Free memory is -8444kB above reserved lowmemorykiller: Killing 'syz-executor274' (7536) (tgid 7536), adj 1000, to free 8816kB on behalf of 'kswapd0' (33) because cache 1112kB is below limit 6144kB for oom_score_adj 0 Free memory is -10056kB above reserved INFO: rcu_preempt detected stalls on CPUs/tasks: Tasks blocked on level-0 rcu_node (CPUs 0-1): P4956 (detected by 1, t=10502 jiffies, g=1261, c=1260, q=40788) syz-executor274 R running task 26904 4956 2176 0x00000004 0000006c82a59e80 ffffffff841ca2c0 1ffff10000100da9 0000000100000005 0000000041b58ab3 ffffffff82e60a80 ffffffff81d6f5c0 ffffffff81b6e700 0000000000000020 ffff880000000020 ffff880000806e08 ffff880000806db0 Call Trace: ================================================================== BUG: KASAN: stack-out-of-bounds in get_frame_pointer arch/x86/include/asm/stacktrace.h:64 [inline] BUG: KASAN: stack-out-of-bounds in __unwind_start+0x368/0x3b0 arch/x86/kernel/unwind_frame.c:76 Read of size 8 at addr ffff880000806d50 by task syz-executor274/7539 CPU: 1 PID: 7539 Comm: syz-executor274 Not tainted 4.9.141+ #1 ffff8801db707a00 ffffffff81b42e79 ffffea0000020180 ffff880000806d50 0000000000000000 ffff880000806d50 ffff88017a21df00 ffff8801db707a38 ffffffff815009b8 ffff880000806d50 0000000000000008 0000000000000000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] print_address_description+0x6c/0x234 mm/kasan/report.c:256 [] kasan_report_error mm/kasan/report.c:355 [inline] [] kasan_report.cold.6+0x242/0x2fe mm/kasan/report.c:412 [] __asan_report_load8_noabort+0x14/0x20 mm/kasan/report.c:433 [] get_frame_pointer arch/x86/include/asm/stacktrace.h:64 [inline] [] __unwind_start+0x368/0x3b0 arch/x86/kernel/unwind_frame.c:76 [] unwind_start arch/x86/include/asm/unwind.h:39 [inline] [] show_trace_log_lvl+0x92/0x1c8 arch/x86/kernel/dumpstack.c:70 [] show_stack_log_lvl.cold.1+0x22/0xbe arch/x86/kernel/dumpstack_64.c:188 [] show_stack+0x4d/0x50 arch/x86/kernel/dumpstack.c:168 [] sched_show_task.cold.35+0x279/0x31f kernel/sched/core.c:5317 [] rcu_print_detail_task_stall_rnp+0xc2/0xfe kernel/rcu/tree_plugin.h:530 [] rcu_print_detail_task_stall kernel/rcu/tree_plugin.h:543 [inline] [] print_other_cpu_stall kernel/rcu/tree.c:1408 [inline] [] check_cpu_stall kernel/rcu/tree.c:1520 [inline] [] __rcu_pending kernel/rcu/tree.c:3487 [inline] [] rcu_pending kernel/rcu/tree.c:3551 [inline] [] rcu_check_callbacks.cold.69+0x757/0xd27 kernel/rcu/tree.c:2880 [] update_process_times+0x30/0x70 kernel/time/timer.c:1629 [] tick_sched_handle.isra.5+0x4a/0xf0 kernel/time/tick-sched.c:151 [] tick_sched_timer+0x76/0x130 kernel/time/tick-sched.c:1190 [] __run_hrtimer kernel/time/hrtimer.c:1255 [inline] [] __hrtimer_run_queues+0x357/0xe30 kernel/time/hrtimer.c:1319 [] hrtimer_interrupt+0x1b1/0x430 kernel/time/hrtimer.c:1353 [] local_apic_timer_interrupt+0x74/0xa0 arch/x86/kernel/apic/apic.c:937 [] smp_apic_timer_interrupt+0x7c/0xb0 arch/x86/kernel/apic/apic.c:961 [] apic_timer_interrupt+0x9d/0xb0 arch/x86/entry/entry_64.S:648 [] spin_unlock_irqrestore include/linux/spinlock.h:362 [inline] [] delete_from_page_cache+0xf3/0x220 mm/filemap.c:332 [] truncate_complete_page mm/truncate.c:128 [inline] [] truncate_inode_page+0x171/0x260 mm/truncate.c:167 [] shmem_undo_range+0x3f6/0x1180 mm/shmem.c:826 [] shmem_truncate_range+0x27/0xa0 mm/shmem.c:954 [] shmem_evict_inode+0x28e/0x7a0 mm/shmem.c:1049 [] evict+0x2d9/0x620 fs/inode.c:553 [] iput_final fs/inode.c:1516 [inline] [] iput+0x371/0x900 fs/inode.c:1543 [] dentry_unlink_inode+0x265/0x320 fs/dcache.c:368 [] __dentry_kill+0x322/0x5b0 fs/dcache.c:570 [] dentry_kill fs/dcache.c:611 [inline] [] dput.part.9+0x5c6/0x7a0 fs/dcache.c:828 [] dput+0x1f/0x30 fs/dcache.c:790 [] __fput+0x42f/0x700 fs/file_table.c:226 [] ____fput+0x15/0x20 fs/file_table.c:244 [] task_work_run+0x10c/0x180 kernel/task_work.c:116 [] exit_task_work include/linux/task_work.h:21 [inline] [] do_exit+0x78d/0x2a50 kernel/exit.c:833 [] do_group_exit+0x111/0x300 kernel/exit.c:937 [] get_signal+0x4e1/0x1460 kernel/signal.c:2321 [] do_signal+0x95/0x1b00 arch/x86/kernel/signal.c:807 [] exit_to_usermode_loop+0x10e/0x150 arch/x86/entry/common.c:158 [] prepare_exit_to_usermode arch/x86/entry/common.c:194 [inline] [] syscall_return_slowpath arch/x86/entry/common.c:263 [inline] [] do_syscall_64+0x3e2/0x550 arch/x86/entry/common.c:290 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb The buggy address belongs to the page: page:ffffea0000020180 count:0 mapcount:0 mapping: (null) index:0x0 flags: 0x0() page dumped because: kasan: bad access detected Memory state around the buggy address: ffff880000806c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff880000806c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff880000806d00: 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 04 f2 f2 ^ ffff880000806d80: f2 f2 f2 f2 f2 00 00 00 00 00 04 f2 f2 00 00 00 ffff880000806e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ==================================================================