==================================================================
kasan: CONFIG_KASAN_INLINE enabled
BUG: KASAN: stack-out-of-bounds in locks_inode include/linux/fs.h:1061 [inline]
BUG: KASAN: stack-out-of-bounds in locks_remove_posix+0x787/0x890 fs/locks.c:2468
kasan: GPF could be caused by NULL-ptr deref or user memory access
Read of size 8 at addr ffff8801b7644e18 by task syz-executor473/4469
general protection fault: 0000 [#1] SMP KASAN
CPU: 1 PID: 4469 Comm: syz-executor473 Not tainted 4.18.0-rc3+ #58
CPU: 0 PID: 17562 Comm: syz-executor473 Not tainted 4.18.0-rc3+ #58
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__read_seqcount_begin include/linux/seqlock.h:113 [inline]
RIP: 0010:raw_read_seqcount_begin include/linux/seqlock.h:148 [inline]
RIP: 0010:hrtimer_active+0x1fb/0x440 kernel/time/hrtimer.c:1327
Call Trace:
Code:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113
ff
80
38
00
0f
print_address_description+0x6c/0x20b mm/kasan/report.c:256
85
f3
kasan_report_error mm/kasan/report.c:354 [inline]
kasan_report.cold.7+0x242/0x2fe mm/kasan/report.c:412
01
__asan_report_load8_noabort+0x14/0x20 mm/kasan/report.c:433
00
locks_inode include/linux/fs.h:1061 [inline]
locks_remove_posix+0x787/0x890 fs/locks.c:2468
00 48
8b
85
f0 fe
ff
ff 4c
8d
6b
10
48
89
9d
58
ff
ff
ff
c6
filp_close+0x1bb/0x250 fs/open.c:1182
00
f8
4c
89
close_files fs/file.c:388 [inline]
put_files_struct+0x26f/0x3a0 fs/file.c:416
e8
48
c1
e8
exit_files+0x83/0xb0 fs/file.c:445
03
do_exit+0xf61/0x2750 kernel/exit.c:860
41
c6
06
04
<42>
0f
b6
14
38
4c
89
e8
83
e0
07
83
c0
03
38
d0
7c
08
84
d2
0f
85
RSP: 0018:ffff8801dae07850 EFLAGS: 00010002
RAX: 0000000000000002 RBX: 0000000000000000 RCX: ffffffff8158c5a9
RDX: 0000000000010000 RSI: ffffffff816a4140 RDI: ffff8801b688e3d0
RBP: ffff8801dae07990 R08: ffff8801dae07968 R09: fffffbfff02be35c
R10: fffffbfff02be35d R11: ffffffff815f1aeb R12: ffff8801b688d730
R13: 0000000000000010 R14: ffffed003b5c0f15 R15: dffffc0000000000
FS: 00000000024e2880(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f8e1116ce78 CR3: 00000001c4e12000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<IRQ>
do_group_exit+0x177/0x440 kernel/exit.c:968
entity_tick kernel/sched/fair.c:4520 [inline]
task_tick_fair+0x60/0x320 kernel/sched/fair.c:9934
get_signal+0x88e/0x1970 kernel/signal.c:2468
scheduler_tick+0x18b/0x430 kernel/sched/core.c:3087
do_signal+0x9c/0x21c0 arch/x86/kernel/signal.c:816
update_process_times+0x51/0x70 kernel/time/timer.c:1641
tick_sched_handle+0x9f/0x180 kernel/time/tick-sched.c:164
tick_sched_timer+0x45/0x130 kernel/time/tick-sched.c:1274
__run_hrtimer kernel/time/hrtimer.c:1398 [inline]
__hrtimer_run_queues+0x3eb/0x10c0 kernel/time/hrtimer.c:1460
exit_to_usermode_loop+0x2e0/0x370 arch/x86/entry/common.c:162
prepare_exit_to_usermode+0x342/0x3b0 arch/x86/entry/common.c:197
hrtimer_interrupt+0x2f3/0x750 kernel/time/hrtimer.c:1518
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1025 [inline]
smp_apic_timer_interrupt+0x165/0x730 arch/x86/kernel/apic/apic.c:1050
retint_user+0x8/0x18
RIP: 0033:lock_acquire+0x1e4/0x540 kernel/locking/lockdep.c:3924
Code:
10
49
c1
e9
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:863
09
</IRQ>
41
Modules linked in:
57
49 83 f1
Dumping ftrace buffer:
01
(ftrace buffer empty)
48
---[ end trace e84c0149ab776256 ]---
8b
RIP: 0010:__read_seqcount_begin include/linux/seqlock.h:113 [inline]
RIP: 0010:raw_read_seqcount_begin include/linux/seqlock.h:148 [inline]
RIP: 0010:hrtimer_active+0x1fb/0x440 kernel/time/hrtimer.c:1327
bd
Code:
30 ff
ff
ff
80
ff
38
8b
00
b5
0f
2c
85
ff
f3
ff
01
ff
00
41
00
83
48
e1
8b
01
85
65
f0 fe
4c
ff
8b
ff
24
4c
25
8d
40
6b
ee
10
01
48
00
89
e8
9d
dc
58
8e
ff
ff
ff
ff
ff
<49>
c6
8d
00
bc
f8
24
4c
34
89
08
e8
00
48
00
c1 e8
48
03
b8
41
00
c6
00
06
00 00
04
00
<42>
fc
0f
ff
b6
df 48
14
89
38
fa
4c 89
48
e8
83
RSP: 002b:00007ffe727cd790 EFLAGS: 00010217
e0
07
RAX: 0000000000000000 RBX: 00007ffe727cd8c0 RCX: 0000000000473990
83
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007ffe727cd790
c0
RBP: 0000000000001eb0 R08: 0000000000000001 R09: 00000000024e2880
03
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000001eb0
38 d0
R13: 00000000000233be R14: 00007ffe727cd8e8 R15: 0000000000000003
7c
08
Allocated by task 4466:
84
save_stack+0x43/0xd0 mm/kasan/kasan.c:448
d2
set_track mm/kasan/kasan.c:460 [inline]
kasan_kmalloc+0xc4/0xe0 mm/kasan/kasan.c:553
0f
kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:490
85
kmem_cache_alloc+0x12e/0x760 mm/slab.c:3554
__d_alloc+0xc8/0xd50 fs/dcache.c:1616
RSP: 0018:ffff8801dae07850 EFLAGS: 00010002
d_alloc_pseudo+0x1d/0x30 fs/dcache.c:1744
create_pipe_files+0x42c/0x950 fs/pipe.c:753
RAX: 0000000000000002 RBX: 0000000000000000 RCX: ffffffff8158c5a9
__do_pipe_flags+0x45/0x250 fs/pipe.c:802
RDX: 0000000000010000 RSI: ffffffff816a4140 RDI: ffff8801b688e3d0
do_pipe2+0x9d/0x310 fs/pipe.c:850
RBP: ffff8801dae07990 R08: ffff8801dae07968 R09: fffffbfff02be35c
__do_sys_pipe fs/pipe.c:873 [inline]
__se_sys_pipe fs/pipe.c:871 [inline]
__x64_sys_pipe+0x33/0x40 fs/pipe.c:871
R10: fffffbfff02be35d R11: ffffffff815f1aeb R12: ffff8801b688d730
do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
R13: 0000000000000010 R14: ffffed003b5c0f15 R15: dffffc0000000000
entry_SYSCALL_64_after_hwframe+0x49/0xbe
FS: 00000000024e2880(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f8e1116ce78 CR3: 00000001c4e12000 CR4: 00000000001406f0
Freed by task 0:
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
(stack is not available)
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400