syzbot

audit: type=1400 audit(1598467681.155:8): avc:  denied  { execmem } for  pid=6348 comm="syz-executor659" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 0 PID: 6348 Comm: syz-executor659 Not tainted 4.14.195-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff88809ef20600 task.stack: ffff888098270000
RIP: 0010:__rb_erase_augmented include/linux/rbtree_augmented.h:167 [inline]
RIP: 0010:rb_erase+0x29/0x1290 lib/rbtree.c:459
RSP: 0018:ffff888098277a68 EFLAGS: 00010292
RAX: dffffc0000000000 RBX: ffff888089abd1f0 RCX: 1ffff1101304ef27
RDX: 0000000000000001 RSI: ffffffff8a677fa0 RDI: 0000000000000008
RBP: 0000000000000000 R08: ffffffff8a1140fc R09: 0000000000001e68
R10: 0000000000000001 R11: ffff88809ef20600 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff888089abf3f8 R15: ffffffff8a677fa0
FS:  0000000002455880(0000) GS:ffff8880aea00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000100 CR3: 00000000a785d000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 integrity_inode_free+0x119/0x300 security/integrity/iint.c:146
 security_inode_free+0x14/0x80 security/security.c:443
 __destroy_inode+0x1e8/0x4d0 fs/inode.c:238
 destroy_inode+0x49/0x110 fs/inode.c:265
 iput_final fs/inode.c:1524 [inline]
 iput+0x458/0x7e0 fs/inode.c:1551
 swap_inode_boot_loader fs/ext4/ioctl.c:197 [inline]
 ext4_ioctl+0x16c5/0x3870 fs/ext4/ioctl.c:924
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
 SYSC_ioctl fs/ioctl.c:701 [inline]
 SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x440239
RSP: 002b:00007ffe8899af48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440239
RDX: 0000000000000000 RSI: 0000000000006611 RDI: 0000000000000003
RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401a40
R13: 0000000000401ad0 R14: 0000000000000000 R15: 0000000000000000
Code: ff ff 48 b8 00 00 00 00 00 fc ff df 41 57 49 89 f7 41 56 41 55 41 54 49 89 fc 48 83 c7 08 48 89 fa 55 48 c1 ea 03 53 48 83 ec 18 <80> 3c 02 00 0f 85 f2 0c 00 00 49 8d 7c 24 10 4d 8b 74 24 08 48 
RIP: __rb_erase_augmented include/linux/rbtree_augmented.h:167 [inline] RSP: ffff888098277a68
RIP: rb_erase+0x29/0x1290 lib/rbtree.c:459 RSP: ffff888098277a68
---[ end trace 2feb962b3695b994 ]---