================================================================== kasan: CONFIG_KASAN_INLINE enabled BUG: KASAN: stack-out-of-bounds in locks_inode include/linux/fs.h:1061 [inline] BUG: KASAN: stack-out-of-bounds in locks_remove_posix+0x787/0x890 fs/locks.c:2468 kasan: GPF could be caused by NULL-ptr deref or user memory access Read of size 8 at addr ffff8801b7644e18 by task syz-executor473/4469 general protection fault: 0000 [#1] SMP KASAN CPU: 1 PID: 4469 Comm: syz-executor473 Not tainted 4.18.0-rc3+ #58 CPU: 0 PID: 17562 Comm: syz-executor473 Not tainted 4.18.0-rc3+ #58 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__read_seqcount_begin include/linux/seqlock.h:113 [inline] RIP: 0010:raw_read_seqcount_begin include/linux/seqlock.h:148 [inline] RIP: 0010:hrtimer_active+0x1fb/0x440 kernel/time/hrtimer.c:1327 Call Trace: Code: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113 ff 80 38 00 0f print_address_description+0x6c/0x20b mm/kasan/report.c:256 85 f3 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report.cold.7+0x242/0x2fe mm/kasan/report.c:412 01 __asan_report_load8_noabort+0x14/0x20 mm/kasan/report.c:433 00 locks_inode include/linux/fs.h:1061 [inline] locks_remove_posix+0x787/0x890 fs/locks.c:2468 00 48 8b 85 f0 fe ff ff 4c 8d 6b 10 48 89 9d 58 ff ff ff c6 filp_close+0x1bb/0x250 fs/open.c:1182 00 f8 4c 89 close_files fs/file.c:388 [inline] put_files_struct+0x26f/0x3a0 fs/file.c:416 e8 48 c1 e8 exit_files+0x83/0xb0 fs/file.c:445 03 do_exit+0xf61/0x2750 kernel/exit.c:860 41 c6 06 04 <42> 0f b6 14 38 4c 89 e8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 RSP: 0018:ffff8801dae07850 EFLAGS: 00010002 RAX: 0000000000000002 RBX: 0000000000000000 RCX: ffffffff8158c5a9 RDX: 0000000000010000 RSI: ffffffff816a4140 RDI: ffff8801b688e3d0 RBP: ffff8801dae07990 R08: ffff8801dae07968 R09: fffffbfff02be35c R10: fffffbfff02be35d R11: ffffffff815f1aeb R12: ffff8801b688d730 R13: 0000000000000010 R14: ffffed003b5c0f15 R15: dffffc0000000000 FS: 00000000024e2880(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f8e1116ce78 CR3: 00000001c4e12000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: do_group_exit+0x177/0x440 kernel/exit.c:968 entity_tick kernel/sched/fair.c:4520 [inline] task_tick_fair+0x60/0x320 kernel/sched/fair.c:9934 get_signal+0x88e/0x1970 kernel/signal.c:2468 scheduler_tick+0x18b/0x430 kernel/sched/core.c:3087 do_signal+0x9c/0x21c0 arch/x86/kernel/signal.c:816 update_process_times+0x51/0x70 kernel/time/timer.c:1641 tick_sched_handle+0x9f/0x180 kernel/time/tick-sched.c:164 tick_sched_timer+0x45/0x130 kernel/time/tick-sched.c:1274 __run_hrtimer kernel/time/hrtimer.c:1398 [inline] __hrtimer_run_queues+0x3eb/0x10c0 kernel/time/hrtimer.c:1460 exit_to_usermode_loop+0x2e0/0x370 arch/x86/entry/common.c:162 prepare_exit_to_usermode+0x342/0x3b0 arch/x86/entry/common.c:197 hrtimer_interrupt+0x2f3/0x750 kernel/time/hrtimer.c:1518 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1025 [inline] smp_apic_timer_interrupt+0x165/0x730 arch/x86/kernel/apic/apic.c:1050 retint_user+0x8/0x18 RIP: 0033:lock_acquire+0x1e4/0x540 kernel/locking/lockdep.c:3924 Code: 10 49 c1 e9 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:863 09 41 Modules linked in: 57 49 83 f1 Dumping ftrace buffer: 01 (ftrace buffer empty) 48 ---[ end trace e84c0149ab776256 ]--- 8b RIP: 0010:__read_seqcount_begin include/linux/seqlock.h:113 [inline] RIP: 0010:raw_read_seqcount_begin include/linux/seqlock.h:148 [inline] RIP: 0010:hrtimer_active+0x1fb/0x440 kernel/time/hrtimer.c:1327 bd Code: 30 ff ff ff 80 ff 38 8b 00 b5 0f 2c 85 ff f3 ff 01 ff 00 41 00 83 48 e1 8b 01 85 65 f0 fe 4c ff 8b ff 24 4c 25 8d 40 6b ee 10 01 48 00 89 e8 9d dc 58 8e ff ff ff ff ff <49> c6 8d 00 bc f8 24 4c 34 89 08 e8 00 48 00 c1 e8 48 03 b8 41 00 c6 00 06 00 00 04 00 <42> fc 0f ff b6 df 48 14 89 38 fa 4c 89 48 e8 83 RSP: 002b:00007ffe727cd790 EFLAGS: 00010217 e0 07 RAX: 0000000000000000 RBX: 00007ffe727cd8c0 RCX: 0000000000473990 83 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007ffe727cd790 c0 RBP: 0000000000001eb0 R08: 0000000000000001 R09: 00000000024e2880 03 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000001eb0 38 d0 R13: 00000000000233be R14: 00007ffe727cd8e8 R15: 0000000000000003 7c 08 Allocated by task 4466: 84 save_stack+0x43/0xd0 mm/kasan/kasan.c:448 d2 set_track mm/kasan/kasan.c:460 [inline] kasan_kmalloc+0xc4/0xe0 mm/kasan/kasan.c:553 0f kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:490 85 kmem_cache_alloc+0x12e/0x760 mm/slab.c:3554 __d_alloc+0xc8/0xd50 fs/dcache.c:1616 RSP: 0018:ffff8801dae07850 EFLAGS: 00010002 d_alloc_pseudo+0x1d/0x30 fs/dcache.c:1744 create_pipe_files+0x42c/0x950 fs/pipe.c:753 RAX: 0000000000000002 RBX: 0000000000000000 RCX: ffffffff8158c5a9 __do_pipe_flags+0x45/0x250 fs/pipe.c:802 RDX: 0000000000010000 RSI: ffffffff816a4140 RDI: ffff8801b688e3d0 do_pipe2+0x9d/0x310 fs/pipe.c:850 RBP: ffff8801dae07990 R08: ffff8801dae07968 R09: fffffbfff02be35c __do_sys_pipe fs/pipe.c:873 [inline] __se_sys_pipe fs/pipe.c:871 [inline] __x64_sys_pipe+0x33/0x40 fs/pipe.c:871 R10: fffffbfff02be35d R11: ffffffff815f1aeb R12: ffff8801b688d730 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 R13: 0000000000000010 R14: ffffed003b5c0f15 R15: dffffc0000000000 entry_SYSCALL_64_after_hwframe+0x49/0xbe FS: 00000000024e2880(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f8e1116ce78 CR3: 00000001c4e12000 CR4: 00000000001406f0 Freed by task 0: DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 (stack is not available) DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400