bisecting fixing commit since 01fd1694b93c92ad54fa684dac9c8068ecda8288
building syzkaller on db7c31ca79638f50cbb920add433b46cd66e9890
testing commit 01fd1694b93c92ad54fa684dac9c8068ecda8288 with gcc (GCC) 8.1.0
kernel signature: afe60165dc1d96971c0a5f164447d45d49d8213e4d3f2ed5c2cad5775a5a7429
all runs: crashed: general protection fault in scatterwalk_copychunks
testing current HEAD bae31eef2a167ef160ab2703b6a2f5bbecd98d92
testing commit bae31eef2a167ef160ab2703b6a2f5bbecd98d92 with gcc (GCC) 8.1.0
kernel signature: ddaf8f763f80438d92eff02771fd00e481676c51e972f39cbeb7b0b7cb89f3fc
all runs: crashed: general protection fault in scatterwalk_copychunks
revisions tested: 2, total time: 23m42.637866773s (build: 16m50.28247788s, test: 5m40.181910297s)
the crash still happens on HEAD
commit msg: Linux 4.14.200
crash: general protection fault in scatterwalk_copychunks
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
bridge0: port 2(bridge_slave_1) entered blocking state
general protection fault: 0000 [#1] PREEMPT SMP KASAN
bridge0: port 2(bridge_slave_1) entered forwarding state
Modules linked in:
CPU: 1 PID: 7152 Comm: syz-executor.2 Not tainted 4.14.200-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
task: ffff8880910f4100 task.stack: ffff8880920b0000
RIP: 0010:scatterwalk_start include/crypto/scatterwalk.h:86 [inline]
RIP: 0010:scatterwalk_pagedone include/crypto/scatterwalk.h:111 [inline]
RIP: 0010:scatterwalk_copychunks+0x3c5/0x690 crypto/scatterwalk.c:55
RSP: 0018:ffff8880920b7610 EFLAGS: 00010202
RAX: 0000000000000000 RBX: ffff8880905bc2f4 RCX: 0000000000001000
RDX: 0000000000000002 RSI: 0000000000000010 RDI: ffff8880905bc2e8
RBP: ffff8880920b7670 R08: ffffed101061036a R09: ffffed101061036a
R10: 0000000000000000 R11: ffff888083081b4c R12: 0000000000003000
R13: ffff8880920b76b0 R14: 0000000000001000 R15: dffffc0000000000
FS:  00007f9207fd3700(0000) GS:ffff8880aef00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffc4f2b8f3c CR3: 000000009213b000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 scatterwalk_map_and_copy+0x10d/0x1a0 crypto/scatterwalk.c:72
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
 gcmaes_encrypt.constprop.14+0x1c0/0xae0 arch/x86/crypto/aesni-intel_glue.c:778
 generic_gcmaes_encrypt+0xf8/0x13d arch/x86/crypto/aesni-intel_glue.c:1111
 crypto_aead_encrypt include/crypto/aead.h:330 [inline]
 gcmaes_wrapper_encrypt+0xe0/0x140 arch/x86/crypto/aesni-intel_glue.c:945
 crypto_aead_encrypt include/crypto/aead.h:330 [inline]
 tls_do_encryption net/tls/tls_sw.c:234 [inline]
 tls_push_record+0x92a/0x1540 net/tls/tls_sw.c:270
 tls_sw_sendpage+0x443/0xc50 net/tls/tls_sw.c:617
 inet_sendpage+0x122/0x600 net/ipv4/af_inet.c:779
 kernel_sendpage+0x60/0xd0 net/socket.c:3407
 sock_sendpage+0x6d/0xd0 net/socket.c:871
 pipe_to_sendpage+0x206/0x420 fs/splice.c:451
 splice_from_pipe_feed fs/splice.c:502 [inline]
 __splice_from_pipe+0x2cb/0x720 fs/splice.c:626
 splice_from_pipe+0xb5/0x110 fs/splice.c:661
 generic_splice_sendpage+0x10/0x20 fs/splice.c:832
 do_splice_from fs/splice.c:851 [inline]
 do_splice fs/splice.c:1147 [inline]
 SYSC_splice fs/splice.c:1402 [inline]
 SyS_splice+0x6e9/0x1580 fs/splice.c:1382
 do_syscall_64+0x1c7/0x5b0 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x4598f9
RSP: 002b:00007f9207fd2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004598f9
RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 000000000075bf20 R08: 0000000100000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9207fd36d4
R13: 00000000004c90fb R14: 00000000004df570 R15: 00000000ffffffff
Code: ff ff 48 89 c7 e8 3c 5c 27 00 4c 89 ea 48 c1 ea 03 42 80 3c 3a 00 0f 85 84 01 00 00 48 8d 70 10 49 89 45 00 48 89 f2 48 c1 ea 03 <42> 0f b6 14 3a 84 d2 74 09 80 fa 03 0f 8e 4d 02 00 00 48 8b 5d 
RIP: scatterwalk_start include/crypto/scatterwalk.h:86 [inline] RSP: ffff8880920b7610
RIP: scatterwalk_pagedone include/crypto/scatterwalk.h:111 [inline] RSP: ffff8880920b7610
RIP: scatterwalk_copychunks+0x3c5/0x690 crypto/scatterwalk.c:55 RSP: ffff8880920b7610
---[ end trace 25b851342951991f ]---