kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 0 PID: 21019 Comm: syz-executor.4 Not tainted 4.14.198-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff88804f67a100 task.stack: ffff88804dce0000
RIP: 0010:tcp_splice_read+0x123/0x950 net/ipv4/tcp.c:779
RSP: 0018:ffff88804dce7c40 EFLAGS: 00010206
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 1ffff11009ecf53f
RDX: 000000000000000f RSI: ffff88804f67a9d8 RDI: 0000000000000078
RBP: ffff888094262a80 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff88804dce7ea8
R13: 0000000000000000 R14: ffff888049ee7d40 R15: 0000000000000000
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'.
FS:  00007fcdf9eca700(0000) GS:ffff8880aea00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b31722000 CR3: 0000000059b38000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
netlink: 3 bytes leftover after parsing attributes in process `syz-executor.1'.
Call Trace:
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'.
 smc_splice_read+0x16c/0x1c0 net/smc/af_smc.c:1304
netlink: 3 bytes leftover after parsing attributes in process `syz-executor.1'.
 sock_splice_read+0xa6/0xe0 net/socket.c:883
 do_splice_to+0xfb/0x140 fs/splice.c:880
 do_splice fs/splice.c:1173 [inline]
 SYSC_splice fs/splice.c:1402 [inline]
 SyS_splice+0x104a/0x1380 fs/splice.c:1382
audit: type=1804 audit(1601055464.117:198): pid=21040 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir152742020/syzkaller.ULvTj4/348/bus" dev="sda1" ino=16449 res=1
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x45e179
RSP: 002b:00007fcdf9ec9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
RAX: ffffffffffffffda RBX: 0000000000033ec0 RCX: 000000000045e179
RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000005
RBP: 000000000118cf98 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c
R13: 00007ffc5c3d5cdf R14: 00007fcdf9eca9c0 R15: 000000000118cf4c
Code: df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 c9 07 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b 5b 18 48 8d 7b 78 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e db 06 00 00 45 31 e4 f6 43 
RIP: tcp_splice_read+0x123/0x950 net/ipv4/tcp.c:779 RSP: ffff88804dce7c40
---[ end trace 34ff98dfd61aaf41 ]---
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor.1'.
audit: type=1804 audit(1601055464.177:199): pid=21040 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.3" name="/root/syzkaller-testdir152742020/syzkaller.ULvTj4/348/bus" dev="sda1" ino=16449 res=1