stack segment: 0000 [#1] PREEMPT SMP KASAN CPU: 0 PID: 5391 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-g213f891525c2 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 RIP: 0010:find_stack lib/stackdepot.c:350 [inline] RIP: 0010:__stack_depot_save+0x15e/0x510 lib/stackdepot.c:390 Code: 29 c0 89 c3 48 8b 05 f9 9e ff 0d 89 d9 23 0d e9 9e ff 0d 48 8d 0c c8 48 8b 29 48 85 ed 75 0b eb 70 48 8b 6d 00 48 85 ed 74 67 <39> 5d 08 75 f2 44 3b 7d 0c 75 ec 31 c0 48 8b 74 c5 18 49 39 34 c6 RSP: 0018:ffffc90004cbf9d8 EFLAGS: 00010206 RAX: ffff88823b400000 RBX: 0000000076c81197 RCX: ffff88823b808cb8 RDX: 000000000000000e RSI: 0000000000000001 RDI: 000000004ed08e1c RBP: 4c8b480000441f0f R08: 0000000071907768 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001 R13: 0000000000000000 R14: ffffc90004cbfa40 R15: 000000000000000e FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005555e97f2a70 CR3: 000000000c976000 CR4: 0000000000350ef0 Call Trace: kasan_save_stack+0x43/0x50 mm/kasan/common.c:46 kasan_set_track+0x25/0x30 mm/kasan/common.c:52 kasan_save_free_info+0x2b/0x40 mm/kasan/generic.c:522 ____kasan_slab_free mm/kasan/common.c:236 [inline] ____kasan_slab_free+0x15b/0x1b0 mm/kasan/common.c:200 kasan_slab_free include/linux/kasan.h:164 [inline] slab_free_hook mm/slub.c:1800 [inline] slab_free_freelist_hook+0x114/0x1e0 mm/slub.c:1826 slab_free mm/slub.c:3809 [inline] __kmem_cache_free+0xb8/0x2f0 mm/slub.c:3822 kvfree+0x47/0x50 mm/util.c:653 __free_fdtable fs/file.c:36 [inline] put_files_struct fs/file.c:451 [inline] put_files_struct+0x284/0x360 fs/file.c:444 exit_files+0x82/0xb0 fs/file.c:464 do_exit+0xa5e/0x2a20 kernel/exit.c:869 do_group_exit+0xd4/0x2a0 kernel/exit.c:1024 __do_sys_exit_group kernel/exit.c:1035 [inline] __se_sys_exit_group kernel/exit.c:1033 [inline] __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1033 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f6592e7c959 Code: Unable to access opcode bytes at 0x7f6592e7c92f. RSP: 002b:00007fff425cd138 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00007f6592e7c959 RDX: 00007f6592ea7d75 RSI: 0000000000000000 RDI: 000000000000000b RBP: 00007fff425cd7fc R08: 0000000000000001 R09: 000000000000000b R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000032 R13: 00000000000145d7 R14: 00000000000145d7 R15: 0000000000000000 Modules linked in: ---------------- Code disassembly (best guess): 0: 29 c0 sub %eax,%eax 2: 89 c3 mov %eax,%ebx 4: 48 8b 05 f9 9e ff 0d mov 0xdff9ef9(%rip),%rax # 0xdff9f04 b: 89 d9 mov %ebx,%ecx d: 23 0d e9 9e ff 0d and 0xdff9ee9(%rip),%ecx # 0xdff9efc 13: 48 8d 0c c8 lea (%rax,%rcx,8),%rcx 17: 48 8b 29 mov (%rcx),%rbp 1a: 48 85 ed test %rbp,%rbp 1d: 75 0b jne 0x2a 1f: eb 70 jmp 0x91 21: 48 8b 6d 00 mov 0x0(%rbp),%rbp 25: 48 85 ed test %rbp,%rbp 28: 74 67 je 0x91 * 2a: 39 5d 08 cmp %ebx,0x8(%rbp) <-- trapping instruction 2d: 75 f2 jne 0x21 2f: 44 3b 7d 0c cmp 0xc(%rbp),%r15d 33: 75 ec jne 0x21 35: 31 c0 xor %eax,%eax 37: 48 8b 74 c5 18 mov 0x18(%rbp,%rax,8),%rsi 3c: 49 39 34 c6 cmp %rsi,(%r14,%rax,8)