================================================================== BUG: KASAN: stack-out-of-bounds in deref_stack_regs arch/x86/kernel/unwind_orc.c:376 [inline] BUG: KASAN: stack-out-of-bounds in unwind_next_frame+0x19a4/0x1df0 arch/x86/kernel/unwind_orc.c:547 Read of size 8 at addr ffffc90001ce70f0 by task syz-executor.2/7764 CPU: 1 PID: 7764 Comm: syz-executor.2 Not tainted 5.7.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x188/0x20d lib/dump_stack.c:118 print_address_description.constprop.0.cold+0x5/0x413 mm/kasan/report.c:383 __kasan_report mm/kasan/report.c:513 [inline] kasan_report.cold+0x1f/0x37 mm/kasan/report.c:530 deref_stack_regs arch/x86/kernel/unwind_orc.c:376 [inline] unwind_next_frame+0x19a4/0x1df0 arch/x86/kernel/unwind_orc.c:547 arch_stack_walk+0x81/0xf0 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0x8c/0xc0 kernel/stacktrace.c:123 save_stack+0x1b/0x40 mm/kasan/common.c:48 set_track mm/kasan/common.c:56 [inline] kasan_set_free_info mm/kasan/common.c:316 [inline] __kasan_slab_free+0xf7/0x140 mm/kasan/common.c:455 __cache_free mm/slab.c:3426 [inline] kmem_cache_free+0x7f/0x320 mm/slab.c:3694 mempool_free+0xe3/0x370 mm/mempool.c:502 bio_free+0xe8/0x140 block/bio.c:262 bio_put+0xcd/0x100 block/bio.c:648 iomap_dio_bio_end_io+0x1b9/0x530 fs/iomap/direct-io.c:178 bio_endio+0x46a/0x820 block/bio.c:1446 req_bio_endio block/blk-core.c:261 [inline] blk_update_request+0x694/0x1250 block/blk-core.c:1569 scsi_end_request+0x80/0x7b0 drivers/scsi/scsi_lib.c:575 scsi_io_completion+0x1e7/0x1300 drivers/scsi/scsi_lib.c:959 scsi_softirq_done+0x327/0x3c0 drivers/scsi/scsi_lib.c:1481 blk_done_softirq+0x2db/0x440 block/blk-softirq.c:37 __do_softirq+0x26c/0x9f7 kernel/softirq.c:292 invoke_softirq kernel/softirq.c:373 [inline] irq_exit+0x192/0x1d0 kernel/softirq.c:413 exiting_irq arch/x86/include/asm/apic.h:546 [inline] do_IRQ+0xda/0x270 arch/x86/kernel/irq.c:263 common_interrupt+0xf/0xf arch/x86/entry/entry_64.S:606 RIP: 0010:arch_local_save_flags arch/x86/include/asm/paravirt.h:754 [inline] RIP: 0010:arch_local_irq_save arch/x86/include/asm/paravirt.h:776 [inline] RIP: 0010:lock_is_held_type+0x8b/0x360 kernel/locking/lockdep.c:4992 Code: b1 94 89 48 ba 00 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 0f 85 7b 02 00 00 48 83 3d d4 ba ba 01 00 0f 84 02 02 00 00 9c <58> 0f 1f 44 00 00 48 ba 00 00 00 00 00 fc ff df 48 89 44 24 10 48 RSP: 0018:ffffc90001ce6f78 EFLAGS: 00000282 ORIG_RAX: ffffffffffffffdd RAX: 1ffffffff1329637 RBX: ffffffff899bdf80 RCX: 1ffffffff12c4125 RDX: dffffc0000000000 RSI: 00000000ffffffff RDI: ffff8880507dadcc RBP: ffff8880507da500 R08: ffff8880507da500 R09: ffffed1015ce7184 R10: ffff8880ae738c1b R11: ffffed1015ce7183 R12: 0000000000000140 R13: 0000000000000cc0 R14: ffff8880a7af2700 R15: ffffffff8620aa9a __alloc_skb+0xba/0x5a0 net/core/skbuff.c:198 entry_SYSCALL_64_after_hwframe+0x49/0xb3 RIP: 2026df00:mark_lock+0x0/0xdd0 Code: 51 8b 8a e8 62 ff 58 00 e9 3c ff ff ff 48 c7 c7 10 51 8b 8a e8 51 ff 58 00 eb 80 0f 1f 44 00 00 66 2e 0f 1f 84 00 00 00 00 00 <41> 57 41 56 41 55 41 54 41 89 d4 48 ba 00 00 00 00 00 fc ff df 55 RSP: 1ce7138:ffffffff814cfd19 EFLAGS: ffffc90001ce7180 ORIG_RAX: ffffffff8948fc3d RAX: 1ffff9200039ce1a RBX: 1ffff9200039ce1a RCX: 0000607f00000048 RDX: 0000000041b58ab3 RSI: ffffffff895c492a RDI: ffffffff8620a9e0 RBP: 0000000000000cc0 R08: ffffffff8620aa9a R09: ffff8880a9738c40 R10: 0000000000000000 R11: 00000000ffffffff R12: 0000000000000000 R13: ffffffff8b6f66b8 R14: ffffc90001ce7f58 R15: ffffc90001ce7f58 addr ffffc90001ce70f0 is located in stack of task syz-executor.2/7764 at offset 32 in frame: __alloc_skb+0x0/0x5a0 net/core/skbuff.c:154 this frame has 1 object: [32, 33) 'pfmemalloc' Memory state around the buggy address: ffffc90001ce6f80: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 01 f3 ffffc90001ce7000: f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffffc90001ce7080: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 01 f3 ^ ffffc90001ce7100: f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffc90001ce7180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ==================================================================