kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access FAULT_INJECTION: forcing a failure. name fail_page_alloc, interval 1, probability 0, space 0, times 0 general protection fault: 0000 [#1] SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 1 PID: 15924 Comm: syz-executor0 Not tainted 4.17.0-rc6+ #69 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 CPU: 0 PID: 15920 Comm: syz-executor1 Not tainted 4.17.0-rc6+ #69 Call Trace: Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1b9/0x294 lib/dump_stack.c:113 RIP: 0010:msr_write_intercepted arch/x86/kvm/vmx.c:2132 [inline] RIP: 0010:vmx_vcpu_run+0xa12/0x25c0 arch/x86/kvm/vmx.c:9879 RSP: 0018:ffff8801b4b173b0 EFLAGS: 00010046 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold.4+0xa/0x1a lib/fault-inject.c:149 ================================================================== BUG: KASAN: stack-out-of-bounds in __show_regs.cold.7+0x4e/0x54a arch/x86/kernel/process_64.c:79 Read of size 8 at addr ffff8801b4b17330 by task syz-executor1/15920 should_fail_alloc_page mm/page_alloc.c:3060 [inline] prepare_alloc_pages mm/page_alloc.c:4319 [inline] __alloc_pages_nodemask+0x34e/0xd70 mm/page_alloc.c:4358 alloc_pages_current+0x10c/0x210 mm/mempolicy.c:2093 alloc_pages include/linux/gfp.h:492 [inline] push_pipe+0x400/0x7a0 lib/iov_iter.c:515 __pipe_get_pages lib/iov_iter.c:1022 [inline] pipe_get_pages_alloc lib/iov_iter.c:1126 [inline] iov_iter_get_pages_alloc+0x84a/0x1510 lib/iov_iter.c:1144 default_file_splice_read+0x1c7/0xad0 fs/splice.c:390 do_splice_to+0x12e/0x190 fs/splice.c:880 splice_direct_to_actor+0x268/0x8d0 fs/splice.c:952 do_splice_direct+0x2cc/0x400 fs/splice.c:1061 do_sendfile+0x60f/0xe00 fs/read_write.c:1440 __do_sys_sendfile64 fs/read_write.c:1495 [inline] __se_sys_sendfile64 fs/read_write.c:1487 [inline] __x64_sys_sendfile64+0x155/0x240 fs/read_write.c:1487 do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x455a09 RSP: 002b:00007ff9a517cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 RAX: ffffffffffffffda RBX: 00007ff9a517d6d4 RCX: 0000000000455a09 RDX: 00000000200000c0 RSI: 0000000000000013 RDI: 0000000000000013 RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 R10: 00000000000000dd R11: 0000000000000246 R12: 0000000000000014 R13: 0000000000000579 R14: 00000000006fc3f8 R15: 0000000000000004 CPU: 0 PID: 15920 Comm: syz-executor1 Not tainted 4.17.0-rc6+ #69 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: The buggy address belongs to the page: page:ffffea0006d2c5c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0 flags: 0x2fffc0000000000() raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff raw: 0000000000000000 ffffea0006d20101 0000000000000000 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 2d4c [#2] SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 0 PID: 15920 Comm: syz-executor1 Not tainted 4.17.0-rc6+ #69 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: b4b16ce0:die_lock+0x0/0x4 RSP: b4b16d08:ffffffff81b5a141 EFLAGS: ffff8801b4b16988 ORIG_RAX: ffffed0036962d4c RAX: 1ffffffff036b428 RBX: ffff8801b4b16988 RCX: 0000000000000000 RDX: 00000000000003fd RSI: ffffffff839fccc1 RDI: ffffffff8b117eb8 RBP: ffff8801b4b16d08 R08: ffff8801b14b6400 R09: 0000000000000001 R10: fffffbfff1622fd0 R11: ffff8801b14b6400 R12: ffffffff81b5a141 R13: 0000000000000020 R14: 0000000000000000 R15: fffffbfff1622fd9 FS: 00007f395f312700(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fa65a1aedb8 CR3: 00000001b616e000 CR4: 00000000001426f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: Code: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 <01> 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 RIP: die_lock+0x0/0x4 RSP: ffffffff81b5a141 ---[ end trace 2e28ba9a8ad8be05 ]---