================================================================== BUG: KASAN: use-after-free in schedule_debug kernel/sched/core.c:3883 [inline] BUG: KASAN: use-after-free in __schedule+0xf6/0x1700 kernel/sched/core.c:4016 Read of size 8 at addr ffff8881d66c8000 by task syz-executor.1/13804 CPU: 0 PID: 13804 Comm: syz-executor.1 Tainted: G W 5.4.24-syzkaller-00181-g3334f0da669e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1b0/0x228 lib/dump_stack.c:118 print_address_description+0x96/0x5d0 mm/kasan/report.c:374 __kasan_report+0x14b/0x1c0 mm/kasan/report.c:506 kasan_report+0x26/0x50 mm/kasan/common.c:634 __asan_report_load8_noabort+0x14/0x20 mm/kasan/generic_report.c:132 schedule_debug kernel/sched/core.c:3883 [inline] __schedule+0xf6/0x1700 kernel/sched/core.c:4016 preempt_schedule_common kernel/sched/core.c:4232 [inline] preempt_schedule+0xcd/0x110 kernel/sched/core.c:4257 ___preempt_schedule+0x16/0x20 arch/x86/entry/thunk_64.S:50 try_to_wake_up+0x1686/0x2190 kernel/sched/core.c:2651 wake_up_process kernel/sched/core.c:2669 [inline] wake_up_q+0x84/0xb0 kernel/sched/core.c:496 futex_wake+0x7c5/0xa20 kernel/futex.c:1696 do_futex+0x245a/0x3f90 kernel/futex.c:3886 __do_sys_futex kernel/futex.c:3942 [inline] __se_sys_futex+0x31d/0x440 kernel/futex.c:3910 __x64_sys_futex+0xe5/0x100 kernel/futex.c:3910 do_syscall_64+0xc0/0x100 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x45c4a9 Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f5327649cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: ffffffffffffffda RBX: 000000000076bfc8 RCX: 000000000045c4a9 RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 000000000076bfcc RBP: 000000000076bfc0 R08: 000000000000000e R09: 0000000000000000 R10: ffffffffffffffff R11: 0000000000000246 R12: 000000000076bfcc R13: 00007ffe5f8116ef R14: 00007f532764a9c0 R15: 000000000076bfcc The buggy address belongs to the page: page:ffffea000759b200 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0 flags: 0x8000000000000000() raw: 8000000000000000 ffffea00060bd108 ffff8881dba357f0 0000000000000000 raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8881d66c7f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff8881d66c7f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff8881d66c8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff8881d66c8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff8881d66c8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ==================================================================