BUG: unable to handle kernel NULL pointer dereference at 00000000000000fc IP: qlink_to_object mm/kasan/quarantine.c:136 [inline] IP: qlink_free mm/kasan/quarantine.c:141 [inline] IP: qlist_free_all+0x28/0x140 mm/kasan/quarantine.c:166 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP KASAN Modules linked in: CPU: 0 PID: 28267 Comm: systemd-udevd Not tainted 4.14.181-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff88808fd5c4c0 task.stack: ffff888088060000 RIP: 0010:qlink_to_object mm/kasan/quarantine.c:136 [inline] RIP: 0010:qlink_free mm/kasan/quarantine.c:141 [inline] RIP: 0010:qlist_free_all+0x28/0x140 mm/kasan/quarantine.c:166 RSP: 0018:ffff888088067ca0 EFLAGS: 00010246 RAX: ffffea0000000000 RBX: ffff888000000000 RCX: ffffea000000001f RDX: 0000000000000000 RSI: ffff88808fd5cd48 RDI: ffff888000000000 Cannot find set identified by id 0 to match RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffff888000000000 R13: ffff888088067cd8 R14: 0000000000000000 R15: 0000000000000286 FS: 00007f4fd622d8c0(0000) GS:ffff8880aea00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000000fc CR3: 00000000a0841000 CR4: 00000000001426f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: quarantine_reduce+0x140/0x170 mm/kasan/quarantine.c:259 kasan_kmalloc+0x95/0xe0 mm/kasan/kasan.c:536 slab_post_alloc_hook mm/slab.h:442 [inline] slab_alloc mm/slab.c:3390 [inline] kmem_cache_alloc+0x114/0x770 mm/slab.c:3550 getname_flags fs/namei.c:138 [inline] getname_flags+0xc8/0x560 fs/namei.c:128 getname fs/namei.c:209 [inline] do_unlinkat+0x9e/0x5d0 fs/namei.c:4065 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7f4fd50a20e7 RSP: 002b:00007ffc9ee1fe28 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 RAX: ffffffffffffffda RBX: 000055f101d17390 RCX: 00007f4fd50a20e7 RDX: 00007ffc9ee1fd00 RSI: 00007ffc9ee1fd00 RDI: 00007ffc9ee1fe30 RBP: 0000000000000afa R08: 00000000000001c0 R09: 0000000000000014 R10: 00007ffc9ee1fe00 R11: 0000000000000246 R12: 00007ffc9ee1fe30 R13: 000055f101d17390 R14: 0000000000000003 R15: 000000000000000e Code: eb d6 90 41 57 41 56 41 55 41 54 55 53 48 8b 1f 48 85 db 0f 84 08 01 00 00 48 89 f5 49 89 fd 48 85 ed 49 89 ee 0f 84 8b 00 00 00 <49> 63 86 fc 00 00 00 4c 8b 23 48 29 c3 48 83 3d b3 a6 4d 06 00 RIP: qlink_to_object mm/kasan/quarantine.c:136 [inline] RSP: ffff888088067ca0 RIP: qlink_free mm/kasan/quarantine.c:141 [inline] RSP: ffff888088067ca0 RIP: qlist_free_all+0x28/0x140 mm/kasan/quarantine.c:166 RSP: ffff888088067ca0 CR2: 00000000000000fc BUG: unable to handle kernel NULL pointer dereference at 00000000000000fc IP: qlink_to_object mm/kasan/quarantine.c:136 [inline] IP: qlink_free mm/kasan/quarantine.c:141 [inline] IP: qlist_free_all+0x28/0x140 mm/kasan/quarantine.c:166 PGD 9560b067 P4D 9560b067 PUD 9f5d4067 PMD 0 Oops: 0000 [#2] PREEMPT SMP KASAN Modules linked in: CPU: 0 PID: 28278 Comm: syz-executor.2 Tainted: G D 4.14.181-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff888058488280 task.stack: ffff888058060000 RIP: 0010:qlink_to_object mm/kasan/quarantine.c:136 [inline] RIP: 0010:qlink_free mm/kasan/quarantine.c:141 [inline] RIP: 0010:qlist_free_all+0x28/0x140 mm/kasan/quarantine.c:166 RSP: 0018:ffff8880580678f8 EFLAGS: 00010246 RAX: ffffea0000000000 RBX: ffff888000000000 RCX: ffffea000000001f RDX: 0000000000000000 RSI: ffffffff8129cb93 RDI: ffff888000000000 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: ffff88812fffb000 R11: ffffea0000004a20 R12: ffff888000000000 R13: ffff888058067930 R14: 0000000000000000 R15: 0000000000000286 FS: 00007f234f71c700(0000) GS:ffff8880aea00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000000fc CR3: 00000000a9201000 CR4: 00000000001426f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: quarantine_reduce+0x140/0x170 mm/kasan/quarantine.c:259 kasan_kmalloc+0x95/0xe0 mm/kasan/kasan.c:536 slab_post_alloc_hook mm/slab.h:442 [inline] slab_alloc mm/slab.c:3390 [inline] __do_kmalloc mm/slab.c:3718 [inline] __kmalloc+0x145/0x7c0 mm/slab.c:3729 kmalloc_array include/linux/slab.h:607 [inline] kcalloc include/linux/slab.h:618 [inline] iter_file_splice_write+0x143/0xa10 fs/splice.c:692 do_splice_from fs/splice.c:851 [inline] direct_splice_actor+0x115/0x160 fs/splice.c:1018 splice_direct_to_actor+0x27e/0x730 fs/splice.c:973 do_splice_direct+0x164/0x210 fs/splice.c:1061 do_sendfile+0x469/0xaf0 fs/read_write.c:1441 SYSC_sendfile64 fs/read_write.c:1496 [inline] SyS_sendfile64+0x9b/0x110 fs/read_write.c:1488 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x45ca29 RSP: 002b:00007f234f71bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 RAX: ffffffffffffffda RBX: 00000000004fc540 RCX: 000000000045ca29 RDX: 00000000200001c0 RSI: 0000000000000006 RDI: 0000000000000006 RBP: 000000000078c0e0 R08: 0000000000000000 R09: 0000000000000000 R10: 00008080fffffffe R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000000008dc R14: 00000000004cba16 R15: 00007f234f71c6d4 Code: eb d6 90 41 57 41 56 41 55 41 54 55 53 48 8b 1f 48 85 db 0f 84 08 01 00 00 48 89 f5 49 89 fd 48 85 ed 49 89 ee 0f 84 8b 00 00 00 <49> 63 86 fc 00 00 00 4c 8b 23 48 29 c3 48 83 3d b3 a6 4d 06 00 RIP: qlink_to_object mm/kasan/quarantine.c:136 [inline] RSP: ffff8880580678f8 RIP: qlink_free mm/kasan/quarantine.c:141 [inline] RSP: ffff8880580678f8 RIP: qlist_free_all+0x28/0x140 mm/kasan/quarantine.c:166 RSP: ffff8880580678f8 CR2: 00000000000000fc ---[ end trace f3075cf6d87d9803 ]---