kasan: GPF could be caused by NULL-ptr deref or user memory access __alloc_pages include/linux/gfp.h:496 [inline] __alloc_pages_node include/linux/gfp.h:509 [inline] kmem_getpages mm/slab.c:1412 [inline] cache_grow_begin+0xa4/0x8a0 mm/slab.c:2682 general protection fault: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 8164 Comm: syz-executor414 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 cache_alloc_refill+0x273/0x340 mm/slab.c:3049 RIP: 0010:__device_attach+0xaa/0x470 drivers/base/dd.c:798 ____cache_alloc mm/slab.c:3132 [inline] __do_cache_alloc mm/slab.c:3354 [inline] slab_alloc mm/slab.c:3389 [inline] kmem_cache_alloc+0x346/0x370 mm/slab.c:3557 Code: e8 03 42 80 3c 20 00 0f 85 77 03 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 65 08 49 8d bc 24 d0 00 00 00 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 06 0f 8e 42 03 00 00 45 0f b6 b4 24 d0 00 00 getname_flags+0xce/0x590 fs/namei.c:140 RSP: 0018:ffff8880954e7a40 EFLAGS: 00010202 do_sys_open+0x26c/0x520 fs/open.c:1079 RAX: dffffc0000000000 RBX: 1ffff11012a9cf49 RCX: 0000000000000000 RDX: 000000000000001a RSI: 0000000000000008 RDI: 00000000000000d0 RBP: ffff8880ae83c4f0 R08: 0000000000000000 R09: ffffed1015d078aa R10: ffff8880ae83c557 R11: 0000000000000000 R12: 0000000000000000 R13: ffff8880954e7c0c R14: 00000000fffffff0 R15: ffff8880ae83c550 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 FS: 00007f5ae3e51700(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000 entry_SYSCALL_64_after_hwframe+0x49/0xbe CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 RIP: 0033:0x7f5ae3e60dd4 CR2: 00007f985d5f1028 CR3: 00000000aac65000 CR4: 00000000003406e0 Code: 84 00 00 00 00 00 44 89 54 24 0c e8 e6 fb ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 18 fc ff ff 8b 44 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 RSP: 002b:00007f5ae3e0ee60 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f5ae3e60dd4 Call Trace: RDX: 0000000000000001 RSI: 00007f5ae3e0eee0 RDI: 00000000ffffff9c RBP: 00007f5ae3e0eee0 R08: 0000000000000000 R09: 0000000000000033 R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 proc_ioctl+0x526/0x630 drivers/usb/core/devio.c:2192 R13: 00007f5ae3e0f300 R14: 0000000000000001 R15: 0000000000022000 proc_ioctl_default drivers/usb/core/devio.c:2227 [inline] usbdev_do_ioctl+0x2773/0x3030 drivers/usb/core/devio.c:2541 CPU: 0 PID: 8174 Comm: syz-executor414 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold+0xa/0xf lib/fault-inject.c:149 __should_failslab+0x115/0x180 mm/failslab.c:32 should_failslab+0x5/0x10 mm/slab_common.c:1590 slab_pre_alloc_hook mm/slab.h:424 [inline] slab_alloc mm/slab.c:3383 [inline] kmem_cache_alloc+0x277/0x370 mm/slab.c:3557 kmem_cache_zalloc include/linux/slab.h:699 [inline] __alloc_file+0x21/0x340 fs/file_table.c:100 usbdev_ioctl+0x21/0x30 drivers/usb/core/devio.c:2585 alloc_empty_file+0x6d/0x170 fs/file_table.c:150 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688 path_openat+0xe9/0x2df0 fs/namei.c:3526 do_filp_open+0x18c/0x3f0 fs/namei.c:3567 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f5ae3eac0f9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 01 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f5ae3e512f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 do_sys_open+0x3b3/0x520 fs/open.c:1085 RAX: ffffffffffffffda RBX: 00007f5ae3f294c8 RCX: 00007f5ae3eac0f9 RDX: 0000000020000080 RSI: 00000000c0105512 RDI: 0000000000000007 RBP: 00007f5ae3f294c0 R08: 0000000000000033 R09: 0000000000000033 R10: 0000000000000033 R11: 0000000000000246 R12: 00007f5ae3ef63a4 R13: 00007f5ae3e51300 R14: 0000000000000001 R15: 0000000000022000 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 Modules linked in: entry_SYSCALL_64_after_hwframe+0x49/0xbe FAULT_INJECTION: forcing a failure. name fail_futex, interval 1, probability 0, space 0, times 0 RIP: 0033:0x7f5ae3e60dd4 Code: 84 00 00 00 00 00 44 89 54 24 0c e8 e6 fb ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 18 fc ff ff 8b 44 RSP: 002b:00007f5ae3e2fe60 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f5ae3e60dd4 RDX: 0000000000000001 RSI: 00007f5ae3e2fee0 RDI: 00000000ffffff9c RBP: 00007f5ae3e2fee0 R08: 0000000000000000 R09: 0000000000000033 R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 R13: 00007f5ae3e30300 R14: 0000000000000001 R15: 0000000000022000 CPU: 1 PID: 8177 Comm: syz-executor414 Tainted: G D 4.19.211-syzkaller #0 ---[ end trace 0fc364ad2bb8f69b ]--- Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold+0xa/0xf lib/fault-inject.c:149 RIP: 0010:__device_attach+0xaa/0x470 drivers/base/dd.c:798 should_fail_futex kernel/futex.c:309 [inline] get_futex_key+0xb38/0x1640 kernel/futex.c:573 futex_wake+0xe4/0x480 kernel/futex.c:1676 Code: e8 03 42 80 3c 20 00 0f 85 77 03 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 65 08 49 8d bc 24 d0 00 00 00 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 06 0f 8e 42 03 00 00 45 0f b6 b4 24 d0 00 00 do_futex+0x2ca/0x1880 kernel/futex.c:3894 RSP: 0018:ffff8880954e7a40 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: 1ffff11012a9cf49 RCX: 0000000000000000 RDX: 000000000000001a RSI: 0000000000000008 RDI: 00000000000000d0 __do_sys_futex kernel/futex.c:3950 [inline] __se_sys_futex+0x28f/0x3b0 kernel/futex.c:3918 RBP: ffff8880ae83c4f0 R08: 0000000000000000 R09: ffffed1015d078aa do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f5ae3eac0f9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 01 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f5ae3e0f2f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca R10: ffff8880ae83c557 R11: 0000000000000000 R12: 0000000000000000 RAX: ffffffffffffffda RBX: 00007f5ae3f294e8 RCX: 00007f5ae3eac0f9 RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f5ae3f294ec RBP: 00007f5ae3f294e0 R08: 0000000000000033 R09: 0000000000000033 R10: 0000000000000033 R11: 0000000000000246 R12: 00007f5ae3ef63a4 R13: 00007f5ae3e0f300 R14: 0000000000000001 R15: 0000000000022000 R13: ffff8880954e7c0c R14: 00000000fffffff0 R15: ffff8880ae83c550 FS: 00007f5ae3e51700(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f5ae3ef5398 CR3: 00000000aac65000 CR4: 00000000003406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: e8 03 42 80 3c callq 0x3c804208 5: 20 00 and %al,(%rax) 7: 0f 85 77 03 00 00 jne 0x384 d: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 14: fc ff df 17: 4c 8b 65 08 mov 0x8(%rbp),%r12 1b: 49 8d bc 24 d0 00 00 lea 0xd0(%r12),%rdi 22: 00 23: 48 89 fa mov %rdi,%rdx 26: 48 c1 ea 03 shr $0x3,%rdx * 2a: 0f b6 04 02 movzbl (%rdx,%rax,1),%eax <-- trapping instruction 2e: 84 c0 test %al,%al 30: 74 06 je 0x38 32: 0f 8e 42 03 00 00 jle 0x37a 38: 45 rex.RB 39: 0f .byte 0xf 3a: b6 b4 mov $0xb4,%dh 3c: 24 d0 and $0xd0,%al