================================================================== BUG: KASAN: stack-out-of-bounds in __read_once_size include/linux/compiler.h:183 [inline] BUG: KASAN: stack-out-of-bounds in update_stack_state+0x522/0x590 arch/x86/kernel/unwind_frame.c:270 Read of size 8 at addr ffff888052bb7378 by task syz-executor.3/13255 CPU: 0 PID: 13255 Comm: syz-executor.3 Not tainted 4.14.166-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x142/0x197 lib/dump_stack.c:58 print_address_description.cold+0x7c/0x1dc mm/kasan/report.c:252 kasan_report_error mm/kasan/report.c:351 [inline] kasan_report mm/kasan/report.c:409 [inline] kasan_report.cold+0xa9/0x2af mm/kasan/report.c:393 __asan_report_load8_noabort+0x14/0x20 mm/kasan/report.c:430 __read_once_size include/linux/compiler.h:183 [inline] update_stack_state+0x522/0x590 arch/x86/kernel/unwind_frame.c:270 __unwind_start+0x189/0x3d0 arch/x86/kernel/unwind_frame.c:423 unwind_start arch/x86/include/asm/unwind.h:60 [inline] perf_callchain_kernel+0x26e/0x510 arch/x86/events/core.c:2342 get_perf_callchain+0x30a/0x7c0 kernel/events/callchain.c:217 perf_callchain+0x14e/0x1a0 kernel/events/callchain.c:190 perf_prepare_sample+0x77c/0x1350 kernel/events/core.c:6143 __perf_event_output kernel/events/core.c:6259 [inline] perf_event_output_forward+0xe7/0x200 kernel/events/core.c:6277 __perf_event_overflow+0x11e/0x330 kernel/events/core.c:7515 perf_swevent_overflow+0x17c/0x210 kernel/events/core.c:7591 perf_swevent_event+0x1ac/0x280 kernel/events/core.c:7624 do_perf_sw_event kernel/events/core.c:7732 [inline] ___perf_sw_event+0x295/0x470 kernel/events/core.c:7763 perf_sw_event_sched include/linux/perf_event.h:1063 [inline] perf_event_task_sched_out include/linux/perf_event.h:1101 [inline] prepare_task_switch kernel/sched/core.c:2601 [inline] context_switch kernel/sched/core.c:2773 [inline] __schedule+0xcc0/0x1cd0 kernel/sched/core.c:3384 schedule+0x92/0x1c0 kernel/sched/core.c:3428 freezable_schedule include/linux/freezer.h:172 [inline] futex_wait_queue_me+0x2ec/0x5a0 kernel/futex.c:2705 futex_wait+0x1f9/0x580 kernel/futex.c:2820 do_futex+0x14a/0x19e0 kernel/futex.c:3903 SYSC_futex kernel/futex.c:3963 [inline] SyS_futex+0x215/0x310 kernel/futex.c:3931 do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x45b349 RSP: 002b:00007fbe8e748cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: ffffffffffffffda RBX: 000000000075bf28 RCX: 000000000045b349 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000075bf28 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075bf2c R13: 00007ffe34d1b7df R14: 00007fbe8e7499c0 R15: 000000000075bf2c The buggy address belongs to the page: page:ffffea00014aedc0 count:0 mapcount:0 mapping: (null) index:0x0 flags: 0xfffe0000000000() raw: 00fffe0000000000 0000000000000000 0000000000000000 00000000ffffffff raw: 0000000000000000 0000000100000001 0000000000000000 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff888052bb7200: 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00 ffff888052bb7280: 00 00 00 00 00 00 f3 f3 f3 f3 00 00 00 00 00 00 >ffff888052bb7300: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 f3 ^ ffff888052bb7380: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 ffff888052bb7400: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 ==================================================================