bisecting fixing commit since 69b94dd6dcd14d9bfcba35a492f5e27c15cf4d0a
building syzkaller on 512651955aad51ef5f916aa2d84732e84d1c5e48
testing commit 69b94dd6dcd14d9bfcba35a492f5e27c15cf4d0a with gcc (GCC) 8.1.0
kernel signature: d6c64139965ed4d2a110a25092628b56b100fa42e9dfc0d99710427c8be7fe70
all runs: crashed: general protection fault in tcp_splice_read
testing current HEAD 1752938529c614a8ed4432ecce6ebc95d3b87207
testing commit 1752938529c614a8ed4432ecce6ebc95d3b87207 with gcc (GCC) 8.1.0
kernel signature: 04fa2676397ed42d52cc79d44955e9104cc169df53e4fc8642d94fd713e36446
all runs: crashed: general protection fault in tcp_splice_read
revisions tested: 2, total time: 22m55.258036258s (build: 17m14.274979495s, test: 5m5.713567285s)
the crash still happens on HEAD
commit msg: Linux 4.14.213
crash: general protection fault in tcp_splice_read
kasan: CONFIG_KASAN_INLINE enabled
IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready
kasan: GPF could be caused by NULL-ptr deref or user memory access
IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready
IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready
general protection fault: 0000 [#1] PREEMPT SMP KASAN
IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
Modules linked in:
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
CPU: 0 PID: 7103 Comm: syz-executor.2 Not tainted 4.14.213-syzkaller #0
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
task: ffff8881d857a4c0 task.stack: ffff8881de6a0000
RIP: 0010:tcp_splice_read+0x128/0x920 net/ipv4/tcp.c:779
RSP: 0018:ffff8881de6a7bc8 EFLAGS: 00010206
RAX: dffffc0000000000 RBX: 1ffff1103bcd4f7d RCX: 1ffff1103b0af5b7
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
RDX: 000000000000000f RSI: ffff8881d857ad98 RDI: 0000000000000078
RBP: ffff8881de6a7cf0 R08: ffff8881d857adb8 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: ffff8881de6a7cc8 R14: ffff8881de6a7e80 R15: ffff8881ea576000
FS:  00007fb7f46f2700(0000) GS:ffff8881f6600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000555d47beda68 CR3: 00000001d8488002 CR4: 00000000001606f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
device veth1_macvtap entered promiscuous mode
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready
Call Trace:
device veth0_macvtap entered promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready
device veth1_macvtap entered promiscuous mode
 smc_splice_read+0x189/0x220 net/smc/af_smc.c:1304
IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready
 sock_splice_read+0x92/0x120 net/socket.c:883
 do_splice_to+0xe3/0x120 fs/splice.c:880
 do_splice fs/splice.c:1173 [inline]
 SYSC_splice fs/splice.c:1402 [inline]
 SyS_splice+0xfbd/0x1580 fs/splice.c:1382
IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready
IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
 do_syscall_64+0x1c7/0x5b0 arch/x86/entry/common.c:292
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x45c369
RSP: 002b:00007fb7f46f1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
RAX: ffffffffffffffda RBX: 0000000000032240 RCX: 000000000045c369
IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready
RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000005
batman_adv: batadv0: Interface activated: batadv_slave_0
RBP: 000000000078bf58 R08: 0000000000000006 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c
R13: 00007ffec100899f R14: 00007fb7f46f29c0 R15: 000000000078bf0c
Code: 89 fa 48 c1 ea 
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
03 
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
80 3c 02 00 0f 85 9a 07 00 00 48 b8 00 00 00 00 00 fc 
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
ff df 4d 8b 64 24 18 49 8d 7c 24 78 48 89 fa 48 
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
1a 
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
06 00 00 31 c0 41 f6 44 
RIP: tcp_splice_read+0x128/0x920 net/ipv4/tcp.c:779 RSP: ffff8881de6a7bc8
---[ end trace 70e799a58e09c96c ]---
IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready