kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 0 PID: 19038 Comm: syz-executor2 Not tainted 4.17.0-rc6+ #63 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__read_once_size include/linux/compiler.h:188 [inline] RIP: 0010:__radix_tree_delete+0x74/0x230 lib/radix-tree.c:1987 RSP: 0018:ffff880186b47108 EFLAGS: 00010203 RAX: 03fffe2006c18d2a RBX: dffffc0000000000 RCX: ffffc90008ef1000 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 RDX: 0000000000000048 RSI: ffffffff87698bdd RDI: ffff880188098368 RBP: ffff880186b471a8 R08: ffff8801b0634280 R09: ffffed0031013051 R10: ffff880186b472b8 R11: ffff88018809828f R12: 0000000000000000 R13: ffff880188098368 R14: 1ffff100360c6955 R15: ffff880186b47230 CPU: 1 PID: 19025 Comm: syz-executor6 Not tainted 4.17.0-rc6+ #63 FS: 00007fe983ef9700(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 Call Trace: CR2: 00007fe3d45384a0 CR3: 000000018404c000 CR4: 00000000001426f0 __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1b9/0x294 lib/dump_stack.c:113 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: fail_dump lib/fault-inject.c:51 [inline] should_fail.cold.4+0xa/0x1a lib/fault-inject.c:149 radix_tree_delete_item+0x148/0x2d0 lib/radix-tree.c:2048 idr_remove+0x46/0x60 lib/idr.c:157 kvm_hv_eventfd_deassign arch/x86/kvm/hyperv.c:1435 [inline] kvm_vm_ioctl_hv_eventfd+0x1df/0x24b arch/x86/kvm/hyperv.c:1453 kvm_arch_vm_ioctl+0x155e/0x2690 arch/x86/kvm/x86.c:4567 __should_failslab+0x124/0x180 mm/failslab.c:32 should_failslab+0x9/0x14 mm/slab_common.c:1522 slab_pre_alloc_hook mm/slab.h:423 [inline] slab_alloc_node mm/slab.c:3299 [inline] kmem_cache_alloc_node_trace+0x26f/0x770 mm/slab.c:3661 kvm_vm_ioctl+0x246/0x1d90 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3100 __do_kmalloc_node mm/slab.c:3681 [inline] __kmalloc_node+0x33/0x70 mm/slab.c:3689 kmalloc_node include/linux/slab.h:554 [inline] kvmalloc_node+0x6b/0x100 mm/util.c:421 kvmalloc include/linux/mm.h:550 [inline] seq_buf_alloc fs/seq_file.c:32 [inline] seq_read+0xa33/0x1520 fs/seq_file.c:211 do_loop_readv_writev fs/read_write.c:700 [inline] do_iter_read+0x4a3/0x660 fs/read_write.c:924 vfs_readv+0x14f/0x1a0 fs/read_write.c:986 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x1cf/0x16a0 fs/ioctl.c:684 kernel_readv fs/splice.c:361 [inline] default_file_splice_read+0x514/0xad0 fs/splice.c:416 ksys_ioctl+0xa9/0xd0 fs/ioctl.c:701 __do_sys_ioctl fs/ioctl.c:708 [inline] __se_sys_ioctl fs/ioctl.c:706 [inline] __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:706 do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x455a09 RSP: 002b:00007fe983ef8c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007fe983ef96d4 RCX: 0000000000455a09 RDX: 0000000020000140 RSI: 000000004018aebd RDI: 0000000000000014 RBP: 000000000072c000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 0000000000000271 R14: 00000000006f7b38 R15: 0000000000000002 Code: 56 9a do_splice_to+0x12e/0x190 fs/splice.c:880 88 splice_direct_to_actor+0x268/0x8d0 fs/splice.c:952 48 c7 45 88 do_splice_direct+0x2cc/0x400 fs/splice.c:1061 70 8b 69 do_sendfile+0x60f/0xe00 fs/read_write.c:1440 87 c7 00 f1 f1 __do_sys_sendfile64 fs/read_write.c:1495 [inline] __se_sys_sendfile64 fs/read_write.c:1487 [inline] __x64_sys_sendfile64+0x155/0x240 fs/read_write.c:1487 f1 f1 c7 40 do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287 04 00 f2 f2 f2 c7 40 08 entry_SYSCALL_64_after_hwframe+0x49/0xbe f3 RIP: 0033:0x455a09 f3 RSP: 002b:00007f3d220cac68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 f3 RAX: ffffffffffffffda RBX: 00007f3d220cb6d4 RCX: 0000000000455a09 f3 RDX: 00000000204f1000 RSI: 0000000000000015 RDI: 0000000000000014 e8 RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 63 R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000016 b5 R13: 0000000000000579 R14: 00000000006fc3f8 R15: 0000000000000004 0f fa 4c 89 f0 48 c1 e8 03 <80> 3c 18 00 0f 85 97 01 00 00 48 8d 55 d8 4c 8d 7a c0 49 8b 1e RIP: __read_once_size include/linux/compiler.h:188 [inline] RSP: ffff880186b47108 RIP: __radix_tree_delete+0x74/0x230 lib/radix-tree.c:1987 RSP: ffff880186b47108 ---[ end trace 2239d7e756bacaa8 ]---