bisecting cause commit starting from bed3c0d84e7e25c8e0964d297794f4c215b01f33 building syzkaller on 34bf9440bd06034f86b5d9ac8afbf078129cbdae testing commit bed3c0d84e7e25c8e0964d297794f4c215b01f33 with gcc (GCC) 8.1.0 all runs: crashed: kernel BUG at include/linux/scatterlist.h:LINE! testing release v5.1 testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0 all runs: OK # git bisect start bed3c0d84e7e25c8e0964d297794f4c215b01f33 v5.1 Bisecting: 7981 revisions left to test after this (roughly 13 steps) [f4d9a23d3dad0252f375901bf4ff6523a2c97241] sparc64: simplify reduce_memory() function testing commit f4d9a23d3dad0252f375901bf4ff6523a2c97241 with gcc (GCC) 8.1.0 all runs: crashed: kernel BUG at include/linux/scatterlist.h:LINE! # git bisect bad f4d9a23d3dad0252f375901bf4ff6523a2c97241 Bisecting: 3282 revisions left to test after this (roughly 12 steps) [67a242223958d628f0ba33283668e3ddd192d057] Merge tag 'for-5.2/block-20190507' of git://git.kernel.dk/linux-block testing commit 67a242223958d628f0ba33283668e3ddd192d057 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 67a242223958d628f0ba33283668e3ddd192d057 Bisecting: 1721 revisions left to test after this (roughly 11 steps) [64439f8f0bc4e9da1c6cb31c2ee642e3139f5731] ice: Disable sniffing VF traffic on PF testing commit 64439f8f0bc4e9da1c6cb31c2ee642e3139f5731 with gcc (GCC) 8.1.0 failed to run ["make" "bzImage" "-j" "64" "CC=/syzkaller/bisect_bin/gcc-8.1.0/bin/gcc"]: exit status 2 # git bisect skip 64439f8f0bc4e9da1c6cb31c2ee642e3139f5731 Bisecting: 1721 revisions left to test after this (roughly 11 steps) [c1deb065cf3b5bcd483e3f03479f930edb151b99] netfilter: nf_tables: merge route type into core testing commit c1deb065cf3b5bcd483e3f03479f930edb151b99 with gcc (GCC) 8.1.0 all runs: crashed: kernel BUG at include/linux/scatterlist.h:LINE! # git bisect bad c1deb065cf3b5bcd483e3f03479f930edb151b99 Bisecting: 249 revisions left to test after this (roughly 8 steps) [b0be25c5752e6389a1404c1587d8cb584be55b52] Merge branch 'net-mvpp2-Classifier-updates-and-cleanups' testing commit b0be25c5752e6389a1404c1587d8cb584be55b52 with gcc (GCC) 8.1.0 all runs: crashed: kernel BUG at include/linux/scatterlist.h:LINE! # git bisect bad b0be25c5752e6389a1404c1587d8cb584be55b52 Bisecting: 125 revisions left to test after this (roughly 7 steps) [f1ef73f50b3ef097569b9bccb66a7b09955ce049] ice: Get VF VSI instances directly via PF testing commit f1ef73f50b3ef097569b9bccb66a7b09955ce049 with gcc (GCC) 8.1.0 all runs: crashed: kernel BUG at include/linux/scatterlist.h:LINE! # git bisect bad f1ef73f50b3ef097569b9bccb66a7b09955ce049 Bisecting: 59 revisions left to test after this (roughly 6 steps) [0b963ef20c5624c4cc6c4ef408b301a24b26b96b] Merge branch 'qed-next' testing commit 0b963ef20c5624c4cc6c4ef408b301a24b26b96b with gcc (GCC) 8.1.0 all runs: crashed: kernel BUG at include/linux/scatterlist.h:LINE! # git bisect bad 0b963ef20c5624c4cc6c4ef408b301a24b26b96b Bisecting: 32 revisions left to test after this (roughly 5 steps) [9bd5423fc75e8a1fc1f84c75c779bdc8aa4a36c2] Merge branch 'enc28j60-messaging-clean-up-and-ACPI-improvements' testing commit 9bd5423fc75e8a1fc1f84c75c779bdc8aa4a36c2 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 9bd5423fc75e8a1fc1f84c75c779bdc8aa4a36c2 Bisecting: 21 revisions left to test after this (roughly 4 steps) [8d3a3048c31332b24bcc8a6cf806827eb9d8c688] Merge branch '1GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/next-queue testing commit 8d3a3048c31332b24bcc8a6cf806827eb9d8c688 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 8d3a3048c31332b24bcc8a6cf806827eb9d8c688 Bisecting: 10 revisions left to test after this (roughly 4 steps) [ad71b256ba4e6e469d60e3f7b9973fd195b04bee] ice: Determine descriptor count and ring size based on PAGE_SIZE testing commit ad71b256ba4e6e469d60e3f7b9973fd195b04bee with gcc (GCC) 8.1.0 all runs: OK # git bisect good ad71b256ba4e6e469d60e3f7b9973fd195b04bee Bisecting: 5 revisions left to test after this (roughly 3 steps) [6a23c0a6af98c927f387353a219c1f5664bb3d5b] Merge branch 'net-phy-aquantia-add-interface-mode-handling' testing commit 6a23c0a6af98c927f387353a219c1f5664bb3d5b with gcc (GCC) 8.1.0 all runs: OK # git bisect good 6a23c0a6af98c927f387353a219c1f5664bb3d5b Bisecting: 2 revisions left to test after this (roughly 2 steps) [254c0a2bfedb9e1baf38bd82ca86494d4bc1e0cb] macvlan: pass get_ts_info and SIOC[SG]HWTSTAMP ioctl to real device testing commit 254c0a2bfedb9e1baf38bd82ca86494d4bc1e0cb with gcc (GCC) 8.1.0 all runs: crashed: kernel BUG at include/linux/scatterlist.h:LINE! # git bisect bad 254c0a2bfedb9e1baf38bd82ca86494d4bc1e0cb Bisecting: 0 revisions left to test after this (roughly 1 step) [1bfe45f4ae81dc961b4bcb2ce6860c4ee1af621a] net: bridge: use eth_broadcast_addr() to assign broadcast address testing commit 1bfe45f4ae81dc961b4bcb2ce6860c4ee1af621a with gcc (GCC) 8.1.0 all runs: crashed: kernel BUG at include/linux/scatterlist.h:LINE! # git bisect bad 1bfe45f4ae81dc961b4bcb2ce6860c4ee1af621a Bisecting: 0 revisions left to test after this (roughly 0 steps) [f295b3ae9f5927e084bd5decdff82390e3471801] net/tls: Add support of AES128-CCM based ciphers testing commit f295b3ae9f5927e084bd5decdff82390e3471801 with gcc (GCC) 8.1.0 all runs: crashed: kernel BUG at include/linux/scatterlist.h:LINE! # git bisect bad f295b3ae9f5927e084bd5decdff82390e3471801 f295b3ae9f5927e084bd5decdff82390e3471801 is the first bad commit commit f295b3ae9f5927e084bd5decdff82390e3471801 Author: Vakul Garg Date: Wed Mar 20 02:03:36 2019 +0000 net/tls: Add support of AES128-CCM based ciphers Added support for AES128-CCM based record encryption. AES128-CCM is similar to AES128-GCM. Both of them have same salt/iv/mac size. The notable difference between the two is that while invoking AES128-CCM operation, the salt||nonce (which is passed as IV) has to be prefixed with a hardcoded value '2'. Further, CCM implementation in kernel requires IV passed in crypto_aead_request() to be full '16' bytes. Therefore, the record structure 'struct tls_rec' has been modified to reserve '16' bytes for IV. This works for both GCM and CCM based cipher. Signed-off-by: Vakul Garg Signed-off-by: David S. Miller :040000 040000 bc2a744ab8efea34a5de925f062c3c938a9bcf8a 4c642191d34551f7ff1e472169d6acb027d596b6 M include :040000 040000 affa7e9c5f83d09e9502d692faf9704b8816b3dd 5f3c2871d6f5744f3698d5c23a76286774daf412 M net revisions tested: 16, total time: 3h41m24.831452471s (build: 1h25m55.165196352s, test: 2h10m56.19216935s) first bad commit: f295b3ae9f5927e084bd5decdff82390e3471801 net/tls: Add support of AES128-CCM based ciphers cc: ["aviadye@mellanox.com" "borisp@mellanox.com" "daniel@iogearbox.net" "davejwatson@fb.com" "davem@davemloft.net" "john.fastabend@gmail.com" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "vakul.garg@nxp.com"] crash: kernel BUG at include/linux/scatterlist.h:LINE! RSP: 002b:00007f024caaac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 RAX: ffffffffffffffda RBX: 00007f024caaac90 RCX: 00000000004592c9 RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000003 RBP: 000000000075bf20 R08: 0000000100000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f024caab6d4 R13: 00000000004c87fb R14: 00000000004de630 R15: 0000000000000005 ------------[ cut here ]------------ kernel BUG at include/linux/scatterlist.h:97! invalid opcode: 0000 [#1] PREEMPT SMP KASAN CPU: 0 PID: 7285 Comm: syz-executor.2 Not tainted 5.0.0+ #1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:sg_assign_page include/linux/scatterlist.h:97 [inline] RIP: 0010:sg_set_page include/linux/scatterlist.h:119 [inline] RIP: 0010:sk_msg_page_add include/linux/skmsg.h:246 [inline] RIP: 0010:tls_sw_do_sendpage net/tls/tls_sw.c:1161 [inline] RIP: 0010:tls_sw_sendpage+0xa09/0xf10 net/tls/tls_sw.c:1220 Code: 89 df e8 8a 01 ff ff 85 c0 41 89 c6 0f 84 f3 f7 ff ff e9 35 ff ff ff 48 c7 c6 00 b2 7e 87 48 89 d7 e8 eb a9 ea fb 0f 0b 0f 0b <0f> 0b 45 31 f6 e9 18 ff ff ff 83 85 b4 fe ff ff 01 e9 86 fd ff ff RSP: 0018:ffff888089037978 EFLAGS: 00010202 RAX: 0000000000000000 RBX: ffff8880897eec00 RCX: ffff888091bd07c8 RDX: 0000000000000004 RSI: 0000000000000001 RDI: 0000000000000001 RBP: ffff888089037ae0 R08: fffff94000464837 R09: 0000000000000004 R10: ffff888091bd0720 R11: ffffea00023241b7 R12: dffffc0000000000 R13: 0000000000000000 R14: ffff888091bd072c R15: ffff888091bd0700 FS: 00007f024caab700(0000) GS:ffff8880aea00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 000000008c8f0000 CR4: 00000000001406f0 Call Trace: inet_sendpage+0x122/0x600 net/ipv4/af_inet.c:815 kernel_sendpage+0x60/0xd0 net/socket.c:3643 sock_sendpage+0x6d/0xd0 net/socket.c:934 pipe_to_sendpage+0x212/0x430 fs/splice.c:448 splice_from_pipe_feed fs/splice.c:499 [inline] __splice_from_pipe+0x2c6/0x720 fs/splice.c:623 splice_from_pipe+0xbb/0x120 fs/splice.c:658 generic_splice_sendpage+0x10/0x20 fs/splice.c:828 do_splice_from fs/splice.c:847 [inline] do_splice+0x5a2/0x12f0 fs/splice.c:1154 __do_sys_splice fs/splice.c:1424 [inline] __se_sys_splice fs/splice.c:1404 [inline] __x64_sys_splice+0x248/0x300 fs/splice.c:1404 do_syscall_64+0xd0/0x4d0 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x4592c9 Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f024caaac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 RAX: ffffffffffffffda RBX: 00007f024caaac90 RCX: 00000000004592c9 RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000003 RBP: 000000000075bf20 R08: 0000000100000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f024caab6d4 R13: 00000000004c87fb R14: 00000000004de630 R15: 0000000000000005 Modules linked in: ---[ end trace ccb47bbbd1fc8ca5 ]--- RIP: 0010:sg_assign_page include/linux/scatterlist.h:97 [inline] RIP: 0010:sg_set_page include/linux/scatterlist.h:119 [inline] RIP: 0010:sk_msg_page_add include/linux/skmsg.h:246 [inline] RIP: 0010:tls_sw_do_sendpage net/tls/tls_sw.c:1161 [inline] RIP: 0010:tls_sw_sendpage+0xa09/0xf10 net/tls/tls_sw.c:1220 Code: 89 df e8 8a 01 ff ff 85 c0 41 89 c6 0f 84 f3 f7 ff ff e9 35 ff ff ff 48 c7 c6 00 b2 7e 87 48 89 d7 e8 eb a9 ea fb 0f 0b 0f 0b <0f> 0b 45 31 f6 e9 18 ff ff ff 83 85 b4 fe ff ff 01 e9 86 fd ff ff RSP: 0018:ffff888089037978 EFLAGS: 00010202 RAX: 0000000000000000 RBX: ffff8880897eec00 RCX: ffff888091bd07c8 RDX: 0000000000000004 RSI: 0000000000000001 RDI: 0000000000000001 RBP: ffff888089037ae0 R08: fffff94000464837 R09: 0000000000000004 R10: ffff888091bd0720 R11: ffffea00023241b7 R12: dffffc0000000000 R13: 0000000000000000 R14: ffff888091bd072c R15: ffff888091bd0700 FS: 00007f024caab700(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fe64f48a000 CR3: 000000008c8f0000 CR4: 00000000001406e0