================================================================== BUG: KASAN: stack-out-of-bounds in unwind_get_return_address+0x96/0xa0 arch/x86/kernel/unwind_frame.c:17 Read of size 8 at addr ffff8801a108f200 by task syz-executor4/8024 CPU: 0 PID: 8024 Comm: syz-executor4 Not tainted 4.9.148+ #3 ffff8801a108efb0 ffffffff81b456e1 0000000000000000 ffffea00068423c0 ffff8801a108f200 0000000000000008 ffffffff810ab576 ffff8801a108efe8 ffffffff815020d5 0000000000000000 ffff8801a108f200 ffff8801a108f200 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [] print_address_description+0x6f/0x238 mm/kasan/report.c:256 [] kasan_report_error mm/kasan/report.c:355 [inline] [] kasan_report mm/kasan/report.c:412 [inline] [] kasan_report.cold+0x8c/0x2ba mm/kasan/report.c:397 [] __asan_report_load8_noabort+0x14/0x20 mm/kasan/report.c:433 [] unwind_get_return_address+0x96/0xa0 arch/x86/kernel/unwind_frame.c:17 [] perf_callchain_kernel+0x3b0/0x540 arch/x86/events/core.c:2278 [] get_perf_callchain+0x30b/0x7e0 kernel/events/callchain.c:215 [] perf_callchain+0x153/0x1a0 kernel/events/callchain.c:188 [] perf_prepare_sample+0xa4f/0xea0 kernel/events/core.c:5967 [] __perf_event_output kernel/events/core.c:6080 [inline] [] perf_event_output_forward+0xfe/0x240 kernel/events/core.c:6098 [] __perf_event_overflow+0x121/0x330 kernel/events/core.c:7198 [] perf_swevent_overflow+0x17c/0x210 kernel/events/core.c:7274 [] perf_swevent_event+0x1ac/0x280 kernel/events/core.c:7307 [] do_perf_sw_event kernel/events/core.c:7415 [inline] [] ___perf_sw_event+0x299/0x4c0 kernel/events/core.c:7446 [] perf_sw_event_sched include/linux/perf_event.h:1057 [inline] [] perf_event_task_sched_out include/linux/perf_event.h:1095 [inline] [] prepare_task_switch kernel/sched/core.c:2757 [inline] [] context_switch kernel/sched/core.c:2919 [inline] [] __schedule+0x1150/0x1b50 kernel/sched/core.c:3498 [] preempt_schedule_common+0x4f/0xe0 kernel/sched/core.c:3608 [] preempt_schedule+0x26/0x30 kernel/sched/core.c:3634 [] ___preempt_schedule+0x16/0x18 [] __lru_cache_add+0x1ed/0x250 mm/swap.c:398 [] lru_cache_add_anon+0xa4/0xf0 mm/swap.c:409 [] shmem_getpage_gfp+0x9d1/0x1b00 mm/shmem.c:1784 [] shmem_getpage mm/shmem.c:123 [inline] [] shmem_write_begin+0xf8/0x1a0 mm/shmem.c:2212 [] generic_perform_write+0x24a/0x500 mm/filemap.c:2753 [] __generic_file_write_iter+0x340/0x530 mm/filemap.c:2878 [] generic_file_write_iter+0x38a/0x630 mm/filemap.c:2906 [] new_sync_write fs/read_write.c:496 [inline] [] __vfs_write+0x3c1/0x560 fs/read_write.c:509 [] vfs_write+0x185/0x520 fs/read_write.c:557 [] SYSC_write fs/read_write.c:604 [inline] [] SyS_write+0xdc/0x1c0 fs/read_write.c:596 [] do_syscall_64+0x1ad/0x570 arch/x86/entry/common.c:285 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb The buggy address belongs to the page: page:ffffea00068423c0 count:0 mapcount:0 mapping: (null) index:0x0 flags: 0x4000000000000000() page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8801a108f100: 00 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 ffff8801a108f180: 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 f3 f3 >ffff8801a108f200: f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 ^ ffff8801a108f280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff8801a108f300: 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 f2 f2 ==================================================================