Free memory is -13244kB above reserved lowmemorykiller: Killing 'syz-executor233' (8387) (tgid 8368), adj 1000, to free 10724kB on behalf of 'syz-executor233' (8391) because cache 680kB is below limit 6144kB for oom_score_adj 0 Free memory is -13244kB above reserved INFO: rcu_preempt detected stalls on CPUs/tasks: Tasks blocked on level-0 rcu_node (CPUs 0-1): P33 (detected by 1, t=10502 jiffies, g=2083, c=2082, q=68955) kswapd0 R running task 28288 33 2 0x80000000 0000012a82a59e80 ffffffff841ca2c0 1ffff1003b082ead 0000000100000005 0000000041b58ab3 ffffffff82e60a80 ffffffff81d6f5c0 ffffffff81b6e700 0000000000000020 ffff880100000020 ffff8801d8417628 ffff8801d84175d0 Call Trace: ================================================================== BUG: KASAN: stack-out-of-bounds in get_frame_pointer arch/x86/include/asm/stacktrace.h:64 [inline] BUG: KASAN: stack-out-of-bounds in __unwind_start+0x368/0x3b0 arch/x86/kernel/unwind_frame.c:76 Read of size 8 at addr ffff8801d8417570 by task syz-executor233/8428 CPU: 1 PID: 8428 Comm: syz-executor233 Not tainted 4.9.141+ #23 ffff8801db707a00 ffffffff81b42e79 ffffea00076105c0 ffff8801d8417570 0000000000000000 ffff8801d8417570 ffff8801d8408000 ffff8801db707a38 ffffffff815009b8 ffff8801d8417570 0000000000000008 0000000000000000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] print_address_description+0x6c/0x234 mm/kasan/report.c:256 [] kasan_report_error mm/kasan/report.c:355 [inline] [] kasan_report.cold.6+0x242/0x2fe mm/kasan/report.c:412 [] __asan_report_load8_noabort+0x14/0x20 mm/kasan/report.c:433 [] get_frame_pointer arch/x86/include/asm/stacktrace.h:64 [inline] [] __unwind_start+0x368/0x3b0 arch/x86/kernel/unwind_frame.c:76 [] unwind_start arch/x86/include/asm/unwind.h:39 [inline] [] show_trace_log_lvl+0x92/0x1c8 arch/x86/kernel/dumpstack.c:70 [] show_stack_log_lvl.cold.1+0x22/0xbe arch/x86/kernel/dumpstack_64.c:188 [] show_stack+0x4d/0x50 arch/x86/kernel/dumpstack.c:168 [] sched_show_task.cold.35+0x279/0x31f kernel/sched/core.c:5317 [] rcu_print_detail_task_stall_rnp+0xc2/0xfe kernel/rcu/tree_plugin.h:530 [] rcu_print_detail_task_stall kernel/rcu/tree_plugin.h:543 [inline] [] print_other_cpu_stall kernel/rcu/tree.c:1408 [inline] [] check_cpu_stall kernel/rcu/tree.c:1520 [inline] [] __rcu_pending kernel/rcu/tree.c:3487 [inline] [] rcu_pending kernel/rcu/tree.c:3551 [inline] [] rcu_check_callbacks.cold.69+0x757/0xd27 kernel/rcu/tree.c:2880 [] update_process_times+0x30/0x70 kernel/time/timer.c:1629 [] tick_sched_handle.isra.5+0x4a/0xf0 kernel/time/tick-sched.c:151 [] tick_sched_timer+0x76/0x130 kernel/time/tick-sched.c:1190 [] __run_hrtimer kernel/time/hrtimer.c:1255 [inline] [] __hrtimer_run_queues+0x357/0xe30 kernel/time/hrtimer.c:1319 [] hrtimer_interrupt+0x1b1/0x430 kernel/time/hrtimer.c:1353 [] local_apic_timer_interrupt+0x74/0xa0 arch/x86/kernel/apic/apic.c:937 [] smp_apic_timer_interrupt+0x7c/0xb0 arch/x86/kernel/apic/apic.c:961 [] apic_timer_interrupt+0x9d/0xb0 arch/x86/entry/entry_64.S:648 [] rcu_lock_release include/linux/rcupdate.h:498 [inline] [] rcu_read_unlock include/linux/rcupdate.h:931 [inline] [] find_lock_task_mm+0x15b/0x270 mm/oom_kill.c:122 [] lowmem_scan+0x34f/0xaf0 drivers/staging/android/lowmemorykiller.c:134 [] do_shrink_slab mm/vmscan.c:398 [inline] [] shrink_slab.part.8+0x3c6/0xa00 mm/vmscan.c:501 [] shrink_slab mm/vmscan.c:465 [inline] [] shrink_node+0x1ed/0x740 mm/vmscan.c:2602 [] shrink_zones mm/vmscan.c:2749 [inline] [] do_try_to_free_pages mm/vmscan.c:2791 [inline] [] try_to_free_pages+0x377/0xb80 mm/vmscan.c:3002 [] __perform_reclaim mm/page_alloc.c:3324 [inline] [] __alloc_pages_direct_reclaim mm/page_alloc.c:3345 [inline] [] __alloc_pages_slowpath mm/page_alloc.c:3697 [inline] [] __alloc_pages_nodemask+0x981/0x1bd0 mm/page_alloc.c:3862 [] __alloc_pages include/linux/gfp.h:433 [inline] [] __alloc_pages_node include/linux/gfp.h:446 [inline] [] alloc_pages_node include/linux/gfp.h:460 [inline] [] shmem_alloc_page mm/shmem.c:1420 [inline] [] shmem_alloc_and_acct_page mm/shmem.c:1450 [inline] [] shmem_getpage_gfp+0xc7c/0x18f0 mm/shmem.c:1724 [] shmem_fault+0x222/0x6d0 mm/shmem.c:1959 [] __do_fault+0x223/0x500 mm/memory.c:2833 [] do_read_fault mm/memory.c:3180 [inline] [] do_fault mm/memory.c:3315 [inline] [] handle_pte_fault mm/memory.c:3516 [inline] [] __handle_mm_fault mm/memory.c:3603 [inline] [] handle_mm_fault+0x1326/0x2350 mm/memory.c:3640 [] faultin_page mm/gup.c:386 [inline] [] __get_user_pages+0x446/0xf80 mm/gup.c:588 [] populate_vma_page_range+0x19a/0x230 mm/gup.c:1106 [] __mm_populate+0x1d7/0x320 mm/gup.c:1154 [] mm_populate include/linux/mm.h:2041 [inline] [] vm_mmap_pgoff+0x195/0x1b0 mm/util.c:333 [] SYSC_mmap_pgoff mm/mmap.c:1555 [inline] [] SyS_mmap_pgoff+0x152/0x1b0 mm/mmap.c:1513 [] do_syscall_32_irqs_on arch/x86/entry/common.c:328 [inline] [] do_fast_syscall_32+0x2f1/0xa10 arch/x86/entry/common.c:390 [] entry_SYSENTER_compat+0x90/0xa2 arch/x86/entry/entry_64_compat.S:137 The buggy address belongs to the page: page:ffffea00076105c0 count:0 mapcount:0 mapping: (null) index:0x0 flags: 0x4000000000000000() page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8801d8417400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff8801d8417480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff8801d8417500: 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 ^ ffff8801d8417580: f1 04 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 04 f2 ffff8801d8417600: f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ==================================================================