Hello,
syzkaller hit the following crash on
36ef71cae353f88fd6e095e2aaa3e5953af1685d
git://
git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
compiler: gcc (GCC) 7.1.1 20170620
.config is attached
Raw console output is attached.
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] SMP KASAN
Dumping ftrace buffer:
(ftrace buffer empty)
Modules linked in:
CPU: 3 PID: 5416 Comm: syz-executor7 Not tainted 4.14.0-rc5-next-20171018+
#8
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
task: ffff88002d53a4c0 task.stack: ffff88003a5c8000
RIP: 0010:klist_put+0x4e/0x160 lib/klist.c:213
RSP: 0018:ffff88003a5cf390 EFLAGS: 00010206
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff84df18f6
RDX: 000000000000000a RSI: ffffc90003712000 RDI: 0000000000000050
RBP: ffff88003a5cf3b0 R08: 0000000000000001 R09: 1ffff100074b9e56
R10: ffff88003a5cf278 R11: 0000000000000002 R12: ffff88006b79caf8
R13: 0000000000000001 R14: ffffffff84df1ddb R15: ffff88006b03ad10
FS: 00007f03f0680700(0000) GS:ffff88006df00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000002085dff8 CR3: 000000003d7cc000 CR4: 00000000000006e0
DR0: 0000000020000000 DR1: 0000000020000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
klist_del lib/klist.c:231 [inline]
klist_remove+0x220/0x4e0 lib/klist.c:250
__device_release_driver drivers/base/dd.c:873 [inline]
device_release_driver_internal+0x42b/0x5b0 drivers/base/dd.c:893
device_release_driver+0x19/0x20 drivers/base/dd.c:918
usb_driver_release_interface+0x138/0x160 drivers/usb/core/driver.c:604
proc_disconnect_claim+0x221/0x380 drivers/usb/core/devio.c:2282
usbdev_do_ioctl+0x169f/0x3670 drivers/usb/core/devio.c:2524
usbdev_ioctl+0x25/0x30 drivers/usb/core/devio.c:2552
vfs_ioctl fs/ioctl.c:45 [inline]
do_vfs_ioctl+0x1b1/0x1520 fs/ioctl.c:685
SYSC_ioctl fs/ioctl.c:700 [inline]
SyS_ioctl+0x8f/0xc0 fs/ioctl.c:691
entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x447c89
RSP: 002b:00007f03f067fbd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f03f06806cc RCX: 0000000000447c89
RDX: 000000002027efff RSI: 000000008108551b RDI: 0000000000000013
RBP: 0000000000000082 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000008640 R14: 00000000006ec6e0 R15: 00007f03f0680700
Code: 48 c1 ea 03 80 3c 02 00 0f 85 1b 01 00 00 49 8b 1c 24 48 b8 00 00 00
00 00 fc ff df 48 83 e3 fe 48 8d 7b 50 48 89 fa 48 c1 ea 03 <80> 3c 02 00
0f 85 ea 00 00 00 48 89 df 4c 8b 73 50 e8 7c 3e 06
RIP: klist_put+0x4e/0x160 lib/klist.c:213 RSP: ffff88003a5cf390
---[ end trace 13ad6cc38e4181e7 ]---
---
This bug is generated by a dumb bot. It may contain errors.
See
https://goo.gl/tpsmEJ for details.
Direct all questions to
syzk...@googlegroups.com.
Please credit me with: Reported-by: syzbot <
syzk...@googlegroups.com>
syzbot will keep track of this bug report.
Once a fix for this bug is committed, please reply to this email with:
#syz fix: exact-commit-title
To mark this as a duplicate of another syzbot report, please reply with:
#syz dup: exact-subject-of-another-report
If it's a one-off invalid bug report, please reply with:
#syz invalid
Note: if the crash happens again, it will cause creation of a new bug
report.
Note: all commands must start from beginning of the line.