SYSC_sendfile64 fs/read_write.c:1502 [inline] SyS_sendfile64+0x102/0x110 fs/read_write.c:1488 do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292 general protection fault: 0000 [#1] PREEMPT SMP KASAN Modules linked in: entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x459879 CPU: 1 PID: 23711 Comm: syz-executor.3 Not tainted 4.14.141 #37 RSP: 002b:00007f0e97312c78 EFLAGS: 00000246 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ORIG_RAX: 0000000000000028 task: ffff888062514340 task.stack: ffff888048c60000 RAX: ffffffffffffffda RBX: 00007f0e97312c90 RCX: 0000000000459879 RIP: 0010:scatterwalk_start include/crypto/scatterwalk.h:86 [inline] RIP: 0010:scatterwalk_pagedone include/crypto/scatterwalk.h:111 [inline] RIP: 0010:scatterwalk_pagedone include/crypto/scatterwalk.h:95 [inline] RIP: 0010:scatterwalk_copychunks+0x4d6/0x6b0 crypto/scatterwalk.c:55 RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 RSP: 0018:ffff888048c67648 EFLAGS: 00010202 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000040d09 R11: 0000000000000246 R12: 00007f0e973136d4 RAX: dffffc0000000000 RBX: 0000000000001000 RCX: ffffc9001433f000 R13: 00000000004c7065 R14: 00000000004dc6d0 R15: 0000000000000006 RDX: 0000000000000002 RSI: ffffffff82d55709 RDI: ffff88806462f5a8 RBP: ffff888048c676b8 R08: ffffed100c8ae7da R09: 0000000000000002 R10: ffffed100c8ae7d9 R11: ffff888064573ecc R12: 0000000000001000 R13: 0000000000000000 R14: ffff888048c67710 R15: 0000000000003000 FS: 00007fda0ba05700(0000) GS:ffff8880aef00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b31f27000 CR3: 00000000a52fa000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 CPU: 0 PID: 23707 Comm: syz-executor.2 Not tainted 4.14.141 #37 Call Trace: Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 scatterwalk_map_and_copy crypto/scatterwalk.c:72 [inline] scatterwalk_map_and_copy+0x12f/0x1d0 crypto/scatterwalk.c:60 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x138/0x197 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold+0x10f/0x159 lib/fault-inject.c:149 should_failslab+0xdb/0x130 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3376 [inline] kmem_cache_alloc+0x47/0x780 mm/slab.c:3550 gcmaes_encrypt.constprop.0+0x1d2/0xb90 arch/x86/crypto/aesni-intel_glue.c:778 skb_clone+0x129/0x320 net/core/skbuff.c:1282 __skb_tstamp_tx+0x35f/0x640 net/core/skbuff.c:4367 generic_gcmaes_encrypt+0xf4/0x130 arch/x86/crypto/aesni-intel_glue.c:1111 __dev_queue_xmit+0x181f/0x25e0 net/core/dev.c:3460 crypto_aead_encrypt include/crypto/aead.h:330 [inline] gcmaes_wrapper_encrypt+0xef/0x150 arch/x86/crypto/aesni-intel_glue.c:945 crypto_aead_encrypt include/crypto/aead.h:330 [inline] tls_do_encryption net/tls/tls_sw.c:234 [inline] tls_push_record+0x906/0x1210 net/tls/tls_sw.c:270 tls_sw_sendpage+0x434/0xb50 net/tls/tls_sw.c:617 dev_queue_xmit+0x18/0x20 net/core/dev.c:3558 inet_sendpage+0x157/0x580 net/ipv4/af_inet.c:779 packet_snd net/packet/af_packet.c:2993 [inline] packet_sendmsg+0x1de0/0x5a70 net/packet/af_packet.c:3018 kernel_sendpage+0x92/0xf0 net/socket.c:3406 sock_sendpage+0x8b/0xc0 net/socket.c:871 pipe_to_sendpage+0x242/0x340 fs/splice.c:451 sock_sendmsg_nosec net/socket.c:646 [inline] sock_sendmsg+0xce/0x110 net/socket.c:656 splice_from_pipe_feed fs/splice.c:502 [inline] __splice_from_pipe+0x348/0x780 fs/splice.c:626 ___sys_sendmsg+0x349/0x840 net/socket.c:2062 splice_from_pipe+0xf0/0x150 fs/splice.c:661 generic_splice_sendpage+0x3c/0x50 fs/splice.c:832 do_splice_from fs/splice.c:851 [inline] do_splice fs/splice.c:1147 [inline] SYSC_splice fs/splice.c:1402 [inline] SyS_splice+0xd92/0x1430 fs/splice.c:1382 __sys_sendmmsg+0x152/0x3a0 net/socket.c:2152 do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x42/0xb7 SYSC_sendmmsg net/socket.c:2183 [inline] SyS_sendmmsg+0x35/0x60 net/socket.c:2178 RIP: 0033:0x459879 RSP: 002b:00007fda0ba04c78 EFLAGS: 00000246 do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292 ORIG_RAX: 0000000000000113 RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000459879 RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000003 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RBP: 000000000075bf20 R08: 0000000100000000 R09: 0000000000000000 RIP: 0033:0x459879 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fda0ba056d4 RSP: 002b:00007feaaa924c78 EFLAGS: 00000246 R13: 00000000004c907b R14: 00000000004df4f0 R15: 00000000ffffffff ORIG_RAX: 0000000000000133 Code: RAX: ffffffffffffffda RBX: 00007feaaa924c90 RCX: 0000000000459879 RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000005 00 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 00 R10: 0000000000000000 R11: 0000000000000246 R12: 00007feaaa9256d4 fc R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000006 ff df 80 3c 02 00 0f 85 37 01 00 00 49 8d 45 10 4d 89 2e 48 89 c2 48 89 45 c0 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 7d 01 00 00 48 b8 00 00 00 RIP: scatterwalk_start include/crypto/scatterwalk.h:86 [inline] RSP: ffff888048c67648 RIP: scatterwalk_pagedone include/crypto/scatterwalk.h:111 [inline] RSP: ffff888048c67648 RIP: scatterwalk_pagedone include/crypto/scatterwalk.h:95 [inline] RSP: ffff888048c67648 RIP: scatterwalk_copychunks+0x4d6/0x6b0 crypto/scatterwalk.c:55 RSP: ffff888048c67648 kobject: 'loop4' (ffff8880a4a577e0): kobject_uevent_env kobject: 'loop4' (ffff8880a4a577e0): fill_kobj_path: path = '/devices/virtual/block/loop4' ---[ end trace e72752ec8a61adb8 ]---