.c:5221 alloc_pages_mpol+0x235/0x490 mm/mempolicy.c:2490 alloc_frozen_pages_noprof mm/mempolicy.c:2561 [inline] alloc_pages_noprof+0xac/0x2a0 mm/mempolicy.c:2581 folio_alloc_noprof+0x1e/0x30 mm/mempolicy.c:2591 filemap_alloc_folio_noprof+0x111/0x470 mm/filemap.c:1014 __filemap_get_folio_mpol+0x3fc/0xb00 mm/filemap.c:2012 __filemap_get_folio include/linux/pagemap.h:763 [inline] grow_dev_folio fs/buffer.c:954 [inline] grow_buffers fs/buffer.c:1020 [inline] __getblk_slow fs/buffer.c:1038 [inline] bdev_getblk+0x1f6/0x6e0 fs/buffer.c:1358 __getblk include/linux/buffer_head.h:380 [inline] sb_getblk include/linux/buffer_head.h:386 [inline] __ext4_get_inode_loc+0x528/0xfa0 fs/ext4/inode.c:4890 ext4_get_inode_loc+0x81/0xf0 fs/ext4/inode.c:5018 ext4_read_inline_folio+0x21e/0x870 fs/ext4/inline.c:520 ext4_readpage_inline+0x23f/0x6a0 fs/ext4/inline.c:560 ext4_read_folio+0x15e/0x520 fs/ext4/readpage.c:403 filemap_read_folio+0x137/0x3b0 mm/filemap.c:2502 filemap_create_folio mm/filemap.c:2640 [inline] filemap_get_pages+0xcbb/0x1ef0 mm/filemap.c:2702 page last free pid 76 tgid 76 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] __free_pages_prepare mm/page_alloc.c:1397 [inline] free_unref_folios+0xd9f/0x14c0 mm/page_alloc.c:2999 shrink_folio_list+0x4a88/0x52a0 mm/vmscan.c:1585 evict_folios+0x4998/0x5ac0 mm/vmscan.c:4854 try_to_shrink_lruvec+0xbca/0x1050 mm/vmscan.c:5009 shrink_one+0x25c/0x710 mm/vmscan.c:5069 shrink_many mm/vmscan.c:5132 [inline] lru_gen_shrink_node mm/vmscan.c:5210 [inline] shrink_node+0x31bf/0x3ae0 mm/vmscan.c:6198 kswapd_shrink_node mm/vmscan.c:7052 [inline] balance_pgdat mm/vmscan.c:7228 [inline] kswapd+0x1736/0x2de0 mm/vmscan.c:7501 kthread+0x389/0x470 kernel/kthread.c:436 ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 Memory state around the buggy address: ffff88801fcb1180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff88801fcb1200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff88801fcb1280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ^ ffff88801fcb1300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff88801fcb1380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ==================================================================