================================================================== BUG: KASAN: stack-out-of-bounds in unwind_get_return_address+0x96/0xa0 arch/x86/kernel/unwind_frame.c:17 Read of size 8 at addr ffff88017952f380 by task syz-executor1/17031 CPU: 0 PID: 17031 Comm: syz-executor1 Not tainted 4.9.148+ #3 ffff88017952f130 ffffffff81b456e1 0000000000000000 ffffea0005e54bc0 ffff88017952f380 0000000000000008 ffffffff810ab576 ffff88017952f168 ffffffff815020d5 0000000000000000 ffff88017952f380 ffff88017952f380 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [] print_address_description+0x6f/0x238 mm/kasan/report.c:256 [] kasan_report_error mm/kasan/report.c:355 [inline] [] kasan_report mm/kasan/report.c:412 [inline] [] kasan_report.cold+0x8c/0x2ba mm/kasan/report.c:397 [] __asan_report_load8_noabort+0x14/0x20 mm/kasan/report.c:433 [] unwind_get_return_address+0x96/0xa0 arch/x86/kernel/unwind_frame.c:17 [] perf_callchain_kernel+0x3b0/0x540 arch/x86/events/core.c:2278 [] get_perf_callchain+0x30b/0x7e0 kernel/events/callchain.c:215 [] perf_callchain+0x153/0x1a0 kernel/events/callchain.c:188 [] perf_prepare_sample+0xa4f/0xea0 kernel/events/core.c:5967 [] __perf_event_output kernel/events/core.c:6080 [inline] [] perf_event_output_forward+0xfe/0x240 kernel/events/core.c:6098 [] __perf_event_overflow+0x121/0x330 kernel/events/core.c:7198 [] perf_swevent_overflow+0x17c/0x210 kernel/events/core.c:7274 [] perf_swevent_event+0x1ac/0x280 kernel/events/core.c:7307 [] do_perf_sw_event kernel/events/core.c:7415 [inline] [] ___perf_sw_event+0x299/0x4c0 kernel/events/core.c:7446 [] perf_sw_event_sched include/linux/perf_event.h:1057 [inline] [] perf_event_task_sched_out include/linux/perf_event.h:1095 [inline] [] prepare_task_switch kernel/sched/core.c:2757 [inline] [] context_switch kernel/sched/core.c:2919 [inline] [] __schedule+0x1150/0x1b50 kernel/sched/core.c:3498 [] preempt_schedule_irq+0x5e/0xa0 kernel/sched/core.c:3711 [] retint_kernel+0x1b/0x2d [] save_stack mm/kasan/kasan.c:511 [inline] [] set_track mm/kasan/kasan.c:517 [inline] [] kasan_kmalloc.part.0+0xc6/0xf0 mm/kasan/kasan.c:609 [] kasan_kmalloc+0xb7/0xd0 mm/kasan/kasan.c:594 [] kasan_slab_alloc+0xf/0x20 mm/kasan/kasan.c:547 [] slab_post_alloc_hook mm/slab.h:417 [inline] [] slab_alloc_node mm/slub.c:2715 [inline] [] slab_alloc mm/slub.c:2723 [inline] [] kmem_cache_alloc+0xd5/0x2b0 mm/slub.c:2728 [] getname_flags+0xcc/0x550 fs/namei.c:137 [] getname fs/namei.c:208 [inline] [] user_path_create fs/namei.c:3744 [inline] [] SYSC_mkdirat fs/namei.c:3888 [inline] [] SyS_mkdirat+0xa8/0x250 fs/namei.c:3880 [] SYSC_mkdir fs/namei.c:3907 [inline] [] SyS_mkdir+0x22/0x30 fs/namei.c:3905 [] do_syscall_64+0x1ad/0x570 arch/x86/entry/common.c:285 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb The buggy address belongs to the page: page:ffffea0005e54bc0 count:0 mapcount:0 mapping: (null) index:0x0 flags: 0x4000000000000000() page dumped because: kasan: bad access detected Memory state around the buggy address: ffff88017952f280: 00 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 ffff88017952f300: 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 f3 f3 >ffff88017952f380: f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 ^ ffff88017952f400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff88017952f480: 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 f2 f2 ==================================================================