0000006682a59e80 ffffffff841ca2c0 1ffff10011f18e33 0000000100000005 0000000041b58ab3 ffffffff82e60a80 ffffffff81d6f5c0 ffffffff81b6e700 ffffffff00000020 ffff880000000020 ffff88008f8c7258 ffff88008f8c7200 Call Trace: ================================================================== BUG: KASAN: stack-out-of-bounds in get_frame_pointer arch/x86/include/asm/stacktrace.h:64 [inline] BUG: KASAN: stack-out-of-bounds in __unwind_start+0x368/0x3b0 arch/x86/kernel/unwind_frame.c:76 Read of size 8 at addr ffff88008f8c71a0 by task syz-executor.0/17400 CPU: 0 PID: 17400 Comm: syz-executor.0 Not tainted 4.9.141+ #1 ffff8801db607a00 ffffffff81b42e79 ffffea00023e31c0 ffff88008f8c71a0 0000000000000000 ffff88008f8c71a0 ffff88008ffddf00 ffff8801db607a38 ffffffff815009b8 ffff88008f8c71a0 0000000000000008 0000000000000000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] print_address_description+0x6c/0x234 mm/kasan/report.c:256 [] kasan_report_error mm/kasan/report.c:355 [inline] [] kasan_report.cold.6+0x242/0x2fe mm/kasan/report.c:412 [] __asan_report_load8_noabort+0x14/0x20 mm/kasan/report.c:433 [] get_frame_pointer arch/x86/include/asm/stacktrace.h:64 [inline] [] __unwind_start+0x368/0x3b0 arch/x86/kernel/unwind_frame.c:76 [] unwind_start arch/x86/include/asm/unwind.h:39 [inline] [] show_trace_log_lvl+0x92/0x1c8 arch/x86/kernel/dumpstack.c:70 [] show_stack_log_lvl.cold.1+0x22/0xbe arch/x86/kernel/dumpstack_64.c:188 [] show_stack+0x4d/0x50 arch/x86/kernel/dumpstack.c:168 [] sched_show_task.cold.35+0x279/0x31f kernel/sched/core.c:5317 [] rcu_print_detail_task_stall_rnp+0xc2/0xfe kernel/rcu/tree_plugin.h:530 [] rcu_print_detail_task_stall kernel/rcu/tree_plugin.h:543 [inline] [] print_other_cpu_stall kernel/rcu/tree.c:1408 [inline] [] check_cpu_stall kernel/rcu/tree.c:1520 [inline] [] __rcu_pending kernel/rcu/tree.c:3487 [inline] [] rcu_pending kernel/rcu/tree.c:3551 [inline] [] rcu_check_callbacks.cold.69+0x757/0xd27 kernel/rcu/tree.c:2880 [] update_process_times+0x30/0x70 kernel/time/timer.c:1629 [] tick_sched_handle.isra.5+0x4a/0xf0 kernel/time/tick-sched.c:151 [] tick_sched_timer+0x76/0x130 kernel/time/tick-sched.c:1190 [] __run_hrtimer kernel/time/hrtimer.c:1255 [inline] [] __hrtimer_run_queues+0x357/0xe30 kernel/time/hrtimer.c:1319 [] hrtimer_interrupt+0x1b1/0x430 kernel/time/hrtimer.c:1353 [] local_apic_timer_interrupt+0x74/0xa0 arch/x86/kernel/apic/apic.c:937 [] smp_apic_timer_interrupt+0x7c/0xb0 arch/x86/kernel/apic/apic.c:961 [] apic_timer_interrupt+0x9d/0xb0 arch/x86/entry/entry_64.S:648 [] __debug_object_init+0x485/0x970 lib/debugobjects.c:353 [] debug_object_init_on_stack+0x19/0x20 lib/debugobjects.c:381 [] init_timer_on_stack_key kernel/time/timer.c:746 [inline] [] schedule_timeout+0xe1/0xe20 kernel/time/timer.c:1792 [] io_schedule_timeout+0x1ba/0x390 kernel/sched/core.c:5176 [] congestion_wait+0xf8/0x470 mm/backing-dev.c:963 [] shrink_inactive_list+0x8f1/0xca0 mm/vmscan.c:1752 [] shrink_list mm/vmscan.c:2094 [inline] [] shrink_node_memcg.isra.19+0xa44/0x12e0 mm/vmscan.c:2377 [] shrink_node+0x17d/0x740 mm/vmscan.c:2567 [] shrink_zones mm/vmscan.c:2749 [inline] [] do_try_to_free_pages mm/vmscan.c:2791 [inline] [] try_to_free_pages+0x377/0xb80 mm/vmscan.c:3002 [] __perform_reclaim mm/page_alloc.c:3324 [inline] [] __alloc_pages_direct_reclaim mm/page_alloc.c:3345 [inline] [] __alloc_pages_slowpath mm/page_alloc.c:3697 [inline] [] __alloc_pages_nodemask+0x981/0x1bd0 mm/page_alloc.c:3862 [] __alloc_pages include/linux/gfp.h:433 [inline] [] __alloc_pages_node include/linux/gfp.h:446 [inline] [] alloc_slab_page mm/slub.c:1408 [inline] [] allocate_slab mm/slub.c:1549 [inline] [] new_slab+0x97/0x3d0 mm/slub.c:1635 [] new_slab_objects mm/slub.c:2419 [inline] [] ___slab_alloc.constprop.33+0x2ed/0x470 mm/slub.c:2576 [] __slab_alloc.isra.25.constprop.32+0x50/0xa0 mm/slub.c:2618 [] slab_alloc_node mm/slub.c:2681 [inline] [] slab_alloc mm/slub.c:2723 [inline] [] kmem_cache_alloc+0x212/0x2b0 mm/slub.c:2728 [] anon_vma_chain_alloc mm/rmap.c:125 [inline] [] anon_vma_clone+0x22a/0x4b0 mm/rmap.c:270 [] anon_vma_fork+0x87/0x4a0 mm/rmap.c:329 [] dup_mmap kernel/fork.c:628 [inline] [] dup_mm kernel/fork.c:1156 [inline] [] copy_mm kernel/fork.c:1210 [inline] [] copy_process.part.8+0x42a9/0x6a10 kernel/fork.c:1692 [] copy_process kernel/fork.c:1505 [inline] [] _do_fork+0x1b2/0xd30 kernel/fork.c:1972 [] sys_fork+0x1f/0x30 kernel/fork.c:2044 [] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb The buggy address belongs to the page: page:ffffea00023e31c0 count:0 mapcount:0 mapping: (null) index:0x0 flags: 0x0() page dumped because: kasan: bad access detected Memory state around the buggy address: ffff88008f8c7080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff88008f8c7100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff88008f8c7180: 00 00 00 f1 f1 f1 f1 04 f2 f2 f2 f2 f2 f2 f2 00 ^ ffff88008f8c7200: 00 00 00 00 04 f2 f2 00 00 00 00 00 00 00 00 00 ffff88008f8c7280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ==================================================================