BUG: unable to handle kernel NULL pointer dereference at 00000000000000fc
IP: qlink_to_object mm/kasan/quarantine.c:136 [inline]
IP: qlink_free mm/kasan/quarantine.c:141 [inline]
IP: qlist_free_all+0x28/0x140 mm/kasan/quarantine.c:166
PGD 0 P4D 0
Oops: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 0 PID: 28267 Comm: systemd-udevd Not tainted 4.14.181-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff88808fd5c4c0 task.stack: ffff888088060000
RIP: 0010:qlink_to_object mm/kasan/quarantine.c:136 [inline]
RIP: 0010:qlink_free mm/kasan/quarantine.c:141 [inline]
RIP: 0010:qlist_free_all+0x28/0x140 mm/kasan/quarantine.c:166
RSP: 0018:ffff888088067ca0 EFLAGS: 00010246
RAX: ffffea0000000000 RBX: ffff888000000000 RCX: ffffea000000001f
RDX: 0000000000000000 RSI: ffff88808fd5cd48 RDI: ffff888000000000
Cannot find set identified by id 0 to match
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff888000000000
R13: ffff888088067cd8 R14: 0000000000000000 R15: 0000000000000286
FS: 00007f4fd622d8c0(0000) GS:ffff8880aea00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000000000fc CR3: 00000000a0841000 CR4: 00000000001426f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
quarantine_reduce+0x140/0x170 mm/kasan/quarantine.c:259
kasan_kmalloc+0x95/0xe0 mm/kasan/kasan.c:536
slab_post_alloc_hook mm/slab.h:442 [inline]
slab_alloc mm/slab.c:3390 [inline]
kmem_cache_alloc+0x114/0x770 mm/slab.c:3550
getname_flags fs/namei.c:138 [inline]
getname_flags+0xc8/0x560 fs/namei.c:128
getname fs/namei.c:209 [inline]
do_unlinkat+0x9e/0x5d0 fs/namei.c:4065
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x7f4fd50a20e7
RSP: 002b:00007ffc9ee1fe28 EFLAGS: 00000246 ORIG_RAX: 0000000000000057
RAX: ffffffffffffffda RBX: 000055f101d17390 RCX: 00007f4fd50a20e7
RDX: 00007ffc9ee1fd00 RSI: 00007ffc9ee1fd00 RDI: 00007ffc9ee1fe30
RBP: 0000000000000afa R08: 00000000000001c0 R09: 0000000000000014
R10: 00007ffc9ee1fe00 R11: 0000000000000246 R12: 00007ffc9ee1fe30
R13: 000055f101d17390 R14: 0000000000000003 R15: 000000000000000e
Code: eb d6 90 41 57 41 56 41 55 41 54 55 53 48 8b 1f 48 85 db 0f 84 08 01 00 00 48 89 f5 49 89 fd 48 85 ed 49 89 ee 0f 84 8b 00 00 00 <49> 63 86 fc 00 00 00 4c 8b 23 48 29 c3 48 83 3d b3 a6 4d 06 00
RIP: qlink_to_object mm/kasan/quarantine.c:136 [inline] RSP: ffff888088067ca0
RIP: qlink_free mm/kasan/quarantine.c:141 [inline] RSP: ffff888088067ca0
RIP: qlist_free_all+0x28/0x140 mm/kasan/quarantine.c:166 RSP: ffff888088067ca0
CR2: 00000000000000fc
BUG: unable to handle kernel NULL pointer dereference at 00000000000000fc
IP: qlink_to_object mm/kasan/quarantine.c:136 [inline]
IP: qlink_free mm/kasan/quarantine.c:141 [inline]
IP: qlist_free_all+0x28/0x140 mm/kasan/quarantine.c:166
PGD 9560b067 P4D 9560b067 PUD 9f5d4067 PMD 0
Oops: 0000 [#2] PREEMPT SMP KASAN
Modules linked in:
CPU: 0 PID: 28278 Comm: syz-executor.2 Tainted: G D 4.14.181-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff888058488280 task.stack: ffff888058060000
RIP: 0010:qlink_to_object mm/kasan/quarantine.c:136 [inline]
RIP: 0010:qlink_free mm/kasan/quarantine.c:141 [inline]
RIP: 0010:qlist_free_all+0x28/0x140 mm/kasan/quarantine.c:166
RSP: 0018:ffff8880580678f8 EFLAGS: 00010246
RAX: ffffea0000000000 RBX: ffff888000000000 RCX: ffffea000000001f
RDX: 0000000000000000 RSI: ffffffff8129cb93 RDI: ffff888000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: ffff88812fffb000 R11: ffffea0000004a20 R12: ffff888000000000
R13: ffff888058067930 R14: 0000000000000000 R15: 0000000000000286
FS: 00007f234f71c700(0000) GS:ffff8880aea00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000000000fc CR3: 00000000a9201000 CR4: 00000000001426f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
quarantine_reduce+0x140/0x170 mm/kasan/quarantine.c:259
kasan_kmalloc+0x95/0xe0 mm/kasan/kasan.c:536
slab_post_alloc_hook mm/slab.h:442 [inline]
slab_alloc mm/slab.c:3390 [inline]
__do_kmalloc mm/slab.c:3718 [inline]
__kmalloc+0x145/0x7c0 mm/slab.c:3729
kmalloc_array include/linux/slab.h:607 [inline]
kcalloc include/linux/slab.h:618 [inline]
iter_file_splice_write+0x143/0xa10 fs/splice.c:692
do_splice_from fs/splice.c:851 [inline]
direct_splice_actor+0x115/0x160 fs/splice.c:1018
splice_direct_to_actor+0x27e/0x730 fs/splice.c:973
do_splice_direct+0x164/0x210 fs/splice.c:1061
do_sendfile+0x469/0xaf0 fs/read_write.c:1441
SYSC_sendfile64 fs/read_write.c:1496 [inline]
SyS_sendfile64+0x9b/0x110 fs/read_write.c:1488
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x45ca29
RSP: 002b:00007f234f71bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 00000000004fc540 RCX: 000000000045ca29
RDX: 00000000200001c0 RSI: 0000000000000006 RDI: 0000000000000006
RBP: 000000000078c0e0 R08: 0000000000000000 R09: 0000000000000000
R10: 00008080fffffffe R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000000008dc R14: 00000000004cba16 R15: 00007f234f71c6d4
Code: eb d6 90 41 57 41 56 41 55 41 54 55 53 48 8b 1f 48 85 db 0f 84 08 01 00 00 48 89 f5 49 89 fd 48 85 ed 49 89 ee 0f 84 8b 00 00 00 <49> 63 86 fc 00 00 00 4c 8b 23 48 29 c3 48 83 3d b3 a6 4d 06 00
RIP: qlink_to_object mm/kasan/quarantine.c:136 [inline] RSP: ffff8880580678f8
RIP: qlink_free mm/kasan/quarantine.c:141 [inline] RSP: ffff8880580678f8
RIP: qlist_free_all+0x28/0x140 mm/kasan/quarantine.c:166 RSP: ffff8880580678f8
CR2: 00000000000000fc
---[ end trace f3075cf6d87d9803 ]---