__dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold+0xa/0xf lib/fault-inject.c:149 __should_failslab+0x115/0x180 mm/failslab.c:32 kasan: GPF could be caused by NULL-ptr deref or user memory access should_failslab+0x5/0x10 mm/slab_common.c:1590 general protection fault: 0000 [#1] PREEMPT SMP KASAN slab_pre_alloc_hook mm/slab.h:424 [inline] slab_alloc mm/slab.c:3383 [inline] __do_kmalloc mm/slab.c:3725 [inline] __kmalloc+0x2ab/0x3c0 mm/slab.c:3736 CPU: 0 PID: 8131 Comm: syz-executor297 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 kmalloc_array include/linux/slab.h:637 [inline] __kfifo_alloc+0x174/0x290 lib/kfifo.c:57 RIP: 0010:cdev_del+0x22/0x90 fs/char_dev.c:602 gsm_dlci_alloc+0xd4/0x410 drivers/tty/n_gsm.c:1656 Code: cf 0f 1f 80 00 00 00 00 55 48 89 fd 48 83 ec 08 e8 b3 dc be ff 48 8d 7d 64 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 4f 48 gsm_activate_mux+0x1f4/0x290 drivers/tty/n_gsm.c:2139 RSP: 0018:ffff888095ddfba0 EFLAGS: 00010207 gsmld_attach_gsm drivers/tty/n_gsm.c:2260 [inline] gsmld_open+0x4fa/0x7e0 drivers/tty/n_gsm.c:2394 RAX: dffffc0000000000 RBX: ffff88823892d000 RCX: ffffffff83b8674f RDX: 000000000000000c RSI: ffffffff81a3a8bd RDI: 0000000000000064 tty_ldisc_open+0x81/0xc0 drivers/tty/tty_ldisc.c:469 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 tty_set_ldisc+0x2d2/0x650 drivers/tty/tty_ldisc.c:594 R10: 0000000000000007 R11: 0000000000000000 R12: ffff88823892d008 tiocsetd drivers/tty/tty_io.c:2359 [inline] tty_ioctl+0xb4b/0x1630 drivers/tty/tty_io.c:2603 R13: ffff88823899d188 R14: ffff8880ae075780 R15: ffff8880955ecaf8 FS: 0000555556258300(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ff1aec659a5 CR3: 000000009aa90000 CR4: 00000000003406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: tty_unregister_device drivers/tty/tty_io.c:3054 [inline] tty_unregister_device+0x112/0x1b0 drivers/tty/tty_io.c:3049 gsmld_detach_gsm drivers/tty/n_gsm.c:2289 [inline] gsmld_close+0xaa/0x1f0 drivers/tty/n_gsm.c:2358 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688 tty_ldisc_close+0xa2/0xd0 drivers/tty/tty_ldisc.c:493 tty_ldisc_kill drivers/tty/tty_ldisc.c:639 [inline] tty_ldisc_release+0xf5/0x440 drivers/tty/tty_ldisc.c:806 tty_release_struct+0x20/0xe0 drivers/tty/tty_io.c:1611 tty_release+0xc70/0x1210 drivers/tty/tty_io.c:1784 __fput+0x2ce/0x890 fs/file_table.c:278 task_work_run+0x148/0x1c0 kernel/task_work.c:113 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705 exit_task_work include/linux/task_work.h:22 [inline] do_exit+0xbf3/0x2be0 kernel/exit.c:870 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fd9cd1f1149 do_group_exit+0x125/0x310 kernel/exit.c:967 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 __do_sys_exit_group kernel/exit.c:978 [inline] __se_sys_exit_group kernel/exit.c:976 [inline] __x64_sys_exit_group+0x3a/0x50 kernel/exit.c:976 RSP: 002b:00007ffe188153f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fd9cd1f1149 entry_SYSCALL_64_after_hwframe+0x49/0xbe RDX: 0000000020000180 RSI: 0000000000005423 RDI: 0000000000000003 RBP: 00007ffe18815410 R08: 0000000000000001 R09: 0000000000000000 RIP: 0033:0x7fd9cd1efdd9 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 Code: Bad RIP value. R13: 00007ffe1881540c R14: 00007ffe18815430 R15: 00007ffe18815420 RSP: 002b:00007ffe188153a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 00007fd9cd2643f0 RCX: 00007fd9cd1efdd9 Mem-Info: RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd9cd2643f0 R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 active_anon:5523 inactive_anon:4745 isolated_anon:0 active_file:5342 inactive_file:10059 isolated_file:0 unevictable:0 dirty:6069 writeback:0 unstable:0 slab_reclaimable:16176 slab_unreclaimable:113259 mapped:3860 shmem:4925 pagetables:629 bounce:0 free:1530909 free_pcp:401 free_cma:0 Modules linked in: CPU: 0 PID: 8342 Comm: syz-executor297 Tainted: G D 4.19.211-syzkaller #0 Node 0 active_anon:22184kB inactive_anon:19056kB active_file:21244kB inactive_file:40284kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:15440kB dirty:24316kB writeback:0kB shmem:19776kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 10240kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold+0xa/0xf lib/fault-inject.c:149 __should_failslab+0x115/0x180 mm/failslab.c:32 should_failslab+0x5/0x10 mm/slab_common.c:1590 slab_pre_alloc_hook mm/slab.h:424 [inline] slab_alloc mm/slab.c:3383 [inline] kmem_cache_alloc_trace+0x46/0x380 mm/slab.c:3623 kmalloc include/linux/slab.h:515 [inline] kzalloc include/linux/slab.h:709 [inline] gsm_dlci_alloc+0x46/0x410 drivers/tty/n_gsm.c:1650 gsm_activate_mux+0x1f4/0x290 drivers/tty/n_gsm.c:2139 gsmld_attach_gsm drivers/tty/n_gsm.c:2260 [inline] gsmld_open+0x4fa/0x7e0 drivers/tty/n_gsm.c:2394 tty_ldisc_open+0x81/0xc0 drivers/tty/tty_ldisc.c:469 tty_set_ldisc+0x2d2/0x650 drivers/tty/tty_ldisc.c:594 tiocsetd drivers/tty/tty_io.c:2359 [inline] tty_ioctl+0xb4b/0x1630 drivers/tty/tty_io.c:2603 Node 1 active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:8kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no Node 0 DMA free:15908kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 2693 2695 2695 2695 Node 0 DMA32 free:2071048kB min:35996kB low:44992kB high:53988kB active_anon:22184kB inactive_anon:19056kB active_file:21244kB inactive_file:40284kB unevictable:0kB writepending:24316kB present:3129332kB managed:2763452kB mlocked:0kB kernel_stack:7232kB pagetables:2548kB bounce:0kB free_pcp:1532kB local_pcp:1096kB free_cma:0kB vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688 lowmem_reserve[]: 0 0 1 1 1 Node 0 Normal free:8kB min:24kB low:28kB high:32kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:2000kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705 lowmem_reserve[]: 0 0 0 0 0 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fd9cd1f1149 Node 1 Normal free:4038536kB min:53876kB low:67344kB high:80812kB active_anon:0kB inactive_anon:0kB active_file:124kB inactive_file:0kB unevictable:0kB writepending:8kB present:4194304kB managed:4128248kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffe188153f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fd9cd1f1149 RDX: 0000000020000180 RSI: 0000000000005423 RDI: 0000000000000003 RBP: 00007ffe18815410 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 R13: 00007ffe1881540c R14: 00007ffe18815430 R15: 00007ffe18815420 lowmem_reserve[]: 0 0 0 0 0 0 pages in swap cache Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB Swap cache stats: add 0, delete 0, find 0/0 Node 0 DMA32: 782*4kB (UE) 111*8kB (UME) 85*16kB (UME) 175*32kB (UME) 33*64kB (UME) 6*128kB (UE) 3*256kB (UME) 2*512kB (U) 2*1024kB (ME) 3*2048kB (UME) 500*4096kB (M) = 2071840kB FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 Node 0 Normal: 0*4kB 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB CPU: 0 PID: 8352 Comm: syz-executor297 Tainted: G D 4.19.211-syzkaller #0 Node 1 Normal: 100*4kB (UE) 381*8kB (UE) 303*16kB (UME) 73*32kB (UME) 28*64kB (UME) 18*128kB (UME) 12*256kB (UME) 7*512kB (UME) 3*1024kB (UM) 0*2048kB 980*4096kB (M) = 4038536kB Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold+0xa/0xf lib/fault-inject.c:149 Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB __should_failslab+0x115/0x180 mm/failslab.c:32 should_failslab+0x5/0x10 mm/slab_common.c:1590 slab_pre_alloc_hook mm/slab.h:424 [inline] slab_alloc mm/slab.c:3383 [inline] __do_kmalloc mm/slab.c:3725 [inline] __kmalloc+0x2ab/0x3c0 mm/slab.c:3736 kmalloc_array include/linux/slab.h:637 [inline] __kfifo_alloc+0x174/0x290 lib/kfifo.c:57 gsm_dlci_alloc+0xd4/0x410 drivers/tty/n_gsm.c:1656 gsm_activate_mux+0x1f4/0x290 drivers/tty/n_gsm.c:2139 gsmld_attach_gsm drivers/tty/n_gsm.c:2260 [inline] gsmld_open+0x4fa/0x7e0 drivers/tty/n_gsm.c:2394 Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB tty_ldisc_open+0x81/0xc0 drivers/tty/tty_ldisc.c:469 tty_set_ldisc+0x2d2/0x650 drivers/tty/tty_ldisc.c:594 tiocsetd drivers/tty/tty_io.c:2359 [inline] tty_ioctl+0xb4b/0x1630 drivers/tty/tty_io.c:2603 Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 20356 total pagecache pages vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 Total swap = 0kB entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fd9cd1f1149 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffe188153f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fd9cd1f1149 RDX: 0000000020000180 RSI: 0000000000005423 RDI: 0000000000000003 2097051 pages RAM RBP: 00007ffe18815410 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 R13: 00007ffe1881540c R14: 00007ffe18815430 R15: 00007ffe18815420 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 Free swap = 0kB CPU: 0 PID: 8356 Comm: syz-executor297 Tainted: G D 4.19.211-syzkaller #0 Total swap = 0kB Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold+0xa/0xf lib/fault-inject.c:149 2097051 pages RAM __should_failslab+0x115/0x180 mm/failslab.c:32 should_failslab+0x5/0x10 mm/slab_common.c:1590 slab_pre_alloc_hook mm/slab.h:424 [inline] slab_alloc mm/slab.c:3383 [inline] __do_kmalloc mm/slab.c:3725 [inline] __kmalloc+0x2ab/0x3c0 mm/slab.c:3736 kmalloc_array include/linux/slab.h:637 [inline] __kfifo_alloc+0x174/0x290 lib/kfifo.c:57 gsm_dlci_alloc+0xd4/0x410 drivers/tty/n_gsm.c:1656 gsm_activate_mux+0x1f4/0x290 drivers/tty/n_gsm.c:2139 gsmld_attach_gsm drivers/tty/n_gsm.c:2260 [inline] gsmld_open+0x4fa/0x7e0 drivers/tty/n_gsm.c:2394 tty_ldisc_open+0x81/0xc0 drivers/tty/tty_ldisc.c:469 tty_set_ldisc+0x2d2/0x650 drivers/tty/tty_ldisc.c:594 tiocsetd drivers/tty/tty_io.c:2359 [inline] tty_ioctl+0xb4b/0x1630 drivers/tty/tty_io.c:2603 0 pages HighMem/MovableOnly 369649 pages reserved vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688 0 pages HighMem/MovableOnly 0 pages cma reserved Falling back ldisc for ptm5. ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fd9cd1f1149 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffe188153f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 369649 pages reserved RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fd9cd1f1149 RDX: 0000000020000180 RSI: 0000000000005423 RDI: 0000000000000003 RBP: 00007ffe18815410 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 0 pages cma reserved R13: 00007ffe1881540c R14: 00007ffe18815430 R15: 00007ffe18815420 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 Falling back ldisc for ptm2. CPU: 0 PID: 8361 Comm: syz-executor297 Tainted: G D 4.19.211-syzkaller #0 ---[ end trace f1cbbc977665012e ]--- Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold+0xa/0xf lib/fault-inject.c:149 RIP: 0010:cdev_del+0x22/0x90 fs/char_dev.c:602 Code: cf 0f 1f 80 00 00 00 00 55 48 89 fd 48 83 ec 08 e8 b3 dc be ff 48 8d 7d 64 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 4f 48 __should_failslab+0x115/0x180 mm/failslab.c:32 should_failslab+0x5/0x10 mm/slab_common.c:1590 slab_pre_alloc_hook mm/slab.h:424 [inline] slab_alloc_node mm/slab.c:3304 [inline] kmem_cache_alloc_node_trace+0x244/0x3b0 mm/slab.c:3666 __do_kmalloc_node mm/slab.c:3688 [inline] __kmalloc_node+0x38/0x70 mm/slab.c:3696 kmalloc_node include/linux/slab.h:557 [inline] __vmalloc_area_node+0x15f/0x780 mm/vmalloc.c:1677 RSP: 0018:ffff888095ddfba0 EFLAGS: 00010207 RAX: dffffc0000000000 RBX: ffff88823892d000 RCX: ffffffff83b8674f RDX: 000000000000000c RSI: ffffffff81a3a8bd RDI: 0000000000000064 __vmalloc_node_range mm/vmalloc.c:1753 [inline] __vmalloc_node mm/vmalloc.c:1804 [inline] __vmalloc_node_flags mm/vmalloc.c:1818 [inline] vzalloc+0x10a/0x1a0 mm/vmalloc.c:1857 n_tty_open+0x16/0x160 drivers/tty/n_tty.c:1912 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 tty_ldisc_open+0x81/0xc0 drivers/tty/tty_ldisc.c:469 kasan: CONFIG_KASAN_INLINE enabled tty_ldisc_failto+0x13b/0x1a0 drivers/tty/tty_ldisc.c:515 tty_ldisc_restore drivers/tty/tty_ldisc.c:532 [inline] tty_set_ldisc+0x4db/0x650 drivers/tty/tty_ldisc.c:598 tiocsetd drivers/tty/tty_io.c:2359 [inline] tty_ioctl+0xb4b/0x1630 drivers/tty/tty_io.c:2603 R10: 0000000000000007 R11: 0000000000000000 R12: ffff88823892d008 kasan: GPF could be caused by NULL-ptr deref or user memory access R13: ffff88823899d188 R14: ffff8880ae075780 R15: ffff8880955ecaf8 general protection fault: 0000 [#2] PREEMPT SMP KASAN CPU: 1 PID: 8135 Comm: syz-executor297 Tainted: G D 4.19.211-syzkaller #0 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:cdev_del+0x22/0x90 fs/char_dev.c:602 Code: cf 0f 1f 80 00 00 00 00 55 48 89 fd 48 83 ec 08 e8 b3 dc be ff 48 8d 7d 64 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 4f 48 RSP: 0018:ffff888094a97ba0 EFLAGS: 00010207 RAX: dffffc0000000000 RBX: ffff88823892d000 RCX: ffffffff83b8674f RDX: 000000000000000c RSI: ffffffff81a3a8bd RDI: 0000000000000064 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000007 R11: 0000000031af2962 R12: ffff88823892d008 R13: ffff88823899cf88 R14: ffff8880b15ff240 R15: ffff8880abad53b8 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705 FS: 0000555556258300(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 CR2: 00007f1afd27d028 CR3: 00000000b4d94000 CR4: 00000000003406e0 entry_SYSCALL_64_after_hwframe+0x49/0xbe DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 RIP: 0033:0x7fd9cd1f1149 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 Call Trace: RSP: 002b:00007ffe188153f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 tty_unregister_device drivers/tty/tty_io.c:3054 [inline] tty_unregister_device+0x112/0x1b0 drivers/tty/tty_io.c:3049 RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fd9cd1f1149 gsmld_detach_gsm drivers/tty/n_gsm.c:2289 [inline] gsmld_close+0xaa/0x1f0 drivers/tty/n_gsm.c:2358 RDX: 0000000020000180 RSI: 0000000000005423 RDI: 0000000000000003 RBP: 00007ffe18815410 R08: 0000000000000001 R09: 0000000000000000 tty_ldisc_close+0xa2/0xd0 drivers/tty/tty_ldisc.c:493 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 tty_ldisc_kill drivers/tty/tty_ldisc.c:639 [inline] tty_ldisc_release+0xf5/0x440 drivers/tty/tty_ldisc.c:806 R13: 00007ffe1881540c R14: 00007ffe18815430 R15: 00007ffe18815420 tty_release_struct+0x20/0xe0 drivers/tty/tty_io.c:1611 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 tty_release+0xc70/0x1210 drivers/tty/tty_io.c:1784 CPU: 0 PID: 8421 Comm: syz-executor297 Tainted: G D 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 __fput+0x2ce/0x890 fs/file_table.c:278 Call Trace: task_work_run+0x148/0x1c0 kernel/task_work.c:113 __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 exit_task_work include/linux/task_work.h:22 [inline] do_exit+0xbf3/0x2be0 kernel/exit.c:870 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold+0xa/0xf lib/fault-inject.c:149 __should_failslab+0x115/0x180 mm/failslab.c:32 do_group_exit+0x125/0x310 kernel/exit.c:967 should_failslab+0x5/0x10 mm/slab_common.c:1590 __do_sys_exit_group kernel/exit.c:978 [inline] __se_sys_exit_group kernel/exit.c:976 [inline] __x64_sys_exit_group+0x3a/0x50 kernel/exit.c:976 slab_pre_alloc_hook mm/slab.h:424 [inline] slab_alloc_node mm/slab.c:3304 [inline] kmem_cache_alloc_node_trace+0x244/0x3b0 mm/slab.c:3666 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 __do_kmalloc_node mm/slab.c:3688 [inline] __kmalloc_node+0x38/0x70 mm/slab.c:3696 entry_SYSCALL_64_after_hwframe+0x49/0xbe kmalloc_node include/linux/slab.h:557 [inline] __vmalloc_area_node+0x15f/0x780 mm/vmalloc.c:1677 RIP: 0033:0x7fd9cd1efdd9 Code: 00 49 c7 c0 c0 ff ff ff be e7 00 00 00 ba 3c 00 00 00 eb 12 0f 1f 44 00 00 89 d0 0f 05 48 3d 00 f0 ff ff 77 1c f4 89 f0 0f 05 <48> 3d 00 f0 ff ff 76 e7 f7 d8 64 41 89 00 eb df 0f 1f 80 00 00 00 RSP: 002b:00007ffe188153a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 00007fd9cd2643f0 RCX: 00007fd9cd1efdd9 RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 __vmalloc_node_range mm/vmalloc.c:1753 [inline] __vmalloc_node mm/vmalloc.c:1804 [inline] __vmalloc_node_flags mm/vmalloc.c:1818 [inline] vzalloc+0x10a/0x1a0 mm/vmalloc.c:1857 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd9cd2643f0 n_tty_open+0x16/0x160 drivers/tty/n_tty.c:1912 R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 Modules linked in: tty_ldisc_open+0x81/0xc0 drivers/tty/tty_ldisc.c:469 FS: 0000555556258300(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000 tty_ldisc_failto+0x13b/0x1a0 drivers/tty/tty_ldisc.c:515 tty_ldisc_restore drivers/tty/tty_ldisc.c:532 [inline] tty_set_ldisc+0x4db/0x650 drivers/tty/tty_ldisc.c:598 tiocsetd drivers/tty/tty_io.c:2359 [inline] tty_ioctl+0xb4b/0x1630 drivers/tty/tty_io.c:2603 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688 CR2: 00007ffc7f0f6407 CR3: 00000000ab77a000 CR4: 00000000003406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: cf iret 1: 0f 1f 80 00 00 00 00 nopl 0x0(%rax) 8: 55 push %rbp 9: 48 89 fd mov %rdi,%rbp c: 48 83 ec 08 sub $0x8,%rsp 10: e8 b3 dc be ff callq 0xffbedcc8 15: 48 8d 7d 64 lea 0x64(%rbp),%rdi 19: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 20: fc ff df 23: 48 89 fa mov %rdi,%rdx 26: 48 c1 ea 03 shr $0x3,%rdx * 2a: 0f b6 14 02 movzbl (%rdx,%rax,1),%edx <-- trapping instruction 2e: 48 89 f8 mov %rdi,%rax 31: 83 e0 07 and $0x7,%eax 34: 83 c0 03 add $0x3,%eax 37: 38 d0 cmp %dl,%al 39: 7c 04 jl 0x3f 3b: 84 d2 test %dl,%dl 3d: 75 4f jne 0x8e 3f: 48 rex.W