__dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold+0x10a/0x149 lib/fault-inject.c:149 kasan: CONFIG_KASAN_INLINE enabled should_fail_alloc_page mm/page_alloc.c:2898 [inline] prepare_alloc_pages mm/page_alloc.c:4131 [inline] __alloc_pages_nodemask+0x22c/0x2720 mm/page_alloc.c:4179 kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] PREEMPT SMP KASAN Modules linked in: CPU: 1 PID: 14683 Comm: syz-executor.3 Not tainted 4.14.231-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff888099dce2c0 task.stack: ffff88803d0b8000 RIP: 0010:__rb_erase_augmented include/linux/rbtree_augmented.h:167 [inline] RIP: 0010:rb_erase+0x29/0x1290 lib/rbtree.c:459 RSP: 0018:ffff88803d0bfa68 EFLAGS: 00010292 RAX: dffffc0000000000 RBX: ffff8880378f06b0 RCX: ffffc900098d0000 RDX: 0000000000000001 RSI: ffffffff8bf99ea0 RDI: 0000000000000008 RBP: 0000000000000000 R08: ffffffff8b9bbad0 R09: 0000000000040410 R10: ffff888099dceb70 R11: ffff888099dce2c0 R12: 0000000000000000 R13: dffffc0000000000 R14: ffff888043bfe9b8 R15: ffffffff8bf99ea0 FS: 00007efe415bc700(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000050cb90 CR3: 00000000428b0000 CR4: 00000000001406e0 alloc_pages_current+0x155/0x260 mm/mempolicy.c:2113 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: alloc_pages include/linux/gfp.h:520 [inline] push_pipe+0x3b0/0x750 lib/iov_iter.c:515 integrity_inode_free+0x119/0x300 security/integrity/iint.c:146 __pipe_get_pages lib/iov_iter.c:1035 [inline] pipe_get_pages_alloc lib/iov_iter.c:1139 [inline] iov_iter_get_pages_alloc+0x4d7/0xf00 lib/iov_iter.c:1157 security_inode_free+0x14/0x80 security/security.c:443 __destroy_inode+0x1e8/0x4d0 fs/inode.c:238 destroy_inode+0x49/0x110 fs/inode.c:265 iput_final fs/inode.c:1524 [inline] iput+0x458/0x7e0 fs/inode.c:1551 default_file_splice_read+0x171/0x910 fs/splice.c:390 swap_inode_boot_loader fs/ext4/ioctl.c:197 [inline] ext4_ioctl+0x16c5/0x3870 fs/ext4/ioctl.c:924 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684 do_splice_to+0xfb/0x140 fs/splice.c:880 splice_direct_to_actor+0x207/0x730 fs/splice.c:952 do_splice_direct+0x164/0x210 fs/splice.c:1061 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 do_sendfile+0x47f/0xb30 fs/read_write.c:1441 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x466459 SYSC_sendfile64 fs/read_write.c:1502 [inline] SyS_sendfile64+0xff/0x110 fs/read_write.c:1488 RSP: 002b:00007efe415bc188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 RDX: 0000000000000000 RSI: 0000000000006611 RDI: 0000000000000007 RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 R13: 00007ffff5ce4c7f R14: 00007efe415bc300 R15: 0000000000022000 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 Code: entry_SYSCALL_64_after_hwframe+0x46/0xbb ff RIP: 0033:0x466459 ff 48 RSP: 002b:00007fe92d19e188 EFLAGS: 00000246 b8 ORIG_RAX: 0000000000000028 00 RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 00 RBP: 00007fe92d19e1d0 R08: 0000000000000000 R09: 0000000000000000 00 00 R10: 000000000000edc0 R11: 0000000000000246 R12: 0000000000000001 00 R13: 00007fffbb1dffbf R14: 00007fe92d19e300 R15: 0000000000022000 fc ff df 41 57 49 89 f7 41 56 41 55 41 54 49 89 fc 48 83 c7 08 48 89 fa 55 48 c1 ea 03 53 48 83 ec 18 <80> 3c 02 00 0f 85 f2 0c 00 00 49 8d 7c 24 10 4d 8b 74 24 08 48 RIP: __rb_erase_augmented include/linux/rbtree_augmented.h:167 [inline] RSP: ffff88803d0bfa68 RIP: rb_erase+0x29/0x1290 lib/rbtree.c:459 RSP: ffff88803d0bfa68 ---[ end trace 3b4b51adee82283d ]---